diff options
| author | djm <> | 2012-10-13 21:25:14 +0000 |
|---|---|---|
| committer | djm <> | 2012-10-13 21:25:14 +0000 |
| commit | 93723b50b639d8dc717bc1bf463fd46e1b321239 (patch) | |
| tree | 281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libssl/d1_srvr.c | |
| parent | 65e72ac55a6405783db7a12d7e35a7561d46005b (diff) | |
| download | openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.gz openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.bz2 openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.zip | |
resolve conflicts
Diffstat (limited to 'src/lib/libssl/d1_srvr.c')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 186 |
1 files changed, 167 insertions, 19 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 149983be30..29421da9aa 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -151,6 +151,10 @@ int dtls1_accept(SSL *s) | |||
| 151 | int ret= -1; | 151 | int ret= -1; |
| 152 | int new_state,state,skip=0; | 152 | int new_state,state,skip=0; |
| 153 | int listen; | 153 | int listen; |
| 154 | #ifndef OPENSSL_NO_SCTP | ||
| 155 | unsigned char sctpauthkey[64]; | ||
| 156 | char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; | ||
| 157 | #endif | ||
| 154 | 158 | ||
| 155 | RAND_add(&Time,sizeof(Time),0); | 159 | RAND_add(&Time,sizeof(Time),0); |
| 156 | ERR_clear_error(); | 160 | ERR_clear_error(); |
| @@ -168,6 +172,13 @@ int dtls1_accept(SSL *s) | |||
| 168 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | 172 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); |
| 169 | 173 | ||
| 170 | s->d1->listen = listen; | 174 | s->d1->listen = listen; |
| 175 | #ifndef OPENSSL_NO_SCTP | ||
| 176 | /* Notify SCTP BIO socket to enter handshake | ||
| 177 | * mode and prevent stream identifier other | ||
| 178 | * than 0. Will be ignored if no SCTP is used. | ||
| 179 | */ | ||
| 180 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); | ||
| 181 | #endif | ||
| 171 | 182 | ||
| 172 | if (s->cert == NULL) | 183 | if (s->cert == NULL) |
| 173 | { | 184 | { |
| @@ -175,6 +186,19 @@ int dtls1_accept(SSL *s) | |||
| 175 | return(-1); | 186 | return(-1); |
| 176 | } | 187 | } |
| 177 | 188 | ||
| 189 | #ifndef OPENSSL_NO_HEARTBEATS | ||
| 190 | /* If we're awaiting a HeartbeatResponse, pretend we | ||
| 191 | * already got and don't await it anymore, because | ||
| 192 | * Heartbeats don't make sense during handshakes anyway. | ||
| 193 | */ | ||
| 194 | if (s->tlsext_hb_pending) | ||
| 195 | { | ||
| 196 | dtls1_stop_timer(s); | ||
| 197 | s->tlsext_hb_pending = 0; | ||
| 198 | s->tlsext_hb_seq++; | ||
| 199 | } | ||
| 200 | #endif | ||
| 201 | |||
| 178 | for (;;) | 202 | for (;;) |
| 179 | { | 203 | { |
| 180 | state=s->state; | 204 | state=s->state; |
| @@ -182,7 +206,7 @@ int dtls1_accept(SSL *s) | |||
| 182 | switch (s->state) | 206 | switch (s->state) |
| 183 | { | 207 | { |
| 184 | case SSL_ST_RENEGOTIATE: | 208 | case SSL_ST_RENEGOTIATE: |
| 185 | s->new_session=1; | 209 | s->renegotiate=1; |
| 186 | /* s->state=SSL_ST_ACCEPT; */ | 210 | /* s->state=SSL_ST_ACCEPT; */ |
| 187 | 211 | ||
| 188 | case SSL_ST_BEFORE: | 212 | case SSL_ST_BEFORE: |
| @@ -227,8 +251,12 @@ int dtls1_accept(SSL *s) | |||
| 227 | { | 251 | { |
| 228 | /* Ok, we now need to push on a buffering BIO so that | 252 | /* Ok, we now need to push on a buffering BIO so that |
| 229 | * the output is sent in a way that TCP likes :-) | 253 | * the output is sent in a way that TCP likes :-) |
| 254 | * ...but not with SCTP :-) | ||
| 230 | */ | 255 | */ |
| 231 | if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } | 256 | #ifndef OPENSSL_NO_SCTP |
| 257 | if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) | ||
| 258 | #endif | ||
| 259 | if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } | ||
| 232 | 260 | ||
| 233 | ssl3_init_finished_mac(s); | 261 | ssl3_init_finished_mac(s); |
| 234 | s->state=SSL3_ST_SR_CLNT_HELLO_A; | 262 | s->state=SSL3_ST_SR_CLNT_HELLO_A; |
| @@ -313,25 +341,75 @@ int dtls1_accept(SSL *s) | |||
| 313 | ssl3_init_finished_mac(s); | 341 | ssl3_init_finished_mac(s); |
| 314 | break; | 342 | break; |
| 315 | 343 | ||
| 344 | #ifndef OPENSSL_NO_SCTP | ||
| 345 | case DTLS1_SCTP_ST_SR_READ_SOCK: | ||
| 346 | |||
| 347 | if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) | ||
| 348 | { | ||
| 349 | s->s3->in_read_app_data=2; | ||
| 350 | s->rwstate=SSL_READING; | ||
| 351 | BIO_clear_retry_flags(SSL_get_rbio(s)); | ||
| 352 | BIO_set_retry_read(SSL_get_rbio(s)); | ||
| 353 | ret = -1; | ||
| 354 | goto end; | ||
| 355 | } | ||
| 356 | |||
| 357 | s->state=SSL3_ST_SR_FINISHED_A; | ||
| 358 | break; | ||
| 359 | |||
| 360 | case DTLS1_SCTP_ST_SW_WRITE_SOCK: | ||
| 361 | ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); | ||
| 362 | if (ret < 0) goto end; | ||
| 363 | |||
| 364 | if (ret == 0) | ||
| 365 | { | ||
| 366 | if (s->d1->next_state != SSL_ST_OK) | ||
| 367 | { | ||
| 368 | s->s3->in_read_app_data=2; | ||
| 369 | s->rwstate=SSL_READING; | ||
| 370 | BIO_clear_retry_flags(SSL_get_rbio(s)); | ||
| 371 | BIO_set_retry_read(SSL_get_rbio(s)); | ||
| 372 | ret = -1; | ||
| 373 | goto end; | ||
| 374 | } | ||
| 375 | } | ||
| 376 | |||
| 377 | s->state=s->d1->next_state; | ||
| 378 | break; | ||
| 379 | #endif | ||
| 380 | |||
| 316 | case SSL3_ST_SW_SRVR_HELLO_A: | 381 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 317 | case SSL3_ST_SW_SRVR_HELLO_B: | 382 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 318 | s->new_session = 2; | 383 | s->renegotiate = 2; |
| 319 | dtls1_start_timer(s); | 384 | dtls1_start_timer(s); |
| 320 | ret=dtls1_send_server_hello(s); | 385 | ret=dtls1_send_server_hello(s); |
| 321 | if (ret <= 0) goto end; | 386 | if (ret <= 0) goto end; |
| 322 | 387 | ||
| 323 | #ifndef OPENSSL_NO_TLSEXT | ||
| 324 | if (s->hit) | 388 | if (s->hit) |
| 325 | { | 389 | { |
| 390 | #ifndef OPENSSL_NO_SCTP | ||
| 391 | /* Add new shared key for SCTP-Auth, | ||
| 392 | * will be ignored if no SCTP used. | ||
| 393 | */ | ||
| 394 | snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), | ||
| 395 | DTLS1_SCTP_AUTH_LABEL); | ||
| 396 | |||
| 397 | SSL_export_keying_material(s, sctpauthkey, | ||
| 398 | sizeof(sctpauthkey), labelbuffer, | ||
| 399 | sizeof(labelbuffer), NULL, 0, 0); | ||
| 400 | |||
| 401 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, | ||
| 402 | sizeof(sctpauthkey), sctpauthkey); | ||
| 403 | #endif | ||
| 404 | #ifndef OPENSSL_NO_TLSEXT | ||
| 326 | if (s->tlsext_ticket_expected) | 405 | if (s->tlsext_ticket_expected) |
| 327 | s->state=SSL3_ST_SW_SESSION_TICKET_A; | 406 | s->state=SSL3_ST_SW_SESSION_TICKET_A; |
| 328 | else | 407 | else |
| 329 | s->state=SSL3_ST_SW_CHANGE_A; | 408 | s->state=SSL3_ST_SW_CHANGE_A; |
| 330 | } | ||
| 331 | #else | 409 | #else |
| 332 | if (s->hit) | 410 | s->state=SSL3_ST_SW_CHANGE_A; |
| 333 | s->state=SSL3_ST_SW_CHANGE_A; | ||
| 334 | #endif | 411 | #endif |
| 412 | } | ||
| 335 | else | 413 | else |
| 336 | s->state=SSL3_ST_SW_CERT_A; | 414 | s->state=SSL3_ST_SW_CERT_A; |
| 337 | s->init_num=0; | 415 | s->init_num=0; |
| @@ -441,6 +519,13 @@ int dtls1_accept(SSL *s) | |||
| 441 | skip=1; | 519 | skip=1; |
| 442 | s->s3->tmp.cert_request=0; | 520 | s->s3->tmp.cert_request=0; |
| 443 | s->state=SSL3_ST_SW_SRVR_DONE_A; | 521 | s->state=SSL3_ST_SW_SRVR_DONE_A; |
| 522 | #ifndef OPENSSL_NO_SCTP | ||
| 523 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) | ||
| 524 | { | ||
| 525 | s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; | ||
| 526 | s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; | ||
| 527 | } | ||
| 528 | #endif | ||
| 444 | } | 529 | } |
| 445 | else | 530 | else |
| 446 | { | 531 | { |
| @@ -450,9 +535,23 @@ int dtls1_accept(SSL *s) | |||
| 450 | if (ret <= 0) goto end; | 535 | if (ret <= 0) goto end; |
| 451 | #ifndef NETSCAPE_HANG_BUG | 536 | #ifndef NETSCAPE_HANG_BUG |
| 452 | s->state=SSL3_ST_SW_SRVR_DONE_A; | 537 | s->state=SSL3_ST_SW_SRVR_DONE_A; |
| 538 | #ifndef OPENSSL_NO_SCTP | ||
| 539 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) | ||
| 540 | { | ||
| 541 | s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; | ||
| 542 | s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; | ||
| 543 | } | ||
| 544 | #endif | ||
| 453 | #else | 545 | #else |
| 454 | s->state=SSL3_ST_SW_FLUSH; | 546 | s->state=SSL3_ST_SW_FLUSH; |
| 455 | s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; | 547 | s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; |
| 548 | #ifndef OPENSSL_NO_SCTP | ||
| 549 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) | ||
| 550 | { | ||
| 551 | s->d1->next_state = s->s3->tmp.next_state; | ||
| 552 | s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; | ||
| 553 | } | ||
| 554 | #endif | ||
| 456 | #endif | 555 | #endif |
| 457 | s->init_num=0; | 556 | s->init_num=0; |
| 458 | } | 557 | } |
| @@ -472,6 +571,13 @@ int dtls1_accept(SSL *s) | |||
| 472 | s->rwstate=SSL_WRITING; | 571 | s->rwstate=SSL_WRITING; |
| 473 | if (BIO_flush(s->wbio) <= 0) | 572 | if (BIO_flush(s->wbio) <= 0) |
| 474 | { | 573 | { |
| 574 | /* If the write error was fatal, stop trying */ | ||
| 575 | if (!BIO_should_retry(s->wbio)) | ||
| 576 | { | ||
| 577 | s->rwstate=SSL_NOTHING; | ||
| 578 | s->state=s->s3->tmp.next_state; | ||
| 579 | } | ||
| 580 | |||
| 475 | ret= -1; | 581 | ret= -1; |
| 476 | goto end; | 582 | goto end; |
| 477 | } | 583 | } |
| @@ -485,15 +591,16 @@ int dtls1_accept(SSL *s) | |||
| 485 | ret = ssl3_check_client_hello(s); | 591 | ret = ssl3_check_client_hello(s); |
| 486 | if (ret <= 0) | 592 | if (ret <= 0) |
| 487 | goto end; | 593 | goto end; |
| 488 | dtls1_stop_timer(s); | ||
| 489 | if (ret == 2) | 594 | if (ret == 2) |
| 595 | { | ||
| 596 | dtls1_stop_timer(s); | ||
| 490 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | 597 | s->state = SSL3_ST_SR_CLNT_HELLO_C; |
| 598 | } | ||
| 491 | else { | 599 | else { |
| 492 | /* could be sent for a DH cert, even if we | 600 | /* could be sent for a DH cert, even if we |
| 493 | * have not asked for it :-) */ | 601 | * have not asked for it :-) */ |
| 494 | ret=ssl3_get_client_certificate(s); | 602 | ret=ssl3_get_client_certificate(s); |
| 495 | if (ret <= 0) goto end; | 603 | if (ret <= 0) goto end; |
| 496 | dtls1_stop_timer(s); | ||
| 497 | s->init_num=0; | 604 | s->init_num=0; |
| 498 | s->state=SSL3_ST_SR_KEY_EXCH_A; | 605 | s->state=SSL3_ST_SR_KEY_EXCH_A; |
| 499 | } | 606 | } |
| @@ -503,7 +610,21 @@ int dtls1_accept(SSL *s) | |||
| 503 | case SSL3_ST_SR_KEY_EXCH_B: | 610 | case SSL3_ST_SR_KEY_EXCH_B: |
| 504 | ret=ssl3_get_client_key_exchange(s); | 611 | ret=ssl3_get_client_key_exchange(s); |
| 505 | if (ret <= 0) goto end; | 612 | if (ret <= 0) goto end; |
| 506 | dtls1_stop_timer(s); | 613 | #ifndef OPENSSL_NO_SCTP |
| 614 | /* Add new shared key for SCTP-Auth, | ||
| 615 | * will be ignored if no SCTP used. | ||
| 616 | */ | ||
| 617 | snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), | ||
| 618 | DTLS1_SCTP_AUTH_LABEL); | ||
| 619 | |||
| 620 | SSL_export_keying_material(s, sctpauthkey, | ||
| 621 | sizeof(sctpauthkey), labelbuffer, | ||
| 622 | sizeof(labelbuffer), NULL, 0, 0); | ||
| 623 | |||
| 624 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, | ||
| 625 | sizeof(sctpauthkey), sctpauthkey); | ||
| 626 | #endif | ||
| 627 | |||
| 507 | s->state=SSL3_ST_SR_CERT_VRFY_A; | 628 | s->state=SSL3_ST_SR_CERT_VRFY_A; |
| 508 | s->init_num=0; | 629 | s->init_num=0; |
| 509 | 630 | ||
| @@ -540,9 +661,13 @@ int dtls1_accept(SSL *s) | |||
| 540 | /* we should decide if we expected this one */ | 661 | /* we should decide if we expected this one */ |
| 541 | ret=ssl3_get_cert_verify(s); | 662 | ret=ssl3_get_cert_verify(s); |
| 542 | if (ret <= 0) goto end; | 663 | if (ret <= 0) goto end; |
| 543 | dtls1_stop_timer(s); | 664 | #ifndef OPENSSL_NO_SCTP |
| 544 | 665 | if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && | |
| 545 | s->state=SSL3_ST_SR_FINISHED_A; | 666 | state == SSL_ST_RENEGOTIATE) |
| 667 | s->state=DTLS1_SCTP_ST_SR_READ_SOCK; | ||
| 668 | else | ||
| 669 | #endif | ||
| 670 | s->state=SSL3_ST_SR_FINISHED_A; | ||
| 546 | s->init_num=0; | 671 | s->init_num=0; |
| 547 | break; | 672 | break; |
| 548 | 673 | ||
| @@ -594,6 +719,14 @@ int dtls1_accept(SSL *s) | |||
| 594 | SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); | 719 | SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); |
| 595 | 720 | ||
| 596 | if (ret <= 0) goto end; | 721 | if (ret <= 0) goto end; |
| 722 | |||
| 723 | #ifndef OPENSSL_NO_SCTP | ||
| 724 | /* Change to new shared key of SCTP-Auth, | ||
| 725 | * will be ignored if no SCTP used. | ||
| 726 | */ | ||
| 727 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); | ||
| 728 | #endif | ||
| 729 | |||
| 597 | s->state=SSL3_ST_SW_FINISHED_A; | 730 | s->state=SSL3_ST_SW_FINISHED_A; |
| 598 | s->init_num=0; | 731 | s->init_num=0; |
| 599 | 732 | ||
| @@ -618,7 +751,16 @@ int dtls1_accept(SSL *s) | |||
| 618 | if (s->hit) | 751 | if (s->hit) |
| 619 | s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | 752 | s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; |
| 620 | else | 753 | else |
| 754 | { | ||
| 621 | s->s3->tmp.next_state=SSL_ST_OK; | 755 | s->s3->tmp.next_state=SSL_ST_OK; |
| 756 | #ifndef OPENSSL_NO_SCTP | ||
| 757 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) | ||
| 758 | { | ||
| 759 | s->d1->next_state = s->s3->tmp.next_state; | ||
| 760 | s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; | ||
| 761 | } | ||
| 762 | #endif | ||
| 763 | } | ||
| 622 | s->init_num=0; | 764 | s->init_num=0; |
| 623 | break; | 765 | break; |
| 624 | 766 | ||
| @@ -636,11 +778,9 @@ int dtls1_accept(SSL *s) | |||
| 636 | 778 | ||
| 637 | s->init_num=0; | 779 | s->init_num=0; |
| 638 | 780 | ||
| 639 | if (s->new_session == 2) /* skipped if we just sent a HelloRequest */ | 781 | if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ |
| 640 | { | 782 | { |
| 641 | /* actually not necessarily a 'new' session unless | 783 | s->renegotiate=0; |
| 642 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ | ||
| 643 | |||
| 644 | s->new_session=0; | 784 | s->new_session=0; |
| 645 | 785 | ||
| 646 | ssl_update_cache(s,SSL_SESS_CACHE_SERVER); | 786 | ssl_update_cache(s,SSL_SESS_CACHE_SERVER); |
| @@ -692,6 +832,14 @@ end: | |||
| 692 | /* BIO_flush(s->wbio); */ | 832 | /* BIO_flush(s->wbio); */ |
| 693 | 833 | ||
| 694 | s->in_handshake--; | 834 | s->in_handshake--; |
| 835 | #ifndef OPENSSL_NO_SCTP | ||
| 836 | /* Notify SCTP BIO socket to leave handshake | ||
| 837 | * mode and prevent stream identifier other | ||
| 838 | * than 0. Will be ignored if no SCTP is used. | ||
| 839 | */ | ||
| 840 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); | ||
| 841 | #endif | ||
| 842 | |||
| 695 | if (cb != NULL) | 843 | if (cb != NULL) |
| 696 | cb(s,SSL_CB_ACCEPT_EXIT,ret); | 844 | cb(s,SSL_CB_ACCEPT_EXIT,ret); |
| 697 | return(ret); | 845 | return(ret); |
| @@ -772,7 +920,7 @@ int dtls1_send_server_hello(SSL *s) | |||
| 772 | p=s->s3->server_random; | 920 | p=s->s3->server_random; |
| 773 | Time=(unsigned long)time(NULL); /* Time */ | 921 | Time=(unsigned long)time(NULL); /* Time */ |
| 774 | l2n(Time,p); | 922 | l2n(Time,p); |
| 775 | RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); | 923 | RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); |
| 776 | /* Do the message type and length last */ | 924 | /* Do the message type and length last */ |
| 777 | d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); | 925 | d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); |
| 778 | 926 | ||
| @@ -1147,7 +1295,7 @@ int dtls1_send_server_key_exchange(SSL *s) | |||
| 1147 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) | 1295 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) |
| 1148 | && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) | 1296 | && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) |
| 1149 | { | 1297 | { |
| 1150 | if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher)) | 1298 | if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL)) |
| 1151 | == NULL) | 1299 | == NULL) |
| 1152 | { | 1300 | { |
| 1153 | al=SSL_AD_DECODE_ERROR; | 1301 | al=SSL_AD_DECODE_ERROR; |