summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-05-31 14:15:21 +0000
committerjsing <>2014-05-31 14:15:21 +0000
commit18c79d63e16adab1488a5c1f35dad5ba4660e553 (patch)
tree30c9d674ab928f5b0a904fe56647f1a0991ab229
parent271202bd3e03fb36da38b089fe9b5a4dfd261b6e (diff)
downloadopenbsd-18c79d63e16adab1488a5c1f35dad5ba4660e553.tar.gz
openbsd-18c79d63e16adab1488a5c1f35dad5ba4660e553.tar.bz2
openbsd-18c79d63e16adab1488a5c1f35dad5ba4660e553.zip
More KNF.
Diffstat
-rw-r--r--src/lib/libssl/d1_clnt.c225
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c225
2 files changed, 244 insertions, 206 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index fe5f1aa200..ef4a74e0af 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,7 +1,7 @@
1/* ssl/d1_clnt.c */ 1/* ssl/d1_clnt.c */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */ 5 */
6/* ==================================================================== 6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
@@ -11,7 +11,7 @@
11 * are met: 11 * are met:
12 * 12 *
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
15 * 15 *
16 * 2. Redistributions in binary form must reproduce the above copyright 16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in 17 * notice, this list of conditions and the following disclaimer in
@@ -62,21 +62,21 @@
62 * This package is an SSL implementation written 62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com). 63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL. 64 * The implementation was written so as to conform with Netscapes SSL.
65 * 65 *
66 * This library is free for commercial and non-commercial use as long as 66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions 67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA, 68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms 70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 * 72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in 73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed. 74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution 75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used. 76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or 77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package. 78 * in documentation (online or textual) provided with the package.
79 * 79 *
80 * Redistribution and use in source and binary forms, with or without 80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions 81 * modification, are permitted provided that the following conditions
82 * are met: 82 * are met:
@@ -91,10 +91,10 @@
91 * Eric Young (eay@cryptsoft.com)" 91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library 92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-). 93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from 94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement: 95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 * 97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -106,7 +106,7 @@
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE. 108 * SUCH DAMAGE.
109 * 109 *
110 * The licence and distribution terms for any publically available version or 110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be 111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence 112 * copied and put under another distribution licence
@@ -225,7 +225,8 @@ dtls1_connect(SSL *s)
225 225
226 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && 226 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
227 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) { 227 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) {
228 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); 228 SSLerr(SSL_F_DTLS1_CONNECT,
229 ERR_R_INTERNAL_ERROR);
229 ret = -1; 230 ret = -1;
230 goto end; 231 goto end;
231 } 232 }
@@ -263,7 +264,8 @@ dtls1_connect(SSL *s)
263 s->ctx->stats.sess_connect++; 264 s->ctx->stats.sess_connect++;
264 s->init_num = 0; 265 s->init_num = 0;
265 /* mark client_random uninitialized */ 266 /* mark client_random uninitialized */
266 memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); 267 memset(s->s3->client_random, 0,
268 sizeof(s->s3->client_random));
267 s->d1->send_cookie = 0; 269 s->d1->send_cookie = 0;
268 s->hit = 0; 270 s->hit = 0;
269 break; 271 break;
@@ -334,7 +336,6 @@ dtls1_connect(SSL *s)
334#ifndef OPENSSL_NO_SCTP 336#ifndef OPENSSL_NO_SCTP
335 } 337 }
336#endif 338#endif
337
338 break; 339 break;
339 340
340 case SSL3_ST_CR_SRVR_HELLO_A: 341 case SSL3_ST_CR_SRVR_HELLO_A:
@@ -349,14 +350,14 @@ dtls1_connect(SSL *s)
349 * will be ignored if no SCTP used. 350 * will be ignored if no SCTP used.
350 */ 351 */
351 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 352 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
352 DTLS1_SCTP_AUTH_LABEL); 353 DTLS1_SCTP_AUTH_LABEL);
353 354
354 SSL_export_keying_material(s, sctpauthkey, 355 SSL_export_keying_material(s, sctpauthkey,
355 sizeof(sctpauthkey), labelbuffer, 356 sizeof(sctpauthkey), labelbuffer,
356 sizeof(labelbuffer), NULL, 0, 0); 357 sizeof(labelbuffer), NULL, 0, 0);
357 358
358 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 359 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
359 sizeof(sctpauthkey), sctpauthkey); 360 sizeof(sctpauthkey), sctpauthkey);
360#endif 361#endif
361 362
362 s->state = SSL3_ST_CR_FINISHED_A; 363 s->state = SSL3_ST_CR_FINISHED_A;
@@ -448,12 +449,12 @@ dtls1_connect(SSL *s)
448 s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; 449 s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
449 s->init_num = 0; 450 s->init_num = 0;
450 451
451#ifndef OPENSSL_NO_SCTP 452#ifndef OPENSSL_NO_SCTP
452 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 453 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
453 state == SSL_ST_RENEGOTIATE) 454 state == SSL_ST_RENEGOTIATE)
454 s->state = DTLS1_SCTP_ST_CR_READ_SOCK; 455 s->state = DTLS1_SCTP_ST_CR_READ_SOCK;
455 else 456 else
456#endif 457#endif
457 s->state = s->s3->tmp.next_state; 458 s->state = s->s3->tmp.next_state;
458 break; 459 break;
459 460
@@ -535,7 +536,7 @@ dtls1_connect(SSL *s)
535 if (!s->hit) 536 if (!s->hit)
536 dtls1_start_timer(s); 537 dtls1_start_timer(s);
537 ret = dtls1_send_change_cipher_spec(s, 538 ret = dtls1_send_change_cipher_spec(s,
538 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); 539 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
539 if (ret <= 0) 540 if (ret <= 0)
540 goto end; 541 goto end;
541 542
@@ -581,9 +582,9 @@ dtls1_connect(SSL *s)
581 if (!s->hit) 582 if (!s->hit)
582 dtls1_start_timer(s); 583 dtls1_start_timer(s);
583 ret = dtls1_send_finished(s, 584 ret = dtls1_send_finished(s,
584 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, 585 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
585 s->method->ssl3_enc->client_finished_label, 586 s->method->ssl3_enc->client_finished_label,
586 s->method->ssl3_enc->client_finished_label_len); 587 s->method->ssl3_enc->client_finished_label_len);
587 if (ret <= 0) 588 if (ret <= 0)
588 goto end; 589 goto end;
589 s->state = SSL3_ST_CW_FLUSH; 590 s->state = SSL3_ST_CW_FLUSH;
@@ -606,7 +607,7 @@ dtls1_connect(SSL *s)
606 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; 607 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
607 } 608 }
608#endif 609#endif
609 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 610 s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
610 s->s3->delay_buf_pop_ret = 0; 611 s->s3->delay_buf_pop_ret = 0;
611 } 612 }
612 } else { 613 } else {
@@ -614,15 +615,17 @@ dtls1_connect(SSL *s)
614 /* Change to new shared key of SCTP-Auth, 615 /* Change to new shared key of SCTP-Auth,
615 * will be ignored if no SCTP used. 616 * will be ignored if no SCTP used.
616 */ 617 */
617 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 618 BIO_ctrl(SSL_get_wbio(s),
619 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
618#endif 620#endif
619 621
620 /* Allow NewSessionTicket if ticket expected */ 622 /* Allow NewSessionTicket if ticket expected */
621 if (s->tlsext_ticket_expected) 623 if (s->tlsext_ticket_expected)
622 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; 624 s->s3->tmp.next_state =
625 SSL3_ST_CR_SESSION_TICKET_A;
623 else 626 else
624 627 s->s3->tmp.next_state =
625 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; 628 SSL3_ST_CR_FINISHED_A;
626 } 629 }
627 s->init_num = 0; 630 s->init_num = 0;
628 break; 631 break;
@@ -661,7 +664,7 @@ dtls1_connect(SSL *s)
661 664
662#ifndef OPENSSL_NO_SCTP 665#ifndef OPENSSL_NO_SCTP
663 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 666 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
664 state == SSL_ST_RENEGOTIATE) { 667 state == SSL_ST_RENEGOTIATE) {
665 s->d1->next_state = s->state; 668 s->d1->next_state = s->state;
666 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; 669 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
667 } 670 }
@@ -786,7 +789,7 @@ dtls1_client_hello(SSL *s)
786 /* if client_random is initialized, reuse it, we are 789 /* if client_random is initialized, reuse it, we are
787 * required to use same upon reply to HelloVerify */ 790 * required to use same upon reply to HelloVerify */
788 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) 791 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
789; 792 ;
790 if (i == sizeof(s->s3->client_random)) 793 if (i == sizeof(s->s3->client_random))
791 ssl_fill_hello_random(s, 0, p, 794 ssl_fill_hello_random(s, 0, p,
792 sizeof(s->s3->client_random)); 795 sizeof(s->s3->client_random));
@@ -810,7 +813,8 @@ dtls1_client_hello(SSL *s)
810 *(p++) = i; 813 *(p++) = i;
811 if (i != 0) { 814 if (i != 0) {
812 if (i > sizeof s->session->session_id) { 815 if (i > sizeof s->session->session_id) {
813 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 816 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
817 ERR_R_INTERNAL_ERROR);
814 goto err; 818 goto err;
815 } 819 }
816 memcpy(p, s->session->session_id, i); 820 memcpy(p, s->session->session_id, i);
@@ -829,7 +833,8 @@ dtls1_client_hello(SSL *s)
829 /* Ciphers supported */ 833 /* Ciphers supported */
830 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0); 834 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
831 if (i == 0) { 835 if (i == 0) {
832 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); 836 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
837 SSL_R_NO_CIPHERS_AVAILABLE);
833 goto err; 838 goto err;
834 } 839 }
835 s2n(i, p); 840 s2n(i, p);
@@ -847,7 +852,8 @@ dtls1_client_hello(SSL *s)
847 } 852 }
848 *(p++) = 0; /* Add the NULL method */ 853 *(p++) = 0; /* Add the NULL method */
849 854
850 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 855 if ((p = ssl_add_clienthello_tlsext(s, p,
856 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
851 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 857 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
852 goto err; 858 goto err;
853 } 859 }
@@ -855,7 +861,8 @@ dtls1_client_hello(SSL *s)
855 l = (p - d); 861 l = (p - d);
856 d = buf; 862 d = buf;
857 863
858 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l); 864 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO,
865 l, 0, l);
859 866
860 s->state = SSL3_ST_CW_CLNT_HELLO_B; 867 s->state = SSL3_ST_CW_CLNT_HELLO_B;
861 /* number of bytes to write */ 868 /* number of bytes to write */
@@ -879,12 +886,8 @@ dtls1_get_hello_verify(SSL *s)
879 unsigned char *data; 886 unsigned char *data;
880 unsigned int cookie_len; 887 unsigned int cookie_len;
881 888
882 n = s->method->ssl_get_message(s, 889 n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
883 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, 890 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok);
884 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
885 -1,
886 s->max_cert_list,
887 &ok);
888 891
889 if (!ok) 892 if (!ok)
890 return ((int)n); 893 return ((int)n);
@@ -954,7 +957,8 @@ dtls1_send_client_key_exchange(SSL *s)
954 if ((pkey == NULL) || 957 if ((pkey == NULL) ||
955 (pkey->type != EVP_PKEY_RSA) || 958 (pkey->type != EVP_PKEY_RSA) ||
956 (pkey->pkey.rsa == NULL)) { 959 (pkey->pkey.rsa == NULL)) {
957 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 960 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
961 ERR_R_INTERNAL_ERROR);
958 goto err; 962 goto err;
959 } 963 }
960 rsa = pkey->pkey.rsa; 964 rsa = pkey->pkey.rsa;
@@ -973,9 +977,10 @@ dtls1_send_client_key_exchange(SSL *s)
973 if (s->version > SSL3_VERSION) 977 if (s->version > SSL3_VERSION)
974 p += 2; 978 p += 2;
975 n = RSA_public_encrypt(sizeof tmp_buf, 979 n = RSA_public_encrypt(sizeof tmp_buf,
976 tmp_buf, p, rsa, RSA_PKCS1_PADDING); 980 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
977 if (n <= 0) { 981 if (n <= 0) {
978 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); 982 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
983 SSL_R_BAD_RSA_ENCRYPT);
979 goto err; 984 goto err;
980 } 985 }
981 986
@@ -986,30 +991,33 @@ dtls1_send_client_key_exchange(SSL *s)
986 } 991 }
987 992
988 s->session->master_key_length = 993 s->session->master_key_length =
989 s->method->ssl3_enc->generate_master_secret(s, 994 s->method->ssl3_enc->generate_master_secret(s,
990 s->session->master_key, 995 s->session->master_key,
991 tmp_buf, sizeof tmp_buf); 996 tmp_buf, sizeof tmp_buf);
992 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 997 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
993 } 998 } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
994 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
995 DH *dh_srvr, *dh_clnt; 999 DH *dh_srvr, *dh_clnt;
996 1000
997 if (s->session->sess_cert->peer_dh_tmp != NULL) 1001 if (s->session->sess_cert->peer_dh_tmp != NULL)
998 dh_srvr = s->session->sess_cert->peer_dh_tmp; 1002 dh_srvr = s->session->sess_cert->peer_dh_tmp;
999 else { 1003 else {
1000 /* we get them from the cert */ 1004 /* we get them from the cert */
1001 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1005 ssl3_send_alert(s, SSL3_AL_FATAL,
1002 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 1006 SSL_AD_HANDSHAKE_FAILURE);
1007 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1008 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1003 goto err; 1009 goto err;
1004 } 1010 }
1005 1011
1006 /* generate a new random key */ 1012 /* generate a new random key */
1007 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { 1013 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
1008 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 1014 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1015 ERR_R_DH_LIB);
1009 goto err; 1016 goto err;
1010 } 1017 }
1011 if (!DH_generate_key(dh_clnt)) { 1018 if (!DH_generate_key(dh_clnt)) {
1012 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 1019 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1020 ERR_R_DH_LIB);
1013 goto err; 1021 goto err;
1014 } 1022 }
1015 1023
@@ -1019,14 +1027,15 @@ dtls1_send_client_key_exchange(SSL *s)
1019 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); 1027 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
1020 1028
1021 if (n <= 0) { 1029 if (n <= 0) {
1022 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 1030 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1031 ERR_R_DH_LIB);
1023 goto err; 1032 goto err;
1024 } 1033 }
1025 1034
1026 /* generate master key from the result */ 1035 /* generate master key from the result */
1027 s->session->master_key_length = 1036 s->session->master_key_length =
1028 s->method->ssl3_enc->generate_master_secret(s, 1037 s->method->ssl3_enc->generate_master_secret(
1029 s->session->master_key, p, n); 1038 s, s->session->master_key, p, n);
1030 /* clean up */ 1039 /* clean up */
1031 memset(p, 0, n); 1040 memset(p, 0, n);
1032 1041
@@ -1039,8 +1048,7 @@ dtls1_send_client_key_exchange(SSL *s)
1039 DH_free(dh_clnt); 1048 DH_free(dh_clnt);
1040 1049
1041 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1050 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1042 } 1051 } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
1043 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
1044 const EC_GROUP *srvr_group = NULL; 1052 const EC_GROUP *srvr_group = NULL;
1045 EC_KEY *tkey; 1053 EC_KEY *tkey;
1046 int ecdh_clnt_cert = 0; 1054 int ecdh_clnt_cert = 0;
@@ -1051,11 +1059,12 @@ dtls1_send_client_key_exchange(SSL *s)
1051 * computation as part of client certificate? 1059 * computation as part of client certificate?
1052 * If so, set ecdh_clnt_cert to 1. 1060 * If so, set ecdh_clnt_cert to 1.
1053 */ 1061 */
1054 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { 1062 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
1063 (s->cert != NULL)) {
1055 /* XXX: For now, we do not support client 1064 /* XXX: For now, we do not support client
1056 * authentication using ECDH certificates. 1065 * authentication using ECDH certificates.
1057 * To add such support, one needs to add 1066 * To add such support, one needs to add
1058 * code that checks for appropriate 1067 * code that checks for appropriate
1059 * conditions and sets ecdh_clnt_cert to 1. 1068 * conditions and sets ecdh_clnt_cert to 1.
1060 * For example, the cert have an ECC 1069 * For example, the cert have an ECC
1061 * key on the same curve as the server's 1070 * key on the same curve as the server's
@@ -1083,7 +1092,7 @@ dtls1_send_client_key_exchange(SSL *s)
1083 (srvr_pub_pkey->type != EVP_PKEY_EC) || 1092 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
1084 (srvr_pub_pkey->pkey.ec == NULL)) { 1093 (srvr_pub_pkey->pkey.ec == NULL)) {
1085 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1094 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1086 ERR_R_INTERNAL_ERROR); 1095 ERR_R_INTERNAL_ERROR);
1087 goto err; 1096 goto err;
1088 } 1097 }
1089 1098
@@ -1095,17 +1104,19 @@ dtls1_send_client_key_exchange(SSL *s)
1095 1104
1096 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { 1105 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
1097 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1106 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1098 ERR_R_INTERNAL_ERROR); 1107 ERR_R_INTERNAL_ERROR);
1099 goto err; 1108 goto err;
1100 } 1109 }
1101 1110
1102 if ((clnt_ecdh = EC_KEY_new()) == NULL) { 1111 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
1103 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1112 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1113 ERR_R_MALLOC_FAILURE);
1104 goto err; 1114 goto err;
1105 } 1115 }
1106 1116
1107 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { 1117 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
1108 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); 1118 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1119 ERR_R_EC_LIB);
1109 goto err; 1120 goto err;
1110 } 1121 }
1111 if (ecdh_clnt_cert) { 1122 if (ecdh_clnt_cert) {
@@ -1117,17 +1128,20 @@ dtls1_send_client_key_exchange(SSL *s)
1117 tkey = s->cert->key->privatekey->pkey.ec; 1128 tkey = s->cert->key->privatekey->pkey.ec;
1118 priv_key = EC_KEY_get0_private_key(tkey); 1129 priv_key = EC_KEY_get0_private_key(tkey);
1119 if (priv_key == NULL) { 1130 if (priv_key == NULL) {
1120 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1131 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1132 ERR_R_MALLOC_FAILURE);
1121 goto err; 1133 goto err;
1122 } 1134 }
1123 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { 1135 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
1124 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); 1136 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1137 ERR_R_EC_LIB);
1125 goto err; 1138 goto err;
1126 } 1139 }
1127 } else { 1140 } else {
1128 /* Generate a new ECDH key pair */ 1141 /* Generate a new ECDH key pair */
1129 if (!(EC_KEY_generate_key(clnt_ecdh))) { 1142 if (!(EC_KEY_generate_key(clnt_ecdh))) {
1130 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 1143 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1144 ERR_R_ECDH_LIB);
1131 goto err; 1145 goto err;
1132 } 1146 }
1133 } 1147 }
@@ -1139,22 +1153,20 @@ dtls1_send_client_key_exchange(SSL *s)
1139 field_size = EC_GROUP_get_degree(srvr_group); 1153 field_size = EC_GROUP_get_degree(srvr_group);
1140 if (field_size <= 0) { 1154 if (field_size <= 0) {
1141 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1155 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1142 ERR_R_ECDH_LIB); 1156 ERR_R_ECDH_LIB);
1143 goto err; 1157 goto err;
1144 } 1158 }
1145 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); 1159 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL);
1146 if (n <= 0) { 1160 if (n <= 0) {
1147 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1161 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1148 ERR_R_ECDH_LIB); 1162 ERR_R_ECDH_LIB);
1149 goto err; 1163 goto err;
1150 } 1164 }
1151 1165
1152 /* generate master key from the result */ 1166 /* generate master key from the result */
1153 s->session->master_key_length = s->method->ssl3_enc \ 1167 s->session->master_key_length =
1154 -> generate_master_secret(s, 1168 s->method->ssl3_enc->generate_master_secret(
1155 s->session->master_key, 1169 s, s->session->master_key, p, n);
1156 p, n);
1157
1158 memset(p, 0, n); /* clean up */ 1170 memset(p, 0, n); /* clean up */
1159 1171
1160 if (ecdh_clnt_cert) { 1172 if (ecdh_clnt_cert) {
@@ -1164,26 +1176,26 @@ dtls1_send_client_key_exchange(SSL *s)
1164 /* First check the size of encoding and 1176 /* First check the size of encoding and
1165 * allocate memory accordingly. 1177 * allocate memory accordingly.
1166 */ 1178 */
1167 encoded_pt_len = 1179 encoded_pt_len = EC_POINT_point2oct(srvr_group,
1168 EC_POINT_point2oct(srvr_group, 1180 EC_KEY_get0_public_key(clnt_ecdh),
1169 EC_KEY_get0_public_key(clnt_ecdh), 1181 POINT_CONVERSION_UNCOMPRESSED,
1170 POINT_CONVERSION_UNCOMPRESSED, 1182 NULL, 0, NULL);
1171 NULL, 0, NULL);
1172 1183
1173 encodedPoint = malloc(encoded_pt_len); 1184 encodedPoint = malloc(encoded_pt_len);
1174 1185
1175 bn_ctx = BN_CTX_new(); 1186 bn_ctx = BN_CTX_new();
1176 if ((encodedPoint == NULL) || 1187 if ((encodedPoint == NULL) ||
1177 (bn_ctx == NULL)) { 1188 (bn_ctx == NULL)) {
1178 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1189 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1190 ERR_R_MALLOC_FAILURE);
1179 goto err; 1191 goto err;
1180 } 1192 }
1181 1193
1182 /* Encode the public key */ 1194 /* Encode the public key */
1183 n = EC_POINT_point2oct(srvr_group, 1195 n = EC_POINT_point2oct(srvr_group,
1184 EC_KEY_get0_public_key(clnt_ecdh), 1196 EC_KEY_get0_public_key(clnt_ecdh),
1185 POINT_CONVERSION_UNCOMPRESSED, 1197 POINT_CONVERSION_UNCOMPRESSED,
1186 encodedPoint, encoded_pt_len, bn_ctx); 1198 encodedPoint, encoded_pt_len, bn_ctx);
1187 1199
1188 *p = n; /* length of encoded point */ 1200 *p = n; /* length of encoded point */
1189 /* Encoded point will be copied here */ 1201 /* Encoded point will be copied here */
@@ -1215,7 +1227,7 @@ dtls1_send_client_key_exchange(SSL *s)
1215 n = 0; 1227 n = 0;
1216 if (s->psk_client_callback == NULL) { 1228 if (s->psk_client_callback == NULL) {
1217 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1229 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1218 SSL_R_PSK_NO_CLIENT_CB); 1230 SSL_R_PSK_NO_CLIENT_CB);
1219 goto err; 1231 goto err;
1220 } 1232 }
1221 1233
@@ -1236,7 +1248,8 @@ dtls1_send_client_key_exchange(SSL *s)
1236 /* create PSK pre_master_secret */ 1248 /* create PSK pre_master_secret */
1237 pre_ms_len = 2 + psk_len + 2 + psk_len; 1249 pre_ms_len = 2 + psk_len + 2 + psk_len;
1238 t = psk_or_pre_ms; 1250 t = psk_or_pre_ms;
1239 memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len); 1251 memmove(psk_or_pre_ms + psk_len + 4,
1252 psk_or_pre_ms, psk_len);
1240 s2n(psk_len, t); 1253 s2n(psk_len, t);
1241 memset(t, 0, psk_len); 1254 memset(t, 0, psk_len);
1242 t += psk_len; 1255 t += psk_len;
@@ -1246,9 +1259,9 @@ dtls1_send_client_key_exchange(SSL *s)
1246 s->session->psk_identity_hint = 1259 s->session->psk_identity_hint =
1247 BUF_strdup(s->ctx->psk_identity_hint); 1260 BUF_strdup(s->ctx->psk_identity_hint);
1248 if (s->ctx->psk_identity_hint != NULL && 1261 if (s->ctx->psk_identity_hint != NULL &&
1249 s->session->psk_identity_hint == NULL) { 1262 s->session->psk_identity_hint == NULL) {
1250 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1263 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1251 ERR_R_MALLOC_FAILURE); 1264 ERR_R_MALLOC_FAILURE);
1252 goto psk_err; 1265 goto psk_err;
1253 } 1266 }
1254 1267
@@ -1256,14 +1269,14 @@ dtls1_send_client_key_exchange(SSL *s)
1256 s->session->psk_identity = BUF_strdup(identity); 1269 s->session->psk_identity = BUF_strdup(identity);
1257 if (s->session->psk_identity == NULL) { 1270 if (s->session->psk_identity == NULL) {
1258 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1271 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1259 ERR_R_MALLOC_FAILURE); 1272 ERR_R_MALLOC_FAILURE);
1260 goto psk_err; 1273 goto psk_err;
1261 } 1274 }
1262 1275
1263 s->session->master_key_length = 1276 s->session->master_key_length =
1264 s->method->ssl3_enc->generate_master_secret(s, 1277 s->method->ssl3_enc->generate_master_secret(s,
1265 s->session->master_key, 1278 s->session->master_key,
1266 psk_or_pre_ms, pre_ms_len); 1279 psk_or_pre_ms, pre_ms_len);
1267 1280
1268 n = strlen(identity); 1281 n = strlen(identity);
1269 s2n(n, p); 1282 s2n(n, p);
@@ -1274,14 +1287,17 @@ psk_err:
1274 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); 1287 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
1275 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); 1288 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
1276 if (psk_err != 0) { 1289 if (psk_err != 0) {
1277 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1290 ssl3_send_alert(s, SSL3_AL_FATAL,
1291 SSL_AD_HANDSHAKE_FAILURE);
1278 goto err; 1292 goto err;
1279 } 1293 }
1280 } 1294 }
1281#endif 1295#endif
1282 else { 1296 else {
1283 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1297 ssl3_send_alert(s, SSL3_AL_FATAL,
1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1298 SSL_AD_HANDSHAKE_FAILURE);
1299 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1300 ERR_R_INTERNAL_ERROR);
1285 goto err; 1301 goto err;
1286 } 1302 }
1287 1303
@@ -1338,42 +1354,42 @@ dtls1_send_client_verify(SSL *s)
1338 if (RSA_sign(NID_md5_sha1, data, 1354 if (RSA_sign(NID_md5_sha1, data,
1339 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, 1355 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
1340 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { 1356 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
1341 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); 1357 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1358 ERR_R_RSA_LIB);
1342 goto err; 1359 goto err;
1343 } 1360 }
1344 s2n(u, p); 1361 s2n(u, p);
1345 n = u + 2; 1362 n = u + 2;
1346 } else 1363 } else if (pkey->type == EVP_PKEY_DSA) {
1347 if (pkey->type == EVP_PKEY_DSA) {
1348 if (!DSA_sign(pkey->save_type, 1364 if (!DSA_sign(pkey->save_type,
1349 &(data[MD5_DIGEST_LENGTH]), 1365 &(data[MD5_DIGEST_LENGTH]),
1350 SHA_DIGEST_LENGTH, &(p[2]), 1366 SHA_DIGEST_LENGTH, &(p[2]),
1351 (unsigned int *)&j, pkey->pkey.dsa)) { 1367 (unsigned int *)&j, pkey->pkey.dsa)) {
1352 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); 1368 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1369 ERR_R_DSA_LIB);
1353 goto err; 1370 goto err;
1354 } 1371 }
1355 s2n(j, p); 1372 s2n(j, p);
1356 n = j + 2; 1373 n = j + 2;
1357 } else 1374 } else if (pkey->type == EVP_PKEY_EC) {
1358 if (pkey->type == EVP_PKEY_EC) {
1359 if (!ECDSA_sign(pkey->save_type, 1375 if (!ECDSA_sign(pkey->save_type,
1360 &(data[MD5_DIGEST_LENGTH]), 1376 &(data[MD5_DIGEST_LENGTH]),
1361 SHA_DIGEST_LENGTH, &(p[2]), 1377 SHA_DIGEST_LENGTH, &(p[2]),
1362 (unsigned int *)&j, pkey->pkey.ec)) { 1378 (unsigned int *)&j, pkey->pkey.ec)) {
1363 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, 1379 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1364 ERR_R_ECDSA_LIB); 1380 ERR_R_ECDSA_LIB);
1365 goto err; 1381 goto err;
1366 } 1382 }
1367 s2n(j, p); 1383 s2n(j, p);
1368 n = j + 2; 1384 n = j + 2;
1369 } else 1385 } else {
1370 { 1386 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1371 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); 1387 ERR_R_INTERNAL_ERROR);
1372 goto err; 1388 goto err;
1373 } 1389 }
1374 1390
1375 d = dtls1_set_message_header(s, d, 1391 d = dtls1_set_message_header(s, d,
1376 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n); 1392 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
1377 1393
1378 s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH; 1394 s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
1379 s->init_off = 0; 1395 s->init_off = 0;
@@ -1425,7 +1441,8 @@ dtls1_send_client_certificate(SSL *s)
1425 i = 0; 1441 i = 0;
1426 } else if (i == 1) { 1442 } else if (i == 1) {
1427 i = 0; 1443 i = 0;
1428 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 1444 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
1445 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1429 } 1446 }
1430 1447
1431 if (x509 != NULL) 1448 if (x509 != NULL)
@@ -1435,7 +1452,8 @@ dtls1_send_client_certificate(SSL *s)
1435 if (i == 0) { 1452 if (i == 0) {
1436 if (s->version == SSL3_VERSION) { 1453 if (s->version == SSL3_VERSION) {
1437 s->s3->tmp.cert_req = 0; 1454 s->s3->tmp.cert_req = 0;
1438 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); 1455 ssl3_send_alert(s, SSL3_AL_WARNING,
1456 SSL_AD_NO_CERTIFICATE);
1439 return (1); 1457 return (1);
1440 } else { 1458 } else {
1441 s->s3->tmp.cert_req = 2; 1459 s->s3->tmp.cert_req = 2;
@@ -1458,6 +1476,7 @@ dtls1_send_client_certificate(SSL *s)
1458 /* buffer the message to handle re-xmits */ 1476 /* buffer the message to handle re-xmits */
1459 dtls1_buffer_message(s, 0); 1477 dtls1_buffer_message(s, 0);
1460 } 1478 }
1479
1461 /* SSL3_ST_CW_CERT_D */ 1480 /* SSL3_ST_CW_CERT_D */
1462 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1481 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1463} 1482}
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index fe5f1aa200..ef4a74e0af 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,7 +1,7 @@
1/* ssl/d1_clnt.c */ 1/* ssl/d1_clnt.c */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */ 5 */
6/* ==================================================================== 6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
@@ -11,7 +11,7 @@
11 * are met: 11 * are met:
12 * 12 *
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
15 * 15 *
16 * 2. Redistributions in binary form must reproduce the above copyright 16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in 17 * notice, this list of conditions and the following disclaimer in
@@ -62,21 +62,21 @@
62 * This package is an SSL implementation written 62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com). 63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL. 64 * The implementation was written so as to conform with Netscapes SSL.
65 * 65 *
66 * This library is free for commercial and non-commercial use as long as 66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions 67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA, 68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms 70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 * 72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in 73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed. 74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution 75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used. 76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or 77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package. 78 * in documentation (online or textual) provided with the package.
79 * 79 *
80 * Redistribution and use in source and binary forms, with or without 80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions 81 * modification, are permitted provided that the following conditions
82 * are met: 82 * are met:
@@ -91,10 +91,10 @@
91 * Eric Young (eay@cryptsoft.com)" 91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library 92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-). 93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from 94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement: 95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 * 97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -106,7 +106,7 @@
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE. 108 * SUCH DAMAGE.
109 * 109 *
110 * The licence and distribution terms for any publically available version or 110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be 111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence 112 * copied and put under another distribution licence
@@ -225,7 +225,8 @@ dtls1_connect(SSL *s)
225 225
226 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && 226 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
227 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) { 227 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) {
228 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); 228 SSLerr(SSL_F_DTLS1_CONNECT,
229 ERR_R_INTERNAL_ERROR);
229 ret = -1; 230 ret = -1;
230 goto end; 231 goto end;
231 } 232 }
@@ -263,7 +264,8 @@ dtls1_connect(SSL *s)
263 s->ctx->stats.sess_connect++; 264 s->ctx->stats.sess_connect++;
264 s->init_num = 0; 265 s->init_num = 0;
265 /* mark client_random uninitialized */ 266 /* mark client_random uninitialized */
266 memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); 267 memset(s->s3->client_random, 0,
268 sizeof(s->s3->client_random));
267 s->d1->send_cookie = 0; 269 s->d1->send_cookie = 0;
268 s->hit = 0; 270 s->hit = 0;
269 break; 271 break;
@@ -334,7 +336,6 @@ dtls1_connect(SSL *s)
334#ifndef OPENSSL_NO_SCTP 336#ifndef OPENSSL_NO_SCTP
335 } 337 }
336#endif 338#endif
337
338 break; 339 break;
339 340
340 case SSL3_ST_CR_SRVR_HELLO_A: 341 case SSL3_ST_CR_SRVR_HELLO_A:
@@ -349,14 +350,14 @@ dtls1_connect(SSL *s)
349 * will be ignored if no SCTP used. 350 * will be ignored if no SCTP used.
350 */ 351 */
351 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 352 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
352 DTLS1_SCTP_AUTH_LABEL); 353 DTLS1_SCTP_AUTH_LABEL);
353 354
354 SSL_export_keying_material(s, sctpauthkey, 355 SSL_export_keying_material(s, sctpauthkey,
355 sizeof(sctpauthkey), labelbuffer, 356 sizeof(sctpauthkey), labelbuffer,
356 sizeof(labelbuffer), NULL, 0, 0); 357 sizeof(labelbuffer), NULL, 0, 0);
357 358
358 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 359 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
359 sizeof(sctpauthkey), sctpauthkey); 360 sizeof(sctpauthkey), sctpauthkey);
360#endif 361#endif
361 362
362 s->state = SSL3_ST_CR_FINISHED_A; 363 s->state = SSL3_ST_CR_FINISHED_A;
@@ -448,12 +449,12 @@ dtls1_connect(SSL *s)
448 s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; 449 s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
449 s->init_num = 0; 450 s->init_num = 0;
450 451
451#ifndef OPENSSL_NO_SCTP 452#ifndef OPENSSL_NO_SCTP
452 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 453 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
453 state == SSL_ST_RENEGOTIATE) 454 state == SSL_ST_RENEGOTIATE)
454 s->state = DTLS1_SCTP_ST_CR_READ_SOCK; 455 s->state = DTLS1_SCTP_ST_CR_READ_SOCK;
455 else 456 else
456#endif 457#endif
457 s->state = s->s3->tmp.next_state; 458 s->state = s->s3->tmp.next_state;
458 break; 459 break;
459 460
@@ -535,7 +536,7 @@ dtls1_connect(SSL *s)
535 if (!s->hit) 536 if (!s->hit)
536 dtls1_start_timer(s); 537 dtls1_start_timer(s);
537 ret = dtls1_send_change_cipher_spec(s, 538 ret = dtls1_send_change_cipher_spec(s,
538 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); 539 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
539 if (ret <= 0) 540 if (ret <= 0)
540 goto end; 541 goto end;
541 542
@@ -581,9 +582,9 @@ dtls1_connect(SSL *s)
581 if (!s->hit) 582 if (!s->hit)
582 dtls1_start_timer(s); 583 dtls1_start_timer(s);
583 ret = dtls1_send_finished(s, 584 ret = dtls1_send_finished(s,
584 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, 585 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
585 s->method->ssl3_enc->client_finished_label, 586 s->method->ssl3_enc->client_finished_label,
586 s->method->ssl3_enc->client_finished_label_len); 587 s->method->ssl3_enc->client_finished_label_len);
587 if (ret <= 0) 588 if (ret <= 0)
588 goto end; 589 goto end;
589 s->state = SSL3_ST_CW_FLUSH; 590 s->state = SSL3_ST_CW_FLUSH;
@@ -606,7 +607,7 @@ dtls1_connect(SSL *s)
606 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; 607 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
607 } 608 }
608#endif 609#endif
609 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 610 s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
610 s->s3->delay_buf_pop_ret = 0; 611 s->s3->delay_buf_pop_ret = 0;
611 } 612 }
612 } else { 613 } else {
@@ -614,15 +615,17 @@ dtls1_connect(SSL *s)
614 /* Change to new shared key of SCTP-Auth, 615 /* Change to new shared key of SCTP-Auth,
615 * will be ignored if no SCTP used. 616 * will be ignored if no SCTP used.
616 */ 617 */
617 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 618 BIO_ctrl(SSL_get_wbio(s),
619 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
618#endif 620#endif
619 621
620 /* Allow NewSessionTicket if ticket expected */ 622 /* Allow NewSessionTicket if ticket expected */
621 if (s->tlsext_ticket_expected) 623 if (s->tlsext_ticket_expected)
622 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; 624 s->s3->tmp.next_state =
625 SSL3_ST_CR_SESSION_TICKET_A;
623 else 626 else
624 627 s->s3->tmp.next_state =
625 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; 628 SSL3_ST_CR_FINISHED_A;
626 } 629 }
627 s->init_num = 0; 630 s->init_num = 0;
628 break; 631 break;
@@ -661,7 +664,7 @@ dtls1_connect(SSL *s)
661 664
662#ifndef OPENSSL_NO_SCTP 665#ifndef OPENSSL_NO_SCTP
663 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 666 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
664 state == SSL_ST_RENEGOTIATE) { 667 state == SSL_ST_RENEGOTIATE) {
665 s->d1->next_state = s->state; 668 s->d1->next_state = s->state;
666 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; 669 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
667 } 670 }
@@ -786,7 +789,7 @@ dtls1_client_hello(SSL *s)
786 /* if client_random is initialized, reuse it, we are 789 /* if client_random is initialized, reuse it, we are
787 * required to use same upon reply to HelloVerify */ 790 * required to use same upon reply to HelloVerify */
788 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) 791 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
789; 792 ;
790 if (i == sizeof(s->s3->client_random)) 793 if (i == sizeof(s->s3->client_random))
791 ssl_fill_hello_random(s, 0, p, 794 ssl_fill_hello_random(s, 0, p,
792 sizeof(s->s3->client_random)); 795 sizeof(s->s3->client_random));
@@ -810,7 +813,8 @@ dtls1_client_hello(SSL *s)
810 *(p++) = i; 813 *(p++) = i;
811 if (i != 0) { 814 if (i != 0) {
812 if (i > sizeof s->session->session_id) { 815 if (i > sizeof s->session->session_id) {
813 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 816 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
817 ERR_R_INTERNAL_ERROR);
814 goto err; 818 goto err;
815 } 819 }
816 memcpy(p, s->session->session_id, i); 820 memcpy(p, s->session->session_id, i);
@@ -829,7 +833,8 @@ dtls1_client_hello(SSL *s)
829 /* Ciphers supported */ 833 /* Ciphers supported */
830 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0); 834 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
831 if (i == 0) { 835 if (i == 0) {
832 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); 836 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
837 SSL_R_NO_CIPHERS_AVAILABLE);
833 goto err; 838 goto err;
834 } 839 }
835 s2n(i, p); 840 s2n(i, p);
@@ -847,7 +852,8 @@ dtls1_client_hello(SSL *s)
847 } 852 }
848 *(p++) = 0; /* Add the NULL method */ 853 *(p++) = 0; /* Add the NULL method */
849 854
850 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 855 if ((p = ssl_add_clienthello_tlsext(s, p,
856 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
851 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 857 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
852 goto err; 858 goto err;
853 } 859 }
@@ -855,7 +861,8 @@ dtls1_client_hello(SSL *s)
855 l = (p - d); 861 l = (p - d);
856 d = buf; 862 d = buf;
857 863
858 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l); 864 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO,
865 l, 0, l);
859 866
860 s->state = SSL3_ST_CW_CLNT_HELLO_B; 867 s->state = SSL3_ST_CW_CLNT_HELLO_B;
861 /* number of bytes to write */ 868 /* number of bytes to write */
@@ -879,12 +886,8 @@ dtls1_get_hello_verify(SSL *s)
879 unsigned char *data; 886 unsigned char *data;
880 unsigned int cookie_len; 887 unsigned int cookie_len;
881 888
882 n = s->method->ssl_get_message(s, 889 n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
883 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, 890 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok);
884 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
885 -1,
886 s->max_cert_list,
887 &ok);
888 891
889 if (!ok) 892 if (!ok)
890 return ((int)n); 893 return ((int)n);
@@ -954,7 +957,8 @@ dtls1_send_client_key_exchange(SSL *s)
954 if ((pkey == NULL) || 957 if ((pkey == NULL) ||
955 (pkey->type != EVP_PKEY_RSA) || 958 (pkey->type != EVP_PKEY_RSA) ||
956 (pkey->pkey.rsa == NULL)) { 959 (pkey->pkey.rsa == NULL)) {
957 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 960 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
961 ERR_R_INTERNAL_ERROR);
958 goto err; 962 goto err;
959 } 963 }
960 rsa = pkey->pkey.rsa; 964 rsa = pkey->pkey.rsa;
@@ -973,9 +977,10 @@ dtls1_send_client_key_exchange(SSL *s)
973 if (s->version > SSL3_VERSION) 977 if (s->version > SSL3_VERSION)
974 p += 2; 978 p += 2;
975 n = RSA_public_encrypt(sizeof tmp_buf, 979 n = RSA_public_encrypt(sizeof tmp_buf,
976 tmp_buf, p, rsa, RSA_PKCS1_PADDING); 980 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
977 if (n <= 0) { 981 if (n <= 0) {
978 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); 982 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
983 SSL_R_BAD_RSA_ENCRYPT);
979 goto err; 984 goto err;
980 } 985 }
981 986
@@ -986,30 +991,33 @@ dtls1_send_client_key_exchange(SSL *s)
986 } 991 }
987 992
988 s->session->master_key_length = 993 s->session->master_key_length =
989 s->method->ssl3_enc->generate_master_secret(s, 994 s->method->ssl3_enc->generate_master_secret(s,
990 s->session->master_key, 995 s->session->master_key,
991 tmp_buf, sizeof tmp_buf); 996 tmp_buf, sizeof tmp_buf);
992 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 997 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
993 } 998 } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
994 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
995 DH *dh_srvr, *dh_clnt; 999 DH *dh_srvr, *dh_clnt;
996 1000
997 if (s->session->sess_cert->peer_dh_tmp != NULL) 1001 if (s->session->sess_cert->peer_dh_tmp != NULL)
998 dh_srvr = s->session->sess_cert->peer_dh_tmp; 1002 dh_srvr = s->session->sess_cert->peer_dh_tmp;
999 else { 1003 else {
1000 /* we get them from the cert */ 1004 /* we get them from the cert */
1001 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1005 ssl3_send_alert(s, SSL3_AL_FATAL,
1002 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 1006 SSL_AD_HANDSHAKE_FAILURE);
1007 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1008 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1003 goto err; 1009 goto err;
1004 } 1010 }
1005 1011
1006 /* generate a new random key */ 1012 /* generate a new random key */
1007 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { 1013 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
1008 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 1014 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1015 ERR_R_DH_LIB);
1009 goto err; 1016 goto err;
1010 } 1017 }
1011 if (!DH_generate_key(dh_clnt)) { 1018 if (!DH_generate_key(dh_clnt)) {
1012 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 1019 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1020 ERR_R_DH_LIB);
1013 goto err; 1021 goto err;
1014 } 1022 }
1015 1023
@@ -1019,14 +1027,15 @@ dtls1_send_client_key_exchange(SSL *s)
1019 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); 1027 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
1020 1028
1021 if (n <= 0) { 1029 if (n <= 0) {
1022 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 1030 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1031 ERR_R_DH_LIB);
1023 goto err; 1032 goto err;
1024 } 1033 }
1025 1034
1026 /* generate master key from the result */ 1035 /* generate master key from the result */
1027 s->session->master_key_length = 1036 s->session->master_key_length =
1028 s->method->ssl3_enc->generate_master_secret(s, 1037 s->method->ssl3_enc->generate_master_secret(
1029 s->session->master_key, p, n); 1038 s, s->session->master_key, p, n);
1030 /* clean up */ 1039 /* clean up */
1031 memset(p, 0, n); 1040 memset(p, 0, n);
1032 1041
@@ -1039,8 +1048,7 @@ dtls1_send_client_key_exchange(SSL *s)
1039 DH_free(dh_clnt); 1048 DH_free(dh_clnt);
1040 1049
1041 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1050 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1042 } 1051 } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
1043 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
1044 const EC_GROUP *srvr_group = NULL; 1052 const EC_GROUP *srvr_group = NULL;
1045 EC_KEY *tkey; 1053 EC_KEY *tkey;
1046 int ecdh_clnt_cert = 0; 1054 int ecdh_clnt_cert = 0;
@@ -1051,11 +1059,12 @@ dtls1_send_client_key_exchange(SSL *s)
1051 * computation as part of client certificate? 1059 * computation as part of client certificate?
1052 * If so, set ecdh_clnt_cert to 1. 1060 * If so, set ecdh_clnt_cert to 1.
1053 */ 1061 */
1054 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { 1062 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
1063 (s->cert != NULL)) {
1055 /* XXX: For now, we do not support client 1064 /* XXX: For now, we do not support client
1056 * authentication using ECDH certificates. 1065 * authentication using ECDH certificates.
1057 * To add such support, one needs to add 1066 * To add such support, one needs to add
1058 * code that checks for appropriate 1067 * code that checks for appropriate
1059 * conditions and sets ecdh_clnt_cert to 1. 1068 * conditions and sets ecdh_clnt_cert to 1.
1060 * For example, the cert have an ECC 1069 * For example, the cert have an ECC
1061 * key on the same curve as the server's 1070 * key on the same curve as the server's
@@ -1083,7 +1092,7 @@ dtls1_send_client_key_exchange(SSL *s)
1083 (srvr_pub_pkey->type != EVP_PKEY_EC) || 1092 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
1084 (srvr_pub_pkey->pkey.ec == NULL)) { 1093 (srvr_pub_pkey->pkey.ec == NULL)) {
1085 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1094 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1086 ERR_R_INTERNAL_ERROR); 1095 ERR_R_INTERNAL_ERROR);
1087 goto err; 1096 goto err;
1088 } 1097 }
1089 1098
@@ -1095,17 +1104,19 @@ dtls1_send_client_key_exchange(SSL *s)
1095 1104
1096 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { 1105 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
1097 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1106 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1098 ERR_R_INTERNAL_ERROR); 1107 ERR_R_INTERNAL_ERROR);
1099 goto err; 1108 goto err;
1100 } 1109 }
1101 1110
1102 if ((clnt_ecdh = EC_KEY_new()) == NULL) { 1111 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
1103 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1112 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1113 ERR_R_MALLOC_FAILURE);
1104 goto err; 1114 goto err;
1105 } 1115 }
1106 1116
1107 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { 1117 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
1108 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); 1118 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1119 ERR_R_EC_LIB);
1109 goto err; 1120 goto err;
1110 } 1121 }
1111 if (ecdh_clnt_cert) { 1122 if (ecdh_clnt_cert) {
@@ -1117,17 +1128,20 @@ dtls1_send_client_key_exchange(SSL *s)
1117 tkey = s->cert->key->privatekey->pkey.ec; 1128 tkey = s->cert->key->privatekey->pkey.ec;
1118 priv_key = EC_KEY_get0_private_key(tkey); 1129 priv_key = EC_KEY_get0_private_key(tkey);
1119 if (priv_key == NULL) { 1130 if (priv_key == NULL) {
1120 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1131 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1132 ERR_R_MALLOC_FAILURE);
1121 goto err; 1133 goto err;
1122 } 1134 }
1123 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { 1135 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
1124 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); 1136 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1137 ERR_R_EC_LIB);
1125 goto err; 1138 goto err;
1126 } 1139 }
1127 } else { 1140 } else {
1128 /* Generate a new ECDH key pair */ 1141 /* Generate a new ECDH key pair */
1129 if (!(EC_KEY_generate_key(clnt_ecdh))) { 1142 if (!(EC_KEY_generate_key(clnt_ecdh))) {
1130 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 1143 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1144 ERR_R_ECDH_LIB);
1131 goto err; 1145 goto err;
1132 } 1146 }
1133 } 1147 }
@@ -1139,22 +1153,20 @@ dtls1_send_client_key_exchange(SSL *s)
1139 field_size = EC_GROUP_get_degree(srvr_group); 1153 field_size = EC_GROUP_get_degree(srvr_group);
1140 if (field_size <= 0) { 1154 if (field_size <= 0) {
1141 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1155 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1142 ERR_R_ECDH_LIB); 1156 ERR_R_ECDH_LIB);
1143 goto err; 1157 goto err;
1144 } 1158 }
1145 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); 1159 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL);
1146 if (n <= 0) { 1160 if (n <= 0) {
1147 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1161 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1148 ERR_R_ECDH_LIB); 1162 ERR_R_ECDH_LIB);
1149 goto err; 1163 goto err;
1150 } 1164 }
1151 1165
1152 /* generate master key from the result */ 1166 /* generate master key from the result */
1153 s->session->master_key_length = s->method->ssl3_enc \ 1167 s->session->master_key_length =
1154 -> generate_master_secret(s, 1168 s->method->ssl3_enc->generate_master_secret(
1155 s->session->master_key, 1169 s, s->session->master_key, p, n);
1156 p, n);
1157
1158 memset(p, 0, n); /* clean up */ 1170 memset(p, 0, n); /* clean up */
1159 1171
1160 if (ecdh_clnt_cert) { 1172 if (ecdh_clnt_cert) {
@@ -1164,26 +1176,26 @@ dtls1_send_client_key_exchange(SSL *s)
1164 /* First check the size of encoding and 1176 /* First check the size of encoding and
1165 * allocate memory accordingly. 1177 * allocate memory accordingly.
1166 */ 1178 */
1167 encoded_pt_len = 1179 encoded_pt_len = EC_POINT_point2oct(srvr_group,
1168 EC_POINT_point2oct(srvr_group, 1180 EC_KEY_get0_public_key(clnt_ecdh),
1169 EC_KEY_get0_public_key(clnt_ecdh), 1181 POINT_CONVERSION_UNCOMPRESSED,
1170 POINT_CONVERSION_UNCOMPRESSED, 1182 NULL, 0, NULL);
1171 NULL, 0, NULL);
1172 1183
1173 encodedPoint = malloc(encoded_pt_len); 1184 encodedPoint = malloc(encoded_pt_len);
1174 1185
1175 bn_ctx = BN_CTX_new(); 1186 bn_ctx = BN_CTX_new();
1176 if ((encodedPoint == NULL) || 1187 if ((encodedPoint == NULL) ||
1177 (bn_ctx == NULL)) { 1188 (bn_ctx == NULL)) {
1178 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1189 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1190 ERR_R_MALLOC_FAILURE);
1179 goto err; 1191 goto err;
1180 } 1192 }
1181 1193
1182 /* Encode the public key */ 1194 /* Encode the public key */
1183 n = EC_POINT_point2oct(srvr_group, 1195 n = EC_POINT_point2oct(srvr_group,
1184 EC_KEY_get0_public_key(clnt_ecdh), 1196 EC_KEY_get0_public_key(clnt_ecdh),
1185 POINT_CONVERSION_UNCOMPRESSED, 1197 POINT_CONVERSION_UNCOMPRESSED,
1186 encodedPoint, encoded_pt_len, bn_ctx); 1198 encodedPoint, encoded_pt_len, bn_ctx);
1187 1199
1188 *p = n; /* length of encoded point */ 1200 *p = n; /* length of encoded point */
1189 /* Encoded point will be copied here */ 1201 /* Encoded point will be copied here */
@@ -1215,7 +1227,7 @@ dtls1_send_client_key_exchange(SSL *s)
1215 n = 0; 1227 n = 0;
1216 if (s->psk_client_callback == NULL) { 1228 if (s->psk_client_callback == NULL) {
1217 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1229 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1218 SSL_R_PSK_NO_CLIENT_CB); 1230 SSL_R_PSK_NO_CLIENT_CB);
1219 goto err; 1231 goto err;
1220 } 1232 }
1221 1233
@@ -1236,7 +1248,8 @@ dtls1_send_client_key_exchange(SSL *s)
1236 /* create PSK pre_master_secret */ 1248 /* create PSK pre_master_secret */
1237 pre_ms_len = 2 + psk_len + 2 + psk_len; 1249 pre_ms_len = 2 + psk_len + 2 + psk_len;
1238 t = psk_or_pre_ms; 1250 t = psk_or_pre_ms;
1239 memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len); 1251 memmove(psk_or_pre_ms + psk_len + 4,
1252 psk_or_pre_ms, psk_len);
1240 s2n(psk_len, t); 1253 s2n(psk_len, t);
1241 memset(t, 0, psk_len); 1254 memset(t, 0, psk_len);
1242 t += psk_len; 1255 t += psk_len;
@@ -1246,9 +1259,9 @@ dtls1_send_client_key_exchange(SSL *s)
1246 s->session->psk_identity_hint = 1259 s->session->psk_identity_hint =
1247 BUF_strdup(s->ctx->psk_identity_hint); 1260 BUF_strdup(s->ctx->psk_identity_hint);
1248 if (s->ctx->psk_identity_hint != NULL && 1261 if (s->ctx->psk_identity_hint != NULL &&
1249 s->session->psk_identity_hint == NULL) { 1262 s->session->psk_identity_hint == NULL) {
1250 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1263 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1251 ERR_R_MALLOC_FAILURE); 1264 ERR_R_MALLOC_FAILURE);
1252 goto psk_err; 1265 goto psk_err;
1253 } 1266 }
1254 1267
@@ -1256,14 +1269,14 @@ dtls1_send_client_key_exchange(SSL *s)
1256 s->session->psk_identity = BUF_strdup(identity); 1269 s->session->psk_identity = BUF_strdup(identity);
1257 if (s->session->psk_identity == NULL) { 1270 if (s->session->psk_identity == NULL) {
1258 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1271 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1259 ERR_R_MALLOC_FAILURE); 1272 ERR_R_MALLOC_FAILURE);
1260 goto psk_err; 1273 goto psk_err;
1261 } 1274 }
1262 1275
1263 s->session->master_key_length = 1276 s->session->master_key_length =
1264 s->method->ssl3_enc->generate_master_secret(s, 1277 s->method->ssl3_enc->generate_master_secret(s,
1265 s->session->master_key, 1278 s->session->master_key,
1266 psk_or_pre_ms, pre_ms_len); 1279 psk_or_pre_ms, pre_ms_len);
1267 1280
1268 n = strlen(identity); 1281 n = strlen(identity);
1269 s2n(n, p); 1282 s2n(n, p);
@@ -1274,14 +1287,17 @@ psk_err:
1274 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); 1287 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
1275 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); 1288 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
1276 if (psk_err != 0) { 1289 if (psk_err != 0) {
1277 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1290 ssl3_send_alert(s, SSL3_AL_FATAL,
1291 SSL_AD_HANDSHAKE_FAILURE);
1278 goto err; 1292 goto err;
1279 } 1293 }
1280 } 1294 }
1281#endif 1295#endif
1282 else { 1296 else {
1283 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1297 ssl3_send_alert(s, SSL3_AL_FATAL,
1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1298 SSL_AD_HANDSHAKE_FAILURE);
1299 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1300 ERR_R_INTERNAL_ERROR);
1285 goto err; 1301 goto err;
1286 } 1302 }
1287 1303
@@ -1338,42 +1354,42 @@ dtls1_send_client_verify(SSL *s)
1338 if (RSA_sign(NID_md5_sha1, data, 1354 if (RSA_sign(NID_md5_sha1, data,
1339 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, 1355 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
1340 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { 1356 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
1341 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); 1357 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1358 ERR_R_RSA_LIB);
1342 goto err; 1359 goto err;
1343 } 1360 }
1344 s2n(u, p); 1361 s2n(u, p);
1345 n = u + 2; 1362 n = u + 2;
1346 } else 1363 } else if (pkey->type == EVP_PKEY_DSA) {
1347 if (pkey->type == EVP_PKEY_DSA) {
1348 if (!DSA_sign(pkey->save_type, 1364 if (!DSA_sign(pkey->save_type,
1349 &(data[MD5_DIGEST_LENGTH]), 1365 &(data[MD5_DIGEST_LENGTH]),
1350 SHA_DIGEST_LENGTH, &(p[2]), 1366 SHA_DIGEST_LENGTH, &(p[2]),
1351 (unsigned int *)&j, pkey->pkey.dsa)) { 1367 (unsigned int *)&j, pkey->pkey.dsa)) {
1352 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); 1368 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1369 ERR_R_DSA_LIB);
1353 goto err; 1370 goto err;
1354 } 1371 }
1355 s2n(j, p); 1372 s2n(j, p);
1356 n = j + 2; 1373 n = j + 2;
1357 } else 1374 } else if (pkey->type == EVP_PKEY_EC) {
1358 if (pkey->type == EVP_PKEY_EC) {
1359 if (!ECDSA_sign(pkey->save_type, 1375 if (!ECDSA_sign(pkey->save_type,
1360 &(data[MD5_DIGEST_LENGTH]), 1376 &(data[MD5_DIGEST_LENGTH]),
1361 SHA_DIGEST_LENGTH, &(p[2]), 1377 SHA_DIGEST_LENGTH, &(p[2]),
1362 (unsigned int *)&j, pkey->pkey.ec)) { 1378 (unsigned int *)&j, pkey->pkey.ec)) {
1363 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, 1379 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1364 ERR_R_ECDSA_LIB); 1380 ERR_R_ECDSA_LIB);
1365 goto err; 1381 goto err;
1366 } 1382 }
1367 s2n(j, p); 1383 s2n(j, p);
1368 n = j + 2; 1384 n = j + 2;
1369 } else 1385 } else {
1370 { 1386 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1371 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); 1387 ERR_R_INTERNAL_ERROR);
1372 goto err; 1388 goto err;
1373 } 1389 }
1374 1390
1375 d = dtls1_set_message_header(s, d, 1391 d = dtls1_set_message_header(s, d,
1376 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n); 1392 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
1377 1393
1378 s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH; 1394 s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
1379 s->init_off = 0; 1395 s->init_off = 0;
@@ -1425,7 +1441,8 @@ dtls1_send_client_certificate(SSL *s)
1425 i = 0; 1441 i = 0;
1426 } else if (i == 1) { 1442 } else if (i == 1) {
1427 i = 0; 1443 i = 0;
1428 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 1444 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
1445 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1429 } 1446 }
1430 1447
1431 if (x509 != NULL) 1448 if (x509 != NULL)
@@ -1435,7 +1452,8 @@ dtls1_send_client_certificate(SSL *s)
1435 if (i == 0) { 1452 if (i == 0) {
1436 if (s->version == SSL3_VERSION) { 1453 if (s->version == SSL3_VERSION) {
1437 s->s3->tmp.cert_req = 0; 1454 s->s3->tmp.cert_req = 0;
1438 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); 1455 ssl3_send_alert(s, SSL3_AL_WARNING,
1456 SSL_AD_NO_CERTIFICATE);
1439 return (1); 1457 return (1);
1440 } else { 1458 } else {
1441 s->s3->tmp.cert_req = 2; 1459 s->s3->tmp.cert_req = 2;
@@ -1458,6 +1476,7 @@ dtls1_send_client_certificate(SSL *s)
1458 /* buffer the message to handle re-xmits */ 1476 /* buffer the message to handle re-xmits */
1459 dtls1_buffer_message(s, 0); 1477 dtls1_buffer_message(s, 0);
1460 } 1478 }
1479
1461 /* SSL3_ST_CW_CERT_D */ 1480 /* SSL3_ST_CW_CERT_D */
1462 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1481 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1463} 1482}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 04:26:37 +0000