projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| d02b48c6 | 1 | /* ssl/s2_clnt.c */ |
| 58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| d02b48c6 RE |
3 | * All rights reserved. |
| 4 | * | |
| 5 | * This package is an SSL implementation written | |
| 6 | * by Eric Young (eay@cryptsoft.com). | |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | |
| 8 | * | |
| 9 | * This library is free for commercial and non-commercial use as long as | |
| 10 | * the following conditions are aheared to. The following conditions | |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
| 13 | * included with this distribution is covered by the same copyright terms | |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
| 15 | * | |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
| 17 | * the code are not to be removed. | |
| 18 | * If this package is used in a product, Eric Young should be given attribution | |
| 19 | * as the author of the parts of the library used. | |
| 20 | * This can be in the form of a textual message at program startup or | |
| 21 | * in documentation (online or textual) provided with the package. | |
| 22 | * | |
| 23 | * Redistribution and use in source and binary forms, with or without | |
| 24 | * modification, are permitted provided that the following conditions | |
| 25 | * are met: | |
| 26 | * 1. Redistributions of source code must retain the copyright | |
| 27 | * notice, this list of conditions and the following disclaimer. | |
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | |
| 29 | * notice, this list of conditions and the following disclaimer in the | |
| 30 | * documentation and/or other materials provided with the distribution. | |
| 31 | * 3. All advertising materials mentioning features or use of this software | |
| 32 | * must display the following acknowledgement: | |
| 33 | * "This product includes cryptographic software written by | |
| 34 | * Eric Young (eay@cryptsoft.com)" | |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | |
| 36 | * being used are not cryptographic related :-). | |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
| 38 | * the apps directory (application code) you must include an acknowledgement: | |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
| 40 | * | |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
| 51 | * SUCH DAMAGE. | |
| 52 | * | |
| 53 | * The licence and distribution terms for any publically available version or | |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
| 55 | * copied and put under another distribution licence | |
| 56 | * [including the GNU Public Licence.] | |
| 57 | */ | |
| 58 | ||
| 59 | #include <stdio.h> | |
| d02b48c6 RE |
60 | #include "rand.h" |
| 61 | #include "buffer.h" | |
| 62 | #include "objects.h" | |
| 63 | #include "ssl_locl.h" | |
| 64 | #include "evp.h" | |
| 65 | ||
| 66 | #ifndef NOPROTO | |
| 67 | static int get_server_finished(SSL *s); | |
| 68 | static int get_server_verify(SSL *s); | |
| 69 | static int get_server_hello(SSL *s); | |
| 70 | static int client_hello(SSL *s); | |
| 71 | static int client_master_key(SSL *s); | |
| 72 | static int client_finished(SSL *s); | |
| 73 | static int client_certificate(SSL *s); | |
| 74 | static int ssl_rsa_public_encrypt(CERT *c, int len, unsigned char *from, | |
| 75 | unsigned char *to,int padding); | |
| 76 | #else | |
| 77 | static int get_server_finished(); | |
| 78 | static int get_server_verify(); | |
| 79 | static int get_server_hello(); | |
| 80 | static int client_hello(); | |
| 81 | static int client_master_key(); | |
| 82 | static int client_finished(); | |
| 83 | static int client_certificate(); | |
| 84 | static int ssl_rsa_public_encrypt(); | |
| 85 | #endif | |
| 86 | ||
| 87 | #define BREAK break | |
| 88 | ||
| 89 | static SSL_METHOD *ssl2_get_client_method(ver) | |
| 90 | int ver; | |
| 91 | { | |
| 58964a49 | 92 | if (ver == SSL2_VERSION) |
| d02b48c6 RE |
93 | return(SSLv2_client_method()); |
| 94 | else | |
| 95 | return(NULL); | |
| 96 | } | |
| 97 | ||
| 98 | SSL_METHOD *SSLv2_client_method() | |
| 99 | { | |
| 100 | static int init=1; | |
| 101 | static SSL_METHOD SSLv2_client_data; | |
| 102 | ||
| 103 | if (init) | |
| 104 | { | |
| 105 | init=0; | |
| 106 | memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), | |
| 107 | sizeof(SSL_METHOD)); | |
| 108 | SSLv2_client_data.ssl_connect=ssl2_connect; | |
| 109 | SSLv2_client_data.get_ssl_method=ssl2_get_client_method; | |
| 110 | } | |
| 111 | return(&SSLv2_client_data); | |
| 112 | } | |
| 113 | ||
| 114 | int ssl2_connect(s) | |
| 115 | SSL *s; | |
| 116 | { | |
| 117 | unsigned long l=time(NULL); | |
| 118 | BUF_MEM *buf=NULL; | |
| 119 | int ret= -1; | |
| 120 | void (*cb)()=NULL; | |
| 121 | int new_state,state; | |
| 122 | ||
| 123 | RAND_seed((unsigned char *)&l,sizeof(l)); | |
| 124 | ERR_clear_error(); | |
| 58964a49 | 125 | clear_sys_error(); |
| d02b48c6 RE |
126 | |
| 127 | if (s->info_callback != NULL) | |
| 128 | cb=s->info_callback; | |
| 129 | else if (s->ctx->info_callback != NULL) | |
| 130 | cb=s->ctx->info_callback; | |
| 131 | ||
| 132 | /* init things to blank */ | |
| 133 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | |
| 134 | s->in_handshake++; | |
| 135 | ||
| 136 | for (;;) | |
| 137 | { | |
| 138 | state=s->state; | |
| 139 | ||
| 140 | switch (s->state) | |
| 141 | { | |
| 142 | case SSL_ST_BEFORE: | |
| 143 | case SSL_ST_CONNECT: | |
| 144 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | |
| 145 | case SSL_ST_OK|SSL_ST_CONNECT: | |
| 146 | ||
| 147 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | |
| 148 | ||
| 58964a49 | 149 | s->version=SSL2_VERSION; |
| d02b48c6 RE |
150 | s->type=SSL_ST_CONNECT; |
| 151 | ||
| 152 | buf=s->init_buf; | |
| 153 | if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL)) | |
| 154 | { | |
| 155 | ret= -1; | |
| 156 | goto end; | |
| 157 | } | |
| 158 | if (!BUF_MEM_grow(buf, | |
| 159 | SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) | |
| 160 | { | |
| 161 | ret= -1; | |
| 162 | goto end; | |
| 163 | } | |
| 164 | s->init_buf=buf; | |
| 165 | s->init_num=0; | |
| 166 | s->state=SSL2_ST_SEND_CLIENT_HELLO_A; | |
| 167 | s->ctx->sess_connect++; | |
| 168 | s->handshake_func=ssl2_connect; | |
| 169 | BREAK; | |
| 170 | ||
| 171 | case SSL2_ST_SEND_CLIENT_HELLO_A: | |
| 172 | case SSL2_ST_SEND_CLIENT_HELLO_B: | |
| 173 | s->shutdown=0; | |
| 174 | ret=client_hello(s); | |
| 175 | if (ret <= 0) goto end; | |
| 176 | s->init_num=0; | |
| 177 | s->state=SSL2_ST_GET_SERVER_HELLO_A; | |
| 178 | BREAK; | |
| 179 | ||
| 180 | case SSL2_ST_GET_SERVER_HELLO_A: | |
| 181 | case SSL2_ST_GET_SERVER_HELLO_B: | |
| 182 | ret=get_server_hello(s); | |
| 183 | if (ret <= 0) goto end; | |
| 184 | s->init_num=0; | |
| 185 | if (!s->hit) /* new session */ | |
| 186 | { | |
| 187 | s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A; | |
| 188 | BREAK; | |
| 189 | } | |
| 190 | else | |
| 191 | { | |
| 192 | s->state=SSL2_ST_CLIENT_START_ENCRYPTION; | |
| 193 | break; | |
| 194 | } | |
| 195 | ||
| 196 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: | |
| 197 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: | |
| 198 | ret=client_master_key(s); | |
| 199 | if (ret <= 0) goto end; | |
| 200 | s->init_num=0; | |
| 201 | s->state=SSL2_ST_CLIENT_START_ENCRYPTION; | |
| 202 | break; | |
| 203 | ||
| 204 | case SSL2_ST_CLIENT_START_ENCRYPTION: | |
| 205 | /* Ok, we now have all the stuff needed to | |
| 206 | * start encrypting, so lets fire it up :-) */ | |
| 207 | if (!ssl2_enc_init(s,1)) | |
| 208 | { | |
| 209 | ret= -1; | |
| 210 | goto end; | |
| 211 | } | |
| 212 | s->s2->clear_text=0; | |
| 213 | s->state=SSL2_ST_SEND_CLIENT_FINISHED_A; | |
| 214 | break; | |
| 215 | ||
| 216 | case SSL2_ST_SEND_CLIENT_FINISHED_A: | |
| 217 | case SSL2_ST_SEND_CLIENT_FINISHED_B: | |
| 218 | ret=client_finished(s); | |
| 219 | if (ret <= 0) goto end; | |
| 220 | s->init_num=0; | |
| 221 | s->state=SSL2_ST_GET_SERVER_VERIFY_A; | |
| 222 | break; | |
| 223 | ||
| 224 | case SSL2_ST_GET_SERVER_VERIFY_A: | |
| 225 | case SSL2_ST_GET_SERVER_VERIFY_B: | |
| 226 | ret=get_server_verify(s); | |
| 227 | if (ret <= 0) goto end; | |
| 228 | s->init_num=0; | |
| 229 | s->state=SSL2_ST_GET_SERVER_FINISHED_A; | |
| 230 | break; | |
| 231 | ||
| 232 | case SSL2_ST_GET_SERVER_FINISHED_A: | |
| 233 | case SSL2_ST_GET_SERVER_FINISHED_B: | |
| 234 | ret=get_server_finished(s); | |
| 235 | if (ret <= 0) goto end; | |
| 236 | break; | |
| 237 | ||
| 238 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: | |
| 239 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: | |
| 240 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: | |
| 241 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: | |
| 242 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: | |
| 243 | ret=client_certificate(s); | |
| 244 | if (ret <= 0) goto end; | |
| 245 | s->init_num=0; | |
| 246 | s->state=SSL2_ST_GET_SERVER_FINISHED_A; | |
| 247 | break; | |
| 248 | ||
| 249 | case SSL_ST_OK: | |
| 250 | BUF_MEM_free(s->init_buf); | |
| 251 | s->init_buf=NULL; | |
| 252 | s->init_num=0; | |
| 253 | /* ERR_clear_error();*/ | |
| 254 | ||
| 255 | /* If we want to cache session-ids in the client | |
| 256 | * and we sucessfully add the session-id to the | |
| 257 | * cache, and there is a callback, then pass it out. | |
| 258 | * 26/11/96 - eay - only add if not a re-used session. | |
| 259 | */ | |
| 260 | ||
| 261 | ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); | |
| 58964a49 | 262 | if (s->hit) s->ctx->sess_hit++; |
| d02b48c6 RE |
263 | |
| 264 | ret=1; | |
| 265 | /* s->server=0; */ | |
| 266 | s->ctx->sess_connect_good++; | |
| 267 | ||
| 268 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); | |
| 269 | ||
| 270 | goto end; | |
| dfeab068 | 271 | /* break; */ |
| d02b48c6 RE |
272 | default: |
| 273 | SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE); | |
| 274 | return(-1); | |
| 275 | /* break; */ | |
| 276 | } | |
| 277 | ||
| 278 | if ((cb != NULL) && (s->state != state)) | |
| 279 | { | |
| 280 | new_state=s->state; | |
| 281 | s->state=state; | |
| 282 | cb(s,SSL_CB_CONNECT_LOOP,1); | |
| 283 | s->state=new_state; | |
| 284 | } | |
| 285 | } | |
| 286 | end: | |
| 287 | s->in_handshake--; | |
| 288 | if (cb != NULL) | |
| 289 | cb(s,SSL_CB_CONNECT_EXIT,ret); | |
| 290 | return(ret); | |
| 291 | } | |
| 292 | ||
| 293 | static int get_server_hello(s) | |
| 294 | SSL *s; | |
| 295 | { | |
| 296 | unsigned char *buf; | |
| 297 | unsigned char *p; | |
| 298 | int i,j; | |
| 58964a49 | 299 | STACK *sk=NULL,*cl; |
| d02b48c6 RE |
300 | |
| 301 | buf=(unsigned char *)s->init_buf->data; | |
| 302 | p=buf; | |
| 303 | if (s->state == SSL2_ST_GET_SERVER_HELLO_A) | |
| 304 | { | |
| 305 | i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num); | |
| 306 | if (i < (11-s->init_num)) | |
| 307 | return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); | |
| 308 | ||
| 309 | if (*(p++) != SSL2_MT_SERVER_HELLO) | |
| 310 | { | |
| 311 | if (p[-1] != SSL2_MT_ERROR) | |
| 312 | { | |
| 313 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
| 314 | SSLerr(SSL_F_GET_SERVER_HELLO, | |
| 315 | SSL_R_READ_WRONG_PACKET_TYPE); | |
| 316 | } | |
| 317 | else | |
| 318 | SSLerr(SSL_F_GET_SERVER_HELLO, | |
| 319 | SSL_R_PEER_ERROR); | |
| 320 | return(-1); | |
| 321 | } | |
| 322 | s->hit=(*(p++))?1:0; | |
| 323 | s->s2->tmp.cert_type= *(p++); | |
| 324 | n2s(p,i); | |
| 325 | if (i < s->version) s->version=i; | |
| 326 | n2s(p,i); s->s2->tmp.cert_length=i; | |
| 327 | n2s(p,i); s->s2->tmp.csl=i; | |
| 328 | n2s(p,i); s->s2->tmp.conn_id_length=i; | |
| 329 | s->state=SSL2_ST_GET_SERVER_HELLO_B; | |
| 330 | s->init_num=0; | |
| 331 | } | |
| 332 | ||
| 333 | /* SSL2_ST_GET_SERVER_HELLO_B */ | |
| 334 | j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length | |
| 335 | - s->init_num; | |
| 336 | i=ssl2_read(s,(char *)&(buf[s->init_num]),j); | |
| 337 | if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); | |
| 338 | ||
| 339 | /* things are looking good */ | |
| 340 | ||
| 341 | p=buf; | |
| 342 | if (s->hit) | |
| 343 | { | |
| 344 | if (s->s2->tmp.cert_length != 0) | |
| 345 | { | |
| 346 | SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO); | |
| 347 | return(-1); | |
| 348 | } | |
| 349 | if (s->s2->tmp.cert_type != 0) | |
| 350 | { | |
| 58964a49 | 351 | if (!(s->options & |
| d02b48c6 RE |
352 | SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)) |
| 353 | { | |
| 354 | SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO); | |
| 355 | return(-1); | |
| 356 | } | |
| 357 | } | |
| 358 | if (s->s2->tmp.csl != 0) | |
| 359 | { | |
| 360 | SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO); | |
| 361 | return(-1); | |
| 362 | } | |
| 363 | } | |
| 364 | else | |
| 365 | { | |
| 366 | #ifdef undef | |
| 367 | /* very bad */ | |
| 368 | memset(s->session->session_id,0, | |
| 369 | SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES); | |
| 370 | s->session->session_id_length=0; | |
| 371 | */ | |
| 372 | #endif | |
| 373 | ||
| 374 | /* we need to do this incase we were trying to reuse a | |
| 375 | * client session but others are already reusing it. | |
| 376 | * If this was a new 'blank' session ID, the session-id | |
| 377 | * length will still be 0 */ | |
| 378 | if (s->session->session_id_length > 0) | |
| 379 | { | |
| 380 | if (!ssl_get_new_session(s,0)) | |
| 381 | { | |
| 382 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
| 383 | return(-1); | |
| 384 | } | |
| 385 | } | |
| 386 | ||
| 387 | if (ssl2_set_certificate(s,s->s2->tmp.cert_type, | |
| 388 | s->s2->tmp.cert_length,p) <= 0) | |
| 389 | { | |
| 390 | ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); | |
| 391 | return(-1); | |
| 392 | } | |
| 393 | p+=s->s2->tmp.cert_length; | |
| 394 | ||
| 395 | if (s->s2->tmp.csl == 0) | |
| 396 | { | |
| 397 | ssl2_return_error(s,SSL2_PE_NO_CIPHER); | |
| 398 | SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST); | |
| 399 | return(-1); | |
| 400 | } | |
| 401 | ||
| 402 | /* We have just received a list of ciphers back from the | |
| 403 | * server. We need to get the ones that match, then select | |
| 404 | * the one we want the most :-). */ | |
| 405 | ||
| 406 | /* load the ciphers */ | |
| 407 | sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl, | |
| 408 | &s->session->ciphers); | |
| 409 | p+=s->s2->tmp.csl; | |
| 410 | if (sk == NULL) | |
| 411 | { | |
| 412 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
| 413 | SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); | |
| 414 | return(-1); | |
| 415 | } | |
| 416 | ||
| 417 | sk_set_cmp_func(sk,ssl_cipher_ptr_id_cmp); | |
| 418 | ||
| 419 | /* get the array of ciphers we will accept */ | |
| 420 | cl=ssl_get_ciphers_by_id(s); | |
| 421 | ||
| 422 | /* In theory we could have ciphers sent back that we | |
| 423 | * don't want to use but that does not matter since we | |
| 424 | * will check against the list we origionally sent and | |
| 425 | * for performance reasons we should not bother to match | |
| 426 | * the two lists up just to check. */ | |
| 427 | for (i=0; i<sk_num(cl); i++) | |
| 428 | { | |
| 429 | if (sk_find(sk,sk_value(cl,i)) >= 0) | |
| 430 | break; | |
| 431 | } | |
| 432 | ||
| 433 | if (i >= sk_num(cl)) | |
| 434 | { | |
| 435 | ssl2_return_error(s,SSL2_PE_NO_CIPHER); | |
| 436 | SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH); | |
| 437 | return(-1); | |
| 438 | } | |
| 439 | s->session->cipher=(SSL_CIPHER *)sk_value(cl,i); | |
| 440 | } | |
| 441 | ||
| 442 | if ((s->session != NULL) && (s->session->peer != NULL)) | |
| 443 | X509_free(s->session->peer); | |
| 444 | ||
| 445 | /* hmmm, can we have the problem of the other session with this | |
| 446 | * cert, Free's it before we increment the reference count. */ | |
| 447 | CRYPTO_w_lock(CRYPTO_LOCK_X509); | |
| 448 | s->session->peer=s->session->cert->key->x509; | |
| 58964a49 | 449 | CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509); |
| d02b48c6 RE |
450 | CRYPTO_w_unlock(CRYPTO_LOCK_X509); |
| 451 | ||
| 452 | s->s2->conn_id_length=s->s2->tmp.conn_id_length; | |
| 453 | memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); | |
| 454 | return(1); | |
| 455 | } | |
| 456 | ||
| 457 | static int client_hello(s) | |
| 458 | SSL *s; | |
| 459 | { | |
| 460 | unsigned char *buf; | |
| 461 | unsigned char *p,*d; | |
| 462 | /* CIPHER **cipher;*/ | |
| 463 | int i,n,j; | |
| 464 | ||
| 465 | buf=(unsigned char *)s->init_buf->data; | |
| 466 | if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A) | |
| 467 | { | |
| 468 | if ((s->session == NULL) || | |
| 469 | (s->session->ssl_version != s->version)) | |
| 470 | { | |
| 471 | if (!ssl_get_new_session(s,0)) | |
| 472 | { | |
| 473 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
| 474 | return(-1); | |
| 475 | } | |
| 476 | } | |
| 477 | /* else use the pre-loaded session */ | |
| 478 | ||
| 479 | p=buf; /* header */ | |
| 480 | d=p+9; /* data section */ | |
| 481 | *(p++)=SSL2_MT_CLIENT_HELLO; /* type */ | |
| 482 | s2n(SSL2_CLIENT_VERSION,p); /* version */ | |
| 483 | n=j=0; | |
| 484 | ||
| 485 | n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d); | |
| 486 | d+=n; | |
| 487 | ||
| 488 | if (n == 0) | |
| 489 | { | |
| 490 | SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); | |
| 491 | return(-1); | |
| 492 | } | |
| 493 | ||
| 494 | s2n(n,p); /* cipher spec num bytes */ | |
| 495 | ||
| 496 | if ((s->session->session_id_length > 0) && | |
| 497 | (s->session->session_id_length <= | |
| 498 | SSL2_MAX_SSL_SESSION_ID_LENGTH)) | |
| 499 | { | |
| 500 | i=s->session->session_id_length; | |
| 501 | s2n(i,p); /* session id length */ | |
| 502 | memcpy(d,s->session->session_id,(unsigned int)i); | |
| 503 | d+=i; | |
| 504 | } | |
| 505 | else | |
| 506 | { | |
| 507 | s2n(0,p); | |
| 508 | } | |
| 509 | ||
| 510 | s->s2->challenge_length=SSL2_CHALLENGE_LENGTH; | |
| 511 | s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */ | |
| 512 | /*challenge id data*/ | |
| 513 | RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH); | |
| 514 | memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH); | |
| 515 | d+=SSL2_CHALLENGE_LENGTH; | |
| 516 | ||
| 517 | s->state=SSL2_ST_SEND_CLIENT_HELLO_B; | |
| 518 | s->init_num=d-buf; | |
| 519 | s->init_off=0; | |
| 520 | } | |
| 521 | /* SSL2_ST_SEND_CLIENT_HELLO_B */ | |
| 522 | return(ssl2_do_write(s)); | |
| 523 | } | |
| 524 | ||
| 525 | static int client_master_key(s) | |
| 526 | SSL *s; | |
| 527 | { | |
| 528 | unsigned char *buf; | |
| 529 | unsigned char *p,*d; | |
| 530 | int clear,enc,karg,i; | |
| 531 | SSL_SESSION *sess; | |
| 532 | EVP_CIPHER *c; | |
| 533 | EVP_MD *md; | |
| 534 | ||
| 535 | buf=(unsigned char *)s->init_buf->data; | |
| 536 | if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A) | |
| 537 | { | |
| 538 | ||
| 539 | if (!ssl_cipher_get_evp(s->session->cipher,&c,&md)) | |
| 540 | { | |
| 541 | ssl2_return_error(s,SSL2_PE_NO_CIPHER); | |
| 542 | SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); | |
| 543 | return(-1); | |
| 544 | } | |
| 545 | sess=s->session; | |
| 546 | p=buf; | |
| 547 | d=p+10; | |
| 548 | *(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */ | |
| 549 | ||
| 550 | i=ssl_put_cipher_by_char(s,sess->cipher,p); | |
| 551 | p+=i; | |
| 552 | ||
| 553 | /* make key_arg data */ | |
| 554 | i=EVP_CIPHER_iv_length(c); | |
| 555 | sess->key_arg_length=i; | |
| 556 | if (i > 0) RAND_bytes(sess->key_arg,i); | |
| 557 | ||
| 558 | /* make a master key */ | |
| 559 | i=EVP_CIPHER_key_length(c); | |
| 560 | sess->master_key_length=i; | |
| 561 | if (i > 0) RAND_bytes(sess->master_key,i); | |
| 562 | ||
| 563 | if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) | |
| 564 | enc=8; | |
| 565 | else if (sess->cipher->algorithms & SSL_EXP) | |
| 566 | enc=5; | |
| 567 | else | |
| 568 | enc=i; | |
| 569 | ||
| 570 | if (i < enc) | |
| 571 | { | |
| 572 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
| 573 | SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR); | |
| 574 | return(-1); | |
| 575 | } | |
| 576 | clear=i-enc; | |
| 577 | s2n(clear,p); | |
| 578 | memcpy(d,sess->master_key,(unsigned int)clear); | |
| 579 | d+=clear; | |
| 580 | ||
| 581 | enc=ssl_rsa_public_encrypt(sess->cert,enc, | |
| 582 | &(sess->master_key[clear]),d, | |
| 583 | (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); | |
| 584 | if (enc <= 0) | |
| 585 | { | |
| 586 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
| 587 | SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR); | |
| 588 | return(-1); | |
| 589 | } | |
| dfeab068 RE |
590 | #ifdef PKCS1_CHECK |
| 591 | if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++; | |
| 592 | if (s->options & SSL_OP_PKCS1_CHECK_2) | |
| 593 | sess->master_key[clear]++; | |
| 594 | #endif | |
| d02b48c6 RE |
595 | s2n(enc,p); |
| 596 | d+=enc; | |
| 597 | karg=sess->key_arg_length; | |
| 598 | s2n(karg,p); /* key arg size */ | |
| 599 | memcpy(d,sess->key_arg,(unsigned int)karg); | |
| 600 | d+=karg; | |
| 601 | ||
| 602 | s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B; | |
| 603 | s->init_num=d-buf; | |
| 604 | s->init_off=0; | |
| 605 | } | |
| 606 | ||
| 607 | /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */ | |
| 608 | return(ssl2_do_write(s)); | |
| 609 | } | |
| 610 | ||
| 611 | static int client_finished(s) | |
| 612 | SSL *s; | |
| 613 | { | |
| 614 | unsigned char *p; | |
| 615 | ||
| 616 | if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) | |
| 617 | { | |
| 618 | p=(unsigned char *)s->init_buf->data; | |
| 619 | *(p++)=SSL2_MT_CLIENT_FINISHED; | |
| 620 | memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); | |
| 621 | ||
| 622 | s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; | |
| 623 | s->init_num=s->s2->conn_id_length+1; | |
| 624 | s->init_off=0; | |
| 625 | } | |
| 626 | return(ssl2_do_write(s)); | |
| 627 | } | |
| 628 | ||
| 629 | /* read the data and then respond */ | |
| 630 | static int client_certificate(s) | |
| 631 | SSL *s; | |
| 632 | { | |
| 633 | unsigned char *buf; | |
| 634 | unsigned char *p,*d; | |
| 635 | int i; | |
| 636 | unsigned int n; | |
| 637 | int cert_ch_len=0; | |
| 638 | unsigned char *cert_ch; | |
| 639 | ||
| 640 | buf=(unsigned char *)s->init_buf->data; | |
| 641 | cert_ch= &(buf[2]); | |
| 642 | ||
| 643 | /* We have a cert associated with the SSL, so attach it to | |
| 644 | * the session if it does not have one */ | |
| 645 | ||
| 646 | if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) | |
| 647 | { | |
| 648 | i=ssl2_read(s,(char *)&(buf[s->init_num]), | |
| 649 | SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num); | |
| 650 | if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num)) | |
| 651 | return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i)); | |
| 652 | ||
| 653 | /* type=buf[0]; */ | |
| 654 | /* type eq x509 */ | |
| 655 | if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) | |
| 656 | { | |
| 657 | ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE); | |
| 658 | SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE); | |
| 659 | return(-1); | |
| 660 | } | |
| 661 | cert_ch_len=i-1; | |
| 662 | ||
| 663 | if ((s->cert == NULL) || | |
| 664 | (s->cert->key->x509 == NULL) || | |
| 665 | (s->cert->key->privatekey == NULL)) | |
| 666 | { | |
| 667 | s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE; | |
| 668 | } | |
| 669 | else | |
| 670 | s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C; | |
| 671 | } | |
| 672 | ||
| 673 | if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE) | |
| 674 | { | |
| 675 | X509 *x509=NULL; | |
| 676 | EVP_PKEY *pkey=NULL; | |
| 677 | ||
| 678 | /* If we get an error we need to | |
| 679 | * ssl->rwstate=SSL_X509_LOOKUP; | |
| 680 | * return(error); | |
| 681 | * We should then be retried when things are ok and we | |
| 682 | * can get a cert or not */ | |
| 683 | ||
| 684 | i=0; | |
| 685 | if (s->ctx->client_cert_cb != NULL) | |
| 686 | { | |
| 687 | i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); | |
| 688 | } | |
| 689 | ||
| 690 | if (i < 0) | |
| 691 | { | |
| 692 | s->rwstate=SSL_X509_LOOKUP; | |
| 693 | return(-1); | |
| 694 | } | |
| 695 | s->rwstate=SSL_NOTHING; | |
| 696 | ||
| 697 | if ((i == 1) && (pkey != NULL) && (x509 != NULL)) | |
| 698 | { | |
| 699 | s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C; | |
| 700 | if ( !SSL_use_certificate(s,x509) || | |
| 701 | !SSL_use_PrivateKey(s,pkey)) | |
| 702 | { | |
| 703 | i=0; | |
| 704 | } | |
| 705 | X509_free(x509); | |
| 706 | EVP_PKEY_free(pkey); | |
| 707 | } | |
| 708 | else if (i == 1) | |
| 709 | { | |
| 710 | if (x509 != NULL) X509_free(x509); | |
| 711 | if (pkey != NULL) EVP_PKEY_free(pkey); | |
| 712 | SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); | |
| 713 | i=0; | |
| 714 | } | |
| 715 | ||
| 716 | if (i == 0) | |
| 717 | { | |
| 718 | /* We have no client certificate to respond with | |
| 719 | * so send the correct error message back */ | |
| 720 | s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B; | |
| 721 | p=buf; | |
| 722 | *(p++)=SSL2_MT_ERROR; | |
| 723 | s2n(SSL2_PE_NO_CERTIFICATE,p); | |
| 724 | s->init_off=0; | |
| 725 | s->init_num=3; | |
| 726 | /* Write is done at the end */ | |
| 727 | } | |
| 728 | } | |
| 729 | ||
| 730 | if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B) | |
| 731 | { | |
| 732 | return(ssl2_do_write(s)); | |
| 733 | } | |
| 734 | ||
| 735 | if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C) | |
| 736 | { | |
| 737 | EVP_MD_CTX ctx; | |
| 738 | ||
| 739 | /* ok, now we calculate the checksum | |
| 740 | * do it first so we can reuse buf :-) */ | |
| 741 | p=buf; | |
| 58964a49 | 742 | EVP_SignInit(&ctx,s->ctx->rsa_md5); |
| d02b48c6 RE |
743 | EVP_SignUpdate(&ctx,s->s2->key_material, |
| 744 | (unsigned int)s->s2->key_material_length); | |
| 745 | EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len); | |
| 746 | n=i2d_X509(s->session->cert->key->x509,&p); | |
| 747 | EVP_SignUpdate(&ctx,buf,(unsigned int)n); | |
| 748 | ||
| 749 | p=buf; | |
| 750 | d=p+6; | |
| 751 | *(p++)=SSL2_MT_CLIENT_CERTIFICATE; | |
| 752 | *(p++)=SSL2_CT_X509_CERTIFICATE; | |
| 753 | n=i2d_X509(s->cert->key->x509,&d); | |
| 754 | s2n(n,p); | |
| 755 | ||
| 756 | if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey)) | |
| 757 | { | |
| 758 | /* this is not good. If things have failed it | |
| 759 | * means there so something wrong with the key. | |
| 760 | * We will contiune with a 0 length signature | |
| 761 | */ | |
| 762 | } | |
| 763 | memset(&ctx,0,sizeof(ctx)); | |
| 764 | s2n(n,p); | |
| 765 | d+=n; | |
| 766 | ||
| 767 | s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D; | |
| 768 | s->init_num=d-buf; | |
| 769 | s->init_off=0; | |
| 770 | } | |
| 771 | /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */ | |
| 772 | return(ssl2_do_write(s)); | |
| 773 | } | |
| 774 | ||
| 775 | static int get_server_verify(s) | |
| 776 | SSL *s; | |
| 777 | { | |
| 778 | unsigned char *p; | |
| 779 | int i; | |
| 780 | ||
| 781 | p=(unsigned char *)s->init_buf->data; | |
| 782 | if (s->state == SSL2_ST_GET_SERVER_VERIFY_A) | |
| 783 | { | |
| 784 | i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num); | |
| 785 | if (i < (1-s->init_num)) | |
| 786 | return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); | |
| 787 | ||
| 788 | s->state= SSL2_ST_GET_SERVER_VERIFY_B; | |
| 789 | s->init_num=0; | |
| 790 | if (*p != SSL2_MT_SERVER_VERIFY) | |
| 791 | { | |
| 792 | if (p[0] != SSL2_MT_ERROR) | |
| 793 | { | |
| 794 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
| 795 | SSLerr(SSL_F_GET_SERVER_VERIFY, | |
| 796 | SSL_R_READ_WRONG_PACKET_TYPE); | |
| 797 | } | |
| 798 | else | |
| 799 | SSLerr(SSL_F_GET_SERVER_VERIFY, | |
| 800 | SSL_R_PEER_ERROR); | |
| 801 | return(-1); | |
| 802 | } | |
| 803 | } | |
| 804 | ||
| 805 | p=(unsigned char *)s->init_buf->data; | |
| 806 | i=ssl2_read(s,(char *)&(p[s->init_num]), | |
| 807 | (unsigned int)s->s2->challenge_length-s->init_num); | |
| 808 | if (i < ((int)s->s2->challenge_length-s->init_num)) | |
| 809 | return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); | |
| 810 | if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0) | |
| 811 | { | |
| 812 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
| 813 | SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT); | |
| 814 | return(-1); | |
| 815 | } | |
| 816 | return(1); | |
| 817 | } | |
| 818 | ||
| 819 | static int get_server_finished(s) | |
| 820 | SSL *s; | |
| 821 | { | |
| 822 | unsigned char *buf; | |
| 823 | unsigned char *p; | |
| 824 | int i; | |
| 825 | ||
| 826 | buf=(unsigned char *)s->init_buf->data; | |
| 827 | p=buf; | |
| 828 | if (s->state == SSL2_ST_GET_SERVER_FINISHED_A) | |
| 829 | { | |
| 830 | i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num); | |
| 831 | if (i < (1-s->init_num)) | |
| 832 | return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); | |
| 833 | s->init_num=i; | |
| 834 | if (*p == SSL2_MT_REQUEST_CERTIFICATE) | |
| 835 | { | |
| 836 | s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A; | |
| 837 | return(1); | |
| 838 | } | |
| 839 | else if (*p != SSL2_MT_SERVER_FINISHED) | |
| 840 | { | |
| 841 | if (p[0] != SSL2_MT_ERROR) | |
| 842 | { | |
| 843 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
| 844 | SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); | |
| 845 | } | |
| 846 | else | |
| 847 | SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR); | |
| 848 | return(-1); | |
| 849 | } | |
| 850 | s->state=SSL_ST_OK; | |
| 851 | s->init_num=0; | |
| 852 | } | |
| 853 | ||
| 854 | i=ssl2_read(s,(char *)&(buf[s->init_num]), | |
| 855 | SSL2_SSL_SESSION_ID_LENGTH-s->init_num); | |
| 856 | if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num)) | |
| 857 | return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); | |
| 858 | ||
| 859 | if (!s->hit) /* new session */ | |
| 860 | { | |
| 861 | /* new session-id */ | |
| 58964a49 RE |
862 | /* Make sure we were not trying to re-use an old SSL_SESSION |
| 863 | * or bad things can happen */ | |
| 864 | /* ZZZZZZZZZZZZZ */ | |
| d02b48c6 RE |
865 | s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; |
| 866 | memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH); | |
| 867 | } | |
| 868 | else | |
| 869 | { | |
| 58964a49 | 870 | if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) |
| d02b48c6 RE |
871 | { |
| 872 | if (memcmp(buf,s->session->session_id, | |
| 873 | (unsigned int)s->session->session_id_length) != 0) | |
| 874 | { | |
| 875 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
| 876 | SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); | |
| 877 | return(-1); | |
| 878 | } | |
| 879 | } | |
| 880 | } | |
| 881 | return(1); | |
| 882 | } | |
| 883 | ||
| 884 | /* loads in the certificate from the server */ | |
| 885 | int ssl2_set_certificate(s, type, len, data) | |
| 886 | SSL *s; | |
| 887 | int type; | |
| 888 | int len; | |
| 889 | unsigned char *data; | |
| 890 | { | |
| 891 | STACK *sk=NULL; | |
| 892 | EVP_PKEY *pkey=NULL; | |
| 893 | CERT *c=NULL; | |
| 894 | int i; | |
| 895 | X509 *x509=NULL; | |
| 896 | int ret=0; | |
| 897 | ||
| 898 | x509=d2i_X509(NULL,&data,(long)len); | |
| 899 | if (x509 == NULL) | |
| 900 | { | |
| 901 | SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB); | |
| 902 | goto err; | |
| 903 | } | |
| 904 | ||
| 905 | if (((sk=sk_new_null()) == NULL) || | |
| 906 | (!sk_push(sk,(char *)x509))) | |
| 907 | { | |
| 908 | SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE); | |
| 909 | goto err; | |
| 910 | } | |
| 911 | ||
| 912 | i=ssl_verify_cert_chain(s,sk); | |
| 913 | ||
| 914 | if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) | |
| 915 | { | |
| 916 | SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); | |
| 917 | goto err; | |
| 918 | } | |
| 919 | ||
| 920 | /* cert for ssl */ | |
| 921 | c=ssl_cert_new(); | |
| 922 | if (c == NULL) | |
| 923 | { | |
| 924 | ret= -1; | |
| 925 | goto err; | |
| 926 | } | |
| 927 | ||
| 928 | /* cert for session */ | |
| 929 | if (s->session->cert) ssl_cert_free(s->session->cert); | |
| 930 | s->session->cert=c; | |
| 931 | ||
| 932 | /* c->cert_type=type; */ | |
| 933 | ||
| 934 | c->pkeys[SSL_PKEY_RSA_ENC].x509=x509; | |
| 935 | c->key= &(c->pkeys[SSL_PKEY_RSA_ENC]); | |
| 936 | ||
| 937 | pkey=X509_get_pubkey(x509); | |
| 938 | x509=NULL; | |
| 939 | if (pkey == NULL) | |
| 940 | { | |
| 941 | SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY); | |
| 942 | goto err; | |
| 943 | } | |
| 944 | if (pkey->type != EVP_PKEY_RSA) | |
| 945 | { | |
| 946 | SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA); | |
| 947 | goto err; | |
| 948 | } | |
| 949 | ||
| 950 | if (!ssl_set_cert_type(c,SSL2_CT_X509_CERTIFICATE)) | |
| 951 | goto err; | |
| 952 | ret=1; | |
| 953 | err: | |
| 954 | if (sk != NULL) sk_free(sk); | |
| 955 | if (x509 != NULL) X509_free(x509); | |
| 956 | return(ret); | |
| 957 | } | |
| 958 | ||
| 959 | static int ssl_rsa_public_encrypt(c, len, from, to, padding) | |
| 960 | CERT *c; | |
| 961 | int len; | |
| 962 | unsigned char *from; | |
| 963 | unsigned char *to; | |
| 964 | int padding; | |
| 965 | { | |
| 966 | EVP_PKEY *pkey=NULL; | |
| 967 | int i= -1; | |
| 968 | ||
| 969 | if ((c == NULL) || (c->key->x509 == NULL) || | |
| 970 | ((pkey=X509_get_pubkey(c->key->x509)) == NULL)) | |
| 971 | { | |
| 972 | SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY); | |
| 973 | return(-1); | |
| 974 | } | |
| 975 | if (pkey->type != EVP_PKEY_RSA) | |
| 976 | { | |
| 977 | SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA); | |
| 978 | goto end; | |
| 979 | } | |
| 980 | ||
| 981 | /* we have the public key */ | |
| 982 | i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding); | |
| 983 | if (i < 0) | |
| 984 | SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB); | |
| 985 | end: | |
| 986 | return(i); | |
| 987 | } | |
| 988 |