summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_srvr.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 14:51:11 +0000
committerjsing <>2014-04-14 14:51:11 +0000
commit5977f7bc2c486cf4286457ca1bc58fbe2455144d (patch)
tree405ed6145367617646f765247ee24976c45b2e76 /src/lib/libssl/d1_srvr.c
parentc03306dde55b9ef0d2073f1376f36b96f84c0679 (diff)
downloadopenbsd-5977f7bc2c486cf4286457ca1bc58fbe2455144d.tar.gz
openbsd-5977f7bc2c486cf4286457ca1bc58fbe2455144d.tar.bz2
openbsd-5977f7bc2c486cf4286457ca1bc58fbe2455144d.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/d1_srvr.c')
-rw-r--r--src/lib/libssl/d1_srvr.c1523
1 files changed, 726 insertions, 797 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index aacf8fd380..95dffe9484 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -129,47 +129,48 @@
129static const SSL_METHOD *dtls1_get_server_method(int ver); 129static const SSL_METHOD *dtls1_get_server_method(int ver);
130static int dtls1_send_hello_verify_request(SSL *s); 130static int dtls1_send_hello_verify_request(SSL *s);
131 131
132static const SSL_METHOD *dtls1_get_server_method(int ver) 132static const SSL_METHOD
133 { 133*dtls1_get_server_method(int ver)
134{
134 if (ver == DTLS1_VERSION) 135 if (ver == DTLS1_VERSION)
135 return(DTLSv1_server_method()); 136 return (DTLSv1_server_method());
136 else 137 else
137 return(NULL); 138 return (NULL);
138 } 139}
139 140
140IMPLEMENT_dtls1_meth_func(DTLSv1_server_method, 141IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
141 dtls1_accept, 142 dtls1_accept, ssl_undefined_function, dtls1_get_server_method)
142 ssl_undefined_function,
143 dtls1_get_server_method)
144 143
145int dtls1_accept(SSL *s) 144int
146 { 145dtls1_accept(SSL *s)
146{
147 BUF_MEM *buf; 147 BUF_MEM *buf;
148 unsigned long Time=(unsigned long)time(NULL); 148 unsigned long Time = (unsigned long)time(NULL);
149 void (*cb)(const SSL *ssl,int type,int val)=NULL; 149 void (*cb)(const SSL *ssl, int type, int val) = NULL;
150 unsigned long alg_k; 150 unsigned long alg_k;
151 int ret= -1; 151 int ret = -1;
152 int new_state,state,skip=0; 152 int new_state, state, skip = 0;
153 int listen; 153 int listen;
154#ifndef OPENSSL_NO_SCTP 154#ifndef OPENSSL_NO_SCTP
155 unsigned char sctpauthkey[64]; 155 unsigned char sctpauthkey[64];
156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; 156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
157#endif 157#endif
158 158
159 RAND_add(&Time,sizeof(Time),0); 159 RAND_add(&Time, sizeof(Time), 0);
160 ERR_clear_error(); 160 ERR_clear_error();
161 errno = 0; 161 errno = 0;
162 162
163 if (s->info_callback != NULL) 163 if (s->info_callback != NULL)
164 cb=s->info_callback; 164 cb = s->info_callback;
165 else if (s->ctx->info_callback != NULL) 165 else if (s->ctx->info_callback != NULL)
166 cb=s->ctx->info_callback; 166 cb = s->ctx->info_callback;
167 167
168 listen = s->d1->listen; 168 listen = s->d1->listen;
169 169
170 /* init things to blank */ 170 /* init things to blank */
171 s->in_handshake++; 171 s->in_handshake++;
172 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 172 if (!SSL_in_init(s) || SSL_in_before(s))
173 SSL_clear(s);
173 174
174 s->d1->listen = listen; 175 s->d1->listen = listen;
175#ifndef OPENSSL_NO_SCTP 176#ifndef OPENSSL_NO_SCTP
@@ -177,36 +178,33 @@ int dtls1_accept(SSL *s)
177 * mode and prevent stream identifier other 178 * mode and prevent stream identifier other
178 * than 0. Will be ignored if no SCTP is used. 179 * than 0. Will be ignored if no SCTP is used.
179 */ 180 */
180 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 181 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
182 s->in_handshake, NULL);
181#endif 183#endif
182 184
183 if (s->cert == NULL) 185 if (s->cert == NULL) {
184 { 186 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
185 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); 187 return (-1);
186 return(-1); 188 }
187 }
188 189
189#ifndef OPENSSL_NO_HEARTBEATS 190#ifndef OPENSSL_NO_HEARTBEATS
190 /* If we're awaiting a HeartbeatResponse, pretend we 191 /* If we're awaiting a HeartbeatResponse, pretend we
191 * already got and don't await it anymore, because 192 * already got and don't await it anymore, because
192 * Heartbeats don't make sense during handshakes anyway. 193 * Heartbeats don't make sense during handshakes anyway.
193 */ 194 */
194 if (s->tlsext_hb_pending) 195 if (s->tlsext_hb_pending) {
195 {
196 dtls1_stop_timer(s); 196 dtls1_stop_timer(s);
197 s->tlsext_hb_pending = 0; 197 s->tlsext_hb_pending = 0;
198 s->tlsext_hb_seq++; 198 s->tlsext_hb_seq++;
199 } 199 }
200#endif 200#endif
201 201
202 for (;;) 202 for (;;) {
203 { 203 state = s->state;
204 state=s->state;
205 204
206 switch (s->state) 205 switch (s->state) {
207 {
208 case SSL_ST_RENEGOTIATE: 206 case SSL_ST_RENEGOTIATE:
209 s->renegotiate=1; 207 s->renegotiate = 1;
210 /* s->state=SSL_ST_ACCEPT; */ 208 /* s->state=SSL_ST_ACCEPT; */
211 209
212 case SSL_ST_BEFORE: 210 case SSL_ST_BEFORE:
@@ -214,41 +212,36 @@ int dtls1_accept(SSL *s)
214 case SSL_ST_BEFORE|SSL_ST_ACCEPT: 212 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
215 case SSL_ST_OK|SSL_ST_ACCEPT: 213 case SSL_ST_OK|SSL_ST_ACCEPT:
216 214
217 s->server=1; 215 s->server = 1;
218 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 216 if (cb != NULL)
217 cb(s, SSL_CB_HANDSHAKE_START, 1);
219 218
220 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) 219 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
221 {
222 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); 220 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
223 return -1; 221 return -1;
224 } 222 }
225 s->type=SSL_ST_ACCEPT; 223 s->type = SSL_ST_ACCEPT;
226 224
227 if (s->init_buf == NULL) 225 if (s->init_buf == NULL) {
228 { 226 if ((buf = BUF_MEM_new()) == NULL) {
229 if ((buf=BUF_MEM_new()) == NULL) 227 ret = -1;
230 {
231 ret= -1;
232 goto end; 228 goto end;
233 } 229 }
234 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 230 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
235 { 231 ret = -1;
236 ret= -1;
237 goto end; 232 goto end;
238 }
239 s->init_buf=buf;
240 } 233 }
234 s->init_buf = buf;
235 }
241 236
242 if (!ssl3_setup_buffers(s)) 237 if (!ssl3_setup_buffers(s)) {
243 { 238 ret = -1;
244 ret= -1;
245 goto end; 239 goto end;
246 } 240 }
247 241
248 s->init_num=0; 242 s->init_num = 0;
249 243
250 if (s->state != SSL_ST_RENEGOTIATE) 244 if (s->state != SSL_ST_RENEGOTIATE) {
251 {
252 /* Ok, we now need to push on a buffering BIO so that 245 /* Ok, we now need to push on a buffering BIO so that
253 * the output is sent in a way that TCP likes :-) 246 * the output is sent in a way that TCP likes :-)
254 * ...but not with SCTP :-) 247 * ...but not with SCTP :-)
@@ -256,48 +249,51 @@ int dtls1_accept(SSL *s)
256#ifndef OPENSSL_NO_SCTP 249#ifndef OPENSSL_NO_SCTP
257 if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) 250 if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
258#endif 251#endif
259 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } 252 if (!ssl_init_wbio_buffer(s, 1)) {
253 ret = -1;
254 goto end;
255 }
260 256
261 ssl3_init_finished_mac(s); 257 ssl3_init_finished_mac(s);
262 s->state=SSL3_ST_SR_CLNT_HELLO_A; 258 s->state = SSL3_ST_SR_CLNT_HELLO_A;
263 s->ctx->stats.sess_accept++; 259 s->ctx->stats.sess_accept++;
264 } 260 } else {
265 else
266 {
267 /* s->state == SSL_ST_RENEGOTIATE, 261 /* s->state == SSL_ST_RENEGOTIATE,
268 * we will just send a HelloRequest */ 262 * we will just send a HelloRequest */
269 s->ctx->stats.sess_accept_renegotiate++; 263 s->ctx->stats.sess_accept_renegotiate++;
270 s->state=SSL3_ST_SW_HELLO_REQ_A; 264 s->state = SSL3_ST_SW_HELLO_REQ_A;
271 } 265 }
272 266
273 break; 267 break;
274 268
275 case SSL3_ST_SW_HELLO_REQ_A: 269 case SSL3_ST_SW_HELLO_REQ_A:
276 case SSL3_ST_SW_HELLO_REQ_B: 270 case SSL3_ST_SW_HELLO_REQ_B:
277 271
278 s->shutdown=0; 272 s->shutdown = 0;
279 dtls1_clear_record_buffer(s); 273 dtls1_clear_record_buffer(s);
280 dtls1_start_timer(s); 274 dtls1_start_timer(s);
281 ret=dtls1_send_hello_request(s); 275 ret = dtls1_send_hello_request(s);
282 if (ret <= 0) goto end; 276 if (ret <= 0)
283 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; 277 goto end;
284 s->state=SSL3_ST_SW_FLUSH; 278 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
285 s->init_num=0; 279 s->state = SSL3_ST_SW_FLUSH;
280 s->init_num = 0;
286 281
287 ssl3_init_finished_mac(s); 282 ssl3_init_finished_mac(s);
288 break; 283 break;
289 284
290 case SSL3_ST_SW_HELLO_REQ_C: 285 case SSL3_ST_SW_HELLO_REQ_C:
291 s->state=SSL_ST_OK; 286 s->state = SSL_ST_OK;
292 break; 287 break;
293 288
294 case SSL3_ST_SR_CLNT_HELLO_A: 289 case SSL3_ST_SR_CLNT_HELLO_A:
295 case SSL3_ST_SR_CLNT_HELLO_B: 290 case SSL3_ST_SR_CLNT_HELLO_B:
296 case SSL3_ST_SR_CLNT_HELLO_C: 291 case SSL3_ST_SR_CLNT_HELLO_C:
297 292
298 s->shutdown=0; 293 s->shutdown = 0;
299 ret=ssl3_get_client_hello(s); 294 ret = ssl3_get_client_hello(s);
300 if (ret <= 0) goto end; 295 if (ret <= 0)
296 goto end;
301 dtls1_stop_timer(s); 297 dtls1_stop_timer(s);
302 298
303 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) 299 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
@@ -305,17 +301,15 @@ int dtls1_accept(SSL *s)
305 else 301 else
306 s->state = SSL3_ST_SW_SRVR_HELLO_A; 302 s->state = SSL3_ST_SW_SRVR_HELLO_A;
307 303
308 s->init_num=0; 304 s->init_num = 0;
309 305
310 /* Reflect ClientHello sequence to remain stateless while listening */ 306 /* Reflect ClientHello sequence to remain stateless while listening */
311 if (listen) 307 if (listen) {
312 {
313 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); 308 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
314 } 309 }
315 310
316 /* If we're just listening, stop here */ 311 /* If we're just listening, stop here */
317 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) 312 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
318 {
319 ret = 2; 313 ret = 2;
320 s->d1->listen = 0; 314 s->d1->listen = 0;
321 /* Set expected sequence numbers 315 /* Set expected sequence numbers
@@ -325,57 +319,56 @@ int dtls1_accept(SSL *s)
325 s->d1->handshake_write_seq = 1; 319 s->d1->handshake_write_seq = 1;
326 s->d1->next_handshake_write_seq = 1; 320 s->d1->next_handshake_write_seq = 1;
327 goto end; 321 goto end;
328 } 322 }
329 323
330 break; 324 break;
331 325
332 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: 326 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
333 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: 327 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
334 328
335 ret = dtls1_send_hello_verify_request(s); 329 ret = dtls1_send_hello_verify_request(s);
336 if ( ret <= 0) goto end; 330 if (ret <= 0)
337 s->state=SSL3_ST_SW_FLUSH; 331 goto end;
338 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; 332 s->state = SSL3_ST_SW_FLUSH;
333 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
339 334
340 /* HelloVerifyRequest resets Finished MAC */ 335 /* HelloVerifyRequest resets Finished MAC */
341 if (s->version != DTLS1_BAD_VER) 336 if (s->version != DTLS1_BAD_VER)
342 ssl3_init_finished_mac(s); 337 ssl3_init_finished_mac(s);
343 break; 338 break;
344 339
345#ifndef OPENSSL_NO_SCTP 340#ifndef OPENSSL_NO_SCTP
346 case DTLS1_SCTP_ST_SR_READ_SOCK: 341 case DTLS1_SCTP_ST_SR_READ_SOCK:
347 342
348 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 343 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
349 { 344 s->s3->in_read_app_data = 2;
350 s->s3->in_read_app_data=2; 345 s->rwstate = SSL_READING;
351 s->rwstate=SSL_READING;
352 BIO_clear_retry_flags(SSL_get_rbio(s)); 346 BIO_clear_retry_flags(SSL_get_rbio(s));
353 BIO_set_retry_read(SSL_get_rbio(s)); 347 BIO_set_retry_read(SSL_get_rbio(s));
354 ret = -1; 348 ret = -1;
355 goto end; 349 goto end;
356 } 350 }
357 351
358 s->state=SSL3_ST_SR_FINISHED_A; 352 s->state = SSL3_ST_SR_FINISHED_A;
359 break; 353 break;
360 354
361 case DTLS1_SCTP_ST_SW_WRITE_SOCK: 355 case DTLS1_SCTP_ST_SW_WRITE_SOCK:
362 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); 356 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
363 if (ret < 0) goto end; 357 if (ret < 0)
364 358 goto end;
365 if (ret == 0) 359
366 { 360 if (ret == 0) {
367 if (s->d1->next_state != SSL_ST_OK) 361 if (s->d1->next_state != SSL_ST_OK) {
368 { 362 s->s3->in_read_app_data = 2;
369 s->s3->in_read_app_data=2; 363 s->rwstate = SSL_READING;
370 s->rwstate=SSL_READING;
371 BIO_clear_retry_flags(SSL_get_rbio(s)); 364 BIO_clear_retry_flags(SSL_get_rbio(s));
372 BIO_set_retry_read(SSL_get_rbio(s)); 365 BIO_set_retry_read(SSL_get_rbio(s));
373 ret = -1; 366 ret = -1;
374 goto end; 367 goto end;
375 }
376 } 368 }
369 }
377 370
378 s->state=s->d1->next_state; 371 s->state = s->d1->next_state;
379 break; 372 break;
380#endif 373#endif
381 374
@@ -383,67 +376,65 @@ int dtls1_accept(SSL *s)
383 case SSL3_ST_SW_SRVR_HELLO_B: 376 case SSL3_ST_SW_SRVR_HELLO_B:
384 s->renegotiate = 2; 377 s->renegotiate = 2;
385 dtls1_start_timer(s); 378 dtls1_start_timer(s);
386 ret=dtls1_send_server_hello(s); 379 ret = dtls1_send_server_hello(s);
387 if (ret <= 0) goto end; 380 if (ret <= 0)
381 goto end;
388 382
389 if (s->hit) 383 if (s->hit) {
390 {
391#ifndef OPENSSL_NO_SCTP 384#ifndef OPENSSL_NO_SCTP
392 /* Add new shared key for SCTP-Auth, 385 /* Add new shared key for SCTP-Auth,
393 * will be ignored if no SCTP used. 386 * will be ignored if no SCTP used.
394 */ 387 */
395 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 388 snprintf((char*)labelbuffer,
396 DTLS1_SCTP_AUTH_LABEL); 389 sizeof(DTLS1_SCTP_AUTH_LABEL),
390 DTLS1_SCTP_AUTH_LABEL);
397 391
398 SSL_export_keying_material(s, sctpauthkey, 392 SSL_export_keying_material(s, sctpauthkey,
399 sizeof(sctpauthkey), labelbuffer, 393 sizeof(sctpauthkey), labelbuffer,
400 sizeof(labelbuffer), NULL, 0, 0); 394 sizeof(labelbuffer), NULL, 0, 0);
401 395
402 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 396 BIO_ctrl(SSL_get_wbio(s),
403 sizeof(sctpauthkey), sctpauthkey); 397 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
398 sizeof(sctpauthkey), sctpauthkey);
404#endif 399#endif
405#ifndef OPENSSL_NO_TLSEXT 400#ifndef OPENSSL_NO_TLSEXT
406 if (s->tlsext_ticket_expected) 401 if (s->tlsext_ticket_expected)
407 s->state=SSL3_ST_SW_SESSION_TICKET_A; 402 s->state = SSL3_ST_SW_SESSION_TICKET_A;
408 else 403 else
409 s->state=SSL3_ST_SW_CHANGE_A; 404 s->state = SSL3_ST_SW_CHANGE_A;
410#else 405#else
411 s->state=SSL3_ST_SW_CHANGE_A; 406 s->state = SSL3_ST_SW_CHANGE_A;
412#endif 407#endif
413 } 408 } else
414 else 409 s->state = SSL3_ST_SW_CERT_A;
415 s->state=SSL3_ST_SW_CERT_A; 410 s->init_num = 0;
416 s->init_num=0;
417 break; 411 break;
418 412
419 case SSL3_ST_SW_CERT_A: 413 case SSL3_ST_SW_CERT_A:
420 case SSL3_ST_SW_CERT_B: 414 case SSL3_ST_SW_CERT_B:
421 /* Check if it is anon DH or normal PSK */ 415 /* Check if it is anon DH or normal PSK */
422 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) 416 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
423 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 417 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
424 {
425 dtls1_start_timer(s); 418 dtls1_start_timer(s);
426 ret=dtls1_send_server_certificate(s); 419 ret = dtls1_send_server_certificate(s);
427 if (ret <= 0) goto end; 420 if (ret <= 0)
421 goto end;
428#ifndef OPENSSL_NO_TLSEXT 422#ifndef OPENSSL_NO_TLSEXT
429 if (s->tlsext_status_expected) 423 if (s->tlsext_status_expected)
430 s->state=SSL3_ST_SW_CERT_STATUS_A; 424 s->state = SSL3_ST_SW_CERT_STATUS_A;
431 else 425 else
432 s->state=SSL3_ST_SW_KEY_EXCH_A; 426 s->state = SSL3_ST_SW_KEY_EXCH_A;
433 } 427 } else {
434 else
435 {
436 skip = 1; 428 skip = 1;
437 s->state=SSL3_ST_SW_KEY_EXCH_A; 429 s->state = SSL3_ST_SW_KEY_EXCH_A;
438 } 430 }
439#else 431#else
440 } 432 } else
441 else 433 skip = 1;
442 skip=1;
443 434
444 s->state=SSL3_ST_SW_KEY_EXCH_A; 435 s->state = SSL3_ST_SW_KEY_EXCH_A;
445#endif 436#endif
446 s->init_num=0; 437 s->init_num = 0;
447 break; 438 break;
448 439
449 case SSL3_ST_SW_KEY_EXCH_A: 440 case SSL3_ST_SW_KEY_EXCH_A:
@@ -454,16 +445,16 @@ int dtls1_accept(SSL *s)
454 * send_server_key_exchange */ 445 * send_server_key_exchange */
455 if ((s->options & SSL_OP_EPHEMERAL_RSA) 446 if ((s->options & SSL_OP_EPHEMERAL_RSA)
456#ifndef OPENSSL_NO_KRB5 447#ifndef OPENSSL_NO_KRB5
457 && !(alg_k & SSL_kKRB5) 448 && !(alg_k & SSL_kKRB5)
458#endif /* OPENSSL_NO_KRB5 */ 449#endif /* OPENSSL_NO_KRB5 */
459 ) 450 )
460 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key 451 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
461 * even when forbidden by protocol specs 452 * even when forbidden by protocol specs
462 * (handshake may fail as clients are not required to 453 * (handshake may fail as clients are not required to
463 * be able to handle this) */ 454 * be able to handle this) */
464 s->s3->tmp.use_rsa_tmp=1; 455 s->s3->tmp.use_rsa_tmp = 1;
465 else 456 else
466 s->s3->tmp.use_rsa_tmp=0; 457 s->s3->tmp.use_rsa_tmp = 0;
467 458
468 /* only send if a DH key exchange or 459 /* only send if a DH key exchange or
469 * RSA but we have a sign only certificate */ 460 * RSA but we have a sign only certificate */
@@ -471,119 +462,112 @@ int dtls1_accept(SSL *s)
471 /* PSK: send ServerKeyExchange if PSK identity 462 /* PSK: send ServerKeyExchange if PSK identity
472 * hint if provided */ 463 * hint if provided */
473#ifndef OPENSSL_NO_PSK 464#ifndef OPENSSL_NO_PSK
474 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) 465 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
475#endif 466#endif
476 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 467 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
477 || (alg_k & SSL_kEECDH) 468 || (alg_k & SSL_kEECDH)
478 || ((alg_k & SSL_kRSA) 469 || ((alg_k & SSL_kRSA)
479 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL 470 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
480 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) 471 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
481 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) 472 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
482 ) 473 )
483 ) 474 )
484 ) 475 )
485 ) 476 ) {
486 {
487 dtls1_start_timer(s); 477 dtls1_start_timer(s);
488 ret=dtls1_send_server_key_exchange(s); 478 ret = dtls1_send_server_key_exchange(s);
489 if (ret <= 0) goto end; 479 if (ret <= 0)
490 } 480 goto end;
491 else 481 } else
492 skip=1; 482 skip = 1;
493 483
494 s->state=SSL3_ST_SW_CERT_REQ_A; 484 s->state = SSL3_ST_SW_CERT_REQ_A;
495 s->init_num=0; 485 s->init_num = 0;
496 break; 486 break;
497 487
498 case SSL3_ST_SW_CERT_REQ_A: 488 case SSL3_ST_SW_CERT_REQ_A:
499 case SSL3_ST_SW_CERT_REQ_B: 489 case SSL3_ST_SW_CERT_REQ_B:
500 if (/* don't request cert unless asked for it: */ 490 if (/* don't request cert unless asked for it: */
501 !(s->verify_mode & SSL_VERIFY_PEER) || 491 !(s->verify_mode & SSL_VERIFY_PEER) ||
502 /* if SSL_VERIFY_CLIENT_ONCE is set, 492 /* if SSL_VERIFY_CLIENT_ONCE is set,
503 * don't request cert during re-negotiation: */ 493 * don't request cert during re-negotiation: */
504 ((s->session->peer != NULL) && 494 ((s->session->peer != NULL) &&
505 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || 495 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
506 /* never request cert in anonymous ciphersuites 496 /* never request cert in anonymous ciphersuites
507 * (see section "Certificate request" in SSL 3 drafts 497 * (see section "Certificate request" in SSL 3 drafts
508 * and in RFC 2246): */ 498 * and in RFC 2246): */
509 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 499 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
510 /* ... except when the application insists on verification 500 /* ... except when the application insists on verification
511 * (against the specs, but s3_clnt.c accepts this for SSL 3) */ 501 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
512 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || 502 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
513 /* never request cert in Kerberos ciphersuites */ 503 /* never request cert in Kerberos ciphersuites */
514 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) 504 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
515 /* With normal PSK Certificates and 505 /* With normal PSK Certificates and
516 * Certificate Requests are omitted */ 506 * Certificate Requests are omitted */
517 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 507 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
518 {
519 /* no cert request */ 508 /* no cert request */
520 skip=1; 509 skip = 1;
521 s->s3->tmp.cert_request=0; 510 s->s3->tmp.cert_request = 0;
522 s->state=SSL3_ST_SW_SRVR_DONE_A; 511 s->state = SSL3_ST_SW_SRVR_DONE_A;
523#ifndef OPENSSL_NO_SCTP 512#ifndef OPENSSL_NO_SCTP
524 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 513 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
525 {
526 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; 514 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
527 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; 515 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
528 }
529#endif
530 } 516 }
531 else 517#endif
532 { 518 } else {
533 s->s3->tmp.cert_request=1; 519 s->s3->tmp.cert_request = 1;
534 dtls1_start_timer(s); 520 dtls1_start_timer(s);
535 ret=dtls1_send_certificate_request(s); 521 ret = dtls1_send_certificate_request(s);
536 if (ret <= 0) goto end; 522 if (ret <= 0)
523 goto end;
537#ifndef NETSCAPE_HANG_BUG 524#ifndef NETSCAPE_HANG_BUG
538 s->state=SSL3_ST_SW_SRVR_DONE_A; 525 s->state = SSL3_ST_SW_SRVR_DONE_A;
539#ifndef OPENSSL_NO_SCTP 526#ifndef OPENSSL_NO_SCTP
540 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 527 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
541 {
542 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; 528 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
543 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; 529 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
544 } 530 }
545#endif 531#endif
546#else 532#else
547 s->state=SSL3_ST_SW_FLUSH; 533 s->state = SSL3_ST_SW_FLUSH;
548 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; 534 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
549#ifndef OPENSSL_NO_SCTP 535#ifndef OPENSSL_NO_SCTP
550 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 536 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
551 {
552 s->d1->next_state = s->s3->tmp.next_state; 537 s->d1->next_state = s->s3->tmp.next_state;
553 s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; 538 s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
554 } 539 }
555#endif 540#endif
556#endif 541#endif
557 s->init_num=0; 542 s->init_num = 0;
558 } 543 }
559 break; 544 break;
560 545
561 case SSL3_ST_SW_SRVR_DONE_A: 546 case SSL3_ST_SW_SRVR_DONE_A:
562 case SSL3_ST_SW_SRVR_DONE_B: 547 case SSL3_ST_SW_SRVR_DONE_B:
563 dtls1_start_timer(s); 548 dtls1_start_timer(s);
564 ret=dtls1_send_server_done(s); 549 ret = dtls1_send_server_done(s);
565 if (ret <= 0) goto end; 550 if (ret <= 0)
566 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; 551 goto end;
567 s->state=SSL3_ST_SW_FLUSH; 552 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
568 s->init_num=0; 553 s->state = SSL3_ST_SW_FLUSH;
554 s->init_num = 0;
569 break; 555 break;
570 556
571 case SSL3_ST_SW_FLUSH: 557 case SSL3_ST_SW_FLUSH:
572 s->rwstate=SSL_WRITING; 558 s->rwstate = SSL_WRITING;
573 if (BIO_flush(s->wbio) <= 0) 559 if (BIO_flush(s->wbio) <= 0) {
574 {
575 /* If the write error was fatal, stop trying */ 560 /* If the write error was fatal, stop trying */
576 if (!BIO_should_retry(s->wbio)) 561 if (!BIO_should_retry(s->wbio)) {
577 { 562 s->rwstate = SSL_NOTHING;
578 s->rwstate=SSL_NOTHING; 563 s->state = s->s3->tmp.next_state;
579 s->state=s->s3->tmp.next_state;
580 }
581
582 ret= -1;
583 goto end;
584 } 564 }
585 s->rwstate=SSL_NOTHING; 565
586 s->state=s->s3->tmp.next_state; 566 ret = -1;
567 goto end;
568 }
569 s->rwstate = SSL_NOTHING;
570 s->state = s->s3->tmp.next_state;
587 break; 571 break;
588 572
589 case SSL3_ST_SR_CERT_A: 573 case SSL3_ST_SR_CERT_A:
@@ -592,67 +576,65 @@ int dtls1_accept(SSL *s)
592 ret = ssl3_check_client_hello(s); 576 ret = ssl3_check_client_hello(s);
593 if (ret <= 0) 577 if (ret <= 0)
594 goto end; 578 goto end;
595 if (ret == 2) 579 if (ret == 2) {
596 {
597 dtls1_stop_timer(s); 580 dtls1_stop_timer(s);
598 s->state = SSL3_ST_SR_CLNT_HELLO_C; 581 s->state = SSL3_ST_SR_CLNT_HELLO_C;
599 } 582 } else {
600 else {
601 /* could be sent for a DH cert, even if we 583 /* could be sent for a DH cert, even if we
602 * have not asked for it :-) */ 584 * have not asked for it :-) */
603 ret=ssl3_get_client_certificate(s); 585 ret = ssl3_get_client_certificate(s);
604 if (ret <= 0) goto end; 586 if (ret <= 0)
605 s->init_num=0; 587 goto end;
606 s->state=SSL3_ST_SR_KEY_EXCH_A; 588 s->init_num = 0;
589 s->state = SSL3_ST_SR_KEY_EXCH_A;
607 } 590 }
608 break; 591 break;
609 592
610 case SSL3_ST_SR_KEY_EXCH_A: 593 case SSL3_ST_SR_KEY_EXCH_A:
611 case SSL3_ST_SR_KEY_EXCH_B: 594 case SSL3_ST_SR_KEY_EXCH_B:
612 ret=ssl3_get_client_key_exchange(s); 595 ret = ssl3_get_client_key_exchange(s);
613 if (ret <= 0) goto end; 596 if (ret <= 0)
597 goto end;
614#ifndef OPENSSL_NO_SCTP 598#ifndef OPENSSL_NO_SCTP
615 /* Add new shared key for SCTP-Auth, 599 /* Add new shared key for SCTP-Auth,
616 * will be ignored if no SCTP used. 600 * will be ignored if no SCTP used.
617 */ 601 */
618 snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 602 snprintf((char *)labelbuffer,
619 DTLS1_SCTP_AUTH_LABEL); 603 sizeof(DTLS1_SCTP_AUTH_LABEL),
604 DTLS1_SCTP_AUTH_LABEL);
620 605
621 SSL_export_keying_material(s, sctpauthkey, 606 SSL_export_keying_material(s, sctpauthkey,
622 sizeof(sctpauthkey), labelbuffer, 607 sizeof(sctpauthkey), labelbuffer,
623 sizeof(labelbuffer), NULL, 0, 0); 608 sizeof(labelbuffer), NULL, 0, 0);
624 609
625 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 610 BIO_ctrl(SSL_get_wbio(s),
626 sizeof(sctpauthkey), sctpauthkey); 611 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
612 sizeof(sctpauthkey), sctpauthkey);
627#endif 613#endif
628 614
629 s->state=SSL3_ST_SR_CERT_VRFY_A; 615 s->state = SSL3_ST_SR_CERT_VRFY_A;
630 s->init_num=0; 616 s->init_num = 0;
631 617
632 if (ret == 2) 618 if (ret == 2) {
633 {
634 /* For the ECDH ciphersuites when 619 /* For the ECDH ciphersuites when
635 * the client sends its ECDH pub key in 620 * the client sends its ECDH pub key in
636 * a certificate, the CertificateVerify 621 * a certificate, the CertificateVerify
637 * message is not sent. 622 * message is not sent.
638 */ 623 */
639 s->state=SSL3_ST_SR_FINISHED_A; 624 s->state = SSL3_ST_SR_FINISHED_A;
625 s->init_num = 0;
626 } else {
627 s->state = SSL3_ST_SR_CERT_VRFY_A;
640 s->init_num = 0; 628 s->init_num = 0;
641 }
642 else
643 {
644 s->state=SSL3_ST_SR_CERT_VRFY_A;
645 s->init_num=0;
646 629
647 /* We need to get hashes here so if there is 630 /* We need to get hashes here so if there is
648 * a client cert, it can be verified */ 631 * a client cert, it can be verified */
649 s->method->ssl3_enc->cert_verify_mac(s, 632 s->method->ssl3_enc->cert_verify_mac(s,
650 NID_md5, 633 NID_md5, &(s->s3->tmp.cert_verify_md[0]));
651 &(s->s3->tmp.cert_verify_md[0]));
652 s->method->ssl3_enc->cert_verify_mac(s, 634 s->method->ssl3_enc->cert_verify_mac(s,
653 NID_sha1, 635 NID_sha1,
654 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); 636 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
655 } 637 }
656 break; 638 break;
657 639
658 case SSL3_ST_SR_CERT_VRFY_A: 640 case SSL3_ST_SR_CERT_VRFY_A:
@@ -660,51 +642,55 @@ int dtls1_accept(SSL *s)
660 642
661 s->d1->change_cipher_spec_ok = 1; 643 s->d1->change_cipher_spec_ok = 1;
662 /* we should decide if we expected this one */ 644 /* we should decide if we expected this one */
663 ret=ssl3_get_cert_verify(s); 645 ret = ssl3_get_cert_verify(s);
664 if (ret <= 0) goto end; 646 if (ret <= 0)
647 goto end;
665#ifndef OPENSSL_NO_SCTP 648#ifndef OPENSSL_NO_SCTP
666 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 649 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
667 state == SSL_ST_RENEGOTIATE) 650 state == SSL_ST_RENEGOTIATE)
668 s->state=DTLS1_SCTP_ST_SR_READ_SOCK; 651 s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
669 else 652 else
670#endif 653#endif
671 s->state=SSL3_ST_SR_FINISHED_A; 654 s->state = SSL3_ST_SR_FINISHED_A;
672 s->init_num=0; 655 s->init_num = 0;
673 break; 656 break;
674 657
675 case SSL3_ST_SR_FINISHED_A: 658 case SSL3_ST_SR_FINISHED_A:
676 case SSL3_ST_SR_FINISHED_B: 659 case SSL3_ST_SR_FINISHED_B:
677 s->d1->change_cipher_spec_ok = 1; 660 s->d1->change_cipher_spec_ok = 1;
678 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, 661 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
679 SSL3_ST_SR_FINISHED_B); 662 SSL3_ST_SR_FINISHED_B);
680 if (ret <= 0) goto end; 663 if (ret <= 0)
664 goto end;
681 dtls1_stop_timer(s); 665 dtls1_stop_timer(s);
682 if (s->hit) 666 if (s->hit)
683 s->state=SSL_ST_OK; 667 s->state = SSL_ST_OK;
684#ifndef OPENSSL_NO_TLSEXT 668#ifndef OPENSSL_NO_TLSEXT
685 else if (s->tlsext_ticket_expected) 669 else if (s->tlsext_ticket_expected)
686 s->state=SSL3_ST_SW_SESSION_TICKET_A; 670 s->state = SSL3_ST_SW_SESSION_TICKET_A;
687#endif 671#endif
688 else 672 else
689 s->state=SSL3_ST_SW_CHANGE_A; 673 s->state = SSL3_ST_SW_CHANGE_A;
690 s->init_num=0; 674 s->init_num = 0;
691 break; 675 break;
692 676
693#ifndef OPENSSL_NO_TLSEXT 677#ifndef OPENSSL_NO_TLSEXT
694 case SSL3_ST_SW_SESSION_TICKET_A: 678 case SSL3_ST_SW_SESSION_TICKET_A:
695 case SSL3_ST_SW_SESSION_TICKET_B: 679 case SSL3_ST_SW_SESSION_TICKET_B:
696 ret=dtls1_send_newsession_ticket(s); 680 ret = dtls1_send_newsession_ticket(s);
697 if (ret <= 0) goto end; 681 if (ret <= 0)
698 s->state=SSL3_ST_SW_CHANGE_A; 682 goto end;
699 s->init_num=0; 683 s->state = SSL3_ST_SW_CHANGE_A;
684 s->init_num = 0;
700 break; 685 break;
701 686
702 case SSL3_ST_SW_CERT_STATUS_A: 687 case SSL3_ST_SW_CERT_STATUS_A:
703 case SSL3_ST_SW_CERT_STATUS_B: 688 case SSL3_ST_SW_CERT_STATUS_B:
704 ret=ssl3_send_cert_status(s); 689 ret = ssl3_send_cert_status(s);
705 if (ret <= 0) goto end; 690 if (ret <= 0)
706 s->state=SSL3_ST_SW_KEY_EXCH_A; 691 goto end;
707 s->init_num=0; 692 s->state = SSL3_ST_SW_KEY_EXCH_A;
693 s->init_num = 0;
708 break; 694 break;
709 695
710#endif 696#endif
@@ -712,69 +698,69 @@ int dtls1_accept(SSL *s)
712 case SSL3_ST_SW_CHANGE_A: 698 case SSL3_ST_SW_CHANGE_A:
713 case SSL3_ST_SW_CHANGE_B: 699 case SSL3_ST_SW_CHANGE_B:
714 700
715 s->session->cipher=s->s3->tmp.new_cipher; 701 s->session->cipher = s->s3->tmp.new_cipher;
716 if (!s->method->ssl3_enc->setup_key_block(s)) 702 if (!s->method->ssl3_enc->setup_key_block(s)) {
717 { ret= -1; goto end; } 703 ret = -1;
704 goto end;
705 }
718 706
719 ret=dtls1_send_change_cipher_spec(s, 707 ret = dtls1_send_change_cipher_spec(s,
720 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); 708 SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
721 709
722 if (ret <= 0) goto end; 710 if (ret <= 0)
711 goto end;
723 712
724#ifndef OPENSSL_NO_SCTP 713#ifndef OPENSSL_NO_SCTP
725 if (!s->hit) 714 if (!s->hit) {
726 {
727 /* Change to new shared key of SCTP-Auth, 715 /* Change to new shared key of SCTP-Auth,
728 * will be ignored if no SCTP used. 716 * will be ignored if no SCTP used.
729 */ 717 */
730 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 718 BIO_ctrl(SSL_get_wbio(s),
731 } 719 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
720 }
732#endif 721#endif
733 722
734 s->state=SSL3_ST_SW_FINISHED_A; 723 s->state = SSL3_ST_SW_FINISHED_A;
735 s->init_num=0; 724 s->init_num = 0;
736 725
737 if (!s->method->ssl3_enc->change_cipher_state(s, 726 if (!s->method->ssl3_enc->change_cipher_state(s,
738 SSL3_CHANGE_CIPHER_SERVER_WRITE)) 727 SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
739 { 728 ret = -1;
740 ret= -1;
741 goto end; 729 goto end;
742 } 730 }
743 731
744 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); 732 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
745 break; 733 break;
746 734
747 case SSL3_ST_SW_FINISHED_A: 735 case SSL3_ST_SW_FINISHED_A:
748 case SSL3_ST_SW_FINISHED_B: 736 case SSL3_ST_SW_FINISHED_B:
749 ret=dtls1_send_finished(s, 737 ret = dtls1_send_finished(s,
750 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, 738 SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
751 s->method->ssl3_enc->server_finished_label, 739 s->method->ssl3_enc->server_finished_label,
752 s->method->ssl3_enc->server_finished_label_len); 740 s->method->ssl3_enc->server_finished_label_len);
753 if (ret <= 0) goto end; 741 if (ret <= 0)
754 s->state=SSL3_ST_SW_FLUSH; 742 goto end;
755 if (s->hit) 743 s->state = SSL3_ST_SW_FLUSH;
756 { 744 if (s->hit) {
757 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; 745 s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
758 746
759#ifndef OPENSSL_NO_SCTP 747#ifndef OPENSSL_NO_SCTP
760 /* Change to new shared key of SCTP-Auth, 748 /* Change to new shared key of SCTP-Auth,
761 * will be ignored if no SCTP used. 749 * will be ignored if no SCTP used.
762 */ 750 */
763 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 751 BIO_ctrl(SSL_get_wbio(s),
752 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
764#endif 753#endif
765 } 754 } else {
766 else 755 s->s3->tmp.next_state = SSL_ST_OK;
767 {
768 s->s3->tmp.next_state=SSL_ST_OK;
769#ifndef OPENSSL_NO_SCTP 756#ifndef OPENSSL_NO_SCTP
770 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 757 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
771 {
772 s->d1->next_state = s->s3->tmp.next_state; 758 s->d1->next_state = s->s3->tmp.next_state;
773 s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; 759 s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
774 }
775#endif
776 } 760 }
777 s->init_num=0; 761#endif
762 }
763 s->init_num = 0;
778 break; 764 break;
779 765
780 case SSL_ST_OK: 766 case SSL_ST_OK:
@@ -783,28 +769,29 @@ int dtls1_accept(SSL *s)
783 769
784#if 0 770#if 0
785 BUF_MEM_free(s->init_buf); 771 BUF_MEM_free(s->init_buf);
786 s->init_buf=NULL; 772 s->init_buf = NULL;
787#endif 773#endif
788 774
789 /* remove buffering on output */ 775 /* remove buffering on output */
790 ssl_free_wbio_buffer(s); 776 ssl_free_wbio_buffer(s);
791 777
792 s->init_num=0; 778 s->init_num = 0;
793 779
794 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ 780 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
795 { 781 {
796 s->renegotiate=0; 782 s->renegotiate = 0;
797 s->new_session=0; 783 s->new_session = 0;
798 784
799 ssl_update_cache(s,SSL_SESS_CACHE_SERVER); 785 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
800 786
801 s->ctx->stats.sess_accept_good++; 787 s->ctx->stats.sess_accept_good++;
802 /* s->server=1; */ 788 /* s->server=1; */
803 s->handshake_func=dtls1_accept; 789 s->handshake_func = dtls1_accept;
790
791 if (cb != NULL)
792 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
793 }
804 794
805 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
806 }
807
808 ret = 1; 795 ret = 1;
809 796
810 /* done handshaking, next message is client hello */ 797 /* done handshaking, next message is client hello */
@@ -816,77 +803,74 @@ int dtls1_accept(SSL *s)
816 /* break; */ 803 /* break; */
817 804
818 default: 805 default:
819 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE); 806 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
820 ret= -1; 807 ret = -1;
821 goto end; 808 goto end;
822 /* break; */ 809 /* break; */
823 } 810 }
824
825 if (!s->s3->tmp.reuse_message && !skip)
826 {
827 if (s->debug)
828 {
829 if ((ret=BIO_flush(s->wbio)) <= 0)
830 goto end;
831 }
832 811
812 if (!s->s3->tmp.reuse_message && !skip) {
813 if (s->debug) {
814 if ((ret = BIO_flush(s->wbio)) <= 0)
815 goto end;
816 }
833 817
834 if ((cb != NULL) && (s->state != state)) 818 if ((cb != NULL) && (s->state != state)) {
835 { 819 new_state = s->state;
836 new_state=s->state; 820 s->state = state;
837 s->state=state; 821 cb(s, SSL_CB_ACCEPT_LOOP, 1);
838 cb(s,SSL_CB_ACCEPT_LOOP,1); 822 s->state = new_state;
839 s->state=new_state;
840 }
841 } 823 }
842 skip=0;
843 } 824 }
825 skip = 0;
826 }
844end: 827end:
845 /* BIO_flush(s->wbio); */ 828 /* BIO_flush(s->wbio); */
846 829
847 s->in_handshake--; 830 s->in_handshake--;
848#ifndef OPENSSL_NO_SCTP 831#ifndef OPENSSL_NO_SCTP
849 /* Notify SCTP BIO socket to leave handshake 832 /* Notify SCTP BIO socket to leave handshake
850 * mode and prevent stream identifier other 833 * mode and prevent stream identifier other
851 * than 0. Will be ignored if no SCTP is used. 834 * than 0. Will be ignored if no SCTP is used.
852 */ 835 */
853 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 836 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
837 s->in_handshake, NULL);
854#endif 838#endif
855 839
856 if (cb != NULL) 840 if (cb != NULL)
857 cb(s,SSL_CB_ACCEPT_EXIT,ret); 841 cb(s, SSL_CB_ACCEPT_EXIT, ret);
858 return(ret); 842 return (ret);
859 } 843}
860 844
861int dtls1_send_hello_request(SSL *s) 845int
862 { 846dtls1_send_hello_request(SSL *s)
847{
863 unsigned char *p; 848 unsigned char *p;
864 849
865 if (s->state == SSL3_ST_SW_HELLO_REQ_A) 850 if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
866 { 851 p = (unsigned char *)s->init_buf->data;
867 p=(unsigned char *)s->init_buf->data;
868 p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0); 852 p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
869 853
870 s->state=SSL3_ST_SW_HELLO_REQ_B; 854 s->state = SSL3_ST_SW_HELLO_REQ_B;
871 /* number of bytes to write */ 855 /* number of bytes to write */
872 s->init_num=DTLS1_HM_HEADER_LENGTH; 856 s->init_num = DTLS1_HM_HEADER_LENGTH;
873 s->init_off=0; 857 s->init_off = 0;
874 858
875 /* no need to buffer this message, since there are no retransmit 859 /* no need to buffer this message, since there are no retransmit
876 * requests for it */ 860 * requests for it */
877 } 861 }
878 862
879 /* SSL3_ST_SW_HELLO_REQ_B */ 863 /* SSL3_ST_SW_HELLO_REQ_B */
880 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 864 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
881 } 865}
882 866
883int dtls1_send_hello_verify_request(SSL *s) 867int
884 { 868dtls1_send_hello_verify_request(SSL *s)
869{
885 unsigned int msg_len; 870 unsigned int msg_len;
886 unsigned char *msg, *buf, *p; 871 unsigned char *msg, *buf, *p;
887 872
888 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) 873 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
889 {
890 buf = (unsigned char *)s->init_buf->data; 874 buf = (unsigned char *)s->init_buf->data;
891 875
892 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); 876 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
@@ -894,12 +878,11 @@ int dtls1_send_hello_verify_request(SSL *s)
894 *(p++) = s->version & 0xFF; 878 *(p++) = s->version & 0xFF;
895 879
896 if (s->ctx->app_gen_cookie_cb == NULL || 880 if (s->ctx->app_gen_cookie_cb == NULL ||
897 s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 881 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
898 &(s->d1->cookie_len)) == 0) 882 &(s->d1->cookie_len)) == 0) {
899 { 883 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR);
900 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
901 return 0; 884 return 0;
902 } 885 }
903 886
904 *(p++) = (unsigned char) s->d1->cookie_len; 887 *(p++) = (unsigned char) s->d1->cookie_len;
905 memcpy(p, s->d1->cookie, s->d1->cookie_len); 888 memcpy(p, s->d1->cookie, s->d1->cookie_len);
@@ -907,40 +890,40 @@ int dtls1_send_hello_verify_request(SSL *s)
907 msg_len = p - msg; 890 msg_len = p - msg;
908 891
909 dtls1_set_message_header(s, buf, 892 dtls1_set_message_header(s, buf,
910 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len); 893 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
911 894
912 s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; 895 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
913 /* number of bytes to write */ 896 /* number of bytes to write */
914 s->init_num=p-buf; 897 s->init_num = p - buf;
915 s->init_off=0; 898 s->init_off = 0;
916 } 899 }
917 900
918 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ 901 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
919 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 902 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
920 } 903}
921 904
922int dtls1_send_server_hello(SSL *s) 905int
923 { 906dtls1_send_server_hello(SSL *s)
907{
924 unsigned char *buf; 908 unsigned char *buf;
925 unsigned char *p,*d; 909 unsigned char *p, *d;
926 int i; 910 int i;
927 unsigned int sl; 911 unsigned int sl;
928 unsigned long l; 912 unsigned long l;
929 913
930 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) 914 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
931 { 915 buf = (unsigned char *)s->init_buf->data;
932 buf=(unsigned char *)s->init_buf->data; 916 p = s->s3->server_random;
933 p=s->s3->server_random;
934 ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE); 917 ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
935 /* Do the message type and length last */ 918 /* Do the message type and length last */
936 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); 919 d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
937 920
938 *(p++)=s->version>>8; 921 *(p++) = s->version >> 8;
939 *(p++)=s->version&0xff; 922 *(p++) = s->version&0xff;
940 923
941 /* Random stuff */ 924 /* Random stuff */
942 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); 925 memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
943 p+=SSL3_RANDOM_SIZE; 926 p += SSL3_RANDOM_SIZE;
944 927
945 /* now in theory we have 3 options to sending back the 928 /* now in theory we have 3 options to sending back the
946 * session id. If it is a re-use, we send back the 929 * session id. If it is a re-use, we send back the
@@ -951,320 +934,292 @@ int dtls1_send_server_hello(SSL *s)
951 * 12-Jan-98 - I'll now support the '0' length stuff. 934 * 12-Jan-98 - I'll now support the '0' length stuff.
952 */ 935 */
953 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) 936 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
954 s->session->session_id_length=0; 937 s->session->session_id_length = 0;
955 938
956 sl=s->session->session_id_length; 939 sl = s->session->session_id_length;
957 if (sl > sizeof s->session->session_id) 940 if (sl > sizeof s->session->session_id) {
958 {
959 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); 941 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
960 return -1; 942 return -1;
961 } 943 }
962 *(p++)=sl; 944 *(p++) = sl;
963 memcpy(p,s->session->session_id,sl); 945 memcpy(p, s->session->session_id, sl);
964 p+=sl; 946 p += sl;
965 947
966 /* put the cipher */ 948 /* put the cipher */
967 if (s->s3->tmp.new_cipher == NULL) 949 if (s->s3->tmp.new_cipher == NULL)
968 return -1; 950 return -1;
969 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); 951 i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
970 p+=i; 952 p += i;
971 953
972 /* put the compression method */ 954 /* put the compression method */
973#ifdef OPENSSL_NO_COMP 955#ifdef OPENSSL_NO_COMP
974 *(p++)=0; 956 *(p++) = 0;
975#else 957#else
976 if (s->s3->tmp.new_compression == NULL) 958 if (s->s3->tmp.new_compression == NULL)
977 *(p++)=0; 959 *(p++) = 0;
978 else 960 else
979 *(p++)=s->s3->tmp.new_compression->id; 961 *(p++) = s->s3->tmp.new_compression->id;
980#endif 962#endif
981 963
982#ifndef OPENSSL_NO_TLSEXT 964#ifndef OPENSSL_NO_TLSEXT
983 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 965 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
984 { 966 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
985 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
986 return -1; 967 return -1;
987 } 968 }
988#endif 969#endif
989 970
990 /* do the header */ 971 /* do the header */
991 l=(p-d); 972 l = (p - d);
992 d=buf; 973 d = buf;
993 974
994 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); 975 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
995 976
996 s->state=SSL3_ST_SW_SRVR_HELLO_B; 977 s->state = SSL3_ST_SW_SRVR_HELLO_B;
997 /* number of bytes to write */ 978 /* number of bytes to write */
998 s->init_num=p-buf; 979 s->init_num = p - buf;
999 s->init_off=0; 980 s->init_off = 0;
1000 981
1001 /* buffer the message to handle re-xmits */ 982 /* buffer the message to handle re-xmits */
1002 dtls1_buffer_message(s, 0); 983 dtls1_buffer_message(s, 0);
1003 } 984 }
1004 985
1005 /* SSL3_ST_SW_SRVR_HELLO_B */ 986 /* SSL3_ST_SW_SRVR_HELLO_B */
1006 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 987 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1007 } 988}
1008 989
1009int dtls1_send_server_done(SSL *s) 990int
1010 { 991dtls1_send_server_done(SSL *s)
992{
1011 unsigned char *p; 993 unsigned char *p;
1012 994
1013 if (s->state == SSL3_ST_SW_SRVR_DONE_A) 995 if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
1014 { 996 p = (unsigned char *)s->init_buf->data;
1015 p=(unsigned char *)s->init_buf->data;
1016 997
1017 /* do the header */ 998 /* do the header */
1018 p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0); 999 p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
1019 1000
1020 s->state=SSL3_ST_SW_SRVR_DONE_B; 1001 s->state = SSL3_ST_SW_SRVR_DONE_B;
1021 /* number of bytes to write */ 1002 /* number of bytes to write */
1022 s->init_num=DTLS1_HM_HEADER_LENGTH; 1003 s->init_num = DTLS1_HM_HEADER_LENGTH;
1023 s->init_off=0; 1004 s->init_off = 0;
1024 1005
1025 /* buffer the message to handle re-xmits */ 1006 /* buffer the message to handle re-xmits */
1026 dtls1_buffer_message(s, 0); 1007 dtls1_buffer_message(s, 0);
1027 } 1008 }
1028 1009
1029 /* SSL3_ST_SW_SRVR_DONE_B */ 1010 /* SSL3_ST_SW_SRVR_DONE_B */
1030 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1011 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1031 } 1012}
1032 1013
1033int dtls1_send_server_key_exchange(SSL *s) 1014int
1034 { 1015dtls1_send_server_key_exchange(SSL *s)
1016{
1035#ifndef OPENSSL_NO_RSA 1017#ifndef OPENSSL_NO_RSA
1036 unsigned char *q; 1018 unsigned char *q;
1037 int j,num; 1019 int j, num;
1038 RSA *rsa; 1020 RSA *rsa;
1039 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 1021 unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1040 unsigned int u; 1022 unsigned int u;
1041#endif 1023#endif
1042#ifndef OPENSSL_NO_DH 1024#ifndef OPENSSL_NO_DH
1043 DH *dh=NULL,*dhp; 1025 DH *dh = NULL, *dhp;
1044#endif 1026#endif
1045#ifndef OPENSSL_NO_ECDH 1027#ifndef OPENSSL_NO_ECDH
1046 EC_KEY *ecdh=NULL, *ecdhp; 1028 EC_KEY *ecdh = NULL, *ecdhp;
1047 unsigned char *encodedPoint = NULL; 1029 unsigned char *encodedPoint = NULL;
1048 int encodedlen = 0; 1030 int encodedlen = 0;
1049 int curve_id = 0; 1031 int curve_id = 0;
1050 BN_CTX *bn_ctx = NULL; 1032 BN_CTX *bn_ctx = NULL;
1033
1051#endif 1034#endif
1052 EVP_PKEY *pkey; 1035 EVP_PKEY *pkey;
1053 unsigned char *p,*d; 1036 unsigned char *p, *d;
1054 int al,i; 1037 int al, i;
1055 unsigned long type; 1038 unsigned long type;
1056 int n; 1039 int n;
1057 CERT *cert; 1040 CERT *cert;
1058 BIGNUM *r[4]; 1041 BIGNUM *r[4];
1059 int nr[4],kn; 1042 int nr[4], kn;
1060 BUF_MEM *buf; 1043 BUF_MEM *buf;
1061 EVP_MD_CTX md_ctx; 1044 EVP_MD_CTX md_ctx;
1062 1045
1063 EVP_MD_CTX_init(&md_ctx); 1046 EVP_MD_CTX_init(&md_ctx);
1064 if (s->state == SSL3_ST_SW_KEY_EXCH_A) 1047 if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
1065 { 1048 type = s->s3->tmp.new_cipher->algorithm_mkey;
1066 type=s->s3->tmp.new_cipher->algorithm_mkey; 1049 cert = s->cert;
1067 cert=s->cert;
1068 1050
1069 buf=s->init_buf; 1051 buf = s->init_buf;
1070 1052
1071 r[0]=r[1]=r[2]=r[3]=NULL; 1053 r[0] = r[1] = r[2] = r[3] = NULL;
1072 n=0; 1054 n = 0;
1073#ifndef OPENSSL_NO_RSA 1055#ifndef OPENSSL_NO_RSA
1074 if (type & SSL_kRSA) 1056 if (type & SSL_kRSA) {
1075 { 1057 rsa = cert->rsa_tmp;
1076 rsa=cert->rsa_tmp; 1058 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
1077 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) 1059 rsa = s->cert->rsa_tmp_cb(s,
1078 { 1060 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1079 rsa=s->cert->rsa_tmp_cb(s, 1061 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1080 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), 1062 if (rsa == NULL) {
1081 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); 1063 al = SSL_AD_HANDSHAKE_FAILURE;
1082 if(rsa == NULL) 1064 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1083 {
1084 al=SSL_AD_HANDSHAKE_FAILURE;
1085 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1086 goto f_err; 1065 goto f_err;
1087 } 1066 }
1088 RSA_up_ref(rsa); 1067 RSA_up_ref(rsa);
1089 cert->rsa_tmp=rsa; 1068 cert->rsa_tmp = rsa;
1090 } 1069 }
1091 if (rsa == NULL) 1070 if (rsa == NULL) {
1092 { 1071 al = SSL_AD_HANDSHAKE_FAILURE;
1093 al=SSL_AD_HANDSHAKE_FAILURE; 1072 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_RSA_KEY);
1094 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
1095 goto f_err; 1073 goto f_err;
1096 }
1097 r[0]=rsa->n;
1098 r[1]=rsa->e;
1099 s->s3->tmp.use_rsa_tmp=1;
1100 } 1074 }
1101 else 1075 r[0] = rsa->n;
1076 r[1] = rsa->e;
1077 s->s3->tmp.use_rsa_tmp = 1;
1078 } else
1102#endif 1079#endif
1103#ifndef OPENSSL_NO_DH 1080#ifndef OPENSSL_NO_DH
1104 if (type & SSL_kEDH) 1081 if (type & SSL_kEDH) {
1105 { 1082 dhp = cert->dh_tmp;
1106 dhp=cert->dh_tmp;
1107 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1083 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1108 dhp=s->cert->dh_tmp_cb(s, 1084 dhp = s->cert->dh_tmp_cb(s,
1109 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), 1085 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1110 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); 1086 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1111 if (dhp == NULL) 1087 if (dhp == NULL) {
1112 { 1088 al = SSL_AD_HANDSHAKE_FAILURE;
1113 al=SSL_AD_HANDSHAKE_FAILURE; 1089 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY);
1114 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
1115 goto f_err; 1090 goto f_err;
1116 } 1091 }
1117 1092
1118 if (s->s3->tmp.dh != NULL) 1093 if (s->s3->tmp.dh != NULL) {
1119 {
1120 DH_free(dh); 1094 DH_free(dh);
1121 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1095 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1122 goto err; 1096 goto err;
1123 } 1097 }
1124 1098
1125 if ((dh=DHparams_dup(dhp)) == NULL) 1099 if ((dh = DHparams_dup(dhp)) == NULL) {
1126 { 1100 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
1127 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1128 goto err; 1101 goto err;
1129 } 1102 }
1130 1103
1131 s->s3->tmp.dh=dh; 1104 s->s3->tmp.dh = dh;
1132 if ((dhp->pub_key == NULL || 1105 if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
1133 dhp->priv_key == NULL || 1106 (s->options & SSL_OP_SINGLE_DH_USE))) {
1134 (s->options & SSL_OP_SINGLE_DH_USE))) 1107 if (!DH_generate_key(dh)) {
1135 { 1108 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
1136 if(!DH_generate_key(dh)) 1109 ERR_R_DH_LIB);
1137 { 1110 goto err;
1138 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
1139 ERR_R_DH_LIB);
1140 goto err;
1141 }
1142 } 1111 }
1143 else 1112 } else {
1144 { 1113 dh->pub_key = BN_dup(dhp->pub_key);
1145 dh->pub_key=BN_dup(dhp->pub_key); 1114 dh->priv_key = BN_dup(dhp->priv_key);
1146 dh->priv_key=BN_dup(dhp->priv_key);
1147 if ((dh->pub_key == NULL) || 1115 if ((dh->pub_key == NULL) ||
1148 (dh->priv_key == NULL)) 1116 (dh->priv_key == NULL)) {
1149 { 1117 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
1150 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1151 goto err; 1118 goto err;
1152 }
1153 } 1119 }
1154 r[0]=dh->p;
1155 r[1]=dh->g;
1156 r[2]=dh->pub_key;
1157 } 1120 }
1158 else 1121 r[0] = dh->p;
1122 r[1] = dh->g;
1123 r[2] = dh->pub_key;
1124 } else
1159#endif 1125#endif
1160#ifndef OPENSSL_NO_ECDH 1126#ifndef OPENSSL_NO_ECDH
1161 if (type & SSL_kEECDH) 1127 if (type & SSL_kEECDH) {
1162 {
1163 const EC_GROUP *group; 1128 const EC_GROUP *group;
1164 1129
1165 ecdhp=cert->ecdh_tmp; 1130 ecdhp = cert->ecdh_tmp;
1166 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) 1131 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) {
1167 { 1132 ecdhp = s->cert->ecdh_tmp_cb(s,
1168 ecdhp=s->cert->ecdh_tmp_cb(s, 1133 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1169 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), 1134 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1170 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); 1135 }
1171 } 1136 if (ecdhp == NULL) {
1172 if (ecdhp == NULL) 1137 al = SSL_AD_HANDSHAKE_FAILURE;
1173 { 1138 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY);
1174 al=SSL_AD_HANDSHAKE_FAILURE;
1175 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1176 goto f_err; 1139 goto f_err;
1177 } 1140 }
1141
1142 if (s->s3->tmp.ecdh != NULL) {
1143 EC_KEY_free(s->s3->tmp.ecdh);
1178 1144
1179 if (s->s3->tmp.ecdh != NULL)
1180 {
1181 EC_KEY_free(s->s3->tmp.ecdh);
1182 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1145 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1183 goto err; 1146 goto err;
1184 } 1147 }
1185 1148
1186 /* Duplicate the ECDH structure. */ 1149 /* Duplicate the ECDH structure. */
1187 if (ecdhp == NULL) 1150 if (ecdhp == NULL) {
1188 { 1151 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1189 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1190 goto err; 1152 goto err;
1191 } 1153 }
1192 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) 1154 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
1193 { 1155 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1194 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1195 goto err; 1156 goto err;
1196 } 1157 }
1197 1158
1198 s->s3->tmp.ecdh=ecdh; 1159 s->s3->tmp.ecdh = ecdh;
1199 if ((EC_KEY_get0_public_key(ecdh) == NULL) || 1160 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1200 (EC_KEY_get0_private_key(ecdh) == NULL) || 1161 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1201 (s->options & SSL_OP_SINGLE_ECDH_USE)) 1162 (s->options & SSL_OP_SINGLE_ECDH_USE)) {
1202 { 1163 if (!EC_KEY_generate_key(ecdh)) {
1203 if(!EC_KEY_generate_key(ecdh)) 1164 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1204 { 1165 goto err;
1205 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1206 goto err;
1207 }
1208 } 1166 }
1167 }
1209 1168
1210 if (((group = EC_KEY_get0_group(ecdh)) == NULL) || 1169 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1211 (EC_KEY_get0_public_key(ecdh) == NULL) || 1170 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1212 (EC_KEY_get0_private_key(ecdh) == NULL)) 1171 (EC_KEY_get0_private_key(ecdh) == NULL)) {
1213 { 1172 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1214 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1215 goto err; 1173 goto err;
1216 } 1174 }
1217 1175
1218 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 1176 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1219 (EC_GROUP_get_degree(group) > 163)) 1177 (EC_GROUP_get_degree(group) > 163)) {
1220 { 1178 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1221 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1222 goto err; 1179 goto err;
1223 } 1180 }
1224 1181
1225 /* XXX: For now, we only support ephemeral ECDH 1182 /* XXX: For now, we only support ephemeral ECDH
1226 * keys over named (not generic) curves. For 1183 * keys over named (not generic) curves. For
1227 * supported named curves, curve_id is non-zero. 1184 * supported named curves, curve_id is non-zero.
1228 */ 1185 */
1229 if ((curve_id = 1186 if ((curve_id = tls1_ec_nid2curve_id(
1230 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group))) 1187 EC_GROUP_get_curve_name(group))) == 0) {
1231 == 0) 1188 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1232 {
1233 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1234 goto err; 1189 goto err;
1235 } 1190 }
1236 1191
1237 /* Encode the public key. 1192 /* Encode the public key.
1238 * First check the size of encoding and 1193 * First check the size of encoding and
1239 * allocate memory accordingly. 1194 * allocate memory accordingly.
1240 */ 1195 */
1241 encodedlen = EC_POINT_point2oct(group, 1196 encodedlen = EC_POINT_point2oct(group,
1242 EC_KEY_get0_public_key(ecdh), 1197 EC_KEY_get0_public_key(ecdh),
1243 POINT_CONVERSION_UNCOMPRESSED, 1198 POINT_CONVERSION_UNCOMPRESSED,
1244 NULL, 0, NULL); 1199 NULL, 0, NULL);
1200
1201 encodedPoint = (unsigned char *)
1202 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1245 1203
1246 encodedPoint = (unsigned char *)
1247 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1248 bn_ctx = BN_CTX_new(); 1204 bn_ctx = BN_CTX_new();
1249 if ((encodedPoint == NULL) || (bn_ctx == NULL)) 1205 if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
1250 { 1206 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1251 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1252 goto err; 1207 goto err;
1253 } 1208 }
1254 1209
1255 1210
1256 encodedlen = EC_POINT_point2oct(group, 1211 encodedlen = EC_POINT_point2oct(group,
1257 EC_KEY_get0_public_key(ecdh), 1212 EC_KEY_get0_public_key(ecdh),
1258 POINT_CONVERSION_UNCOMPRESSED, 1213 POINT_CONVERSION_UNCOMPRESSED,
1259 encodedPoint, encodedlen, bn_ctx); 1214 encodedPoint, encodedlen, bn_ctx);
1260 1215
1261 if (encodedlen == 0) 1216 if (encodedlen == 0) {
1262 { 1217 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1263 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1264 goto err; 1218 goto err;
1265 } 1219 }
1266 1220
1267 BN_CTX_free(bn_ctx); bn_ctx=NULL; 1221 BN_CTX_free(bn_ctx);
1222 bn_ctx = NULL;
1268 1223
1269 /* XXX: For now, we only support named (not 1224 /* XXX: For now, we only support named (not
1270 * generic) curves in ECDH ephemeral key exchanges. 1225 * generic) curves in ECDH ephemeral key exchanges.
@@ -1277,67 +1232,56 @@ int dtls1_send_server_key_exchange(SSL *s)
1277 /* We'll generate the serverKeyExchange message 1232 /* We'll generate the serverKeyExchange message
1278 * explicitly so we can set these to NULLs 1233 * explicitly so we can set these to NULLs
1279 */ 1234 */
1280 r[0]=NULL; 1235 r[0] = NULL;
1281 r[1]=NULL; 1236 r[1] = NULL;
1282 r[2]=NULL; 1237 r[2] = NULL;
1283 r[3]=NULL; 1238 r[3] = NULL;
1284 } 1239 } else
1285 else
1286#endif /* !OPENSSL_NO_ECDH */ 1240#endif /* !OPENSSL_NO_ECDH */
1287#ifndef OPENSSL_NO_PSK 1241#ifndef OPENSSL_NO_PSK
1288 if (type & SSL_kPSK) 1242 if (type & SSL_kPSK) {
1289 { 1243 /* reserve size for record length and PSK identity hint*/
1290 /* reserve size for record length and PSK identity hint*/ 1244 n += 2 + strlen(s->ctx->psk_identity_hint);
1291 n+=2+strlen(s->ctx->psk_identity_hint); 1245 } else
1292 }
1293 else
1294#endif /* !OPENSSL_NO_PSK */ 1246#endif /* !OPENSSL_NO_PSK */
1295 { 1247 {
1296 al=SSL_AD_HANDSHAKE_FAILURE; 1248 al = SSL_AD_HANDSHAKE_FAILURE;
1297 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1249 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1298 goto f_err; 1250 goto f_err;
1299 } 1251 }
1300 for (i=0; r[i] != NULL; i++) 1252 for (i = 0; r[i] != NULL; i++) {
1301 { 1253 nr[i] = BN_num_bytes(r[i]);
1302 nr[i]=BN_num_bytes(r[i]); 1254 n += 2 + nr[i];
1303 n+=2+nr[i]; 1255 }
1304 }
1305 1256
1306 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) 1257 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1307 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 1258 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
1308 { 1259 if ((pkey = ssl_get_sign_pkey(s,
1309 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL)) 1260 s->s3->tmp.new_cipher, NULL)) == NULL) {
1310 == NULL) 1261 al = SSL_AD_DECODE_ERROR;
1311 {
1312 al=SSL_AD_DECODE_ERROR;
1313 goto f_err; 1262 goto f_err;
1314 }
1315 kn=EVP_PKEY_size(pkey);
1316 }
1317 else
1318 {
1319 pkey=NULL;
1320 kn=0;
1321 } 1263 }
1264 kn = EVP_PKEY_size(pkey);
1265 } else {
1266 pkey = NULL;
1267 kn = 0;
1268 }
1322 1269
1323 if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn)) 1270 if (!BUF_MEM_grow_clean(buf, n + DTLS1_HM_HEADER_LENGTH + kn)) {
1324 { 1271 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
1325 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1326 goto err; 1272 goto err;
1327 } 1273 }
1328 d=(unsigned char *)s->init_buf->data; 1274 d = (unsigned char *)s->init_buf->data;
1329 p= &(d[DTLS1_HM_HEADER_LENGTH]); 1275 p = &(d[DTLS1_HM_HEADER_LENGTH]);
1330 1276
1331 for (i=0; r[i] != NULL; i++) 1277 for (i = 0; r[i] != NULL; i++) {
1332 { 1278 s2n(nr[i], p);
1333 s2n(nr[i],p); 1279 BN_bn2bin(r[i], p);
1334 BN_bn2bin(r[i],p); 1280 p += nr[i];
1335 p+=nr[i]; 1281 }
1336 }
1337 1282
1338#ifndef OPENSSL_NO_ECDH 1283#ifndef OPENSSL_NO_ECDH
1339 if (type & SSL_kEECDH) 1284 if (type & SSL_kEECDH) {
1340 {
1341 /* XXX: For now, we only support named (not generic) curves. 1285 /* XXX: For now, we only support named (not generic) curves.
1342 * In this situation, the serverKeyExchange message has: 1286 * In this situation, the serverKeyExchange message has:
1343 * [1 byte CurveType], [2 byte CurveName] 1287 * [1 byte CurveType], [2 byte CurveName]
@@ -1352,268 +1296,257 @@ int dtls1_send_server_key_exchange(SSL *s)
1352 p += 1; 1296 p += 1;
1353 *p = encodedlen; 1297 *p = encodedlen;
1354 p += 1; 1298 p += 1;
1355 memcpy((unsigned char*)p, 1299 memcpy((unsigned char*)p,
1356 (unsigned char *)encodedPoint, 1300 (unsigned char *)encodedPoint,
1357 encodedlen); 1301 encodedlen);
1358 OPENSSL_free(encodedPoint); 1302 OPENSSL_free(encodedPoint);
1359 p += encodedlen; 1303 p += encodedlen;
1360 } 1304 }
1361#endif 1305#endif
1362 1306
1363#ifndef OPENSSL_NO_PSK 1307#ifndef OPENSSL_NO_PSK
1364 if (type & SSL_kPSK) 1308 if (type & SSL_kPSK) {
1365 {
1366 /* copy PSK identity hint */ 1309 /* copy PSK identity hint */
1367 s2n(strlen(s->ctx->psk_identity_hint), p); 1310 s2n(strlen(s->ctx->psk_identity_hint), p);
1311
1368 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint)); 1312 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1369 p+=strlen(s->ctx->psk_identity_hint); 1313 p += strlen(s->ctx->psk_identity_hint);
1370 } 1314 }
1371#endif 1315#endif
1372 1316
1373 /* not anonymous */ 1317 /* not anonymous */
1374 if (pkey != NULL) 1318 if (pkey != NULL) {
1375 {
1376 /* n is the length of the params, they start at 1319 /* n is the length of the params, they start at
1377 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space 1320 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
1378 * at the end. */ 1321 * at the end. */
1379#ifndef OPENSSL_NO_RSA 1322#ifndef OPENSSL_NO_RSA
1380 if (pkey->type == EVP_PKEY_RSA) 1323 if (pkey->type == EVP_PKEY_RSA) {
1381 { 1324 q = md_buf;
1382 q=md_buf; 1325 j = 0;
1383 j=0; 1326 for (num = 2; num > 0; num--) {
1384 for (num=2; num > 0; num--) 1327 EVP_DigestInit_ex(&md_ctx, (num == 2)
1385 { 1328 ? s->ctx->md5 : s->ctx->sha1, NULL);
1386 EVP_DigestInit_ex(&md_ctx,(num == 2) 1329 EVP_DigestUpdate(&md_ctx,
1387 ?s->ctx->md5:s->ctx->sha1, NULL); 1330 &(s->s3->client_random[0]),
1388 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1331 SSL3_RANDOM_SIZE);
1389 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1332 EVP_DigestUpdate(&md_ctx,
1390 EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); 1333 &(s->s3->server_random[0]),
1391 EVP_DigestFinal_ex(&md_ctx,q, 1334 SSL3_RANDOM_SIZE);
1392 (unsigned int *)&i); 1335 EVP_DigestUpdate(&md_ctx,
1393 q+=i; 1336 &(d[DTLS1_HM_HEADER_LENGTH]), n);
1394 j+=i; 1337 EVP_DigestFinal_ex(&md_ctx, q,
1395 } 1338 (unsigned int *)&i);
1396 if (RSA_sign(NID_md5_sha1, md_buf, j, 1339 q += i;
1397 &(p[2]), &u, pkey->pkey.rsa) <= 0) 1340 j += i;
1398 { 1341 }
1399 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); 1342 if (RSA_sign(NID_md5_sha1, md_buf, j, &(p[2]),
1343 &u, pkey->pkey.rsa) <= 0) {
1344 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
1400 goto err; 1345 goto err;
1401 }
1402 s2n(u,p);
1403 n+=u+2;
1404 } 1346 }
1405 else 1347 s2n(u, p);
1348 n += u + 2;
1349 } else
1406#endif 1350#endif
1407#if !defined(OPENSSL_NO_DSA) 1351#if !defined(OPENSSL_NO_DSA)
1408 if (pkey->type == EVP_PKEY_DSA) 1352 if (pkey->type == EVP_PKEY_DSA) {
1409 {
1410 /* lets do DSS */ 1353 /* lets do DSS */
1411 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); 1354 EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
1412 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1355 EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1413 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1356 EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1414 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); 1357 EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
1415 if (!EVP_SignFinal(&md_ctx,&(p[2]), 1358 if (!EVP_SignFinal(&md_ctx, &(p[2]),
1416 (unsigned int *)&i,pkey)) 1359 (unsigned int *)&i, pkey)) {
1417 { 1360 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA);
1418 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
1419 goto err; 1361 goto err;
1420 }
1421 s2n(i,p);
1422 n+=i+2;
1423 } 1362 }
1424 else 1363 s2n(i, p);
1364 n += i + 2;
1365 } else
1425#endif 1366#endif
1426#if !defined(OPENSSL_NO_ECDSA) 1367#if !defined(OPENSSL_NO_ECDSA)
1427 if (pkey->type == EVP_PKEY_EC) 1368 if (pkey->type == EVP_PKEY_EC) {
1428 {
1429 /* let's do ECDSA */ 1369 /* let's do ECDSA */
1430 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); 1370 EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL);
1431 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1371 EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1432 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1372 EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1433 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); 1373 EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
1434 if (!EVP_SignFinal(&md_ctx,&(p[2]), 1374 if (!EVP_SignFinal(&md_ctx, &(p[2]),
1435 (unsigned int *)&i,pkey)) 1375 (unsigned int *)&i, pkey)) {
1436 { 1376 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_ECDSA);
1437 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
1438 goto err; 1377 goto err;
1439 }
1440 s2n(i,p);
1441 n+=i+2;
1442 } 1378 }
1443 else 1379 s2n(i, p);
1380 n += i + 2;
1381 } else
1444#endif 1382#endif
1445 { 1383 {
1446 /* Is this error check actually needed? */ 1384 /* Is this error check actually needed? */
1447 al=SSL_AD_HANDSHAKE_FAILURE; 1385 al = SSL_AD_HANDSHAKE_FAILURE;
1448 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE); 1386 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_PKEY_TYPE);
1449 goto f_err; 1387 goto f_err;
1450 }
1451 } 1388 }
1389 }
1452 1390
1453 d = dtls1_set_message_header(s, d, 1391 d = dtls1_set_message_header(s, d,
1454 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n); 1392 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
1455 1393
1456 /* we should now have things packed up, so lets send 1394 /* we should now have things packed up, so lets send
1457 * it off */ 1395 * it off */
1458 s->init_num=n+DTLS1_HM_HEADER_LENGTH; 1396 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1459 s->init_off=0; 1397 s->init_off = 0;
1460 1398
1461 /* buffer the message to handle re-xmits */ 1399 /* buffer the message to handle re-xmits */
1462 dtls1_buffer_message(s, 0); 1400 dtls1_buffer_message(s, 0);
1463 } 1401 }
1464 1402
1465 s->state = SSL3_ST_SW_KEY_EXCH_B; 1403 s->state = SSL3_ST_SW_KEY_EXCH_B;
1466 EVP_MD_CTX_cleanup(&md_ctx); 1404 EVP_MD_CTX_cleanup(&md_ctx);
1467 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1405 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1468f_err: 1406f_err:
1469 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1407 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1470err: 1408err:
1471#ifndef OPENSSL_NO_ECDH 1409#ifndef OPENSSL_NO_ECDH
1472 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 1410 if (encodedPoint != NULL)
1411 OPENSSL_free(encodedPoint);
1473 BN_CTX_free(bn_ctx); 1412 BN_CTX_free(bn_ctx);
1474#endif 1413#endif
1475 EVP_MD_CTX_cleanup(&md_ctx); 1414 EVP_MD_CTX_cleanup(&md_ctx);
1476 return(-1); 1415 return (-1);
1477 } 1416}
1478 1417
1479int dtls1_send_certificate_request(SSL *s) 1418int
1480 { 1419dtls1_send_certificate_request(SSL *s)
1481 unsigned char *p,*d; 1420{
1482 int i,j,nl,off,n; 1421 unsigned char *p, *d;
1483 STACK_OF(X509_NAME) *sk=NULL; 1422 int i, j, nl, off, n;
1423 STACK_OF(X509_NAME) *sk = NULL;
1484 X509_NAME *name; 1424 X509_NAME *name;
1485 BUF_MEM *buf; 1425 BUF_MEM *buf;
1486 unsigned int msg_len; 1426 unsigned int msg_len;
1487 1427
1488 if (s->state == SSL3_ST_SW_CERT_REQ_A) 1428 if (s->state == SSL3_ST_SW_CERT_REQ_A) {
1489 { 1429 buf = s->init_buf;
1490 buf=s->init_buf;
1491 1430
1492 d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); 1431 d = p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1493 1432
1494 /* get the list of acceptable cert types */ 1433 /* get the list of acceptable cert types */
1495 p++; 1434 p++;
1496 n=ssl3_get_req_cert_type(s,p); 1435 n = ssl3_get_req_cert_type(s, p);
1497 d[0]=n; 1436 d[0] = n;
1498 p+=n; 1437 p += n;
1499 n++; 1438 n++;
1500 1439
1501 off=n; 1440 off = n;
1502 p+=2; 1441 p += 2;
1503 n+=2; 1442 n += 2;
1504 1443
1505 sk=SSL_get_client_CA_list(s); 1444 sk = SSL_get_client_CA_list(s);
1506 nl=0; 1445 nl = 0;
1507 if (sk != NULL) 1446 if (sk != NULL) {
1508 { 1447 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
1509 for (i=0; i<sk_X509_NAME_num(sk); i++) 1448 name = sk_X509_NAME_value(sk, i);
1510 { 1449 j = i2d_X509_NAME(name, NULL);
1511 name=sk_X509_NAME_value(sk,i); 1450 if (!BUF_MEM_grow_clean(buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
1512 j=i2d_X509_NAME(name,NULL); 1451 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
1513 if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
1514 {
1515 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1516 goto err; 1452 goto err;
1517 } 1453 }
1518 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]); 1454 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
1519 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) 1455 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
1520 { 1456 s2n(j, p);
1521 s2n(j,p); 1457 i2d_X509_NAME(name, &p);
1522 i2d_X509_NAME(name,&p); 1458 n += 2 + j;
1523 n+=2+j; 1459 nl += 2 + j;
1524 nl+=2+j; 1460 } else {
1525 } 1461 d = p;
1526 else 1462 i2d_X509_NAME(name, &p);
1527 { 1463 j -= 2;
1528 d=p; 1464 s2n(j, d);
1529 i2d_X509_NAME(name,&p); 1465 j += 2;
1530 j-=2; s2n(j,d); j+=2; 1466 n += j;
1531 n+=j; 1467 nl += j;
1532 nl+=j;
1533 }
1534 } 1468 }
1535 } 1469 }
1470 }
1536 /* else no CA names */ 1471 /* else no CA names */
1537 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]); 1472 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
1538 s2n(nl,p); 1473 s2n(nl, p);
1539 1474
1540 d=(unsigned char *)buf->data; 1475 d = (unsigned char *)buf->data;
1541 *(d++)=SSL3_MT_CERTIFICATE_REQUEST; 1476 *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
1542 l2n3(n,d); 1477 l2n3(n, d);
1543 s2n(s->d1->handshake_write_seq,d); 1478 s2n(s->d1->handshake_write_seq, d);
1544 s->d1->handshake_write_seq++; 1479 s->d1->handshake_write_seq++;
1545 1480
1546 /* we should now have things packed up, so lets send 1481 /* we should now have things packed up, so lets send
1547 * it off */ 1482 * it off */
1548 1483
1549 s->init_num=n+DTLS1_HM_HEADER_LENGTH; 1484 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1550 s->init_off=0; 1485 s->init_off = 0;
1551#ifdef NETSCAPE_HANG_BUG 1486#ifdef NETSCAPE_HANG_BUG
1552/* XXX: what to do about this? */ 1487/* XXX: what to do about this? */
1553 p=(unsigned char *)s->init_buf->data + s->init_num; 1488 p = (unsigned char *)s->init_buf->data + s->init_num;
1554 1489
1555 /* do the header */ 1490 /* do the header */
1556 *(p++)=SSL3_MT_SERVER_DONE; 1491 *(p++) = SSL3_MT_SERVER_DONE;
1557 *(p++)=0; 1492 *(p++) = 0;
1558 *(p++)=0; 1493 *(p++) = 0;
1559 *(p++)=0; 1494 *(p++) = 0;
1560 s->init_num += 4; 1495 s->init_num += 4;
1561#endif 1496#endif
1562 1497
1563 /* XDTLS: set message header ? */ 1498 /* XDTLS: set message header ? */
1564 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; 1499 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1565 dtls1_set_message_header(s, (void *)s->init_buf->data, 1500 dtls1_set_message_header(s, (void *)s->init_buf->data,
1566 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); 1501 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
1567 1502
1568 /* buffer the message to handle re-xmits */ 1503 /* buffer the message to handle re-xmits */
1569 dtls1_buffer_message(s, 0); 1504 dtls1_buffer_message(s, 0);
1570 1505
1571 s->state = SSL3_ST_SW_CERT_REQ_B; 1506 s->state = SSL3_ST_SW_CERT_REQ_B;
1572 } 1507 }
1573 1508
1574 /* SSL3_ST_SW_CERT_REQ_B */ 1509 /* SSL3_ST_SW_CERT_REQ_B */
1575 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1510 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1576err: 1511err:
1577 return(-1); 1512 return (-1);
1578 } 1513}
1579 1514
1580int dtls1_send_server_certificate(SSL *s) 1515int
1581 { 1516dtls1_send_server_certificate(SSL *s)
1517{
1582 unsigned long l; 1518 unsigned long l;
1583 X509 *x; 1519 X509 *x;
1584 1520
1585 if (s->state == SSL3_ST_SW_CERT_A) 1521 if (s->state == SSL3_ST_SW_CERT_A) {
1586 { 1522 x = ssl_get_server_send_cert(s);
1587 x=ssl_get_server_send_cert(s); 1523 if (x == NULL) {
1588 if (x == NULL)
1589 {
1590 /* VRS: allow null cert if auth == KRB5 */ 1524 /* VRS: allow null cert if auth == KRB5 */
1591 if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) || 1525 if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
1592 (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) 1526 (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) {
1593 { 1527 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
1594 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); 1528 return (0);
1595 return(0);
1596 }
1597 } 1529 }
1530 }
1598 1531
1599 l=dtls1_output_cert_chain(s,x); 1532 l = dtls1_output_cert_chain(s, x);
1600 s->state=SSL3_ST_SW_CERT_B; 1533 s->state = SSL3_ST_SW_CERT_B;
1601 s->init_num=(int)l; 1534 s->init_num = (int)l;
1602 s->init_off=0; 1535 s->init_off = 0;
1603 1536
1604 /* buffer the message to handle re-xmits */ 1537 /* buffer the message to handle re-xmits */
1605 dtls1_buffer_message(s, 0); 1538 dtls1_buffer_message(s, 0);
1606 } 1539 }
1607 1540
1608 /* SSL3_ST_SW_CERT_B */ 1541 /* SSL3_ST_SW_CERT_B */
1609 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1542 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1610 } 1543}
1611 1544
1612#ifndef OPENSSL_NO_TLSEXT 1545#ifndef OPENSSL_NO_TLSEXT
1613int dtls1_send_newsession_ticket(SSL *s) 1546int
1614 { 1547dtls1_send_newsession_ticket(SSL *s)
1615 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) 1548{
1616 { 1549 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
1617 unsigned char *p, *senc, *macstart; 1550 unsigned char *p, *senc, *macstart;
1618 int len, slen; 1551 int len, slen;
1619 unsigned int hlen, msg_len; 1552 unsigned int hlen, msg_len;
@@ -1638,8 +1571,8 @@ int dtls1_send_newsession_ticket(SSL *s)
1638 * length) + max_md_size (HMAC). 1571 * length) + max_md_size (HMAC).
1639 */ 1572 */
1640 if (!BUF_MEM_grow(s->init_buf, 1573 if (!BUF_MEM_grow(s->init_buf,
1641 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH + 1574 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
1642 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) 1575 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
1643 return -1; 1576 return -1;
1644 senc = OPENSSL_malloc(slen); 1577 senc = OPENSSL_malloc(slen);
1645 if (!senc) 1578 if (!senc)
@@ -1647,31 +1580,27 @@ int dtls1_send_newsession_ticket(SSL *s)
1647 p = senc; 1580 p = senc;
1648 i2d_SSL_SESSION(s->session, &p); 1581 i2d_SSL_SESSION(s->session, &p);
1649 1582
1650 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); 1583 p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
1651 EVP_CIPHER_CTX_init(&ctx); 1584 EVP_CIPHER_CTX_init(&ctx);
1652 HMAC_CTX_init(&hctx); 1585 HMAC_CTX_init(&hctx);
1653 /* Initialize HMAC and cipher contexts. If callback present 1586 /* Initialize HMAC and cipher contexts. If callback present
1654 * it does all the work otherwise use generated values 1587 * it does all the work otherwise use generated values
1655 * from parent ctx. 1588 * from parent ctx.
1656 */ 1589 */
1657 if (tctx->tlsext_ticket_key_cb) 1590 if (tctx->tlsext_ticket_key_cb) {
1658 {
1659 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, 1591 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
1660 &hctx, 1) < 0) 1592 &hctx, 1) < 0) {
1661 {
1662 OPENSSL_free(senc); 1593 OPENSSL_free(senc);
1663 return -1; 1594 return -1;
1664 }
1665 } 1595 }
1666 else 1596 } else {
1667 {
1668 RAND_pseudo_bytes(iv, 16); 1597 RAND_pseudo_bytes(iv, 16);
1669 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 1598 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
1670 tctx->tlsext_tick_aes_key, iv); 1599 tctx->tlsext_tick_aes_key, iv);
1671 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, 1600 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
1672 tlsext_tick_md(), NULL); 1601 tlsext_tick_md(), NULL);
1673 memcpy(key_name, tctx->tlsext_tick_key_name, 16); 1602 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
1674 } 1603 }
1675 l2n(s->session->tlsext_tick_lifetime_hint, p); 1604 l2n(s->session->tlsext_tick_lifetime_hint, p);
1676 /* Skip ticket length for now */ 1605 /* Skip ticket length for now */
1677 p += 2; 1606 p += 2;
@@ -1698,25 +1627,25 @@ int dtls1_send_newsession_ticket(SSL *s)
1698 /* Total length */ 1627 /* Total length */
1699 len = p - (unsigned char *)(s->init_buf->data); 1628 len = p - (unsigned char *)(s->init_buf->data);
1700 /* Ticket length */ 1629 /* Ticket length */
1701 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4; 1630 p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
1702 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p); 1631 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
1703 1632
1704 /* number of bytes to write */ 1633 /* number of bytes to write */
1705 s->init_num= len; 1634 s->init_num = len;
1706 s->state=SSL3_ST_SW_SESSION_TICKET_B; 1635 s->state = SSL3_ST_SW_SESSION_TICKET_B;
1707 s->init_off=0; 1636 s->init_off = 0;
1708 OPENSSL_free(senc); 1637 OPENSSL_free(senc);
1709 1638
1710 /* XDTLS: set message header ? */ 1639 /* XDTLS: set message header ? */
1711 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; 1640 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1712 dtls1_set_message_header(s, (void *)s->init_buf->data, 1641 dtls1_set_message_header(s, (void *)s->init_buf->data,
1713 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); 1642 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
1714 1643
1715 /* buffer the message to handle re-xmits */ 1644 /* buffer the message to handle re-xmits */
1716 dtls1_buffer_message(s, 0); 1645 dtls1_buffer_message(s, 0);
1717 } 1646 }
1718 1647
1719 /* SSL3_ST_SW_SESSION_TICKET_B */ 1648 /* SSL3_ST_SW_SESSION_TICKET_B */
1720 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1649 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1721 } 1650}
1722#endif 1651#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 06:17:36 +0000