1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ssl/s3_clnt.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Portions of the attached software ("Contribution") are developed by 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The Contribution is licensed pursuant to the OpenSSL open source 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * license provided above. 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ECC cipher suite support in OpenSSL originally written by 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 124221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom/* ==================================================================== 125221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright 2005 Nokia. All rights reserved. 126221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 127221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * The portions of the attached software ("Contribution") is developed by 128221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * license. 130221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 131221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * support (see RFC 4279) to OpenSSL. 134221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 135221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * No patent licenses or other rights except those expressly stated in 136221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * the OpenSSL open source license shall be deemed granted or received 137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * expressly, by implication, estoppel, or otherwise. 138221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 139221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * No assurances are provided by Nokia that the Contribution does not 140221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * infringe the patent or other intellectual property rights of any third 141221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * party or that the license provides you with all the necessary rights 142221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * to make use of the Contribution. 143221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 144221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * OTHERWISE. 149221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "ssl_locl.h" 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "kssl_lcl.h" 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/buffer.h> 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/evp.h> 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/md5.h> 159392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_FIPS 160392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <openssl/fips.h> 161392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/dh.h> 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/bn.h> 166e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#ifndef OPENSSL_NO_ENGINE 167e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#include <openssl/engine.h> 168e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#endif 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 170221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic const SSL_METHOD *ssl3_get_client_method(int ver); 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 173221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic const SSL_METHOD *ssl3_get_client_method(int ver) 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ver == SSL3_VERSION) 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSLv3_client_method()); 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectIMPLEMENT_ssl3_meth_func(SSLv3_client_method, 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_undefined_function, 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_connect, 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_get_client_method) 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_connect(SSL *s) 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_MEM *buf=NULL; 189221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long Time=(unsigned long)time(NULL); 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project void (*cb)(const SSL *ssl,int type,int val)=NULL; 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret= -1; 192e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu int new_state,state,skip=0; 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RAND_add(&Time,sizeof(Time),0); 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project clear_sys_error(); 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->info_callback != NULL) 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb=s->info_callback; 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s->ctx->info_callback != NULL) 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb=s->ctx->info_callback; 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->in_handshake++; 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 205ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu#if 0 /* Send app data in separate packet, otherwise, some particular site 206ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu * (only one site so far) closes the socket. 207ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu * Note: there is a very small chance that two TCP packets 208ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu * could be arriving at server combined into a single TCP packet, 209ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu * then trigger that site to break. We haven't encounter that though. 210ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu */ 2114a25f3f3e49e952616d0d47167c157904908c156Brian Carlstrom if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) 2124a25f3f3e49e952616d0d47167c157904908c156Brian Carlstrom { 213ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu /* Send app data along with CCS/Finished */ 214ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED; 215ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu } 2164a25f3f3e49e952616d0d47167c157904908c156Brian Carlstrom#endif 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 218392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_HEARTBEATS 219392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* If we're awaiting a HeartbeatResponse, pretend we 220392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * already got and don't await it anymore, because 221392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Heartbeats don't make sense during handshakes anyway. 222392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 223392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->tlsext_hb_pending) 224392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 225392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_hb_pending = 0; 226392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->tlsext_hb_seq++; 227392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 228392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 229392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project state=s->state; 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch(s->state) 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_RENEGOTIATE: 237392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->renegotiate=1; 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL_ST_CONNECT; 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->ctx->stats.sess_connect_renegotiate++; 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break */ 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_BEFORE: 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_CONNECT: 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_BEFORE|SSL_ST_CONNECT: 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_OK|SSL_ST_CONNECT: 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->server=0; 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->version & 0xff00 ) != 0x0300) 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = -1; 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* s->version=SSL3_VERSION; */ 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->type=SSL_ST_CONNECT; 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->init_buf == NULL) 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((buf=BUF_MEM_new()) == NULL) 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_buf=buf; 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf=NULL; 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* setup buffing BIO */ 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* don't push the buffering BIO quite yet */ 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_init_finished_mac(s); 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CLNT_HELLO_A; 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->ctx->stats.sess_connect++; 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_CLNT_HELLO_A: 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_CLNT_HELLO_B: 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->shutdown=0; 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_client_hello(s); 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_SRVR_HELLO_A; 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* turn on buffering for the next lot of output */ 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->bbio != s->wbio) 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->wbio=BIO_push(s->bbio,s->wbio); 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_SRVR_HELLO_A: 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_SRVR_HELLO_B: 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_get_server_hello(s); 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 308221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->hit) 310392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_FINISHED_A; 312392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_TLSEXT 313392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->tlsext_ticket_expected) 314392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 315392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* receive renewed session ticket */ 316392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->state=SSL3_ST_CR_SESSION_TICKET_A; 317392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 318392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 319392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_CERT_A; 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_CERT_A: 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_CERT_B: 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_check_finished(s); 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == 2) 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->hit = 1; 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ticket_expected) 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_SESSION_TICKET_A; 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_FINISHED_A; 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check if it is anon DH/ECDH */ 342221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* or PSK */ 343221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 344221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_get_server_certificate(s); 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_status_expected) 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_CERT_STATUS_A; 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_KEY_EXCH_A; 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project skip = 1; 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_KEY_EXCH_A; 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project skip=1; 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_KEY_EXCH_A; 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_KEY_EXCH_A: 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_KEY_EXCH_B: 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_get_key_exchange(s); 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_CERT_REQ_A; 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* at this point we check that we have the 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * required stuff from the server */ 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl3_check_cert_and_algorithm(s)) 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_CERT_REQ_A: 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_CERT_REQ_B: 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_get_certificate_request(s); 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_SRVR_DONE_A; 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_SRVR_DONE_A: 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_SRVR_DONE_B: 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_get_server_done(s); 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 397392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 398392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) 399392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 400392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((ret = SRP_Calc_A_param(s))<=0) 401392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 402392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SRP_A_CALC); 403392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR); 404392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto end; 405392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 406392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 407392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->tmp.cert_req) 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CERT_A; 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_KEY_EXCH_A; 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_CERT_A: 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_CERT_B: 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_CERT_C: 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_CERT_D: 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_send_client_certificate(s); 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_KEY_EXCH_A; 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_KEY_EXCH_A: 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_KEY_EXCH_B: 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_send_client_key_exchange(s); 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* EAY EAY EAY need to check for DH fix cert 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * sent back */ 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* For TLS, cert_req is set to 2, so a cert chain 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * of nothing is sent, but no verify packet is sent */ 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* XXX: For now, we do not support client 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * authentication in ECDH cipher suites with 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ECDH (rather than ECDSA) certificates. 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * We need to skip the certificate verify 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * message when client's ECDH public key is sent 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * inside the client certificate. 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->tmp.cert_req == 1) 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CERT_VRFY_A; 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CHANGE_A; 448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->change_cipher_spec=0; 449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 450221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) 451221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 452221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->state=SSL3_ST_CW_CHANGE_A; 453221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->change_cipher_spec=0; 454221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_CERT_VRFY_A: 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_CERT_VRFY_B: 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_send_client_verify(s); 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CHANGE_A; 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->change_cipher_spec=0; 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_CHANGE_A: 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_CHANGE_B: 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_send_change_cipher_spec(s, 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 473bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 474392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 475bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_FINISHED_A; 477bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#else 478392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->s3->next_proto_neg_seen) 479bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->state=SSL3_ST_CW_NEXT_PROTO_A; 480bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen else 481bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->state=SSL3_ST_CW_FINISHED_A; 482bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->cipher=s->s3->tmp.new_cipher; 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_NO_COMP 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->compress_meth=0; 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->tmp.new_compression == NULL) 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->compress_meth=0; 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->compress_meth= 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.new_compression->id; 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->method->ssl3_enc->setup_key_block(s)) 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->method->ssl3_enc->change_cipher_state(s, 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_CHANGE_CIPHER_CLIENT_WRITE)) 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 510bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 511bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen case SSL3_ST_CW_NEXT_PROTO_A: 512bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen case SSL3_ST_CW_NEXT_PROTO_B: 513bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen ret=ssl3_send_next_proto(s); 514bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (ret <= 0) goto end; 515bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->state=SSL3_ST_CW_FINISHED_A; 516bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen break; 517bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 518bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_FINISHED_A: 520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_FINISHED_B: 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_send_finished(s, 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl3_enc->client_finished_label, 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl3_enc->client_finished_label_len); 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_FLUSH; 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* clear flags */ 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->hit) 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.next_state=SSL_ST_OK; 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL_ST_OK; 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->delay_buf_pop_ret=0; 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 5424a25f3f3e49e952616d0d47167c157904908c156Brian Carlstrom if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128 543d635a5e0e6a4232010f71715d04767b40af66973Brian Carlstrom && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */ 544d635a5e0e6a4232010f71715d04767b40af66973Brian Carlstrom ) 545ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu { 546ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) 547ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu { 548ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->state=SSL3_ST_CUTTHROUGH_COMPLETE; 549ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 550ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->s3->delay_buf_pop_ret=0; 551ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu } 552ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu else 553ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu { 554ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->s3->tmp.next_state=SSL3_ST_CUTTHROUGH_COMPLETE; 555ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu } 556ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu } 5577f9d8bc8c32fa4196cff8a8f1c64c5183eefad9eBrian Carlstrom else 558ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu { 559ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu#ifndef OPENSSL_NO_TLSEXT 560ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu /* Allow NewSessionTicket if ticket expected */ 561ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu if (s->tlsext_ticket_expected) 562ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; 563ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu else 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 565ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; 566ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu } 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_SESSION_TICKET_A: 573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_SESSION_TICKET_B: 574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_get_new_session_ticket(s); 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_FINISHED_A; 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_CERT_STATUS_A: 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_CERT_STATUS_B: 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_get_cert_status(s); 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CR_KEY_EXCH_A; 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_FINISHED_A: 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CR_FINISHED_B: 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_FINISHED_B); 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->hit) 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CHANGE_A; 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL_ST_OK; 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_ST_CW_FLUSH: 60498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->rwstate=SSL_WRITING; 60598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (BIO_flush(s->wbio) <= 0) 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 60798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ret= -1; 60898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto end; 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 61098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->rwstate=SSL_NOTHING; 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=s->s3->tmp.next_state; 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 614ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu case SSL3_ST_CUTTHROUGH_COMPLETE: 615ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu#ifndef OPENSSL_NO_TLSEXT 616ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu /* Allow NewSessionTicket if ticket expected */ 617ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu if (s->tlsext_ticket_expected) 618ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->state=SSL3_ST_CR_SESSION_TICKET_A; 619ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu else 620ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu#endif 621ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->state=SSL3_ST_CR_FINISHED_A; 622ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu 623ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu /* SSL_write() will take care of flushing buffered data if 624ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu * DELAY_CLIENT_FINISHED is set. 625ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu */ 626ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu if (!(s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)) 627ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu ssl_free_wbio_buffer(s); 628ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu ret = 1; 629ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu goto end; 630ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu /* break; */ 631ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_OK: 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* clean a few things up */ 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_cleanup_key_block(s); 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->init_buf != NULL) 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_MEM_free(s->init_buf); 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_buf=NULL; 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If we are not 'joining' the last two packets, 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * remove the buffering now */ 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_free_wbio_buffer(s); 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* else do it later in ssl3_write */ 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 649392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->renegotiate=0; 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->new_session=0; 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->hit) s->ctx->stats.sess_hit++; 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* s->server=0; */ 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->handshake_func=ssl3_connect; 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->ctx->stats.sess_connect_good++; 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break; */ 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break; */ 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* did we do anything */ 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->s3->tmp.reuse_message && !skip) 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->debug) 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret=BIO_flush(s->wbio)) <= 0) 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((cb != NULL) && (s->state != state)) 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project new_state=s->state; 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=state; 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb(s,SSL_CB_CONNECT_LOOP,1); 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=new_state; 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project skip=0; 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectend: 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->in_handshake--; 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != NULL) 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_MEM_free(buf); 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cb != NULL) 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb(s,SSL_CB_CONNECT_EXIT,ret); 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_client_hello(SSL *s) 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *buf; 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p,*d; 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long Time,l; 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_COMP 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int j; 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_COMP *comp; 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf=(unsigned char *)s->init_buf->data; 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 71598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_SESSION *sess = s->session; 71698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if ((sess == NULL) || 71798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom (sess->ssl_version != s->version) || 71898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#ifdef OPENSSL_NO_TLSEXT 71998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom !sess->session_id_length || 72098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#else 72198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom (!sess->session_id_length && !sess->tlsext_tick) || 72298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#endif 72398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom (sess->not_resumable)) 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 725fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom if (!s->session_creation_enabled) 726fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom { 727fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 728fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); 729fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom goto err; 730fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom } 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl_get_new_session(s,0)) 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* else use the pre-loaded session */ 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=s->s3->client_random; 737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Time=(unsigned long)time(NULL); /* Time */ 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l2n(Time,p); 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Do the message type and length last */ 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d=p= &(buf[4]); 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 745392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* version indicates the negotiated version: for example from 746392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * an SSLv2/v3 compatible client hello). The client_version 747392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * field is the maximum version we permit and it is also 748392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * used in RSA encrypted premaster secrets. Some servers can 749392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * choke if we initially report a higher version then 750392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * renegotiate to a lower one in the premaster secret. This 751392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * didn't happen with TLS 1.0 as most servers supported it 752392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * but it can with TLS 1.1 or later if the server only supports 753392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 1.0. 754392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 755392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Possible scenario with previous logic: 756392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 1. Client hello indicates TLS 1.2 757392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2. Server hello says TLS 1.0 758392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 3. RSA encrypted premaster secret uses 1.2. 759392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 4. Handhaked proceeds using TLS 1.0. 760392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 5. Server sends hello request to renegotiate. 761392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 6. Client hello indicates TLS v1.0 as we now 762392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * know that is maximum server supports. 763392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 7. Server chokes on RSA encrypted premaster secret 764392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * containing version 1.0. 765392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 766392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * For interoperability it should be OK to always use the 767392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * maximum version we support in client hello and then rely 768392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * on the checking of version to ensure the servers isn't 769392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * being inconsistent: for example initially negotiating with 770392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * TLS 1.0 and renegotiating with TLS 1.2. We do this by using 771392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * client_version in client hello and not resetting it to 772392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * the negotiated version. 773392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 774392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#if 0 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=s->version>>8; 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=s->version&0xff; 777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->client_version=s->version; 778392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#else 779392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *(p++)=s->client_version>>8; 780392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *(p++)=s->client_version&0xff; 781392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Random stuff */ 784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=SSL3_RANDOM_SIZE; 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Session ID */ 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->new_session) 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=0; 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=s->session->session_id_length; 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=i; 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i != 0) 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i > (int)sizeof(s->session->session_id)) 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(p,s->session->session_id,i); 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=i; 802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Ciphers supported */ 805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); 806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == 0) 807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 811a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH 812a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom /* Some servers hang if client hello > 256 bytes 813a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom * as hack workaround chop number of supported ciphers 814a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom * to keep it well below this if we use TLS v1.2 815a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom */ 816a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom if (TLS1_get_version(s) >= TLS1_2_VERSION 817a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) 818a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; 819a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom#endif 820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(i,p); 821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=i; 822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* COMPRESSION */ 824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_NO_COMP 825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=1; 826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 827221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 828221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->options & SSL_OP_NO_COMPRESSION) 829221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom || !s->ctx->comp_methods) 830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=0; 831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=sk_SSL_COMP_num(s->ctx->comp_methods); 833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=1+j; 834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<j; i++) 835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=comp->id; 838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=0; /* Add the NULL method */ 841221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 843221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* TLS extensions*/ 844221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ssl_prepare_clienthello_tlsext(s) <= 0) 845221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 846221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); 847221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 848221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 854221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 855221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=(p-d); 857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d=buf; 858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=SSL3_MT_CLIENT_HELLO; 859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l2n3(l,d); 860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CLNT_HELLO_B; 862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* number of bytes to write */ 863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=p-buf; 864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_off=0; 865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSL3_ST_CW_CLNT_HELLO_B */ 868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_get_server_hello(SSL *s) 874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(SSL_CIPHER) *sk; 876221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const SSL_CIPHER *c; 877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p,*d; 878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i,al,ok; 879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int j; 880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long n; 881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_COMP 882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_COMP *comp; 883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=s->method->ssl_get_message(s, 886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_SRVR_HELLO_A, 887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_SRVR_HELLO_B, 888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project -1, 889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 20000, /* ?? */ 890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ok); 891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ok) return((int)n); 893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 89498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) 897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( s->d1->send_cookie == 0) 899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.reuse_message = 1; 901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else /* already sent a cookie */ 904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_UNEXPECTED_MESSAGE; 906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); 907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) 913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_UNEXPECTED_MESSAGE; 915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); 916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d=p=(unsigned char *)s->init_msg; 920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) 922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION); 924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=(s->version&0xff00)|p[1]; 925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_PROTOCOL_VERSION; 926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=2; 929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* load the server hello data */ 931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* load the server random */ 932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE); 933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=SSL3_RANDOM_SIZE; 934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* get the session-id */ 936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j= *(p++); 937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) 939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_ILLEGAL_PARAMETER; 941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); 942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 945221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_TLSEXT 946221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* check if we want to resume the session based on external pre-shared secret */ 947221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) 948221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 949221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CIPHER *pref_cipher=NULL; 950221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->master_key_length=sizeof(s->session->master_key); 951221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tls_session_secret_cb(s, s->session->master_key, 952221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &s->session->master_key_length, 953221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NULL, &pref_cipher, 954221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->tls_session_secret_cb_arg)) 955221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 956221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->cipher = pref_cipher ? 957221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom pref_cipher : ssl_get_cipher_by_char(s, p+j); 958221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 959221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 960221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_TLSEXT */ 961221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j != 0 && j == s->session->session_id_length 963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && memcmp(p,s->session->session_id,j) == 0) 964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(s->sid_ctx_length != s->session->sid_ctx_length 966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) 967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* actually a client application bug */ 969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_ILLEGAL_PARAMETER; 970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); 971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->hit=1; 974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else /* a miss or crap from the other end */ 976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If we were trying for session-id reuse, make a new 978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SSL_SESSION so we don't stuff up other people */ 979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->hit=0; 980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->session_id_length > 0) 981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 982fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom if (!s->session_creation_enabled) 983fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom { 984fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 985fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); 986fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom goto err; 987fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom } 988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl_get_new_session(s,0)) 989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_INTERNAL_ERROR; 991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->session_id_length=j; 995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->session->session_id,p,j); /* j could be 0 */ 996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=j; 998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c=ssl_get_cipher_by_char(s,p); 999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c == NULL) 1000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* unknown cipher */ 1002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_ILLEGAL_PARAMETER; 1003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); 1004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1006392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* TLS v1.2 only ciphersuites require v1.2 or later */ 1007392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((c->algorithm_ssl & SSL_TLSV1_2) && 1008392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (TLS1_get_version(s) < TLS1_2_VERSION)) 1009392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1010392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom al=SSL_AD_ILLEGAL_PARAMETER; 1011392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); 1012392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto f_err; 1013392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=ssl_put_cipher_by_char(s,NULL,NULL); 1015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=ssl_get_ciphers_by_id(s); 1017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=sk_SSL_CIPHER_find(sk,c); 1018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) 1019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we did not say we would use this cipher */ 1021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_ILLEGAL_PARAMETER; 1022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); 1023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Depending on the session caching (internal/external), the cipher 1027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project and/or cipher_id values may not be set. Make sure that 1028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cipher_id is set and use it for comparison. */ 1029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->cipher) 1030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->cipher_id = s->session->cipher->id; 1031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->hit && (s->session->cipher_id != c->id)) 1032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1033976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom/* Workaround is now obsolete */ 1034976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom#if 0 1035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(s->options & 1036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) 1037976a034585c7e8ff9dda5ebe032f399b78887f70Brian Carlstrom#endif 1038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_ILLEGAL_PARAMETER; 1040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 1041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.new_cipher=c; 1045392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Don't digest cached records if TLS v1.2: we may need them for 1046392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * client authentication. 1047392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 1048392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) 1049221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto f_err; 1050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* lets get the compression algorithm */ 1051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* COMPRESSION */ 1052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_NO_COMP 1053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*(p++) != 0) 1054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1055656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_ILLEGAL_PARAMETER; 1056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 1057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1059221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If compression is disabled we'd better not try to resume a session 1060221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * using compression. 1061221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 1062221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->session->compress_meth != 0) 1063221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1064221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al=SSL_AD_INTERNAL_ERROR; 1065221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION); 1066221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto f_err; 1067221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 1069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j= *(p++); 1070221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->hit && j != s->session->compress_meth) 1071221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1072221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al=SSL_AD_ILLEGAL_PARAMETER; 1073221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); 1074221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto f_err; 1075221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j == 0) 1077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project comp=NULL; 1078221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (s->options & SSL_OP_NO_COMPRESSION) 1079221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1080221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al=SSL_AD_ILLEGAL_PARAMETER; 1081221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED); 1082221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto f_err; 1083221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project comp=ssl3_comp_find(s->ctx->comp_methods,j); 1086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((j != 0) && (comp == NULL)) 1088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1089656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_ILLEGAL_PARAMETER; 1090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 1091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.new_compression=comp; 1096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1097656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1098221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1099656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* TLS extensions*/ 110198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->version >= SSL3_VERSION) 1102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) 1104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 'al' set by ssl_parse_serverhello_tlsext */ 1106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT); 1107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl_check_serverhello_tlsext(s) <= 0) 1110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); 1112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p != (d+n)) 1118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* wrong packet length */ 1120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); 11227b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom goto f_err; 1123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 1126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectf_err: 1127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 1128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 1129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 1130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_get_server_certificate(SSL *s) 1133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int al,i,ok,ret= -1; 1135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long n,nc,llen,l; 1136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x=NULL; 1137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *q,*p; 1138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *d; 1139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509) *sk=NULL; 1140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SESS_CERT *sc; 1141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pkey=NULL; 1142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ 1143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=s->method->ssl_get_message(s, 1145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_CERT_A, 1146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_CERT_B, 1147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project -1, 1148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->max_cert_list, 1149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ok); 1150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ok) return((int)n); 1152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || 1154221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && 1155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) 1156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.reuse_message=1; 1158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 1159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) 1162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_UNEXPECTED_MESSAGE; 1164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); 1165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=d=(unsigned char *)s->init_msg; 1168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((sk=sk_X509_new_null()) == NULL) 1170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); 1172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2l3(p,llen); 1176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (llen+3 != n) 1177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH); 1180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (nc=0; nc<llen; ) 1183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2l3(p,l); 1185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((l+nc+3) > llen) 1186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); 1189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project q=p; 1193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x=d2i_X509(NULL,&q,l); 1194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (x == NULL) 1195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_BAD_CERTIFICATE; 1197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB); 1198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (q != (p+l)) 1201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); 1204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_X509_push(sk,x)) 1207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); 1209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x=NULL; 1212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project nc+=l+3; 1213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=q; 1214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=ssl_verify_cert_chain(s,sk); 1217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) 1218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 1219221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && 1220221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* OPENSSL_NO_KRB5 */ 1222221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ) 1223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=ssl_verify_alarm_type(s->verify_result); 1225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); 1226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); /* but we keep s->verify_result */ 1229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sc=ssl_sess_cert_new(); 1231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sc == NULL) goto err; 1232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); 1234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->sess_cert=sc; 1235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sc->cert_chain=sk; 1237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Inconsistency alert: cert_chain does include the peer's 1238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * certificate, which we don't include in s3_srvr.c */ 1239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x=sk_X509_value(sk,0); 1240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=NULL; 1241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ 1242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey=X509_get_pubkey(x); 1244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* VRS: allow null cert if auth == KRB5 */ 1246221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && 1247221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1248221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ? 0 : 1; 1249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef KSSL_DEBUG 1251221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom printf("pkey,x = %p, %p\n", pkey,x); 1252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); 1253221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name, 1254221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert); 1255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* KSSL_DEBUG */ 1256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) 1258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x=NULL; 1260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL3_AL_FATAL; 1261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); 1263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=ssl_cert_type(x,pkey); 1267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (need_cert && i < 0) 1268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x=NULL; 1270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL3_AL_FATAL; 1271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_R_UNKNOWN_CERTIFICATE_TYPE); 1273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (need_cert) 1277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sc->peer_cert_type=i; 1279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 1280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Why would the following ever happen? 1281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * We just created sc a couple of lines ago. */ 1282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sc->peer_pkeys[i].x509 != NULL) 1283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(sc->peer_pkeys[i].x509); 1284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sc->peer_pkeys[i].x509=x; 1285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sc->peer_key= &(sc->peer_pkeys[i]); 1286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->peer != NULL) 1288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(s->session->peer); 1289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 1290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->peer=x; 1291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sc->peer_cert_type=i; 1295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sc->peer_key= NULL; 1296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->peer != NULL) 1298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(s->session->peer); 1299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->peer=NULL; 1300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->verify_result = s->verify_result; 1302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x=NULL; 1304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 1305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0) 1307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectf_err: 1309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 1310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 1312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pkey); 1313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(x); 1314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_pop_free(sk,X509_free); 1315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 1316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_get_key_exchange(SSL *s) 1319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 1321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; 1322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_MD_CTX md_ctx; 1324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *param,*p; 1325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int al,i,j,param_len,ok; 1326221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long n,alg_k,alg_a; 1327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pkey=NULL; 1328392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const EVP_MD *md = NULL; 1329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 1330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA *rsa=NULL; 1331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 1333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH *dh=NULL; 1334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 1336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY *ecdh = NULL; 1337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *bn_ctx = NULL; 1338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT *srvr_ecpoint = NULL; 1339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int curve_nid = 0; 1340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int encoded_pt_len = 0; 1341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* use same message size as in ssl3_get_certificate_request() 1344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as ServerKeyExchange message may be skipped */ 1345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=s->method->ssl_get_message(s, 1346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_KEY_EXCH_A, 1347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_KEY_EXCH_B, 1348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project -1, 1349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->max_cert_list, 1350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ok); 1351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ok) return((int)n); 1352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) 1354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1355221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 1356221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* In plain PSK ciphersuite, ServerKeyExchange can be 1357221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom omitted if no identity hint is sent. Set 1358221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom session->sess_cert anyway to avoid problems 1359221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom later.*/ 1360221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) 1361221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1362221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->sess_cert=ssl_sess_cert_new(); 1363221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->psk_identity_hint) 1364221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->ctx->psk_identity_hint); 1365221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->ctx->psk_identity_hint = NULL; 1366221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1367221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.reuse_message=1; 1369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 1370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project param=p=(unsigned char *)s->init_msg; 1373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->sess_cert != NULL) 1374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 1376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->sess_cert->peer_rsa_tmp != NULL) 1377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_free(s->session->sess_cert->peer_rsa_tmp); 1379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->sess_cert->peer_rsa_tmp=NULL; 1380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 1383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->sess_cert->peer_dh_tmp) 1384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH_free(s->session->sess_cert->peer_dh_tmp); 1386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->sess_cert->peer_dh_tmp=NULL; 1387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 1390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->sess_cert->peer_ecdh_tmp) 1391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); 1393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->sess_cert->peer_ecdh_tmp=NULL; 1394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->sess_cert=ssl_sess_cert_new(); 1400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project param_len=0; 1403221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 1404221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_a=s->s3->tmp.new_cipher->algorithm_auth; 1405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_MD_CTX_init(&md_ctx); 1406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1407221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 1408221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (alg_k & SSL_kPSK) 1409221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1410221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1]; 1411221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1412221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al=SSL_AD_HANDSHAKE_FAILURE; 1413221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n2s(p,i); 1414221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom param_len=i+2; 1415221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Store PSK identity hint for later use, hint is used 1416221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * in ssl3_send_client_key_exchange. Assume that the 1417221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * maximum length of a PSK identity hint can be as 1418221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * long as the maximum length of a PSK identity. */ 1419221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (i > PSK_MAX_IDENTITY_LEN) 1420221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1421221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1422221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_R_DATA_LENGTH_TOO_LONG); 1423221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto f_err; 1424221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1425221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (param_len > n) 1426221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1427221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom al=SSL_AD_DECODE_ERROR; 1428221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1429221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); 1430221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto f_err; 1431221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1432221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If received PSK identity hint contains NULL 1433221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * characters, the hint is truncated from the first 1434221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * NULL. p may not be ending with NULL, so create a 1435221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * NULL-terminated string. */ 1436221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(tmp_id_hint, p, i); 1437221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i); 1438221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->psk_identity_hint != NULL) 1439221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->ctx->psk_identity_hint); 1440221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); 1441221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->psk_identity_hint == NULL) 1442221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1443221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1444221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto f_err; 1445221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1446221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1447221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom p+=i; 1448221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n-=param_len; 1449221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1450221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 1451221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* !OPENSSL_NO_PSK */ 1452392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 1453392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (alg_k & SSL_kSRP) 1454392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1455392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(p,i); 1456392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom param_len=i+2; 1457392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (param_len > n) 1458392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1459392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom al=SSL_AD_DECODE_ERROR; 1460392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH); 1461392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto f_err; 1462392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1463392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL))) 1464392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1465392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1466392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 1467392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1468392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p+=i; 1469392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1470392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(p,i); 1471392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom param_len+=i+2; 1472392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (param_len > n) 1473392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1474392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom al=SSL_AD_DECODE_ERROR; 1475392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH); 1476392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto f_err; 1477392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1478392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL))) 1479392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1480392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1481392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 1482392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1483392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p+=i; 1484392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1485392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom i = (unsigned int)(p[0]); 1486392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p++; 1487392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom param_len+=i+1; 1488392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (param_len > n) 1489392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1490392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom al=SSL_AD_DECODE_ERROR; 1491392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH); 1492392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto f_err; 1493392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1494392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL))) 1495392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1496392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1497392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 1498392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1499392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p+=i; 1500392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1501392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(p,i); 1502392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom param_len+=i+2; 1503392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (param_len > n) 1504392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1505392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom al=SSL_AD_DECODE_ERROR; 1506392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH); 1507392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto f_err; 1508392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1509392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL))) 1510392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1511392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1512392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 1513392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1514392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p+=i; 1515392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n-=param_len; 1516392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1517392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* We must check if there is a certificate */ 1518392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_RSA 1519392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (alg_a & SSL_aRSA) 1520392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1521392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#else 1522392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (0) 1523392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ; 1524392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1525392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_DSA 1526392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (alg_a & SSL_aDSS) 1527392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1528392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1529392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1530392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 1531392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif /* !OPENSSL_NO_SRP */ 1532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 1533221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (alg_k & SSL_kRSA) 1534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((rsa=RSA_new()) == NULL) 1536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); 1538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,i); 1541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project param_len=i+2; 1542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (param_len > n) 1543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); 1546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) 1549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=i; 1554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,i); 1556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project param_len+=i+2; 1557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (param_len > n) 1558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); 1561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) 1564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=i; 1569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n-=param_len; 1570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* this should be because we are using an export cipher */ 1572221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (alg_a & SSL_aRSA) 1573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 1577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->sess_cert->peer_rsa_tmp=rsa; 1580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa=NULL; 1581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else /* OPENSSL_NO_RSA */ 1583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0) 1584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ; 1585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 1587221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k & SSL_kEDH) 1588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dh=DH_new()) == NULL) 1590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); 1592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,i); 1595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project param_len=i+2; 1596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (param_len > n) 1597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); 1600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(dh->p=BN_bin2bn(p,i,NULL))) 1603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=i; 1608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,i); 1610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project param_len+=i+2; 1611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (param_len > n) 1612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); 1615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(dh->g=BN_bin2bn(p,i,NULL))) 1618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=i; 1623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,i); 1625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project param_len+=i+2; 1626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (param_len > n) 1627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); 1630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) 1633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=i; 1638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n-=param_len; 1639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 1641221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (alg_a & SSL_aRSA) 1642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 1644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0) 1645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ; 1646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DSA 1648221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_a & SSL_aDSS) 1649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* else anonymous DH, so no certificate or pkey. */ 1652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->sess_cert->peer_dh_tmp=dh; 1654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh=NULL; 1655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1656221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) 1657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_ILLEGAL_PARAMETER; 1659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* !OPENSSL_NO_DH */ 1663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 1665221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k & SSL_kEECDH) 1666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP *ngroup; 1668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const EC_GROUP *group; 1669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ecdh=EC_KEY_new()) == NULL) 1671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); 1673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Extract elliptic curve parameters and the 1677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * server's ephemeral ECDH public key. 1678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Keep accumulating lengths of various components in 1679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * param_len and make sure it never exceeds n. 1680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* XXX: For now we only support named (not generic) curves 1683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and the ECParameters in this case is just three bytes. 1684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project param_len=3; 1686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((param_len > n) || 1687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (*p != NAMED_CURVE_TYPE) || 1688221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) 1689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_INTERNAL_ERROR; 1691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ngroup = EC_GROUP_new_by_curve_name(curve_nid); 1696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ngroup == NULL) 1697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); 1699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EC_KEY_set_group(ecdh, ngroup) == 0) 1702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); 1704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_GROUP_free(ngroup); 1707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project group = EC_KEY_get0_group(ecdh); 1709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 1711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (EC_GROUP_get_degree(group) > 163)) 1712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_EXPORT_RESTRICTION; 1714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); 1715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=3; 1719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Next, get the encoded ECPoint */ 1721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || 1722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((bn_ctx = BN_CTX_new()) == NULL)) 1723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); 1725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project encoded_pt_len = *p; /* length of encoded point */ 1729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=1; 1730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project param_len += (1 + encoded_pt_len); 1731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((param_len > n) || 1732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (EC_POINT_oct2point(group, srvr_ecpoint, 1733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p, encoded_pt_len, bn_ctx) == 0)) 1734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT); 1737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n-=param_len; 1741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=encoded_pt_len; 1742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* The ECC/TLS specification does not mention 1744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the use of DSA to sign ECParameters in the server 1745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * key exchange message. We do support RSA and ECDSA. 1746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0) ; 1748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 1749221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_a & SSL_aRSA) 1750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDSA 1753221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_a & SSL_aECDSA) 1754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* else anonymous ECDH, so no certificate or pkey. */ 1757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY_set_public_key(ecdh, srvr_ecpoint); 1758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->sess_cert->peer_ecdh_tmp=ecdh; 1759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ecdh=NULL; 1760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(bn_ctx); 176143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom bn_ctx = NULL; 1762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_free(srvr_ecpoint); 1763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project srvr_ecpoint = NULL; 1764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1765221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k) 1766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_UNEXPECTED_MESSAGE; 1768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); 1769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* !OPENSSL_NO_ECDH */ 1772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* p points to the next byte, there are 'n' bytes left */ 1775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* if it was signed, check the signature */ 1777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (pkey != NULL) 1778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1779392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (TLS1_get_version(s) >= TLS1_2_VERSION) 1780392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1781392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int sigalg = tls12_get_sigid(pkey); 1782392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Should never happen */ 1783392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (sigalg == -1) 1784392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1785392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 1786392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 1787392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1788392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Check key type is consistent with signature */ 1789392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (sigalg != (int)p[1]) 1790392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1791392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_TYPE); 1792392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom al=SSL_AD_DECODE_ERROR; 1793392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto f_err; 1794392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1795392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom md = tls12_get_hash(p[0]); 1796392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (md == NULL) 1797392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1798392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST); 1799392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom al=SSL_AD_DECODE_ERROR; 1800392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto f_err; 1801392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1802392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef SSL_DEBUG 1803392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromfprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); 1804392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1805392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p += 2; 1806392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n -= 2; 1807392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1808392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 1809392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom md = EVP_sha1(); 1810392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,i); 1812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n-=2; 1813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=EVP_PKEY_size(pkey); 1814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((i != n) || (n > j) || (n <= 0)) 1816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* wrong packet length */ 1818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); 1820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 1824392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) 1825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int num; 1827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=0; 1829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project q=md_buf; 1830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (num=2; num > 0; num--) 1831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1832392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EVP_MD_CTX_set_flags(&md_ctx, 1833392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 1834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DigestInit_ex(&md_ctx,(num == 2) 1835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ?s->ctx->md5:s->ctx->sha1, NULL); 1836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DigestUpdate(&md_ctx,param,param_len); 1839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); 1840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project q+=i; 1841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j+=i; 1842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, 1844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey->pkey.rsa); 1845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) 1846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECRYPT_ERROR; 1848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); 1849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == 0) 1852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* bad signature */ 1854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECRYPT_ERROR; 1855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); 1856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1862392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EVP_VerifyInit_ex(&md_ctx, md, NULL); 1863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_VerifyUpdate(&md_ctx,param,param_len); 1866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) 1867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* bad signature */ 1869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECRYPT_ERROR; 1870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); 1871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1877221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) 1878221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* aNULL or kPSK do not need public keys */ 1879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 1881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1883221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* still data left over */ 1884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n != 0) 1885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_DECODE_ERROR; 1887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); 1888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 1889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pkey); 1892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_MD_CTX_cleanup(&md_ctx); 1893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 1894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectf_err: 1895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 1896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 1897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pkey); 1898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 1899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa != NULL) 1900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_free(rsa); 1901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 1903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dh != NULL) 1904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH_free(dh); 1905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 1907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(bn_ctx); 1908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_free(srvr_ecpoint); 1909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ecdh != NULL) 1910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY_free(ecdh); 1911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_MD_CTX_cleanup(&md_ctx); 1913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 1914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_get_certificate_request(SSL *s) 1917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok,ret=0; 1919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long n,nc,l; 1920392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned int llen, ctype_num,i; 1921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *xn=NULL; 1922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *p,*q; 1923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *d; 1924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509_NAME) *ca_sk=NULL; 1925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=s->method->ssl_get_message(s, 1927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_CERT_REQ_A, 1928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_CERT_REQ_B, 1929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project -1, 1930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->max_cert_list, 1931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ok); 1932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ok) return((int)n); 1934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.cert_req=0; 1936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) 1938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.reuse_message=1; 1940392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* If we get here we don't need any cached handshake records 1941392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * as we wont be doing client auth. 1942392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 1943392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->s3->handshake_buffer) 1944392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1945392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!ssl3_digest_cached_records(s)) 1946392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 1947392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 1949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) 1952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE); 1955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* TLS does not like anon-DH with client cert */ 1959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->version > SSL3_VERSION) 1960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1961221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) 1962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=d=(unsigned char *)s->init_msg; 1970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) 1972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); 1974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* get the certificate types */ 1978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctype_num= *(p++); 1979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctype_num > SSL3_CT_NUMBER) 1980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctype_num=SSL3_CT_NUMBER; 1981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<ctype_num; i++) 1982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.ctype[i]= p[i]; 1983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=ctype_num; 1984392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (TLS1_get_version(s) >= TLS1_2_VERSION) 1985392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1986392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(p, llen); 1987392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Check we have enough room for signature algorithms and 1988392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * following length value. 1989392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 1990392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((unsigned long)(p - d + llen + 2) > n) 1991392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1992392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1993392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG); 1994392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 1995392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1996392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) 1997392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1998392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1999392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_SIGNATURE_ALGORITHMS_ERROR); 2000392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 2001392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2002392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p += llen; 2003392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* get the CA RDNs */ 2006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,llen); 2007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 2008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 2009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectFILE *out; 2010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectout=fopen("/tmp/vsign.der","w"); 2011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectfwrite(p,1,llen,out); 2012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectfclose(out); 2013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 2014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2016392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((unsigned long)(p - d + llen) != n) 2017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 2019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH); 2020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (nc=0; nc<llen; ) 2024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,l); 2026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((l+nc+2) > llen) 2027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) 2029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto cont; /* netscape bugs */ 2030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 2031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG); 2032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2033656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2034656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project q=p; 2036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2037656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) 2038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If netscape tolerance is on, ignore errors */ 2040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) 2041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto cont; 2042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 2045656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB); 2046656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2047656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2048656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (q != (p+l)) 2051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 2053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); 2054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2055656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_X509_NAME_push(ca_sk,xn)) 2057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); 2059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=l; 2063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project nc+=l+2; 2064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0) 2067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectcont: 2069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 2070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we should setup a certificate to return.... */ 2073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.cert_req=1; 2074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.ctype_num=ctype_num; 2075656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->tmp.ca_names != NULL) 2076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.ca_names=ca_sk; 2078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ca_sk=NULL; 2079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 2081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); 2083656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 2084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) 2087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509_NAME_cmp(*a,*b)); 2089656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 2091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_get_new_session_ticket(SSL *s) 2092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok,al,ret=0, ticklen; 2094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long n; 2095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *p; 2096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *d; 2097656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2098656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=s->method->ssl_get_message(s, 2099656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_SESSION_TICKET_A, 2100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_SESSION_TICKET_B, 2101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project -1, 2102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 16384, 2103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ok); 2104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ok) 2106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return((int)n); 2107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->tmp.message_type == SSL3_MT_FINISHED) 2109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.reuse_message=1; 2111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 2112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) 2114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al=SSL_AD_UNEXPECTED_MESSAGE; 2116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE); 2117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 2118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n < 6) 2120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* need at least ticket_lifetime_hint + ticket length */ 21227b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom al = SSL_AD_DECODE_ERROR; 2123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); 2124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 2125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 212698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 2127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=d=(unsigned char *)s->init_msg; 2128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2l(p, s->session->tlsext_tick_lifetime_hint); 2129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p, ticklen); 2130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* ticket_lifetime_hint + ticket_length + ticket */ 2131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ticklen + 6 != n) 2132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 21337b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom al = SSL_AD_DECODE_ERROR; 2134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); 2135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 2136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->tlsext_tick) 2138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->session->tlsext_tick); 2140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_ticklen = 0; 2141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_tick = OPENSSL_malloc(ticklen); 2143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->session->tlsext_tick) 2144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE); 2146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->session->tlsext_tick, p, ticklen); 2149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_ticklen = ticklen; 215098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* There are two ways to detect a resumed ticket sesion. 215198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * One is to set an appropriate session ID and then the server 215298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * must return a match in ServerHello. This allows the normal 215398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * client session ID matching to work and we know much 215498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * earlier that the ticket has been accepted. 215598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * 215698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * The other way is to set zero length session ID when the 215798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * ticket is presented and rely on the handshake to determine 215898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * session resumption. 215998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * 216098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * We choose the former approach because this fits in with 216198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * assumptions elsewhere in OpenSSL. The session ID is set 216298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the 216398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * ticket. 216498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom */ 216598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom EVP_Digest(p, ticklen, 216698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->session->session_id, &s->session->session_id_length, 216798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#ifndef OPENSSL_NO_SHA256 216898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom EVP_sha256(), NULL); 216998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#else 217098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom EVP_sha1(), NULL); 217198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#endif 2172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 2173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 2174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectf_err: 2175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 2176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 2178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_get_cert_status(SSL *s) 2181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok, al; 2183221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long resplen,n; 2184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const unsigned char *p; 2185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=s->method->ssl_get_message(s, 2187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_CERT_STATUS_A, 2188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_CERT_STATUS_B, 2189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_MT_CERTIFICATE_STATUS, 2190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 16384, 2191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ok); 2192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ok) return((int)n); 2194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n < 4) 2195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* need at least status type + length */ 2197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_DECODE_ERROR; 2198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); 2199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 2200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = (unsigned char *)s->init_msg; 2202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*p++ != TLSEXT_STATUSTYPE_ocsp) 2203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_DECODE_ERROR; 2205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE); 2206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 2207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2l3(p, resplen); 2209221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (resplen + 4 != n) 2210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_DECODE_ERROR; 2212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); 2213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 2214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_resp) 2216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->tlsext_ocsp_resp); 2217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_resp = BUF_memdup(p, resplen); 2218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->tlsext_ocsp_resp) 2219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_INTERNAL_ERROR; 2221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); 2222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 2223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_resplen = resplen; 2225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->ctx->tlsext_status_cb) 2226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret; 2228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 2229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == 0) 2230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 2232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE); 2233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 2234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret < 0) 2236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project al = SSL_AD_INTERNAL_ERROR; 2238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); 2239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 2240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 2243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectf_err: 2244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,al); 2245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 2246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_get_server_done(SSL *s) 2250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok,ret=0; 2252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long n; 2253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=s->method->ssl_get_message(s, 2255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_SRVR_DONE_A, 2256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_SRVR_DONE_B, 2257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_MT_SERVER_DONE, 2258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 30, /* should be very small, like 0 :-) */ 2259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ok); 2260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ok) return((int)n); 2262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n > 0) 2263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* should contain no data */ 2265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 2266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); 2267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 2268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 2270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 2271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_send_client_key_exchange(SSL *s) 2275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p,*d; 2277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int n; 2278221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k; 2279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 2280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *q; 2281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pkey=NULL; 2282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 2284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project KSSL_ERR kssl_err; 2285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* OPENSSL_NO_KRB5 */ 2286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 2287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY *clnt_ecdh = NULL; 2288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const EC_POINT *srvr_ecpoint = NULL; 2289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *srvr_pub_pkey = NULL; 2290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *encodedPoint = NULL; 2291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int encoded_pt_len = 0; 2292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX * bn_ctx = NULL; 2293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL3_ST_CW_KEY_EXCH_A) 2296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d=(unsigned char *)s->init_buf->data; 2298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p= &(d[4]); 2299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2300221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 2301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Fool emacs indentation */ 2303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0) {} 2304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 2305221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k & SSL_kRSA) 2306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA *rsa; 2308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->sess_cert->peer_rsa_tmp != NULL) 2311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa=s->session->sess_cert->peer_rsa_tmp; 2312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 2315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((pkey == NULL) || 2316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (pkey->type != EVP_PKEY_RSA) || 2317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (pkey->pkey.rsa == NULL)) 2318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 2320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa=pkey->pkey.rsa; 2323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pkey); 2324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp_buf[0]=s->client_version>>8; 2327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp_buf[1]=s->client_version&0xff; 2328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) 2329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->master_key_length=sizeof tmp_buf; 2332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project q=p; 2334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Fix buf for TLS and beyond */ 2335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->version > SSL3_VERSION) 2336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=2; 2337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=RSA_public_encrypt(sizeof tmp_buf, 2338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp_buf,p,rsa,RSA_PKCS1_PADDING); 2339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef PKCS1_CHECK 2340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; 2341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; 2342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n <= 0) 2344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); 2346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Fix buf for TLS and beyond */ 2350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->version > SSL3_VERSION) 2351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(n,q); 2353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n+=2; 2354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->master_key_length= 2357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl3_enc->generate_master_secret(s, 2358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->master_key, 2359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp_buf,sizeof tmp_buf); 2360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); 2361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 2364221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k & SSL_kKRB5) 2365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project krb5_error_code krb5rc; 2367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project KSSL_CTX *kssl_ctx = s->kssl_ctx; 2368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* krb5_data krb5_ap_req; */ 2369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project krb5_data *enc_ticket; 2370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project krb5_data authenticator, *authp = NULL; 2371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX ciph_ctx; 2372221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const EVP_CIPHER *enc = NULL; 2373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char iv[EVP_MAX_IV_LENGTH]; 2374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 2376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project + EVP_MAX_IV_LENGTH]; 2377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int padl, outl = sizeof(epms); 2378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_init(&ciph_ctx); 2380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef KSSL_DEBUG 2382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 2383221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_k, SSL_kKRB5); 2384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* KSSL_DEBUG */ 2385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project authp = NULL; 2387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef KRB5SENDAUTH 2388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (KRB5SENDAUTH) authp = &authenticator; 2389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* KRB5SENDAUTH */ 2390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, 2392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &kssl_err); 2393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project enc = kssl_map_enc(kssl_ctx->enctype); 2394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (enc == NULL) 2395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef KSSL_DEBUG 2397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project printf("kssl_cget_tkt rtn %d\n", krb5rc); 2399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (krb5rc && kssl_err.text) 2400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); 2401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* KSSL_DEBUG */ 2403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (krb5rc) 2405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL, 2407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_AD_HANDSHAKE_FAILURE); 2408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project kssl_err.reason); 2410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 20010406 VRS - Earlier versions used KRB5 AP_REQ 2414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** in place of RFC 2712 KerberosWrapper, as in: 2415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** 2416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** Send ticket (copy to *p, set n = length) 2417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** n = krb5_ap_req.length; 2418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); 2419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** if (krb5_ap_req.data) 2420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); 2421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** 2422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** Now using real RFC 2712 KerberosWrapper 2423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) 2424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** Note: 2712 "opaque" types are here replaced 2425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** with a 2-byte length followed by the value. 2426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** Example: 2427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms 2428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** Where "xx xx" = length bytes. Shown here with 2429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** optional authenticator omitted. 2430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* KerberosWrapper.Ticket */ 2433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(enc_ticket->length,p); 2434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(p, enc_ticket->data, enc_ticket->length); 2435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+= enc_ticket->length; 2436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n = enc_ticket->length + 2; 2437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* KerberosWrapper.Authenticator */ 2439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (authp && authp->length) 2440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(authp->length,p); 2442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(p, authp->data, authp->length); 2443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+= authp->length; 2444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n+= authp->length + 2; 2445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project free(authp->data); 2447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project authp->data = NULL; 2448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project authp->length = 0; 2449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,p);/* null authenticator length */ 2453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n+=2; 2454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp_buf[0]=s->client_version>>8; 2457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp_buf[1]=s->client_version&0xff; 2458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) 2459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 20010420 VRS. Tried it this way; failed. 2462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); 2463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, 2464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** kssl_ctx->length); 2465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); 2466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(iv, 0, sizeof iv); /* per RFC 1510 */ 2469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, 2470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project kssl_ctx->key,iv); 2471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, 2472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sizeof tmp_buf); 2473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 2474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project outl += padl; 2475221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (outl > (int)sizeof epms) 2476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_cleanup(&ciph_ctx); 2481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* KerberosWrapper.EncryptedPreMasterSecret */ 2483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(outl,p); 2484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(p, epms, outl); 2485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=outl; 2486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n+=outl + 2; 2487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->master_key_length= 2489221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->method->ssl3_enc->generate_master_secret(s, 2490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->master_key, 2491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp_buf, sizeof tmp_buf); 2492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 2494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_cleanse(epms, outl); 2495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 2498221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH *dh_srvr,*dh_clnt; 2501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2502e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (s->session->sess_cert == NULL) 2503e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu { 2504e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 2505e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); 2506e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu goto err; 2507221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->sess_cert->peer_dh_tmp != NULL) 2510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh_srvr=s->session->sess_cert->peer_dh_tmp; 2511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we get them from the cert */ 2514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 2515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 2516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* generate a new random key */ 2520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) 2521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 2523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!DH_generate_key(dh_clnt)) 2526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 2528ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom DH_free(dh_clnt); 2529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* use the 'p' output buffer for the DH key, but 2533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * make sure to clear it out afterwards */ 2534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); 2536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n <= 0) 2538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 2540ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom DH_free(dh_clnt); 2541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* generate master key from the result */ 2545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->master_key_length= 2546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl3_enc->generate_master_secret(s, 2547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->master_key,p,n); 2548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* clean up */ 2549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(p,0,n); 2550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* send off the data */ 2552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=BN_num_bytes(dh_clnt->pub_key); 2553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(n,p); 2554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_bn2bin(dh_clnt->pub_key,p); 2555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n+=2; 2556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH_free(dh_clnt); 2558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* perhaps clean things up a bit EAY EAY EAY EAY*/ 2560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 2564221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) 2565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const EC_GROUP *srvr_group = NULL; 2567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY *tkey; 2568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ecdh_clnt_cert = 0; 2569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int field_size = 0; 2570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Did we send out the client's 2572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ECDH share for use in premaster 2573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * computation as part of client certificate? 2574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If so, set ecdh_clnt_cert to 1. 2575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2576221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) 2577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* XXX: For now, we do not support client 2579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * authentication using ECDH certificates. 2580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * To add such support, one needs to add 2581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * code that checks for appropriate 2582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * conditions and sets ecdh_clnt_cert to 1. 2583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * For example, the cert have an ECC 2584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * key on the same curve as the server's 2585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and the key should be authorized for 2586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * key agreement. 2587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * One also needs to add code in ssl3_connect 2589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * to skip sending the certificate verify 2590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * message. 2591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * if ((s->cert->key->privatekey != NULL) && 2593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (s->cert->key->privatekey->type == 2594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EVP_PKEY_EC) && ...) 2595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ecdh_clnt_cert = 1; 2596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->sess_cert->peer_ecdh_tmp != NULL) 2600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tkey = s->session->sess_cert->peer_ecdh_tmp; 2602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Get the Server Public Key from Cert */ 2606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project srvr_pub_pkey = X509_get_pubkey(s->session-> \ 2607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 2608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((srvr_pub_pkey == NULL) || 2609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (srvr_pub_pkey->type != EVP_PKEY_EC) || 2610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (srvr_pub_pkey->pkey.ec == NULL)) 2611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_R_INTERNAL_ERROR); 2614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tkey = srvr_pub_pkey->pkey.ec; 2618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project srvr_group = EC_KEY_get0_group(tkey); 2621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project srvr_ecpoint = EC_KEY_get0_public_key(tkey); 2622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) 2624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_R_INTERNAL_ERROR); 2627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((clnt_ecdh=EC_KEY_new()) == NULL) 2631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); 2633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) 2637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); 2639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ecdh_clnt_cert) 2642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Reuse key info from our certificate 2644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * We only need our private key to perform 2645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the ECDH computation. 2646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const BIGNUM *priv_key; 2648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tkey = s->cert->key->privatekey->pkey.ec; 2649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project priv_key = EC_KEY_get0_private_key(tkey); 2650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (priv_key == NULL) 2651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); 2653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) 2656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); 2658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Generate a new ECDH key pair */ 2664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(EC_KEY_generate_key(clnt_ecdh))) 2665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 2667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* use the 'p' output buffer for the ECDH key, but 2672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * make sure to clear it out afterwards 2673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project field_size = EC_GROUP_get_degree(srvr_group); 2676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (field_size <= 0) 2677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_R_ECDH_LIB); 2680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); 2683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n <= 0) 2684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_R_ECDH_LIB); 2687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* generate master key from the result */ 2691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->master_key_length = s->method->ssl3_enc \ 2692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project -> generate_master_secret(s, 2693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->master_key, 2694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p, n); 2695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(p, 0, n); /* clean up */ 2697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ecdh_clnt_cert) 2699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Send empty client key exch message */ 2701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n = 0; 2702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* First check the size of encoding and 2706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * allocate memory accordingly. 2707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project encoded_pt_len = 2709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_point2oct(srvr_group, 2710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY_get0_public_key(clnt_ecdh), 2711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project POINT_CONVERSION_UNCOMPRESSED, 2712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, 0, NULL); 2713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project encodedPoint = (unsigned char *) 2715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_malloc(encoded_pt_len * 2716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sizeof(unsigned char)); 2717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bn_ctx = BN_CTX_new(); 2718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((encodedPoint == NULL) || 2719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (bn_ctx == NULL)) 2720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); 2722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Encode the public key */ 2726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n = EC_POINT_point2oct(srvr_group, 2727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY_get0_public_key(clnt_ecdh), 2728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project POINT_CONVERSION_UNCOMPRESSED, 2729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project encodedPoint, encoded_pt_len, bn_ctx); 2730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *p = n; /* length of encoded point */ 2732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Encoded point will be copied here */ 2733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p += 1; 2734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* copy the point */ 2735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy((unsigned char *)p, encodedPoint, n); 2736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* increment n to account for length field */ 2737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n += 1; 2738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Free allocated memory */ 2741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(bn_ctx); 2742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 2743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (clnt_ecdh != NULL) 2744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY_free(clnt_ecdh); 2745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(srvr_pub_pkey); 2746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* !OPENSSL_NO_ECDH */ 2748221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k & SSL_kGOST) 2749221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2750221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* GOST key exchange message creation */ 2751221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_PKEY_CTX *pkey_ctx; 2752221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom X509 *peer_cert; 2753221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t msglen; 2754221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned int md_len; 2755221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int keytype; 2756221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char premaster_secret[32],shared_ukm[32], tmp[256]; 2757221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_MD_CTX *ukm_hash; 2758221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_PKEY *pub_key; 2759221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2760221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Get server sertificate PKEY and create ctx from it */ 2761221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509; 2762221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!peer_cert) 2763221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509; 2764221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!peer_cert) { 2765221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); 2766221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 2767221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2768221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2769221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL); 2770221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If we have send a certificate, and certificate key 2771221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2772221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * parameters match those of server certificate, use 2773221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * certificate key for key exchange 2774221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 2775221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2776221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Otherwise, generate ephemeral key pair */ 2777221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2778221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_PKEY_encrypt_init(pkey_ctx); 2779221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Generate session key */ 2780221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom RAND_bytes(premaster_secret,32); 2781221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If we have client certificate, use its secret as peer key */ 2782221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->tmp.cert_req && s->cert->key->privatekey) { 2783221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) { 2784221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If there was an error - just ignore it. Ephemeral key 2785221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * would be used 2786221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 2787221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ERR_clear_error(); 2788221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2789221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2790221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Compute shared IV and store it in algorithm-specific 2791221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * context data */ 2792221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ukm_hash = EVP_MD_CTX_create(); 2793221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94)); 2794221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE); 2795221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE); 2796221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); 2797221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_MD_CTX_destroy(ukm_hash); 2798221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV, 2799221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 8,shared_ukm)<0) { 2800221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2801221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_R_LIBRARY_BUG); 2802221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 2803221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2804221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Make GOST keytransport blob message */ 2805221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /*Encapsulate it into sequence */ 2806221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; 2807221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom msglen=255; 2808221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) { 2809221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2810221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_R_LIBRARY_BUG); 2811221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 2812221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2813221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (msglen >= 0x80) 2814221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2815221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(p++)=0x81; 2816221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(p++)= msglen & 0xff; 2817221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n=msglen+3; 2818221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2819221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 2820221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2821221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(p++)= msglen & 0xff; 2822221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n=msglen+2; 2823221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2824221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(p, tmp, msglen); 2825221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Check if pubkey from client certificate was used */ 2826221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) 2827221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2828221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Set flag "skip certificate verify" */ 2829221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; 2830221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2831221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_PKEY_CTX_free(pkey_ctx); 2832221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->master_key_length= 2833221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->method->ssl3_enc->generate_master_secret(s, 2834221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->master_key,premaster_secret,32); 2835221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_PKEY_free(pub_key); 2836221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2837221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2838392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 2839392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (alg_k & SSL_kSRP) 2840392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2841392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.A != NULL) 2842392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2843392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* send off the data */ 2844392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n=BN_num_bytes(s->srp_ctx.A); 2845392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(n,p); 2846392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_bn2bin(s->srp_ctx.A,p); 2847392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n+=2; 2848392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2849392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 2850392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2851392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 2852392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 2853392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2854392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->session->srp_username != NULL) 2855392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_free(s->session->srp_username); 2856392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->session->srp_username = BUF_strdup(s->srp_ctx.login); 2857392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->session->srp_username == NULL) 2858392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2859392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2860392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ERR_R_MALLOC_FAILURE); 2861392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 2862392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2863392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2864392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((s->session->master_key_length = SRP_generate_client_master_secret(s,s->session->master_key))<0) 2865392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2866392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 2867392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 2868392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2869392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2870392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2871221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 2872221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k & SSL_kPSK) 2873221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2874221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom char identity[PSK_MAX_IDENTITY_LEN]; 2875221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *t = NULL; 2876221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; 2877221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned int pre_ms_len = 0, psk_len = 0; 2878221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int psk_err = 1; 2879221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2880221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n = 0; 2881221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->psk_client_callback == NULL) 2882221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2883221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2884221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_R_PSK_NO_CLIENT_CB); 2885221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 2886221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2887221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2888221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, 2889221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom identity, PSK_MAX_IDENTITY_LEN, 2890221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom psk_or_pre_ms, sizeof(psk_or_pre_ms)); 2891221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (psk_len > PSK_MAX_PSK_LEN) 2892221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2893221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2894221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ERR_R_INTERNAL_ERROR); 2895221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto psk_err; 2896221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2897221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (psk_len == 0) 2898221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2899221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2900221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_R_PSK_IDENTITY_NOT_FOUND); 2901221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto psk_err; 2902221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2903221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2904221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* create PSK pre_master_secret */ 2905221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom pre_ms_len = 2+psk_len+2+psk_len; 2906221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom t = psk_or_pre_ms; 2907221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len); 2908221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(psk_len, t); 2909221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memset(t, 0, psk_len); 2910221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom t+=psk_len; 2911221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(psk_len, t); 2912221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2913221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->session->psk_identity_hint != NULL) 2914221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->session->psk_identity_hint); 2915221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 2916221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->psk_identity_hint != NULL && 2917221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->psk_identity_hint == NULL) 2918221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2919221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2920221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ERR_R_MALLOC_FAILURE); 2921221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto psk_err; 2922221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2923221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2924221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->session->psk_identity != NULL) 2925221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->session->psk_identity); 2926221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->psk_identity = BUF_strdup(identity); 2927221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->session->psk_identity == NULL) 2928221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2929221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2930221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ERR_R_MALLOC_FAILURE); 2931221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto psk_err; 2932221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2933221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2934221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->master_key_length = 2935221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->method->ssl3_enc->generate_master_secret(s, 2936221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->master_key, 2937221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom psk_or_pre_ms, pre_ms_len); 2938221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n = strlen(identity); 2939221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(n, p); 2940221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(p, identity, n); 2941221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n+=2; 2942221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom psk_err = 0; 2943221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom psk_err: 2944221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); 2945221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); 2946221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (psk_err != 0) 2947221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2948221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2949221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 2950221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2951221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2952221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 2953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s, SSL3_AL_FATAL, 2956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_AD_HANDSHAKE_FAILURE); 2957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_R_INTERNAL_ERROR); 2959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; 2963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l2n3(n,d); 2964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_KEY_EXCH_B; 2966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* number of bytes to write */ 2967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=n+4; 2968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_off=0; 2969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSL3_ST_CW_KEY_EXCH_B */ 2972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 2973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 2975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(bn_ctx); 2976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 2977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (clnt_ecdh != NULL) 2978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY_free(clnt_ecdh); 2979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(srvr_pub_pkey); 2980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 2982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_send_client_verify(SSL *s) 2985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p,*d; 2987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 2988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pkey; 2989221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_PKEY_CTX *pctx=NULL; 2990392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EVP_MD_CTX mctx; 2991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned u=0; 2992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long n; 2993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int j; 2994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2995392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EVP_MD_CTX_init(&mctx); 2996392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL3_ST_CW_CERT_VRFY_A) 2998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d=(unsigned char *)s->init_buf->data; 3000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p= &(d[4]); 3001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey=s->cert->key->privatekey; 3002221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom/* Create context from key and test if sha1 is allowed as digest */ 3003221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom pctx = EVP_PKEY_CTX_new(pkey,NULL); 3004221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_PKEY_sign_init(pctx); 3005221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) 3006221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3007392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (TLS1_get_version(s) < TLS1_2_VERSION) 3008392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->method->ssl3_enc->cert_verify_mac(s, 3009221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_sha1, 3010221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &(data[MD5_DIGEST_LENGTH])); 3011221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3012221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 3013221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3014221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ERR_clear_error(); 3015221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3016392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* For TLS v1.2 send signature algorithm and signature 3017392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * using agreed digest and cached handshake records. 3018392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 3019392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (TLS1_get_version(s) >= TLS1_2_VERSION) 3020392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 3021392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom long hdatalen = 0; 3022392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom void *hdata; 3023392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const EVP_MD *md = s->cert->key->digest; 3024392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, 3025392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom &hdata); 3026392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) 3027392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 3028392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 3029392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ERR_R_INTERNAL_ERROR); 3030392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 3031392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 3032392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p += 2; 3033392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef SSL_DEBUG 3034392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom fprintf(stderr, "Using TLS 1.2 with client alg %s\n", 3035392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EVP_MD_name(md)); 3036392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 3037392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!EVP_SignInit_ex(&mctx, md, NULL) 3038392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom || !EVP_SignUpdate(&mctx, hdata, hdatalen) 3039392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) 3040392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 3041392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 3042392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ERR_R_EVP_LIB); 3043392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 3044392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 3045392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(u,p); 3046392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n = u + 4; 3047392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!ssl3_digest_cached_records(s)) 3048392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 3049392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 3050392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 3051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 3052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (pkey->type == EVP_PKEY_RSA) 3053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl3_enc->cert_verify_mac(s, 3055221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_md5, 3056221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &(data[0])); 3057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (RSA_sign(NID_md5_sha1, data, 3058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 3059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 3060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); 3062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 3063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(u,p); 3065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=u+2; 3066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 3068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DSA 3070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (pkey->type == EVP_PKEY_DSA) 3071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!DSA_sign(pkey->save_type, 3073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &(data[MD5_DIGEST_LENGTH]), 3074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SHA_DIGEST_LENGTH,&(p[2]), 3075656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (unsigned int *)&j,pkey->pkey.dsa)) 3076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); 3078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 3079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(j,p); 3081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=j+2; 3082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3083656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 3084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDSA 3086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (pkey->type == EVP_PKEY_EC) 3087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ECDSA_sign(pkey->save_type, 3089656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &(data[MD5_DIGEST_LENGTH]), 3090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SHA_DIGEST_LENGTH,&(p[2]), 3091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (unsigned int *)&j,pkey->pkey.ec)) 3092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 3094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_R_ECDSA_LIB); 3095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 3096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3097656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(j,p); 3098656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=j+2; 3099656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 3101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3102221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) 3103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char signbuf[64]; 3105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int i; 3106221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t sigsize=64; 3107221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->method->ssl3_enc->cert_verify_mac(s, 3108221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NID_id_GostR3411_94, 3109221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom data); 3110221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { 3111221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 3112221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ERR_R_INTERNAL_ERROR); 3113221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 3114221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3115221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i=63,j=0; i>=0; j++, i--) { 3116221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom p[2+j]=signbuf[i]; 3117221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3118221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s2n(j,p); 3119221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom n=j+2; 3120221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3121221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 3122221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); 3124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 3125221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 3127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l2n3(n,d); 3128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CERT_VRFY_B; 3130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=(int)n+4; 3131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_off=0; 3132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3133392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EVP_MD_CTX_cleanup(&mctx); 3134221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_PKEY_CTX_free(pctx); 3135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 3136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 3137392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom EVP_MD_CTX_cleanup(&mctx); 3138221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_PKEY_CTX_free(pctx); 3139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 3140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_send_client_certificate(SSL *s) 3143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x509=NULL; 3145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pkey=NULL; 3146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 3147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long l; 3148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL3_ST_CW_CERT_A) 3150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->cert == NULL) || 3152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (s->cert->key->x509 == NULL) || 3153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (s->cert->key->privatekey == NULL)) 3154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CERT_B; 3155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 3156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CERT_C; 3157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We need to get a client cert */ 3160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL3_ST_CW_CERT_B) 3161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If we get an error, we need to 3163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 3164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * We then get retied later */ 3165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=0; 3166e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu i = ssl_do_client_cert_cb(s, &x509, &pkey); 3167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) 3168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rwstate=SSL_X509_LOOKUP; 3170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 3171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rwstate=SSL_NOTHING; 3173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((i == 1) && (pkey != NULL) && (x509 != NULL)) 3174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CERT_B; 3176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( !SSL_use_certificate(s,x509) || 3177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project !SSL_use_PrivateKey(s,pkey)) 3178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=0; 3179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (i == 1) 3181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=0; 3183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 3184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (x509 != NULL) X509_free(x509); 3187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (pkey != NULL) EVP_PKEY_free(pkey); 3188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == 0) 3189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->version == SSL3_VERSION) 3191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.cert_req=0; 3193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); 3194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 3195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 3197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.cert_req=2; 3199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Ok, we have a cert */ 3203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CERT_C; 3204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL3_ST_CW_CERT_C) 3207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_CW_CERT_D; 3209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=ssl3_output_cert_chain(s, 3210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); 3211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=(int)l; 3212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_off=0; 3213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSL3_ST_CW_CERT_D */ 3215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 3216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define has_bits(i,m) (((i)&(m)) == (m)) 3219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl3_check_cert_and_algorithm(SSL *s) 3221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i,idx; 3223221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long alg_k,alg_a; 3224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pkey=NULL; 3225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SESS_CERT *sc; 3226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 3227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA *rsa; 3228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 3230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH *dh; 3231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3233221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 3234221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_a=s->s3->tmp.new_cipher->algorithm_auth; 3235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we don't have a certificate */ 3237221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) 3238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 3239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3240221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sc=s->session->sess_cert; 3241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sc == NULL) 3242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); 3244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 3245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 3248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa=s->session->sess_cert->peer_rsa_tmp; 3249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 3251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh=s->session->sess_cert->peer_dh_tmp; 3252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* This is the passed certificate */ 3255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project idx=sc->peer_cert_type; 3257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 3258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (idx == SSL_PKEY_ECC) 3259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3260221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, 3261392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s) == 0) 3262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { /* check failed */ 3263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); 3264221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto f_err; 3265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 3267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 3269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); 3273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); 3274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pkey); 3275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check that we have a certificate if we require one */ 3278221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) 3279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); 3281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 3282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DSA 3284221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) 3285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); 3287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 3288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 3291221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((alg_k & SSL_kRSA) && 3292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) 3293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); 3295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 3296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 3299221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((alg_k & SSL_kEDH) && 3300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) 3301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); 3303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 3304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3305221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) 3306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); 3308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 3309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DSA 3311221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) 3312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); 3314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 3315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) 3320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 3322221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (alg_k & SSL_kRSA) 3323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa == NULL 3325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 3326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); 3328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 3329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 3332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 3334221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 3335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dh == NULL 3337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 3338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); 3340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 3341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 3344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 3347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto f_err; 3348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 3351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectf_err: 3352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 3353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 3354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 3355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3357392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 3358bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsenint ssl3_send_next_proto(SSL *s) 3359bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 3360bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned int len, padding_len; 3361bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned char *d; 3362bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 3363bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (s->state == SSL3_ST_CW_NEXT_PROTO_A) 3364bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 3365bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen len = s->next_proto_negotiated_len; 3366bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen padding_len = 32 - ((len + 2) % 32); 3367bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen d = (unsigned char *)s->init_buf->data; 3368bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen d[4] = len; 3369bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen memcpy(d + 5, s->next_proto_negotiated, len); 3370bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen d[5 + len] = padding_len; 3371bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen memset(d + 6 + len, 0, padding_len); 3372bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *(d++)=SSL3_MT_NEXT_PROTO; 3373bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen l2n3(2 + len + padding_len, d); 3374bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->state = SSL3_ST_CW_NEXT_PROTO_B; 3375bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->init_num = 4 + 2 + len + padding_len; 3376bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->init_off = 0; 3377bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 3378bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 3379bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return ssl3_do_write(s, SSL3_RT_HANDSHAKE); 3380392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom} 3381392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ 3382bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 3383392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* Check to see if handshake is full or resumed. Usually this is just a 3384392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * case of checking to see if a cache hit has occurred. In the case of 3385392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * session tickets we have to check the next message to be sure. 3386392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 3387392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 3388392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_TLSEXT 338998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstromint ssl3_check_finished(SSL *s) 3390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok; 3392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long n; 3393221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* If we have no ticket it cannot be a resumed session. */ 3394221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!s->session->tlsext_tick) 3395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 3396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* this function is called when we really expect a Certificate 3397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * message, so permit appropriate message length */ 3398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=s->method->ssl_get_message(s, 3399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_CERT_A, 3400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL3_ST_CR_CERT_B, 3401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project -1, 3402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->max_cert_list, 3403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ok); 3404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ok) return((int)n); 3405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.reuse_message = 1; 3406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) 3407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) 3408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 2; 3409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 3411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3413e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu 3414e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modaduguint ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) 3415e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu { 3416e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu int i = 0; 3417e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#ifndef OPENSSL_NO_ENGINE 3418e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (s->ctx->client_cert_engine) 3419e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu { 3420e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, 3421e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu SSL_get_client_CA_list(s), 3422e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu px509, ppkey, NULL, NULL, NULL); 3423e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (i != 0) 3424e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu return i; 3425e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu } 3426e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#endif 3427e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (s->ctx->client_cert_cb) 3428e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu i = s->ctx->client_cert_cb(s,px509,ppkey); 3429e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu return i; 3430e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu } 3431