|
1 /* ssl/s2_clnt.c */ |
|
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
|
3 * All rights reserved. |
|
4 * |
|
5 * This package is an SSL implementation written |
|
6 * by Eric Young (eay@cryptsoft.com). |
|
7 * The implementation was written so as to conform with Netscapes SSL. |
|
8 * |
|
9 * This library is free for commercial and non-commercial use as long as |
|
10 * the following conditions are aheared to. The following conditions |
|
11 * apply to all code found in this distribution, be it the RC4, RSA, |
|
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|
13 * included with this distribution is covered by the same copyright terms |
|
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|
15 * |
|
16 * Copyright remains Eric Young's, and as such any Copyright notices in |
|
17 * the code are not to be removed. |
|
18 * If this package is used in a product, Eric Young should be given attribution |
|
19 * as the author of the parts of the library used. |
|
20 * This can be in the form of a textual message at program startup or |
|
21 * in documentation (online or textual) provided with the package. |
|
22 * |
|
23 * Redistribution and use in source and binary forms, with or without |
|
24 * modification, are permitted provided that the following conditions |
|
25 * are met: |
|
26 * 1. Redistributions of source code must retain the copyright |
|
27 * notice, this list of conditions and the following disclaimer. |
|
28 * 2. Redistributions in binary form must reproduce the above copyright |
|
29 * notice, this list of conditions and the following disclaimer in the |
|
30 * documentation and/or other materials provided with the distribution. |
|
31 * 3. All advertising materials mentioning features or use of this software |
|
32 * must display the following acknowledgement: |
|
33 * "This product includes cryptographic software written by |
|
34 * Eric Young (eay@cryptsoft.com)" |
|
35 * The word 'cryptographic' can be left out if the rouines from the library |
|
36 * being used are not cryptographic related :-). |
|
37 * 4. If you include any Windows specific code (or a derivative thereof) from |
|
38 * the apps directory (application code) you must include an acknowledgement: |
|
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|
40 * |
|
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
51 * SUCH DAMAGE. |
|
52 * |
|
53 * The licence and distribution terms for any publically available version or |
|
54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
|
55 * copied and put under another distribution licence |
|
56 * [including the GNU Public Licence.] |
|
57 */ |
|
58 /* ==================================================================== |
|
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. |
|
60 * |
|
61 * Redistribution and use in source and binary forms, with or without |
|
62 * modification, are permitted provided that the following conditions |
|
63 * are met: |
|
64 * |
|
65 * 1. Redistributions of source code must retain the above copyright |
|
66 * notice, this list of conditions and the following disclaimer. |
|
67 * |
|
68 * 2. Redistributions in binary form must reproduce the above copyright |
|
69 * notice, this list of conditions and the following disclaimer in |
|
70 * the documentation and/or other materials provided with the |
|
71 * distribution. |
|
72 * |
|
73 * 3. All advertising materials mentioning features or use of this |
|
74 * software must display the following acknowledgment: |
|
75 * "This product includes software developed by the OpenSSL Project |
|
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
|
77 * |
|
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
79 * endorse or promote products derived from this software without |
|
80 * prior written permission. For written permission, please contact |
|
81 * openssl-core@openssl.org. |
|
82 * |
|
83 * 5. Products derived from this software may not be called "OpenSSL" |
|
84 * nor may "OpenSSL" appear in their names without prior written |
|
85 * permission of the OpenSSL Project. |
|
86 * |
|
87 * 6. Redistributions of any form whatsoever must retain the following |
|
88 * acknowledgment: |
|
89 * "This product includes software developed by the OpenSSL Project |
|
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
|
91 * |
|
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
103 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
104 * ==================================================================== |
|
105 * |
|
106 * This product includes cryptographic software written by Eric Young |
|
107 * (eay@cryptsoft.com). This product includes software written by Tim |
|
108 * Hudson (tjh@cryptsoft.com). |
|
109 * |
|
110 */ |
|
111 /* |
|
112 © Portions copyright (c) 2006 Nokia Corporation. All rights reserved. |
|
113 */ |
|
114 |
|
115 #include "ssl_locl.h" |
|
116 #ifndef OPENSSL_NO_SSL2 |
|
117 #include <stdio.h> |
|
118 #include <openssl/rand.h> |
|
119 #include <openssl/buffer.h> |
|
120 #include <openssl/objects.h> |
|
121 #include <openssl/evp.h> |
|
122 |
|
123 #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__))) |
|
124 #include "libssl_wsd.h" |
|
125 #endif |
|
126 |
|
127 |
|
128 #ifdef EMULATOR |
|
129 |
|
130 GET_STATIC_VAR_FROM_TLS(SSLv2_client_method_data,s2_clnt,SSL_METHOD) |
|
131 |
|
132 #define SSLv2_client_method_data (*GET_WSD_VAR_NAME(SSLv2_client_method_data,s2_clnt,s)()) |
|
133 |
|
134 #endif |
|
135 static SSL_METHOD *ssl2_get_client_method(int ver); |
|
136 static int get_server_finished(SSL *s); |
|
137 static int get_server_verify(SSL *s); |
|
138 static int get_server_hello(SSL *s); |
|
139 static int client_hello(SSL *s); |
|
140 static int client_master_key(SSL *s); |
|
141 static int client_finished(SSL *s); |
|
142 static int client_certificate(SSL *s); |
|
143 static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from, |
|
144 unsigned char *to,int padding); |
|
145 #define BREAK break |
|
146 |
|
147 static SSL_METHOD *ssl2_get_client_method(int ver) |
|
148 { |
|
149 if (ver == SSL2_VERSION) |
|
150 return(SSLv2_client_method()); |
|
151 else |
|
152 return(NULL); |
|
153 } |
|
154 |
|
155 EXPORT_C IMPLEMENT_ssl2_meth_func(SSLv2_client_method, |
|
156 ssl_undefined_function, |
|
157 ssl2_connect, |
|
158 ssl2_get_client_method) |
|
159 |
|
160 int ssl2_connect(SSL *s) |
|
161 { |
|
162 unsigned long l=(unsigned long)time(NULL); |
|
163 BUF_MEM *buf=NULL; |
|
164 int ret= -1; |
|
165 void (*cb)(const SSL *ssl,int type,int val)=NULL; |
|
166 int new_state,state; |
|
167 |
|
168 RAND_add(&l,sizeof(l),0); |
|
169 ERR_clear_error(); |
|
170 clear_sys_error(); |
|
171 |
|
172 if (s->info_callback != NULL) |
|
173 cb=s->info_callback; |
|
174 else if (s->ctx->info_callback != NULL) |
|
175 cb=s->ctx->info_callback; |
|
176 |
|
177 /* init things to blank */ |
|
178 s->in_handshake++; |
|
179 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); |
|
180 |
|
181 for (;;) |
|
182 { |
|
183 state=s->state; |
|
184 |
|
185 switch (s->state) |
|
186 { |
|
187 case SSL_ST_BEFORE: |
|
188 case SSL_ST_CONNECT: |
|
189 case SSL_ST_BEFORE|SSL_ST_CONNECT: |
|
190 case SSL_ST_OK|SSL_ST_CONNECT: |
|
191 |
|
192 s->server=0; |
|
193 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); |
|
194 |
|
195 s->version=SSL2_VERSION; |
|
196 s->type=SSL_ST_CONNECT; |
|
197 |
|
198 buf=s->init_buf; |
|
199 if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL)) |
|
200 { |
|
201 ret= -1; |
|
202 goto end; |
|
203 } |
|
204 if (!BUF_MEM_grow(buf, |
|
205 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) |
|
206 { |
|
207 if (buf == s->init_buf) |
|
208 buf=NULL; |
|
209 ret= -1; |
|
210 goto end; |
|
211 } |
|
212 s->init_buf=buf; |
|
213 buf=NULL; |
|
214 s->init_num=0; |
|
215 s->state=SSL2_ST_SEND_CLIENT_HELLO_A; |
|
216 s->ctx->stats.sess_connect++; |
|
217 s->handshake_func=ssl2_connect; |
|
218 BREAK; |
|
219 |
|
220 case SSL2_ST_SEND_CLIENT_HELLO_A: |
|
221 case SSL2_ST_SEND_CLIENT_HELLO_B: |
|
222 s->shutdown=0; |
|
223 ret=client_hello(s); |
|
224 if (ret <= 0) goto end; |
|
225 s->init_num=0; |
|
226 s->state=SSL2_ST_GET_SERVER_HELLO_A; |
|
227 BREAK; |
|
228 |
|
229 case SSL2_ST_GET_SERVER_HELLO_A: |
|
230 case SSL2_ST_GET_SERVER_HELLO_B: |
|
231 ret=get_server_hello(s); |
|
232 if (ret <= 0) goto end; |
|
233 s->init_num=0; |
|
234 if (!s->hit) /* new session */ |
|
235 { |
|
236 s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A; |
|
237 BREAK; |
|
238 } |
|
239 else |
|
240 { |
|
241 s->state=SSL2_ST_CLIENT_START_ENCRYPTION; |
|
242 break; |
|
243 } |
|
244 |
|
245 case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: |
|
246 case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: |
|
247 ret=client_master_key(s); |
|
248 if (ret <= 0) goto end; |
|
249 s->init_num=0; |
|
250 s->state=SSL2_ST_CLIENT_START_ENCRYPTION; |
|
251 break; |
|
252 |
|
253 case SSL2_ST_CLIENT_START_ENCRYPTION: |
|
254 /* Ok, we now have all the stuff needed to |
|
255 * start encrypting, so lets fire it up :-) */ |
|
256 if (!ssl2_enc_init(s,1)) |
|
257 { |
|
258 ret= -1; |
|
259 goto end; |
|
260 } |
|
261 s->s2->clear_text=0; |
|
262 s->state=SSL2_ST_SEND_CLIENT_FINISHED_A; |
|
263 break; |
|
264 |
|
265 case SSL2_ST_SEND_CLIENT_FINISHED_A: |
|
266 case SSL2_ST_SEND_CLIENT_FINISHED_B: |
|
267 ret=client_finished(s); |
|
268 if (ret <= 0) goto end; |
|
269 s->init_num=0; |
|
270 s->state=SSL2_ST_GET_SERVER_VERIFY_A; |
|
271 break; |
|
272 |
|
273 case SSL2_ST_GET_SERVER_VERIFY_A: |
|
274 case SSL2_ST_GET_SERVER_VERIFY_B: |
|
275 ret=get_server_verify(s); |
|
276 if (ret <= 0) goto end; |
|
277 s->init_num=0; |
|
278 s->state=SSL2_ST_GET_SERVER_FINISHED_A; |
|
279 break; |
|
280 |
|
281 case SSL2_ST_GET_SERVER_FINISHED_A: |
|
282 case SSL2_ST_GET_SERVER_FINISHED_B: |
|
283 ret=get_server_finished(s); |
|
284 if (ret <= 0) goto end; |
|
285 break; |
|
286 |
|
287 case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: |
|
288 case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: |
|
289 case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: |
|
290 case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: |
|
291 case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: |
|
292 ret=client_certificate(s); |
|
293 if (ret <= 0) goto end; |
|
294 s->init_num=0; |
|
295 s->state=SSL2_ST_GET_SERVER_FINISHED_A; |
|
296 break; |
|
297 |
|
298 case SSL_ST_OK: |
|
299 if (s->init_buf != NULL) |
|
300 { |
|
301 BUF_MEM_free(s->init_buf); |
|
302 s->init_buf=NULL; |
|
303 } |
|
304 s->init_num=0; |
|
305 /* ERR_clear_error();*/ |
|
306 |
|
307 /* If we want to cache session-ids in the client |
|
308 * and we successfully add the session-id to the |
|
309 * cache, and there is a callback, then pass it out. |
|
310 * 26/11/96 - eay - only add if not a re-used session. |
|
311 */ |
|
312 |
|
313 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); |
|
314 if (s->hit) s->ctx->stats.sess_hit++; |
|
315 |
|
316 ret=1; |
|
317 /* s->server=0; */ |
|
318 s->ctx->stats.sess_connect_good++; |
|
319 |
|
320 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); |
|
321 |
|
322 goto end; |
|
323 /* break; */ |
|
324 default: |
|
325 SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE); |
|
326 return(-1); |
|
327 /* break; */ |
|
328 } |
|
329 |
|
330 if ((cb != NULL) && (s->state != state)) |
|
331 { |
|
332 new_state=s->state; |
|
333 s->state=state; |
|
334 cb(s,SSL_CB_CONNECT_LOOP,1); |
|
335 s->state=new_state; |
|
336 } |
|
337 } |
|
338 end: |
|
339 s->in_handshake--; |
|
340 if (buf != NULL) |
|
341 BUF_MEM_free(buf); |
|
342 if (cb != NULL) |
|
343 cb(s,SSL_CB_CONNECT_EXIT,ret); |
|
344 return(ret); |
|
345 } |
|
346 |
|
347 static int get_server_hello(SSL *s) |
|
348 { |
|
349 unsigned char *buf; |
|
350 unsigned char *p; |
|
351 int i,j; |
|
352 unsigned long len; |
|
353 STACK_OF(SSL_CIPHER) *sk=NULL,*cl, *prio, *allow; |
|
354 |
|
355 buf=(unsigned char *)s->init_buf->data; |
|
356 p=buf; |
|
357 if (s->state == SSL2_ST_GET_SERVER_HELLO_A) |
|
358 { |
|
359 i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num); |
|
360 if (i < (11-s->init_num)) |
|
361 return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); |
|
362 s->init_num = 11; |
|
363 |
|
364 if (*(p++) != SSL2_MT_SERVER_HELLO) |
|
365 { |
|
366 if (p[-1] != SSL2_MT_ERROR) |
|
367 { |
|
368 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
369 SSLerr(SSL_F_GET_SERVER_HELLO, |
|
370 SSL_R_READ_WRONG_PACKET_TYPE); |
|
371 } |
|
372 else |
|
373 SSLerr(SSL_F_GET_SERVER_HELLO, |
|
374 SSL_R_PEER_ERROR); |
|
375 return(-1); |
|
376 } |
|
377 #ifdef __APPLE_CC__ |
|
378 /* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug |
|
379 * workaround. <appro@fy.chalmers.se> */ |
|
380 s->hit=(i=*(p++))?1:0; |
|
381 #else |
|
382 s->hit=(*(p++))?1:0; |
|
383 #endif |
|
384 s->s2->tmp.cert_type= *(p++); |
|
385 n2s(p,i); |
|
386 if (i < s->version) s->version=i; |
|
387 n2s(p,i); s->s2->tmp.cert_length=i; |
|
388 n2s(p,i); s->s2->tmp.csl=i; |
|
389 n2s(p,i); s->s2->tmp.conn_id_length=i; |
|
390 s->state=SSL2_ST_GET_SERVER_HELLO_B; |
|
391 } |
|
392 |
|
393 /* SSL2_ST_GET_SERVER_HELLO_B */ |
|
394 len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length; |
|
395 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) |
|
396 { |
|
397 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG); |
|
398 return -1; |
|
399 } |
|
400 j = (int)len - s->init_num; |
|
401 i = ssl2_read(s,(char *)&(buf[s->init_num]),j); |
|
402 if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); |
|
403 if (s->msg_callback) |
|
404 s->msg_callback(0, s->version, 0, buf, (size_t)len, s, s->msg_callback_arg); /* SERVER-HELLO */ |
|
405 |
|
406 /* things are looking good */ |
|
407 |
|
408 p = buf + 11; |
|
409 if (s->hit) |
|
410 { |
|
411 if (s->s2->tmp.cert_length != 0) |
|
412 { |
|
413 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO); |
|
414 return(-1); |
|
415 } |
|
416 if (s->s2->tmp.cert_type != 0) |
|
417 { |
|
418 if (!(s->options & |
|
419 SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)) |
|
420 { |
|
421 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO); |
|
422 return(-1); |
|
423 } |
|
424 } |
|
425 if (s->s2->tmp.csl != 0) |
|
426 { |
|
427 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO); |
|
428 return(-1); |
|
429 } |
|
430 } |
|
431 else |
|
432 { |
|
433 #ifdef undef |
|
434 /* very bad */ |
|
435 memset(s->session->session_id,0, |
|
436 SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES); |
|
437 s->session->session_id_length=0; |
|
438 */ |
|
439 #endif |
|
440 |
|
441 /* we need to do this in case we were trying to reuse a |
|
442 * client session but others are already reusing it. |
|
443 * If this was a new 'blank' session ID, the session-id |
|
444 * length will still be 0 */ |
|
445 if (s->session->session_id_length > 0) |
|
446 { |
|
447 if (!ssl_get_new_session(s,0)) |
|
448 { |
|
449 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
450 return(-1); |
|
451 } |
|
452 } |
|
453 |
|
454 if (ssl2_set_certificate(s,s->s2->tmp.cert_type, |
|
455 s->s2->tmp.cert_length,p) <= 0) |
|
456 { |
|
457 ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); |
|
458 return(-1); |
|
459 } |
|
460 p+=s->s2->tmp.cert_length; |
|
461 |
|
462 if (s->s2->tmp.csl == 0) |
|
463 { |
|
464 ssl2_return_error(s,SSL2_PE_NO_CIPHER); |
|
465 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST); |
|
466 return(-1); |
|
467 } |
|
468 |
|
469 /* We have just received a list of ciphers back from the |
|
470 * server. We need to get the ones that match, then select |
|
471 * the one we want the most :-). */ |
|
472 |
|
473 /* load the ciphers */ |
|
474 sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl, |
|
475 &s->session->ciphers); |
|
476 p+=s->s2->tmp.csl; |
|
477 if (sk == NULL) |
|
478 { |
|
479 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
480 SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); |
|
481 return(-1); |
|
482 } |
|
483 |
|
484 (void)sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp); |
|
485 |
|
486 /* get the array of ciphers we will accept */ |
|
487 cl=SSL_get_ciphers(s); |
|
488 (void)sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp); |
|
489 |
|
490 /* |
|
491 * If server preference flag set, choose the first |
|
492 * (highest priority) cipher the server sends, otherwise |
|
493 * client preference has priority. |
|
494 */ |
|
495 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) |
|
496 { |
|
497 prio = sk; |
|
498 allow = cl; |
|
499 } |
|
500 else |
|
501 { |
|
502 prio = cl; |
|
503 allow = sk; |
|
504 } |
|
505 /* In theory we could have ciphers sent back that we |
|
506 * don't want to use but that does not matter since we |
|
507 * will check against the list we originally sent and |
|
508 * for performance reasons we should not bother to match |
|
509 * the two lists up just to check. */ |
|
510 for (i=0; i<sk_SSL_CIPHER_num(prio); i++) |
|
511 { |
|
512 if (sk_SSL_CIPHER_find(allow, |
|
513 sk_SSL_CIPHER_value(prio,i)) >= 0) |
|
514 break; |
|
515 } |
|
516 |
|
517 if (i >= sk_SSL_CIPHER_num(prio)) |
|
518 { |
|
519 ssl2_return_error(s,SSL2_PE_NO_CIPHER); |
|
520 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH); |
|
521 return(-1); |
|
522 } |
|
523 s->session->cipher=sk_SSL_CIPHER_value(prio,i); |
|
524 |
|
525 |
|
526 if (s->session->peer != NULL) /* can't happen*/ |
|
527 { |
|
528 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |
|
529 SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); |
|
530 return(-1); |
|
531 } |
|
532 |
|
533 s->session->peer = s->session->sess_cert->peer_key->x509; |
|
534 /* peer_key->x509 has been set by ssl2_set_certificate. */ |
|
535 CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); |
|
536 } |
|
537 |
|
538 if (s->session->sess_cert == NULL |
|
539 || s->session->peer != s->session->sess_cert->peer_key->x509) |
|
540 /* can't happen */ |
|
541 { |
|
542 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |
|
543 SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); |
|
544 return(-1); |
|
545 } |
|
546 |
|
547 s->s2->conn_id_length=s->s2->tmp.conn_id_length; |
|
548 if (s->s2->conn_id_length > sizeof s->s2->conn_id) |
|
549 { |
|
550 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |
|
551 SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); |
|
552 return -1; |
|
553 } |
|
554 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); |
|
555 return(1); |
|
556 } |
|
557 |
|
558 static int client_hello(SSL *s) |
|
559 { |
|
560 unsigned char *buf; |
|
561 unsigned char *p,*d; |
|
562 /* CIPHER **cipher;*/ |
|
563 int i,n,j; |
|
564 |
|
565 buf=(unsigned char *)s->init_buf->data; |
|
566 if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A) |
|
567 { |
|
568 if ((s->session == NULL) || |
|
569 (s->session->ssl_version != s->version)) |
|
570 { |
|
571 if (!ssl_get_new_session(s,0)) |
|
572 { |
|
573 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
574 return(-1); |
|
575 } |
|
576 } |
|
577 /* else use the pre-loaded session */ |
|
578 |
|
579 p=buf; /* header */ |
|
580 d=p+9; /* data section */ |
|
581 *(p++)=SSL2_MT_CLIENT_HELLO; /* type */ |
|
582 s2n(SSL2_VERSION,p); /* version */ |
|
583 n=j=0; |
|
584 |
|
585 n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0); |
|
586 d+=n; |
|
587 |
|
588 if (n == 0) |
|
589 { |
|
590 SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); |
|
591 return(-1); |
|
592 } |
|
593 |
|
594 s2n(n,p); /* cipher spec num bytes */ |
|
595 |
|
596 if ((s->session->session_id_length > 0) && |
|
597 (s->session->session_id_length <= |
|
598 SSL2_MAX_SSL_SESSION_ID_LENGTH)) |
|
599 { |
|
600 i=s->session->session_id_length; |
|
601 s2n(i,p); /* session id length */ |
|
602 memcpy(d,s->session->session_id,(unsigned int)i); |
|
603 d+=i; |
|
604 } |
|
605 else |
|
606 { |
|
607 s2n(0,p); |
|
608 } |
|
609 |
|
610 s->s2->challenge_length=SSL2_CHALLENGE_LENGTH; |
|
611 s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */ |
|
612 /*challenge id data*/ |
|
613 if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0) |
|
614 return -1; |
|
615 memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH); |
|
616 d+=SSL2_CHALLENGE_LENGTH; |
|
617 |
|
618 s->state=SSL2_ST_SEND_CLIENT_HELLO_B; |
|
619 s->init_num=d-buf; |
|
620 s->init_off=0; |
|
621 } |
|
622 /* SSL2_ST_SEND_CLIENT_HELLO_B */ |
|
623 return(ssl2_do_write(s)); |
|
624 } |
|
625 |
|
626 static int client_master_key(SSL *s) |
|
627 { |
|
628 unsigned char *buf; |
|
629 unsigned char *p,*d; |
|
630 int clear,enc,karg,i; |
|
631 SSL_SESSION *sess; |
|
632 const EVP_CIPHER *c; |
|
633 const EVP_MD *md; |
|
634 |
|
635 buf=(unsigned char *)s->init_buf->data; |
|
636 if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A) |
|
637 { |
|
638 |
|
639 if (!ssl_cipher_get_evp(s->session,&c,&md,NULL)) |
|
640 { |
|
641 ssl2_return_error(s,SSL2_PE_NO_CIPHER); |
|
642 SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); |
|
643 return(-1); |
|
644 } |
|
645 sess=s->session; |
|
646 p=buf; |
|
647 d=p+10; |
|
648 *(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */ |
|
649 |
|
650 i=ssl_put_cipher_by_char(s,sess->cipher,p); |
|
651 p+=i; |
|
652 |
|
653 /* make key_arg data */ |
|
654 i=EVP_CIPHER_iv_length(c); |
|
655 sess->key_arg_length=i; |
|
656 if (i > SSL_MAX_KEY_ARG_LENGTH) |
|
657 { |
|
658 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |
|
659 SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); |
|
660 return -1; |
|
661 } |
|
662 if (i > 0) |
|
663 if (RAND_pseudo_bytes(sess->key_arg,i) <= 0) |
|
664 return -1; |
|
665 |
|
666 /* make a master key */ |
|
667 i=EVP_CIPHER_key_length(c); |
|
668 sess->master_key_length=i; |
|
669 if (i > 0) |
|
670 { |
|
671 if (i > (int)sizeof(sess->master_key)) |
|
672 { |
|
673 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |
|
674 SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); |
|
675 return -1; |
|
676 } |
|
677 if (RAND_bytes(sess->master_key,i) <= 0) |
|
678 { |
|
679 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
680 return(-1); |
|
681 } |
|
682 } |
|
683 |
|
684 if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) |
|
685 enc=8; |
|
686 else if (SSL_C_IS_EXPORT(sess->cipher)) |
|
687 enc=5; |
|
688 else |
|
689 enc=i; |
|
690 |
|
691 if ((int)i < enc) |
|
692 { |
|
693 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
694 SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR); |
|
695 return(-1); |
|
696 } |
|
697 clear=i-enc; |
|
698 s2n(clear,p); |
|
699 memcpy(d,sess->master_key,(unsigned int)clear); |
|
700 d+=clear; |
|
701 |
|
702 enc=ssl_rsa_public_encrypt(sess->sess_cert,enc, |
|
703 &(sess->master_key[clear]),d, |
|
704 (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); |
|
705 if (enc <= 0) |
|
706 { |
|
707 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
708 SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR); |
|
709 return(-1); |
|
710 } |
|
711 #ifdef PKCS1_CHECK |
|
712 if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++; |
|
713 if (s->options & SSL_OP_PKCS1_CHECK_2) |
|
714 sess->master_key[clear]++; |
|
715 #endif |
|
716 s2n(enc,p); |
|
717 d+=enc; |
|
718 karg=sess->key_arg_length; |
|
719 s2n(karg,p); /* key arg size */ |
|
720 if (karg > (int)sizeof(sess->key_arg)) |
|
721 { |
|
722 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
723 SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); |
|
724 return -1; |
|
725 } |
|
726 memcpy(d,sess->key_arg,(unsigned int)karg); |
|
727 d+=karg; |
|
728 |
|
729 s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B; |
|
730 s->init_num=d-buf; |
|
731 s->init_off=0; |
|
732 } |
|
733 |
|
734 /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */ |
|
735 return(ssl2_do_write(s)); |
|
736 } |
|
737 |
|
738 static int client_finished(SSL *s) |
|
739 { |
|
740 unsigned char *p; |
|
741 |
|
742 if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) |
|
743 { |
|
744 p=(unsigned char *)s->init_buf->data; |
|
745 *(p++)=SSL2_MT_CLIENT_FINISHED; |
|
746 if (s->s2->conn_id_length > sizeof s->s2->conn_id) |
|
747 { |
|
748 SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); |
|
749 return -1; |
|
750 } |
|
751 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); |
|
752 |
|
753 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; |
|
754 s->init_num=s->s2->conn_id_length+1; |
|
755 s->init_off=0; |
|
756 } |
|
757 return(ssl2_do_write(s)); |
|
758 } |
|
759 |
|
760 /* read the data and then respond */ |
|
761 static int client_certificate(SSL *s) |
|
762 { |
|
763 unsigned char *buf; |
|
764 unsigned char *p,*d; |
|
765 int i; |
|
766 unsigned int n; |
|
767 int cert_ch_len; |
|
768 unsigned char *cert_ch; |
|
769 |
|
770 buf=(unsigned char *)s->init_buf->data; |
|
771 |
|
772 /* We have a cert associated with the SSL, so attach it to |
|
773 * the session if it does not have one */ |
|
774 |
|
775 if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) |
|
776 { |
|
777 i=ssl2_read(s,(char *)&(buf[s->init_num]), |
|
778 SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num); |
|
779 if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num)) |
|
780 return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i)); |
|
781 s->init_num += i; |
|
782 if (s->msg_callback) |
|
783 s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* REQUEST-CERTIFICATE */ |
|
784 |
|
785 /* type=buf[0]; */ |
|
786 /* type eq x509 */ |
|
787 if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) |
|
788 { |
|
789 ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE); |
|
790 SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE); |
|
791 return(-1); |
|
792 } |
|
793 |
|
794 if ((s->cert == NULL) || |
|
795 (s->cert->key->x509 == NULL) || |
|
796 (s->cert->key->privatekey == NULL)) |
|
797 { |
|
798 s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE; |
|
799 } |
|
800 else |
|
801 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C; |
|
802 } |
|
803 |
|
804 cert_ch = buf + 2; |
|
805 cert_ch_len = s->init_num - 2; |
|
806 |
|
807 if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE) |
|
808 { |
|
809 X509 *x509=NULL; |
|
810 EVP_PKEY *pkey=NULL; |
|
811 |
|
812 /* If we get an error we need to |
|
813 * ssl->rwstate=SSL_X509_LOOKUP; |
|
814 * return(error); |
|
815 * We should then be retried when things are ok and we |
|
816 * can get a cert or not */ |
|
817 |
|
818 i=0; |
|
819 if (s->ctx->client_cert_cb != NULL) |
|
820 { |
|
821 i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); |
|
822 } |
|
823 |
|
824 if (i < 0) |
|
825 { |
|
826 s->rwstate=SSL_X509_LOOKUP; |
|
827 return(-1); |
|
828 } |
|
829 s->rwstate=SSL_NOTHING; |
|
830 |
|
831 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) |
|
832 { |
|
833 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C; |
|
834 if ( !SSL_use_certificate(s,x509) || |
|
835 !SSL_use_PrivateKey(s,pkey)) |
|
836 { |
|
837 i=0; |
|
838 } |
|
839 X509_free(x509); |
|
840 EVP_PKEY_free(pkey); |
|
841 } |
|
842 else if (i == 1) |
|
843 { |
|
844 if (x509 != NULL) X509_free(x509); |
|
845 if (pkey != NULL) EVP_PKEY_free(pkey); |
|
846 SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); |
|
847 i=0; |
|
848 } |
|
849 |
|
850 if (i == 0) |
|
851 { |
|
852 /* We have no client certificate to respond with |
|
853 * so send the correct error message back */ |
|
854 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B; |
|
855 p=buf; |
|
856 *(p++)=SSL2_MT_ERROR; |
|
857 s2n(SSL2_PE_NO_CERTIFICATE,p); |
|
858 s->init_off=0; |
|
859 s->init_num=3; |
|
860 /* Write is done at the end */ |
|
861 } |
|
862 } |
|
863 |
|
864 if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B) |
|
865 { |
|
866 return(ssl2_do_write(s)); |
|
867 } |
|
868 |
|
869 if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C) |
|
870 { |
|
871 EVP_MD_CTX ctx; |
|
872 |
|
873 /* ok, now we calculate the checksum |
|
874 * do it first so we can reuse buf :-) */ |
|
875 p=buf; |
|
876 EVP_MD_CTX_init(&ctx); |
|
877 EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL); |
|
878 EVP_SignUpdate(&ctx,s->s2->key_material, |
|
879 s->s2->key_material_length); |
|
880 EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len); |
|
881 n=i2d_X509(s->session->sess_cert->peer_key->x509,&p); |
|
882 EVP_SignUpdate(&ctx,buf,(unsigned int)n); |
|
883 |
|
884 p=buf; |
|
885 d=p+6; |
|
886 *(p++)=SSL2_MT_CLIENT_CERTIFICATE; |
|
887 *(p++)=SSL2_CT_X509_CERTIFICATE; |
|
888 n=i2d_X509(s->cert->key->x509,&d); |
|
889 s2n(n,p); |
|
890 |
|
891 if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey)) |
|
892 { |
|
893 /* this is not good. If things have failed it |
|
894 * means there so something wrong with the key. |
|
895 * We will continue with a 0 length signature |
|
896 */ |
|
897 } |
|
898 EVP_MD_CTX_cleanup(&ctx); |
|
899 s2n(n,p); |
|
900 d+=n; |
|
901 |
|
902 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D; |
|
903 s->init_num=d-buf; |
|
904 s->init_off=0; |
|
905 } |
|
906 /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */ |
|
907 return(ssl2_do_write(s)); |
|
908 } |
|
909 |
|
910 static int get_server_verify(SSL *s) |
|
911 { |
|
912 unsigned char *p; |
|
913 int i, n, len; |
|
914 |
|
915 p=(unsigned char *)s->init_buf->data; |
|
916 if (s->state == SSL2_ST_GET_SERVER_VERIFY_A) |
|
917 { |
|
918 i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num); |
|
919 if (i < (1-s->init_num)) |
|
920 return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); |
|
921 s->init_num += i; |
|
922 |
|
923 s->state= SSL2_ST_GET_SERVER_VERIFY_B; |
|
924 if (*p != SSL2_MT_SERVER_VERIFY) |
|
925 { |
|
926 if (p[0] != SSL2_MT_ERROR) |
|
927 { |
|
928 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
929 SSLerr(SSL_F_GET_SERVER_VERIFY, |
|
930 SSL_R_READ_WRONG_PACKET_TYPE); |
|
931 } |
|
932 else |
|
933 { |
|
934 SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR); |
|
935 /* try to read the error message */ |
|
936 i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); |
|
937 return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); |
|
938 } |
|
939 return(-1); |
|
940 } |
|
941 } |
|
942 |
|
943 p=(unsigned char *)s->init_buf->data; |
|
944 len = 1 + s->s2->challenge_length; |
|
945 n = len - s->init_num; |
|
946 i = ssl2_read(s,(char *)&(p[s->init_num]),n); |
|
947 if (i < n) |
|
948 return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); |
|
949 if (s->msg_callback) |
|
950 s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */ |
|
951 p += 1; |
|
952 |
|
953 if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0) |
|
954 { |
|
955 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
956 SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT); |
|
957 return(-1); |
|
958 } |
|
959 return(1); |
|
960 } |
|
961 |
|
962 static int get_server_finished(SSL *s) |
|
963 { |
|
964 unsigned char *buf; |
|
965 unsigned char *p; |
|
966 int i, n, len; |
|
967 |
|
968 buf=(unsigned char *)s->init_buf->data; |
|
969 p=buf; |
|
970 if (s->state == SSL2_ST_GET_SERVER_FINISHED_A) |
|
971 { |
|
972 i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num); |
|
973 if (i < (1-s->init_num)) |
|
974 return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); |
|
975 s->init_num += i; |
|
976 |
|
977 if (*p == SSL2_MT_REQUEST_CERTIFICATE) |
|
978 { |
|
979 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A; |
|
980 return(1); |
|
981 } |
|
982 else if (*p != SSL2_MT_SERVER_FINISHED) |
|
983 { |
|
984 if (p[0] != SSL2_MT_ERROR) |
|
985 { |
|
986 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
987 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); |
|
988 } |
|
989 else |
|
990 { |
|
991 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR); |
|
992 /* try to read the error message */ |
|
993 i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); |
|
994 return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); |
|
995 } |
|
996 return(-1); |
|
997 } |
|
998 s->state=SSL2_ST_GET_SERVER_FINISHED_B; |
|
999 } |
|
1000 |
|
1001 len = 1 + SSL2_SSL_SESSION_ID_LENGTH; |
|
1002 n = len - s->init_num; |
|
1003 i = ssl2_read(s,(char *)&(buf[s->init_num]), n); |
|
1004 if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */ |
|
1005 return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); |
|
1006 s->init_num += i; |
|
1007 if (s->msg_callback) |
|
1008 s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* SERVER-FINISHED */ |
|
1009 |
|
1010 if (!s->hit) /* new session */ |
|
1011 { |
|
1012 /* new session-id */ |
|
1013 /* Make sure we were not trying to re-use an old SSL_SESSION |
|
1014 * or bad things can happen */ |
|
1015 /* ZZZZZZZZZZZZZ */ |
|
1016 s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; |
|
1017 memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH); |
|
1018 } |
|
1019 else |
|
1020 { |
|
1021 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) |
|
1022 { |
|
1023 if ((s->session->session_id_length > sizeof s->session->session_id) |
|
1024 || (0 != memcmp(buf + 1, s->session->session_id, |
|
1025 (unsigned int)s->session->session_id_length))) |
|
1026 { |
|
1027 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
|
1028 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); |
|
1029 return(-1); |
|
1030 } |
|
1031 } |
|
1032 } |
|
1033 s->state = SSL_ST_OK; |
|
1034 return(1); |
|
1035 } |
|
1036 |
|
1037 /* loads in the certificate from the server */ |
|
1038 int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data) |
|
1039 { |
|
1040 STACK_OF(X509) *sk=NULL; |
|
1041 EVP_PKEY *pkey=NULL; |
|
1042 SESS_CERT *sc=NULL; |
|
1043 int i; |
|
1044 X509 *x509=NULL; |
|
1045 int ret=0; |
|
1046 |
|
1047 x509=d2i_X509(NULL,&data,(long)len); |
|
1048 if (x509 == NULL) |
|
1049 { |
|
1050 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB); |
|
1051 goto err; |
|
1052 } |
|
1053 |
|
1054 if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509)) |
|
1055 { |
|
1056 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
|
1057 goto err; |
|
1058 } |
|
1059 |
|
1060 i=ssl_verify_cert_chain(s,sk); |
|
1061 |
|
1062 if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) |
|
1063 { |
|
1064 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); |
|
1065 goto err; |
|
1066 } |
|
1067 ERR_clear_error(); /* but we keep s->verify_result */ |
|
1068 s->session->verify_result = s->verify_result; |
|
1069 |
|
1070 /* server's cert for this session */ |
|
1071 sc=ssl_sess_cert_new(); |
|
1072 if (sc == NULL) |
|
1073 { |
|
1074 ret= -1; |
|
1075 goto err; |
|
1076 } |
|
1077 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); |
|
1078 s->session->sess_cert=sc; |
|
1079 |
|
1080 sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509; |
|
1081 sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]); |
|
1082 |
|
1083 pkey=X509_get_pubkey(x509); |
|
1084 x509=NULL; |
|
1085 if (pkey == NULL) |
|
1086 { |
|
1087 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY); |
|
1088 goto err; |
|
1089 } |
|
1090 if (pkey->type != EVP_PKEY_RSA) |
|
1091 { |
|
1092 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA); |
|
1093 goto err; |
|
1094 } |
|
1095 |
|
1096 if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE)) |
|
1097 goto err; |
|
1098 ret=1; |
|
1099 err: |
|
1100 sk_X509_free(sk); |
|
1101 X509_free(x509); |
|
1102 EVP_PKEY_free(pkey); |
|
1103 return(ret); |
|
1104 } |
|
1105 |
|
1106 static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from, |
|
1107 unsigned char *to, int padding) |
|
1108 { |
|
1109 EVP_PKEY *pkey=NULL; |
|
1110 int i= -1; |
|
1111 |
|
1112 if ((sc == NULL) || (sc->peer_key->x509 == NULL) || |
|
1113 ((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL)) |
|
1114 { |
|
1115 SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY); |
|
1116 return(-1); |
|
1117 } |
|
1118 if (pkey->type != EVP_PKEY_RSA) |
|
1119 { |
|
1120 SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA); |
|
1121 goto end; |
|
1122 } |
|
1123 |
|
1124 /* we have the public key */ |
|
1125 i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding); |
|
1126 if (i < 0) |
|
1127 SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB); |
|
1128 end: |
|
1129 EVP_PKEY_free(pkey); |
|
1130 return(i); |
|
1131 } |
|
1132 #else /* !OPENSSL_NO_SSL2 */ |
|
1133 |
|
1134 # if PEDANTIC |
|
1135 static void *dummy=&dummy; |
|
1136 # endif |
|
1137 |
|
1138 #endif |