summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_clnt.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 14:51:11 +0000
committerjsing <>2014-04-14 14:51:11 +0000
commit5977f7bc2c486cf4286457ca1bc58fbe2455144d (patch)
tree405ed6145367617646f765247ee24976c45b2e76 /src/lib/libssl/d1_clnt.c
parentc03306dde55b9ef0d2073f1376f36b96f84c0679 (diff)
downloadopenbsd-5977f7bc2c486cf4286457ca1bc58fbe2455144d.tar.gz
openbsd-5977f7bc2c486cf4286457ca1bc58fbe2455144d.tar.bz2
openbsd-5977f7bc2c486cf4286457ca1bc58fbe2455144d.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/d1_clnt.c')
-rw-r--r--src/lib/libssl/d1_clnt.c1545
1 files changed, 734 insertions, 811 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index eb6ea6c0ec..15c4bca58c 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -131,49 +131,51 @@
131static const SSL_METHOD *dtls1_get_client_method(int ver); 131static const SSL_METHOD *dtls1_get_client_method(int ver);
132static int dtls1_get_hello_verify(SSL *s); 132static int dtls1_get_hello_verify(SSL *s);
133 133
134static const SSL_METHOD *dtls1_get_client_method(int ver) 134static const SSL_METHOD
135 { 135*dtls1_get_client_method(int ver)
136{
136 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) 137 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
137 return(DTLSv1_client_method()); 138 return (DTLSv1_client_method());
138 else 139 else
139 return(NULL); 140 return (NULL);
140 } 141}
141 142
142IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, 143IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
143 ssl_undefined_function, 144 ssl_undefined_function, dtls1_connect, dtls1_get_client_method)
144 dtls1_connect, 145
145 dtls1_get_client_method) 146int
146 147dtls1_connect(SSL *s)
147int dtls1_connect(SSL *s) 148{
148 { 149 BUF_MEM *buf = NULL;
149 BUF_MEM *buf=NULL; 150 unsigned long Time = (unsigned long)time(NULL);
150 unsigned long Time=(unsigned long)time(NULL); 151 void (*cb)(const SSL *ssl, int type, int val) = NULL;
151 void (*cb)(const SSL *ssl,int type,int val)=NULL; 152 int ret = -1;
152 int ret= -1; 153 int new_state, state, skip = 0;
153 int new_state,state,skip=0;
154#ifndef OPENSSL_NO_SCTP 154#ifndef OPENSSL_NO_SCTP
155 unsigned char sctpauthkey[64]; 155 unsigned char sctpauthkey[64];
156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; 156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
157#endif 157#endif
158 158
159 RAND_add(&Time,sizeof(Time),0); 159 RAND_add(&Time, sizeof(Time), 0);
160 ERR_clear_error(); 160 ERR_clear_error();
161 errno = 0; 161 errno = 0;
162 162
163 if (s->info_callback != NULL) 163 if (s->info_callback != NULL)
164 cb=s->info_callback; 164 cb = s->info_callback;
165 else if (s->ctx->info_callback != NULL) 165 else if (s->ctx->info_callback != NULL)
166 cb=s->ctx->info_callback; 166 cb = s->ctx->info_callback;
167 167
168 s->in_handshake++; 168 s->in_handshake++;
169 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 169 if (!SSL_in_init(s) || SSL_in_before(s))
170 SSL_clear(s);
170 171
171#ifndef OPENSSL_NO_SCTP 172#ifndef OPENSSL_NO_SCTP
172 /* Notify SCTP BIO socket to enter handshake 173 /* Notify SCTP BIO socket to enter handshake
173 * mode and prevent stream identifier other 174 * mode and prevent stream identifier other
174 * than 0. Will be ignored if no SCTP is used. 175 * than 0. Will be ignored if no SCTP is used.
175 */ 176 */
176 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 177 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
178 s->in_handshake, NULL);
177#endif 179#endif
178 180
179#ifndef OPENSSL_NO_HEARTBEATS 181#ifndef OPENSSL_NO_HEARTBEATS
@@ -181,23 +183,20 @@ int dtls1_connect(SSL *s)
181 * already got and don't await it anymore, because 183 * already got and don't await it anymore, because
182 * Heartbeats don't make sense during handshakes anyway. 184 * Heartbeats don't make sense during handshakes anyway.
183 */ 185 */
184 if (s->tlsext_hb_pending) 186 if (s->tlsext_hb_pending) {
185 {
186 dtls1_stop_timer(s); 187 dtls1_stop_timer(s);
187 s->tlsext_hb_pending = 0; 188 s->tlsext_hb_pending = 0;
188 s->tlsext_hb_seq++; 189 s->tlsext_hb_seq++;
189 } 190 }
190#endif 191#endif
191 192
192 for (;;) 193 for (;;) {
193 { 194 state = s->state;
194 state=s->state;
195 195
196 switch(s->state) 196 switch (s->state) {
197 {
198 case SSL_ST_RENEGOTIATE: 197 case SSL_ST_RENEGOTIATE:
199 s->renegotiate=1; 198 s->renegotiate = 1;
200 s->state=SSL_ST_CONNECT; 199 s->state = SSL_ST_CONNECT;
201 s->ctx->stats.sess_connect_renegotiate++; 200 s->ctx->stats.sess_connect_renegotiate++;
202 /* break */ 201 /* break */
203 case SSL_ST_BEFORE: 202 case SSL_ST_BEFORE:
@@ -205,48 +204,51 @@ int dtls1_connect(SSL *s)
205 case SSL_ST_BEFORE|SSL_ST_CONNECT: 204 case SSL_ST_BEFORE|SSL_ST_CONNECT:
206 case SSL_ST_OK|SSL_ST_CONNECT: 205 case SSL_ST_OK|SSL_ST_CONNECT:
207 206
208 s->server=0; 207 s->server = 0;
209 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 208 if (cb != NULL)
209 cb(s, SSL_CB_HANDSHAKE_START, 1);
210 210
211 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && 211 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
212 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) 212 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) {
213 {
214 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); 213 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
215 ret = -1; 214 ret = -1;
216 goto end; 215 goto end;
217 } 216 }
218 217
219 /* s->version=SSL3_VERSION; */ 218 /* s->version=SSL3_VERSION; */
220 s->type=SSL_ST_CONNECT; 219 s->type = SSL_ST_CONNECT;
221 220
222 if (s->init_buf == NULL) 221 if (s->init_buf == NULL) {
223 { 222 if ((buf = BUF_MEM_new()) == NULL) {
224 if ((buf=BUF_MEM_new()) == NULL) 223 ret = -1;
225 {
226 ret= -1;
227 goto end; 224 goto end;
228 } 225 }
229 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 226 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
230 { 227 ret = -1;
231 ret= -1;
232 goto end; 228 goto end;
233 }
234 s->init_buf=buf;
235 buf=NULL;
236 } 229 }
230 s->init_buf = buf;
231 buf = NULL;
232 }
237 233
238 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 234 if (!ssl3_setup_buffers(s)) {
235 ret = -1;
236 goto end;
237 }
239 238
240 /* setup buffing BIO */ 239 /* setup buffing BIO */
241 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } 240 if (!ssl_init_wbio_buffer(s, 0)) {
241 ret = -1;
242 goto end;
243 }
242 244
243 /* don't push the buffering BIO quite yet */ 245 /* don't push the buffering BIO quite yet */
244 246
245 s->state=SSL3_ST_CW_CLNT_HELLO_A; 247 s->state = SSL3_ST_CW_CLNT_HELLO_A;
246 s->ctx->stats.sess_connect++; 248 s->ctx->stats.sess_connect++;
247 s->init_num=0; 249 s->init_num = 0;
248 /* mark client_random uninitialized */ 250 /* mark client_random uninitialized */
249 memset(s->s3->client_random,0,sizeof(s->s3->client_random)); 251 memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
250 s->d1->send_cookie = 0; 252 s->d1->send_cookie = 0;
251 s->hit = 0; 253 s->hit = 0;
252 break; 254 break;
@@ -254,115 +256,110 @@ int dtls1_connect(SSL *s)
254#ifndef OPENSSL_NO_SCTP 256#ifndef OPENSSL_NO_SCTP
255 case DTLS1_SCTP_ST_CR_READ_SOCK: 257 case DTLS1_SCTP_ST_CR_READ_SOCK:
256 258
257 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 259 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
258 { 260 s->s3->in_read_app_data = 2;
259 s->s3->in_read_app_data=2; 261 s->rwstate = SSL_READING;
260 s->rwstate=SSL_READING;
261 BIO_clear_retry_flags(SSL_get_rbio(s)); 262 BIO_clear_retry_flags(SSL_get_rbio(s));
262 BIO_set_retry_read(SSL_get_rbio(s)); 263 BIO_set_retry_read(SSL_get_rbio(s));
263 ret = -1; 264 ret = -1;
264 goto end; 265 goto end;
265 } 266 }
266 267
267 s->state=s->s3->tmp.next_state; 268 s->state = s->s3->tmp.next_state;
268 break; 269 break;
269 270
270 case DTLS1_SCTP_ST_CW_WRITE_SOCK: 271 case DTLS1_SCTP_ST_CW_WRITE_SOCK:
271 /* read app data until dry event */ 272 /* read app data until dry event */
272 273
273 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); 274 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
274 if (ret < 0) goto end; 275 if (ret < 0)
276 goto end;
275 277
276 if (ret == 0) 278 if (ret == 0) {
277 { 279 s->s3->in_read_app_data = 2;
278 s->s3->in_read_app_data=2; 280 s->rwstate = SSL_READING;
279 s->rwstate=SSL_READING;
280 BIO_clear_retry_flags(SSL_get_rbio(s)); 281 BIO_clear_retry_flags(SSL_get_rbio(s));
281 BIO_set_retry_read(SSL_get_rbio(s)); 282 BIO_set_retry_read(SSL_get_rbio(s));
282 ret = -1; 283 ret = -1;
283 goto end; 284 goto end;
284 } 285 }
285 286
286 s->state=s->d1->next_state; 287 s->state = s->d1->next_state;
287 break; 288 break;
288#endif 289#endif
289 290
290 case SSL3_ST_CW_CLNT_HELLO_A: 291 case SSL3_ST_CW_CLNT_HELLO_A:
291 case SSL3_ST_CW_CLNT_HELLO_B: 292 case SSL3_ST_CW_CLNT_HELLO_B:
292 293
293 s->shutdown=0; 294 s->shutdown = 0;
294 295
295 /* every DTLS ClientHello resets Finished MAC */ 296 /* every DTLS ClientHello resets Finished MAC */
296 ssl3_init_finished_mac(s); 297 ssl3_init_finished_mac(s);
297 298
298 dtls1_start_timer(s); 299 dtls1_start_timer(s);
299 ret=dtls1_client_hello(s); 300 ret = dtls1_client_hello(s);
300 if (ret <= 0) goto end; 301 if (ret <= 0)
302 goto end;
301 303
302 if ( s->d1->send_cookie) 304 if (s->d1->send_cookie) {
303 { 305 s->state = SSL3_ST_CW_FLUSH;
304 s->state=SSL3_ST_CW_FLUSH; 306 s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
305 s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A; 307 } else
306 } 308 s->state = SSL3_ST_CR_SRVR_HELLO_A;
307 else
308 s->state=SSL3_ST_CR_SRVR_HELLO_A;
309 309
310 s->init_num=0; 310 s->init_num = 0;
311 311
312#ifndef OPENSSL_NO_SCTP 312#ifndef OPENSSL_NO_SCTP
313 /* Disable buffering for SCTP */ 313 /* Disable buffering for SCTP */
314 if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) 314 if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) {
315 {
316#endif 315#endif
317 /* turn on buffering for the next lot of output */ 316 /* turn on buffering for the next lot of output */
318 if (s->bbio != s->wbio) 317 if (s->bbio != s->wbio)
319 s->wbio=BIO_push(s->bbio,s->wbio); 318 s->wbio = BIO_push(s->bbio, s->wbio);
320#ifndef OPENSSL_NO_SCTP 319#ifndef OPENSSL_NO_SCTP
321 } 320 }
322#endif 321#endif
323 322
324 break; 323 break;
325 324
326 case SSL3_ST_CR_SRVR_HELLO_A: 325 case SSL3_ST_CR_SRVR_HELLO_A:
327 case SSL3_ST_CR_SRVR_HELLO_B: 326 case SSL3_ST_CR_SRVR_HELLO_B:
328 ret=ssl3_get_server_hello(s); 327 ret = ssl3_get_server_hello(s);
329 if (ret <= 0) goto end; 328 if (ret <= 0)
330 else 329 goto end;
331 { 330 else {
332 if (s->hit) 331 if (s->hit) {
333 {
334#ifndef OPENSSL_NO_SCTP 332#ifndef OPENSSL_NO_SCTP
335 /* Add new shared key for SCTP-Auth, 333 /* Add new shared key for SCTP-Auth,
336 * will be ignored if no SCTP used. 334 * will be ignored if no SCTP used.
337 */ 335 */
338 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 336 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
339 DTLS1_SCTP_AUTH_LABEL); 337 DTLS1_SCTP_AUTH_LABEL);
340 338
341 SSL_export_keying_material(s, sctpauthkey, 339 SSL_export_keying_material(s, sctpauthkey,
342 sizeof(sctpauthkey), labelbuffer, 340 sizeof(sctpauthkey), labelbuffer,
343 sizeof(labelbuffer), NULL, 0, 0); 341 sizeof(labelbuffer), NULL, 0, 0);
344 342
345 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 343 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
346 sizeof(sctpauthkey), sctpauthkey); 344 sizeof(sctpauthkey), sctpauthkey);
347#endif 345#endif
348 346
349 s->state=SSL3_ST_CR_FINISHED_A; 347 s->state = SSL3_ST_CR_FINISHED_A;
350 } 348 } else
351 else 349 s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
352 s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; 350 }
353 } 351 s->init_num = 0;
354 s->init_num=0;
355 break; 352 break;
356 353
357 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: 354 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
358 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: 355 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
359 356
360 ret = dtls1_get_hello_verify(s); 357 ret = dtls1_get_hello_verify(s);
361 if ( ret <= 0) 358 if (ret <= 0)
362 goto end; 359 goto end;
363 dtls1_stop_timer(s); 360 dtls1_stop_timer(s);
364 if ( s->d1->send_cookie) /* start again, with a cookie */ 361 if ( s->d1->send_cookie) /* start again, with a cookie */
365 s->state=SSL3_ST_CW_CLNT_HELLO_A; 362 s->state = SSL3_ST_CW_CLNT_HELLO_A;
366 else 363 else
367 s->state = SSL3_ST_CR_CERT_A; 364 s->state = SSL3_ST_CR_CERT_A;
368 s->init_num = 0; 365 s->init_num = 0;
@@ -371,88 +368,87 @@ int dtls1_connect(SSL *s)
371 case SSL3_ST_CR_CERT_A: 368 case SSL3_ST_CR_CERT_A:
372 case SSL3_ST_CR_CERT_B: 369 case SSL3_ST_CR_CERT_B:
373#ifndef OPENSSL_NO_TLSEXT 370#ifndef OPENSSL_NO_TLSEXT
374 ret=ssl3_check_finished(s); 371 ret = ssl3_check_finished(s);
375 if (ret <= 0) goto end; 372 if (ret <= 0)
376 if (ret == 2) 373 goto end;
377 { 374 if (ret == 2) {
378 s->hit = 1; 375 s->hit = 1;
379 if (s->tlsext_ticket_expected) 376 if (s->tlsext_ticket_expected)
380 s->state=SSL3_ST_CR_SESSION_TICKET_A; 377 s->state = SSL3_ST_CR_SESSION_TICKET_A;
381 else 378 else
382 s->state=SSL3_ST_CR_FINISHED_A; 379 s->state = SSL3_ST_CR_FINISHED_A;
383 s->init_num=0; 380 s->init_num = 0;
384 break; 381 break;
385 } 382 }
386#endif 383#endif
387 /* Check if it is anon DH or PSK */ 384 /* Check if it is anon DH or PSK */
388 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 385 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
389 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 386 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
390 { 387 ret = ssl3_get_server_certificate(s);
391 ret=ssl3_get_server_certificate(s); 388 if (ret <= 0)
392 if (ret <= 0) goto end; 389 goto end;
393#ifndef OPENSSL_NO_TLSEXT 390#ifndef OPENSSL_NO_TLSEXT
394 if (s->tlsext_status_expected) 391 if (s->tlsext_status_expected)
395 s->state=SSL3_ST_CR_CERT_STATUS_A; 392 s->state = SSL3_ST_CR_CERT_STATUS_A;
396 else 393 else
397 s->state=SSL3_ST_CR_KEY_EXCH_A; 394 s->state = SSL3_ST_CR_KEY_EXCH_A;
398 } 395 } else {
399 else
400 {
401 skip = 1; 396 skip = 1;
402 s->state=SSL3_ST_CR_KEY_EXCH_A; 397 s->state = SSL3_ST_CR_KEY_EXCH_A;
403 } 398 }
404#else 399#else
405 } 400 } else
406 else 401 skip = 1;
407 skip=1;
408 402
409 s->state=SSL3_ST_CR_KEY_EXCH_A; 403 s->state = SSL3_ST_CR_KEY_EXCH_A;
410#endif 404#endif
411 s->init_num=0; 405 s->init_num = 0;
412 break; 406 break;
413 407
414 case SSL3_ST_CR_KEY_EXCH_A: 408 case SSL3_ST_CR_KEY_EXCH_A:
415 case SSL3_ST_CR_KEY_EXCH_B: 409 case SSL3_ST_CR_KEY_EXCH_B:
416 ret=ssl3_get_key_exchange(s); 410 ret = ssl3_get_key_exchange(s);
417 if (ret <= 0) goto end; 411 if (ret <= 0)
418 s->state=SSL3_ST_CR_CERT_REQ_A; 412 goto end;
419 s->init_num=0; 413 s->state = SSL3_ST_CR_CERT_REQ_A;
414 s->init_num = 0;
420 415
421 /* at this point we check that we have the 416 /* at this point we check that we have the
422 * required stuff from the server */ 417 * required stuff from the server */
423 if (!ssl3_check_cert_and_algorithm(s)) 418 if (!ssl3_check_cert_and_algorithm(s)) {
424 { 419 ret = -1;
425 ret= -1;
426 goto end; 420 goto end;
427 } 421 }
428 break; 422 break;
429 423
430 case SSL3_ST_CR_CERT_REQ_A: 424 case SSL3_ST_CR_CERT_REQ_A:
431 case SSL3_ST_CR_CERT_REQ_B: 425 case SSL3_ST_CR_CERT_REQ_B:
432 ret=ssl3_get_certificate_request(s); 426 ret = ssl3_get_certificate_request(s);
433 if (ret <= 0) goto end; 427 if (ret <= 0)
434 s->state=SSL3_ST_CR_SRVR_DONE_A; 428 goto end;
435 s->init_num=0; 429 s->state = SSL3_ST_CR_SRVR_DONE_A;
430 s->init_num = 0;
436 break; 431 break;
437 432
438 case SSL3_ST_CR_SRVR_DONE_A: 433 case SSL3_ST_CR_SRVR_DONE_A:
439 case SSL3_ST_CR_SRVR_DONE_B: 434 case SSL3_ST_CR_SRVR_DONE_B:
440 ret=ssl3_get_server_done(s); 435 ret = ssl3_get_server_done(s);
441 if (ret <= 0) goto end; 436 if (ret <= 0)
437 goto end;
442 dtls1_stop_timer(s); 438 dtls1_stop_timer(s);
443 if (s->s3->tmp.cert_req) 439 if (s->s3->tmp.cert_req)
444 s->s3->tmp.next_state=SSL3_ST_CW_CERT_A; 440 s->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
445 else 441 else
446 s->s3->tmp.next_state=SSL3_ST_CW_KEY_EXCH_A; 442 s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
447 s->init_num=0; 443 s->init_num = 0;
448 444
449#ifndef OPENSSL_NO_SCTP 445#ifndef OPENSSL_NO_SCTP
450 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 446 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
451 state == SSL_ST_RENEGOTIATE) 447 state == SSL_ST_RENEGOTIATE)
452 s->state=DTLS1_SCTP_ST_CR_READ_SOCK; 448 s->state = DTLS1_SCTP_ST_CR_READ_SOCK;
453 else 449 else
454#endif 450#endif
455 s->state=s->s3->tmp.next_state; 451 s->state = s->s3->tmp.next_state;
456 break; 452 break;
457 453
458 case SSL3_ST_CW_CERT_A: 454 case SSL3_ST_CW_CERT_A:
@@ -460,118 +456,115 @@ int dtls1_connect(SSL *s)
460 case SSL3_ST_CW_CERT_C: 456 case SSL3_ST_CW_CERT_C:
461 case SSL3_ST_CW_CERT_D: 457 case SSL3_ST_CW_CERT_D:
462 dtls1_start_timer(s); 458 dtls1_start_timer(s);
463 ret=dtls1_send_client_certificate(s); 459 ret = dtls1_send_client_certificate(s);
464 if (ret <= 0) goto end; 460 if (ret <= 0)
465 s->state=SSL3_ST_CW_KEY_EXCH_A; 461 goto end;
466 s->init_num=0; 462 s->state = SSL3_ST_CW_KEY_EXCH_A;
463 s->init_num = 0;
467 break; 464 break;
468 465
469 case SSL3_ST_CW_KEY_EXCH_A: 466 case SSL3_ST_CW_KEY_EXCH_A:
470 case SSL3_ST_CW_KEY_EXCH_B: 467 case SSL3_ST_CW_KEY_EXCH_B:
471 dtls1_start_timer(s); 468 dtls1_start_timer(s);
472 ret=dtls1_send_client_key_exchange(s); 469 ret = dtls1_send_client_key_exchange(s);
473 if (ret <= 0) goto end; 470 if (ret <= 0)
471 goto end;
474 472
475#ifndef OPENSSL_NO_SCTP 473#ifndef OPENSSL_NO_SCTP
476 /* Add new shared key for SCTP-Auth, 474 /* Add new shared key for SCTP-Auth,
477 * will be ignored if no SCTP used. 475 * will be ignored if no SCTP used.
478 */ 476 */
479 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 477 snprintf((char*)labelbuffer,
480 DTLS1_SCTP_AUTH_LABEL); 478 sizeof(DTLS1_SCTP_AUTH_LABEL),
479 DTLS1_SCTP_AUTH_LABEL);
481 480
482 SSL_export_keying_material(s, sctpauthkey, 481 SSL_export_keying_material(s, sctpauthkey,
483 sizeof(sctpauthkey), labelbuffer, 482 sizeof(sctpauthkey), labelbuffer,
484 sizeof(labelbuffer), NULL, 0, 0); 483 sizeof(labelbuffer), NULL, 0, 0);
485 484
486 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 485 BIO_ctrl(SSL_get_wbio(s),
487 sizeof(sctpauthkey), sctpauthkey); 486 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
487 sizeof(sctpauthkey), sctpauthkey);
488#endif 488#endif
489 489
490 /* EAY EAY EAY need to check for DH fix cert 490 /* EAY EAY EAY need to check for DH fix cert
491 * sent back */ 491 * sent back */
492 /* For TLS, cert_req is set to 2, so a cert chain 492 /* For TLS, cert_req is set to 2, so a cert chain
493 * of nothing is sent, but no verify packet is sent */ 493 * of nothing is sent, but no verify packet is sent */
494 if (s->s3->tmp.cert_req == 1) 494 if (s->s3->tmp.cert_req == 1) {
495 { 495 s->state = SSL3_ST_CW_CERT_VRFY_A;
496 s->state=SSL3_ST_CW_CERT_VRFY_A; 496 } else {
497 }
498 else
499 {
500#ifndef OPENSSL_NO_SCTP 497#ifndef OPENSSL_NO_SCTP
501 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 498 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
502 { 499 s->d1->next_state = SSL3_ST_CW_CHANGE_A;
503 s->d1->next_state=SSL3_ST_CW_CHANGE_A; 500 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
504 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 501 } else
505 }
506 else
507#endif 502#endif
508 s->state=SSL3_ST_CW_CHANGE_A; 503 s->state = SSL3_ST_CW_CHANGE_A;
509 s->s3->change_cipher_spec=0; 504 s->s3->change_cipher_spec = 0;
510 } 505 }
511 506
512 s->init_num=0; 507 s->init_num = 0;
513 break; 508 break;
514 509
515 case SSL3_ST_CW_CERT_VRFY_A: 510 case SSL3_ST_CW_CERT_VRFY_A:
516 case SSL3_ST_CW_CERT_VRFY_B: 511 case SSL3_ST_CW_CERT_VRFY_B:
517 dtls1_start_timer(s); 512 dtls1_start_timer(s);
518 ret=dtls1_send_client_verify(s); 513 ret = dtls1_send_client_verify(s);
519 if (ret <= 0) goto end; 514 if (ret <= 0)
515 goto end;
520#ifndef OPENSSL_NO_SCTP 516#ifndef OPENSSL_NO_SCTP
521 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 517 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
522 { 518 s->d1->next_state = SSL3_ST_CW_CHANGE_A;
523 s->d1->next_state=SSL3_ST_CW_CHANGE_A; 519 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
524 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 520 } else
525 }
526 else
527#endif 521#endif
528 s->state=SSL3_ST_CW_CHANGE_A; 522 s->state = SSL3_ST_CW_CHANGE_A;
529 s->init_num=0; 523 s->init_num = 0;
530 s->s3->change_cipher_spec=0; 524 s->s3->change_cipher_spec = 0;
531 break; 525 break;
532 526
533 case SSL3_ST_CW_CHANGE_A: 527 case SSL3_ST_CW_CHANGE_A:
534 case SSL3_ST_CW_CHANGE_B: 528 case SSL3_ST_CW_CHANGE_B:
535 if (!s->hit) 529 if (!s->hit)
536 dtls1_start_timer(s); 530 dtls1_start_timer(s);
537 ret=dtls1_send_change_cipher_spec(s, 531 ret = dtls1_send_change_cipher_spec(s,
538 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); 532 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
539 if (ret <= 0) goto end; 533 if (ret <= 0)
534 goto end;
540 535
541 s->state=SSL3_ST_CW_FINISHED_A; 536 s->state = SSL3_ST_CW_FINISHED_A;
542 s->init_num=0; 537 s->init_num = 0;
543 538
544 s->session->cipher=s->s3->tmp.new_cipher; 539 s->session->cipher = s->s3->tmp.new_cipher;
545#ifdef OPENSSL_NO_COMP 540#ifdef OPENSSL_NO_COMP
546 s->session->compress_meth=0; 541 s->session->compress_meth = 0;
547#else 542#else
548 if (s->s3->tmp.new_compression == NULL) 543 if (s->s3->tmp.new_compression == NULL)
549 s->session->compress_meth=0; 544 s->session->compress_meth = 0;
550 else 545 else
551 s->session->compress_meth= 546 s->session->compress_meth =
552 s->s3->tmp.new_compression->id; 547 s->s3->tmp.new_compression->id;
553#endif 548#endif
554 if (!s->method->ssl3_enc->setup_key_block(s)) 549 if (!s->method->ssl3_enc->setup_key_block(s)) {
555 { 550 ret = -1;
556 ret= -1;
557 goto end; 551 goto end;
558 } 552 }
559 553
560 if (!s->method->ssl3_enc->change_cipher_state(s, 554 if (!s->method->ssl3_enc->change_cipher_state(s,
561 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) 555 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
562 { 556 ret = -1;
563 ret= -1;
564 goto end; 557 goto end;
565 } 558 }
566 559
567#ifndef OPENSSL_NO_SCTP 560#ifndef OPENSSL_NO_SCTP
568 if (s->hit) 561 if (s->hit) {
569 { 562 /* Change to new shared key of SCTP-Auth,
570 /* Change to new shared key of SCTP-Auth, 563 * will be ignored if no SCTP used.
571 * will be ignored if no SCTP used. 564 */
572 */ 565 BIO_ctrl(SSL_get_wbio(s),
573 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 566 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
574 } 567 }
575#endif 568#endif
576 569
577 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); 570 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
@@ -581,41 +574,36 @@ int dtls1_connect(SSL *s)
581 case SSL3_ST_CW_FINISHED_B: 574 case SSL3_ST_CW_FINISHED_B:
582 if (!s->hit) 575 if (!s->hit)
583 dtls1_start_timer(s); 576 dtls1_start_timer(s);
584 ret=dtls1_send_finished(s, 577 ret = dtls1_send_finished(s,
585 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, 578 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
586 s->method->ssl3_enc->client_finished_label, 579 s->method->ssl3_enc->client_finished_label,
587 s->method->ssl3_enc->client_finished_label_len); 580 s->method->ssl3_enc->client_finished_label_len);
588 if (ret <= 0) goto end; 581 if (ret <= 0)
589 s->state=SSL3_ST_CW_FLUSH; 582 goto end;
583 s->state = SSL3_ST_CW_FLUSH;
590 584
591 /* clear flags */ 585 /* clear flags */
592 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 586 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
593 if (s->hit) 587 if (s->hit) {
594 { 588 s->s3->tmp.next_state = SSL_ST_OK;
595 s->s3->tmp.next_state=SSL_ST_OK;
596#ifndef OPENSSL_NO_SCTP 589#ifndef OPENSSL_NO_SCTP
597 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 590 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
598 { 591 s->d1->next_state = s->s3->tmp.next_state;
599 s->d1->next_state = s->s3->tmp.next_state; 592 s->s3->tmp.next_state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
600 s->s3->tmp.next_state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 593 }
601 }
602#endif 594#endif
603 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) 595 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
604 { 596 s->state = SSL_ST_OK;
605 s->state=SSL_ST_OK;
606#ifndef OPENSSL_NO_SCTP 597#ifndef OPENSSL_NO_SCTP
607 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 598 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
608 { 599 s->d1->next_state = SSL_ST_OK;
609 s->d1->next_state = SSL_ST_OK; 600 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
610 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 601 }
611 }
612#endif 602#endif
613 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 603 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
614 s->s3->delay_buf_pop_ret=0; 604 s->s3->delay_buf_pop_ret = 0;
615 }
616 } 605 }
617 else 606 } else {
618 {
619#ifndef OPENSSL_NO_SCTP 607#ifndef OPENSSL_NO_SCTP
620 /* Change to new shared key of SCTP-Auth, 608 /* Change to new shared key of SCTP-Auth,
621 * will be ignored if no SCTP used. 609 * will be ignored if no SCTP used.
@@ -626,74 +614,74 @@ int dtls1_connect(SSL *s)
626#ifndef OPENSSL_NO_TLSEXT 614#ifndef OPENSSL_NO_TLSEXT
627 /* Allow NewSessionTicket if ticket expected */ 615 /* Allow NewSessionTicket if ticket expected */
628 if (s->tlsext_ticket_expected) 616 if (s->tlsext_ticket_expected)
629 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; 617 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
630 else 618 else
631#endif 619#endif
632 620
633 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; 621 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
634 } 622 }
635 s->init_num=0; 623 s->init_num = 0;
636 break; 624 break;
637 625
638#ifndef OPENSSL_NO_TLSEXT 626#ifndef OPENSSL_NO_TLSEXT
639 case SSL3_ST_CR_SESSION_TICKET_A: 627 case SSL3_ST_CR_SESSION_TICKET_A:
640 case SSL3_ST_CR_SESSION_TICKET_B: 628 case SSL3_ST_CR_SESSION_TICKET_B:
641 ret=ssl3_get_new_session_ticket(s); 629 ret = ssl3_get_new_session_ticket(s);
642 if (ret <= 0) goto end; 630 if (ret <= 0)
643 s->state=SSL3_ST_CR_FINISHED_A; 631 goto end;
644 s->init_num=0; 632 s->state = SSL3_ST_CR_FINISHED_A;
645 break; 633 s->init_num = 0;
634 break;
646 635
647 case SSL3_ST_CR_CERT_STATUS_A: 636 case SSL3_ST_CR_CERT_STATUS_A:
648 case SSL3_ST_CR_CERT_STATUS_B: 637 case SSL3_ST_CR_CERT_STATUS_B:
649 ret=ssl3_get_cert_status(s); 638 ret = ssl3_get_cert_status(s);
650 if (ret <= 0) goto end; 639 if (ret <= 0)
651 s->state=SSL3_ST_CR_KEY_EXCH_A; 640 goto end;
652 s->init_num=0; 641 s->state = SSL3_ST_CR_KEY_EXCH_A;
653 break; 642 s->init_num = 0;
643 break;
654#endif 644#endif
655 645
656 case SSL3_ST_CR_FINISHED_A: 646 case SSL3_ST_CR_FINISHED_A:
657 case SSL3_ST_CR_FINISHED_B: 647 case SSL3_ST_CR_FINISHED_B:
658 s->d1->change_cipher_spec_ok = 1; 648 s->d1->change_cipher_spec_ok = 1;
659 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, 649 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
660 SSL3_ST_CR_FINISHED_B); 650 SSL3_ST_CR_FINISHED_B);
661 if (ret <= 0) goto end; 651 if (ret <= 0)
652 goto end;
662 dtls1_stop_timer(s); 653 dtls1_stop_timer(s);
663 654
664 if (s->hit) 655 if (s->hit)
665 s->state=SSL3_ST_CW_CHANGE_A; 656 s->state = SSL3_ST_CW_CHANGE_A;
666 else 657 else
667 s->state=SSL_ST_OK; 658 s->state = SSL_ST_OK;
668 659
669#ifndef OPENSSL_NO_SCTP 660#ifndef OPENSSL_NO_SCTP
670 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 661 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
671 state == SSL_ST_RENEGOTIATE) 662 state == SSL_ST_RENEGOTIATE) {
672 { 663 s->d1->next_state = s->state;
673 s->d1->next_state=s->state; 664 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
674 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 665 }
675 }
676#endif 666#endif
677 667
678 s->init_num=0; 668 s->init_num = 0;
679 break; 669 break;
680 670
681 case SSL3_ST_CW_FLUSH: 671 case SSL3_ST_CW_FLUSH:
682 s->rwstate=SSL_WRITING; 672 s->rwstate = SSL_WRITING;
683 if (BIO_flush(s->wbio) <= 0) 673 if (BIO_flush(s->wbio) <= 0) {
684 {
685 /* If the write error was fatal, stop trying */ 674 /* If the write error was fatal, stop trying */
686 if (!BIO_should_retry(s->wbio)) 675 if (!BIO_should_retry(s->wbio)) {
687 { 676 s->rwstate = SSL_NOTHING;
688 s->rwstate=SSL_NOTHING; 677 s->state = s->s3->tmp.next_state;
689 s->state=s->s3->tmp.next_state;
690 }
691
692 ret= -1;
693 goto end;
694 } 678 }
695 s->rwstate=SSL_NOTHING; 679
696 s->state=s->s3->tmp.next_state; 680 ret = -1;
681 goto end;
682 }
683 s->rwstate = SSL_NOTHING;
684 s->state = s->s3->tmp.next_state;
697 break; 685 break;
698 686
699 case SSL_ST_OK: 687 case SSL_ST_OK:
@@ -701,11 +689,10 @@ int dtls1_connect(SSL *s)
701 ssl3_cleanup_key_block(s); 689 ssl3_cleanup_key_block(s);
702 690
703#if 0 691#if 0
704 if (s->init_buf != NULL) 692 if (s->init_buf != NULL) {
705 {
706 BUF_MEM_free(s->init_buf); 693 BUF_MEM_free(s->init_buf);
707 s->init_buf=NULL; 694 s->init_buf = NULL;
708 } 695 }
709#endif 696#endif
710 697
711 /* If we are not 'joining' the last two packets, 698 /* If we are not 'joining' the last two packets,
@@ -714,234 +701,226 @@ int dtls1_connect(SSL *s)
714 ssl_free_wbio_buffer(s); 701 ssl_free_wbio_buffer(s);
715 /* else do it later in ssl3_write */ 702 /* else do it later in ssl3_write */
716 703
717 s->init_num=0; 704 s->init_num = 0;
718 s->renegotiate=0; 705 s->renegotiate = 0;
719 s->new_session=0; 706 s->new_session = 0;
720 707
721 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); 708 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
722 if (s->hit) s->ctx->stats.sess_hit++; 709 if (s->hit)
710 s->ctx->stats.sess_hit++;
723 711
724 ret=1; 712 ret = 1;
725 /* s->server=0; */ 713 /* s->server=0; */
726 s->handshake_func=dtls1_connect; 714 s->handshake_func = dtls1_connect;
727 s->ctx->stats.sess_connect_good++; 715 s->ctx->stats.sess_connect_good++;
728 716
729 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); 717 if (cb != NULL)
718 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
730 719
731 /* done with handshaking */ 720 /* done with handshaking */
732 s->d1->handshake_read_seq = 0; 721 s->d1->handshake_read_seq = 0;
733 s->d1->next_handshake_write_seq = 0; 722 s->d1->next_handshake_write_seq = 0;
734 goto end; 723 goto end;
735 /* break; */ 724 /* break; */
736 725
737 default: 726 default:
738 SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE); 727 SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
739 ret= -1; 728 ret = -1;
740 goto end; 729 goto end;
741 /* break; */ 730 /* break; */
742 } 731 }
743 732
744 /* did we do anything */ 733 /* did we do anything */
745 if (!s->s3->tmp.reuse_message && !skip) 734 if (!s->s3->tmp.reuse_message && !skip) {
746 { 735 if (s->debug) {
747 if (s->debug) 736 if ((ret = BIO_flush(s->wbio)) <= 0)
748 {
749 if ((ret=BIO_flush(s->wbio)) <= 0)
750 goto end; 737 goto end;
751 } 738 }
752 739
753 if ((cb != NULL) && (s->state != state)) 740 if ((cb != NULL) && (s->state != state)) {
754 { 741 new_state = s->state;
755 new_state=s->state; 742 s->state = state;
756 s->state=state; 743 cb(s, SSL_CB_CONNECT_LOOP, 1);
757 cb(s,SSL_CB_CONNECT_LOOP,1); 744 s->state = new_state;
758 s->state=new_state;
759 }
760 } 745 }
761 skip=0;
762 } 746 }
747 skip = 0;
748 }
763end: 749end:
764 s->in_handshake--; 750 s->in_handshake--;
765 751
766#ifndef OPENSSL_NO_SCTP 752#ifndef OPENSSL_NO_SCTP
767 /* Notify SCTP BIO socket to leave handshake 753 /* Notify SCTP BIO socket to leave handshake
768 * mode and allow stream identifier other 754 * mode and allow stream identifier other
769 * than 0. Will be ignored if no SCTP is used. 755 * than 0. Will be ignored if no SCTP is used.
770 */ 756 */
771 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 757 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
758 s->in_handshake, NULL);
772#endif 759#endif
773 760
774 if (buf != NULL) 761 if (buf != NULL)
775 BUF_MEM_free(buf); 762 BUF_MEM_free(buf);
776 if (cb != NULL) 763 if (cb != NULL)
777 cb(s,SSL_CB_CONNECT_EXIT,ret); 764 cb(s, SSL_CB_CONNECT_EXIT, ret);
778 return(ret); 765 return (ret);
779 } 766}
780 767
781int dtls1_client_hello(SSL *s) 768int
782 { 769dtls1_client_hello(SSL *s)
770{
783 unsigned char *buf; 771 unsigned char *buf;
784 unsigned char *p,*d; 772 unsigned char *p, *d;
785 unsigned int i,j; 773 unsigned int i, j;
786 unsigned long l; 774 unsigned long l;
787 SSL_COMP *comp; 775 SSL_COMP *comp;
788 776
789 buf=(unsigned char *)s->init_buf->data; 777 buf = (unsigned char *)s->init_buf->data;
790 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 778 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
791 {
792 SSL_SESSION *sess = s->session; 779 SSL_SESSION *sess = s->session;
793 if ((s->session == NULL) || 780 if ((s->session == NULL) ||
794 (s->session->ssl_version != s->version) || 781 (s->session->ssl_version != s->version) ||
795#ifdef OPENSSL_NO_TLSEXT 782#ifdef OPENSSL_NO_TLSEXT
796 !sess->session_id_length || 783 !sess->session_id_length ||
797#else 784#else
798 (!sess->session_id_length && !sess->tlsext_tick) || 785 (!sess->session_id_length && !sess->tlsext_tick) ||
799#endif 786#endif
800 (s->session->not_resumable)) 787 (s->session->not_resumable)) {
801 { 788 if (!ssl_get_new_session(s, 0))
802 if (!ssl_get_new_session(s,0))
803 goto err; 789 goto err;
804 } 790 }
805 /* else use the pre-loaded session */ 791 /* else use the pre-loaded session */
806 792
807 p=s->s3->client_random; 793 p = s->s3->client_random;
808 794
809 /* if client_random is initialized, reuse it, we are 795 /* if client_random is initialized, reuse it, we are
810 * required to use same upon reply to HelloVerify */ 796 * required to use same upon reply to HelloVerify */
811 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) 797 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
812 ; 798;
813 if (i==sizeof(s->s3->client_random)) 799 if (i == sizeof(s->s3->client_random))
814 ssl_fill_hello_random(s, 0, p, 800 ssl_fill_hello_random(s, 0, p,
815 sizeof(s->s3->client_random)); 801 sizeof(s->s3->client_random));
816 802
817 /* Do the message type and length last */ 803 /* Do the message type and length last */
818 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); 804 d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
819 805
820 *(p++)=s->version>>8; 806 *(p++) = s->version >> 8;
821 *(p++)=s->version&0xff; 807 *(p++) = s->version&0xff;
822 s->client_version=s->version; 808 s->client_version = s->version;
823 809
824 /* Random stuff */ 810 /* Random stuff */
825 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); 811 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
826 p+=SSL3_RANDOM_SIZE; 812 p += SSL3_RANDOM_SIZE;
827 813
828 /* Session ID */ 814 /* Session ID */
829 if (s->new_session) 815 if (s->new_session)
830 i=0; 816 i = 0;
831 else 817 else
832 i=s->session->session_id_length; 818 i = s->session->session_id_length;
833 *(p++)=i; 819 *(p++) = i;
834 if (i != 0) 820 if (i != 0) {
835 { 821 if (i > sizeof s->session->session_id) {
836 if (i > sizeof s->session->session_id)
837 {
838 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 822 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
839 goto err; 823 goto err;
840 }
841 memcpy(p,s->session->session_id,i);
842 p+=i;
843 } 824 }
844 825 memcpy(p, s->session->session_id, i);
826 p += i;
827 }
828
845 /* cookie stuff */ 829 /* cookie stuff */
846 if ( s->d1->cookie_len > sizeof(s->d1->cookie)) 830 if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
847 {
848 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 831 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
849 goto err; 832 goto err;
850 } 833 }
851 *(p++) = s->d1->cookie_len; 834 *(p++) = s->d1->cookie_len;
852 memcpy(p, s->d1->cookie, s->d1->cookie_len); 835 memcpy(p, s->d1->cookie, s->d1->cookie_len);
853 p += s->d1->cookie_len; 836 p += s->d1->cookie_len;
854 837
855 /* Ciphers supported */ 838 /* Ciphers supported */
856 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); 839 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
857 if (i == 0) 840 if (i == 0) {
858 { 841 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
859 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
860 goto err; 842 goto err;
861 } 843 }
862 s2n(i,p); 844 s2n(i, p);
863 p+=i; 845 p += i;
864 846
865 /* COMPRESSION */ 847 /* COMPRESSION */
866 if (s->ctx->comp_methods == NULL) 848 if (s->ctx->comp_methods == NULL)
867 j=0; 849 j = 0;
868 else 850 else
869 j=sk_SSL_COMP_num(s->ctx->comp_methods); 851 j = sk_SSL_COMP_num(s->ctx->comp_methods);
870 *(p++)=1+j; 852 *(p++) = 1 + j;
871 for (i=0; i<j; i++) 853 for (i = 0; i < j; i++) {
872 { 854 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
873 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 855 *(p++) = comp->id;
874 *(p++)=comp->id; 856 }
875 } 857 *(p++) = 0; /* Add the NULL method */
876 *(p++)=0; /* Add the NULL method */
877 858
878#ifndef OPENSSL_NO_TLSEXT 859#ifndef OPENSSL_NO_TLSEXT
879 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 860 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
880 { 861 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
881 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
882 goto err; 862 goto err;
883 } 863 }
884#endif 864#endif
885 865
886 l=(p-d); 866 l = (p - d);
887 d=buf; 867 d = buf;
888 868
889 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l); 869 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
890 870
891 s->state=SSL3_ST_CW_CLNT_HELLO_B; 871 s->state = SSL3_ST_CW_CLNT_HELLO_B;
892 /* number of bytes to write */ 872 /* number of bytes to write */
893 s->init_num=p-buf; 873 s->init_num = p - buf;
894 s->init_off=0; 874 s->init_off = 0;
895 875
896 /* buffer the message to handle re-xmits */ 876 /* buffer the message to handle re-xmits */
897 dtls1_buffer_message(s, 0); 877 dtls1_buffer_message(s, 0);
898 } 878 }
899 879
900 /* SSL3_ST_CW_CLNT_HELLO_B */ 880 /* SSL3_ST_CW_CLNT_HELLO_B */
901 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 881 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
902err: 882err:
903 return(-1); 883 return (-1);
904 } 884}
905 885
906static int dtls1_get_hello_verify(SSL *s) 886static int
907 { 887dtls1_get_hello_verify(SSL *s)
888{
908 int n, al, ok = 0; 889 int n, al, ok = 0;
909 unsigned char *data; 890 unsigned char *data;
910 unsigned int cookie_len; 891 unsigned int cookie_len;
911 892
912 n=s->method->ssl_get_message(s, 893 n = s->method->ssl_get_message(s,
913 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, 894 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
914 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, 895 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
915 -1, 896 -1,
916 s->max_cert_list, 897 s->max_cert_list,
917 &ok); 898 &ok);
918 899
919 if (!ok) return((int)n); 900 if (!ok)
901 return ((int)n);
920 902
921 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) 903 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
922 {
923 s->d1->send_cookie = 0; 904 s->d1->send_cookie = 0;
924 s->s3->tmp.reuse_message=1; 905 s->s3->tmp.reuse_message = 1;
925 return(1); 906 return (1);
926 } 907 }
927 908
928 data = (unsigned char *)s->init_msg; 909 data = (unsigned char *)s->init_msg;
929 910
930 if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff))) 911 if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) {
931 { 912 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
932 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION); 913 s->version = (s->version & 0xff00) | data[1];
933 s->version=(s->version&0xff00)|data[1];
934 al = SSL_AD_PROTOCOL_VERSION; 914 al = SSL_AD_PROTOCOL_VERSION;
935 goto f_err; 915 goto f_err;
936 } 916 }
937 data+=2; 917 data += 2;
938 918
939 cookie_len = *(data++); 919 cookie_len = *(data++);
940 if ( cookie_len > sizeof(s->d1->cookie)) 920 if (cookie_len > sizeof(s->d1->cookie)) {
941 { 921 al = SSL_AD_ILLEGAL_PARAMETER;
942 al=SSL_AD_ILLEGAL_PARAMETER;
943 goto f_err; 922 goto f_err;
944 } 923 }
945 924
946 memcpy(s->d1->cookie, data, cookie_len); 925 memcpy(s->d1->cookie, data, cookie_len);
947 s->d1->cookie_len = cookie_len; 926 s->d1->cookie_len = cookie_len;
@@ -952,19 +931,20 @@ static int dtls1_get_hello_verify(SSL *s)
952f_err: 931f_err:
953 ssl3_send_alert(s, SSL3_AL_FATAL, al); 932 ssl3_send_alert(s, SSL3_AL_FATAL, al);
954 return -1; 933 return -1;
955 } 934}
956 935
957int dtls1_send_client_key_exchange(SSL *s) 936int
958 { 937dtls1_send_client_key_exchange(SSL *s)
959 unsigned char *p,*d; 938{
939 unsigned char *p, *d;
960 int n; 940 int n;
961 unsigned long alg_k; 941 unsigned long alg_k;
962#ifndef OPENSSL_NO_RSA 942#ifndef OPENSSL_NO_RSA
963 unsigned char *q; 943 unsigned char *q;
964 EVP_PKEY *pkey=NULL; 944 EVP_PKEY *pkey = NULL;
965#endif 945#endif
966#ifndef OPENSSL_NO_KRB5 946#ifndef OPENSSL_NO_KRB5
967 KSSL_ERR kssl_err; 947 KSSL_ERR kssl_err;
968#endif /* OPENSSL_NO_KRB5 */ 948#endif /* OPENSSL_NO_KRB5 */
969#ifndef OPENSSL_NO_ECDH 949#ifndef OPENSSL_NO_ECDH
970 EC_KEY *clnt_ecdh = NULL; 950 EC_KEY *clnt_ecdh = NULL;
@@ -975,123 +955,119 @@ int dtls1_send_client_key_exchange(SSL *s)
975 BN_CTX * bn_ctx = NULL; 955 BN_CTX * bn_ctx = NULL;
976#endif 956#endif
977 957
978 if (s->state == SSL3_ST_CW_KEY_EXCH_A) 958 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
979 { 959 d = (unsigned char *)s->init_buf->data;
980 d=(unsigned char *)s->init_buf->data; 960 p = &(d[DTLS1_HM_HEADER_LENGTH]);
981 p= &(d[DTLS1_HM_HEADER_LENGTH]); 961
982 962 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
983 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
984 963
985 /* Fool emacs indentation */ 964 /* Fool emacs indentation */
986 if (0) {} 965 if (0) {
966 }
987#ifndef OPENSSL_NO_RSA 967#ifndef OPENSSL_NO_RSA
988 else if (alg_k & SSL_kRSA) 968 else if (alg_k & SSL_kRSA) {
989 {
990 RSA *rsa; 969 RSA *rsa;
991 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 970 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
992 971
993 if (s->session->sess_cert->peer_rsa_tmp != NULL) 972 if (s->session->sess_cert->peer_rsa_tmp != NULL)
994 rsa=s->session->sess_cert->peer_rsa_tmp; 973 rsa = s->session->sess_cert->peer_rsa_tmp;
995 else 974 else {
996 { 975 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
997 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
998 if ((pkey == NULL) || 976 if ((pkey == NULL) ||
999 (pkey->type != EVP_PKEY_RSA) || 977 (pkey->type != EVP_PKEY_RSA) ||
1000 (pkey->pkey.rsa == NULL)) 978 (pkey->pkey.rsa == NULL)) {
1001 { 979 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1002 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1003 goto err; 980 goto err;
1004 }
1005 rsa=pkey->pkey.rsa;
1006 EVP_PKEY_free(pkey);
1007 } 981 }
1008 982 rsa = pkey->pkey.rsa;
1009 tmp_buf[0]=s->client_version>>8; 983 EVP_PKEY_free(pkey);
1010 tmp_buf[1]=s->client_version&0xff; 984 }
1011 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
1012 goto err;
1013 985
1014 s->session->master_key_length=sizeof tmp_buf; 986 tmp_buf[0] = s->client_version >> 8;
987 tmp_buf[1] = s->client_version&0xff;
988 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
989 goto err;
990
991 s->session->master_key_length = sizeof tmp_buf;
1015 992
1016 q=p; 993 q = p;
1017 /* Fix buf for TLS and [incidentally] DTLS */ 994 /* Fix buf for TLS and [incidentally] DTLS */
1018 if (s->version > SSL3_VERSION) 995 if (s->version > SSL3_VERSION)
1019 p+=2; 996 p += 2;
1020 n=RSA_public_encrypt(sizeof tmp_buf, 997 n = RSA_public_encrypt(sizeof tmp_buf,
1021 tmp_buf,p,rsa,RSA_PKCS1_PADDING); 998 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
1022#ifdef PKCS1_CHECK 999#ifdef PKCS1_CHECK
1023 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; 1000 if (s->options & SSL_OP_PKCS1_CHECK_1)
1024 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; 1001 p[1]++;
1002 if (s->options & SSL_OP_PKCS1_CHECK_2)
1003 tmp_buf[0] = 0x70;
1025#endif 1004#endif
1026 if (n <= 0) 1005 if (n <= 0) {
1027 { 1006 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT);
1028 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
1029 goto err; 1007 goto err;
1030 } 1008 }
1031 1009
1032 /* Fix buf for TLS and [incidentally] DTLS */ 1010 /* Fix buf for TLS and [incidentally] DTLS */
1033 if (s->version > SSL3_VERSION) 1011 if (s->version > SSL3_VERSION) {
1034 { 1012 s2n(n, q);
1035 s2n(n,q); 1013 n += 2;
1036 n+=2;
1037 }
1038
1039 s->session->master_key_length=
1040 s->method->ssl3_enc->generate_master_secret(s,
1041 s->session->master_key,
1042 tmp_buf,sizeof tmp_buf);
1043 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
1044 } 1014 }
1015
1016 s->session->master_key_length =
1017 s->method->ssl3_enc->generate_master_secret(s,
1018 s->session->master_key,
1019 tmp_buf, sizeof tmp_buf);
1020 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1021 }
1045#endif 1022#endif
1046#ifndef OPENSSL_NO_KRB5 1023#ifndef OPENSSL_NO_KRB5
1047 else if (alg_k & SSL_kKRB5) 1024 else if (alg_k & SSL_kKRB5) {
1048 { 1025 krb5_error_code krb5rc;
1049 krb5_error_code krb5rc; 1026 KSSL_CTX *kssl_ctx = s->kssl_ctx;
1050 KSSL_CTX *kssl_ctx = s->kssl_ctx; 1027 /* krb5_data krb5_ap_req; */
1051 /* krb5_data krb5_ap_req; */ 1028 krb5_data *enc_ticket;
1052 krb5_data *enc_ticket; 1029 krb5_data authenticator, *authp = NULL;
1053 krb5_data authenticator, *authp = NULL;
1054 EVP_CIPHER_CTX ciph_ctx; 1030 EVP_CIPHER_CTX ciph_ctx;
1055 const EVP_CIPHER *enc = NULL; 1031 const EVP_CIPHER *enc = NULL;
1056 unsigned char iv[EVP_MAX_IV_LENGTH]; 1032 unsigned char iv[EVP_MAX_IV_LENGTH];
1057 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1033 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1058 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 1034 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
1059 + EVP_MAX_IV_LENGTH]; 1035 + EVP_MAX_IV_LENGTH];
1060 int padl, outl = sizeof(epms); 1036 int padl, outl = sizeof(epms);
1061 1037
1062 EVP_CIPHER_CTX_init(&ciph_ctx); 1038 EVP_CIPHER_CTX_init(&ciph_ctx);
1063 1039
1064#ifdef KSSL_DEBUG 1040#ifdef KSSL_DEBUG
1065 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 1041 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
1066 alg_k, SSL_kKRB5); 1042 alg_k, SSL_kKRB5);
1067#endif /* KSSL_DEBUG */ 1043#endif /* KSSL_DEBUG */
1068 1044
1069 authp = NULL; 1045 authp = NULL;
1070#ifdef KRB5SENDAUTH 1046#ifdef KRB5SENDAUTH
1071 if (KRB5SENDAUTH) authp = &authenticator; 1047 if (KRB5SENDAUTH)
1048 authp = &authenticator;
1072#endif /* KRB5SENDAUTH */ 1049#endif /* KRB5SENDAUTH */
1073 1050
1074 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, 1051 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
1075 &kssl_err); 1052 &kssl_err);
1076 enc = kssl_map_enc(kssl_ctx->enctype); 1053 enc = kssl_map_enc(kssl_ctx->enctype);
1077 if (enc == NULL) 1054 if (enc == NULL)
1078 goto err; 1055 goto err;
1079#ifdef KSSL_DEBUG 1056#ifdef KSSL_DEBUG
1080 { 1057 {
1081 printf("kssl_cget_tkt rtn %d\n", krb5rc); 1058 printf("kssl_cget_tkt rtn %d\n", krb5rc);
1082 if (krb5rc && kssl_err.text) 1059 if (krb5rc && kssl_err.text)
1083 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); 1060 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
1084 } 1061 }
1085#endif /* KSSL_DEBUG */ 1062#endif /* KSSL_DEBUG */
1086 1063
1087 if (krb5rc) 1064 if (krb5rc) {
1088 { 1065 ssl3_send_alert(s, SSL3_AL_FATAL,
1089 ssl3_send_alert(s,SSL3_AL_FATAL, 1066 SSL_AD_HANDSHAKE_FAILURE);
1090 SSL_AD_HANDSHAKE_FAILURE); 1067 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1091 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1068 kssl_err.reason);
1092 kssl_err.reason); 1069 goto err;
1093 goto err; 1070 }
1094 }
1095 1071
1096 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ 1072 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
1097 ** in place of RFC 2712 KerberosWrapper, as in: 1073 ** in place of RFC 2712 KerberosWrapper, as in:
@@ -1113,31 +1089,28 @@ int dtls1_send_client_key_exchange(SSL *s)
1113 */ 1089 */
1114 1090
1115 /* KerberosWrapper.Ticket */ 1091 /* KerberosWrapper.Ticket */
1116 s2n(enc_ticket->length,p); 1092 s2n(enc_ticket->length, p);
1117 memcpy(p, enc_ticket->data, enc_ticket->length); 1093 memcpy(p, enc_ticket->data, enc_ticket->length);
1118 p+= enc_ticket->length; 1094 p += enc_ticket->length;
1119 n = enc_ticket->length + 2; 1095 n = enc_ticket->length + 2;
1120 1096
1121 /* KerberosWrapper.Authenticator */ 1097 /* KerberosWrapper.Authenticator */
1122 if (authp && authp->length) 1098 if (authp && authp->length) {
1123 { 1099 s2n(authp->length, p);
1124 s2n(authp->length,p);
1125 memcpy(p, authp->data, authp->length); 1100 memcpy(p, authp->data, authp->length);
1126 p+= authp->length; 1101 p += authp->length;
1127 n+= authp->length + 2; 1102 n += authp->length + 2;
1128 1103
1129 free(authp->data); 1104 free(authp->data);
1130 authp->data = NULL; 1105 authp->data = NULL;
1131 authp->length = 0; 1106 authp->length = 0;
1132 } 1107 } else {
1133 else 1108 s2n(0, p);/* null authenticator length */
1134 { 1109 n += 2;
1135 s2n(0,p);/* null authenticator length */ 1110 }
1136 n+=2; 1111
1137 } 1112 if (RAND_bytes(tmp_buf, sizeof tmp_buf) <= 0)
1138 1113 goto err;
1139 if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
1140 goto err;
1141 1114
1142 /* 20010420 VRS. Tried it this way; failed. 1115 /* 20010420 VRS. Tried it this way; failed.
1143 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); 1116 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
@@ -1146,94 +1119,88 @@ int dtls1_send_client_key_exchange(SSL *s)
1146 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); 1119 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
1147 */ 1120 */
1148 1121
1149 memset(iv, 0, sizeof iv); /* per RFC 1510 */ 1122 memset(iv, 0, sizeof iv);
1150 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, 1123 /* per RFC 1510 */
1151 kssl_ctx->key,iv); 1124 EVP_EncryptInit_ex(&ciph_ctx, enc, NULL,
1152 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, 1125 kssl_ctx->key, iv);
1153 sizeof tmp_buf); 1126 EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
1154 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 1127 sizeof tmp_buf);
1128 EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
1155 outl += padl; 1129 outl += padl;
1156 if (outl > (int)sizeof epms) 1130 if (outl > (int)sizeof epms) {
1157 {
1158 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1131 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1159 goto err; 1132 goto err;
1160 } 1133 }
1161 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 1134 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
1162 1135
1163 /* KerberosWrapper.EncryptedPreMasterSecret */ 1136 /* KerberosWrapper.EncryptedPreMasterSecret */
1164 s2n(outl,p); 1137 s2n(outl, p);
1165 memcpy(p, epms, outl); 1138 memcpy(p, epms, outl);
1166 p+=outl; 1139 p += outl;
1167 n+=outl + 2; 1140 n += outl + 2;
1168 1141
1169 s->session->master_key_length= 1142 s->session->master_key_length =
1170 s->method->ssl3_enc->generate_master_secret(s, 1143 s->method->ssl3_enc->generate_master_secret(s,
1171 s->session->master_key, 1144 s->session->master_key,
1172 tmp_buf, sizeof tmp_buf); 1145 tmp_buf, sizeof tmp_buf);
1173 1146
1174 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 1147 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1175 OPENSSL_cleanse(epms, outl); 1148 OPENSSL_cleanse(epms, outl);
1176 } 1149 }
1177#endif 1150#endif
1178#ifndef OPENSSL_NO_DH 1151#ifndef OPENSSL_NO_DH
1179 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1152 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
1180 { 1153 DH *dh_srvr, *dh_clnt;
1181 DH *dh_srvr,*dh_clnt;
1182 1154
1183 if (s->session->sess_cert->peer_dh_tmp != NULL) 1155 if (s->session->sess_cert->peer_dh_tmp != NULL)
1184 dh_srvr=s->session->sess_cert->peer_dh_tmp; 1156 dh_srvr = s->session->sess_cert->peer_dh_tmp;
1185 else 1157 else {
1186 {
1187 /* we get them from the cert */ 1158 /* we get them from the cert */
1188 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1159 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1189 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 1160 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1190 goto err; 1161 goto err;
1191 } 1162 }
1192 1163
1193 /* generate a new random key */ 1164 /* generate a new random key */
1194 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) 1165 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
1195 { 1166 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1196 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1197 goto err; 1167 goto err;
1198 } 1168 }
1199 if (!DH_generate_key(dh_clnt)) 1169 if (!DH_generate_key(dh_clnt)) {
1200 { 1170 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1201 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1202 goto err; 1171 goto err;
1203 } 1172 }
1204 1173
1205 /* use the 'p' output buffer for the DH key, but 1174 /* use the 'p' output buffer for the DH key, but
1206 * make sure to clear it out afterwards */ 1175 * make sure to clear it out afterwards */
1207 1176
1208 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); 1177 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
1209 1178
1210 if (n <= 0) 1179 if (n <= 0) {
1211 { 1180 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1212 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1213 goto err; 1181 goto err;
1214 } 1182 }
1215 1183
1216 /* generate master key from the result */ 1184 /* generate master key from the result */
1217 s->session->master_key_length= 1185 s->session->master_key_length =
1218 s->method->ssl3_enc->generate_master_secret(s, 1186 s->method->ssl3_enc->generate_master_secret(s,
1219 s->session->master_key,p,n); 1187 s->session->master_key, p, n);
1220 /* clean up */ 1188 /* clean up */
1221 memset(p,0,n); 1189 memset(p, 0, n);
1222 1190
1223 /* send off the data */ 1191 /* send off the data */
1224 n=BN_num_bytes(dh_clnt->pub_key); 1192 n = BN_num_bytes(dh_clnt->pub_key);
1225 s2n(n,p); 1193 s2n(n, p);
1226 BN_bn2bin(dh_clnt->pub_key,p); 1194 BN_bn2bin(dh_clnt->pub_key, p);
1227 n+=2; 1195 n += 2;
1228 1196
1229 DH_free(dh_clnt); 1197 DH_free(dh_clnt);
1230 1198
1231 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1199 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1232 } 1200 }
1233#endif 1201#endif
1234#ifndef OPENSSL_NO_ECDH 1202#ifndef OPENSSL_NO_ECDH
1235 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) 1203 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
1236 {
1237 const EC_GROUP *srvr_group = NULL; 1204 const EC_GROUP *srvr_group = NULL;
1238 EC_KEY *tkey; 1205 EC_KEY *tkey;
1239 int ecdh_clnt_cert = 0; 1206 int ecdh_clnt_cert = 0;
@@ -1244,8 +1211,7 @@ int dtls1_send_client_key_exchange(SSL *s)
1244 * computation as part of client certificate? 1211 * computation as part of client certificate?
1245 * If so, set ecdh_clnt_cert to 1. 1212 * If so, set ecdh_clnt_cert to 1.
1246 */ 1213 */
1247 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) 1214 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) {
1248 {
1249 /* XXX: For now, we do not support client 1215 /* XXX: For now, we do not support client
1250 * authentication using ECDH certificates. 1216 * authentication using ECDH certificates.
1251 * To add such support, one needs to add 1217 * To add such support, one needs to add
@@ -1265,52 +1231,44 @@ int dtls1_send_client_key_exchange(SSL *s)
1265 * EVP_PKEY_EC) && ...) 1231 * EVP_PKEY_EC) && ...)
1266 * ecdh_clnt_cert = 1; 1232 * ecdh_clnt_cert = 1;
1267 */ 1233 */
1268 } 1234 }
1269 1235
1270 if (s->session->sess_cert->peer_ecdh_tmp != NULL) 1236 if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
1271 {
1272 tkey = s->session->sess_cert->peer_ecdh_tmp; 1237 tkey = s->session->sess_cert->peer_ecdh_tmp;
1273 } 1238 } else {
1274 else
1275 {
1276 /* Get the Server Public Key from Cert */ 1239 /* Get the Server Public Key from Cert */
1277 srvr_pub_pkey = X509_get_pubkey(s->session-> \ 1240 srvr_pub_pkey = X509_get_pubkey(s->session-> \
1278 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1241 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1279 if ((srvr_pub_pkey == NULL) || 1242 if ((srvr_pub_pkey == NULL) ||
1280 (srvr_pub_pkey->type != EVP_PKEY_EC) || 1243 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
1281 (srvr_pub_pkey->pkey.ec == NULL)) 1244 (srvr_pub_pkey->pkey.ec == NULL)) {
1282 {
1283 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1245 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1284 ERR_R_INTERNAL_ERROR); 1246 ERR_R_INTERNAL_ERROR);
1285 goto err; 1247 goto err;
1286 } 1248 }
1287 1249
1288 tkey = srvr_pub_pkey->pkey.ec; 1250 tkey = srvr_pub_pkey->pkey.ec;
1289 } 1251 }
1290 1252
1291 srvr_group = EC_KEY_get0_group(tkey); 1253 srvr_group = EC_KEY_get0_group(tkey);
1292 srvr_ecpoint = EC_KEY_get0_public_key(tkey); 1254 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
1293 1255
1294 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) 1256 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
1295 {
1296 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1257 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1297 ERR_R_INTERNAL_ERROR); 1258 ERR_R_INTERNAL_ERROR);
1298 goto err; 1259 goto err;
1299 } 1260 }
1300 1261
1301 if ((clnt_ecdh=EC_KEY_new()) == NULL) 1262 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
1302 { 1263 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1303 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1304 goto err; 1264 goto err;
1305 } 1265 }
1306 1266
1307 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) 1267 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
1308 { 1268 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
1309 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1310 goto err; 1269 goto err;
1311 } 1270 }
1312 if (ecdh_clnt_cert) 1271 if (ecdh_clnt_cert) {
1313 {
1314 /* Reuse key info from our certificate 1272 /* Reuse key info from our certificate
1315 * We only need our private key to perform 1273 * We only need our private key to perform
1316 * the ECDH computation. 1274 * the ECDH computation.
@@ -1318,401 +1276,366 @@ int dtls1_send_client_key_exchange(SSL *s)
1318 const BIGNUM *priv_key; 1276 const BIGNUM *priv_key;
1319 tkey = s->cert->key->privatekey->pkey.ec; 1277 tkey = s->cert->key->privatekey->pkey.ec;
1320 priv_key = EC_KEY_get0_private_key(tkey); 1278 priv_key = EC_KEY_get0_private_key(tkey);
1321 if (priv_key == NULL) 1279 if (priv_key == NULL) {
1322 { 1280 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1323 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1324 goto err; 1281 goto err;
1325 } 1282 }
1326 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) 1283 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
1327 { 1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
1328 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1329 goto err; 1285 goto err;
1330 }
1331 } 1286 }
1332 else 1287 } else {
1333 {
1334 /* Generate a new ECDH key pair */ 1288 /* Generate a new ECDH key pair */
1335 if (!(EC_KEY_generate_key(clnt_ecdh))) 1289 if (!(EC_KEY_generate_key(clnt_ecdh))) {
1336 {
1337 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 1290 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1338 goto err; 1291 goto err;
1339 }
1340 } 1292 }
1293 }
1341 1294
1342 /* use the 'p' output buffer for the ECDH key, but 1295 /* use the 'p' output buffer for the ECDH key, but
1343 * make sure to clear it out afterwards 1296 * make sure to clear it out afterwards
1344 */ 1297 */
1345 1298
1346 field_size = EC_GROUP_get_degree(srvr_group); 1299 field_size = EC_GROUP_get_degree(srvr_group);
1347 if (field_size <= 0) 1300 if (field_size <= 0) {
1348 { 1301 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1349 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1302 ERR_R_ECDH_LIB);
1350 ERR_R_ECDH_LIB);
1351 goto err; 1303 goto err;
1352 } 1304 }
1353 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); 1305 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL);
1354 if (n <= 0) 1306 if (n <= 0) {
1355 { 1307 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1356 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1308 ERR_R_ECDH_LIB);
1357 ERR_R_ECDH_LIB);
1358 goto err; 1309 goto err;
1359 } 1310 }
1360 1311
1361 /* generate master key from the result */ 1312 /* generate master key from the result */
1362 s->session->master_key_length = s->method->ssl3_enc \ 1313 s->session->master_key_length = s->method->ssl3_enc \
1363 -> generate_master_secret(s, 1314 -> generate_master_secret(s,
1364 s->session->master_key, 1315 s->session->master_key,
1365 p, n); 1316 p, n);
1366 1317
1367 memset(p, 0, n); /* clean up */ 1318 memset(p, 0, n); /* clean up */
1368 1319
1369 if (ecdh_clnt_cert) 1320 if (ecdh_clnt_cert) {
1370 {
1371 /* Send empty client key exch message */ 1321 /* Send empty client key exch message */
1372 n = 0; 1322 n = 0;
1373 } 1323 } else {
1374 else
1375 {
1376 /* First check the size of encoding and 1324 /* First check the size of encoding and
1377 * allocate memory accordingly. 1325 * allocate memory accordingly.
1378 */ 1326 */
1379 encoded_pt_len = 1327 encoded_pt_len =
1380 EC_POINT_point2oct(srvr_group, 1328 EC_POINT_point2oct(srvr_group,
1381 EC_KEY_get0_public_key(clnt_ecdh), 1329 EC_KEY_get0_public_key(clnt_ecdh),
1382 POINT_CONVERSION_UNCOMPRESSED, 1330 POINT_CONVERSION_UNCOMPRESSED,
1383 NULL, 0, NULL); 1331 NULL, 0, NULL);
1384 1332
1385 encodedPoint = (unsigned char *) 1333 encodedPoint = (unsigned char *)
1386 OPENSSL_malloc(encoded_pt_len * 1334 OPENSSL_malloc(encoded_pt_len *
1387 sizeof(unsigned char)); 1335 sizeof(unsigned char));
1336
1388 bn_ctx = BN_CTX_new(); 1337 bn_ctx = BN_CTX_new();
1389 if ((encodedPoint == NULL) || 1338 if ((encodedPoint == NULL) ||
1390 (bn_ctx == NULL)) 1339 (bn_ctx == NULL)) {
1391 { 1340 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1392 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1393 goto err; 1341 goto err;
1394 } 1342 }
1395 1343
1396 /* Encode the public key */ 1344 /* Encode the public key */
1397 n = EC_POINT_point2oct(srvr_group, 1345 n = EC_POINT_point2oct(srvr_group,
1398 EC_KEY_get0_public_key(clnt_ecdh), 1346 EC_KEY_get0_public_key(clnt_ecdh),
1399 POINT_CONVERSION_UNCOMPRESSED, 1347 POINT_CONVERSION_UNCOMPRESSED,
1400 encodedPoint, encoded_pt_len, bn_ctx); 1348 encodedPoint, encoded_pt_len, bn_ctx);
1401 1349
1402 *p = n; /* length of encoded point */ 1350 *p = n; /* length of encoded point */
1403 /* Encoded point will be copied here */ 1351 /* Encoded point will be copied here */
1404 p += 1; 1352 p += 1;
1353
1405 /* copy the point */ 1354 /* copy the point */
1406 memcpy((unsigned char *)p, encodedPoint, n); 1355 memcpy((unsigned char *)p, encodedPoint, n);
1407 /* increment n to account for length field */ 1356 /* increment n to account for length field */
1408 n += 1; 1357 n += 1;
1409 } 1358
1359 }
1410 1360
1411 /* Free allocated memory */ 1361 /* Free allocated memory */
1412 BN_CTX_free(bn_ctx); 1362 BN_CTX_free(bn_ctx);
1413 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 1363 if (encodedPoint != NULL)
1414 if (clnt_ecdh != NULL) 1364 OPENSSL_free(encodedPoint);
1415 EC_KEY_free(clnt_ecdh); 1365 if (clnt_ecdh != NULL)
1366 EC_KEY_free(clnt_ecdh);
1416 EVP_PKEY_free(srvr_pub_pkey); 1367 EVP_PKEY_free(srvr_pub_pkey);
1417 } 1368 }
1418#endif /* !OPENSSL_NO_ECDH */ 1369#endif /* !OPENSSL_NO_ECDH */
1419 1370
1420#ifndef OPENSSL_NO_PSK 1371#ifndef OPENSSL_NO_PSK
1421 else if (alg_k & SSL_kPSK) 1372 else if (alg_k & SSL_kPSK) {
1422 {
1423 char identity[PSK_MAX_IDENTITY_LEN]; 1373 char identity[PSK_MAX_IDENTITY_LEN];
1424 unsigned char *t = NULL; 1374 unsigned char *t = NULL;
1425 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; 1375 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2 + 4];
1426 unsigned int pre_ms_len = 0, psk_len = 0; 1376 unsigned int pre_ms_len = 0, psk_len = 0;
1427 int psk_err = 1; 1377 int psk_err = 1;
1428 1378
1429 n = 0; 1379 n = 0;
1430 if (s->psk_client_callback == NULL) 1380 if (s->psk_client_callback == NULL) {
1431 {
1432 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1381 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1433 SSL_R_PSK_NO_CLIENT_CB); 1382 SSL_R_PSK_NO_CLIENT_CB);
1434 goto err; 1383 goto err;
1435 } 1384 }
1436 1385
1437 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, 1386 psk_len = s->psk_client_callback(s,
1438 identity, PSK_MAX_IDENTITY_LEN, 1387 s->ctx->psk_identity_hint, identity,
1439 psk_or_pre_ms, sizeof(psk_or_pre_ms)); 1388 PSK_MAX_IDENTITY_LEN, psk_or_pre_ms,
1440 if (psk_len > PSK_MAX_PSK_LEN) 1389 sizeof(psk_or_pre_ms));
1441 { 1390 if (psk_len > PSK_MAX_PSK_LEN) {
1442 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1391 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1443 ERR_R_INTERNAL_ERROR); 1392 ERR_R_INTERNAL_ERROR);
1444 goto psk_err; 1393 goto psk_err;
1445 } 1394 } else if (psk_len == 0) {
1446 else if (psk_len == 0)
1447 {
1448 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1395 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1449 SSL_R_PSK_IDENTITY_NOT_FOUND); 1396 SSL_R_PSK_IDENTITY_NOT_FOUND);
1450 goto psk_err; 1397 goto psk_err;
1451 } 1398 }
1452 1399
1453 /* create PSK pre_master_secret */ 1400 /* create PSK pre_master_secret */
1454 pre_ms_len = 2+psk_len+2+psk_len; 1401 pre_ms_len = 2 + psk_len + 2 + psk_len;
1455 t = psk_or_pre_ms; 1402 t = psk_or_pre_ms;
1456 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len); 1403 memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
1457 s2n(psk_len, t); 1404 s2n(psk_len, t);
1458 memset(t, 0, psk_len); 1405 memset(t, 0, psk_len);
1459 t+=psk_len; 1406 t += psk_len;
1460 s2n(psk_len, t); 1407 s2n(psk_len, t);
1461 1408
1462 if (s->session->psk_identity_hint != NULL) 1409 if (s->session->psk_identity_hint != NULL)
1463 OPENSSL_free(s->session->psk_identity_hint); 1410 OPENSSL_free(s->session->psk_identity_hint);
1464 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 1411 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
1465 if (s->ctx->psk_identity_hint != NULL && 1412 if (s->ctx->psk_identity_hint != NULL &&
1466 s->session->psk_identity_hint == NULL) 1413 s->session->psk_identity_hint == NULL) {
1467 {
1468 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1414 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1469 ERR_R_MALLOC_FAILURE); 1415 ERR_R_MALLOC_FAILURE);
1470 goto psk_err; 1416 goto psk_err;
1471 } 1417 }
1472 1418
1473 if (s->session->psk_identity != NULL) 1419 if (s->session->psk_identity != NULL)
1474 OPENSSL_free(s->session->psk_identity); 1420 OPENSSL_free(s->session->psk_identity);
1475 s->session->psk_identity = BUF_strdup(identity); 1421 s->session->psk_identity = BUF_strdup(identity);
1476 if (s->session->psk_identity == NULL) 1422 if (s->session->psk_identity == NULL) {
1477 {
1478 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1423 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1479 ERR_R_MALLOC_FAILURE); 1424 ERR_R_MALLOC_FAILURE);
1480 goto psk_err; 1425 goto psk_err;
1481 } 1426 }
1482 1427
1483 s->session->master_key_length = 1428 s->session->master_key_length =
1484 s->method->ssl3_enc->generate_master_secret(s, 1429 s->method->ssl3_enc->generate_master_secret(s,
1485 s->session->master_key, 1430 s->session->master_key,
1486 psk_or_pre_ms, pre_ms_len); 1431 psk_or_pre_ms, pre_ms_len);
1432
1487 n = strlen(identity); 1433 n = strlen(identity);
1488 s2n(n, p); 1434 s2n(n, p);
1489 memcpy(p, identity, n); 1435 memcpy(p, identity, n);
1490 n+=2; 1436 n += 2;
1491 psk_err = 0; 1437 psk_err = 0;
1492 psk_err: 1438psk_err:
1493 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); 1439 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
1494 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); 1440 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
1495 if (psk_err != 0) 1441 if (psk_err != 0) {
1496 {
1497 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1442 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1498 goto err; 1443 goto err;
1499 }
1500 } 1444 }
1445 }
1501#endif 1446#endif
1502 else 1447 else {
1503 { 1448 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1504 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1449 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1505 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1506 goto err; 1450 goto err;
1507 } 1451 }
1508 1452
1509 d = dtls1_set_message_header(s, d, 1453 d = dtls1_set_message_header(s, d,
1510 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n); 1454 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
1511 /* 1455 /*
1512 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; 1456 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1513 l2n3(n,d); 1457 l2n3(n,d);
1514 l2n(s->d1->handshake_write_seq,d); 1458 l2n(s->d1->handshake_write_seq,d);
1515 s->d1->handshake_write_seq++; 1459 s->d1->handshake_write_seq++;
1516 */ 1460 */
1517 1461
1518 s->state=SSL3_ST_CW_KEY_EXCH_B; 1462 s->state = SSL3_ST_CW_KEY_EXCH_B;
1519 /* number of bytes to write */ 1463 /* number of bytes to write */
1520 s->init_num=n+DTLS1_HM_HEADER_LENGTH; 1464 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1521 s->init_off=0; 1465 s->init_off = 0;
1522 1466
1523 /* buffer the message to handle re-xmits */ 1467 /* buffer the message to handle re-xmits */
1524 dtls1_buffer_message(s, 0); 1468 dtls1_buffer_message(s, 0);
1525 } 1469 }
1526 1470
1527 /* SSL3_ST_CW_KEY_EXCH_B */ 1471 /* SSL3_ST_CW_KEY_EXCH_B */
1528 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1472 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1529err: 1473err:
1530#ifndef OPENSSL_NO_ECDH 1474#ifndef OPENSSL_NO_ECDH
1531 BN_CTX_free(bn_ctx); 1475 BN_CTX_free(bn_ctx);
1532 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 1476 if (encodedPoint != NULL)
1533 if (clnt_ecdh != NULL) 1477 OPENSSL_free(encodedPoint);
1478 if (clnt_ecdh != NULL)
1534 EC_KEY_free(clnt_ecdh); 1479 EC_KEY_free(clnt_ecdh);
1535 EVP_PKEY_free(srvr_pub_pkey); 1480 EVP_PKEY_free(srvr_pub_pkey);
1536#endif 1481#endif
1537 return(-1); 1482 return (-1);
1538 } 1483}
1539 1484
1540int dtls1_send_client_verify(SSL *s) 1485int
1541 { 1486dtls1_send_client_verify(SSL *s)
1542 unsigned char *p,*d; 1487{
1543 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 1488 unsigned char *p, *d;
1489 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1544 EVP_PKEY *pkey; 1490 EVP_PKEY *pkey;
1545#ifndef OPENSSL_NO_RSA 1491#ifndef OPENSSL_NO_RSA
1546 unsigned u=0; 1492 unsigned u = 0;
1547#endif 1493#endif
1548 unsigned long n; 1494 unsigned long n;
1549#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) 1495#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1550 int j; 1496 int j;
1551#endif 1497#endif
1552 1498
1553 if (s->state == SSL3_ST_CW_CERT_VRFY_A) 1499 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
1554 { 1500 d = (unsigned char *)s->init_buf->data;
1555 d=(unsigned char *)s->init_buf->data; 1501 p = &(d[DTLS1_HM_HEADER_LENGTH]);
1556 p= &(d[DTLS1_HM_HEADER_LENGTH]); 1502 pkey = s->cert->key->privatekey;
1557 pkey=s->cert->key->privatekey;
1558 1503
1559 s->method->ssl3_enc->cert_verify_mac(s, 1504 s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
1560 NID_sha1, 1505 &(data[MD5_DIGEST_LENGTH]));
1561 &(data[MD5_DIGEST_LENGTH]));
1562 1506
1563#ifndef OPENSSL_NO_RSA 1507#ifndef OPENSSL_NO_RSA
1564 if (pkey->type == EVP_PKEY_RSA) 1508 if (pkey->type == EVP_PKEY_RSA) {
1565 {
1566 s->method->ssl3_enc->cert_verify_mac(s, 1509 s->method->ssl3_enc->cert_verify_mac(s,
1567 NID_md5, 1510 NID_md5, &(data[0]));
1568 &(data[0]));
1569 if (RSA_sign(NID_md5_sha1, data, 1511 if (RSA_sign(NID_md5_sha1, data,
1570 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 1512 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
1571 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 1513 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
1572 { 1514 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
1573 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
1574 goto err; 1515 goto err;
1575 }
1576 s2n(u,p);
1577 n=u+2;
1578 } 1516 }
1579 else 1517 s2n(u, p);
1518 n = u + 2;
1519 } else
1580#endif 1520#endif
1581#ifndef OPENSSL_NO_DSA 1521#ifndef OPENSSL_NO_DSA
1582 if (pkey->type == EVP_PKEY_DSA) 1522 if (pkey->type == EVP_PKEY_DSA) {
1583 {
1584 if (!DSA_sign(pkey->save_type, 1523 if (!DSA_sign(pkey->save_type,
1585 &(data[MD5_DIGEST_LENGTH]), 1524 &(data[MD5_DIGEST_LENGTH]),
1586 SHA_DIGEST_LENGTH,&(p[2]), 1525 SHA_DIGEST_LENGTH, &(p[2]),
1587 (unsigned int *)&j,pkey->pkey.dsa)) 1526 (unsigned int *)&j, pkey->pkey.dsa)) {
1588 { 1527 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
1589 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
1590 goto err; 1528 goto err;
1591 }
1592 s2n(j,p);
1593 n=j+2;
1594 } 1529 }
1595 else 1530 s2n(j, p);
1531 n = j + 2;
1532 } else
1596#endif 1533#endif
1597#ifndef OPENSSL_NO_ECDSA 1534#ifndef OPENSSL_NO_ECDSA
1598 if (pkey->type == EVP_PKEY_EC) 1535 if (pkey->type == EVP_PKEY_EC) {
1599 {
1600 if (!ECDSA_sign(pkey->save_type, 1536 if (!ECDSA_sign(pkey->save_type,
1601 &(data[MD5_DIGEST_LENGTH]), 1537 &(data[MD5_DIGEST_LENGTH]),
1602 SHA_DIGEST_LENGTH,&(p[2]), 1538 SHA_DIGEST_LENGTH, &(p[2]),
1603 (unsigned int *)&j,pkey->pkey.ec)) 1539 (unsigned int *)&j, pkey->pkey.ec)) {
1604 {
1605 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, 1540 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1606 ERR_R_ECDSA_LIB); 1541 ERR_R_ECDSA_LIB);
1607 goto err; 1542 goto err;
1608 }
1609 s2n(j,p);
1610 n=j+2;
1611 } 1543 }
1612 else 1544 s2n(j, p);
1545 n = j + 2;
1546 } else
1613#endif 1547#endif
1614 { 1548 {
1615 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); 1549 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
1616 goto err; 1550 goto err;
1617 } 1551 }
1618 1552
1619 d = dtls1_set_message_header(s, d, 1553 d = dtls1_set_message_header(s, d,
1620 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ; 1554 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
1621 1555
1622 s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH; 1556 s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
1623 s->init_off=0; 1557 s->init_off = 0;
1624 1558
1625 /* buffer the message to handle re-xmits */ 1559 /* buffer the message to handle re-xmits */
1626 dtls1_buffer_message(s, 0); 1560 dtls1_buffer_message(s, 0);
1627 1561
1628 s->state = SSL3_ST_CW_CERT_VRFY_B; 1562 s->state = SSL3_ST_CW_CERT_VRFY_B;
1629 } 1563 }
1630 1564
1631 /* s->state = SSL3_ST_CW_CERT_VRFY_B */ 1565 /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1632 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1566 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1633err: 1567err:
1634 return(-1); 1568 return (-1);
1635 } 1569}
1636 1570
1637int dtls1_send_client_certificate(SSL *s) 1571int
1638 { 1572dtls1_send_client_certificate(SSL *s)
1639 X509 *x509=NULL; 1573{
1640 EVP_PKEY *pkey=NULL; 1574 X509 *x509 = NULL;
1575 EVP_PKEY *pkey = NULL;
1641 int i; 1576 int i;
1642 unsigned long l; 1577 unsigned long l;
1643 1578
1644 if (s->state == SSL3_ST_CW_CERT_A) 1579 if (s->state == SSL3_ST_CW_CERT_A) {
1645 { 1580 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
1646 if ((s->cert == NULL) || 1581 (s->cert->key->privatekey == NULL))
1647 (s->cert->key->x509 == NULL) || 1582 s->state = SSL3_ST_CW_CERT_B;
1648 (s->cert->key->privatekey == NULL))
1649 s->state=SSL3_ST_CW_CERT_B;
1650 else 1583 else
1651 s->state=SSL3_ST_CW_CERT_C; 1584 s->state = SSL3_ST_CW_CERT_C;
1652 } 1585 }
1653 1586
1654 /* We need to get a client cert */ 1587 /* We need to get a client cert */
1655 if (s->state == SSL3_ST_CW_CERT_B) 1588 if (s->state == SSL3_ST_CW_CERT_B) {
1656 {
1657 /* If we get an error, we need to 1589 /* If we get an error, we need to
1658 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 1590 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1659 * We then get retied later */ 1591 * We then get retied later */
1660 i=0; 1592 i = 0;
1661 i = ssl_do_client_cert_cb(s, &x509, &pkey); 1593 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1662 if (i < 0) 1594 if (i < 0) {
1663 { 1595 s->rwstate = SSL_X509_LOOKUP;
1664 s->rwstate=SSL_X509_LOOKUP; 1596 return (-1);
1665 return(-1); 1597 }
1666 } 1598 s->rwstate = SSL_NOTHING;
1667 s->rwstate=SSL_NOTHING; 1599 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
1668 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) 1600 s->state = SSL3_ST_CW_CERT_B;
1669 { 1601 if (!SSL_use_certificate(s, x509) ||
1670 s->state=SSL3_ST_CW_CERT_B; 1602 !SSL_use_PrivateKey(s, pkey))
1671 if ( !SSL_use_certificate(s,x509) || 1603 i = 0;
1672 !SSL_use_PrivateKey(s,pkey)) 1604 } else if (i == 1) {
1673 i=0; 1605 i = 0;
1674 } 1606 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1675 else if (i == 1) 1607 }
1676 {
1677 i=0;
1678 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1679 }
1680 1608
1681 if (x509 != NULL) X509_free(x509); 1609 if (x509 != NULL)
1682 if (pkey != NULL) EVP_PKEY_free(pkey); 1610 X509_free(x509);
1683 if (i == 0) 1611 if (pkey != NULL)
1684 { 1612 EVP_PKEY_free(pkey);
1685 if (s->version == SSL3_VERSION) 1613 if (i == 0) {
1686 { 1614 if (s->version == SSL3_VERSION) {
1687 s->s3->tmp.cert_req=0; 1615 s->s3->tmp.cert_req = 0;
1688 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); 1616 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
1689 return(1); 1617 return (1);
1690 } 1618 } else {
1691 else 1619 s->s3->tmp.cert_req = 2;
1692 {
1693 s->s3->tmp.cert_req=2;
1694 }
1695 } 1620 }
1621 }
1696 1622
1697 /* Ok, we have a cert */ 1623 /* Ok, we have a cert */
1698 s->state=SSL3_ST_CW_CERT_C; 1624 s->state = SSL3_ST_CW_CERT_C;
1699 } 1625 }
1700 1626
1701 if (s->state == SSL3_ST_CW_CERT_C) 1627 if (s->state == SSL3_ST_CW_CERT_C) {
1702 { 1628 s->state = SSL3_ST_CW_CERT_D;
1703 s->state=SSL3_ST_CW_CERT_D; 1629 l = dtls1_output_cert_chain(s,
1704 l=dtls1_output_cert_chain(s, 1630 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
1705 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); 1631 s->init_num = (int)l;
1706 s->init_num=(int)l; 1632 s->init_off = 0;
1707 s->init_off=0;
1708 1633
1709 /* set header called by dtls1_output_cert_chain() */ 1634 /* set header called by dtls1_output_cert_chain() */
1710 1635
1711 /* buffer the message to handle re-xmits */ 1636 /* buffer the message to handle re-xmits */
1712 dtls1_buffer_message(s, 0); 1637 dtls1_buffer_message(s, 0);
1713 }
1714 /* SSL3_ST_CW_CERT_D */
1715 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1716 } 1638 }
1717 1639 /* SSL3_ST_CW_CERT_D */
1718 1640 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1641}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 03:14:37 +0000