summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorjsing <>2017-10-08 16:54:28 +0000
committerjsing <>2017-10-08 16:54:28 +0000
commit4a321df9c7a420a6acc68a15159dfb87e0b68589 (patch)
treeb2764ded940d416b9986a2b6e6591e7556c4c13a /src/lib
parent800c39ad0b8765bdbf6cec4a8f02a9cbbacb1dfe (diff)
downloadopenbsd-4a321df9c7a420a6acc68a15159dfb87e0b68589.tar.gz
openbsd-4a321df9c7a420a6acc68a15159dfb87e0b68589.tar.bz2
openbsd-4a321df9c7a420a6acc68a15159dfb87e0b68589.zip
Reduce non-functional differences between dtls1_connect() and
ssl3_connect() - synchronise comments, whitespace, line wrapping, etc.
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/d1_clnt.c70
1 files changed, 38 insertions, 32 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index c9447138d5..5a5e17699d 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.77 2017/10/08 16:24:02 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.78 2017/10/08 16:54:28 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -196,7 +196,6 @@ dtls1_connect(SSL *s)
196 if (!SSL_in_init(s) || SSL_in_before(s)) 196 if (!SSL_in_init(s) || SSL_in_before(s))
197 SSL_clear(s); 197 SSL_clear(s);
198 198
199
200 for (;;) { 199 for (;;) {
201 state = S3I(s)->hs.state; 200 state = S3I(s)->hs.state;
202 201
@@ -215,7 +214,7 @@ dtls1_connect(SSL *s)
215 if (cb != NULL) 214 if (cb != NULL)
216 cb(s, SSL_CB_HANDSHAKE_START, 1); 215 cb(s, SSL_CB_HANDSHAKE_START, 1);
217 216
218 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) { 217 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
219 SSLerror(s, ERR_R_INTERNAL_ERROR); 218 SSLerror(s, ERR_R_INTERNAL_ERROR);
220 ret = -1; 219 ret = -1;
221 goto end; 220 goto end;
@@ -249,7 +248,6 @@ dtls1_connect(SSL *s)
249 s->internal->hit = 0; 248 s->internal->hit = 0;
250 break; 249 break;
251 250
252
253 case SSL3_ST_CW_CLNT_HELLO_A: 251 case SSL3_ST_CW_CLNT_HELLO_A:
254 case SSL3_ST_CW_CLNT_HELLO_B: 252 case SSL3_ST_CW_CLNT_HELLO_B:
255 253
@@ -285,13 +283,10 @@ dtls1_connect(SSL *s)
285 ret = ssl3_get_server_hello(s); 283 ret = ssl3_get_server_hello(s);
286 if (ret <= 0) 284 if (ret <= 0)
287 goto end; 285 goto end;
288 else { 286 if (s->internal->hit)
289 if (s->internal->hit) { 287 S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
290 288 else
291 S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; 289 S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
292 } else
293 S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
294 }
295 s->internal->init_num = 0; 290 s->internal->init_num = 0;
296 break; 291 break;
297 292
@@ -323,7 +318,7 @@ dtls1_connect(SSL *s)
323 s->internal->init_num = 0; 318 s->internal->init_num = 0;
324 break; 319 break;
325 } 320 }
326 /* Check if it is anon DH. */ 321 /* Check if it is anon DH/ECDH. */
327 if (!(S3I(s)->hs.new_cipher->algorithm_auth & 322 if (!(S3I(s)->hs.new_cipher->algorithm_auth &
328 SSL_aNULL)) { 323 SSL_aNULL)) {
329 ret = ssl3_get_server_certificate(s); 324 ret = ssl3_get_server_certificate(s);
@@ -348,8 +343,10 @@ dtls1_connect(SSL *s)
348 S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A; 343 S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A;
349 s->internal->init_num = 0; 344 s->internal->init_num = 0;
350 345
351 /* at this point we check that we have the 346 /*
352 * required stuff from the server */ 347 * At this point we check that we have the
348 * required stuff from the server.
349 */
353 if (!ssl3_check_cert_and_algorithm(s)) { 350 if (!ssl3_check_cert_and_algorithm(s)) {
354 ret = -1; 351 ret = -1;
355 goto end; 352 goto end;
@@ -372,11 +369,10 @@ dtls1_connect(SSL *s)
372 goto end; 369 goto end;
373 dtls1_stop_timer(s); 370 dtls1_stop_timer(s);
374 if (S3I(s)->tmp.cert_req) 371 if (S3I(s)->tmp.cert_req)
375 S3I(s)->hs.next_state = SSL3_ST_CW_CERT_A; 372 S3I(s)->hs.state = SSL3_ST_CW_CERT_A;
376 else 373 else
377 S3I(s)->hs.next_state = SSL3_ST_CW_KEY_EXCH_A; 374 S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
378 s->internal->init_num = 0; 375 s->internal->init_num = 0;
379 S3I(s)->hs.state = S3I(s)->hs.next_state;
380 break; 376 break;
381 377
382 case SSL3_ST_CW_CERT_A: 378 case SSL3_ST_CW_CERT_A:
@@ -397,11 +393,22 @@ dtls1_connect(SSL *s)
397 ret = ssl3_send_client_key_exchange(s); 393 ret = ssl3_send_client_key_exchange(s);
398 if (ret <= 0) 394 if (ret <= 0)
399 goto end; 395 goto end;
400 396 /*
401 /* EAY EAY EAY need to check for DH fix cert 397 * EAY EAY EAY need to check for DH fix cert
402 * sent back */ 398 * sent back
403 /* For TLS, cert_req is set to 2, so a cert chain 399 */
404 * of nothing is sent, but no verify packet is sent */ 400 /*
401 * For TLS, cert_req is set to 2, so a cert chain
402 * of nothing is sent, but no verify packet is sent
403 */
404 /*
405 * XXX: For now, we do not support client
406 * authentication in ECDH cipher suites with
407 * ECDH (rather than ECDSA) certificates.
408 * We need to skip the certificate verify
409 * message when client's ECDH public key is sent
410 * inside the client certificate.
411 */
405 if (S3I(s)->tmp.cert_req == 1) { 412 if (S3I(s)->tmp.cert_req == 1) {
406 S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A; 413 S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A;
407 } else { 414 } else {
@@ -447,7 +454,6 @@ dtls1_connect(SSL *s)
447 goto end; 454 goto end;
448 } 455 }
449 456
450
451 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); 457 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
452 break; 458 break;
453 459
@@ -455,25 +461,24 @@ dtls1_connect(SSL *s)
455 case SSL3_ST_CW_FINISHED_B: 461 case SSL3_ST_CW_FINISHED_B:
456 if (!s->internal->hit) 462 if (!s->internal->hit)
457 dtls1_start_timer(s); 463 dtls1_start_timer(s);
458 ret = ssl3_send_finished(s, 464 ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
459 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, 465 SSL3_ST_CW_FINISHED_B, TLS_MD_CLIENT_FINISH_CONST,
460 TLS_MD_CLIENT_FINISH_CONST,
461 TLS_MD_CLIENT_FINISH_CONST_SIZE); 466 TLS_MD_CLIENT_FINISH_CONST_SIZE);
462 if (ret <= 0) 467 if (ret <= 0)
463 goto end; 468 goto end;
464 S3I(s)->hs.state = SSL3_ST_CW_FLUSH; 469 S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
465 470
466 /* clear flags */ 471 /* clear flags */
467 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 472 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
468 if (s->internal->hit) { 473 if (s->internal->hit) {
469 S3I(s)->hs.next_state = SSL_ST_OK; 474 S3I(s)->hs.next_state = SSL_ST_OK;
470 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { 475 if (s->s3->flags &
476 SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
471 S3I(s)->hs.state = SSL_ST_OK; 477 S3I(s)->hs.state = SSL_ST_OK;
472 s->s3->flags |= SSL3_FLAGS_POP_BUFFER; 478 s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
473 S3I(s)->delay_buf_pop_ret = 0; 479 S3I(s)->delay_buf_pop_ret = 0;
474 } 480 }
475 } else { 481 } else {
476
477 /* Allow NewSessionTicket if ticket expected */ 482 /* Allow NewSessionTicket if ticket expected */
478 if (s->internal->tlsext_ticket_expected) 483 if (s->internal->tlsext_ticket_expected)
479 S3I(s)->hs.next_state = 484 S3I(s)->hs.next_state =
@@ -517,7 +522,6 @@ dtls1_connect(SSL *s)
517 else 522 else
518 S3I(s)->hs.state = SSL_ST_OK; 523 S3I(s)->hs.state = SSL_ST_OK;
519 524
520
521 s->internal->init_num = 0; 525 s->internal->init_num = 0;
522 break; 526 break;
523 527
@@ -541,8 +545,10 @@ dtls1_connect(SSL *s)
541 /* clean a few things up */ 545 /* clean a few things up */
542 tls1_cleanup_key_block(s); 546 tls1_cleanup_key_block(s);
543 547
544 /* If we are not 'joining' the last two packets, 548 /*
545 * remove the buffering now */ 549 * If we are not 'joining' the last two packets,
550 * remove the buffering now
551 */
546 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) 552 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
547 ssl_free_wbio_buffer(s); 553 ssl_free_wbio_buffer(s);
548 /* else do it later in ssl3_write */ 554 /* else do it later in ssl3_write */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 00:56:57 +0000