← Back to branch summary

~sbeattie/ubuntu/oneiric/openssl/lp850608

« back to all changes in this revision

Viewing changes to ssl/d1_srvr.c

  • Committer: Bazaar Package Importer
  • Author(s): Colin Watson
  • Date: 2011-05-01 23:51:53 UTC
  • mfrom: (11.1.20 sid)
  • Revision ID: james.westby@ubuntu.com-20110501235153-bjcxitndquaezb68
Tags: 1.0.0d-2ubuntu1
https://launchpad.net/bugs/675566
* Resynchronise with Debian (LP: #675566).  Remaining changes:
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification bubble on libssl1.0.0
      upgrade.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/aesni.patch: Backport Intel AES-NI support, now from
    http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
    0.9.8 variant.
  - debian/patches/Bsymbolic-functions.patch: Link using
    -Bsymbolic-functions.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building.  Patch from Neil Williams.
    + Don't build for processors no longer supported: i486, i586 (on
      i386), v8 (on sparc).
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
* Update architectures affected by Bsymbolic-functions.patch.
* Drop debian/patches/no-sslv2.patch; Debian now adds the 'no-ssl2'
  configure option, which compiles out SSLv2 support entirely, so this is
  no longer needed.
* Drop openssl-doc in favour of the libssl-doc package introduced by
  Debian.  Add Conflicts/Replaces until the next LTS release.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ssl/d1_srvr.c
4
4
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
5
5
 */
6
6
/* ====================================================================
7
 
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 
7
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
8
8
 *
9
9
 * Redistribution and use in source and binary forms, with or without
10
10
 * modification, are permitted provided that the following conditions
121
121
#include <openssl/evp.h>
122
122
#include <openssl/x509.h>
123
123
#include <openssl/md5.h>
 
124
#include <openssl/bn.h>
124
125
#ifndef OPENSSL_NO_DH
125
126
#include <openssl/dh.h>
126
127
#endif
127
128
 
128
 
static SSL_METHOD *dtls1_get_server_method(int ver);
 
129
static const SSL_METHOD *dtls1_get_server_method(int ver);
129
130
static int dtls1_send_hello_verify_request(SSL *s);
130
131
 
131
 
static SSL_METHOD *dtls1_get_server_method(int ver)
 
132
static const SSL_METHOD *dtls1_get_server_method(int ver)
132
133
        {
133
134
        if (ver == DTLS1_VERSION)
134
135
                return(DTLSv1_server_method());
144
145
int dtls1_accept(SSL *s)
145
146
        {
146
147
        BUF_MEM *buf;
147
 
        unsigned long l,Time=(unsigned long)time(NULL);
 
148
        unsigned long Time=(unsigned long)time(NULL);
148
149
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
 
150
        unsigned long alg_k;
149
151
        int ret= -1;
150
152
        int new_state,state,skip=0;
151
153
 
290
292
                        s->state=SSL3_ST_SW_FLUSH;
291
293
                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
292
294
 
293
 
                        /* HelloVerifyRequests resets Finished MAC */
294
 
                        if (s->client_version != DTLS1_BAD_VER)
 
295
                        /* HelloVerifyRequest resets Finished MAC */
 
296
                        if (s->version != DTLS1_BAD_VER)
295
297
                                ssl3_init_finished_mac(s);
296
298
                        break;
297
299
                        
321
323
 
322
324
                case SSL3_ST_SW_CERT_A:
323
325
                case SSL3_ST_SW_CERT_B:
324
 
                        /* Check if it is anon DH */
325
 
                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
 
326
                        /* Check if it is anon DH or normal PSK */
 
327
                        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
 
328
                                && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
326
329
                                {
327
330
                                dtls1_start_timer(s);
328
331
                                ret=dtls1_send_server_certificate(s);
350
353
 
351
354
                case SSL3_ST_SW_KEY_EXCH_A:
352
355
                case SSL3_ST_SW_KEY_EXCH_B:
353
 
                        l=s->s3->tmp.new_cipher->algorithms;
 
356
                        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
354
357
 
355
358
                        /* clear this, it may get reset by
356
359
                         * send_server_key_exchange */
357
360
                        if ((s->options & SSL_OP_EPHEMERAL_RSA)
358
361
#ifndef OPENSSL_NO_KRB5
359
 
                                && !(l & SSL_KRB5)
 
362
                                && !(alg_k & SSL_kKRB5)
360
363
#endif /* OPENSSL_NO_KRB5 */
361
364
                                )
362
365
                                /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
367
370
                        else
368
371
                                s->s3->tmp.use_rsa_tmp=0;
369
372
 
370
 
                        /* only send if a DH key exchange, fortezza or
 
373
                        /* only send if a DH key exchange or
371
374
                         * RSA but we have a sign only certificate */
372
375
                        if (s->s3->tmp.use_rsa_tmp
373
 
                            || (l & (SSL_DH|SSL_kFZA))
374
 
                            || ((l & SSL_kRSA)
 
376
                        /* PSK: send ServerKeyExchange if PSK identity
 
377
                         * hint if provided */
 
378
#ifndef OPENSSL_NO_PSK
 
379
                            || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 
380
#endif
 
381
                            || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 
382
                            || (alg_k & SSL_kEECDH)
 
383
                            || ((alg_k & SSL_kRSA)
375
384
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
376
385
                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
377
386
                                        && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
402
411
                                /* never request cert in anonymous ciphersuites
403
412
                                 * (see section "Certificate request" in SSL 3 drafts
404
413
                                 * and in RFC 2246): */
405
 
                                ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
 
414
                                ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
406
415
                                 /* ... except when the application insists on verification
407
416
                                  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
408
417
                                 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
409
 
                                 /* never request cert in Kerberos ciphersuites */
410
 
                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
 
418
                                 /* never request cert in Kerberos ciphersuites */
 
419
                                (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
 
420
                                /* With normal PSK Certificates and
 
421
                                 * Certificate Requests are omitted */
 
422
                                || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
411
423
                                {
412
424
                                /* no cert request */
413
425
                                skip=1;
479
491
                        s->state=SSL3_ST_SR_CERT_VRFY_A;
480
492
                        s->init_num=0;
481
493
 
482
 
                        /* We need to get hashes here so if there is
483
 
                         * a client cert, it can be verified */ 
484
 
                        s->method->ssl3_enc->cert_verify_mac(s,
485
 
                                &(s->s3->finish_dgst1),
486
 
                                &(s->s3->tmp.cert_verify_md[0]));
487
 
                        s->method->ssl3_enc->cert_verify_mac(s,
488
 
                                &(s->s3->finish_dgst2),
489
 
                                &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
 
494
                        if (ret == 2)
 
495
                                {
 
496
                                /* For the ECDH ciphersuites when
 
497
                                 * the client sends its ECDH pub key in
 
498
                                 * a certificate, the CertificateVerify
 
499
                                 * message is not sent.
 
500
                                 */
 
501
                                s->state=SSL3_ST_SR_FINISHED_A;
 
502
                                s->init_num = 0;
 
503
                                }
 
504
                        else
 
505
                                {
 
506
                                s->state=SSL3_ST_SR_CERT_VRFY_A;
 
507
                                s->init_num=0;
490
508
 
 
509
                                /* We need to get hashes here so if there is
 
510
                                 * a client cert, it can be verified */ 
 
511
                                s->method->ssl3_enc->cert_verify_mac(s,
 
512
                                        NID_md5,
 
513
                                        &(s->s3->tmp.cert_verify_md[0]));
 
514
                                s->method->ssl3_enc->cert_verify_mac(s,
 
515
                                        NID_sha1,
 
516
                                        &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
 
517
                                }
491
518
                        break;
492
519
 
493
520
                case SSL3_ST_SR_CERT_VRFY_A:
686
713
                buf = (unsigned char *)s->init_buf->data;
687
714
 
688
715
                msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
689
 
                if (s->client_version == DTLS1_BAD_VER)
690
 
                        *(p++) = DTLS1_BAD_VER>>8,
691
 
                        *(p++) = DTLS1_BAD_VER&0xff;
692
 
                else
693
 
                        *(p++) = s->version >> 8,
694
 
                        *(p++) = s->version & 0xFF;
 
716
                *(p++) = s->version >> 8;
 
717
                *(p++) = s->version & 0xFF;
695
718
 
696
719
                if (s->ctx->app_gen_cookie_cb == NULL ||
697
720
                     s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
740
763
                /* Do the message type and length last */
741
764
                d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
742
765
 
743
 
                if (s->client_version == DTLS1_BAD_VER)
744
 
                        *(p++)=DTLS1_BAD_VER>>8,
745
 
                        *(p++)=DTLS1_BAD_VER&0xff;
746
 
                else
747
 
                        *(p++)=s->version>>8,
748
 
                        *(p++)=s->version&0xff;
 
766
                *(p++)=s->version>>8;
 
767
                *(p++)=s->version&0xff;
749
768
 
750
769
                /* Random stuff */
751
770
                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
851
870
#ifndef OPENSSL_NO_DH
852
871
        DH *dh=NULL,*dhp;
853
872
#endif
 
873
#ifndef OPENSSL_NO_ECDH
 
874
        EC_KEY *ecdh=NULL, *ecdhp;
 
875
        unsigned char *encodedPoint = NULL;
 
876
        int encodedlen = 0;
 
877
        int curve_id = 0;
 
878
        BN_CTX *bn_ctx = NULL; 
 
879
#endif
854
880
        EVP_PKEY *pkey;
855
881
        unsigned char *p,*d;
856
882
        int al,i;
865
891
        EVP_MD_CTX_init(&md_ctx);
866
892
        if (s->state == SSL3_ST_SW_KEY_EXCH_A)
867
893
                {
868
 
                type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
 
894
                type=s->s3->tmp.new_cipher->algorithm_mkey;
869
895
                cert=s->cert;
870
896
 
871
897
                buf=s->init_buf;
959
985
                        }
960
986
                else 
961
987
#endif
 
988
#ifndef OPENSSL_NO_ECDH
 
989
                        if (type & SSL_kEECDH)
 
990
                        {
 
991
                        const EC_GROUP *group;
 
992
 
 
993
                        ecdhp=cert->ecdh_tmp;
 
994
                        if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
 
995
                                {
 
996
                                ecdhp=s->cert->ecdh_tmp_cb(s,
 
997
                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
 
998
                                      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
 
999
                                }
 
1000
                        if (ecdhp == NULL)
 
1001
                                {
 
1002
                                al=SSL_AD_HANDSHAKE_FAILURE;
 
1003
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
 
1004
                                goto f_err;
 
1005
                                }
 
1006
 
 
1007
                        if (s->s3->tmp.ecdh != NULL)
 
1008
                                {
 
1009
                                EC_KEY_free(s->s3->tmp.ecdh); 
 
1010
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 
1011
                                goto err;
 
1012
                                }
 
1013
 
 
1014
                        /* Duplicate the ECDH structure. */
 
1015
                        if (ecdhp == NULL)
 
1016
                                {
 
1017
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 
1018
                                goto err;
 
1019
                                }
 
1020
                        if (!EC_KEY_up_ref(ecdhp))
 
1021
                                {
 
1022
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 
1023
                                goto err;
 
1024
                                }
 
1025
                        ecdh = ecdhp;
 
1026
 
 
1027
                        s->s3->tmp.ecdh=ecdh;
 
1028
                        if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
 
1029
                            (EC_KEY_get0_private_key(ecdh) == NULL) ||
 
1030
                            (s->options & SSL_OP_SINGLE_ECDH_USE))
 
1031
                                {
 
1032
                                if(!EC_KEY_generate_key(ecdh))
 
1033
                                    {
 
1034
                                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 
1035
                                    goto err;
 
1036
                                    }
 
1037
                                }
 
1038
 
 
1039
                        if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
 
1040
                            (EC_KEY_get0_public_key(ecdh)  == NULL) ||
 
1041
                            (EC_KEY_get0_private_key(ecdh) == NULL))
 
1042
                                {
 
1043
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 
1044
                                goto err;
 
1045
                                }
 
1046
 
 
1047
                        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
 
1048
                            (EC_GROUP_get_degree(group) > 163)) 
 
1049
                                {
 
1050
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
 
1051
                                goto err;
 
1052
                                }
 
1053
 
 
1054
                        /* XXX: For now, we only support ephemeral ECDH
 
1055
                         * keys over named (not generic) curves. For 
 
1056
                         * supported named curves, curve_id is non-zero.
 
1057
                         */
 
1058
                        if ((curve_id = 
 
1059
                            tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
 
1060
                            == 0)
 
1061
                                {
 
1062
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
 
1063
                                goto err;
 
1064
                                }
 
1065
 
 
1066
                        /* Encode the public key.
 
1067
                         * First check the size of encoding and
 
1068
                         * allocate memory accordingly.
 
1069
                         */
 
1070
                        encodedlen = EC_POINT_point2oct(group, 
 
1071
                            EC_KEY_get0_public_key(ecdh),
 
1072
                            POINT_CONVERSION_UNCOMPRESSED, 
 
1073
                            NULL, 0, NULL);
 
1074
 
 
1075
                        encodedPoint = (unsigned char *) 
 
1076
                            OPENSSL_malloc(encodedlen*sizeof(unsigned char)); 
 
1077
                        bn_ctx = BN_CTX_new();
 
1078
                        if ((encodedPoint == NULL) || (bn_ctx == NULL))
 
1079
                                {
 
1080
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
 
1081
                                goto err;
 
1082
                                }
 
1083
 
 
1084
 
 
1085
                        encodedlen = EC_POINT_point2oct(group, 
 
1086
                            EC_KEY_get0_public_key(ecdh), 
 
1087
                            POINT_CONVERSION_UNCOMPRESSED, 
 
1088
                            encodedPoint, encodedlen, bn_ctx);
 
1089
 
 
1090
                        if (encodedlen == 0) 
 
1091
                                {
 
1092
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 
1093
                                goto err;
 
1094
                                }
 
1095
 
 
1096
                        BN_CTX_free(bn_ctx);  bn_ctx=NULL;
 
1097
 
 
1098
                        /* XXX: For now, we only support named (not 
 
1099
                         * generic) curves in ECDH ephemeral key exchanges.
 
1100
                         * In this situation, we need four additional bytes
 
1101
                         * to encode the entire ServerECDHParams
 
1102
                         * structure. 
 
1103
                         */
 
1104
                        n = 4 + encodedlen;
 
1105
 
 
1106
                        /* We'll generate the serverKeyExchange message
 
1107
                         * explicitly so we can set these to NULLs
 
1108
                         */
 
1109
                        r[0]=NULL;
 
1110
                        r[1]=NULL;
 
1111
                        r[2]=NULL;
 
1112
                        r[3]=NULL;
 
1113
                        }
 
1114
                else 
 
1115
#endif /* !OPENSSL_NO_ECDH */
 
1116
#ifndef OPENSSL_NO_PSK
 
1117
                        if (type & SSL_kPSK)
 
1118
                                {
 
1119
                                /* reserve size for record length and PSK identity hint*/
 
1120
                                n+=2+strlen(s->ctx->psk_identity_hint);
 
1121
                                }
 
1122
                        else
 
1123
#endif /* !OPENSSL_NO_PSK */
962
1124
                        {
963
1125
                        al=SSL_AD_HANDSHAKE_FAILURE;
964
1126
                        SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
970
1132
                        n+=2+nr[i];
971
1133
                        }
972
1134
 
973
 
                if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
 
1135
                if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
 
1136
                        && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
974
1137
                        {
975
1138
                        if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
976
1139
                                == NULL)
1001
1164
                        p+=nr[i];
1002
1165
                        }
1003
1166
 
 
1167
#ifndef OPENSSL_NO_ECDH
 
1168
                if (type & SSL_kEECDH) 
 
1169
                        {
 
1170
                        /* XXX: For now, we only support named (not generic) curves.
 
1171
                         * In this situation, the serverKeyExchange message has:
 
1172
                         * [1 byte CurveType], [2 byte CurveName]
 
1173
                         * [1 byte length of encoded point], followed by
 
1174
                         * the actual encoded point itself
 
1175
                         */
 
1176
                        *p = NAMED_CURVE_TYPE;
 
1177
                        p += 1;
 
1178
                        *p = 0;
 
1179
                        p += 1;
 
1180
                        *p = curve_id;
 
1181
                        p += 1;
 
1182
                        *p = encodedlen;
 
1183
                        p += 1;
 
1184
                        memcpy((unsigned char*)p, 
 
1185
                            (unsigned char *)encodedPoint, 
 
1186
                            encodedlen);
 
1187
                        OPENSSL_free(encodedPoint);
 
1188
                        p += encodedlen;
 
1189
                        }
 
1190
#endif
 
1191
 
 
1192
#ifndef OPENSSL_NO_PSK
 
1193
                if (type & SSL_kPSK)
 
1194
                        {
 
1195
                        /* copy PSK identity hint */
 
1196
                        s2n(strlen(s->ctx->psk_identity_hint), p); 
 
1197
                        strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
 
1198
                        p+=strlen(s->ctx->psk_identity_hint);
 
1199
                        }
 
1200
#endif
 
1201
 
1004
1202
                /* not anonymous */
1005
1203
                if (pkey != NULL)
1006
1204
                        {
1054
1252
                                }
1055
1253
                        else
1056
1254
#endif
 
1255
#if !defined(OPENSSL_NO_ECDSA)
 
1256
                                if (pkey->type == EVP_PKEY_EC)
 
1257
                                {
 
1258
                                /* let's do ECDSA */
 
1259
                                EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
 
1260
                                EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 
1261
                                EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 
1262
                                EVP_SignUpdate(&md_ctx,&(d[4]),n);
 
1263
                                if (!EVP_SignFinal(&md_ctx,&(p[2]),
 
1264
                                        (unsigned int *)&i,pkey))
 
1265
                                        {
 
1266
                                        SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
 
1267
                                        goto err;
 
1268
                                        }
 
1269
                                s2n(i,p);
 
1270
                                n+=i+2;
 
1271
                                }
 
1272
                        else
 
1273
#endif
1057
1274
                                {
1058
1275
                                /* Is this error check actually needed? */
1059
1276
                                al=SSL_AD_HANDSHAKE_FAILURE;
1080
1297
f_err:
1081
1298
        ssl3_send_alert(s,SSL3_AL_FATAL,al);
1082
1299
err:
 
1300
#ifndef OPENSSL_NO_ECDH
 
1301
        if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
 
1302
        BN_CTX_free(bn_ctx);
 
1303
#endif
1083
1304
        EVP_MD_CTX_cleanup(&md_ctx);
1084
1305
        return(-1);
1085
1306
        }
1193
1414
        if (s->state == SSL3_ST_SW_CERT_A)
1194
1415
                {
1195
1416
                x=ssl_get_server_send_cert(s);
1196
 
                if (x == NULL &&
1197
 
                        /* VRS: allow null cert if auth == KRB5 */
1198
 
                        (s->s3->tmp.new_cipher->algorithms
1199
 
                                & (SSL_MKEY_MASK|SSL_AUTH_MASK))
1200
 
                        != (SSL_aKRB5|SSL_kKRB5))
 
1417
                if (x == NULL)
1201
1418
                        {
1202
 
                        SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
1203
 
                        return(0);
 
1419
                        /* VRS: allow null cert if auth == KRB5 */
 
1420
                        if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
 
1421
                            (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5))
 
1422
                                {
 
1423
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
 
1424
                                return(0);
 
1425
                                }
1204
1426
                        }
1205
1427
 
1206
1428
                l=dtls1_output_cert_chain(s,x);