X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_srvr.c;h=d6158dbc65e76c03e4e32dd5f3ac023d3ef75ca3;hb=dd9d233e2aa493fa1398b527afbf6aa5cdb23f23;hp=9cd8d7eab8f361d1beb4be9f0f9253eea05ca3f8;hpb=47134b7864fd5e31dbdbc789d9e073742ad4c3ee;p=oweals%2Fopenssl.git diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 9cd8d7eab8..d6158dbc65 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -70,6 +70,7 @@ static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); +static int ssl3_check_client_hello(SSL *s); static int ssl3_send_server_hello(SSL *s); static int ssl3_send_server_key_exchange(SSL *s); static int ssl3_send_certificate_request(SSL *s); @@ -112,7 +113,7 @@ int ssl3_accept(SSL *s) int ret= -1; int new_state,state,skip=0; - RAND_seed(&Time,sizeof(Time)); + RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); clear_sys_error(); @@ -141,6 +142,7 @@ int ssl3_accept(SSL *s) s->new_session=1; /* s->state=SSL_ST_ACCEPT; */ + case SSL3_ST_SR_MS_SGC: case SSL_ST_BEFORE: case SSL_ST_ACCEPT: case SSL_ST_BEFORE|SSL_ST_ACCEPT: @@ -184,8 +186,8 @@ int ssl3_accept(SSL *s) if (s->state != SSL_ST_RENEGOTIATE) { + if(s->state != SSL3_ST_SR_MS_SGC) ssl3_init_finished_mac(s); s->state=SSL3_ST_SR_CLNT_HELLO_A; - ssl3_init_finished_mac(s); s->ctx->stats.sess_accept++; } else @@ -268,8 +270,8 @@ int ssl3_accept(SSL *s) || (l & (SSL_DH|SSL_kFZA)) || ((l & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL - || (SSL_IS_EXPORT(l) - && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l) + || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) + && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) ) ) ) @@ -341,12 +343,18 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL3_ST_SR_KEY_EXCH_A; + /* Check for second client hello if MS SGC */ + ret = ssl3_check_client_hello(s); + if(ret <= 0) goto end; + if(ret == 2) s->state = SSL3_ST_SR_MS_SGC; + else { + /* could be sent for a DH cert, even if we + * have not asked for it :-) */ + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + s->init_num=0; + s->state=SSL3_ST_SR_KEY_EXCH_A; + } break; case SSL3_ST_SR_KEY_EXCH_A: @@ -360,10 +368,10 @@ int ssl3_accept(SSL *s) * a client cert, it can be verified */ s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst1), - &(s->s3->tmp.finish_md[0])); + &(s->s3->tmp.cert_verify_md[0])); s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst2), - &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH])); + &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); break; @@ -417,8 +425,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_FINISHED_B: ret=ssl3_send_finished(s, SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, - s->method->ssl3_enc->server_finished, - s->method->ssl3_enc->server_finished_len); + s->method->ssl3_enc->server_finished_label, + s->method->ssl3_enc->server_finished_label_len); if (ret <= 0) goto end; s->state=SSL3_ST_SW_FLUSH; if (s->hit) @@ -495,7 +503,7 @@ static int ssl3_send_hello_request(SSL *s) if (s->state == SSL3_ST_SW_HELLO_REQ_A) { p=(unsigned char *)s->init_buf->data; - *(p++)=SSL3_MT_CLIENT_REQUEST; + *(p++)=SSL3_MT_HELLO_REQUEST; *(p++)=0; *(p++)=0; *(p++)=0; @@ -510,6 +518,23 @@ static int ssl3_send_hello_request(SSL *s) return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); } +static int ssl3_check_client_hello(SSL *s) + { + int ok; + long n; + + n=ssl3_get_message(s, + SSL3_ST_SR_CERT_A, + SSL3_ST_SR_CERT_B, + -1, + SSL3_RT_MAX_PLAIN_LENGTH, + &ok); + if (!ok) return((int)n); + s->s3->tmp.reuse_message = 1; + if(s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) return 2; + return 1; +} + static int ssl3_get_client_hello(SSL *s) { int i,j,ok,al,ret= -1; @@ -791,7 +816,7 @@ static int ssl3_send_server_hello(SSL *s) p=s->s3->server_random; Time=time(NULL); /* Time */ l2n(Time,p); - RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); + RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); /* Do the message type and length last */ d=p= &(buf[4]); @@ -875,6 +900,7 @@ static int ssl3_send_server_key_exchange(SSL *s) int j,num; RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; + unsigned int u; #endif #ifndef NO_DH DH *dh,*dhp; @@ -882,7 +908,6 @@ static int ssl3_send_server_key_exchange(SSL *s) EVP_PKEY *pkey; unsigned char *p,*d; int al,i; - unsigned int u; unsigned long type; int n; CERT *cert; @@ -1267,7 +1292,7 @@ static int ssl3_get_client_key_exchange(SSL *s) { p[0]=(s->version>>8); p[1]=(s->version & 0xff); - RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2); + RAND_pseudo_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2); i=SSL_MAX_MASTER_KEY_LENGTH; } /* else, an SSLeay bug, ssl only server, tls client */ @@ -1459,7 +1484,7 @@ static int ssl3_get_cert_verify(SSL *s) #ifndef NO_RSA if (pkey->type == EVP_PKEY_RSA) { - i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md, + i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, pkey->pkey.rsa); if (i < 0) @@ -1481,7 +1506,7 @@ static int ssl3_get_cert_verify(SSL *s) if (pkey->type == EVP_PKEY_DSA) { j=DSA_verify(pkey->save_type, - &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]), + &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); if (j <= 0) {