summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-04-14 14:51:11 +0000
committerjsing <>2014-04-14 14:51:11 +0000
commit5977f7bc2c486cf4286457ca1bc58fbe2455144d (patch)
tree405ed6145367617646f765247ee24976c45b2e76 /src
parentc03306dde55b9ef0d2073f1376f36b96f84c0679 (diff)
downloadopenbsd-5977f7bc2c486cf4286457ca1bc58fbe2455144d.tar.gz
openbsd-5977f7bc2c486cf4286457ca1bc58fbe2455144d.tar.bz2
openbsd-5977f7bc2c486cf4286457ca1bc58fbe2455144d.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_clnt.c1545
-rw-r--r--src/lib/libssl/d1_srvr.c1523
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c1545
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c1523
4 files changed, 2920 insertions, 3216 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index eb6ea6c0ec..15c4bca58c 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -131,49 +131,51 @@
131static const SSL_METHOD *dtls1_get_client_method(int ver); 131static const SSL_METHOD *dtls1_get_client_method(int ver);
132static int dtls1_get_hello_verify(SSL *s); 132static int dtls1_get_hello_verify(SSL *s);
133 133
134static const SSL_METHOD *dtls1_get_client_method(int ver) 134static const SSL_METHOD
135 { 135*dtls1_get_client_method(int ver)
136{
136 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) 137 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
137 return(DTLSv1_client_method()); 138 return (DTLSv1_client_method());
138 else 139 else
139 return(NULL); 140 return (NULL);
140 } 141}
141 142
142IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, 143IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
143 ssl_undefined_function, 144 ssl_undefined_function, dtls1_connect, dtls1_get_client_method)
144 dtls1_connect, 145
145 dtls1_get_client_method) 146int
146 147dtls1_connect(SSL *s)
147int dtls1_connect(SSL *s) 148{
148 { 149 BUF_MEM *buf = NULL;
149 BUF_MEM *buf=NULL; 150 unsigned long Time = (unsigned long)time(NULL);
150 unsigned long Time=(unsigned long)time(NULL); 151 void (*cb)(const SSL *ssl, int type, int val) = NULL;
151 void (*cb)(const SSL *ssl,int type,int val)=NULL; 152 int ret = -1;
152 int ret= -1; 153 int new_state, state, skip = 0;
153 int new_state,state,skip=0;
154#ifndef OPENSSL_NO_SCTP 154#ifndef OPENSSL_NO_SCTP
155 unsigned char sctpauthkey[64]; 155 unsigned char sctpauthkey[64];
156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; 156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
157#endif 157#endif
158 158
159 RAND_add(&Time,sizeof(Time),0); 159 RAND_add(&Time, sizeof(Time), 0);
160 ERR_clear_error(); 160 ERR_clear_error();
161 errno = 0; 161 errno = 0;
162 162
163 if (s->info_callback != NULL) 163 if (s->info_callback != NULL)
164 cb=s->info_callback; 164 cb = s->info_callback;
165 else if (s->ctx->info_callback != NULL) 165 else if (s->ctx->info_callback != NULL)
166 cb=s->ctx->info_callback; 166 cb = s->ctx->info_callback;
167 167
168 s->in_handshake++; 168 s->in_handshake++;
169 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 169 if (!SSL_in_init(s) || SSL_in_before(s))
170 SSL_clear(s);
170 171
171#ifndef OPENSSL_NO_SCTP 172#ifndef OPENSSL_NO_SCTP
172 /* Notify SCTP BIO socket to enter handshake 173 /* Notify SCTP BIO socket to enter handshake
173 * mode and prevent stream identifier other 174 * mode and prevent stream identifier other
174 * than 0. Will be ignored if no SCTP is used. 175 * than 0. Will be ignored if no SCTP is used.
175 */ 176 */
176 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 177 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
178 s->in_handshake, NULL);
177#endif 179#endif
178 180
179#ifndef OPENSSL_NO_HEARTBEATS 181#ifndef OPENSSL_NO_HEARTBEATS
@@ -181,23 +183,20 @@ int dtls1_connect(SSL *s)
181 * already got and don't await it anymore, because 183 * already got and don't await it anymore, because
182 * Heartbeats don't make sense during handshakes anyway. 184 * Heartbeats don't make sense during handshakes anyway.
183 */ 185 */
184 if (s->tlsext_hb_pending) 186 if (s->tlsext_hb_pending) {
185 {
186 dtls1_stop_timer(s); 187 dtls1_stop_timer(s);
187 s->tlsext_hb_pending = 0; 188 s->tlsext_hb_pending = 0;
188 s->tlsext_hb_seq++; 189 s->tlsext_hb_seq++;
189 } 190 }
190#endif 191#endif
191 192
192 for (;;) 193 for (;;) {
193 { 194 state = s->state;
194 state=s->state;
195 195
196 switch(s->state) 196 switch (s->state) {
197 {
198 case SSL_ST_RENEGOTIATE: 197 case SSL_ST_RENEGOTIATE:
199 s->renegotiate=1; 198 s->renegotiate = 1;
200 s->state=SSL_ST_CONNECT; 199 s->state = SSL_ST_CONNECT;
201 s->ctx->stats.sess_connect_renegotiate++; 200 s->ctx->stats.sess_connect_renegotiate++;
202 /* break */ 201 /* break */
203 case SSL_ST_BEFORE: 202 case SSL_ST_BEFORE:
@@ -205,48 +204,51 @@ int dtls1_connect(SSL *s)
205 case SSL_ST_BEFORE|SSL_ST_CONNECT: 204 case SSL_ST_BEFORE|SSL_ST_CONNECT:
206 case SSL_ST_OK|SSL_ST_CONNECT: 205 case SSL_ST_OK|SSL_ST_CONNECT:
207 206
208 s->server=0; 207 s->server = 0;
209 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 208 if (cb != NULL)
209 cb(s, SSL_CB_HANDSHAKE_START, 1);
210 210
211 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && 211 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
212 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) 212 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) {
213 {
214 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); 213 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
215 ret = -1; 214 ret = -1;
216 goto end; 215 goto end;
217 } 216 }
218 217
219 /* s->version=SSL3_VERSION; */ 218 /* s->version=SSL3_VERSION; */
220 s->type=SSL_ST_CONNECT; 219 s->type = SSL_ST_CONNECT;
221 220
222 if (s->init_buf == NULL) 221 if (s->init_buf == NULL) {
223 { 222 if ((buf = BUF_MEM_new()) == NULL) {
224 if ((buf=BUF_MEM_new()) == NULL) 223 ret = -1;
225 {
226 ret= -1;
227 goto end; 224 goto end;
228 } 225 }
229 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 226 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
230 { 227 ret = -1;
231 ret= -1;
232 goto end; 228 goto end;
233 }
234 s->init_buf=buf;
235 buf=NULL;
236 } 229 }
230 s->init_buf = buf;
231 buf = NULL;
232 }
237 233
238 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 234 if (!ssl3_setup_buffers(s)) {
235 ret = -1;
236 goto end;
237 }
239 238
240 /* setup buffing BIO */ 239 /* setup buffing BIO */
241 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } 240 if (!ssl_init_wbio_buffer(s, 0)) {
241 ret = -1;
242 goto end;
243 }
242 244
243 /* don't push the buffering BIO quite yet */ 245 /* don't push the buffering BIO quite yet */
244 246
245 s->state=SSL3_ST_CW_CLNT_HELLO_A; 247 s->state = SSL3_ST_CW_CLNT_HELLO_A;
246 s->ctx->stats.sess_connect++; 248 s->ctx->stats.sess_connect++;
247 s->init_num=0; 249 s->init_num = 0;
248 /* mark client_random uninitialized */ 250 /* mark client_random uninitialized */
249 memset(s->s3->client_random,0,sizeof(s->s3->client_random)); 251 memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
250 s->d1->send_cookie = 0; 252 s->d1->send_cookie = 0;
251 s->hit = 0; 253 s->hit = 0;
252 break; 254 break;
@@ -254,115 +256,110 @@ int dtls1_connect(SSL *s)
254#ifndef OPENSSL_NO_SCTP 256#ifndef OPENSSL_NO_SCTP
255 case DTLS1_SCTP_ST_CR_READ_SOCK: 257 case DTLS1_SCTP_ST_CR_READ_SOCK:
256 258
257 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 259 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
258 { 260 s->s3->in_read_app_data = 2;
259 s->s3->in_read_app_data=2; 261 s->rwstate = SSL_READING;
260 s->rwstate=SSL_READING;
261 BIO_clear_retry_flags(SSL_get_rbio(s)); 262 BIO_clear_retry_flags(SSL_get_rbio(s));
262 BIO_set_retry_read(SSL_get_rbio(s)); 263 BIO_set_retry_read(SSL_get_rbio(s));
263 ret = -1; 264 ret = -1;
264 goto end; 265 goto end;
265 } 266 }
266 267
267 s->state=s->s3->tmp.next_state; 268 s->state = s->s3->tmp.next_state;
268 break; 269 break;
269 270
270 case DTLS1_SCTP_ST_CW_WRITE_SOCK: 271 case DTLS1_SCTP_ST_CW_WRITE_SOCK:
271 /* read app data until dry event */ 272 /* read app data until dry event */
272 273
273 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); 274 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
274 if (ret < 0) goto end; 275 if (ret < 0)
276 goto end;
275 277
276 if (ret == 0) 278 if (ret == 0) {
277 { 279 s->s3->in_read_app_data = 2;
278 s->s3->in_read_app_data=2; 280 s->rwstate = SSL_READING;
279 s->rwstate=SSL_READING;
280 BIO_clear_retry_flags(SSL_get_rbio(s)); 281 BIO_clear_retry_flags(SSL_get_rbio(s));
281 BIO_set_retry_read(SSL_get_rbio(s)); 282 BIO_set_retry_read(SSL_get_rbio(s));
282 ret = -1; 283 ret = -1;
283 goto end; 284 goto end;
284 } 285 }
285 286
286 s->state=s->d1->next_state; 287 s->state = s->d1->next_state;
287 break; 288 break;
288#endif 289#endif
289 290
290 case SSL3_ST_CW_CLNT_HELLO_A: 291 case SSL3_ST_CW_CLNT_HELLO_A:
291 case SSL3_ST_CW_CLNT_HELLO_B: 292 case SSL3_ST_CW_CLNT_HELLO_B:
292 293
293 s->shutdown=0; 294 s->shutdown = 0;
294 295
295 /* every DTLS ClientHello resets Finished MAC */ 296 /* every DTLS ClientHello resets Finished MAC */
296 ssl3_init_finished_mac(s); 297 ssl3_init_finished_mac(s);
297 298
298 dtls1_start_timer(s); 299 dtls1_start_timer(s);
299 ret=dtls1_client_hello(s); 300 ret = dtls1_client_hello(s);
300 if (ret <= 0) goto end; 301 if (ret <= 0)
302 goto end;
301 303
302 if ( s->d1->send_cookie) 304 if (s->d1->send_cookie) {
303 { 305 s->state = SSL3_ST_CW_FLUSH;
304 s->state=SSL3_ST_CW_FLUSH; 306 s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
305 s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A; 307 } else
306 } 308 s->state = SSL3_ST_CR_SRVR_HELLO_A;
307 else
308 s->state=SSL3_ST_CR_SRVR_HELLO_A;
309 309
310 s->init_num=0; 310 s->init_num = 0;
311 311
312#ifndef OPENSSL_NO_SCTP 312#ifndef OPENSSL_NO_SCTP
313 /* Disable buffering for SCTP */ 313 /* Disable buffering for SCTP */
314 if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) 314 if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) {
315 {
316#endif 315#endif
317 /* turn on buffering for the next lot of output */ 316 /* turn on buffering for the next lot of output */
318 if (s->bbio != s->wbio) 317 if (s->bbio != s->wbio)
319 s->wbio=BIO_push(s->bbio,s->wbio); 318 s->wbio = BIO_push(s->bbio, s->wbio);
320#ifndef OPENSSL_NO_SCTP 319#ifndef OPENSSL_NO_SCTP
321 } 320 }
322#endif 321#endif
323 322
324 break; 323 break;
325 324
326 case SSL3_ST_CR_SRVR_HELLO_A: 325 case SSL3_ST_CR_SRVR_HELLO_A:
327 case SSL3_ST_CR_SRVR_HELLO_B: 326 case SSL3_ST_CR_SRVR_HELLO_B:
328 ret=ssl3_get_server_hello(s); 327 ret = ssl3_get_server_hello(s);
329 if (ret <= 0) goto end; 328 if (ret <= 0)
330 else 329 goto end;
331 { 330 else {
332 if (s->hit) 331 if (s->hit) {
333 {
334#ifndef OPENSSL_NO_SCTP 332#ifndef OPENSSL_NO_SCTP
335 /* Add new shared key for SCTP-Auth, 333 /* Add new shared key for SCTP-Auth,
336 * will be ignored if no SCTP used. 334 * will be ignored if no SCTP used.
337 */ 335 */
338 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 336 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
339 DTLS1_SCTP_AUTH_LABEL); 337 DTLS1_SCTP_AUTH_LABEL);
340 338
341 SSL_export_keying_material(s, sctpauthkey, 339 SSL_export_keying_material(s, sctpauthkey,
342 sizeof(sctpauthkey), labelbuffer, 340 sizeof(sctpauthkey), labelbuffer,
343 sizeof(labelbuffer), NULL, 0, 0); 341 sizeof(labelbuffer), NULL, 0, 0);
344 342
345 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 343 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
346 sizeof(sctpauthkey), sctpauthkey); 344 sizeof(sctpauthkey), sctpauthkey);
347#endif 345#endif
348 346
349 s->state=SSL3_ST_CR_FINISHED_A; 347 s->state = SSL3_ST_CR_FINISHED_A;
350 } 348 } else
351 else 349 s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
352 s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; 350 }
353 } 351 s->init_num = 0;
354 s->init_num=0;
355 break; 352 break;
356 353
357 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: 354 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
358 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: 355 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
359 356
360 ret = dtls1_get_hello_verify(s); 357 ret = dtls1_get_hello_verify(s);
361 if ( ret <= 0) 358 if (ret <= 0)
362 goto end; 359 goto end;
363 dtls1_stop_timer(s); 360 dtls1_stop_timer(s);
364 if ( s->d1->send_cookie) /* start again, with a cookie */ 361 if ( s->d1->send_cookie) /* start again, with a cookie */
365 s->state=SSL3_ST_CW_CLNT_HELLO_A; 362 s->state = SSL3_ST_CW_CLNT_HELLO_A;
366 else 363 else
367 s->state = SSL3_ST_CR_CERT_A; 364 s->state = SSL3_ST_CR_CERT_A;
368 s->init_num = 0; 365 s->init_num = 0;
@@ -371,88 +368,87 @@ int dtls1_connect(SSL *s)
371 case SSL3_ST_CR_CERT_A: 368 case SSL3_ST_CR_CERT_A:
372 case SSL3_ST_CR_CERT_B: 369 case SSL3_ST_CR_CERT_B:
373#ifndef OPENSSL_NO_TLSEXT 370#ifndef OPENSSL_NO_TLSEXT
374 ret=ssl3_check_finished(s); 371 ret = ssl3_check_finished(s);
375 if (ret <= 0) goto end; 372 if (ret <= 0)
376 if (ret == 2) 373 goto end;
377 { 374 if (ret == 2) {
378 s->hit = 1; 375 s->hit = 1;
379 if (s->tlsext_ticket_expected) 376 if (s->tlsext_ticket_expected)
380 s->state=SSL3_ST_CR_SESSION_TICKET_A; 377 s->state = SSL3_ST_CR_SESSION_TICKET_A;
381 else 378 else
382 s->state=SSL3_ST_CR_FINISHED_A; 379 s->state = SSL3_ST_CR_FINISHED_A;
383 s->init_num=0; 380 s->init_num = 0;
384 break; 381 break;
385 } 382 }
386#endif 383#endif
387 /* Check if it is anon DH or PSK */ 384 /* Check if it is anon DH or PSK */
388 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 385 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
389 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 386 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
390 { 387 ret = ssl3_get_server_certificate(s);
391 ret=ssl3_get_server_certificate(s); 388 if (ret <= 0)
392 if (ret <= 0) goto end; 389 goto end;
393#ifndef OPENSSL_NO_TLSEXT 390#ifndef OPENSSL_NO_TLSEXT
394 if (s->tlsext_status_expected) 391 if (s->tlsext_status_expected)
395 s->state=SSL3_ST_CR_CERT_STATUS_A; 392 s->state = SSL3_ST_CR_CERT_STATUS_A;
396 else 393 else
397 s->state=SSL3_ST_CR_KEY_EXCH_A; 394 s->state = SSL3_ST_CR_KEY_EXCH_A;
398 } 395 } else {
399 else
400 {
401 skip = 1; 396 skip = 1;
402 s->state=SSL3_ST_CR_KEY_EXCH_A; 397 s->state = SSL3_ST_CR_KEY_EXCH_A;
403 } 398 }
404#else 399#else
405 } 400 } else
406 else 401 skip = 1;
407 skip=1;
408 402
409 s->state=SSL3_ST_CR_KEY_EXCH_A; 403 s->state = SSL3_ST_CR_KEY_EXCH_A;
410#endif 404#endif
411 s->init_num=0; 405 s->init_num = 0;
412 break; 406 break;
413 407
414 case SSL3_ST_CR_KEY_EXCH_A: 408 case SSL3_ST_CR_KEY_EXCH_A:
415 case SSL3_ST_CR_KEY_EXCH_B: 409 case SSL3_ST_CR_KEY_EXCH_B:
416 ret=ssl3_get_key_exchange(s); 410 ret = ssl3_get_key_exchange(s);
417 if (ret <= 0) goto end; 411 if (ret <= 0)
418 s->state=SSL3_ST_CR_CERT_REQ_A; 412 goto end;
419 s->init_num=0; 413 s->state = SSL3_ST_CR_CERT_REQ_A;
414 s->init_num = 0;
420 415
421 /* at this point we check that we have the 416 /* at this point we check that we have the
422 * required stuff from the server */ 417 * required stuff from the server */
423 if (!ssl3_check_cert_and_algorithm(s)) 418 if (!ssl3_check_cert_and_algorithm(s)) {
424 { 419 ret = -1;
425 ret= -1;
426 goto end; 420 goto end;
427 } 421 }
428 break; 422 break;
429 423
430 case SSL3_ST_CR_CERT_REQ_A: 424 case SSL3_ST_CR_CERT_REQ_A:
431 case SSL3_ST_CR_CERT_REQ_B: 425 case SSL3_ST_CR_CERT_REQ_B:
432 ret=ssl3_get_certificate_request(s); 426 ret = ssl3_get_certificate_request(s);
433 if (ret <= 0) goto end; 427 if (ret <= 0)
434 s->state=SSL3_ST_CR_SRVR_DONE_A; 428 goto end;
435 s->init_num=0; 429 s->state = SSL3_ST_CR_SRVR_DONE_A;
430 s->init_num = 0;
436 break; 431 break;
437 432
438 case SSL3_ST_CR_SRVR_DONE_A: 433 case SSL3_ST_CR_SRVR_DONE_A:
439 case SSL3_ST_CR_SRVR_DONE_B: 434 case SSL3_ST_CR_SRVR_DONE_B:
440 ret=ssl3_get_server_done(s); 435 ret = ssl3_get_server_done(s);
441 if (ret <= 0) goto end; 436 if (ret <= 0)
437 goto end;
442 dtls1_stop_timer(s); 438 dtls1_stop_timer(s);
443 if (s->s3->tmp.cert_req) 439 if (s->s3->tmp.cert_req)
444 s->s3->tmp.next_state=SSL3_ST_CW_CERT_A; 440 s->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
445 else 441 else
446 s->s3->tmp.next_state=SSL3_ST_CW_KEY_EXCH_A; 442 s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
447 s->init_num=0; 443 s->init_num = 0;
448 444
449#ifndef OPENSSL_NO_SCTP 445#ifndef OPENSSL_NO_SCTP
450 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 446 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
451 state == SSL_ST_RENEGOTIATE) 447 state == SSL_ST_RENEGOTIATE)
452 s->state=DTLS1_SCTP_ST_CR_READ_SOCK; 448 s->state = DTLS1_SCTP_ST_CR_READ_SOCK;
453 else 449 else
454#endif 450#endif
455 s->state=s->s3->tmp.next_state; 451 s->state = s->s3->tmp.next_state;
456 break; 452 break;
457 453
458 case SSL3_ST_CW_CERT_A: 454 case SSL3_ST_CW_CERT_A:
@@ -460,118 +456,115 @@ int dtls1_connect(SSL *s)
460 case SSL3_ST_CW_CERT_C: 456 case SSL3_ST_CW_CERT_C:
461 case SSL3_ST_CW_CERT_D: 457 case SSL3_ST_CW_CERT_D:
462 dtls1_start_timer(s); 458 dtls1_start_timer(s);
463 ret=dtls1_send_client_certificate(s); 459 ret = dtls1_send_client_certificate(s);
464 if (ret <= 0) goto end; 460 if (ret <= 0)
465 s->state=SSL3_ST_CW_KEY_EXCH_A; 461 goto end;
466 s->init_num=0; 462 s->state = SSL3_ST_CW_KEY_EXCH_A;
463 s->init_num = 0;
467 break; 464 break;
468 465
469 case SSL3_ST_CW_KEY_EXCH_A: 466 case SSL3_ST_CW_KEY_EXCH_A:
470 case SSL3_ST_CW_KEY_EXCH_B: 467 case SSL3_ST_CW_KEY_EXCH_B:
471 dtls1_start_timer(s); 468 dtls1_start_timer(s);
472 ret=dtls1_send_client_key_exchange(s); 469 ret = dtls1_send_client_key_exchange(s);
473 if (ret <= 0) goto end; 470 if (ret <= 0)
471 goto end;
474 472
475#ifndef OPENSSL_NO_SCTP 473#ifndef OPENSSL_NO_SCTP
476 /* Add new shared key for SCTP-Auth, 474 /* Add new shared key for SCTP-Auth,
477 * will be ignored if no SCTP used. 475 * will be ignored if no SCTP used.
478 */ 476 */
479 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 477 snprintf((char*)labelbuffer,
480 DTLS1_SCTP_AUTH_LABEL); 478 sizeof(DTLS1_SCTP_AUTH_LABEL),
479 DTLS1_SCTP_AUTH_LABEL);
481 480
482 SSL_export_keying_material(s, sctpauthkey, 481 SSL_export_keying_material(s, sctpauthkey,
483 sizeof(sctpauthkey), labelbuffer, 482 sizeof(sctpauthkey), labelbuffer,
484 sizeof(labelbuffer), NULL, 0, 0); 483 sizeof(labelbuffer), NULL, 0, 0);
485 484
486 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 485 BIO_ctrl(SSL_get_wbio(s),
487 sizeof(sctpauthkey), sctpauthkey); 486 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
487 sizeof(sctpauthkey), sctpauthkey);
488#endif 488#endif
489 489
490 /* EAY EAY EAY need to check for DH fix cert 490 /* EAY EAY EAY need to check for DH fix cert
491 * sent back */ 491 * sent back */
492 /* For TLS, cert_req is set to 2, so a cert chain 492 /* For TLS, cert_req is set to 2, so a cert chain
493 * of nothing is sent, but no verify packet is sent */ 493 * of nothing is sent, but no verify packet is sent */
494 if (s->s3->tmp.cert_req == 1) 494 if (s->s3->tmp.cert_req == 1) {
495 { 495 s->state = SSL3_ST_CW_CERT_VRFY_A;
496 s->state=SSL3_ST_CW_CERT_VRFY_A; 496 } else {
497 }
498 else
499 {
500#ifndef OPENSSL_NO_SCTP 497#ifndef OPENSSL_NO_SCTP
501 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 498 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
502 { 499 s->d1->next_state = SSL3_ST_CW_CHANGE_A;
503 s->d1->next_state=SSL3_ST_CW_CHANGE_A; 500 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
504 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 501 } else
505 }
506 else
507#endif 502#endif
508 s->state=SSL3_ST_CW_CHANGE_A; 503 s->state = SSL3_ST_CW_CHANGE_A;
509 s->s3->change_cipher_spec=0; 504 s->s3->change_cipher_spec = 0;
510 } 505 }
511 506
512 s->init_num=0; 507 s->init_num = 0;
513 break; 508 break;
514 509
515 case SSL3_ST_CW_CERT_VRFY_A: 510 case SSL3_ST_CW_CERT_VRFY_A:
516 case SSL3_ST_CW_CERT_VRFY_B: 511 case SSL3_ST_CW_CERT_VRFY_B:
517 dtls1_start_timer(s); 512 dtls1_start_timer(s);
518 ret=dtls1_send_client_verify(s); 513 ret = dtls1_send_client_verify(s);
519 if (ret <= 0) goto end; 514 if (ret <= 0)
515 goto end;
520#ifndef OPENSSL_NO_SCTP 516#ifndef OPENSSL_NO_SCTP
521 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 517 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
522 { 518 s->d1->next_state = SSL3_ST_CW_CHANGE_A;
523 s->d1->next_state=SSL3_ST_CW_CHANGE_A; 519 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
524 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 520 } else
525 }
526 else
527#endif 521#endif
528 s->state=SSL3_ST_CW_CHANGE_A; 522 s->state = SSL3_ST_CW_CHANGE_A;
529 s->init_num=0; 523 s->init_num = 0;
530 s->s3->change_cipher_spec=0; 524 s->s3->change_cipher_spec = 0;
531 break; 525 break;
532 526
533 case SSL3_ST_CW_CHANGE_A: 527 case SSL3_ST_CW_CHANGE_A:
534 case SSL3_ST_CW_CHANGE_B: 528 case SSL3_ST_CW_CHANGE_B:
535 if (!s->hit) 529 if (!s->hit)
536 dtls1_start_timer(s); 530 dtls1_start_timer(s);
537 ret=dtls1_send_change_cipher_spec(s, 531 ret = dtls1_send_change_cipher_spec(s,
538 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); 532 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
539 if (ret <= 0) goto end; 533 if (ret <= 0)
534 goto end;
540 535
541 s->state=SSL3_ST_CW_FINISHED_A; 536 s->state = SSL3_ST_CW_FINISHED_A;
542 s->init_num=0; 537 s->init_num = 0;
543 538
544 s->session->cipher=s->s3->tmp.new_cipher; 539 s->session->cipher = s->s3->tmp.new_cipher;
545#ifdef OPENSSL_NO_COMP 540#ifdef OPENSSL_NO_COMP
546 s->session->compress_meth=0; 541 s->session->compress_meth = 0;
547#else 542#else
548 if (s->s3->tmp.new_compression == NULL) 543 if (s->s3->tmp.new_compression == NULL)
549 s->session->compress_meth=0; 544 s->session->compress_meth = 0;
550 else 545 else
551 s->session->compress_meth= 546 s->session->compress_meth =
552 s->s3->tmp.new_compression->id; 547 s->s3->tmp.new_compression->id;
553#endif 548#endif
554 if (!s->method->ssl3_enc->setup_key_block(s)) 549 if (!s->method->ssl3_enc->setup_key_block(s)) {
555 { 550 ret = -1;
556 ret= -1;
557 goto end; 551 goto end;
558 } 552 }
559 553
560 if (!s->method->ssl3_enc->change_cipher_state(s, 554 if (!s->method->ssl3_enc->change_cipher_state(s,
561 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) 555 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
562 { 556 ret = -1;
563 ret= -1;
564 goto end; 557 goto end;
565 } 558 }
566 559
567#ifndef OPENSSL_NO_SCTP 560#ifndef OPENSSL_NO_SCTP
568 if (s->hit) 561 if (s->hit) {
569 { 562 /* Change to new shared key of SCTP-Auth,
570 /* Change to new shared key of SCTP-Auth, 563 * will be ignored if no SCTP used.
571 * will be ignored if no SCTP used. 564 */
572 */ 565 BIO_ctrl(SSL_get_wbio(s),
573 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 566 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
574 } 567 }
575#endif 568#endif
576 569
577 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); 570 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
@@ -581,41 +574,36 @@ int dtls1_connect(SSL *s)
581 case SSL3_ST_CW_FINISHED_B: 574 case SSL3_ST_CW_FINISHED_B:
582 if (!s->hit) 575 if (!s->hit)
583 dtls1_start_timer(s); 576 dtls1_start_timer(s);
584 ret=dtls1_send_finished(s, 577 ret = dtls1_send_finished(s,
585 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, 578 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
586 s->method->ssl3_enc->client_finished_label, 579 s->method->ssl3_enc->client_finished_label,
587 s->method->ssl3_enc->client_finished_label_len); 580 s->method->ssl3_enc->client_finished_label_len);
588 if (ret <= 0) goto end; 581 if (ret <= 0)
589 s->state=SSL3_ST_CW_FLUSH; 582 goto end;
583 s->state = SSL3_ST_CW_FLUSH;
590 584
591 /* clear flags */ 585 /* clear flags */
592 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 586 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
593 if (s->hit) 587 if (s->hit) {
594 { 588 s->s3->tmp.next_state = SSL_ST_OK;
595 s->s3->tmp.next_state=SSL_ST_OK;
596#ifndef OPENSSL_NO_SCTP 589#ifndef OPENSSL_NO_SCTP
597 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 590 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
598 { 591 s->d1->next_state = s->s3->tmp.next_state;
599 s->d1->next_state = s->s3->tmp.next_state; 592 s->s3->tmp.next_state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
600 s->s3->tmp.next_state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 593 }
601 }
602#endif 594#endif
603 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) 595 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
604 { 596 s->state = SSL_ST_OK;
605 s->state=SSL_ST_OK;
606#ifndef OPENSSL_NO_SCTP 597#ifndef OPENSSL_NO_SCTP
607 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 598 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
608 { 599 s->d1->next_state = SSL_ST_OK;
609 s->d1->next_state = SSL_ST_OK; 600 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
610 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 601 }
611 }
612#endif 602#endif
613 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 603 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
614 s->s3->delay_buf_pop_ret=0; 604 s->s3->delay_buf_pop_ret = 0;
615 }
616 } 605 }
617 else 606 } else {
618 {
619#ifndef OPENSSL_NO_SCTP 607#ifndef OPENSSL_NO_SCTP
620 /* Change to new shared key of SCTP-Auth, 608 /* Change to new shared key of SCTP-Auth,
621 * will be ignored if no SCTP used. 609 * will be ignored if no SCTP used.
@@ -626,74 +614,74 @@ int dtls1_connect(SSL *s)
626#ifndef OPENSSL_NO_TLSEXT 614#ifndef OPENSSL_NO_TLSEXT
627 /* Allow NewSessionTicket if ticket expected */ 615 /* Allow NewSessionTicket if ticket expected */
628 if (s->tlsext_ticket_expected) 616 if (s->tlsext_ticket_expected)
629 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; 617 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
630 else 618 else
631#endif 619#endif
632 620
633 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; 621 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
634 } 622 }
635 s->init_num=0; 623 s->init_num = 0;
636 break; 624 break;
637 625
638#ifndef OPENSSL_NO_TLSEXT 626#ifndef OPENSSL_NO_TLSEXT
639 case SSL3_ST_CR_SESSION_TICKET_A: 627 case SSL3_ST_CR_SESSION_TICKET_A:
640 case SSL3_ST_CR_SESSION_TICKET_B: 628 case SSL3_ST_CR_SESSION_TICKET_B:
641 ret=ssl3_get_new_session_ticket(s); 629 ret = ssl3_get_new_session_ticket(s);
642 if (ret <= 0) goto end; 630 if (ret <= 0)
643 s->state=SSL3_ST_CR_FINISHED_A; 631 goto end;
644 s->init_num=0; 632 s->state = SSL3_ST_CR_FINISHED_A;
645 break; 633 s->init_num = 0;
634 break;
646 635
647 case SSL3_ST_CR_CERT_STATUS_A: 636 case SSL3_ST_CR_CERT_STATUS_A:
648 case SSL3_ST_CR_CERT_STATUS_B: 637 case SSL3_ST_CR_CERT_STATUS_B:
649 ret=ssl3_get_cert_status(s); 638 ret = ssl3_get_cert_status(s);
650 if (ret <= 0) goto end; 639 if (ret <= 0)
651 s->state=SSL3_ST_CR_KEY_EXCH_A; 640 goto end;
652 s->init_num=0; 641 s->state = SSL3_ST_CR_KEY_EXCH_A;
653 break; 642 s->init_num = 0;
643 break;
654#endif 644#endif
655 645
656 case SSL3_ST_CR_FINISHED_A: 646 case SSL3_ST_CR_FINISHED_A:
657 case SSL3_ST_CR_FINISHED_B: 647 case SSL3_ST_CR_FINISHED_B:
658 s->d1->change_cipher_spec_ok = 1; 648 s->d1->change_cipher_spec_ok = 1;
659 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, 649 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
660 SSL3_ST_CR_FINISHED_B); 650 SSL3_ST_CR_FINISHED_B);
661 if (ret <= 0) goto end; 651 if (ret <= 0)
652 goto end;
662 dtls1_stop_timer(s); 653 dtls1_stop_timer(s);
663 654
664 if (s->hit) 655 if (s->hit)
665 s->state=SSL3_ST_CW_CHANGE_A; 656 s->state = SSL3_ST_CW_CHANGE_A;
666 else 657 else
667 s->state=SSL_ST_OK; 658 s->state = SSL_ST_OK;
668 659
669#ifndef OPENSSL_NO_SCTP 660#ifndef OPENSSL_NO_SCTP
670 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 661 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
671 state == SSL_ST_RENEGOTIATE) 662 state == SSL_ST_RENEGOTIATE) {
672 { 663 s->d1->next_state = s->state;
673 s->d1->next_state=s->state; 664 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
674 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 665 }
675 }
676#endif 666#endif
677 667
678 s->init_num=0; 668 s->init_num = 0;
679 break; 669 break;
680 670
681 case SSL3_ST_CW_FLUSH: 671 case SSL3_ST_CW_FLUSH:
682 s->rwstate=SSL_WRITING; 672 s->rwstate = SSL_WRITING;
683 if (BIO_flush(s->wbio) <= 0) 673 if (BIO_flush(s->wbio) <= 0) {
684 {
685 /* If the write error was fatal, stop trying */ 674 /* If the write error was fatal, stop trying */
686 if (!BIO_should_retry(s->wbio)) 675 if (!BIO_should_retry(s->wbio)) {
687 { 676 s->rwstate = SSL_NOTHING;
688 s->rwstate=SSL_NOTHING; 677 s->state = s->s3->tmp.next_state;
689 s->state=s->s3->tmp.next_state;
690 }
691
692 ret= -1;
693 goto end;
694 } 678 }
695 s->rwstate=SSL_NOTHING; 679
696 s->state=s->s3->tmp.next_state; 680 ret = -1;
681 goto end;
682 }
683 s->rwstate = SSL_NOTHING;
684 s->state = s->s3->tmp.next_state;
697 break; 685 break;
698 686
699 case SSL_ST_OK: 687 case SSL_ST_OK:
@@ -701,11 +689,10 @@ int dtls1_connect(SSL *s)
701 ssl3_cleanup_key_block(s); 689 ssl3_cleanup_key_block(s);
702 690
703#if 0 691#if 0
704 if (s->init_buf != NULL) 692 if (s->init_buf != NULL) {
705 {
706 BUF_MEM_free(s->init_buf); 693 BUF_MEM_free(s->init_buf);
707 s->init_buf=NULL; 694 s->init_buf = NULL;
708 } 695 }
709#endif 696#endif
710 697
711 /* If we are not 'joining' the last two packets, 698 /* If we are not 'joining' the last two packets,
@@ -714,234 +701,226 @@ int dtls1_connect(SSL *s)
714 ssl_free_wbio_buffer(s); 701 ssl_free_wbio_buffer(s);
715 /* else do it later in ssl3_write */ 702 /* else do it later in ssl3_write */
716 703
717 s->init_num=0; 704 s->init_num = 0;
718 s->renegotiate=0; 705 s->renegotiate = 0;
719 s->new_session=0; 706 s->new_session = 0;
720 707
721 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); 708 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
722 if (s->hit) s->ctx->stats.sess_hit++; 709 if (s->hit)
710 s->ctx->stats.sess_hit++;
723 711
724 ret=1; 712 ret = 1;
725 /* s->server=0; */ 713 /* s->server=0; */
726 s->handshake_func=dtls1_connect; 714 s->handshake_func = dtls1_connect;
727 s->ctx->stats.sess_connect_good++; 715 s->ctx->stats.sess_connect_good++;
728 716
729 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); 717 if (cb != NULL)
718 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
730 719
731 /* done with handshaking */ 720 /* done with handshaking */
732 s->d1->handshake_read_seq = 0; 721 s->d1->handshake_read_seq = 0;
733 s->d1->next_handshake_write_seq = 0; 722 s->d1->next_handshake_write_seq = 0;
734 goto end; 723 goto end;
735 /* break; */ 724 /* break; */
736 725
737 default: 726 default:
738 SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE); 727 SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
739 ret= -1; 728 ret = -1;
740 goto end; 729 goto end;
741 /* break; */ 730 /* break; */
742 } 731 }
743 732
744 /* did we do anything */ 733 /* did we do anything */
745 if (!s->s3->tmp.reuse_message && !skip) 734 if (!s->s3->tmp.reuse_message && !skip) {
746 { 735 if (s->debug) {
747 if (s->debug) 736 if ((ret = BIO_flush(s->wbio)) <= 0)
748 {
749 if ((ret=BIO_flush(s->wbio)) <= 0)
750 goto end; 737 goto end;
751 } 738 }
752 739
753 if ((cb != NULL) && (s->state != state)) 740 if ((cb != NULL) && (s->state != state)) {
754 { 741 new_state = s->state;
755 new_state=s->state; 742 s->state = state;
756 s->state=state; 743 cb(s, SSL_CB_CONNECT_LOOP, 1);
757 cb(s,SSL_CB_CONNECT_LOOP,1); 744 s->state = new_state;
758 s->state=new_state;
759 }
760 } 745 }
761 skip=0;
762 } 746 }
747 skip = 0;
748 }
763end: 749end:
764 s->in_handshake--; 750 s->in_handshake--;
765 751
766#ifndef OPENSSL_NO_SCTP 752#ifndef OPENSSL_NO_SCTP
767 /* Notify SCTP BIO socket to leave handshake 753 /* Notify SCTP BIO socket to leave handshake
768 * mode and allow stream identifier other 754 * mode and allow stream identifier other
769 * than 0. Will be ignored if no SCTP is used. 755 * than 0. Will be ignored if no SCTP is used.
770 */ 756 */
771 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 757 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
758 s->in_handshake, NULL);
772#endif 759#endif
773 760
774 if (buf != NULL) 761 if (buf != NULL)
775 BUF_MEM_free(buf); 762 BUF_MEM_free(buf);
776 if (cb != NULL) 763 if (cb != NULL)
777 cb(s,SSL_CB_CONNECT_EXIT,ret); 764 cb(s, SSL_CB_CONNECT_EXIT, ret);
778 return(ret); 765 return (ret);
779 } 766}
780 767
781int dtls1_client_hello(SSL *s) 768int
782 { 769dtls1_client_hello(SSL *s)
770{
783 unsigned char *buf; 771 unsigned char *buf;
784 unsigned char *p,*d; 772 unsigned char *p, *d;
785 unsigned int i,j; 773 unsigned int i, j;
786 unsigned long l; 774 unsigned long l;
787 SSL_COMP *comp; 775 SSL_COMP *comp;
788 776
789 buf=(unsigned char *)s->init_buf->data; 777 buf = (unsigned char *)s->init_buf->data;
790 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 778 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
791 {
792 SSL_SESSION *sess = s->session; 779 SSL_SESSION *sess = s->session;
793 if ((s->session == NULL) || 780 if ((s->session == NULL) ||
794 (s->session->ssl_version != s->version) || 781 (s->session->ssl_version != s->version) ||
795#ifdef OPENSSL_NO_TLSEXT 782#ifdef OPENSSL_NO_TLSEXT
796 !sess->session_id_length || 783 !sess->session_id_length ||
797#else 784#else
798 (!sess->session_id_length && !sess->tlsext_tick) || 785 (!sess->session_id_length && !sess->tlsext_tick) ||
799#endif 786#endif
800 (s->session->not_resumable)) 787 (s->session->not_resumable)) {
801 { 788 if (!ssl_get_new_session(s, 0))
802 if (!ssl_get_new_session(s,0))
803 goto err; 789 goto err;
804 } 790 }
805 /* else use the pre-loaded session */ 791 /* else use the pre-loaded session */
806 792
807 p=s->s3->client_random; 793 p = s->s3->client_random;
808 794
809 /* if client_random is initialized, reuse it, we are 795 /* if client_random is initialized, reuse it, we are
810 * required to use same upon reply to HelloVerify */ 796 * required to use same upon reply to HelloVerify */
811 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) 797 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
812 ; 798;
813 if (i==sizeof(s->s3->client_random)) 799 if (i == sizeof(s->s3->client_random))
814 ssl_fill_hello_random(s, 0, p, 800 ssl_fill_hello_random(s, 0, p,
815 sizeof(s->s3->client_random)); 801 sizeof(s->s3->client_random));
816 802
817 /* Do the message type and length last */ 803 /* Do the message type and length last */
818 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); 804 d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
819 805
820 *(p++)=s->version>>8; 806 *(p++) = s->version >> 8;
821 *(p++)=s->version&0xff; 807 *(p++) = s->version&0xff;
822 s->client_version=s->version; 808 s->client_version = s->version;
823 809
824 /* Random stuff */ 810 /* Random stuff */
825 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); 811 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
826 p+=SSL3_RANDOM_SIZE; 812 p += SSL3_RANDOM_SIZE;
827 813
828 /* Session ID */ 814 /* Session ID */
829 if (s->new_session) 815 if (s->new_session)
830 i=0; 816 i = 0;
831 else 817 else
832 i=s->session->session_id_length; 818 i = s->session->session_id_length;
833 *(p++)=i; 819 *(p++) = i;
834 if (i != 0) 820 if (i != 0) {
835 { 821 if (i > sizeof s->session->session_id) {
836 if (i > sizeof s->session->session_id)
837 {
838 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 822 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
839 goto err; 823 goto err;
840 }
841 memcpy(p,s->session->session_id,i);
842 p+=i;
843 } 824 }
844 825 memcpy(p, s->session->session_id, i);
826 p += i;
827 }
828
845 /* cookie stuff */ 829 /* cookie stuff */
846 if ( s->d1->cookie_len > sizeof(s->d1->cookie)) 830 if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
847 {
848 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 831 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
849 goto err; 832 goto err;
850 } 833 }
851 *(p++) = s->d1->cookie_len; 834 *(p++) = s->d1->cookie_len;
852 memcpy(p, s->d1->cookie, s->d1->cookie_len); 835 memcpy(p, s->d1->cookie, s->d1->cookie_len);
853 p += s->d1->cookie_len; 836 p += s->d1->cookie_len;
854 837
855 /* Ciphers supported */ 838 /* Ciphers supported */
856 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); 839 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
857 if (i == 0) 840 if (i == 0) {
858 { 841 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
859 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
860 goto err; 842 goto err;
861 } 843 }
862 s2n(i,p); 844 s2n(i, p);
863 p+=i; 845 p += i;
864 846
865 /* COMPRESSION */ 847 /* COMPRESSION */
866 if (s->ctx->comp_methods == NULL) 848 if (s->ctx->comp_methods == NULL)
867 j=0; 849 j = 0;
868 else 850 else
869 j=sk_SSL_COMP_num(s->ctx->comp_methods); 851 j = sk_SSL_COMP_num(s->ctx->comp_methods);
870 *(p++)=1+j; 852 *(p++) = 1 + j;
871 for (i=0; i<j; i++) 853 for (i = 0; i < j; i++) {
872 { 854 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
873 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 855 *(p++) = comp->id;
874 *(p++)=comp->id; 856 }
875 } 857 *(p++) = 0; /* Add the NULL method */
876 *(p++)=0; /* Add the NULL method */
877 858
878#ifndef OPENSSL_NO_TLSEXT 859#ifndef OPENSSL_NO_TLSEXT
879 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 860 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
880 { 861 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
881 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
882 goto err; 862 goto err;
883 } 863 }
884#endif 864#endif
885 865
886 l=(p-d); 866 l = (p - d);
887 d=buf; 867 d = buf;
888 868
889 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l); 869 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
890 870
891 s->state=SSL3_ST_CW_CLNT_HELLO_B; 871 s->state = SSL3_ST_CW_CLNT_HELLO_B;
892 /* number of bytes to write */ 872 /* number of bytes to write */
893 s->init_num=p-buf; 873 s->init_num = p - buf;
894 s->init_off=0; 874 s->init_off = 0;
895 875
896 /* buffer the message to handle re-xmits */ 876 /* buffer the message to handle re-xmits */
897 dtls1_buffer_message(s, 0); 877 dtls1_buffer_message(s, 0);
898 } 878 }
899 879
900 /* SSL3_ST_CW_CLNT_HELLO_B */ 880 /* SSL3_ST_CW_CLNT_HELLO_B */
901 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 881 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
902err: 882err:
903 return(-1); 883 return (-1);
904 } 884}
905 885
906static int dtls1_get_hello_verify(SSL *s) 886static int
907 { 887dtls1_get_hello_verify(SSL *s)
888{
908 int n, al, ok = 0; 889 int n, al, ok = 0;
909 unsigned char *data; 890 unsigned char *data;
910 unsigned int cookie_len; 891 unsigned int cookie_len;
911 892
912 n=s->method->ssl_get_message(s, 893 n = s->method->ssl_get_message(s,
913 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, 894 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
914 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, 895 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
915 -1, 896 -1,
916 s->max_cert_list, 897 s->max_cert_list,
917 &ok); 898 &ok);
918 899
919 if (!ok) return((int)n); 900 if (!ok)
901 return ((int)n);
920 902
921 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) 903 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
922 {
923 s->d1->send_cookie = 0; 904 s->d1->send_cookie = 0;
924 s->s3->tmp.reuse_message=1; 905 s->s3->tmp.reuse_message = 1;
925 return(1); 906 return (1);
926 } 907 }
927 908
928 data = (unsigned char *)s->init_msg; 909 data = (unsigned char *)s->init_msg;
929 910
930 if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff))) 911 if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) {
931 { 912 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
932 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION); 913 s->version = (s->version & 0xff00) | data[1];
933 s->version=(s->version&0xff00)|data[1];
934 al = SSL_AD_PROTOCOL_VERSION; 914 al = SSL_AD_PROTOCOL_VERSION;
935 goto f_err; 915 goto f_err;
936 } 916 }
937 data+=2; 917 data += 2;
938 918
939 cookie_len = *(data++); 919 cookie_len = *(data++);
940 if ( cookie_len > sizeof(s->d1->cookie)) 920 if (cookie_len > sizeof(s->d1->cookie)) {
941 { 921 al = SSL_AD_ILLEGAL_PARAMETER;
942 al=SSL_AD_ILLEGAL_PARAMETER;
943 goto f_err; 922 goto f_err;
944 } 923 }
945 924
946 memcpy(s->d1->cookie, data, cookie_len); 925 memcpy(s->d1->cookie, data, cookie_len);
947 s->d1->cookie_len = cookie_len; 926 s->d1->cookie_len = cookie_len;
@@ -952,19 +931,20 @@ static int dtls1_get_hello_verify(SSL *s)
952f_err: 931f_err:
953 ssl3_send_alert(s, SSL3_AL_FATAL, al); 932 ssl3_send_alert(s, SSL3_AL_FATAL, al);
954 return -1; 933 return -1;
955 } 934}
956 935
957int dtls1_send_client_key_exchange(SSL *s) 936int
958 { 937dtls1_send_client_key_exchange(SSL *s)
959 unsigned char *p,*d; 938{
939 unsigned char *p, *d;
960 int n; 940 int n;
961 unsigned long alg_k; 941 unsigned long alg_k;
962#ifndef OPENSSL_NO_RSA 942#ifndef OPENSSL_NO_RSA
963 unsigned char *q; 943 unsigned char *q;
964 EVP_PKEY *pkey=NULL; 944 EVP_PKEY *pkey = NULL;
965#endif 945#endif
966#ifndef OPENSSL_NO_KRB5 946#ifndef OPENSSL_NO_KRB5
967 KSSL_ERR kssl_err; 947 KSSL_ERR kssl_err;
968#endif /* OPENSSL_NO_KRB5 */ 948#endif /* OPENSSL_NO_KRB5 */
969#ifndef OPENSSL_NO_ECDH 949#ifndef OPENSSL_NO_ECDH
970 EC_KEY *clnt_ecdh = NULL; 950 EC_KEY *clnt_ecdh = NULL;
@@ -975,123 +955,119 @@ int dtls1_send_client_key_exchange(SSL *s)
975 BN_CTX * bn_ctx = NULL; 955 BN_CTX * bn_ctx = NULL;
976#endif 956#endif
977 957
978 if (s->state == SSL3_ST_CW_KEY_EXCH_A) 958 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
979 { 959 d = (unsigned char *)s->init_buf->data;
980 d=(unsigned char *)s->init_buf->data; 960 p = &(d[DTLS1_HM_HEADER_LENGTH]);
981 p= &(d[DTLS1_HM_HEADER_LENGTH]); 961
982 962 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
983 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
984 963
985 /* Fool emacs indentation */ 964 /* Fool emacs indentation */
986 if (0) {} 965 if (0) {
966 }
987#ifndef OPENSSL_NO_RSA 967#ifndef OPENSSL_NO_RSA
988 else if (alg_k & SSL_kRSA) 968 else if (alg_k & SSL_kRSA) {
989 {
990 RSA *rsa; 969 RSA *rsa;
991 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 970 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
992 971
993 if (s->session->sess_cert->peer_rsa_tmp != NULL) 972 if (s->session->sess_cert->peer_rsa_tmp != NULL)
994 rsa=s->session->sess_cert->peer_rsa_tmp; 973 rsa = s->session->sess_cert->peer_rsa_tmp;
995 else 974 else {
996 { 975 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
997 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
998 if ((pkey == NULL) || 976 if ((pkey == NULL) ||
999 (pkey->type != EVP_PKEY_RSA) || 977 (pkey->type != EVP_PKEY_RSA) ||
1000 (pkey->pkey.rsa == NULL)) 978 (pkey->pkey.rsa == NULL)) {
1001 { 979 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1002 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1003 goto err; 980 goto err;
1004 }
1005 rsa=pkey->pkey.rsa;
1006 EVP_PKEY_free(pkey);
1007 } 981 }
1008 982 rsa = pkey->pkey.rsa;
1009 tmp_buf[0]=s->client_version>>8; 983 EVP_PKEY_free(pkey);
1010 tmp_buf[1]=s->client_version&0xff; 984 }
1011 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
1012 goto err;
1013 985
1014 s->session->master_key_length=sizeof tmp_buf; 986 tmp_buf[0] = s->client_version >> 8;
987 tmp_buf[1] = s->client_version&0xff;
988 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
989 goto err;
990
991 s->session->master_key_length = sizeof tmp_buf;
1015 992
1016 q=p; 993 q = p;
1017 /* Fix buf for TLS and [incidentally] DTLS */ 994 /* Fix buf for TLS and [incidentally] DTLS */
1018 if (s->version > SSL3_VERSION) 995 if (s->version > SSL3_VERSION)
1019 p+=2; 996 p += 2;
1020 n=RSA_public_encrypt(sizeof tmp_buf, 997 n = RSA_public_encrypt(sizeof tmp_buf,
1021 tmp_buf,p,rsa,RSA_PKCS1_PADDING); 998 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
1022#ifdef PKCS1_CHECK 999#ifdef PKCS1_CHECK
1023 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; 1000 if (s->options & SSL_OP_PKCS1_CHECK_1)
1024 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; 1001 p[1]++;
1002 if (s->options & SSL_OP_PKCS1_CHECK_2)
1003 tmp_buf[0] = 0x70;
1025#endif 1004#endif
1026 if (n <= 0) 1005 if (n <= 0) {
1027 { 1006 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT);
1028 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
1029 goto err; 1007 goto err;
1030 } 1008 }
1031 1009
1032 /* Fix buf for TLS and [incidentally] DTLS */ 1010 /* Fix buf for TLS and [incidentally] DTLS */
1033 if (s->version > SSL3_VERSION) 1011 if (s->version > SSL3_VERSION) {
1034 { 1012 s2n(n, q);
1035 s2n(n,q); 1013 n += 2;
1036 n+=2;
1037 }
1038
1039 s->session->master_key_length=
1040 s->method->ssl3_enc->generate_master_secret(s,
1041 s->session->master_key,
1042 tmp_buf,sizeof tmp_buf);
1043 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
1044 } 1014 }
1015
1016 s->session->master_key_length =
1017 s->method->ssl3_enc->generate_master_secret(s,
1018 s->session->master_key,
1019 tmp_buf, sizeof tmp_buf);
1020 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1021 }
1045#endif 1022#endif
1046#ifndef OPENSSL_NO_KRB5 1023#ifndef OPENSSL_NO_KRB5
1047 else if (alg_k & SSL_kKRB5) 1024 else if (alg_k & SSL_kKRB5) {
1048 { 1025 krb5_error_code krb5rc;
1049 krb5_error_code krb5rc; 1026 KSSL_CTX *kssl_ctx = s->kssl_ctx;
1050 KSSL_CTX *kssl_ctx = s->kssl_ctx; 1027 /* krb5_data krb5_ap_req; */
1051 /* krb5_data krb5_ap_req; */ 1028 krb5_data *enc_ticket;
1052 krb5_data *enc_ticket; 1029 krb5_data authenticator, *authp = NULL;
1053 krb5_data authenticator, *authp = NULL;
1054 EVP_CIPHER_CTX ciph_ctx; 1030 EVP_CIPHER_CTX ciph_ctx;
1055 const EVP_CIPHER *enc = NULL; 1031 const EVP_CIPHER *enc = NULL;
1056 unsigned char iv[EVP_MAX_IV_LENGTH]; 1032 unsigned char iv[EVP_MAX_IV_LENGTH];
1057 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1033 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1058 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 1034 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
1059 + EVP_MAX_IV_LENGTH]; 1035 + EVP_MAX_IV_LENGTH];
1060 int padl, outl = sizeof(epms); 1036 int padl, outl = sizeof(epms);
1061 1037
1062 EVP_CIPHER_CTX_init(&ciph_ctx); 1038 EVP_CIPHER_CTX_init(&ciph_ctx);
1063 1039
1064#ifdef KSSL_DEBUG 1040#ifdef KSSL_DEBUG
1065 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 1041 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
1066 alg_k, SSL_kKRB5); 1042 alg_k, SSL_kKRB5);
1067#endif /* KSSL_DEBUG */ 1043#endif /* KSSL_DEBUG */
1068 1044
1069 authp = NULL; 1045 authp = NULL;
1070#ifdef KRB5SENDAUTH 1046#ifdef KRB5SENDAUTH
1071 if (KRB5SENDAUTH) authp = &authenticator; 1047 if (KRB5SENDAUTH)
1048 authp = &authenticator;
1072#endif /* KRB5SENDAUTH */ 1049#endif /* KRB5SENDAUTH */
1073 1050
1074 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, 1051 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
1075 &kssl_err); 1052 &kssl_err);
1076 enc = kssl_map_enc(kssl_ctx->enctype); 1053 enc = kssl_map_enc(kssl_ctx->enctype);
1077 if (enc == NULL) 1054 if (enc == NULL)
1078 goto err; 1055 goto err;
1079#ifdef KSSL_DEBUG 1056#ifdef KSSL_DEBUG
1080 { 1057 {
1081 printf("kssl_cget_tkt rtn %d\n", krb5rc); 1058 printf("kssl_cget_tkt rtn %d\n", krb5rc);
1082 if (krb5rc && kssl_err.text) 1059 if (krb5rc && kssl_err.text)
1083 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); 1060 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
1084 } 1061 }
1085#endif /* KSSL_DEBUG */ 1062#endif /* KSSL_DEBUG */
1086 1063
1087 if (krb5rc) 1064 if (krb5rc) {
1088 { 1065 ssl3_send_alert(s, SSL3_AL_FATAL,
1089 ssl3_send_alert(s,SSL3_AL_FATAL, 1066 SSL_AD_HANDSHAKE_FAILURE);
1090 SSL_AD_HANDSHAKE_FAILURE); 1067 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1091 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1068 kssl_err.reason);
1092 kssl_err.reason); 1069 goto err;
1093 goto err; 1070 }
1094 }
1095 1071
1096 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ 1072 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
1097 ** in place of RFC 2712 KerberosWrapper, as in: 1073 ** in place of RFC 2712 KerberosWrapper, as in:
@@ -1113,31 +1089,28 @@ int dtls1_send_client_key_exchange(SSL *s)
1113 */ 1089 */
1114 1090
1115 /* KerberosWrapper.Ticket */ 1091 /* KerberosWrapper.Ticket */
1116 s2n(enc_ticket->length,p); 1092 s2n(enc_ticket->length, p);
1117 memcpy(p, enc_ticket->data, enc_ticket->length); 1093 memcpy(p, enc_ticket->data, enc_ticket->length);
1118 p+= enc_ticket->length; 1094 p += enc_ticket->length;
1119 n = enc_ticket->length + 2; 1095 n = enc_ticket->length + 2;
1120 1096
1121 /* KerberosWrapper.Authenticator */ 1097 /* KerberosWrapper.Authenticator */
1122 if (authp && authp->length) 1098 if (authp && authp->length) {
1123 { 1099 s2n(authp->length, p);
1124 s2n(authp->length,p);
1125 memcpy(p, authp->data, authp->length); 1100 memcpy(p, authp->data, authp->length);
1126 p+= authp->length; 1101 p += authp->length;
1127 n+= authp->length + 2; 1102 n += authp->length + 2;
1128 1103
1129 free(authp->data); 1104 free(authp->data);
1130 authp->data = NULL; 1105 authp->data = NULL;
1131 authp->length = 0; 1106 authp->length = 0;
1132 } 1107 } else {
1133 else 1108 s2n(0, p);/* null authenticator length */
1134 { 1109 n += 2;
1135 s2n(0,p);/* null authenticator length */ 1110 }
1136 n+=2; 1111
1137 } 1112 if (RAND_bytes(tmp_buf, sizeof tmp_buf) <= 0)
1138 1113 goto err;
1139 if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
1140 goto err;
1141 1114
1142 /* 20010420 VRS. Tried it this way; failed. 1115 /* 20010420 VRS. Tried it this way; failed.
1143 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); 1116 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
@@ -1146,94 +1119,88 @@ int dtls1_send_client_key_exchange(SSL *s)
1146 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); 1119 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
1147 */ 1120 */
1148 1121
1149 memset(iv, 0, sizeof iv); /* per RFC 1510 */ 1122 memset(iv, 0, sizeof iv);
1150 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, 1123 /* per RFC 1510 */
1151 kssl_ctx->key,iv); 1124 EVP_EncryptInit_ex(&ciph_ctx, enc, NULL,
1152 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, 1125 kssl_ctx->key, iv);
1153 sizeof tmp_buf); 1126 EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
1154 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 1127 sizeof tmp_buf);
1128 EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
1155 outl += padl; 1129 outl += padl;
1156 if (outl > (int)sizeof epms) 1130 if (outl > (int)sizeof epms) {
1157 {
1158 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1131 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1159 goto err; 1132 goto err;
1160 } 1133 }
1161 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 1134 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
1162 1135
1163 /* KerberosWrapper.EncryptedPreMasterSecret */ 1136 /* KerberosWrapper.EncryptedPreMasterSecret */
1164 s2n(outl,p); 1137 s2n(outl, p);
1165 memcpy(p, epms, outl); 1138 memcpy(p, epms, outl);
1166 p+=outl; 1139 p += outl;
1167 n+=outl + 2; 1140 n += outl + 2;
1168 1141
1169 s->session->master_key_length= 1142 s->session->master_key_length =
1170 s->method->ssl3_enc->generate_master_secret(s, 1143 s->method->ssl3_enc->generate_master_secret(s,
1171 s->session->master_key, 1144 s->session->master_key,
1172 tmp_buf, sizeof tmp_buf); 1145 tmp_buf, sizeof tmp_buf);
1173 1146
1174 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 1147 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1175 OPENSSL_cleanse(epms, outl); 1148 OPENSSL_cleanse(epms, outl);
1176 } 1149 }
1177#endif 1150#endif
1178#ifndef OPENSSL_NO_DH 1151#ifndef OPENSSL_NO_DH
1179 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1152 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
1180 { 1153 DH *dh_srvr, *dh_clnt;
1181 DH *dh_srvr,*dh_clnt;
1182 1154
1183 if (s->session->sess_cert->peer_dh_tmp != NULL) 1155 if (s->session->sess_cert->peer_dh_tmp != NULL)
1184 dh_srvr=s->session->sess_cert->peer_dh_tmp; 1156 dh_srvr = s->session->sess_cert->peer_dh_tmp;
1185 else 1157 else {
1186 {
1187 /* we get them from the cert */ 1158 /* we get them from the cert */
1188 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1159 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1189 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 1160 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1190 goto err; 1161 goto err;
1191 } 1162 }
1192 1163
1193 /* generate a new random key */ 1164 /* generate a new random key */
1194 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) 1165 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
1195 { 1166 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1196 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1197 goto err; 1167 goto err;
1198 } 1168 }
1199 if (!DH_generate_key(dh_clnt)) 1169 if (!DH_generate_key(dh_clnt)) {
1200 { 1170 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1201 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1202 goto err; 1171 goto err;
1203 } 1172 }
1204 1173
1205 /* use the 'p' output buffer for the DH key, but 1174 /* use the 'p' output buffer for the DH key, but
1206 * make sure to clear it out afterwards */ 1175 * make sure to clear it out afterwards */
1207 1176
1208 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); 1177 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
1209 1178
1210 if (n <= 0) 1179 if (n <= 0) {
1211 { 1180 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1212 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1213 goto err; 1181 goto err;
1214 } 1182 }
1215 1183
1216 /* generate master key from the result */ 1184 /* generate master key from the result */
1217 s->session->master_key_length= 1185 s->session->master_key_length =
1218 s->method->ssl3_enc->generate_master_secret(s, 1186 s->method->ssl3_enc->generate_master_secret(s,
1219 s->session->master_key,p,n); 1187 s->session->master_key, p, n);
1220 /* clean up */ 1188 /* clean up */
1221 memset(p,0,n); 1189 memset(p, 0, n);
1222 1190
1223 /* send off the data */ 1191 /* send off the data */
1224 n=BN_num_bytes(dh_clnt->pub_key); 1192 n = BN_num_bytes(dh_clnt->pub_key);
1225 s2n(n,p); 1193 s2n(n, p);
1226 BN_bn2bin(dh_clnt->pub_key,p); 1194 BN_bn2bin(dh_clnt->pub_key, p);
1227 n+=2; 1195 n += 2;
1228 1196
1229 DH_free(dh_clnt); 1197 DH_free(dh_clnt);
1230 1198
1231 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1199 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1232 } 1200 }
1233#endif 1201#endif
1234#ifndef OPENSSL_NO_ECDH 1202#ifndef OPENSSL_NO_ECDH
1235 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) 1203 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
1236 {
1237 const EC_GROUP *srvr_group = NULL; 1204 const EC_GROUP *srvr_group = NULL;
1238 EC_KEY *tkey; 1205 EC_KEY *tkey;
1239 int ecdh_clnt_cert = 0; 1206 int ecdh_clnt_cert = 0;
@@ -1244,8 +1211,7 @@ int dtls1_send_client_key_exchange(SSL *s)
1244 * computation as part of client certificate? 1211 * computation as part of client certificate?
1245 * If so, set ecdh_clnt_cert to 1. 1212 * If so, set ecdh_clnt_cert to 1.
1246 */ 1213 */
1247 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) 1214 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) {
1248 {
1249 /* XXX: For now, we do not support client 1215 /* XXX: For now, we do not support client
1250 * authentication using ECDH certificates. 1216 * authentication using ECDH certificates.
1251 * To add such support, one needs to add 1217 * To add such support, one needs to add
@@ -1265,52 +1231,44 @@ int dtls1_send_client_key_exchange(SSL *s)
1265 * EVP_PKEY_EC) && ...) 1231 * EVP_PKEY_EC) && ...)
1266 * ecdh_clnt_cert = 1; 1232 * ecdh_clnt_cert = 1;
1267 */ 1233 */
1268 } 1234 }
1269 1235
1270 if (s->session->sess_cert->peer_ecdh_tmp != NULL) 1236 if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
1271 {
1272 tkey = s->session->sess_cert->peer_ecdh_tmp; 1237 tkey = s->session->sess_cert->peer_ecdh_tmp;
1273 } 1238 } else {
1274 else
1275 {
1276 /* Get the Server Public Key from Cert */ 1239 /* Get the Server Public Key from Cert */
1277 srvr_pub_pkey = X509_get_pubkey(s->session-> \ 1240 srvr_pub_pkey = X509_get_pubkey(s->session-> \
1278 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1241 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1279 if ((srvr_pub_pkey == NULL) || 1242 if ((srvr_pub_pkey == NULL) ||
1280 (srvr_pub_pkey->type != EVP_PKEY_EC) || 1243 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
1281 (srvr_pub_pkey->pkey.ec == NULL)) 1244 (srvr_pub_pkey->pkey.ec == NULL)) {
1282 {
1283 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1245 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1284 ERR_R_INTERNAL_ERROR); 1246 ERR_R_INTERNAL_ERROR);
1285 goto err; 1247 goto err;
1286 } 1248 }
1287 1249
1288 tkey = srvr_pub_pkey->pkey.ec; 1250 tkey = srvr_pub_pkey->pkey.ec;
1289 } 1251 }
1290 1252
1291 srvr_group = EC_KEY_get0_group(tkey); 1253 srvr_group = EC_KEY_get0_group(tkey);
1292 srvr_ecpoint = EC_KEY_get0_public_key(tkey); 1254 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
1293 1255
1294 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) 1256 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
1295 {
1296 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1257 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1297 ERR_R_INTERNAL_ERROR); 1258 ERR_R_INTERNAL_ERROR);
1298 goto err; 1259 goto err;
1299 } 1260 }
1300 1261
1301 if ((clnt_ecdh=EC_KEY_new()) == NULL) 1262 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
1302 { 1263 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1303 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1304 goto err; 1264 goto err;
1305 } 1265 }
1306 1266
1307 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) 1267 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
1308 { 1268 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
1309 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1310 goto err; 1269 goto err;
1311 } 1270 }
1312 if (ecdh_clnt_cert) 1271 if (ecdh_clnt_cert) {
1313 {
1314 /* Reuse key info from our certificate 1272 /* Reuse key info from our certificate
1315 * We only need our private key to perform 1273 * We only need our private key to perform
1316 * the ECDH computation. 1274 * the ECDH computation.
@@ -1318,401 +1276,366 @@ int dtls1_send_client_key_exchange(SSL *s)
1318 const BIGNUM *priv_key; 1276 const BIGNUM *priv_key;
1319 tkey = s->cert->key->privatekey->pkey.ec; 1277 tkey = s->cert->key->privatekey->pkey.ec;
1320 priv_key = EC_KEY_get0_private_key(tkey); 1278 priv_key = EC_KEY_get0_private_key(tkey);
1321 if (priv_key == NULL) 1279 if (priv_key == NULL) {
1322 { 1280 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1323 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1324 goto err; 1281 goto err;
1325 } 1282 }
1326 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) 1283 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
1327 { 1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
1328 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1329 goto err; 1285 goto err;
1330 }
1331 } 1286 }
1332 else 1287 } else {
1333 {
1334 /* Generate a new ECDH key pair */ 1288 /* Generate a new ECDH key pair */
1335 if (!(EC_KEY_generate_key(clnt_ecdh))) 1289 if (!(EC_KEY_generate_key(clnt_ecdh))) {
1336 {
1337 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 1290 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1338 goto err; 1291 goto err;
1339 }
1340 } 1292 }
1293 }
1341 1294
1342 /* use the 'p' output buffer for the ECDH key, but 1295 /* use the 'p' output buffer for the ECDH key, but
1343 * make sure to clear it out afterwards 1296 * make sure to clear it out afterwards
1344 */ 1297 */
1345 1298
1346 field_size = EC_GROUP_get_degree(srvr_group); 1299 field_size = EC_GROUP_get_degree(srvr_group);
1347 if (field_size <= 0) 1300 if (field_size <= 0) {
1348 { 1301 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1349 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1302 ERR_R_ECDH_LIB);
1350 ERR_R_ECDH_LIB);
1351 goto err; 1303 goto err;
1352 } 1304 }
1353 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); 1305 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL);
1354 if (n <= 0) 1306 if (n <= 0) {
1355 { 1307 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1356 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1308 ERR_R_ECDH_LIB);
1357 ERR_R_ECDH_LIB);
1358 goto err; 1309 goto err;
1359 } 1310 }
1360 1311
1361 /* generate master key from the result */ 1312 /* generate master key from the result */
1362 s->session->master_key_length = s->method->ssl3_enc \ 1313 s->session->master_key_length = s->method->ssl3_enc \
1363 -> generate_master_secret(s, 1314 -> generate_master_secret(s,
1364 s->session->master_key, 1315 s->session->master_key,
1365 p, n); 1316 p, n);
1366 1317
1367 memset(p, 0, n); /* clean up */ 1318 memset(p, 0, n); /* clean up */
1368 1319
1369 if (ecdh_clnt_cert) 1320 if (ecdh_clnt_cert) {
1370 {
1371 /* Send empty client key exch message */ 1321 /* Send empty client key exch message */
1372 n = 0; 1322 n = 0;
1373 } 1323 } else {
1374 else
1375 {
1376 /* First check the size of encoding and 1324 /* First check the size of encoding and
1377 * allocate memory accordingly. 1325 * allocate memory accordingly.
1378 */ 1326 */
1379 encoded_pt_len = 1327 encoded_pt_len =
1380 EC_POINT_point2oct(srvr_group, 1328 EC_POINT_point2oct(srvr_group,
1381 EC_KEY_get0_public_key(clnt_ecdh), 1329 EC_KEY_get0_public_key(clnt_ecdh),
1382 POINT_CONVERSION_UNCOMPRESSED, 1330 POINT_CONVERSION_UNCOMPRESSED,
1383 NULL, 0, NULL); 1331 NULL, 0, NULL);
1384 1332
1385 encodedPoint = (unsigned char *) 1333 encodedPoint = (unsigned char *)
1386 OPENSSL_malloc(encoded_pt_len * 1334 OPENSSL_malloc(encoded_pt_len *
1387 sizeof(unsigned char)); 1335 sizeof(unsigned char));
1336
1388 bn_ctx = BN_CTX_new(); 1337 bn_ctx = BN_CTX_new();
1389 if ((encodedPoint == NULL) || 1338 if ((encodedPoint == NULL) ||
1390 (bn_ctx == NULL)) 1339 (bn_ctx == NULL)) {
1391 { 1340 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1392 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1393 goto err; 1341 goto err;
1394 } 1342 }
1395 1343
1396 /* Encode the public key */ 1344 /* Encode the public key */
1397 n = EC_POINT_point2oct(srvr_group, 1345 n = EC_POINT_point2oct(srvr_group,
1398 EC_KEY_get0_public_key(clnt_ecdh), 1346 EC_KEY_get0_public_key(clnt_ecdh),
1399 POINT_CONVERSION_UNCOMPRESSED, 1347 POINT_CONVERSION_UNCOMPRESSED,
1400 encodedPoint, encoded_pt_len, bn_ctx); 1348 encodedPoint, encoded_pt_len, bn_ctx);
1401 1349
1402 *p = n; /* length of encoded point */ 1350 *p = n; /* length of encoded point */
1403 /* Encoded point will be copied here */ 1351 /* Encoded point will be copied here */
1404 p += 1; 1352 p += 1;
1353
1405 /* copy the point */ 1354 /* copy the point */
1406 memcpy((unsigned char *)p, encodedPoint, n); 1355 memcpy((unsigned char *)p, encodedPoint, n);
1407 /* increment n to account for length field */ 1356 /* increment n to account for length field */
1408 n += 1; 1357 n += 1;
1409 } 1358
1359 }
1410 1360
1411 /* Free allocated memory */ 1361 /* Free allocated memory */
1412 BN_CTX_free(bn_ctx); 1362 BN_CTX_free(bn_ctx);
1413 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 1363 if (encodedPoint != NULL)
1414 if (clnt_ecdh != NULL) 1364 OPENSSL_free(encodedPoint);
1415 EC_KEY_free(clnt_ecdh); 1365 if (clnt_ecdh != NULL)
1366 EC_KEY_free(clnt_ecdh);
1416 EVP_PKEY_free(srvr_pub_pkey); 1367 EVP_PKEY_free(srvr_pub_pkey);
1417 } 1368 }
1418#endif /* !OPENSSL_NO_ECDH */ 1369#endif /* !OPENSSL_NO_ECDH */
1419 1370
1420#ifndef OPENSSL_NO_PSK 1371#ifndef OPENSSL_NO_PSK
1421 else if (alg_k & SSL_kPSK) 1372 else if (alg_k & SSL_kPSK) {
1422 {
1423 char identity[PSK_MAX_IDENTITY_LEN]; 1373 char identity[PSK_MAX_IDENTITY_LEN];
1424 unsigned char *t = NULL; 1374 unsigned char *t = NULL;
1425 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; 1375 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2 + 4];
1426 unsigned int pre_ms_len = 0, psk_len = 0; 1376 unsigned int pre_ms_len = 0, psk_len = 0;
1427 int psk_err = 1; 1377 int psk_err = 1;
1428 1378
1429 n = 0; 1379 n = 0;
1430 if (s->psk_client_callback == NULL) 1380 if (s->psk_client_callback == NULL) {
1431 {
1432 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1381 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1433 SSL_R_PSK_NO_CLIENT_CB); 1382 SSL_R_PSK_NO_CLIENT_CB);
1434 goto err; 1383 goto err;
1435 } 1384 }
1436 1385
1437 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, 1386 psk_len = s->psk_client_callback(s,
1438 identity, PSK_MAX_IDENTITY_LEN, 1387 s->ctx->psk_identity_hint, identity,
1439 psk_or_pre_ms, sizeof(psk_or_pre_ms)); 1388 PSK_MAX_IDENTITY_LEN, psk_or_pre_ms,
1440 if (psk_len > PSK_MAX_PSK_LEN) 1389 sizeof(psk_or_pre_ms));
1441 { 1390 if (psk_len > PSK_MAX_PSK_LEN) {
1442 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1391 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1443 ERR_R_INTERNAL_ERROR); 1392 ERR_R_INTERNAL_ERROR);
1444 goto psk_err; 1393 goto psk_err;
1445 } 1394 } else if (psk_len == 0) {
1446 else if (psk_len == 0)
1447 {
1448 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1395 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1449 SSL_R_PSK_IDENTITY_NOT_FOUND); 1396 SSL_R_PSK_IDENTITY_NOT_FOUND);
1450 goto psk_err; 1397 goto psk_err;
1451 } 1398 }
1452 1399
1453 /* create PSK pre_master_secret */ 1400 /* create PSK pre_master_secret */
1454 pre_ms_len = 2+psk_len+2+psk_len; 1401 pre_ms_len = 2 + psk_len + 2 + psk_len;
1455 t = psk_or_pre_ms; 1402 t = psk_or_pre_ms;
1456 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len); 1403 memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
1457 s2n(psk_len, t); 1404 s2n(psk_len, t);
1458 memset(t, 0, psk_len); 1405 memset(t, 0, psk_len);
1459 t+=psk_len; 1406 t += psk_len;
1460 s2n(psk_len, t); 1407 s2n(psk_len, t);
1461 1408
1462 if (s->session->psk_identity_hint != NULL) 1409 if (s->session->psk_identity_hint != NULL)
1463 OPENSSL_free(s->session->psk_identity_hint); 1410 OPENSSL_free(s->session->psk_identity_hint);
1464 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 1411 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
1465 if (s->ctx->psk_identity_hint != NULL && 1412 if (s->ctx->psk_identity_hint != NULL &&
1466 s->session->psk_identity_hint == NULL) 1413 s->session->psk_identity_hint == NULL) {
1467 {
1468 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1414 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1469 ERR_R_MALLOC_FAILURE); 1415 ERR_R_MALLOC_FAILURE);
1470 goto psk_err; 1416 goto psk_err;
1471 } 1417 }
1472 1418
1473 if (s->session->psk_identity != NULL) 1419 if (s->session->psk_identity != NULL)
1474 OPENSSL_free(s->session->psk_identity); 1420 OPENSSL_free(s->session->psk_identity);
1475 s->session->psk_identity = BUF_strdup(identity); 1421 s->session->psk_identity = BUF_strdup(identity);
1476 if (s->session->psk_identity == NULL) 1422 if (s->session->psk_identity == NULL) {
1477 {
1478 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1423 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1479 ERR_R_MALLOC_FAILURE); 1424 ERR_R_MALLOC_FAILURE);
1480 goto psk_err; 1425 goto psk_err;
1481 } 1426 }
1482 1427
1483 s->session->master_key_length = 1428 s->session->master_key_length =
1484 s->method->ssl3_enc->generate_master_secret(s, 1429 s->method->ssl3_enc->generate_master_secret(s,
1485 s->session->master_key, 1430 s->session->master_key,
1486 psk_or_pre_ms, pre_ms_len); 1431 psk_or_pre_ms, pre_ms_len);
1432
1487 n = strlen(identity); 1433 n = strlen(identity);
1488 s2n(n, p); 1434 s2n(n, p);
1489 memcpy(p, identity, n); 1435 memcpy(p, identity, n);
1490 n+=2; 1436 n += 2;
1491 psk_err = 0; 1437 psk_err = 0;
1492 psk_err: 1438psk_err:
1493 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); 1439 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
1494 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); 1440 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
1495 if (psk_err != 0) 1441 if (psk_err != 0) {
1496 {
1497 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1442 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1498 goto err; 1443 goto err;
1499 }
1500 } 1444 }
1445 }
1501#endif 1446#endif
1502 else 1447 else {
1503 { 1448 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1504 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1449 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1505 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1506 goto err; 1450 goto err;
1507 } 1451 }
1508 1452
1509 d = dtls1_set_message_header(s, d, 1453 d = dtls1_set_message_header(s, d,
1510 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n); 1454 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
1511 /* 1455 /*
1512 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; 1456 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1513 l2n3(n,d); 1457 l2n3(n,d);
1514 l2n(s->d1->handshake_write_seq,d); 1458 l2n(s->d1->handshake_write_seq,d);
1515 s->d1->handshake_write_seq++; 1459 s->d1->handshake_write_seq++;
1516 */ 1460 */
1517 1461
1518 s->state=SSL3_ST_CW_KEY_EXCH_B; 1462 s->state = SSL3_ST_CW_KEY_EXCH_B;
1519 /* number of bytes to write */ 1463 /* number of bytes to write */
1520 s->init_num=n+DTLS1_HM_HEADER_LENGTH; 1464 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1521 s->init_off=0; 1465 s->init_off = 0;
1522 1466
1523 /* buffer the message to handle re-xmits */ 1467 /* buffer the message to handle re-xmits */
1524 dtls1_buffer_message(s, 0); 1468 dtls1_buffer_message(s, 0);
1525 } 1469 }
1526 1470
1527 /* SSL3_ST_CW_KEY_EXCH_B */ 1471 /* SSL3_ST_CW_KEY_EXCH_B */
1528 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1472 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1529err: 1473err:
1530#ifndef OPENSSL_NO_ECDH 1474#ifndef OPENSSL_NO_ECDH
1531 BN_CTX_free(bn_ctx); 1475 BN_CTX_free(bn_ctx);
1532 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 1476 if (encodedPoint != NULL)
1533 if (clnt_ecdh != NULL) 1477 OPENSSL_free(encodedPoint);
1478 if (clnt_ecdh != NULL)
1534 EC_KEY_free(clnt_ecdh); 1479 EC_KEY_free(clnt_ecdh);
1535 EVP_PKEY_free(srvr_pub_pkey); 1480 EVP_PKEY_free(srvr_pub_pkey);
1536#endif 1481#endif
1537 return(-1); 1482 return (-1);
1538 } 1483}
1539 1484
1540int dtls1_send_client_verify(SSL *s) 1485int
1541 { 1486dtls1_send_client_verify(SSL *s)
1542 unsigned char *p,*d; 1487{
1543 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 1488 unsigned char *p, *d;
1489 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1544 EVP_PKEY *pkey; 1490 EVP_PKEY *pkey;
1545#ifndef OPENSSL_NO_RSA 1491#ifndef OPENSSL_NO_RSA
1546 unsigned u=0; 1492 unsigned u = 0;
1547#endif 1493#endif
1548 unsigned long n; 1494 unsigned long n;
1549#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) 1495#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1550 int j; 1496 int j;
1551#endif 1497#endif
1552 1498
1553 if (s->state == SSL3_ST_CW_CERT_VRFY_A) 1499 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
1554 { 1500 d = (unsigned char *)s->init_buf->data;
1555 d=(unsigned char *)s->init_buf->data; 1501 p = &(d[DTLS1_HM_HEADER_LENGTH]);
1556 p= &(d[DTLS1_HM_HEADER_LENGTH]); 1502 pkey = s->cert->key->privatekey;
1557 pkey=s->cert->key->privatekey;
1558 1503
1559 s->method->ssl3_enc->cert_verify_mac(s, 1504 s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
1560 NID_sha1, 1505 &(data[MD5_DIGEST_LENGTH]));
1561 &(data[MD5_DIGEST_LENGTH]));
1562 1506
1563#ifndef OPENSSL_NO_RSA 1507#ifndef OPENSSL_NO_RSA
1564 if (pkey->type == EVP_PKEY_RSA) 1508 if (pkey->type == EVP_PKEY_RSA) {
1565 {
1566 s->method->ssl3_enc->cert_verify_mac(s, 1509 s->method->ssl3_enc->cert_verify_mac(s,
1567 NID_md5, 1510 NID_md5, &(data[0]));
1568 &(data[0]));
1569 if (RSA_sign(NID_md5_sha1, data, 1511 if (RSA_sign(NID_md5_sha1, data,
1570 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 1512 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
1571 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 1513 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
1572 { 1514 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
1573 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
1574 goto err; 1515 goto err;
1575 }
1576 s2n(u,p);
1577 n=u+2;
1578 } 1516 }
1579 else 1517 s2n(u, p);
1518 n = u + 2;
1519 } else
1580#endif 1520#endif
1581#ifndef OPENSSL_NO_DSA 1521#ifndef OPENSSL_NO_DSA
1582 if (pkey->type == EVP_PKEY_DSA) 1522 if (pkey->type == EVP_PKEY_DSA) {
1583 {
1584 if (!DSA_sign(pkey->save_type, 1523 if (!DSA_sign(pkey->save_type,
1585 &(data[MD5_DIGEST_LENGTH]), 1524 &(data[MD5_DIGEST_LENGTH]),
1586 SHA_DIGEST_LENGTH,&(p[2]), 1525 SHA_DIGEST_LENGTH, &(p[2]),
1587 (unsigned int *)&j,pkey->pkey.dsa)) 1526 (unsigned int *)&j, pkey->pkey.dsa)) {
1588 { 1527 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
1589 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
1590 goto err; 1528 goto err;
1591 }
1592 s2n(j,p);
1593 n=j+2;
1594 } 1529 }
1595 else 1530 s2n(j, p);
1531 n = j + 2;
1532 } else
1596#endif 1533#endif
1597#ifndef OPENSSL_NO_ECDSA 1534#ifndef OPENSSL_NO_ECDSA
1598 if (pkey->type == EVP_PKEY_EC) 1535 if (pkey->type == EVP_PKEY_EC) {
1599 {
1600 if (!ECDSA_sign(pkey->save_type, 1536 if (!ECDSA_sign(pkey->save_type,
1601 &(data[MD5_DIGEST_LENGTH]), 1537 &(data[MD5_DIGEST_LENGTH]),
1602 SHA_DIGEST_LENGTH,&(p[2]), 1538 SHA_DIGEST_LENGTH, &(p[2]),
1603 (unsigned int *)&j,pkey->pkey.ec)) 1539 (unsigned int *)&j, pkey->pkey.ec)) {
1604 {
1605 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, 1540 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1606 ERR_R_ECDSA_LIB); 1541 ERR_R_ECDSA_LIB);
1607 goto err; 1542 goto err;
1608 }
1609 s2n(j,p);
1610 n=j+2;
1611 } 1543 }
1612 else 1544 s2n(j, p);
1545 n = j + 2;
1546 } else
1613#endif 1547#endif
1614 { 1548 {
1615 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); 1549 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
1616 goto err; 1550 goto err;
1617 } 1551 }
1618 1552
1619 d = dtls1_set_message_header(s, d, 1553 d = dtls1_set_message_header(s, d,
1620 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ; 1554 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
1621 1555
1622 s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH; 1556 s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
1623 s->init_off=0; 1557 s->init_off = 0;
1624 1558
1625 /* buffer the message to handle re-xmits */ 1559 /* buffer the message to handle re-xmits */
1626 dtls1_buffer_message(s, 0); 1560 dtls1_buffer_message(s, 0);
1627 1561
1628 s->state = SSL3_ST_CW_CERT_VRFY_B; 1562 s->state = SSL3_ST_CW_CERT_VRFY_B;
1629 } 1563 }
1630 1564
1631 /* s->state = SSL3_ST_CW_CERT_VRFY_B */ 1565 /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1632 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1566 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1633err: 1567err:
1634 return(-1); 1568 return (-1);
1635 } 1569}
1636 1570
1637int dtls1_send_client_certificate(SSL *s) 1571int
1638 { 1572dtls1_send_client_certificate(SSL *s)
1639 X509 *x509=NULL; 1573{
1640 EVP_PKEY *pkey=NULL; 1574 X509 *x509 = NULL;
1575 EVP_PKEY *pkey = NULL;
1641 int i; 1576 int i;
1642 unsigned long l; 1577 unsigned long l;
1643 1578
1644 if (s->state == SSL3_ST_CW_CERT_A) 1579 if (s->state == SSL3_ST_CW_CERT_A) {
1645 { 1580 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
1646 if ((s->cert == NULL) || 1581 (s->cert->key->privatekey == NULL))
1647 (s->cert->key->x509 == NULL) || 1582 s->state = SSL3_ST_CW_CERT_B;
1648 (s->cert->key->privatekey == NULL))
1649 s->state=SSL3_ST_CW_CERT_B;
1650 else 1583 else
1651 s->state=SSL3_ST_CW_CERT_C; 1584 s->state = SSL3_ST_CW_CERT_C;
1652 } 1585 }
1653 1586
1654 /* We need to get a client cert */ 1587 /* We need to get a client cert */
1655 if (s->state == SSL3_ST_CW_CERT_B) 1588 if (s->state == SSL3_ST_CW_CERT_B) {
1656 {
1657 /* If we get an error, we need to 1589 /* If we get an error, we need to
1658 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 1590 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1659 * We then get retied later */ 1591 * We then get retied later */
1660 i=0; 1592 i = 0;
1661 i = ssl_do_client_cert_cb(s, &x509, &pkey); 1593 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1662 if (i < 0) 1594 if (i < 0) {
1663 { 1595 s->rwstate = SSL_X509_LOOKUP;
1664 s->rwstate=SSL_X509_LOOKUP; 1596 return (-1);
1665 return(-1); 1597 }
1666 } 1598 s->rwstate = SSL_NOTHING;
1667 s->rwstate=SSL_NOTHING; 1599 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
1668 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) 1600 s->state = SSL3_ST_CW_CERT_B;
1669 { 1601 if (!SSL_use_certificate(s, x509) ||
1670 s->state=SSL3_ST_CW_CERT_B; 1602 !SSL_use_PrivateKey(s, pkey))
1671 if ( !SSL_use_certificate(s,x509) || 1603 i = 0;
1672 !SSL_use_PrivateKey(s,pkey)) 1604 } else if (i == 1) {
1673 i=0; 1605 i = 0;
1674 } 1606 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1675 else if (i == 1) 1607 }
1676 {
1677 i=0;
1678 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1679 }
1680 1608
1681 if (x509 != NULL) X509_free(x509); 1609 if (x509 != NULL)
1682 if (pkey != NULL) EVP_PKEY_free(pkey); 1610 X509_free(x509);
1683 if (i == 0) 1611 if (pkey != NULL)
1684 { 1612 EVP_PKEY_free(pkey);
1685 if (s->version == SSL3_VERSION) 1613 if (i == 0) {
1686 { 1614 if (s->version == SSL3_VERSION) {
1687 s->s3->tmp.cert_req=0; 1615 s->s3->tmp.cert_req = 0;
1688 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); 1616 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
1689 return(1); 1617 return (1);
1690 } 1618 } else {
1691 else 1619 s->s3->tmp.cert_req = 2;
1692 {
1693 s->s3->tmp.cert_req=2;
1694 }
1695 } 1620 }
1621 }
1696 1622
1697 /* Ok, we have a cert */ 1623 /* Ok, we have a cert */
1698 s->state=SSL3_ST_CW_CERT_C; 1624 s->state = SSL3_ST_CW_CERT_C;
1699 } 1625 }
1700 1626
1701 if (s->state == SSL3_ST_CW_CERT_C) 1627 if (s->state == SSL3_ST_CW_CERT_C) {
1702 { 1628 s->state = SSL3_ST_CW_CERT_D;
1703 s->state=SSL3_ST_CW_CERT_D; 1629 l = dtls1_output_cert_chain(s,
1704 l=dtls1_output_cert_chain(s, 1630 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
1705 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); 1631 s->init_num = (int)l;
1706 s->init_num=(int)l; 1632 s->init_off = 0;
1707 s->init_off=0;
1708 1633
1709 /* set header called by dtls1_output_cert_chain() */ 1634 /* set header called by dtls1_output_cert_chain() */
1710 1635
1711 /* buffer the message to handle re-xmits */ 1636 /* buffer the message to handle re-xmits */
1712 dtls1_buffer_message(s, 0); 1637 dtls1_buffer_message(s, 0);
1713 }
1714 /* SSL3_ST_CW_CERT_D */
1715 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1716 } 1638 }
1717 1639 /* SSL3_ST_CW_CERT_D */
1718 1640 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1641}
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index aacf8fd380..95dffe9484 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -129,47 +129,48 @@
129static const SSL_METHOD *dtls1_get_server_method(int ver); 129static const SSL_METHOD *dtls1_get_server_method(int ver);
130static int dtls1_send_hello_verify_request(SSL *s); 130static int dtls1_send_hello_verify_request(SSL *s);
131 131
132static const SSL_METHOD *dtls1_get_server_method(int ver) 132static const SSL_METHOD
133 { 133*dtls1_get_server_method(int ver)
134{
134 if (ver == DTLS1_VERSION) 135 if (ver == DTLS1_VERSION)
135 return(DTLSv1_server_method()); 136 return (DTLSv1_server_method());
136 else 137 else
137 return(NULL); 138 return (NULL);
138 } 139}
139 140
140IMPLEMENT_dtls1_meth_func(DTLSv1_server_method, 141IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
141 dtls1_accept, 142 dtls1_accept, ssl_undefined_function, dtls1_get_server_method)
142 ssl_undefined_function,
143 dtls1_get_server_method)
144 143
145int dtls1_accept(SSL *s) 144int
146 { 145dtls1_accept(SSL *s)
146{
147 BUF_MEM *buf; 147 BUF_MEM *buf;
148 unsigned long Time=(unsigned long)time(NULL); 148 unsigned long Time = (unsigned long)time(NULL);
149 void (*cb)(const SSL *ssl,int type,int val)=NULL; 149 void (*cb)(const SSL *ssl, int type, int val) = NULL;
150 unsigned long alg_k; 150 unsigned long alg_k;
151 int ret= -1; 151 int ret = -1;
152 int new_state,state,skip=0; 152 int new_state, state, skip = 0;
153 int listen; 153 int listen;
154#ifndef OPENSSL_NO_SCTP 154#ifndef OPENSSL_NO_SCTP
155 unsigned char sctpauthkey[64]; 155 unsigned char sctpauthkey[64];
156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; 156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
157#endif 157#endif
158 158
159 RAND_add(&Time,sizeof(Time),0); 159 RAND_add(&Time, sizeof(Time), 0);
160 ERR_clear_error(); 160 ERR_clear_error();
161 errno = 0; 161 errno = 0;
162 162
163 if (s->info_callback != NULL) 163 if (s->info_callback != NULL)
164 cb=s->info_callback; 164 cb = s->info_callback;
165 else if (s->ctx->info_callback != NULL) 165 else if (s->ctx->info_callback != NULL)
166 cb=s->ctx->info_callback; 166 cb = s->ctx->info_callback;
167 167
168 listen = s->d1->listen; 168 listen = s->d1->listen;
169 169
170 /* init things to blank */ 170 /* init things to blank */
171 s->in_handshake++; 171 s->in_handshake++;
172 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 172 if (!SSL_in_init(s) || SSL_in_before(s))
173 SSL_clear(s);
173 174
174 s->d1->listen = listen; 175 s->d1->listen = listen;
175#ifndef OPENSSL_NO_SCTP 176#ifndef OPENSSL_NO_SCTP
@@ -177,36 +178,33 @@ int dtls1_accept(SSL *s)
177 * mode and prevent stream identifier other 178 * mode and prevent stream identifier other
178 * than 0. Will be ignored if no SCTP is used. 179 * than 0. Will be ignored if no SCTP is used.
179 */ 180 */
180 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 181 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
182 s->in_handshake, NULL);
181#endif 183#endif
182 184
183 if (s->cert == NULL) 185 if (s->cert == NULL) {
184 { 186 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
185 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); 187 return (-1);
186 return(-1); 188 }
187 }
188 189
189#ifndef OPENSSL_NO_HEARTBEATS 190#ifndef OPENSSL_NO_HEARTBEATS
190 /* If we're awaiting a HeartbeatResponse, pretend we 191 /* If we're awaiting a HeartbeatResponse, pretend we
191 * already got and don't await it anymore, because 192 * already got and don't await it anymore, because
192 * Heartbeats don't make sense during handshakes anyway. 193 * Heartbeats don't make sense during handshakes anyway.
193 */ 194 */
194 if (s->tlsext_hb_pending) 195 if (s->tlsext_hb_pending) {
195 {
196 dtls1_stop_timer(s); 196 dtls1_stop_timer(s);
197 s->tlsext_hb_pending = 0; 197 s->tlsext_hb_pending = 0;
198 s->tlsext_hb_seq++; 198 s->tlsext_hb_seq++;
199 } 199 }
200#endif 200#endif
201 201
202 for (;;) 202 for (;;) {
203 { 203 state = s->state;
204 state=s->state;
205 204
206 switch (s->state) 205 switch (s->state) {
207 {
208 case SSL_ST_RENEGOTIATE: 206 case SSL_ST_RENEGOTIATE:
209 s->renegotiate=1; 207 s->renegotiate = 1;
210 /* s->state=SSL_ST_ACCEPT; */ 208 /* s->state=SSL_ST_ACCEPT; */
211 209
212 case SSL_ST_BEFORE: 210 case SSL_ST_BEFORE:
@@ -214,41 +212,36 @@ int dtls1_accept(SSL *s)
214 case SSL_ST_BEFORE|SSL_ST_ACCEPT: 212 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
215 case SSL_ST_OK|SSL_ST_ACCEPT: 213 case SSL_ST_OK|SSL_ST_ACCEPT:
216 214
217 s->server=1; 215 s->server = 1;
218 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 216 if (cb != NULL)
217 cb(s, SSL_CB_HANDSHAKE_START, 1);
219 218
220 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) 219 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
221 {
222 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); 220 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
223 return -1; 221 return -1;
224 } 222 }
225 s->type=SSL_ST_ACCEPT; 223 s->type = SSL_ST_ACCEPT;
226 224
227 if (s->init_buf == NULL) 225 if (s->init_buf == NULL) {
228 { 226 if ((buf = BUF_MEM_new()) == NULL) {
229 if ((buf=BUF_MEM_new()) == NULL) 227 ret = -1;
230 {
231 ret= -1;
232 goto end; 228 goto end;
233 } 229 }
234 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 230 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
235 { 231 ret = -1;
236 ret= -1;
237 goto end; 232 goto end;
238 }
239 s->init_buf=buf;
240 } 233 }
234 s->init_buf = buf;
235 }
241 236
242 if (!ssl3_setup_buffers(s)) 237 if (!ssl3_setup_buffers(s)) {
243 { 238 ret = -1;
244 ret= -1;
245 goto end; 239 goto end;
246 } 240 }
247 241
248 s->init_num=0; 242 s->init_num = 0;
249 243
250 if (s->state != SSL_ST_RENEGOTIATE) 244 if (s->state != SSL_ST_RENEGOTIATE) {
251 {
252 /* Ok, we now need to push on a buffering BIO so that 245 /* Ok, we now need to push on a buffering BIO so that
253 * the output is sent in a way that TCP likes :-) 246 * the output is sent in a way that TCP likes :-)
254 * ...but not with SCTP :-) 247 * ...but not with SCTP :-)
@@ -256,48 +249,51 @@ int dtls1_accept(SSL *s)
256#ifndef OPENSSL_NO_SCTP 249#ifndef OPENSSL_NO_SCTP
257 if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) 250 if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
258#endif 251#endif
259 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } 252 if (!ssl_init_wbio_buffer(s, 1)) {
253 ret = -1;
254 goto end;
255 }
260 256
261 ssl3_init_finished_mac(s); 257 ssl3_init_finished_mac(s);
262 s->state=SSL3_ST_SR_CLNT_HELLO_A; 258 s->state = SSL3_ST_SR_CLNT_HELLO_A;
263 s->ctx->stats.sess_accept++; 259 s->ctx->stats.sess_accept++;
264 } 260 } else {
265 else
266 {
267 /* s->state == SSL_ST_RENEGOTIATE, 261 /* s->state == SSL_ST_RENEGOTIATE,
268 * we will just send a HelloRequest */ 262 * we will just send a HelloRequest */
269 s->ctx->stats.sess_accept_renegotiate++; 263 s->ctx->stats.sess_accept_renegotiate++;
270 s->state=SSL3_ST_SW_HELLO_REQ_A; 264 s->state = SSL3_ST_SW_HELLO_REQ_A;
271 } 265 }
272 266
273 break; 267 break;
274 268
275 case SSL3_ST_SW_HELLO_REQ_A: 269 case SSL3_ST_SW_HELLO_REQ_A:
276 case SSL3_ST_SW_HELLO_REQ_B: 270 case SSL3_ST_SW_HELLO_REQ_B:
277 271
278 s->shutdown=0; 272 s->shutdown = 0;
279 dtls1_clear_record_buffer(s); 273 dtls1_clear_record_buffer(s);
280 dtls1_start_timer(s); 274 dtls1_start_timer(s);
281 ret=dtls1_send_hello_request(s); 275 ret = dtls1_send_hello_request(s);
282 if (ret <= 0) goto end; 276 if (ret <= 0)
283 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; 277 goto end;
284 s->state=SSL3_ST_SW_FLUSH; 278 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
285 s->init_num=0; 279 s->state = SSL3_ST_SW_FLUSH;
280 s->init_num = 0;
286 281
287 ssl3_init_finished_mac(s); 282 ssl3_init_finished_mac(s);
288 break; 283 break;
289 284
290 case SSL3_ST_SW_HELLO_REQ_C: 285 case SSL3_ST_SW_HELLO_REQ_C:
291 s->state=SSL_ST_OK; 286 s->state = SSL_ST_OK;
292 break; 287 break;
293 288
294 case SSL3_ST_SR_CLNT_HELLO_A: 289 case SSL3_ST_SR_CLNT_HELLO_A:
295 case SSL3_ST_SR_CLNT_HELLO_B: 290 case SSL3_ST_SR_CLNT_HELLO_B:
296 case SSL3_ST_SR_CLNT_HELLO_C: 291 case SSL3_ST_SR_CLNT_HELLO_C:
297 292
298 s->shutdown=0; 293 s->shutdown = 0;
299 ret=ssl3_get_client_hello(s); 294 ret = ssl3_get_client_hello(s);
300 if (ret <= 0) goto end; 295 if (ret <= 0)
296 goto end;
301 dtls1_stop_timer(s); 297 dtls1_stop_timer(s);
302 298
303 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) 299 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
@@ -305,17 +301,15 @@ int dtls1_accept(SSL *s)
305 else 301 else
306 s->state = SSL3_ST_SW_SRVR_HELLO_A; 302 s->state = SSL3_ST_SW_SRVR_HELLO_A;
307 303
308 s->init_num=0; 304 s->init_num = 0;
309 305
310 /* Reflect ClientHello sequence to remain stateless while listening */ 306 /* Reflect ClientHello sequence to remain stateless while listening */
311 if (listen) 307 if (listen) {
312 {
313 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); 308 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
314 } 309 }
315 310
316 /* If we're just listening, stop here */ 311 /* If we're just listening, stop here */
317 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) 312 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
318 {
319 ret = 2; 313 ret = 2;
320 s->d1->listen = 0; 314 s->d1->listen = 0;
321 /* Set expected sequence numbers 315 /* Set expected sequence numbers
@@ -325,57 +319,56 @@ int dtls1_accept(SSL *s)
325 s->d1->handshake_write_seq = 1; 319 s->d1->handshake_write_seq = 1;
326 s->d1->next_handshake_write_seq = 1; 320 s->d1->next_handshake_write_seq = 1;
327 goto end; 321 goto end;
328 } 322 }
329 323
330 break; 324 break;
331 325
332 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: 326 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
333 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: 327 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
334 328
335 ret = dtls1_send_hello_verify_request(s); 329 ret = dtls1_send_hello_verify_request(s);
336 if ( ret <= 0) goto end; 330 if (ret <= 0)
337 s->state=SSL3_ST_SW_FLUSH; 331 goto end;
338 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; 332 s->state = SSL3_ST_SW_FLUSH;
333 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
339 334
340 /* HelloVerifyRequest resets Finished MAC */ 335 /* HelloVerifyRequest resets Finished MAC */
341 if (s->version != DTLS1_BAD_VER) 336 if (s->version != DTLS1_BAD_VER)
342 ssl3_init_finished_mac(s); 337 ssl3_init_finished_mac(s);
343 break; 338 break;
344 339
345#ifndef OPENSSL_NO_SCTP 340#ifndef OPENSSL_NO_SCTP
346 case DTLS1_SCTP_ST_SR_READ_SOCK: 341 case DTLS1_SCTP_ST_SR_READ_SOCK:
347 342
348 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 343 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
349 { 344 s->s3->in_read_app_data = 2;
350 s->s3->in_read_app_data=2; 345 s->rwstate = SSL_READING;
351 s->rwstate=SSL_READING;
352 BIO_clear_retry_flags(SSL_get_rbio(s)); 346 BIO_clear_retry_flags(SSL_get_rbio(s));
353 BIO_set_retry_read(SSL_get_rbio(s)); 347 BIO_set_retry_read(SSL_get_rbio(s));
354 ret = -1; 348 ret = -1;
355 goto end; 349 goto end;
356 } 350 }
357 351
358 s->state=SSL3_ST_SR_FINISHED_A; 352 s->state = SSL3_ST_SR_FINISHED_A;
359 break; 353 break;
360 354
361 case DTLS1_SCTP_ST_SW_WRITE_SOCK: 355 case DTLS1_SCTP_ST_SW_WRITE_SOCK:
362 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); 356 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
363 if (ret < 0) goto end; 357 if (ret < 0)
364 358 goto end;
365 if (ret == 0) 359
366 { 360 if (ret == 0) {
367 if (s->d1->next_state != SSL_ST_OK) 361 if (s->d1->next_state != SSL_ST_OK) {
368 { 362 s->s3->in_read_app_data = 2;
369 s->s3->in_read_app_data=2; 363 s->rwstate = SSL_READING;
370 s->rwstate=SSL_READING;
371 BIO_clear_retry_flags(SSL_get_rbio(s)); 364 BIO_clear_retry_flags(SSL_get_rbio(s));
372 BIO_set_retry_read(SSL_get_rbio(s)); 365 BIO_set_retry_read(SSL_get_rbio(s));
373 ret = -1; 366 ret = -1;
374 goto end; 367 goto end;
375 }
376 } 368 }
369 }
377 370
378 s->state=s->d1->next_state; 371 s->state = s->d1->next_state;
379 break; 372 break;
380#endif 373#endif
381 374
@@ -383,67 +376,65 @@ int dtls1_accept(SSL *s)
383 case SSL3_ST_SW_SRVR_HELLO_B: 376 case SSL3_ST_SW_SRVR_HELLO_B:
384 s->renegotiate = 2; 377 s->renegotiate = 2;
385 dtls1_start_timer(s); 378 dtls1_start_timer(s);
386 ret=dtls1_send_server_hello(s); 379 ret = dtls1_send_server_hello(s);
387 if (ret <= 0) goto end; 380 if (ret <= 0)
381 goto end;
388 382
389 if (s->hit) 383 if (s->hit) {
390 {
391#ifndef OPENSSL_NO_SCTP 384#ifndef OPENSSL_NO_SCTP
392 /* Add new shared key for SCTP-Auth, 385 /* Add new shared key for SCTP-Auth,
393 * will be ignored if no SCTP used. 386 * will be ignored if no SCTP used.
394 */ 387 */
395 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 388 snprintf((char*)labelbuffer,
396 DTLS1_SCTP_AUTH_LABEL); 389 sizeof(DTLS1_SCTP_AUTH_LABEL),
390 DTLS1_SCTP_AUTH_LABEL);
397 391
398 SSL_export_keying_material(s, sctpauthkey, 392 SSL_export_keying_material(s, sctpauthkey,
399 sizeof(sctpauthkey), labelbuffer, 393 sizeof(sctpauthkey), labelbuffer,
400 sizeof(labelbuffer), NULL, 0, 0); 394 sizeof(labelbuffer), NULL, 0, 0);
401 395
402 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 396 BIO_ctrl(SSL_get_wbio(s),
403 sizeof(sctpauthkey), sctpauthkey); 397 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
398 sizeof(sctpauthkey), sctpauthkey);
404#endif 399#endif
405#ifndef OPENSSL_NO_TLSEXT 400#ifndef OPENSSL_NO_TLSEXT
406 if (s->tlsext_ticket_expected) 401 if (s->tlsext_ticket_expected)
407 s->state=SSL3_ST_SW_SESSION_TICKET_A; 402 s->state = SSL3_ST_SW_SESSION_TICKET_A;
408 else 403 else
409 s->state=SSL3_ST_SW_CHANGE_A; 404 s->state = SSL3_ST_SW_CHANGE_A;
410#else 405#else
411 s->state=SSL3_ST_SW_CHANGE_A; 406 s->state = SSL3_ST_SW_CHANGE_A;
412#endif 407#endif
413 } 408 } else
414 else 409 s->state = SSL3_ST_SW_CERT_A;
415 s->state=SSL3_ST_SW_CERT_A; 410 s->init_num = 0;
416 s->init_num=0;
417 break; 411 break;
418 412
419 case SSL3_ST_SW_CERT_A: 413 case SSL3_ST_SW_CERT_A:
420 case SSL3_ST_SW_CERT_B: 414 case SSL3_ST_SW_CERT_B:
421 /* Check if it is anon DH or normal PSK */ 415 /* Check if it is anon DH or normal PSK */
422 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) 416 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
423 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 417 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
424 {
425 dtls1_start_timer(s); 418 dtls1_start_timer(s);
426 ret=dtls1_send_server_certificate(s); 419 ret = dtls1_send_server_certificate(s);
427 if (ret <= 0) goto end; 420 if (ret <= 0)
421 goto end;
428#ifndef OPENSSL_NO_TLSEXT 422#ifndef OPENSSL_NO_TLSEXT
429 if (s->tlsext_status_expected) 423 if (s->tlsext_status_expected)
430 s->state=SSL3_ST_SW_CERT_STATUS_A; 424 s->state = SSL3_ST_SW_CERT_STATUS_A;
431 else 425 else
432 s->state=SSL3_ST_SW_KEY_EXCH_A; 426 s->state = SSL3_ST_SW_KEY_EXCH_A;
433 } 427 } else {
434 else
435 {
436 skip = 1; 428 skip = 1;
437 s->state=SSL3_ST_SW_KEY_EXCH_A; 429 s->state = SSL3_ST_SW_KEY_EXCH_A;
438 } 430 }
439#else 431#else
440 } 432 } else
441 else 433 skip = 1;
442 skip=1;
443 434
444 s->state=SSL3_ST_SW_KEY_EXCH_A; 435 s->state = SSL3_ST_SW_KEY_EXCH_A;
445#endif 436#endif
446 s->init_num=0; 437 s->init_num = 0;
447 break; 438 break;
448 439
449 case SSL3_ST_SW_KEY_EXCH_A: 440 case SSL3_ST_SW_KEY_EXCH_A:
@@ -454,16 +445,16 @@ int dtls1_accept(SSL *s)
454 * send_server_key_exchange */ 445 * send_server_key_exchange */
455 if ((s->options & SSL_OP_EPHEMERAL_RSA) 446 if ((s->options & SSL_OP_EPHEMERAL_RSA)
456#ifndef OPENSSL_NO_KRB5 447#ifndef OPENSSL_NO_KRB5
457 && !(alg_k & SSL_kKRB5) 448 && !(alg_k & SSL_kKRB5)
458#endif /* OPENSSL_NO_KRB5 */ 449#endif /* OPENSSL_NO_KRB5 */
459 ) 450 )
460 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key 451 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
461 * even when forbidden by protocol specs 452 * even when forbidden by protocol specs
462 * (handshake may fail as clients are not required to 453 * (handshake may fail as clients are not required to
463 * be able to handle this) */ 454 * be able to handle this) */
464 s->s3->tmp.use_rsa_tmp=1; 455 s->s3->tmp.use_rsa_tmp = 1;
465 else 456 else
466 s->s3->tmp.use_rsa_tmp=0; 457 s->s3->tmp.use_rsa_tmp = 0;
467 458
468 /* only send if a DH key exchange or 459 /* only send if a DH key exchange or
469 * RSA but we have a sign only certificate */ 460 * RSA but we have a sign only certificate */
@@ -471,119 +462,112 @@ int dtls1_accept(SSL *s)
471 /* PSK: send ServerKeyExchange if PSK identity 462 /* PSK: send ServerKeyExchange if PSK identity
472 * hint if provided */ 463 * hint if provided */
473#ifndef OPENSSL_NO_PSK 464#ifndef OPENSSL_NO_PSK
474 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) 465 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
475#endif 466#endif
476 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 467 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
477 || (alg_k & SSL_kEECDH) 468 || (alg_k & SSL_kEECDH)
478 || ((alg_k & SSL_kRSA) 469 || ((alg_k & SSL_kRSA)
479 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL 470 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
480 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) 471 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
481 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) 472 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
482 ) 473 )
483 ) 474 )
484 ) 475 )
485 ) 476 ) {
486 {
487 dtls1_start_timer(s); 477 dtls1_start_timer(s);
488 ret=dtls1_send_server_key_exchange(s); 478 ret = dtls1_send_server_key_exchange(s);
489 if (ret <= 0) goto end; 479 if (ret <= 0)
490 } 480 goto end;
491 else 481 } else
492 skip=1; 482 skip = 1;
493 483
494 s->state=SSL3_ST_SW_CERT_REQ_A; 484 s->state = SSL3_ST_SW_CERT_REQ_A;
495 s->init_num=0; 485 s->init_num = 0;
496 break; 486 break;
497 487
498 case SSL3_ST_SW_CERT_REQ_A: 488 case SSL3_ST_SW_CERT_REQ_A:
499 case SSL3_ST_SW_CERT_REQ_B: 489 case SSL3_ST_SW_CERT_REQ_B:
500 if (/* don't request cert unless asked for it: */ 490 if (/* don't request cert unless asked for it: */
501 !(s->verify_mode & SSL_VERIFY_PEER) || 491 !(s->verify_mode & SSL_VERIFY_PEER) ||
502 /* if SSL_VERIFY_CLIENT_ONCE is set, 492 /* if SSL_VERIFY_CLIENT_ONCE is set,
503 * don't request cert during re-negotiation: */ 493 * don't request cert during re-negotiation: */
504 ((s->session->peer != NULL) && 494 ((s->session->peer != NULL) &&
505 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || 495 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
506 /* never request cert in anonymous ciphersuites 496 /* never request cert in anonymous ciphersuites
507 * (see section "Certificate request" in SSL 3 drafts 497 * (see section "Certificate request" in SSL 3 drafts
508 * and in RFC 2246): */ 498 * and in RFC 2246): */
509 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 499 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
510 /* ... except when the application insists on verification 500 /* ... except when the application insists on verification
511 * (against the specs, but s3_clnt.c accepts this for SSL 3) */ 501 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
512 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || 502 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
513 /* never request cert in Kerberos ciphersuites */ 503 /* never request cert in Kerberos ciphersuites */
514 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) 504 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
515 /* With normal PSK Certificates and 505 /* With normal PSK Certificates and
516 * Certificate Requests are omitted */ 506 * Certificate Requests are omitted */
517 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 507 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
518 {
519 /* no cert request */ 508 /* no cert request */
520 skip=1; 509 skip = 1;
521 s->s3->tmp.cert_request=0; 510 s->s3->tmp.cert_request = 0;
522 s->state=SSL3_ST_SW_SRVR_DONE_A; 511 s->state = SSL3_ST_SW_SRVR_DONE_A;
523#ifndef OPENSSL_NO_SCTP 512#ifndef OPENSSL_NO_SCTP
524 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 513 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
525 {
526 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; 514 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
527 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; 515 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
528 }
529#endif
530 } 516 }
531 else 517#endif
532 { 518 } else {
533 s->s3->tmp.cert_request=1; 519 s->s3->tmp.cert_request = 1;
534 dtls1_start_timer(s); 520 dtls1_start_timer(s);
535 ret=dtls1_send_certificate_request(s); 521 ret = dtls1_send_certificate_request(s);
536 if (ret <= 0) goto end; 522 if (ret <= 0)
523 goto end;
537#ifndef NETSCAPE_HANG_BUG 524#ifndef NETSCAPE_HANG_BUG
538 s->state=SSL3_ST_SW_SRVR_DONE_A; 525 s->state = SSL3_ST_SW_SRVR_DONE_A;
539#ifndef OPENSSL_NO_SCTP 526#ifndef OPENSSL_NO_SCTP
540 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 527 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
541 {
542 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; 528 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
543 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; 529 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
544 } 530 }
545#endif 531#endif
546#else 532#else
547 s->state=SSL3_ST_SW_FLUSH; 533 s->state = SSL3_ST_SW_FLUSH;
548 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; 534 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
549#ifndef OPENSSL_NO_SCTP 535#ifndef OPENSSL_NO_SCTP
550 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 536 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
551 {
552 s->d1->next_state = s->s3->tmp.next_state; 537 s->d1->next_state = s->s3->tmp.next_state;
553 s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; 538 s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
554 } 539 }
555#endif 540#endif
556#endif 541#endif
557 s->init_num=0; 542 s->init_num = 0;
558 } 543 }
559 break; 544 break;
560 545
561 case SSL3_ST_SW_SRVR_DONE_A: 546 case SSL3_ST_SW_SRVR_DONE_A:
562 case SSL3_ST_SW_SRVR_DONE_B: 547 case SSL3_ST_SW_SRVR_DONE_B:
563 dtls1_start_timer(s); 548 dtls1_start_timer(s);
564 ret=dtls1_send_server_done(s); 549 ret = dtls1_send_server_done(s);
565 if (ret <= 0) goto end; 550 if (ret <= 0)
566 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; 551 goto end;
567 s->state=SSL3_ST_SW_FLUSH; 552 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
568 s->init_num=0; 553 s->state = SSL3_ST_SW_FLUSH;
554 s->init_num = 0;
569 break; 555 break;
570 556
571 case SSL3_ST_SW_FLUSH: 557 case SSL3_ST_SW_FLUSH:
572 s->rwstate=SSL_WRITING; 558 s->rwstate = SSL_WRITING;
573 if (BIO_flush(s->wbio) <= 0) 559 if (BIO_flush(s->wbio) <= 0) {
574 {
575 /* If the write error was fatal, stop trying */ 560 /* If the write error was fatal, stop trying */
576 if (!BIO_should_retry(s->wbio)) 561 if (!BIO_should_retry(s->wbio)) {
577 { 562 s->rwstate = SSL_NOTHING;
578 s->rwstate=SSL_NOTHING; 563 s->state = s->s3->tmp.next_state;
579 s->state=s->s3->tmp.next_state;
580 }
581
582 ret= -1;
583 goto end;
584 } 564 }
585 s->rwstate=SSL_NOTHING; 565
586 s->state=s->s3->tmp.next_state; 566 ret = -1;
567 goto end;
568 }
569 s->rwstate = SSL_NOTHING;
570 s->state = s->s3->tmp.next_state;
587 break; 571 break;
588 572
589 case SSL3_ST_SR_CERT_A: 573 case SSL3_ST_SR_CERT_A:
@@ -592,67 +576,65 @@ int dtls1_accept(SSL *s)
592 ret = ssl3_check_client_hello(s); 576 ret = ssl3_check_client_hello(s);
593 if (ret <= 0) 577 if (ret <= 0)
594 goto end; 578 goto end;
595 if (ret == 2) 579 if (ret == 2) {
596 {
597 dtls1_stop_timer(s); 580 dtls1_stop_timer(s);
598 s->state = SSL3_ST_SR_CLNT_HELLO_C; 581 s->state = SSL3_ST_SR_CLNT_HELLO_C;
599 } 582 } else {
600 else {
601 /* could be sent for a DH cert, even if we 583 /* could be sent for a DH cert, even if we
602 * have not asked for it :-) */ 584 * have not asked for it :-) */
603 ret=ssl3_get_client_certificate(s); 585 ret = ssl3_get_client_certificate(s);
604 if (ret <= 0) goto end; 586 if (ret <= 0)
605 s->init_num=0; 587 goto end;
606 s->state=SSL3_ST_SR_KEY_EXCH_A; 588 s->init_num = 0;
589 s->state = SSL3_ST_SR_KEY_EXCH_A;
607 } 590 }
608 break; 591 break;
609 592
610 case SSL3_ST_SR_KEY_EXCH_A: 593 case SSL3_ST_SR_KEY_EXCH_A:
611 case SSL3_ST_SR_KEY_EXCH_B: 594 case SSL3_ST_SR_KEY_EXCH_B:
612 ret=ssl3_get_client_key_exchange(s); 595 ret = ssl3_get_client_key_exchange(s);
613 if (ret <= 0) goto end; 596 if (ret <= 0)
597 goto end;
614#ifndef OPENSSL_NO_SCTP 598#ifndef OPENSSL_NO_SCTP
615 /* Add new shared key for SCTP-Auth, 599 /* Add new shared key for SCTP-Auth,
616 * will be ignored if no SCTP used. 600 * will be ignored if no SCTP used.
617 */ 601 */
618 snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 602 snprintf((char *)labelbuffer,
619 DTLS1_SCTP_AUTH_LABEL); 603 sizeof(DTLS1_SCTP_AUTH_LABEL),
604 DTLS1_SCTP_AUTH_LABEL);
620 605
621 SSL_export_keying_material(s, sctpauthkey, 606 SSL_export_keying_material(s, sctpauthkey,
622 sizeof(sctpauthkey), labelbuffer, 607 sizeof(sctpauthkey), labelbuffer,
623 sizeof(labelbuffer), NULL, 0, 0); 608 sizeof(labelbuffer), NULL, 0, 0);
624 609
625 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 610 BIO_ctrl(SSL_get_wbio(s),
626 sizeof(sctpauthkey), sctpauthkey); 611 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
612 sizeof(sctpauthkey), sctpauthkey);
627#endif 613#endif
628 614
629 s->state=SSL3_ST_SR_CERT_VRFY_A; 615 s->state = SSL3_ST_SR_CERT_VRFY_A;
630 s->init_num=0; 616 s->init_num = 0;
631 617
632 if (ret == 2) 618 if (ret == 2) {
633 {
634 /* For the ECDH ciphersuites when 619 /* For the ECDH ciphersuites when
635 * the client sends its ECDH pub key in 620 * the client sends its ECDH pub key in
636 * a certificate, the CertificateVerify 621 * a certificate, the CertificateVerify
637 * message is not sent. 622 * message is not sent.
638 */ 623 */
639 s->state=SSL3_ST_SR_FINISHED_A; 624 s->state = SSL3_ST_SR_FINISHED_A;
625 s->init_num = 0;
626 } else {
627 s->state = SSL3_ST_SR_CERT_VRFY_A;
640 s->init_num = 0; 628 s->init_num = 0;
641 }
642 else
643 {
644 s->state=SSL3_ST_SR_CERT_VRFY_A;
645 s->init_num=0;
646 629
647 /* We need to get hashes here so if there is 630 /* We need to get hashes here so if there is
648 * a client cert, it can be verified */ 631 * a client cert, it can be verified */
649 s->method->ssl3_enc->cert_verify_mac(s, 632 s->method->ssl3_enc->cert_verify_mac(s,
650 NID_md5, 633 NID_md5, &(s->s3->tmp.cert_verify_md[0]));
651 &(s->s3->tmp.cert_verify_md[0]));
652 s->method->ssl3_enc->cert_verify_mac(s, 634 s->method->ssl3_enc->cert_verify_mac(s,
653 NID_sha1, 635 NID_sha1,
654 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); 636 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
655 } 637 }
656 break; 638 break;
657 639
658 case SSL3_ST_SR_CERT_VRFY_A: 640 case SSL3_ST_SR_CERT_VRFY_A:
@@ -660,51 +642,55 @@ int dtls1_accept(SSL *s)
660 642
661 s->d1->change_cipher_spec_ok = 1; 643 s->d1->change_cipher_spec_ok = 1;
662 /* we should decide if we expected this one */ 644 /* we should decide if we expected this one */
663 ret=ssl3_get_cert_verify(s); 645 ret = ssl3_get_cert_verify(s);
664 if (ret <= 0) goto end; 646 if (ret <= 0)
647 goto end;
665#ifndef OPENSSL_NO_SCTP 648#ifndef OPENSSL_NO_SCTP
666 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 649 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
667 state == SSL_ST_RENEGOTIATE) 650 state == SSL_ST_RENEGOTIATE)
668 s->state=DTLS1_SCTP_ST_SR_READ_SOCK; 651 s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
669 else 652 else
670#endif 653#endif
671 s->state=SSL3_ST_SR_FINISHED_A; 654 s->state = SSL3_ST_SR_FINISHED_A;
672 s->init_num=0; 655 s->init_num = 0;
673 break; 656 break;
674 657
675 case SSL3_ST_SR_FINISHED_A: 658 case SSL3_ST_SR_FINISHED_A:
676 case SSL3_ST_SR_FINISHED_B: 659 case SSL3_ST_SR_FINISHED_B:
677 s->d1->change_cipher_spec_ok = 1; 660 s->d1->change_cipher_spec_ok = 1;
678 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, 661 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
679 SSL3_ST_SR_FINISHED_B); 662 SSL3_ST_SR_FINISHED_B);
680 if (ret <= 0) goto end; 663 if (ret <= 0)
664 goto end;
681 dtls1_stop_timer(s); 665 dtls1_stop_timer(s);
682 if (s->hit) 666 if (s->hit)
683 s->state=SSL_ST_OK; 667 s->state = SSL_ST_OK;
684#ifndef OPENSSL_NO_TLSEXT 668#ifndef OPENSSL_NO_TLSEXT
685 else if (s->tlsext_ticket_expected) 669 else if (s->tlsext_ticket_expected)
686 s->state=SSL3_ST_SW_SESSION_TICKET_A; 670 s->state = SSL3_ST_SW_SESSION_TICKET_A;
687#endif 671#endif
688 else 672 else
689 s->state=SSL3_ST_SW_CHANGE_A; 673 s->state = SSL3_ST_SW_CHANGE_A;
690 s->init_num=0; 674 s->init_num = 0;
691 break; 675 break;
692 676
693#ifndef OPENSSL_NO_TLSEXT 677#ifndef OPENSSL_NO_TLSEXT
694 case SSL3_ST_SW_SESSION_TICKET_A: 678 case SSL3_ST_SW_SESSION_TICKET_A:
695 case SSL3_ST_SW_SESSION_TICKET_B: 679 case SSL3_ST_SW_SESSION_TICKET_B:
696 ret=dtls1_send_newsession_ticket(s); 680 ret = dtls1_send_newsession_ticket(s);
697 if (ret <= 0) goto end; 681 if (ret <= 0)
698 s->state=SSL3_ST_SW_CHANGE_A; 682 goto end;
699 s->init_num=0; 683 s->state = SSL3_ST_SW_CHANGE_A;
684 s->init_num = 0;
700 break; 685 break;
701 686
702 case SSL3_ST_SW_CERT_STATUS_A: 687 case SSL3_ST_SW_CERT_STATUS_A:
703 case SSL3_ST_SW_CERT_STATUS_B: 688 case SSL3_ST_SW_CERT_STATUS_B:
704 ret=ssl3_send_cert_status(s); 689 ret = ssl3_send_cert_status(s);
705 if (ret <= 0) goto end; 690 if (ret <= 0)
706 s->state=SSL3_ST_SW_KEY_EXCH_A; 691 goto end;
707 s->init_num=0; 692 s->state = SSL3_ST_SW_KEY_EXCH_A;
693 s->init_num = 0;
708 break; 694 break;
709 695
710#endif 696#endif
@@ -712,69 +698,69 @@ int dtls1_accept(SSL *s)
712 case SSL3_ST_SW_CHANGE_A: 698 case SSL3_ST_SW_CHANGE_A:
713 case SSL3_ST_SW_CHANGE_B: 699 case SSL3_ST_SW_CHANGE_B:
714 700
715 s->session->cipher=s->s3->tmp.new_cipher; 701 s->session->cipher = s->s3->tmp.new_cipher;
716 if (!s->method->ssl3_enc->setup_key_block(s)) 702 if (!s->method->ssl3_enc->setup_key_block(s)) {
717 { ret= -1; goto end; } 703 ret = -1;
704 goto end;
705 }
718 706
719 ret=dtls1_send_change_cipher_spec(s, 707 ret = dtls1_send_change_cipher_spec(s,
720 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); 708 SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
721 709
722 if (ret <= 0) goto end; 710 if (ret <= 0)
711 goto end;
723 712
724#ifndef OPENSSL_NO_SCTP 713#ifndef OPENSSL_NO_SCTP
725 if (!s->hit) 714 if (!s->hit) {
726 {
727 /* Change to new shared key of SCTP-Auth, 715 /* Change to new shared key of SCTP-Auth,
728 * will be ignored if no SCTP used. 716 * will be ignored if no SCTP used.
729 */ 717 */
730 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 718 BIO_ctrl(SSL_get_wbio(s),
731 } 719 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
720 }
732#endif 721#endif
733 722
734 s->state=SSL3_ST_SW_FINISHED_A; 723 s->state = SSL3_ST_SW_FINISHED_A;
735 s->init_num=0; 724 s->init_num = 0;
736 725
737 if (!s->method->ssl3_enc->change_cipher_state(s, 726 if (!s->method->ssl3_enc->change_cipher_state(s,
738 SSL3_CHANGE_CIPHER_SERVER_WRITE)) 727 SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
739 { 728 ret = -1;
740 ret= -1;
741 goto end; 729 goto end;
742 } 730 }
743 731
744 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); 732 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
745 break; 733 break;
746 734
747 case SSL3_ST_SW_FINISHED_A: 735 case SSL3_ST_SW_FINISHED_A:
748 case SSL3_ST_SW_FINISHED_B: 736 case SSL3_ST_SW_FINISHED_B:
749 ret=dtls1_send_finished(s, 737 ret = dtls1_send_finished(s,
750 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, 738 SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
751 s->method->ssl3_enc->server_finished_label, 739 s->method->ssl3_enc->server_finished_label,
752 s->method->ssl3_enc->server_finished_label_len); 740 s->method->ssl3_enc->server_finished_label_len);
753 if (ret <= 0) goto end; 741 if (ret <= 0)
754 s->state=SSL3_ST_SW_FLUSH; 742 goto end;
755 if (s->hit) 743 s->state = SSL3_ST_SW_FLUSH;
756 { 744 if (s->hit) {
757 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; 745 s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
758 746
759#ifndef OPENSSL_NO_SCTP 747#ifndef OPENSSL_NO_SCTP
760 /* Change to new shared key of SCTP-Auth, 748 /* Change to new shared key of SCTP-Auth,
761 * will be ignored if no SCTP used. 749 * will be ignored if no SCTP used.
762 */ 750 */
763 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 751 BIO_ctrl(SSL_get_wbio(s),
752 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
764#endif 753#endif
765 } 754 } else {
766 else 755 s->s3->tmp.next_state = SSL_ST_OK;
767 {
768 s->s3->tmp.next_state=SSL_ST_OK;
769#ifndef OPENSSL_NO_SCTP 756#ifndef OPENSSL_NO_SCTP
770 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 757 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
771 {
772 s->d1->next_state = s->s3->tmp.next_state; 758 s->d1->next_state = s->s3->tmp.next_state;
773 s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; 759 s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
774 }
775#endif
776 } 760 }
777 s->init_num=0; 761#endif
762 }
763 s->init_num = 0;
778 break; 764 break;
779 765
780 case SSL_ST_OK: 766 case SSL_ST_OK:
@@ -783,28 +769,29 @@ int dtls1_accept(SSL *s)
783 769
784#if 0 770#if 0
785 BUF_MEM_free(s->init_buf); 771 BUF_MEM_free(s->init_buf);
786 s->init_buf=NULL; 772 s->init_buf = NULL;
787#endif 773#endif
788 774
789 /* remove buffering on output */ 775 /* remove buffering on output */
790 ssl_free_wbio_buffer(s); 776 ssl_free_wbio_buffer(s);
791 777
792 s->init_num=0; 778 s->init_num = 0;
793 779
794 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ 780 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
795 { 781 {
796 s->renegotiate=0; 782 s->renegotiate = 0;
797 s->new_session=0; 783 s->new_session = 0;
798 784
799 ssl_update_cache(s,SSL_SESS_CACHE_SERVER); 785 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
800 786
801 s->ctx->stats.sess_accept_good++; 787 s->ctx->stats.sess_accept_good++;
802 /* s->server=1; */ 788 /* s->server=1; */
803 s->handshake_func=dtls1_accept; 789 s->handshake_func = dtls1_accept;
790
791 if (cb != NULL)
792 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
793 }
804 794
805 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
806 }
807
808 ret = 1; 795 ret = 1;
809 796
810 /* done handshaking, next message is client hello */ 797 /* done handshaking, next message is client hello */
@@ -816,77 +803,74 @@ int dtls1_accept(SSL *s)
816 /* break; */ 803 /* break; */
817 804
818 default: 805 default:
819 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE); 806 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
820 ret= -1; 807 ret = -1;
821 goto end; 808 goto end;
822 /* break; */ 809 /* break; */
823 } 810 }
824
825 if (!s->s3->tmp.reuse_message && !skip)
826 {
827 if (s->debug)
828 {
829 if ((ret=BIO_flush(s->wbio)) <= 0)
830 goto end;
831 }
832 811
812 if (!s->s3->tmp.reuse_message && !skip) {
813 if (s->debug) {
814 if ((ret = BIO_flush(s->wbio)) <= 0)
815 goto end;
816 }
833 817
834 if ((cb != NULL) && (s->state != state)) 818 if ((cb != NULL) && (s->state != state)) {
835 { 819 new_state = s->state;
836 new_state=s->state; 820 s->state = state;
837 s->state=state; 821 cb(s, SSL_CB_ACCEPT_LOOP, 1);
838 cb(s,SSL_CB_ACCEPT_LOOP,1); 822 s->state = new_state;
839 s->state=new_state;
840 }
841 } 823 }
842 skip=0;
843 } 824 }
825 skip = 0;
826 }
844end: 827end:
845 /* BIO_flush(s->wbio); */ 828 /* BIO_flush(s->wbio); */
846 829
847 s->in_handshake--; 830 s->in_handshake--;
848#ifndef OPENSSL_NO_SCTP 831#ifndef OPENSSL_NO_SCTP
849 /* Notify SCTP BIO socket to leave handshake 832 /* Notify SCTP BIO socket to leave handshake
850 * mode and prevent stream identifier other 833 * mode and prevent stream identifier other
851 * than 0. Will be ignored if no SCTP is used. 834 * than 0. Will be ignored if no SCTP is used.
852 */ 835 */
853 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 836 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
837 s->in_handshake, NULL);
854#endif 838#endif
855 839
856 if (cb != NULL) 840 if (cb != NULL)
857 cb(s,SSL_CB_ACCEPT_EXIT,ret); 841 cb(s, SSL_CB_ACCEPT_EXIT, ret);
858 return(ret); 842 return (ret);
859 } 843}
860 844
861int dtls1_send_hello_request(SSL *s) 845int
862 { 846dtls1_send_hello_request(SSL *s)
847{
863 unsigned char *p; 848 unsigned char *p;
864 849
865 if (s->state == SSL3_ST_SW_HELLO_REQ_A) 850 if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
866 { 851 p = (unsigned char *)s->init_buf->data;
867 p=(unsigned char *)s->init_buf->data;
868 p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0); 852 p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
869 853
870 s->state=SSL3_ST_SW_HELLO_REQ_B; 854 s->state = SSL3_ST_SW_HELLO_REQ_B;
871 /* number of bytes to write */ 855 /* number of bytes to write */
872 s->init_num=DTLS1_HM_HEADER_LENGTH; 856 s->init_num = DTLS1_HM_HEADER_LENGTH;
873 s->init_off=0; 857 s->init_off = 0;
874 858
875 /* no need to buffer this message, since there are no retransmit 859 /* no need to buffer this message, since there are no retransmit
876 * requests for it */ 860 * requests for it */
877 } 861 }
878 862
879 /* SSL3_ST_SW_HELLO_REQ_B */ 863 /* SSL3_ST_SW_HELLO_REQ_B */
880 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 864 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
881 } 865}
882 866
883int dtls1_send_hello_verify_request(SSL *s) 867int
884 { 868dtls1_send_hello_verify_request(SSL *s)
869{
885 unsigned int msg_len; 870 unsigned int msg_len;
886 unsigned char *msg, *buf, *p; 871 unsigned char *msg, *buf, *p;
887 872
888 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) 873 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
889 {
890 buf = (unsigned char *)s->init_buf->data; 874 buf = (unsigned char *)s->init_buf->data;
891 875
892 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); 876 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
@@ -894,12 +878,11 @@ int dtls1_send_hello_verify_request(SSL *s)
894 *(p++) = s->version & 0xFF; 878 *(p++) = s->version & 0xFF;
895 879
896 if (s->ctx->app_gen_cookie_cb == NULL || 880 if (s->ctx->app_gen_cookie_cb == NULL ||
897 s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 881 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
898 &(s->d1->cookie_len)) == 0) 882 &(s->d1->cookie_len)) == 0) {
899 { 883 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR);
900 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
901 return 0; 884 return 0;
902 } 885 }
903 886
904 *(p++) = (unsigned char) s->d1->cookie_len; 887 *(p++) = (unsigned char) s->d1->cookie_len;
905 memcpy(p, s->d1->cookie, s->d1->cookie_len); 888 memcpy(p, s->d1->cookie, s->d1->cookie_len);
@@ -907,40 +890,40 @@ int dtls1_send_hello_verify_request(SSL *s)
907 msg_len = p - msg; 890 msg_len = p - msg;
908 891
909 dtls1_set_message_header(s, buf, 892 dtls1_set_message_header(s, buf,
910 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len); 893 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
911 894
912 s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; 895 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
913 /* number of bytes to write */ 896 /* number of bytes to write */
914 s->init_num=p-buf; 897 s->init_num = p - buf;
915 s->init_off=0; 898 s->init_off = 0;
916 } 899 }
917 900
918 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ 901 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
919 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 902 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
920 } 903}
921 904
922int dtls1_send_server_hello(SSL *s) 905int
923 { 906dtls1_send_server_hello(SSL *s)
907{
924 unsigned char *buf; 908 unsigned char *buf;
925 unsigned char *p,*d; 909 unsigned char *p, *d;
926 int i; 910 int i;
927 unsigned int sl; 911 unsigned int sl;
928 unsigned long l; 912 unsigned long l;
929 913
930 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) 914 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
931 { 915 buf = (unsigned char *)s->init_buf->data;
932 buf=(unsigned char *)s->init_buf->data; 916 p = s->s3->server_random;
933 p=s->s3->server_random;
934 ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE); 917 ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
935 /* Do the message type and length last */ 918 /* Do the message type and length last */
936 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); 919 d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
937 920
938 *(p++)=s->version>>8; 921 *(p++) = s->version >> 8;
939 *(p++)=s->version&0xff; 922 *(p++) = s->version&0xff;
940 923
941 /* Random stuff */ 924 /* Random stuff */
942 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); 925 memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
943 p+=SSL3_RANDOM_SIZE; 926 p += SSL3_RANDOM_SIZE;
944 927
945 /* now in theory we have 3 options to sending back the 928 /* now in theory we have 3 options to sending back the
946 * session id. If it is a re-use, we send back the 929 * session id. If it is a re-use, we send back the
@@ -951,320 +934,292 @@ int dtls1_send_server_hello(SSL *s)
951 * 12-Jan-98 - I'll now support the '0' length stuff. 934 * 12-Jan-98 - I'll now support the '0' length stuff.
952 */ 935 */
953 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) 936 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
954 s->session->session_id_length=0; 937 s->session->session_id_length = 0;
955 938
956 sl=s->session->session_id_length; 939 sl = s->session->session_id_length;
957 if (sl > sizeof s->session->session_id) 940 if (sl > sizeof s->session->session_id) {
958 {
959 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); 941 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
960 return -1; 942 return -1;
961 } 943 }
962 *(p++)=sl; 944 *(p++) = sl;
963 memcpy(p,s->session->session_id,sl); 945 memcpy(p, s->session->session_id, sl);
964 p+=sl; 946 p += sl;
965 947
966 /* put the cipher */ 948 /* put the cipher */
967 if (s->s3->tmp.new_cipher == NULL) 949 if (s->s3->tmp.new_cipher == NULL)
968 return -1; 950 return -1;
969 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); 951 i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
970 p+=i; 952 p += i;
971 953
972 /* put the compression method */ 954 /* put the compression method */
973#ifdef OPENSSL_NO_COMP 955#ifdef OPENSSL_NO_COMP
974 *(p++)=0; 956 *(p++) = 0;
975#else 957#else
976 if (s->s3->tmp.new_compression == NULL) 958 if (s->s3->tmp.new_compression == NULL)
977 *(p++)=0; 959 *(p++) = 0;
978 else 960 else
979 *(p++)=s->s3->tmp.new_compression->id; 961 *(p++) = s->s3->tmp.new_compression->id;
980#endif 962#endif
981 963
982#ifndef OPENSSL_NO_TLSEXT 964#ifndef OPENSSL_NO_TLSEXT
983 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 965 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
984 { 966 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
985 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
986 return -1; 967 return -1;
987 } 968 }
988#endif 969#endif
989 970
990 /* do the header */ 971 /* do the header */
991 l=(p-d); 972 l = (p - d);
992 d=buf; 973 d = buf;
993 974
994 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); 975 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
995 976
996 s->state=SSL3_ST_SW_SRVR_HELLO_B; 977 s->state = SSL3_ST_SW_SRVR_HELLO_B;
997 /* number of bytes to write */ 978 /* number of bytes to write */
998 s->init_num=p-buf; 979 s->init_num = p - buf;
999 s->init_off=0; 980 s->init_off = 0;
1000 981
1001 /* buffer the message to handle re-xmits */ 982 /* buffer the message to handle re-xmits */
1002 dtls1_buffer_message(s, 0); 983 dtls1_buffer_message(s, 0);
1003 } 984 }
1004 985
1005 /* SSL3_ST_SW_SRVR_HELLO_B */ 986 /* SSL3_ST_SW_SRVR_HELLO_B */
1006 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 987 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1007 } 988}
1008 989
1009int dtls1_send_server_done(SSL *s) 990int
1010 { 991dtls1_send_server_done(SSL *s)
992{
1011 unsigned char *p; 993 unsigned char *p;
1012 994
1013 if (s->state == SSL3_ST_SW_SRVR_DONE_A) 995 if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
1014 { 996 p = (unsigned char *)s->init_buf->data;
1015 p=(unsigned char *)s->init_buf->data;
1016 997
1017 /* do the header */ 998 /* do the header */
1018 p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0); 999 p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
1019 1000
1020 s->state=SSL3_ST_SW_SRVR_DONE_B; 1001 s->state = SSL3_ST_SW_SRVR_DONE_B;
1021 /* number of bytes to write */ 1002 /* number of bytes to write */
1022 s->init_num=DTLS1_HM_HEADER_LENGTH; 1003 s->init_num = DTLS1_HM_HEADER_LENGTH;
1023 s->init_off=0; 1004 s->init_off = 0;
1024 1005
1025 /* buffer the message to handle re-xmits */ 1006 /* buffer the message to handle re-xmits */
1026 dtls1_buffer_message(s, 0); 1007 dtls1_buffer_message(s, 0);
1027 } 1008 }
1028 1009
1029 /* SSL3_ST_SW_SRVR_DONE_B */ 1010 /* SSL3_ST_SW_SRVR_DONE_B */
1030 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1011 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1031 } 1012}
1032 1013
1033int dtls1_send_server_key_exchange(SSL *s) 1014int
1034 { 1015dtls1_send_server_key_exchange(SSL *s)
1016{
1035#ifndef OPENSSL_NO_RSA 1017#ifndef OPENSSL_NO_RSA
1036 unsigned char *q; 1018 unsigned char *q;
1037 int j,num; 1019 int j, num;
1038 RSA *rsa; 1020 RSA *rsa;
1039 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 1021 unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1040 unsigned int u; 1022 unsigned int u;
1041#endif 1023#endif
1042#ifndef OPENSSL_NO_DH 1024#ifndef OPENSSL_NO_DH
1043 DH *dh=NULL,*dhp; 1025 DH *dh = NULL, *dhp;
1044#endif 1026#endif
1045#ifndef OPENSSL_NO_ECDH 1027#ifndef OPENSSL_NO_ECDH
1046 EC_KEY *ecdh=NULL, *ecdhp; 1028 EC_KEY *ecdh = NULL, *ecdhp;
1047 unsigned char *encodedPoint = NULL; 1029 unsigned char *encodedPoint = NULL;
1048 int encodedlen = 0; 1030 int encodedlen = 0;
1049 int curve_id = 0; 1031 int curve_id = 0;
1050 BN_CTX *bn_ctx = NULL; 1032 BN_CTX *bn_ctx = NULL;
1033
1051#endif 1034#endif
1052 EVP_PKEY *pkey; 1035 EVP_PKEY *pkey;
1053 unsigned char *p,*d; 1036 unsigned char *p, *d;
1054 int al,i; 1037 int al, i;
1055 unsigned long type; 1038 unsigned long type;
1056 int n; 1039 int n;
1057 CERT *cert; 1040 CERT *cert;
1058 BIGNUM *r[4]; 1041 BIGNUM *r[4];
1059 int nr[4],kn; 1042 int nr[4], kn;
1060 BUF_MEM *buf; 1043 BUF_MEM *buf;
1061 EVP_MD_CTX md_ctx; 1044 EVP_MD_CTX md_ctx;
1062 1045
1063 EVP_MD_CTX_init(&md_ctx); 1046 EVP_MD_CTX_init(&md_ctx);
1064 if (s->state == SSL3_ST_SW_KEY_EXCH_A) 1047 if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
1065 { 1048 type = s->s3->tmp.new_cipher->algorithm_mkey;
1066 type=s->s3->tmp.new_cipher->algorithm_mkey; 1049 cert = s->cert;
1067 cert=s->cert;
1068 1050
1069 buf=s->init_buf; 1051 buf = s->init_buf;
1070 1052
1071 r[0]=r[1]=r[2]=r[3]=NULL; 1053 r[0] = r[1] = r[2] = r[3] = NULL;
1072 n=0; 1054 n = 0;
1073#ifndef OPENSSL_NO_RSA 1055#ifndef OPENSSL_NO_RSA
1074 if (type & SSL_kRSA) 1056 if (type & SSL_kRSA) {
1075 { 1057 rsa = cert->rsa_tmp;
1076 rsa=cert->rsa_tmp; 1058 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
1077 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) 1059 rsa = s->cert->rsa_tmp_cb(s,
1078 { 1060 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1079 rsa=s->cert->rsa_tmp_cb(s, 1061 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1080 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), 1062 if (rsa == NULL) {
1081 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); 1063 al = SSL_AD_HANDSHAKE_FAILURE;
1082 if(rsa == NULL) 1064 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1083 {
1084 al=SSL_AD_HANDSHAKE_FAILURE;
1085 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1086 goto f_err; 1065 goto f_err;
1087 } 1066 }
1088 RSA_up_ref(rsa); 1067 RSA_up_ref(rsa);
1089 cert->rsa_tmp=rsa; 1068 cert->rsa_tmp = rsa;
1090 } 1069 }
1091 if (rsa == NULL) 1070 if (rsa == NULL) {
1092 { 1071 al = SSL_AD_HANDSHAKE_FAILURE;
1093 al=SSL_AD_HANDSHAKE_FAILURE; 1072 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_RSA_KEY);
1094 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
1095 goto f_err; 1073 goto f_err;
1096 }
1097 r[0]=rsa->n;
1098 r[1]=rsa->e;
1099 s->s3->tmp.use_rsa_tmp=1;
1100 } 1074 }
1101 else 1075 r[0] = rsa->n;
1076 r[1] = rsa->e;
1077 s->s3->tmp.use_rsa_tmp = 1;
1078 } else
1102#endif 1079#endif
1103#ifndef OPENSSL_NO_DH 1080#ifndef OPENSSL_NO_DH
1104 if (type & SSL_kEDH) 1081 if (type & SSL_kEDH) {
1105 { 1082 dhp = cert->dh_tmp;
1106 dhp=cert->dh_tmp;
1107 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1083 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1108 dhp=s->cert->dh_tmp_cb(s, 1084 dhp = s->cert->dh_tmp_cb(s,
1109 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), 1085 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1110 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); 1086 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1111 if (dhp == NULL) 1087 if (dhp == NULL) {
1112 { 1088 al = SSL_AD_HANDSHAKE_FAILURE;
1113 al=SSL_AD_HANDSHAKE_FAILURE; 1089 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY);
1114 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
1115 goto f_err; 1090 goto f_err;
1116 } 1091 }
1117 1092
1118 if (s->s3->tmp.dh != NULL) 1093 if (s->s3->tmp.dh != NULL) {
1119 {
1120 DH_free(dh); 1094 DH_free(dh);
1121 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1095 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1122 goto err; 1096 goto err;
1123 } 1097 }
1124 1098
1125 if ((dh=DHparams_dup(dhp)) == NULL) 1099 if ((dh = DHparams_dup(dhp)) == NULL) {
1126 { 1100 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
1127 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1128 goto err; 1101 goto err;
1129 } 1102 }
1130 1103
1131 s->s3->tmp.dh=dh; 1104 s->s3->tmp.dh = dh;
1132 if ((dhp->pub_key == NULL || 1105 if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
1133 dhp->priv_key == NULL || 1106 (s->options & SSL_OP_SINGLE_DH_USE))) {
1134 (s->options & SSL_OP_SINGLE_DH_USE))) 1107 if (!DH_generate_key(dh)) {
1135 { 1108 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
1136 if(!DH_generate_key(dh)) 1109 ERR_R_DH_LIB);
1137 { 1110 goto err;
1138 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
1139 ERR_R_DH_LIB);
1140 goto err;
1141 }
1142 } 1111 }
1143 else 1112 } else {
1144 { 1113 dh->pub_key = BN_dup(dhp->pub_key);
1145 dh->pub_key=BN_dup(dhp->pub_key); 1114 dh->priv_key = BN_dup(dhp->priv_key);
1146 dh->priv_key=BN_dup(dhp->priv_key);
1147 if ((dh->pub_key == NULL) || 1115 if ((dh->pub_key == NULL) ||
1148 (dh->priv_key == NULL)) 1116 (dh->priv_key == NULL)) {
1149 { 1117 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
1150 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1151 goto err; 1118 goto err;
1152 }
1153 } 1119 }
1154 r[0]=dh->p;
1155 r[1]=dh->g;
1156 r[2]=dh->pub_key;
1157 } 1120 }
1158 else 1121 r[0] = dh->p;
1122 r[1] = dh->g;
1123 r[2] = dh->pub_key;
1124 } else
1159#endif 1125#endif
1160#ifndef OPENSSL_NO_ECDH 1126#ifndef OPENSSL_NO_ECDH
1161 if (type & SSL_kEECDH) 1127 if (type & SSL_kEECDH) {
1162 {
1163 const EC_GROUP *group; 1128 const EC_GROUP *group;
1164 1129
1165 ecdhp=cert->ecdh_tmp; 1130 ecdhp = cert->ecdh_tmp;
1166 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) 1131 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) {
1167 { 1132 ecdhp = s->cert->ecdh_tmp_cb(s,
1168 ecdhp=s->cert->ecdh_tmp_cb(s, 1133 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1169 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), 1134 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1170 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); 1135 }
1171 } 1136 if (ecdhp == NULL) {
1172 if (ecdhp == NULL) 1137 al = SSL_AD_HANDSHAKE_FAILURE;
1173 { 1138 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY);
1174 al=SSL_AD_HANDSHAKE_FAILURE;
1175 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1176 goto f_err; 1139 goto f_err;
1177 } 1140 }
1141
1142 if (s->s3->tmp.ecdh != NULL) {
1143 EC_KEY_free(s->s3->tmp.ecdh);
1178 1144
1179 if (s->s3->tmp.ecdh != NULL)
1180 {
1181 EC_KEY_free(s->s3->tmp.ecdh);
1182 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1145 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1183 goto err; 1146 goto err;
1184 } 1147 }
1185 1148
1186 /* Duplicate the ECDH structure. */ 1149 /* Duplicate the ECDH structure. */
1187 if (ecdhp == NULL) 1150 if (ecdhp == NULL) {
1188 { 1151 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1189 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1190 goto err; 1152 goto err;
1191 } 1153 }
1192 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) 1154 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
1193 { 1155 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1194 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1195 goto err; 1156 goto err;
1196 } 1157 }
1197 1158
1198 s->s3->tmp.ecdh=ecdh; 1159 s->s3->tmp.ecdh = ecdh;
1199 if ((EC_KEY_get0_public_key(ecdh) == NULL) || 1160 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1200 (EC_KEY_get0_private_key(ecdh) == NULL) || 1161 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1201 (s->options & SSL_OP_SINGLE_ECDH_USE)) 1162 (s->options & SSL_OP_SINGLE_ECDH_USE)) {
1202 { 1163 if (!EC_KEY_generate_key(ecdh)) {
1203 if(!EC_KEY_generate_key(ecdh)) 1164 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1204 { 1165 goto err;
1205 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1206 goto err;
1207 }
1208 } 1166 }
1167 }
1209 1168
1210 if (((group = EC_KEY_get0_group(ecdh)) == NULL) || 1169 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1211 (EC_KEY_get0_public_key(ecdh) == NULL) || 1170 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1212 (EC_KEY_get0_private_key(ecdh) == NULL)) 1171 (EC_KEY_get0_private_key(ecdh) == NULL)) {
1213 { 1172 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1214 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1215 goto err; 1173 goto err;
1216 } 1174 }
1217 1175
1218 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 1176 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1219 (EC_GROUP_get_degree(group) > 163)) 1177 (EC_GROUP_get_degree(group) > 163)) {
1220 { 1178 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1221 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1222 goto err; 1179 goto err;
1223 } 1180 }
1224 1181
1225 /* XXX: For now, we only support ephemeral ECDH 1182 /* XXX: For now, we only support ephemeral ECDH
1226 * keys over named (not generic) curves. For 1183 * keys over named (not generic) curves. For
1227 * supported named curves, curve_id is non-zero. 1184 * supported named curves, curve_id is non-zero.
1228 */ 1185 */
1229 if ((curve_id = 1186 if ((curve_id = tls1_ec_nid2curve_id(
1230 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group))) 1187 EC_GROUP_get_curve_name(group))) == 0) {
1231 == 0) 1188 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1232 {
1233 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1234 goto err; 1189 goto err;
1235 } 1190 }
1236 1191
1237 /* Encode the public key. 1192 /* Encode the public key.
1238 * First check the size of encoding and 1193 * First check the size of encoding and
1239 * allocate memory accordingly. 1194 * allocate memory accordingly.
1240 */ 1195 */
1241 encodedlen = EC_POINT_point2oct(group, 1196 encodedlen = EC_POINT_point2oct(group,
1242 EC_KEY_get0_public_key(ecdh), 1197 EC_KEY_get0_public_key(ecdh),
1243 POINT_CONVERSION_UNCOMPRESSED, 1198 POINT_CONVERSION_UNCOMPRESSED,
1244 NULL, 0, NULL); 1199 NULL, 0, NULL);
1200
1201 encodedPoint = (unsigned char *)
1202 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1245 1203
1246 encodedPoint = (unsigned char *)
1247 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1248 bn_ctx = BN_CTX_new(); 1204 bn_ctx = BN_CTX_new();
1249 if ((encodedPoint == NULL) || (bn_ctx == NULL)) 1205 if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
1250 { 1206 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1251 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1252 goto err; 1207 goto err;
1253 } 1208 }
1254 1209
1255 1210
1256 encodedlen = EC_POINT_point2oct(group, 1211 encodedlen = EC_POINT_point2oct(group,
1257 EC_KEY_get0_public_key(ecdh), 1212 EC_KEY_get0_public_key(ecdh),
1258 POINT_CONVERSION_UNCOMPRESSED, 1213 POINT_CONVERSION_UNCOMPRESSED,
1259 encodedPoint, encodedlen, bn_ctx); 1214 encodedPoint, encodedlen, bn_ctx);
1260 1215
1261 if (encodedlen == 0) 1216 if (encodedlen == 0) {
1262 { 1217 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1263 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1264 goto err; 1218 goto err;
1265 } 1219 }
1266 1220
1267 BN_CTX_free(bn_ctx); bn_ctx=NULL; 1221 BN_CTX_free(bn_ctx);
1222 bn_ctx = NULL;
1268 1223
1269 /* XXX: For now, we only support named (not 1224 /* XXX: For now, we only support named (not
1270 * generic) curves in ECDH ephemeral key exchanges. 1225 * generic) curves in ECDH ephemeral key exchanges.
@@ -1277,67 +1232,56 @@ int dtls1_send_server_key_exchange(SSL *s)
1277 /* We'll generate the serverKeyExchange message 1232 /* We'll generate the serverKeyExchange message
1278 * explicitly so we can set these to NULLs 1233 * explicitly so we can set these to NULLs
1279 */ 1234 */
1280 r[0]=NULL; 1235 r[0] = NULL;
1281 r[1]=NULL; 1236 r[1] = NULL;
1282 r[2]=NULL; 1237 r[2] = NULL;
1283 r[3]=NULL; 1238 r[3] = NULL;
1284 } 1239 } else
1285 else
1286#endif /* !OPENSSL_NO_ECDH */ 1240#endif /* !OPENSSL_NO_ECDH */
1287#ifndef OPENSSL_NO_PSK 1241#ifndef OPENSSL_NO_PSK
1288 if (type & SSL_kPSK) 1242 if (type & SSL_kPSK) {
1289 { 1243 /* reserve size for record length and PSK identity hint*/
1290 /* reserve size for record length and PSK identity hint*/ 1244 n += 2 + strlen(s->ctx->psk_identity_hint);
1291 n+=2+strlen(s->ctx->psk_identity_hint); 1245 } else
1292 }
1293 else
1294#endif /* !OPENSSL_NO_PSK */ 1246#endif /* !OPENSSL_NO_PSK */
1295 { 1247 {
1296 al=SSL_AD_HANDSHAKE_FAILURE; 1248 al = SSL_AD_HANDSHAKE_FAILURE;
1297 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1249 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1298 goto f_err; 1250 goto f_err;
1299 } 1251 }
1300 for (i=0; r[i] != NULL; i++) 1252 for (i = 0; r[i] != NULL; i++) {
1301 { 1253 nr[i] = BN_num_bytes(r[i]);
1302 nr[i]=BN_num_bytes(r[i]); 1254 n += 2 + nr[i];
1303 n+=2+nr[i]; 1255 }
1304 }
1305 1256
1306 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) 1257 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1307 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 1258 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
1308 { 1259 if ((pkey = ssl_get_sign_pkey(s,
1309 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL)) 1260 s->s3->tmp.new_cipher, NULL)) == NULL) {
1310 == NULL) 1261 al = SSL_AD_DECODE_ERROR;
1311 {
1312 al=SSL_AD_DECODE_ERROR;
1313 goto f_err; 1262 goto f_err;
1314 }
1315 kn=EVP_PKEY_size(pkey);
1316 }
1317 else
1318 {
1319 pkey=NULL;
1320 kn=0;
1321 } 1263 }
1264 kn = EVP_PKEY_size(pkey);
1265 } else {
1266 pkey = NULL;
1267 kn = 0;
1268 }
1322 1269
1323 if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn)) 1270 if (!BUF_MEM_grow_clean(buf, n + DTLS1_HM_HEADER_LENGTH + kn)) {
1324 { 1271 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
1325 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1326 goto err; 1272 goto err;
1327 } 1273 }
1328 d=(unsigned char *)s->init_buf->data; 1274 d = (unsigned char *)s->init_buf->data;
1329 p= &(d[DTLS1_HM_HEADER_LENGTH]); 1275 p = &(d[DTLS1_HM_HEADER_LENGTH]);
1330 1276
1331 for (i=0; r[i] != NULL; i++) 1277 for (i = 0; r[i] != NULL; i++) {
1332 { 1278 s2n(nr[i], p);
1333 s2n(nr[i],p); 1279 BN_bn2bin(r[i], p);
1334 BN_bn2bin(r[i],p); 1280 p += nr[i];
1335 p+=nr[i]; 1281 }
1336 }
1337 1282
1338#ifndef OPENSSL_NO_ECDH 1283#ifndef OPENSSL_NO_ECDH
1339 if (type & SSL_kEECDH) 1284 if (type & SSL_kEECDH) {
1340 {
1341 /* XXX: For now, we only support named (not generic) curves. 1285 /* XXX: For now, we only support named (not generic) curves.
1342 * In this situation, the serverKeyExchange message has: 1286 * In this situation, the serverKeyExchange message has:
1343 * [1 byte CurveType], [2 byte CurveName] 1287 * [1 byte CurveType], [2 byte CurveName]
@@ -1352,268 +1296,257 @@ int dtls1_send_server_key_exchange(SSL *s)
1352 p += 1; 1296 p += 1;
1353 *p = encodedlen; 1297 *p = encodedlen;
1354 p += 1; 1298 p += 1;
1355 memcpy((unsigned char*)p, 1299 memcpy((unsigned char*)p,
1356 (unsigned char *)encodedPoint, 1300 (unsigned char *)encodedPoint,
1357 encodedlen); 1301 encodedlen);
1358 OPENSSL_free(encodedPoint); 1302 OPENSSL_free(encodedPoint);
1359 p += encodedlen; 1303 p += encodedlen;
1360 } 1304 }
1361#endif 1305#endif
1362 1306
1363#ifndef OPENSSL_NO_PSK 1307#ifndef OPENSSL_NO_PSK
1364 if (type & SSL_kPSK) 1308 if (type & SSL_kPSK) {
1365 {
1366 /* copy PSK identity hint */ 1309 /* copy PSK identity hint */
1367 s2n(strlen(s->ctx->psk_identity_hint), p); 1310 s2n(strlen(s->ctx->psk_identity_hint), p);
1311
1368 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint)); 1312 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1369 p+=strlen(s->ctx->psk_identity_hint); 1313 p += strlen(s->ctx->psk_identity_hint);
1370 } 1314 }
1371#endif 1315#endif
1372 1316
1373 /* not anonymous */ 1317 /* not anonymous */
1374 if (pkey != NULL) 1318 if (pkey != NULL) {
1375 {
1376 /* n is the length of the params, they start at 1319 /* n is the length of the params, they start at
1377 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space 1320 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
1378 * at the end. */ 1321 * at the end. */
1379#ifndef OPENSSL_NO_RSA 1322#ifndef OPENSSL_NO_RSA
1380 if (pkey->type == EVP_PKEY_RSA) 1323 if (pkey->type == EVP_PKEY_RSA) {
1381 { 1324 q = md_buf;
1382 q=md_buf; 1325 j = 0;
1383 j=0; 1326 for (num = 2; num > 0; num--) {
1384 for (num=2; num > 0; num--) 1327 EVP_DigestInit_ex(&md_ctx, (num == 2)
1385 { 1328 ? s->ctx->md5 : s->ctx->sha1, NULL);
1386 EVP_DigestInit_ex(&md_ctx,(num == 2) 1329 EVP_DigestUpdate(&md_ctx,
1387 ?s->ctx->md5:s->ctx->sha1, NULL); 1330 &(s->s3->client_random[0]),
1388 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1331 SSL3_RANDOM_SIZE);
1389 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1332 EVP_DigestUpdate(&md_ctx,
1390 EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); 1333 &(s->s3->server_random[0]),
1391 EVP_DigestFinal_ex(&md_ctx,q, 1334 SSL3_RANDOM_SIZE);
1392 (unsigned int *)&i); 1335 EVP_DigestUpdate(&md_ctx,
1393 q+=i; 1336 &(d[DTLS1_HM_HEADER_LENGTH]), n);
1394 j+=i; 1337 EVP_DigestFinal_ex(&md_ctx, q,
1395 } 1338 (unsigned int *)&i);
1396 if (RSA_sign(NID_md5_sha1, md_buf, j, 1339 q += i;
1397 &(p[2]), &u, pkey->pkey.rsa) <= 0) 1340 j += i;
1398 { 1341 }
1399 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); 1342 if (RSA_sign(NID_md5_sha1, md_buf, j, &(p[2]),
1343 &u, pkey->pkey.rsa) <= 0) {
1344 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
1400 goto err; 1345 goto err;
1401 }
1402 s2n(u,p);
1403 n+=u+2;
1404 } 1346 }
1405 else 1347 s2n(u, p);
1348 n += u + 2;
1349 } else
1406#endif 1350#endif
1407#if !defined(OPENSSL_NO_DSA) 1351#if !defined(OPENSSL_NO_DSA)
1408 if (pkey->type == EVP_PKEY_DSA) 1352 if (pkey->type == EVP_PKEY_DSA) {
1409 {
1410 /* lets do DSS */ 1353 /* lets do DSS */
1411 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); 1354 EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
1412 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1355 EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1413 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1356 EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1414 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); 1357 EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
1415 if (!EVP_SignFinal(&md_ctx,&(p[2]), 1358 if (!EVP_SignFinal(&md_ctx, &(p[2]),
1416 (unsigned int *)&i,pkey)) 1359 (unsigned int *)&i, pkey)) {
1417 { 1360 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA);
1418 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
1419 goto err; 1361 goto err;
1420 }
1421 s2n(i,p);
1422 n+=i+2;
1423 } 1362 }
1424 else 1363 s2n(i, p);
1364 n += i + 2;
1365 } else
1425#endif 1366#endif
1426#if !defined(OPENSSL_NO_ECDSA) 1367#if !defined(OPENSSL_NO_ECDSA)
1427 if (pkey->type == EVP_PKEY_EC) 1368 if (pkey->type == EVP_PKEY_EC) {
1428 {
1429 /* let's do ECDSA */ 1369 /* let's do ECDSA */
1430 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); 1370 EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL);
1431 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1371 EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1432 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1372 EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1433 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); 1373 EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
1434 if (!EVP_SignFinal(&md_ctx,&(p[2]), 1374 if (!EVP_SignFinal(&md_ctx, &(p[2]),
1435 (unsigned int *)&i,pkey)) 1375 (unsigned int *)&i, pkey)) {
1436 { 1376 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_ECDSA);
1437 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
1438 goto err; 1377 goto err;
1439 }
1440 s2n(i,p);
1441 n+=i+2;
1442 } 1378 }
1443 else 1379 s2n(i, p);
1380 n += i + 2;
1381 } else
1444#endif 1382#endif
1445 { 1383 {
1446 /* Is this error check actually needed? */ 1384 /* Is this error check actually needed? */
1447 al=SSL_AD_HANDSHAKE_FAILURE; 1385 al = SSL_AD_HANDSHAKE_FAILURE;
1448 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE); 1386 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_PKEY_TYPE);
1449 goto f_err; 1387 goto f_err;
1450 }
1451 } 1388 }
1389 }
1452 1390
1453 d = dtls1_set_message_header(s, d, 1391 d = dtls1_set_message_header(s, d,
1454 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n); 1392 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
1455 1393
1456 /* we should now have things packed up, so lets send 1394 /* we should now have things packed up, so lets send
1457 * it off */ 1395 * it off */
1458 s->init_num=n+DTLS1_HM_HEADER_LENGTH; 1396 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1459 s->init_off=0; 1397 s->init_off = 0;
1460 1398
1461 /* buffer the message to handle re-xmits */ 1399 /* buffer the message to handle re-xmits */
1462 dtls1_buffer_message(s, 0); 1400 dtls1_buffer_message(s, 0);
1463 } 1401 }
1464 1402
1465 s->state = SSL3_ST_SW_KEY_EXCH_B; 1403 s->state = SSL3_ST_SW_KEY_EXCH_B;
1466 EVP_MD_CTX_cleanup(&md_ctx); 1404 EVP_MD_CTX_cleanup(&md_ctx);
1467 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1405 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1468f_err: 1406f_err:
1469 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1407 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1470err: 1408err:
1471#ifndef OPENSSL_NO_ECDH 1409#ifndef OPENSSL_NO_ECDH
1472 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 1410 if (encodedPoint != NULL)
1411 OPENSSL_free(encodedPoint);
1473 BN_CTX_free(bn_ctx); 1412 BN_CTX_free(bn_ctx);
1474#endif 1413#endif
1475 EVP_MD_CTX_cleanup(&md_ctx); 1414 EVP_MD_CTX_cleanup(&md_ctx);
1476 return(-1); 1415 return (-1);
1477 } 1416}
1478 1417
1479int dtls1_send_certificate_request(SSL *s) 1418int
1480 { 1419dtls1_send_certificate_request(SSL *s)
1481 unsigned char *p,*d; 1420{
1482 int i,j,nl,off,n; 1421 unsigned char *p, *d;
1483 STACK_OF(X509_NAME) *sk=NULL; 1422 int i, j, nl, off, n;
1423 STACK_OF(X509_NAME) *sk = NULL;
1484 X509_NAME *name; 1424 X509_NAME *name;
1485 BUF_MEM *buf; 1425 BUF_MEM *buf;
1486 unsigned int msg_len; 1426 unsigned int msg_len;
1487 1427
1488 if (s->state == SSL3_ST_SW_CERT_REQ_A) 1428 if (s->state == SSL3_ST_SW_CERT_REQ_A) {
1489 { 1429 buf = s->init_buf;
1490 buf=s->init_buf;
1491 1430
1492 d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); 1431 d = p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1493 1432
1494 /* get the list of acceptable cert types */ 1433 /* get the list of acceptable cert types */
1495 p++; 1434 p++;
1496 n=ssl3_get_req_cert_type(s,p); 1435 n = ssl3_get_req_cert_type(s, p);
1497 d[0]=n; 1436 d[0] = n;
1498 p+=n; 1437 p += n;
1499 n++; 1438 n++;
1500 1439
1501 off=n; 1440 off = n;
1502 p+=2; 1441 p += 2;
1503 n+=2; 1442 n += 2;
1504 1443
1505 sk=SSL_get_client_CA_list(s); 1444 sk = SSL_get_client_CA_list(s);
1506 nl=0; 1445 nl = 0;
1507 if (sk != NULL) 1446 if (sk != NULL) {
1508 { 1447 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
1509 for (i=0; i<sk_X509_NAME_num(sk); i++) 1448 name = sk_X509_NAME_value(sk, i);
1510 { 1449 j = i2d_X509_NAME(name, NULL);
1511 name=sk_X509_NAME_value(sk,i); 1450 if (!BUF_MEM_grow_clean(buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
1512 j=i2d_X509_NAME(name,NULL); 1451 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
1513 if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
1514 {
1515 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1516 goto err; 1452 goto err;
1517 } 1453 }
1518 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]); 1454 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
1519 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) 1455 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
1520 { 1456 s2n(j, p);
1521 s2n(j,p); 1457 i2d_X509_NAME(name, &p);
1522 i2d_X509_NAME(name,&p); 1458 n += 2 + j;
1523 n+=2+j; 1459 nl += 2 + j;
1524 nl+=2+j; 1460 } else {
1525 } 1461 d = p;
1526 else 1462 i2d_X509_NAME(name, &p);
1527 { 1463 j -= 2;
1528 d=p; 1464 s2n(j, d);
1529 i2d_X509_NAME(name,&p); 1465 j += 2;
1530 j-=2; s2n(j,d); j+=2; 1466 n += j;
1531 n+=j; 1467 nl += j;
1532 nl+=j;
1533 }
1534 } 1468 }
1535 } 1469 }
1470 }
1536 /* else no CA names */ 1471 /* else no CA names */
1537 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]); 1472 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
1538 s2n(nl,p); 1473 s2n(nl, p);
1539 1474
1540 d=(unsigned char *)buf->data; 1475 d = (unsigned char *)buf->data;
1541 *(d++)=SSL3_MT_CERTIFICATE_REQUEST; 1476 *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
1542 l2n3(n,d); 1477 l2n3(n, d);
1543 s2n(s->d1->handshake_write_seq,d); 1478 s2n(s->d1->handshake_write_seq, d);
1544 s->d1->handshake_write_seq++; 1479 s->d1->handshake_write_seq++;
1545 1480
1546 /* we should now have things packed up, so lets send 1481 /* we should now have things packed up, so lets send
1547 * it off */ 1482 * it off */
1548 1483
1549 s->init_num=n+DTLS1_HM_HEADER_LENGTH; 1484 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1550 s->init_off=0; 1485 s->init_off = 0;
1551#ifdef NETSCAPE_HANG_BUG 1486#ifdef NETSCAPE_HANG_BUG
1552/* XXX: what to do about this? */ 1487/* XXX: what to do about this? */
1553 p=(unsigned char *)s->init_buf->data + s->init_num; 1488 p = (unsigned char *)s->init_buf->data + s->init_num;
1554 1489
1555 /* do the header */ 1490 /* do the header */
1556 *(p++)=SSL3_MT_SERVER_DONE; 1491 *(p++) = SSL3_MT_SERVER_DONE;
1557 *(p++)=0; 1492 *(p++) = 0;
1558 *(p++)=0; 1493 *(p++) = 0;
1559 *(p++)=0; 1494 *(p++) = 0;
1560 s->init_num += 4; 1495 s->init_num += 4;
1561#endif 1496#endif
1562 1497
1563 /* XDTLS: set message header ? */ 1498 /* XDTLS: set message header ? */
1564 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; 1499 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1565 dtls1_set_message_header(s, (void *)s->init_buf->data, 1500 dtls1_set_message_header(s, (void *)s->init_buf->data,
1566 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); 1501 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
1567 1502
1568 /* buffer the message to handle re-xmits */ 1503 /* buffer the message to handle re-xmits */
1569 dtls1_buffer_message(s, 0); 1504 dtls1_buffer_message(s, 0);
1570 1505
1571 s->state = SSL3_ST_SW_CERT_REQ_B; 1506 s->state = SSL3_ST_SW_CERT_REQ_B;
1572 } 1507 }
1573 1508
1574 /* SSL3_ST_SW_CERT_REQ_B */ 1509 /* SSL3_ST_SW_CERT_REQ_B */
1575 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1510 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1576err: 1511err:
1577 return(-1); 1512 return (-1);
1578 } 1513}
1579 1514
1580int dtls1_send_server_certificate(SSL *s) 1515int
1581 { 1516dtls1_send_server_certificate(SSL *s)
1517{
1582 unsigned long l; 1518 unsigned long l;
1583 X509 *x; 1519 X509 *x;
1584 1520
1585 if (s->state == SSL3_ST_SW_CERT_A) 1521 if (s->state == SSL3_ST_SW_CERT_A) {
1586 { 1522 x = ssl_get_server_send_cert(s);
1587 x=ssl_get_server_send_cert(s); 1523 if (x == NULL) {
1588 if (x == NULL)
1589 {
1590 /* VRS: allow null cert if auth == KRB5 */ 1524 /* VRS: allow null cert if auth == KRB5 */
1591 if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) || 1525 if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
1592 (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) 1526 (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) {
1593 { 1527 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
1594 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); 1528 return (0);
1595 return(0);
1596 }
1597 } 1529 }
1530 }
1598 1531
1599 l=dtls1_output_cert_chain(s,x); 1532 l = dtls1_output_cert_chain(s, x);
1600 s->state=SSL3_ST_SW_CERT_B; 1533 s->state = SSL3_ST_SW_CERT_B;
1601 s->init_num=(int)l; 1534 s->init_num = (int)l;
1602 s->init_off=0; 1535 s->init_off = 0;
1603 1536
1604 /* buffer the message to handle re-xmits */ 1537 /* buffer the message to handle re-xmits */
1605 dtls1_buffer_message(s, 0); 1538 dtls1_buffer_message(s, 0);
1606 } 1539 }
1607 1540
1608 /* SSL3_ST_SW_CERT_B */ 1541 /* SSL3_ST_SW_CERT_B */
1609 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1542 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1610 } 1543}
1611 1544
1612#ifndef OPENSSL_NO_TLSEXT 1545#ifndef OPENSSL_NO_TLSEXT
1613int dtls1_send_newsession_ticket(SSL *s) 1546int
1614 { 1547dtls1_send_newsession_ticket(SSL *s)
1615 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) 1548{
1616 { 1549 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
1617 unsigned char *p, *senc, *macstart; 1550 unsigned char *p, *senc, *macstart;
1618 int len, slen; 1551 int len, slen;
1619 unsigned int hlen, msg_len; 1552 unsigned int hlen, msg_len;
@@ -1638,8 +1571,8 @@ int dtls1_send_newsession_ticket(SSL *s)
1638 * length) + max_md_size (HMAC). 1571 * length) + max_md_size (HMAC).
1639 */ 1572 */
1640 if (!BUF_MEM_grow(s->init_buf, 1573 if (!BUF_MEM_grow(s->init_buf,
1641 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH + 1574 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
1642 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) 1575 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
1643 return -1; 1576 return -1;
1644 senc = OPENSSL_malloc(slen); 1577 senc = OPENSSL_malloc(slen);
1645 if (!senc) 1578 if (!senc)
@@ -1647,31 +1580,27 @@ int dtls1_send_newsession_ticket(SSL *s)
1647 p = senc; 1580 p = senc;
1648 i2d_SSL_SESSION(s->session, &p); 1581 i2d_SSL_SESSION(s->session, &p);
1649 1582
1650 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); 1583 p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
1651 EVP_CIPHER_CTX_init(&ctx); 1584 EVP_CIPHER_CTX_init(&ctx);
1652 HMAC_CTX_init(&hctx); 1585 HMAC_CTX_init(&hctx);
1653 /* Initialize HMAC and cipher contexts. If callback present 1586 /* Initialize HMAC and cipher contexts. If callback present
1654 * it does all the work otherwise use generated values 1587 * it does all the work otherwise use generated values
1655 * from parent ctx. 1588 * from parent ctx.
1656 */ 1589 */
1657 if (tctx->tlsext_ticket_key_cb) 1590 if (tctx->tlsext_ticket_key_cb) {
1658 {
1659 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, 1591 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
1660 &hctx, 1) < 0) 1592 &hctx, 1) < 0) {
1661 {
1662 OPENSSL_free(senc); 1593 OPENSSL_free(senc);
1663 return -1; 1594 return -1;
1664 }
1665 } 1595 }
1666 else 1596 } else {
1667 {
1668 RAND_pseudo_bytes(iv, 16); 1597 RAND_pseudo_bytes(iv, 16);
1669 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 1598 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
1670 tctx->tlsext_tick_aes_key, iv); 1599 tctx->tlsext_tick_aes_key, iv);
1671 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, 1600 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
1672 tlsext_tick_md(), NULL); 1601 tlsext_tick_md(), NULL);
1673 memcpy(key_name, tctx->tlsext_tick_key_name, 16); 1602 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
1674 } 1603 }
1675 l2n(s->session->tlsext_tick_lifetime_hint, p); 1604 l2n(s->session->tlsext_tick_lifetime_hint, p);
1676 /* Skip ticket length for now */ 1605 /* Skip ticket length for now */
1677 p += 2; 1606 p += 2;
@@ -1698,25 +1627,25 @@ int dtls1_send_newsession_ticket(SSL *s)
1698 /* Total length */ 1627 /* Total length */
1699 len = p - (unsigned char *)(s->init_buf->data); 1628 len = p - (unsigned char *)(s->init_buf->data);
1700 /* Ticket length */ 1629 /* Ticket length */
1701 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4; 1630 p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
1702 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p); 1631 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
1703 1632
1704 /* number of bytes to write */ 1633 /* number of bytes to write */
1705 s->init_num= len; 1634 s->init_num = len;
1706 s->state=SSL3_ST_SW_SESSION_TICKET_B; 1635 s->state = SSL3_ST_SW_SESSION_TICKET_B;
1707 s->init_off=0; 1636 s->init_off = 0;
1708 OPENSSL_free(senc); 1637 OPENSSL_free(senc);
1709 1638
1710 /* XDTLS: set message header ? */ 1639 /* XDTLS: set message header ? */
1711 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; 1640 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1712 dtls1_set_message_header(s, (void *)s->init_buf->data, 1641 dtls1_set_message_header(s, (void *)s->init_buf->data,
1713 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); 1642 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
1714 1643
1715 /* buffer the message to handle re-xmits */ 1644 /* buffer the message to handle re-xmits */
1716 dtls1_buffer_message(s, 0); 1645 dtls1_buffer_message(s, 0);
1717 } 1646 }
1718 1647
1719 /* SSL3_ST_SW_SESSION_TICKET_B */ 1648 /* SSL3_ST_SW_SESSION_TICKET_B */
1720 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1649 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1721 } 1650}
1722#endif 1651#endif
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index eb6ea6c0ec..15c4bca58c 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -131,49 +131,51 @@
131static const SSL_METHOD *dtls1_get_client_method(int ver); 131static const SSL_METHOD *dtls1_get_client_method(int ver);
132static int dtls1_get_hello_verify(SSL *s); 132static int dtls1_get_hello_verify(SSL *s);
133 133
134static const SSL_METHOD *dtls1_get_client_method(int ver) 134static const SSL_METHOD
135 { 135*dtls1_get_client_method(int ver)
136{
136 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) 137 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
137 return(DTLSv1_client_method()); 138 return (DTLSv1_client_method());
138 else 139 else
139 return(NULL); 140 return (NULL);
140 } 141}
141 142
142IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, 143IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
143 ssl_undefined_function, 144 ssl_undefined_function, dtls1_connect, dtls1_get_client_method)
144 dtls1_connect, 145
145 dtls1_get_client_method) 146int
146 147dtls1_connect(SSL *s)
147int dtls1_connect(SSL *s) 148{
148 { 149 BUF_MEM *buf = NULL;
149 BUF_MEM *buf=NULL; 150 unsigned long Time = (unsigned long)time(NULL);
150 unsigned long Time=(unsigned long)time(NULL); 151 void (*cb)(const SSL *ssl, int type, int val) = NULL;
151 void (*cb)(const SSL *ssl,int type,int val)=NULL; 152 int ret = -1;
152 int ret= -1; 153 int new_state, state, skip = 0;
153 int new_state,state,skip=0;
154#ifndef OPENSSL_NO_SCTP 154#ifndef OPENSSL_NO_SCTP
155 unsigned char sctpauthkey[64]; 155 unsigned char sctpauthkey[64];
156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; 156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
157#endif 157#endif
158 158
159 RAND_add(&Time,sizeof(Time),0); 159 RAND_add(&Time, sizeof(Time), 0);
160 ERR_clear_error(); 160 ERR_clear_error();
161 errno = 0; 161 errno = 0;
162 162
163 if (s->info_callback != NULL) 163 if (s->info_callback != NULL)
164 cb=s->info_callback; 164 cb = s->info_callback;
165 else if (s->ctx->info_callback != NULL) 165 else if (s->ctx->info_callback != NULL)
166 cb=s->ctx->info_callback; 166 cb = s->ctx->info_callback;
167 167
168 s->in_handshake++; 168 s->in_handshake++;
169 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 169 if (!SSL_in_init(s) || SSL_in_before(s))
170 SSL_clear(s);
170 171
171#ifndef OPENSSL_NO_SCTP 172#ifndef OPENSSL_NO_SCTP
172 /* Notify SCTP BIO socket to enter handshake 173 /* Notify SCTP BIO socket to enter handshake
173 * mode and prevent stream identifier other 174 * mode and prevent stream identifier other
174 * than 0. Will be ignored if no SCTP is used. 175 * than 0. Will be ignored if no SCTP is used.
175 */ 176 */
176 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 177 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
178 s->in_handshake, NULL);
177#endif 179#endif
178 180
179#ifndef OPENSSL_NO_HEARTBEATS 181#ifndef OPENSSL_NO_HEARTBEATS
@@ -181,23 +183,20 @@ int dtls1_connect(SSL *s)
181 * already got and don't await it anymore, because 183 * already got and don't await it anymore, because
182 * Heartbeats don't make sense during handshakes anyway. 184 * Heartbeats don't make sense during handshakes anyway.
183 */ 185 */
184 if (s->tlsext_hb_pending) 186 if (s->tlsext_hb_pending) {
185 {
186 dtls1_stop_timer(s); 187 dtls1_stop_timer(s);
187 s->tlsext_hb_pending = 0; 188 s->tlsext_hb_pending = 0;
188 s->tlsext_hb_seq++; 189 s->tlsext_hb_seq++;
189 } 190 }
190#endif 191#endif
191 192
192 for (;;) 193 for (;;) {
193 { 194 state = s->state;
194 state=s->state;
195 195
196 switch(s->state) 196 switch (s->state) {
197 {
198 case SSL_ST_RENEGOTIATE: 197 case SSL_ST_RENEGOTIATE:
199 s->renegotiate=1; 198 s->renegotiate = 1;
200 s->state=SSL_ST_CONNECT; 199 s->state = SSL_ST_CONNECT;
201 s->ctx->stats.sess_connect_renegotiate++; 200 s->ctx->stats.sess_connect_renegotiate++;
202 /* break */ 201 /* break */
203 case SSL_ST_BEFORE: 202 case SSL_ST_BEFORE:
@@ -205,48 +204,51 @@ int dtls1_connect(SSL *s)
205 case SSL_ST_BEFORE|SSL_ST_CONNECT: 204 case SSL_ST_BEFORE|SSL_ST_CONNECT:
206 case SSL_ST_OK|SSL_ST_CONNECT: 205 case SSL_ST_OK|SSL_ST_CONNECT:
207 206
208 s->server=0; 207 s->server = 0;
209 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 208 if (cb != NULL)
209 cb(s, SSL_CB_HANDSHAKE_START, 1);
210 210
211 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && 211 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
212 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) 212 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) {
213 {
214 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); 213 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
215 ret = -1; 214 ret = -1;
216 goto end; 215 goto end;
217 } 216 }
218 217
219 /* s->version=SSL3_VERSION; */ 218 /* s->version=SSL3_VERSION; */
220 s->type=SSL_ST_CONNECT; 219 s->type = SSL_ST_CONNECT;
221 220
222 if (s->init_buf == NULL) 221 if (s->init_buf == NULL) {
223 { 222 if ((buf = BUF_MEM_new()) == NULL) {
224 if ((buf=BUF_MEM_new()) == NULL) 223 ret = -1;
225 {
226 ret= -1;
227 goto end; 224 goto end;
228 } 225 }
229 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 226 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
230 { 227 ret = -1;
231 ret= -1;
232 goto end; 228 goto end;
233 }
234 s->init_buf=buf;
235 buf=NULL;
236 } 229 }
230 s->init_buf = buf;
231 buf = NULL;
232 }
237 233
238 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 234 if (!ssl3_setup_buffers(s)) {
235 ret = -1;
236 goto end;
237 }
239 238
240 /* setup buffing BIO */ 239 /* setup buffing BIO */
241 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } 240 if (!ssl_init_wbio_buffer(s, 0)) {
241 ret = -1;
242 goto end;
243 }
242 244
243 /* don't push the buffering BIO quite yet */ 245 /* don't push the buffering BIO quite yet */
244 246
245 s->state=SSL3_ST_CW_CLNT_HELLO_A; 247 s->state = SSL3_ST_CW_CLNT_HELLO_A;
246 s->ctx->stats.sess_connect++; 248 s->ctx->stats.sess_connect++;
247 s->init_num=0; 249 s->init_num = 0;
248 /* mark client_random uninitialized */ 250 /* mark client_random uninitialized */
249 memset(s->s3->client_random,0,sizeof(s->s3->client_random)); 251 memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
250 s->d1->send_cookie = 0; 252 s->d1->send_cookie = 0;
251 s->hit = 0; 253 s->hit = 0;
252 break; 254 break;
@@ -254,115 +256,110 @@ int dtls1_connect(SSL *s)
254#ifndef OPENSSL_NO_SCTP 256#ifndef OPENSSL_NO_SCTP
255 case DTLS1_SCTP_ST_CR_READ_SOCK: 257 case DTLS1_SCTP_ST_CR_READ_SOCK:
256 258
257 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 259 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
258 { 260 s->s3->in_read_app_data = 2;
259 s->s3->in_read_app_data=2; 261 s->rwstate = SSL_READING;
260 s->rwstate=SSL_READING;
261 BIO_clear_retry_flags(SSL_get_rbio(s)); 262 BIO_clear_retry_flags(SSL_get_rbio(s));
262 BIO_set_retry_read(SSL_get_rbio(s)); 263 BIO_set_retry_read(SSL_get_rbio(s));
263 ret = -1; 264 ret = -1;
264 goto end; 265 goto end;
265 } 266 }
266 267
267 s->state=s->s3->tmp.next_state; 268 s->state = s->s3->tmp.next_state;
268 break; 269 break;
269 270
270 case DTLS1_SCTP_ST_CW_WRITE_SOCK: 271 case DTLS1_SCTP_ST_CW_WRITE_SOCK:
271 /* read app data until dry event */ 272 /* read app data until dry event */
272 273
273 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); 274 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
274 if (ret < 0) goto end; 275 if (ret < 0)
276 goto end;
275 277
276 if (ret == 0) 278 if (ret == 0) {
277 { 279 s->s3->in_read_app_data = 2;
278 s->s3->in_read_app_data=2; 280 s->rwstate = SSL_READING;
279 s->rwstate=SSL_READING;
280 BIO_clear_retry_flags(SSL_get_rbio(s)); 281 BIO_clear_retry_flags(SSL_get_rbio(s));
281 BIO_set_retry_read(SSL_get_rbio(s)); 282 BIO_set_retry_read(SSL_get_rbio(s));
282 ret = -1; 283 ret = -1;
283 goto end; 284 goto end;
284 } 285 }
285 286
286 s->state=s->d1->next_state; 287 s->state = s->d1->next_state;
287 break; 288 break;
288#endif 289#endif
289 290
290 case SSL3_ST_CW_CLNT_HELLO_A: 291 case SSL3_ST_CW_CLNT_HELLO_A:
291 case SSL3_ST_CW_CLNT_HELLO_B: 292 case SSL3_ST_CW_CLNT_HELLO_B:
292 293
293 s->shutdown=0; 294 s->shutdown = 0;
294 295
295 /* every DTLS ClientHello resets Finished MAC */ 296 /* every DTLS ClientHello resets Finished MAC */
296 ssl3_init_finished_mac(s); 297 ssl3_init_finished_mac(s);
297 298
298 dtls1_start_timer(s); 299 dtls1_start_timer(s);
299 ret=dtls1_client_hello(s); 300 ret = dtls1_client_hello(s);
300 if (ret <= 0) goto end; 301 if (ret <= 0)
302 goto end;
301 303
302 if ( s->d1->send_cookie) 304 if (s->d1->send_cookie) {
303 { 305 s->state = SSL3_ST_CW_FLUSH;
304 s->state=SSL3_ST_CW_FLUSH; 306 s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
305 s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A; 307 } else
306 } 308 s->state = SSL3_ST_CR_SRVR_HELLO_A;
307 else
308 s->state=SSL3_ST_CR_SRVR_HELLO_A;
309 309
310 s->init_num=0; 310 s->init_num = 0;
311 311
312#ifndef OPENSSL_NO_SCTP 312#ifndef OPENSSL_NO_SCTP
313 /* Disable buffering for SCTP */ 313 /* Disable buffering for SCTP */
314 if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) 314 if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) {
315 {
316#endif 315#endif
317 /* turn on buffering for the next lot of output */ 316 /* turn on buffering for the next lot of output */
318 if (s->bbio != s->wbio) 317 if (s->bbio != s->wbio)
319 s->wbio=BIO_push(s->bbio,s->wbio); 318 s->wbio = BIO_push(s->bbio, s->wbio);
320#ifndef OPENSSL_NO_SCTP 319#ifndef OPENSSL_NO_SCTP
321 } 320 }
322#endif 321#endif
323 322
324 break; 323 break;
325 324
326 case SSL3_ST_CR_SRVR_HELLO_A: 325 case SSL3_ST_CR_SRVR_HELLO_A:
327 case SSL3_ST_CR_SRVR_HELLO_B: 326 case SSL3_ST_CR_SRVR_HELLO_B:
328 ret=ssl3_get_server_hello(s); 327 ret = ssl3_get_server_hello(s);
329 if (ret <= 0) goto end; 328 if (ret <= 0)
330 else 329 goto end;
331 { 330 else {
332 if (s->hit) 331 if (s->hit) {
333 {
334#ifndef OPENSSL_NO_SCTP 332#ifndef OPENSSL_NO_SCTP
335 /* Add new shared key for SCTP-Auth, 333 /* Add new shared key for SCTP-Auth,
336 * will be ignored if no SCTP used. 334 * will be ignored if no SCTP used.
337 */ 335 */
338 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 336 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
339 DTLS1_SCTP_AUTH_LABEL); 337 DTLS1_SCTP_AUTH_LABEL);
340 338
341 SSL_export_keying_material(s, sctpauthkey, 339 SSL_export_keying_material(s, sctpauthkey,
342 sizeof(sctpauthkey), labelbuffer, 340 sizeof(sctpauthkey), labelbuffer,
343 sizeof(labelbuffer), NULL, 0, 0); 341 sizeof(labelbuffer), NULL, 0, 0);
344 342
345 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 343 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
346 sizeof(sctpauthkey), sctpauthkey); 344 sizeof(sctpauthkey), sctpauthkey);
347#endif 345#endif
348 346
349 s->state=SSL3_ST_CR_FINISHED_A; 347 s->state = SSL3_ST_CR_FINISHED_A;
350 } 348 } else
351 else 349 s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
352 s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; 350 }
353 } 351 s->init_num = 0;
354 s->init_num=0;
355 break; 352 break;
356 353
357 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: 354 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
358 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: 355 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
359 356
360 ret = dtls1_get_hello_verify(s); 357 ret = dtls1_get_hello_verify(s);
361 if ( ret <= 0) 358 if (ret <= 0)
362 goto end; 359 goto end;
363 dtls1_stop_timer(s); 360 dtls1_stop_timer(s);
364 if ( s->d1->send_cookie) /* start again, with a cookie */ 361 if ( s->d1->send_cookie) /* start again, with a cookie */
365 s->state=SSL3_ST_CW_CLNT_HELLO_A; 362 s->state = SSL3_ST_CW_CLNT_HELLO_A;
366 else 363 else
367 s->state = SSL3_ST_CR_CERT_A; 364 s->state = SSL3_ST_CR_CERT_A;
368 s->init_num = 0; 365 s->init_num = 0;
@@ -371,88 +368,87 @@ int dtls1_connect(SSL *s)
371 case SSL3_ST_CR_CERT_A: 368 case SSL3_ST_CR_CERT_A:
372 case SSL3_ST_CR_CERT_B: 369 case SSL3_ST_CR_CERT_B:
373#ifndef OPENSSL_NO_TLSEXT 370#ifndef OPENSSL_NO_TLSEXT
374 ret=ssl3_check_finished(s); 371 ret = ssl3_check_finished(s);
375 if (ret <= 0) goto end; 372 if (ret <= 0)
376 if (ret == 2) 373 goto end;
377 { 374 if (ret == 2) {
378 s->hit = 1; 375 s->hit = 1;
379 if (s->tlsext_ticket_expected) 376 if (s->tlsext_ticket_expected)
380 s->state=SSL3_ST_CR_SESSION_TICKET_A; 377 s->state = SSL3_ST_CR_SESSION_TICKET_A;
381 else 378 else
382 s->state=SSL3_ST_CR_FINISHED_A; 379 s->state = SSL3_ST_CR_FINISHED_A;
383 s->init_num=0; 380 s->init_num = 0;
384 break; 381 break;
385 } 382 }
386#endif 383#endif
387 /* Check if it is anon DH or PSK */ 384 /* Check if it is anon DH or PSK */
388 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 385 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
389 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 386 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
390 { 387 ret = ssl3_get_server_certificate(s);
391 ret=ssl3_get_server_certificate(s); 388 if (ret <= 0)
392 if (ret <= 0) goto end; 389 goto end;
393#ifndef OPENSSL_NO_TLSEXT 390#ifndef OPENSSL_NO_TLSEXT
394 if (s->tlsext_status_expected) 391 if (s->tlsext_status_expected)
395 s->state=SSL3_ST_CR_CERT_STATUS_A; 392 s->state = SSL3_ST_CR_CERT_STATUS_A;
396 else 393 else
397 s->state=SSL3_ST_CR_KEY_EXCH_A; 394 s->state = SSL3_ST_CR_KEY_EXCH_A;
398 } 395 } else {
399 else
400 {
401 skip = 1; 396 skip = 1;
402 s->state=SSL3_ST_CR_KEY_EXCH_A; 397 s->state = SSL3_ST_CR_KEY_EXCH_A;
403 } 398 }
404#else 399#else
405 } 400 } else
406 else 401 skip = 1;
407 skip=1;
408 402
409 s->state=SSL3_ST_CR_KEY_EXCH_A; 403 s->state = SSL3_ST_CR_KEY_EXCH_A;
410#endif 404#endif
411 s->init_num=0; 405 s->init_num = 0;
412 break; 406 break;
413 407
414 case SSL3_ST_CR_KEY_EXCH_A: 408 case SSL3_ST_CR_KEY_EXCH_A:
415 case SSL3_ST_CR_KEY_EXCH_B: 409 case SSL3_ST_CR_KEY_EXCH_B:
416 ret=ssl3_get_key_exchange(s); 410 ret = ssl3_get_key_exchange(s);
417 if (ret <= 0) goto end; 411 if (ret <= 0)
418 s->state=SSL3_ST_CR_CERT_REQ_A; 412 goto end;
419 s->init_num=0; 413 s->state = SSL3_ST_CR_CERT_REQ_A;
414 s->init_num = 0;
420 415
421 /* at this point we check that we have the 416 /* at this point we check that we have the
422 * required stuff from the server */ 417 * required stuff from the server */
423 if (!ssl3_check_cert_and_algorithm(s)) 418 if (!ssl3_check_cert_and_algorithm(s)) {
424 { 419 ret = -1;
425 ret= -1;
426 goto end; 420 goto end;
427 } 421 }
428 break; 422 break;
429 423
430 case SSL3_ST_CR_CERT_REQ_A: 424 case SSL3_ST_CR_CERT_REQ_A:
431 case SSL3_ST_CR_CERT_REQ_B: 425 case SSL3_ST_CR_CERT_REQ_B:
432 ret=ssl3_get_certificate_request(s); 426 ret = ssl3_get_certificate_request(s);
433 if (ret <= 0) goto end; 427 if (ret <= 0)
434 s->state=SSL3_ST_CR_SRVR_DONE_A; 428 goto end;
435 s->init_num=0; 429 s->state = SSL3_ST_CR_SRVR_DONE_A;
430 s->init_num = 0;
436 break; 431 break;
437 432
438 case SSL3_ST_CR_SRVR_DONE_A: 433 case SSL3_ST_CR_SRVR_DONE_A:
439 case SSL3_ST_CR_SRVR_DONE_B: 434 case SSL3_ST_CR_SRVR_DONE_B:
440 ret=ssl3_get_server_done(s); 435 ret = ssl3_get_server_done(s);
441 if (ret <= 0) goto end; 436 if (ret <= 0)
437 goto end;
442 dtls1_stop_timer(s); 438 dtls1_stop_timer(s);
443 if (s->s3->tmp.cert_req) 439 if (s->s3->tmp.cert_req)
444 s->s3->tmp.next_state=SSL3_ST_CW_CERT_A; 440 s->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
445 else 441 else
446 s->s3->tmp.next_state=SSL3_ST_CW_KEY_EXCH_A; 442 s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
447 s->init_num=0; 443 s->init_num = 0;
448 444
449#ifndef OPENSSL_NO_SCTP 445#ifndef OPENSSL_NO_SCTP
450 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 446 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
451 state == SSL_ST_RENEGOTIATE) 447 state == SSL_ST_RENEGOTIATE)
452 s->state=DTLS1_SCTP_ST_CR_READ_SOCK; 448 s->state = DTLS1_SCTP_ST_CR_READ_SOCK;
453 else 449 else
454#endif 450#endif
455 s->state=s->s3->tmp.next_state; 451 s->state = s->s3->tmp.next_state;
456 break; 452 break;
457 453
458 case SSL3_ST_CW_CERT_A: 454 case SSL3_ST_CW_CERT_A:
@@ -460,118 +456,115 @@ int dtls1_connect(SSL *s)
460 case SSL3_ST_CW_CERT_C: 456 case SSL3_ST_CW_CERT_C:
461 case SSL3_ST_CW_CERT_D: 457 case SSL3_ST_CW_CERT_D:
462 dtls1_start_timer(s); 458 dtls1_start_timer(s);
463 ret=dtls1_send_client_certificate(s); 459 ret = dtls1_send_client_certificate(s);
464 if (ret <= 0) goto end; 460 if (ret <= 0)
465 s->state=SSL3_ST_CW_KEY_EXCH_A; 461 goto end;
466 s->init_num=0; 462 s->state = SSL3_ST_CW_KEY_EXCH_A;
463 s->init_num = 0;
467 break; 464 break;
468 465
469 case SSL3_ST_CW_KEY_EXCH_A: 466 case SSL3_ST_CW_KEY_EXCH_A:
470 case SSL3_ST_CW_KEY_EXCH_B: 467 case SSL3_ST_CW_KEY_EXCH_B:
471 dtls1_start_timer(s); 468 dtls1_start_timer(s);
472 ret=dtls1_send_client_key_exchange(s); 469 ret = dtls1_send_client_key_exchange(s);
473 if (ret <= 0) goto end; 470 if (ret <= 0)
471 goto end;
474 472
475#ifndef OPENSSL_NO_SCTP 473#ifndef OPENSSL_NO_SCTP
476 /* Add new shared key for SCTP-Auth, 474 /* Add new shared key for SCTP-Auth,
477 * will be ignored if no SCTP used. 475 * will be ignored if no SCTP used.
478 */ 476 */
479 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 477 snprintf((char*)labelbuffer,
480 DTLS1_SCTP_AUTH_LABEL); 478 sizeof(DTLS1_SCTP_AUTH_LABEL),
479 DTLS1_SCTP_AUTH_LABEL);
481 480
482 SSL_export_keying_material(s, sctpauthkey, 481 SSL_export_keying_material(s, sctpauthkey,
483 sizeof(sctpauthkey), labelbuffer, 482 sizeof(sctpauthkey), labelbuffer,
484 sizeof(labelbuffer), NULL, 0, 0); 483 sizeof(labelbuffer), NULL, 0, 0);
485 484
486 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 485 BIO_ctrl(SSL_get_wbio(s),
487 sizeof(sctpauthkey), sctpauthkey); 486 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
487 sizeof(sctpauthkey), sctpauthkey);
488#endif 488#endif
489 489
490 /* EAY EAY EAY need to check for DH fix cert 490 /* EAY EAY EAY need to check for DH fix cert
491 * sent back */ 491 * sent back */
492 /* For TLS, cert_req is set to 2, so a cert chain 492 /* For TLS, cert_req is set to 2, so a cert chain
493 * of nothing is sent, but no verify packet is sent */ 493 * of nothing is sent, but no verify packet is sent */
494 if (s->s3->tmp.cert_req == 1) 494 if (s->s3->tmp.cert_req == 1) {
495 { 495 s->state = SSL3_ST_CW_CERT_VRFY_A;
496 s->state=SSL3_ST_CW_CERT_VRFY_A; 496 } else {
497 }
498 else
499 {
500#ifndef OPENSSL_NO_SCTP 497#ifndef OPENSSL_NO_SCTP
501 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 498 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
502 { 499 s->d1->next_state = SSL3_ST_CW_CHANGE_A;
503 s->d1->next_state=SSL3_ST_CW_CHANGE_A; 500 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
504 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 501 } else
505 }
506 else
507#endif 502#endif
508 s->state=SSL3_ST_CW_CHANGE_A; 503 s->state = SSL3_ST_CW_CHANGE_A;
509 s->s3->change_cipher_spec=0; 504 s->s3->change_cipher_spec = 0;
510 } 505 }
511 506
512 s->init_num=0; 507 s->init_num = 0;
513 break; 508 break;
514 509
515 case SSL3_ST_CW_CERT_VRFY_A: 510 case SSL3_ST_CW_CERT_VRFY_A:
516 case SSL3_ST_CW_CERT_VRFY_B: 511 case SSL3_ST_CW_CERT_VRFY_B:
517 dtls1_start_timer(s); 512 dtls1_start_timer(s);
518 ret=dtls1_send_client_verify(s); 513 ret = dtls1_send_client_verify(s);
519 if (ret <= 0) goto end; 514 if (ret <= 0)
515 goto end;
520#ifndef OPENSSL_NO_SCTP 516#ifndef OPENSSL_NO_SCTP
521 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 517 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
522 { 518 s->d1->next_state = SSL3_ST_CW_CHANGE_A;
523 s->d1->next_state=SSL3_ST_CW_CHANGE_A; 519 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
524 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 520 } else
525 }
526 else
527#endif 521#endif
528 s->state=SSL3_ST_CW_CHANGE_A; 522 s->state = SSL3_ST_CW_CHANGE_A;
529 s->init_num=0; 523 s->init_num = 0;
530 s->s3->change_cipher_spec=0; 524 s->s3->change_cipher_spec = 0;
531 break; 525 break;
532 526
533 case SSL3_ST_CW_CHANGE_A: 527 case SSL3_ST_CW_CHANGE_A:
534 case SSL3_ST_CW_CHANGE_B: 528 case SSL3_ST_CW_CHANGE_B:
535 if (!s->hit) 529 if (!s->hit)
536 dtls1_start_timer(s); 530 dtls1_start_timer(s);
537 ret=dtls1_send_change_cipher_spec(s, 531 ret = dtls1_send_change_cipher_spec(s,
538 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); 532 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
539 if (ret <= 0) goto end; 533 if (ret <= 0)
534 goto end;
540 535
541 s->state=SSL3_ST_CW_FINISHED_A; 536 s->state = SSL3_ST_CW_FINISHED_A;
542 s->init_num=0; 537 s->init_num = 0;
543 538
544 s->session->cipher=s->s3->tmp.new_cipher; 539 s->session->cipher = s->s3->tmp.new_cipher;
545#ifdef OPENSSL_NO_COMP 540#ifdef OPENSSL_NO_COMP
546 s->session->compress_meth=0; 541 s->session->compress_meth = 0;
547#else 542#else
548 if (s->s3->tmp.new_compression == NULL) 543 if (s->s3->tmp.new_compression == NULL)
549 s->session->compress_meth=0; 544 s->session->compress_meth = 0;
550 else 545 else
551 s->session->compress_meth= 546 s->session->compress_meth =
552 s->s3->tmp.new_compression->id; 547 s->s3->tmp.new_compression->id;
553#endif 548#endif
554 if (!s->method->ssl3_enc->setup_key_block(s)) 549 if (!s->method->ssl3_enc->setup_key_block(s)) {
555 { 550 ret = -1;
556 ret= -1;
557 goto end; 551 goto end;
558 } 552 }
559 553
560 if (!s->method->ssl3_enc->change_cipher_state(s, 554 if (!s->method->ssl3_enc->change_cipher_state(s,
561 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) 555 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
562 { 556 ret = -1;
563 ret= -1;
564 goto end; 557 goto end;
565 } 558 }
566 559
567#ifndef OPENSSL_NO_SCTP 560#ifndef OPENSSL_NO_SCTP
568 if (s->hit) 561 if (s->hit) {
569 { 562 /* Change to new shared key of SCTP-Auth,
570 /* Change to new shared key of SCTP-Auth, 563 * will be ignored if no SCTP used.
571 * will be ignored if no SCTP used. 564 */
572 */ 565 BIO_ctrl(SSL_get_wbio(s),
573 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 566 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
574 } 567 }
575#endif 568#endif
576 569
577 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); 570 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
@@ -581,41 +574,36 @@ int dtls1_connect(SSL *s)
581 case SSL3_ST_CW_FINISHED_B: 574 case SSL3_ST_CW_FINISHED_B:
582 if (!s->hit) 575 if (!s->hit)
583 dtls1_start_timer(s); 576 dtls1_start_timer(s);
584 ret=dtls1_send_finished(s, 577 ret = dtls1_send_finished(s,
585 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, 578 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
586 s->method->ssl3_enc->client_finished_label, 579 s->method->ssl3_enc->client_finished_label,
587 s->method->ssl3_enc->client_finished_label_len); 580 s->method->ssl3_enc->client_finished_label_len);
588 if (ret <= 0) goto end; 581 if (ret <= 0)
589 s->state=SSL3_ST_CW_FLUSH; 582 goto end;
583 s->state = SSL3_ST_CW_FLUSH;
590 584
591 /* clear flags */ 585 /* clear flags */
592 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 586 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
593 if (s->hit) 587 if (s->hit) {
594 { 588 s->s3->tmp.next_state = SSL_ST_OK;
595 s->s3->tmp.next_state=SSL_ST_OK;
596#ifndef OPENSSL_NO_SCTP 589#ifndef OPENSSL_NO_SCTP
597 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 590 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
598 { 591 s->d1->next_state = s->s3->tmp.next_state;
599 s->d1->next_state = s->s3->tmp.next_state; 592 s->s3->tmp.next_state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
600 s->s3->tmp.next_state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 593 }
601 }
602#endif 594#endif
603 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) 595 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
604 { 596 s->state = SSL_ST_OK;
605 s->state=SSL_ST_OK;
606#ifndef OPENSSL_NO_SCTP 597#ifndef OPENSSL_NO_SCTP
607 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 598 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
608 { 599 s->d1->next_state = SSL_ST_OK;
609 s->d1->next_state = SSL_ST_OK; 600 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
610 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 601 }
611 }
612#endif 602#endif
613 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 603 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
614 s->s3->delay_buf_pop_ret=0; 604 s->s3->delay_buf_pop_ret = 0;
615 }
616 } 605 }
617 else 606 } else {
618 {
619#ifndef OPENSSL_NO_SCTP 607#ifndef OPENSSL_NO_SCTP
620 /* Change to new shared key of SCTP-Auth, 608 /* Change to new shared key of SCTP-Auth,
621 * will be ignored if no SCTP used. 609 * will be ignored if no SCTP used.
@@ -626,74 +614,74 @@ int dtls1_connect(SSL *s)
626#ifndef OPENSSL_NO_TLSEXT 614#ifndef OPENSSL_NO_TLSEXT
627 /* Allow NewSessionTicket if ticket expected */ 615 /* Allow NewSessionTicket if ticket expected */
628 if (s->tlsext_ticket_expected) 616 if (s->tlsext_ticket_expected)
629 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; 617 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
630 else 618 else
631#endif 619#endif
632 620
633 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; 621 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
634 } 622 }
635 s->init_num=0; 623 s->init_num = 0;
636 break; 624 break;
637 625
638#ifndef OPENSSL_NO_TLSEXT 626#ifndef OPENSSL_NO_TLSEXT
639 case SSL3_ST_CR_SESSION_TICKET_A: 627 case SSL3_ST_CR_SESSION_TICKET_A:
640 case SSL3_ST_CR_SESSION_TICKET_B: 628 case SSL3_ST_CR_SESSION_TICKET_B:
641 ret=ssl3_get_new_session_ticket(s); 629 ret = ssl3_get_new_session_ticket(s);
642 if (ret <= 0) goto end; 630 if (ret <= 0)
643 s->state=SSL3_ST_CR_FINISHED_A; 631 goto end;
644 s->init_num=0; 632 s->state = SSL3_ST_CR_FINISHED_A;
645 break; 633 s->init_num = 0;
634 break;
646 635
647 case SSL3_ST_CR_CERT_STATUS_A: 636 case SSL3_ST_CR_CERT_STATUS_A:
648 case SSL3_ST_CR_CERT_STATUS_B: 637 case SSL3_ST_CR_CERT_STATUS_B:
649 ret=ssl3_get_cert_status(s); 638 ret = ssl3_get_cert_status(s);
650 if (ret <= 0) goto end; 639 if (ret <= 0)
651 s->state=SSL3_ST_CR_KEY_EXCH_A; 640 goto end;
652 s->init_num=0; 641 s->state = SSL3_ST_CR_KEY_EXCH_A;
653 break; 642 s->init_num = 0;
643 break;
654#endif 644#endif
655 645
656 case SSL3_ST_CR_FINISHED_A: 646 case SSL3_ST_CR_FINISHED_A:
657 case SSL3_ST_CR_FINISHED_B: 647 case SSL3_ST_CR_FINISHED_B:
658 s->d1->change_cipher_spec_ok = 1; 648 s->d1->change_cipher_spec_ok = 1;
659 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, 649 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
660 SSL3_ST_CR_FINISHED_B); 650 SSL3_ST_CR_FINISHED_B);
661 if (ret <= 0) goto end; 651 if (ret <= 0)
652 goto end;
662 dtls1_stop_timer(s); 653 dtls1_stop_timer(s);
663 654
664 if (s->hit) 655 if (s->hit)
665 s->state=SSL3_ST_CW_CHANGE_A; 656 s->state = SSL3_ST_CW_CHANGE_A;
666 else 657 else
667 s->state=SSL_ST_OK; 658 s->state = SSL_ST_OK;
668 659
669#ifndef OPENSSL_NO_SCTP 660#ifndef OPENSSL_NO_SCTP
670 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 661 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
671 state == SSL_ST_RENEGOTIATE) 662 state == SSL_ST_RENEGOTIATE) {
672 { 663 s->d1->next_state = s->state;
673 s->d1->next_state=s->state; 664 s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
674 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK; 665 }
675 }
676#endif 666#endif
677 667
678 s->init_num=0; 668 s->init_num = 0;
679 break; 669 break;
680 670
681 case SSL3_ST_CW_FLUSH: 671 case SSL3_ST_CW_FLUSH:
682 s->rwstate=SSL_WRITING; 672 s->rwstate = SSL_WRITING;
683 if (BIO_flush(s->wbio) <= 0) 673 if (BIO_flush(s->wbio) <= 0) {
684 {
685 /* If the write error was fatal, stop trying */ 674 /* If the write error was fatal, stop trying */
686 if (!BIO_should_retry(s->wbio)) 675 if (!BIO_should_retry(s->wbio)) {
687 { 676 s->rwstate = SSL_NOTHING;
688 s->rwstate=SSL_NOTHING; 677 s->state = s->s3->tmp.next_state;
689 s->state=s->s3->tmp.next_state;
690 }
691
692 ret= -1;
693 goto end;
694 } 678 }
695 s->rwstate=SSL_NOTHING; 679
696 s->state=s->s3->tmp.next_state; 680 ret = -1;
681 goto end;
682 }
683 s->rwstate = SSL_NOTHING;
684 s->state = s->s3->tmp.next_state;
697 break; 685 break;
698 686
699 case SSL_ST_OK: 687 case SSL_ST_OK:
@@ -701,11 +689,10 @@ int dtls1_connect(SSL *s)
701 ssl3_cleanup_key_block(s); 689 ssl3_cleanup_key_block(s);
702 690
703#if 0 691#if 0
704 if (s->init_buf != NULL) 692 if (s->init_buf != NULL) {
705 {
706 BUF_MEM_free(s->init_buf); 693 BUF_MEM_free(s->init_buf);
707 s->init_buf=NULL; 694 s->init_buf = NULL;
708 } 695 }
709#endif 696#endif
710 697
711 /* If we are not 'joining' the last two packets, 698 /* If we are not 'joining' the last two packets,
@@ -714,234 +701,226 @@ int dtls1_connect(SSL *s)
714 ssl_free_wbio_buffer(s); 701 ssl_free_wbio_buffer(s);
715 /* else do it later in ssl3_write */ 702 /* else do it later in ssl3_write */
716 703
717 s->init_num=0; 704 s->init_num = 0;
718 s->renegotiate=0; 705 s->renegotiate = 0;
719 s->new_session=0; 706 s->new_session = 0;
720 707
721 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); 708 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
722 if (s->hit) s->ctx->stats.sess_hit++; 709 if (s->hit)
710 s->ctx->stats.sess_hit++;
723 711
724 ret=1; 712 ret = 1;
725 /* s->server=0; */ 713 /* s->server=0; */
726 s->handshake_func=dtls1_connect; 714 s->handshake_func = dtls1_connect;
727 s->ctx->stats.sess_connect_good++; 715 s->ctx->stats.sess_connect_good++;
728 716
729 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); 717 if (cb != NULL)
718 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
730 719
731 /* done with handshaking */ 720 /* done with handshaking */
732 s->d1->handshake_read_seq = 0; 721 s->d1->handshake_read_seq = 0;
733 s->d1->next_handshake_write_seq = 0; 722 s->d1->next_handshake_write_seq = 0;
734 goto end; 723 goto end;
735 /* break; */ 724 /* break; */
736 725
737 default: 726 default:
738 SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE); 727 SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
739 ret= -1; 728 ret = -1;
740 goto end; 729 goto end;
741 /* break; */ 730 /* break; */
742 } 731 }
743 732
744 /* did we do anything */ 733 /* did we do anything */
745 if (!s->s3->tmp.reuse_message && !skip) 734 if (!s->s3->tmp.reuse_message && !skip) {
746 { 735 if (s->debug) {
747 if (s->debug) 736 if ((ret = BIO_flush(s->wbio)) <= 0)
748 {
749 if ((ret=BIO_flush(s->wbio)) <= 0)
750 goto end; 737 goto end;
751 } 738 }
752 739
753 if ((cb != NULL) && (s->state != state)) 740 if ((cb != NULL) && (s->state != state)) {
754 { 741 new_state = s->state;
755 new_state=s->state; 742 s->state = state;
756 s->state=state; 743 cb(s, SSL_CB_CONNECT_LOOP, 1);
757 cb(s,SSL_CB_CONNECT_LOOP,1); 744 s->state = new_state;
758 s->state=new_state;
759 }
760 } 745 }
761 skip=0;
762 } 746 }
747 skip = 0;
748 }
763end: 749end:
764 s->in_handshake--; 750 s->in_handshake--;
765 751
766#ifndef OPENSSL_NO_SCTP 752#ifndef OPENSSL_NO_SCTP
767 /* Notify SCTP BIO socket to leave handshake 753 /* Notify SCTP BIO socket to leave handshake
768 * mode and allow stream identifier other 754 * mode and allow stream identifier other
769 * than 0. Will be ignored if no SCTP is used. 755 * than 0. Will be ignored if no SCTP is used.
770 */ 756 */
771 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 757 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
758 s->in_handshake, NULL);
772#endif 759#endif
773 760
774 if (buf != NULL) 761 if (buf != NULL)
775 BUF_MEM_free(buf); 762 BUF_MEM_free(buf);
776 if (cb != NULL) 763 if (cb != NULL)
777 cb(s,SSL_CB_CONNECT_EXIT,ret); 764 cb(s, SSL_CB_CONNECT_EXIT, ret);
778 return(ret); 765 return (ret);
779 } 766}
780 767
781int dtls1_client_hello(SSL *s) 768int
782 { 769dtls1_client_hello(SSL *s)
770{
783 unsigned char *buf; 771 unsigned char *buf;
784 unsigned char *p,*d; 772 unsigned char *p, *d;
785 unsigned int i,j; 773 unsigned int i, j;
786 unsigned long l; 774 unsigned long l;
787 SSL_COMP *comp; 775 SSL_COMP *comp;
788 776
789 buf=(unsigned char *)s->init_buf->data; 777 buf = (unsigned char *)s->init_buf->data;
790 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 778 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
791 {
792 SSL_SESSION *sess = s->session; 779 SSL_SESSION *sess = s->session;
793 if ((s->session == NULL) || 780 if ((s->session == NULL) ||
794 (s->session->ssl_version != s->version) || 781 (s->session->ssl_version != s->version) ||
795#ifdef OPENSSL_NO_TLSEXT 782#ifdef OPENSSL_NO_TLSEXT
796 !sess->session_id_length || 783 !sess->session_id_length ||
797#else 784#else
798 (!sess->session_id_length && !sess->tlsext_tick) || 785 (!sess->session_id_length && !sess->tlsext_tick) ||
799#endif 786#endif
800 (s->session->not_resumable)) 787 (s->session->not_resumable)) {
801 { 788 if (!ssl_get_new_session(s, 0))
802 if (!ssl_get_new_session(s,0))
803 goto err; 789 goto err;
804 } 790 }
805 /* else use the pre-loaded session */ 791 /* else use the pre-loaded session */
806 792
807 p=s->s3->client_random; 793 p = s->s3->client_random;
808 794
809 /* if client_random is initialized, reuse it, we are 795 /* if client_random is initialized, reuse it, we are
810 * required to use same upon reply to HelloVerify */ 796 * required to use same upon reply to HelloVerify */
811 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) 797 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
812 ; 798;
813 if (i==sizeof(s->s3->client_random)) 799 if (i == sizeof(s->s3->client_random))
814 ssl_fill_hello_random(s, 0, p, 800 ssl_fill_hello_random(s, 0, p,
815 sizeof(s->s3->client_random)); 801 sizeof(s->s3->client_random));
816 802
817 /* Do the message type and length last */ 803 /* Do the message type and length last */
818 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); 804 d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
819 805
820 *(p++)=s->version>>8; 806 *(p++) = s->version >> 8;
821 *(p++)=s->version&0xff; 807 *(p++) = s->version&0xff;
822 s->client_version=s->version; 808 s->client_version = s->version;
823 809
824 /* Random stuff */ 810 /* Random stuff */
825 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); 811 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
826 p+=SSL3_RANDOM_SIZE; 812 p += SSL3_RANDOM_SIZE;
827 813
828 /* Session ID */ 814 /* Session ID */
829 if (s->new_session) 815 if (s->new_session)
830 i=0; 816 i = 0;
831 else 817 else
832 i=s->session->session_id_length; 818 i = s->session->session_id_length;
833 *(p++)=i; 819 *(p++) = i;
834 if (i != 0) 820 if (i != 0) {
835 { 821 if (i > sizeof s->session->session_id) {
836 if (i > sizeof s->session->session_id)
837 {
838 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 822 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
839 goto err; 823 goto err;
840 }
841 memcpy(p,s->session->session_id,i);
842 p+=i;
843 } 824 }
844 825 memcpy(p, s->session->session_id, i);
826 p += i;
827 }
828
845 /* cookie stuff */ 829 /* cookie stuff */
846 if ( s->d1->cookie_len > sizeof(s->d1->cookie)) 830 if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
847 {
848 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 831 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
849 goto err; 832 goto err;
850 } 833 }
851 *(p++) = s->d1->cookie_len; 834 *(p++) = s->d1->cookie_len;
852 memcpy(p, s->d1->cookie, s->d1->cookie_len); 835 memcpy(p, s->d1->cookie, s->d1->cookie_len);
853 p += s->d1->cookie_len; 836 p += s->d1->cookie_len;
854 837
855 /* Ciphers supported */ 838 /* Ciphers supported */
856 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); 839 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
857 if (i == 0) 840 if (i == 0) {
858 { 841 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
859 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
860 goto err; 842 goto err;
861 } 843 }
862 s2n(i,p); 844 s2n(i, p);
863 p+=i; 845 p += i;
864 846
865 /* COMPRESSION */ 847 /* COMPRESSION */
866 if (s->ctx->comp_methods == NULL) 848 if (s->ctx->comp_methods == NULL)
867 j=0; 849 j = 0;
868 else 850 else
869 j=sk_SSL_COMP_num(s->ctx->comp_methods); 851 j = sk_SSL_COMP_num(s->ctx->comp_methods);
870 *(p++)=1+j; 852 *(p++) = 1 + j;
871 for (i=0; i<j; i++) 853 for (i = 0; i < j; i++) {
872 { 854 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
873 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 855 *(p++) = comp->id;
874 *(p++)=comp->id; 856 }
875 } 857 *(p++) = 0; /* Add the NULL method */
876 *(p++)=0; /* Add the NULL method */
877 858
878#ifndef OPENSSL_NO_TLSEXT 859#ifndef OPENSSL_NO_TLSEXT
879 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 860 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
880 { 861 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
881 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
882 goto err; 862 goto err;
883 } 863 }
884#endif 864#endif
885 865
886 l=(p-d); 866 l = (p - d);
887 d=buf; 867 d = buf;
888 868
889 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l); 869 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
890 870
891 s->state=SSL3_ST_CW_CLNT_HELLO_B; 871 s->state = SSL3_ST_CW_CLNT_HELLO_B;
892 /* number of bytes to write */ 872 /* number of bytes to write */
893 s->init_num=p-buf; 873 s->init_num = p - buf;
894 s->init_off=0; 874 s->init_off = 0;
895 875
896 /* buffer the message to handle re-xmits */ 876 /* buffer the message to handle re-xmits */
897 dtls1_buffer_message(s, 0); 877 dtls1_buffer_message(s, 0);
898 } 878 }
899 879
900 /* SSL3_ST_CW_CLNT_HELLO_B */ 880 /* SSL3_ST_CW_CLNT_HELLO_B */
901 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 881 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
902err: 882err:
903 return(-1); 883 return (-1);
904 } 884}
905 885
906static int dtls1_get_hello_verify(SSL *s) 886static int
907 { 887dtls1_get_hello_verify(SSL *s)
888{
908 int n, al, ok = 0; 889 int n, al, ok = 0;
909 unsigned char *data; 890 unsigned char *data;
910 unsigned int cookie_len; 891 unsigned int cookie_len;
911 892
912 n=s->method->ssl_get_message(s, 893 n = s->method->ssl_get_message(s,
913 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, 894 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
914 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, 895 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
915 -1, 896 -1,
916 s->max_cert_list, 897 s->max_cert_list,
917 &ok); 898 &ok);
918 899
919 if (!ok) return((int)n); 900 if (!ok)
901 return ((int)n);
920 902
921 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) 903 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
922 {
923 s->d1->send_cookie = 0; 904 s->d1->send_cookie = 0;
924 s->s3->tmp.reuse_message=1; 905 s->s3->tmp.reuse_message = 1;
925 return(1); 906 return (1);
926 } 907 }
927 908
928 data = (unsigned char *)s->init_msg; 909 data = (unsigned char *)s->init_msg;
929 910
930 if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff))) 911 if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) {
931 { 912 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
932 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION); 913 s->version = (s->version & 0xff00) | data[1];
933 s->version=(s->version&0xff00)|data[1];
934 al = SSL_AD_PROTOCOL_VERSION; 914 al = SSL_AD_PROTOCOL_VERSION;
935 goto f_err; 915 goto f_err;
936 } 916 }
937 data+=2; 917 data += 2;
938 918
939 cookie_len = *(data++); 919 cookie_len = *(data++);
940 if ( cookie_len > sizeof(s->d1->cookie)) 920 if (cookie_len > sizeof(s->d1->cookie)) {
941 { 921 al = SSL_AD_ILLEGAL_PARAMETER;
942 al=SSL_AD_ILLEGAL_PARAMETER;
943 goto f_err; 922 goto f_err;
944 } 923 }
945 924
946 memcpy(s->d1->cookie, data, cookie_len); 925 memcpy(s->d1->cookie, data, cookie_len);
947 s->d1->cookie_len = cookie_len; 926 s->d1->cookie_len = cookie_len;
@@ -952,19 +931,20 @@ static int dtls1_get_hello_verify(SSL *s)
952f_err: 931f_err:
953 ssl3_send_alert(s, SSL3_AL_FATAL, al); 932 ssl3_send_alert(s, SSL3_AL_FATAL, al);
954 return -1; 933 return -1;
955 } 934}
956 935
957int dtls1_send_client_key_exchange(SSL *s) 936int
958 { 937dtls1_send_client_key_exchange(SSL *s)
959 unsigned char *p,*d; 938{
939 unsigned char *p, *d;
960 int n; 940 int n;
961 unsigned long alg_k; 941 unsigned long alg_k;
962#ifndef OPENSSL_NO_RSA 942#ifndef OPENSSL_NO_RSA
963 unsigned char *q; 943 unsigned char *q;
964 EVP_PKEY *pkey=NULL; 944 EVP_PKEY *pkey = NULL;
965#endif 945#endif
966#ifndef OPENSSL_NO_KRB5 946#ifndef OPENSSL_NO_KRB5
967 KSSL_ERR kssl_err; 947 KSSL_ERR kssl_err;
968#endif /* OPENSSL_NO_KRB5 */ 948#endif /* OPENSSL_NO_KRB5 */
969#ifndef OPENSSL_NO_ECDH 949#ifndef OPENSSL_NO_ECDH
970 EC_KEY *clnt_ecdh = NULL; 950 EC_KEY *clnt_ecdh = NULL;
@@ -975,123 +955,119 @@ int dtls1_send_client_key_exchange(SSL *s)
975 BN_CTX * bn_ctx = NULL; 955 BN_CTX * bn_ctx = NULL;
976#endif 956#endif
977 957
978 if (s->state == SSL3_ST_CW_KEY_EXCH_A) 958 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
979 { 959 d = (unsigned char *)s->init_buf->data;
980 d=(unsigned char *)s->init_buf->data; 960 p = &(d[DTLS1_HM_HEADER_LENGTH]);
981 p= &(d[DTLS1_HM_HEADER_LENGTH]); 961
982 962 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
983 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
984 963
985 /* Fool emacs indentation */ 964 /* Fool emacs indentation */
986 if (0) {} 965 if (0) {
966 }
987#ifndef OPENSSL_NO_RSA 967#ifndef OPENSSL_NO_RSA
988 else if (alg_k & SSL_kRSA) 968 else if (alg_k & SSL_kRSA) {
989 {
990 RSA *rsa; 969 RSA *rsa;
991 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 970 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
992 971
993 if (s->session->sess_cert->peer_rsa_tmp != NULL) 972 if (s->session->sess_cert->peer_rsa_tmp != NULL)
994 rsa=s->session->sess_cert->peer_rsa_tmp; 973 rsa = s->session->sess_cert->peer_rsa_tmp;
995 else 974 else {
996 { 975 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
997 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
998 if ((pkey == NULL) || 976 if ((pkey == NULL) ||
999 (pkey->type != EVP_PKEY_RSA) || 977 (pkey->type != EVP_PKEY_RSA) ||
1000 (pkey->pkey.rsa == NULL)) 978 (pkey->pkey.rsa == NULL)) {
1001 { 979 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1002 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1003 goto err; 980 goto err;
1004 }
1005 rsa=pkey->pkey.rsa;
1006 EVP_PKEY_free(pkey);
1007 } 981 }
1008 982 rsa = pkey->pkey.rsa;
1009 tmp_buf[0]=s->client_version>>8; 983 EVP_PKEY_free(pkey);
1010 tmp_buf[1]=s->client_version&0xff; 984 }
1011 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
1012 goto err;
1013 985
1014 s->session->master_key_length=sizeof tmp_buf; 986 tmp_buf[0] = s->client_version >> 8;
987 tmp_buf[1] = s->client_version&0xff;
988 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
989 goto err;
990
991 s->session->master_key_length = sizeof tmp_buf;
1015 992
1016 q=p; 993 q = p;
1017 /* Fix buf for TLS and [incidentally] DTLS */ 994 /* Fix buf for TLS and [incidentally] DTLS */
1018 if (s->version > SSL3_VERSION) 995 if (s->version > SSL3_VERSION)
1019 p+=2; 996 p += 2;
1020 n=RSA_public_encrypt(sizeof tmp_buf, 997 n = RSA_public_encrypt(sizeof tmp_buf,
1021 tmp_buf,p,rsa,RSA_PKCS1_PADDING); 998 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
1022#ifdef PKCS1_CHECK 999#ifdef PKCS1_CHECK
1023 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; 1000 if (s->options & SSL_OP_PKCS1_CHECK_1)
1024 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; 1001 p[1]++;
1002 if (s->options & SSL_OP_PKCS1_CHECK_2)
1003 tmp_buf[0] = 0x70;
1025#endif 1004#endif
1026 if (n <= 0) 1005 if (n <= 0) {
1027 { 1006 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT);
1028 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
1029 goto err; 1007 goto err;
1030 } 1008 }
1031 1009
1032 /* Fix buf for TLS and [incidentally] DTLS */ 1010 /* Fix buf for TLS and [incidentally] DTLS */
1033 if (s->version > SSL3_VERSION) 1011 if (s->version > SSL3_VERSION) {
1034 { 1012 s2n(n, q);
1035 s2n(n,q); 1013 n += 2;
1036 n+=2;
1037 }
1038
1039 s->session->master_key_length=
1040 s->method->ssl3_enc->generate_master_secret(s,
1041 s->session->master_key,
1042 tmp_buf,sizeof tmp_buf);
1043 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
1044 } 1014 }
1015
1016 s->session->master_key_length =
1017 s->method->ssl3_enc->generate_master_secret(s,
1018 s->session->master_key,
1019 tmp_buf, sizeof tmp_buf);
1020 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1021 }
1045#endif 1022#endif
1046#ifndef OPENSSL_NO_KRB5 1023#ifndef OPENSSL_NO_KRB5
1047 else if (alg_k & SSL_kKRB5) 1024 else if (alg_k & SSL_kKRB5) {
1048 { 1025 krb5_error_code krb5rc;
1049 krb5_error_code krb5rc; 1026 KSSL_CTX *kssl_ctx = s->kssl_ctx;
1050 KSSL_CTX *kssl_ctx = s->kssl_ctx; 1027 /* krb5_data krb5_ap_req; */
1051 /* krb5_data krb5_ap_req; */ 1028 krb5_data *enc_ticket;
1052 krb5_data *enc_ticket; 1029 krb5_data authenticator, *authp = NULL;
1053 krb5_data authenticator, *authp = NULL;
1054 EVP_CIPHER_CTX ciph_ctx; 1030 EVP_CIPHER_CTX ciph_ctx;
1055 const EVP_CIPHER *enc = NULL; 1031 const EVP_CIPHER *enc = NULL;
1056 unsigned char iv[EVP_MAX_IV_LENGTH]; 1032 unsigned char iv[EVP_MAX_IV_LENGTH];
1057 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1033 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1058 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 1034 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
1059 + EVP_MAX_IV_LENGTH]; 1035 + EVP_MAX_IV_LENGTH];
1060 int padl, outl = sizeof(epms); 1036 int padl, outl = sizeof(epms);
1061 1037
1062 EVP_CIPHER_CTX_init(&ciph_ctx); 1038 EVP_CIPHER_CTX_init(&ciph_ctx);
1063 1039
1064#ifdef KSSL_DEBUG 1040#ifdef KSSL_DEBUG
1065 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 1041 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
1066 alg_k, SSL_kKRB5); 1042 alg_k, SSL_kKRB5);
1067#endif /* KSSL_DEBUG */ 1043#endif /* KSSL_DEBUG */
1068 1044
1069 authp = NULL; 1045 authp = NULL;
1070#ifdef KRB5SENDAUTH 1046#ifdef KRB5SENDAUTH
1071 if (KRB5SENDAUTH) authp = &authenticator; 1047 if (KRB5SENDAUTH)
1048 authp = &authenticator;
1072#endif /* KRB5SENDAUTH */ 1049#endif /* KRB5SENDAUTH */
1073 1050
1074 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, 1051 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
1075 &kssl_err); 1052 &kssl_err);
1076 enc = kssl_map_enc(kssl_ctx->enctype); 1053 enc = kssl_map_enc(kssl_ctx->enctype);
1077 if (enc == NULL) 1054 if (enc == NULL)
1078 goto err; 1055 goto err;
1079#ifdef KSSL_DEBUG 1056#ifdef KSSL_DEBUG
1080 { 1057 {
1081 printf("kssl_cget_tkt rtn %d\n", krb5rc); 1058 printf("kssl_cget_tkt rtn %d\n", krb5rc);
1082 if (krb5rc && kssl_err.text) 1059 if (krb5rc && kssl_err.text)
1083 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); 1060 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
1084 } 1061 }
1085#endif /* KSSL_DEBUG */ 1062#endif /* KSSL_DEBUG */
1086 1063
1087 if (krb5rc) 1064 if (krb5rc) {
1088 { 1065 ssl3_send_alert(s, SSL3_AL_FATAL,
1089 ssl3_send_alert(s,SSL3_AL_FATAL, 1066 SSL_AD_HANDSHAKE_FAILURE);
1090 SSL_AD_HANDSHAKE_FAILURE); 1067 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1091 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1068 kssl_err.reason);
1092 kssl_err.reason); 1069 goto err;
1093 goto err; 1070 }
1094 }
1095 1071
1096 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ 1072 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
1097 ** in place of RFC 2712 KerberosWrapper, as in: 1073 ** in place of RFC 2712 KerberosWrapper, as in:
@@ -1113,31 +1089,28 @@ int dtls1_send_client_key_exchange(SSL *s)
1113 */ 1089 */
1114 1090
1115 /* KerberosWrapper.Ticket */ 1091 /* KerberosWrapper.Ticket */
1116 s2n(enc_ticket->length,p); 1092 s2n(enc_ticket->length, p);
1117 memcpy(p, enc_ticket->data, enc_ticket->length); 1093 memcpy(p, enc_ticket->data, enc_ticket->length);
1118 p+= enc_ticket->length; 1094 p += enc_ticket->length;
1119 n = enc_ticket->length + 2; 1095 n = enc_ticket->length + 2;
1120 1096
1121 /* KerberosWrapper.Authenticator */ 1097 /* KerberosWrapper.Authenticator */
1122 if (authp && authp->length) 1098 if (authp && authp->length) {
1123 { 1099 s2n(authp->length, p);
1124 s2n(authp->length,p);
1125 memcpy(p, authp->data, authp->length); 1100 memcpy(p, authp->data, authp->length);
1126 p+= authp->length; 1101 p += authp->length;
1127 n+= authp->length + 2; 1102 n += authp->length + 2;
1128 1103
1129 free(authp->data); 1104 free(authp->data);
1130 authp->data = NULL; 1105 authp->data = NULL;
1131 authp->length = 0; 1106 authp->length = 0;
1132 } 1107 } else {
1133 else 1108 s2n(0, p);/* null authenticator length */
1134 { 1109 n += 2;
1135 s2n(0,p);/* null authenticator length */ 1110 }
1136 n+=2; 1111
1137 } 1112 if (RAND_bytes(tmp_buf, sizeof tmp_buf) <= 0)
1138 1113 goto err;
1139 if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
1140 goto err;
1141 1114
1142 /* 20010420 VRS. Tried it this way; failed. 1115 /* 20010420 VRS. Tried it this way; failed.
1143 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); 1116 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
@@ -1146,94 +1119,88 @@ int dtls1_send_client_key_exchange(SSL *s)
1146 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); 1119 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
1147 */ 1120 */
1148 1121
1149 memset(iv, 0, sizeof iv); /* per RFC 1510 */ 1122 memset(iv, 0, sizeof iv);
1150 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, 1123 /* per RFC 1510 */
1151 kssl_ctx->key,iv); 1124 EVP_EncryptInit_ex(&ciph_ctx, enc, NULL,
1152 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, 1125 kssl_ctx->key, iv);
1153 sizeof tmp_buf); 1126 EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
1154 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 1127 sizeof tmp_buf);
1128 EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
1155 outl += padl; 1129 outl += padl;
1156 if (outl > (int)sizeof epms) 1130 if (outl > (int)sizeof epms) {
1157 {
1158 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1131 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1159 goto err; 1132 goto err;
1160 } 1133 }
1161 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 1134 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
1162 1135
1163 /* KerberosWrapper.EncryptedPreMasterSecret */ 1136 /* KerberosWrapper.EncryptedPreMasterSecret */
1164 s2n(outl,p); 1137 s2n(outl, p);
1165 memcpy(p, epms, outl); 1138 memcpy(p, epms, outl);
1166 p+=outl; 1139 p += outl;
1167 n+=outl + 2; 1140 n += outl + 2;
1168 1141
1169 s->session->master_key_length= 1142 s->session->master_key_length =
1170 s->method->ssl3_enc->generate_master_secret(s, 1143 s->method->ssl3_enc->generate_master_secret(s,
1171 s->session->master_key, 1144 s->session->master_key,
1172 tmp_buf, sizeof tmp_buf); 1145 tmp_buf, sizeof tmp_buf);
1173 1146
1174 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 1147 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1175 OPENSSL_cleanse(epms, outl); 1148 OPENSSL_cleanse(epms, outl);
1176 } 1149 }
1177#endif 1150#endif
1178#ifndef OPENSSL_NO_DH 1151#ifndef OPENSSL_NO_DH
1179 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1152 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
1180 { 1153 DH *dh_srvr, *dh_clnt;
1181 DH *dh_srvr,*dh_clnt;
1182 1154
1183 if (s->session->sess_cert->peer_dh_tmp != NULL) 1155 if (s->session->sess_cert->peer_dh_tmp != NULL)
1184 dh_srvr=s->session->sess_cert->peer_dh_tmp; 1156 dh_srvr = s->session->sess_cert->peer_dh_tmp;
1185 else 1157 else {
1186 {
1187 /* we get them from the cert */ 1158 /* we get them from the cert */
1188 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1159 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1189 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 1160 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1190 goto err; 1161 goto err;
1191 } 1162 }
1192 1163
1193 /* generate a new random key */ 1164 /* generate a new random key */
1194 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) 1165 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
1195 { 1166 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1196 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1197 goto err; 1167 goto err;
1198 } 1168 }
1199 if (!DH_generate_key(dh_clnt)) 1169 if (!DH_generate_key(dh_clnt)) {
1200 { 1170 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1201 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1202 goto err; 1171 goto err;
1203 } 1172 }
1204 1173
1205 /* use the 'p' output buffer for the DH key, but 1174 /* use the 'p' output buffer for the DH key, but
1206 * make sure to clear it out afterwards */ 1175 * make sure to clear it out afterwards */
1207 1176
1208 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); 1177 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
1209 1178
1210 if (n <= 0) 1179 if (n <= 0) {
1211 { 1180 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1212 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1213 goto err; 1181 goto err;
1214 } 1182 }
1215 1183
1216 /* generate master key from the result */ 1184 /* generate master key from the result */
1217 s->session->master_key_length= 1185 s->session->master_key_length =
1218 s->method->ssl3_enc->generate_master_secret(s, 1186 s->method->ssl3_enc->generate_master_secret(s,
1219 s->session->master_key,p,n); 1187 s->session->master_key, p, n);
1220 /* clean up */ 1188 /* clean up */
1221 memset(p,0,n); 1189 memset(p, 0, n);
1222 1190
1223 /* send off the data */ 1191 /* send off the data */
1224 n=BN_num_bytes(dh_clnt->pub_key); 1192 n = BN_num_bytes(dh_clnt->pub_key);
1225 s2n(n,p); 1193 s2n(n, p);
1226 BN_bn2bin(dh_clnt->pub_key,p); 1194 BN_bn2bin(dh_clnt->pub_key, p);
1227 n+=2; 1195 n += 2;
1228 1196
1229 DH_free(dh_clnt); 1197 DH_free(dh_clnt);
1230 1198
1231 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1199 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1232 } 1200 }
1233#endif 1201#endif
1234#ifndef OPENSSL_NO_ECDH 1202#ifndef OPENSSL_NO_ECDH
1235 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) 1203 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
1236 {
1237 const EC_GROUP *srvr_group = NULL; 1204 const EC_GROUP *srvr_group = NULL;
1238 EC_KEY *tkey; 1205 EC_KEY *tkey;
1239 int ecdh_clnt_cert = 0; 1206 int ecdh_clnt_cert = 0;
@@ -1244,8 +1211,7 @@ int dtls1_send_client_key_exchange(SSL *s)
1244 * computation as part of client certificate? 1211 * computation as part of client certificate?
1245 * If so, set ecdh_clnt_cert to 1. 1212 * If so, set ecdh_clnt_cert to 1.
1246 */ 1213 */
1247 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) 1214 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) {
1248 {
1249 /* XXX: For now, we do not support client 1215 /* XXX: For now, we do not support client
1250 * authentication using ECDH certificates. 1216 * authentication using ECDH certificates.
1251 * To add such support, one needs to add 1217 * To add such support, one needs to add
@@ -1265,52 +1231,44 @@ int dtls1_send_client_key_exchange(SSL *s)
1265 * EVP_PKEY_EC) && ...) 1231 * EVP_PKEY_EC) && ...)
1266 * ecdh_clnt_cert = 1; 1232 * ecdh_clnt_cert = 1;
1267 */ 1233 */
1268 } 1234 }
1269 1235
1270 if (s->session->sess_cert->peer_ecdh_tmp != NULL) 1236 if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
1271 {
1272 tkey = s->session->sess_cert->peer_ecdh_tmp; 1237 tkey = s->session->sess_cert->peer_ecdh_tmp;
1273 } 1238 } else {
1274 else
1275 {
1276 /* Get the Server Public Key from Cert */ 1239 /* Get the Server Public Key from Cert */
1277 srvr_pub_pkey = X509_get_pubkey(s->session-> \ 1240 srvr_pub_pkey = X509_get_pubkey(s->session-> \
1278 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1241 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1279 if ((srvr_pub_pkey == NULL) || 1242 if ((srvr_pub_pkey == NULL) ||
1280 (srvr_pub_pkey->type != EVP_PKEY_EC) || 1243 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
1281 (srvr_pub_pkey->pkey.ec == NULL)) 1244 (srvr_pub_pkey->pkey.ec == NULL)) {
1282 {
1283 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1245 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1284 ERR_R_INTERNAL_ERROR); 1246 ERR_R_INTERNAL_ERROR);
1285 goto err; 1247 goto err;
1286 } 1248 }
1287 1249
1288 tkey = srvr_pub_pkey->pkey.ec; 1250 tkey = srvr_pub_pkey->pkey.ec;
1289 } 1251 }
1290 1252
1291 srvr_group = EC_KEY_get0_group(tkey); 1253 srvr_group = EC_KEY_get0_group(tkey);
1292 srvr_ecpoint = EC_KEY_get0_public_key(tkey); 1254 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
1293 1255
1294 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) 1256 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
1295 {
1296 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1257 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1297 ERR_R_INTERNAL_ERROR); 1258 ERR_R_INTERNAL_ERROR);
1298 goto err; 1259 goto err;
1299 } 1260 }
1300 1261
1301 if ((clnt_ecdh=EC_KEY_new()) == NULL) 1262 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
1302 { 1263 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1303 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1304 goto err; 1264 goto err;
1305 } 1265 }
1306 1266
1307 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) 1267 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
1308 { 1268 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
1309 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1310 goto err; 1269 goto err;
1311 } 1270 }
1312 if (ecdh_clnt_cert) 1271 if (ecdh_clnt_cert) {
1313 {
1314 /* Reuse key info from our certificate 1272 /* Reuse key info from our certificate
1315 * We only need our private key to perform 1273 * We only need our private key to perform
1316 * the ECDH computation. 1274 * the ECDH computation.
@@ -1318,401 +1276,366 @@ int dtls1_send_client_key_exchange(SSL *s)
1318 const BIGNUM *priv_key; 1276 const BIGNUM *priv_key;
1319 tkey = s->cert->key->privatekey->pkey.ec; 1277 tkey = s->cert->key->privatekey->pkey.ec;
1320 priv_key = EC_KEY_get0_private_key(tkey); 1278 priv_key = EC_KEY_get0_private_key(tkey);
1321 if (priv_key == NULL) 1279 if (priv_key == NULL) {
1322 { 1280 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1323 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1324 goto err; 1281 goto err;
1325 } 1282 }
1326 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) 1283 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
1327 { 1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
1328 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1329 goto err; 1285 goto err;
1330 }
1331 } 1286 }
1332 else 1287 } else {
1333 {
1334 /* Generate a new ECDH key pair */ 1288 /* Generate a new ECDH key pair */
1335 if (!(EC_KEY_generate_key(clnt_ecdh))) 1289 if (!(EC_KEY_generate_key(clnt_ecdh))) {
1336 {
1337 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 1290 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1338 goto err; 1291 goto err;
1339 }
1340 } 1292 }
1293 }
1341 1294
1342 /* use the 'p' output buffer for the ECDH key, but 1295 /* use the 'p' output buffer for the ECDH key, but
1343 * make sure to clear it out afterwards 1296 * make sure to clear it out afterwards
1344 */ 1297 */
1345 1298
1346 field_size = EC_GROUP_get_degree(srvr_group); 1299 field_size = EC_GROUP_get_degree(srvr_group);
1347 if (field_size <= 0) 1300 if (field_size <= 0) {
1348 { 1301 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1349 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1302 ERR_R_ECDH_LIB);
1350 ERR_R_ECDH_LIB);
1351 goto err; 1303 goto err;
1352 } 1304 }
1353 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); 1305 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL);
1354 if (n <= 0) 1306 if (n <= 0) {
1355 { 1307 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1356 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1308 ERR_R_ECDH_LIB);
1357 ERR_R_ECDH_LIB);
1358 goto err; 1309 goto err;
1359 } 1310 }
1360 1311
1361 /* generate master key from the result */ 1312 /* generate master key from the result */
1362 s->session->master_key_length = s->method->ssl3_enc \ 1313 s->session->master_key_length = s->method->ssl3_enc \
1363 -> generate_master_secret(s, 1314 -> generate_master_secret(s,
1364 s->session->master_key, 1315 s->session->master_key,
1365 p, n); 1316 p, n);
1366 1317
1367 memset(p, 0, n); /* clean up */ 1318 memset(p, 0, n); /* clean up */
1368 1319
1369 if (ecdh_clnt_cert) 1320 if (ecdh_clnt_cert) {
1370 {
1371 /* Send empty client key exch message */ 1321 /* Send empty client key exch message */
1372 n = 0; 1322 n = 0;
1373 } 1323 } else {
1374 else
1375 {
1376 /* First check the size of encoding and 1324 /* First check the size of encoding and
1377 * allocate memory accordingly. 1325 * allocate memory accordingly.
1378 */ 1326 */
1379 encoded_pt_len = 1327 encoded_pt_len =
1380 EC_POINT_point2oct(srvr_group, 1328 EC_POINT_point2oct(srvr_group,
1381 EC_KEY_get0_public_key(clnt_ecdh), 1329 EC_KEY_get0_public_key(clnt_ecdh),
1382 POINT_CONVERSION_UNCOMPRESSED, 1330 POINT_CONVERSION_UNCOMPRESSED,
1383 NULL, 0, NULL); 1331 NULL, 0, NULL);
1384 1332
1385 encodedPoint = (unsigned char *) 1333 encodedPoint = (unsigned char *)
1386 OPENSSL_malloc(encoded_pt_len * 1334 OPENSSL_malloc(encoded_pt_len *
1387 sizeof(unsigned char)); 1335 sizeof(unsigned char));
1336
1388 bn_ctx = BN_CTX_new(); 1337 bn_ctx = BN_CTX_new();
1389 if ((encodedPoint == NULL) || 1338 if ((encodedPoint == NULL) ||
1390 (bn_ctx == NULL)) 1339 (bn_ctx == NULL)) {
1391 { 1340 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1392 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1393 goto err; 1341 goto err;
1394 } 1342 }
1395 1343
1396 /* Encode the public key */ 1344 /* Encode the public key */
1397 n = EC_POINT_point2oct(srvr_group, 1345 n = EC_POINT_point2oct(srvr_group,
1398 EC_KEY_get0_public_key(clnt_ecdh), 1346 EC_KEY_get0_public_key(clnt_ecdh),
1399 POINT_CONVERSION_UNCOMPRESSED, 1347 POINT_CONVERSION_UNCOMPRESSED,
1400 encodedPoint, encoded_pt_len, bn_ctx); 1348 encodedPoint, encoded_pt_len, bn_ctx);
1401 1349
1402 *p = n; /* length of encoded point */ 1350 *p = n; /* length of encoded point */
1403 /* Encoded point will be copied here */ 1351 /* Encoded point will be copied here */
1404 p += 1; 1352 p += 1;
1353
1405 /* copy the point */ 1354 /* copy the point */
1406 memcpy((unsigned char *)p, encodedPoint, n); 1355 memcpy((unsigned char *)p, encodedPoint, n);
1407 /* increment n to account for length field */ 1356 /* increment n to account for length field */
1408 n += 1; 1357 n += 1;
1409 } 1358
1359 }
1410 1360
1411 /* Free allocated memory */ 1361 /* Free allocated memory */
1412 BN_CTX_free(bn_ctx); 1362 BN_CTX_free(bn_ctx);
1413 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 1363 if (encodedPoint != NULL)
1414 if (clnt_ecdh != NULL) 1364 OPENSSL_free(encodedPoint);
1415 EC_KEY_free(clnt_ecdh); 1365 if (clnt_ecdh != NULL)
1366 EC_KEY_free(clnt_ecdh);
1416 EVP_PKEY_free(srvr_pub_pkey); 1367 EVP_PKEY_free(srvr_pub_pkey);
1417 } 1368 }
1418#endif /* !OPENSSL_NO_ECDH */ 1369#endif /* !OPENSSL_NO_ECDH */
1419 1370
1420#ifndef OPENSSL_NO_PSK 1371#ifndef OPENSSL_NO_PSK
1421 else if (alg_k & SSL_kPSK) 1372 else if (alg_k & SSL_kPSK) {
1422 {
1423 char identity[PSK_MAX_IDENTITY_LEN]; 1373 char identity[PSK_MAX_IDENTITY_LEN];
1424 unsigned char *t = NULL; 1374 unsigned char *t = NULL;
1425 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; 1375 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2 + 4];
1426 unsigned int pre_ms_len = 0, psk_len = 0; 1376 unsigned int pre_ms_len = 0, psk_len = 0;
1427 int psk_err = 1; 1377 int psk_err = 1;
1428 1378
1429 n = 0; 1379 n = 0;
1430 if (s->psk_client_callback == NULL) 1380 if (s->psk_client_callback == NULL) {
1431 {
1432 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1381 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1433 SSL_R_PSK_NO_CLIENT_CB); 1382 SSL_R_PSK_NO_CLIENT_CB);
1434 goto err; 1383 goto err;
1435 } 1384 }
1436 1385
1437 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, 1386 psk_len = s->psk_client_callback(s,
1438 identity, PSK_MAX_IDENTITY_LEN, 1387 s->ctx->psk_identity_hint, identity,
1439 psk_or_pre_ms, sizeof(psk_or_pre_ms)); 1388 PSK_MAX_IDENTITY_LEN, psk_or_pre_ms,
1440 if (psk_len > PSK_MAX_PSK_LEN) 1389 sizeof(psk_or_pre_ms));
1441 { 1390 if (psk_len > PSK_MAX_PSK_LEN) {
1442 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1391 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1443 ERR_R_INTERNAL_ERROR); 1392 ERR_R_INTERNAL_ERROR);
1444 goto psk_err; 1393 goto psk_err;
1445 } 1394 } else if (psk_len == 0) {
1446 else if (psk_len == 0)
1447 {
1448 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1395 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1449 SSL_R_PSK_IDENTITY_NOT_FOUND); 1396 SSL_R_PSK_IDENTITY_NOT_FOUND);
1450 goto psk_err; 1397 goto psk_err;
1451 } 1398 }
1452 1399
1453 /* create PSK pre_master_secret */ 1400 /* create PSK pre_master_secret */
1454 pre_ms_len = 2+psk_len+2+psk_len; 1401 pre_ms_len = 2 + psk_len + 2 + psk_len;
1455 t = psk_or_pre_ms; 1402 t = psk_or_pre_ms;
1456 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len); 1403 memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
1457 s2n(psk_len, t); 1404 s2n(psk_len, t);
1458 memset(t, 0, psk_len); 1405 memset(t, 0, psk_len);
1459 t+=psk_len; 1406 t += psk_len;
1460 s2n(psk_len, t); 1407 s2n(psk_len, t);
1461 1408
1462 if (s->session->psk_identity_hint != NULL) 1409 if (s->session->psk_identity_hint != NULL)
1463 OPENSSL_free(s->session->psk_identity_hint); 1410 OPENSSL_free(s->session->psk_identity_hint);
1464 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 1411 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
1465 if (s->ctx->psk_identity_hint != NULL && 1412 if (s->ctx->psk_identity_hint != NULL &&
1466 s->session->psk_identity_hint == NULL) 1413 s->session->psk_identity_hint == NULL) {
1467 {
1468 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1414 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1469 ERR_R_MALLOC_FAILURE); 1415 ERR_R_MALLOC_FAILURE);
1470 goto psk_err; 1416 goto psk_err;
1471 } 1417 }
1472 1418
1473 if (s->session->psk_identity != NULL) 1419 if (s->session->psk_identity != NULL)
1474 OPENSSL_free(s->session->psk_identity); 1420 OPENSSL_free(s->session->psk_identity);
1475 s->session->psk_identity = BUF_strdup(identity); 1421 s->session->psk_identity = BUF_strdup(identity);
1476 if (s->session->psk_identity == NULL) 1422 if (s->session->psk_identity == NULL) {
1477 {
1478 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1423 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1479 ERR_R_MALLOC_FAILURE); 1424 ERR_R_MALLOC_FAILURE);
1480 goto psk_err; 1425 goto psk_err;
1481 } 1426 }
1482 1427
1483 s->session->master_key_length = 1428 s->session->master_key_length =
1484 s->method->ssl3_enc->generate_master_secret(s, 1429 s->method->ssl3_enc->generate_master_secret(s,
1485 s->session->master_key, 1430 s->session->master_key,
1486 psk_or_pre_ms, pre_ms_len); 1431 psk_or_pre_ms, pre_ms_len);
1432
1487 n = strlen(identity); 1433 n = strlen(identity);
1488 s2n(n, p); 1434 s2n(n, p);
1489 memcpy(p, identity, n); 1435 memcpy(p, identity, n);
1490 n+=2; 1436 n += 2;
1491 psk_err = 0; 1437 psk_err = 0;
1492 psk_err: 1438psk_err:
1493 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); 1439 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
1494 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); 1440 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
1495 if (psk_err != 0) 1441 if (psk_err != 0) {
1496 {
1497 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1442 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1498 goto err; 1443 goto err;
1499 }
1500 } 1444 }
1445 }
1501#endif 1446#endif
1502 else 1447 else {
1503 { 1448 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1504 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1449 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1505 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1506 goto err; 1450 goto err;
1507 } 1451 }
1508 1452
1509 d = dtls1_set_message_header(s, d, 1453 d = dtls1_set_message_header(s, d,
1510 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n); 1454 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
1511 /* 1455 /*
1512 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; 1456 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1513 l2n3(n,d); 1457 l2n3(n,d);
1514 l2n(s->d1->handshake_write_seq,d); 1458 l2n(s->d1->handshake_write_seq,d);
1515 s->d1->handshake_write_seq++; 1459 s->d1->handshake_write_seq++;
1516 */ 1460 */
1517 1461
1518 s->state=SSL3_ST_CW_KEY_EXCH_B; 1462 s->state = SSL3_ST_CW_KEY_EXCH_B;
1519 /* number of bytes to write */ 1463 /* number of bytes to write */
1520 s->init_num=n+DTLS1_HM_HEADER_LENGTH; 1464 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1521 s->init_off=0; 1465 s->init_off = 0;
1522 1466
1523 /* buffer the message to handle re-xmits */ 1467 /* buffer the message to handle re-xmits */
1524 dtls1_buffer_message(s, 0); 1468 dtls1_buffer_message(s, 0);
1525 } 1469 }
1526 1470
1527 /* SSL3_ST_CW_KEY_EXCH_B */ 1471 /* SSL3_ST_CW_KEY_EXCH_B */
1528 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1472 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1529err: 1473err:
1530#ifndef OPENSSL_NO_ECDH 1474#ifndef OPENSSL_NO_ECDH
1531 BN_CTX_free(bn_ctx); 1475 BN_CTX_free(bn_ctx);
1532 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 1476 if (encodedPoint != NULL)
1533 if (clnt_ecdh != NULL) 1477 OPENSSL_free(encodedPoint);
1478 if (clnt_ecdh != NULL)
1534 EC_KEY_free(clnt_ecdh); 1479 EC_KEY_free(clnt_ecdh);
1535 EVP_PKEY_free(srvr_pub_pkey); 1480 EVP_PKEY_free(srvr_pub_pkey);
1536#endif 1481#endif
1537 return(-1); 1482 return (-1);
1538 } 1483}
1539 1484
1540int dtls1_send_client_verify(SSL *s) 1485int
1541 { 1486dtls1_send_client_verify(SSL *s)
1542 unsigned char *p,*d; 1487{
1543 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 1488 unsigned char *p, *d;
1489 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1544 EVP_PKEY *pkey; 1490 EVP_PKEY *pkey;
1545#ifndef OPENSSL_NO_RSA 1491#ifndef OPENSSL_NO_RSA
1546 unsigned u=0; 1492 unsigned u = 0;
1547#endif 1493#endif
1548 unsigned long n; 1494 unsigned long n;
1549#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) 1495#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1550 int j; 1496 int j;
1551#endif 1497#endif
1552 1498
1553 if (s->state == SSL3_ST_CW_CERT_VRFY_A) 1499 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
1554 { 1500 d = (unsigned char *)s->init_buf->data;
1555 d=(unsigned char *)s->init_buf->data; 1501 p = &(d[DTLS1_HM_HEADER_LENGTH]);
1556 p= &(d[DTLS1_HM_HEADER_LENGTH]); 1502 pkey = s->cert->key->privatekey;
1557 pkey=s->cert->key->privatekey;
1558 1503
1559 s->method->ssl3_enc->cert_verify_mac(s, 1504 s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
1560 NID_sha1, 1505 &(data[MD5_DIGEST_LENGTH]));
1561 &(data[MD5_DIGEST_LENGTH]));
1562 1506
1563#ifndef OPENSSL_NO_RSA 1507#ifndef OPENSSL_NO_RSA
1564 if (pkey->type == EVP_PKEY_RSA) 1508 if (pkey->type == EVP_PKEY_RSA) {
1565 {
1566 s->method->ssl3_enc->cert_verify_mac(s, 1509 s->method->ssl3_enc->cert_verify_mac(s,
1567 NID_md5, 1510 NID_md5, &(data[0]));
1568 &(data[0]));
1569 if (RSA_sign(NID_md5_sha1, data, 1511 if (RSA_sign(NID_md5_sha1, data,
1570 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 1512 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
1571 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 1513 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
1572 { 1514 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
1573 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
1574 goto err; 1515 goto err;
1575 }
1576 s2n(u,p);
1577 n=u+2;
1578 } 1516 }
1579 else 1517 s2n(u, p);
1518 n = u + 2;
1519 } else
1580#endif 1520#endif
1581#ifndef OPENSSL_NO_DSA 1521#ifndef OPENSSL_NO_DSA
1582 if (pkey->type == EVP_PKEY_DSA) 1522 if (pkey->type == EVP_PKEY_DSA) {
1583 {
1584 if (!DSA_sign(pkey->save_type, 1523 if (!DSA_sign(pkey->save_type,
1585 &(data[MD5_DIGEST_LENGTH]), 1524 &(data[MD5_DIGEST_LENGTH]),
1586 SHA_DIGEST_LENGTH,&(p[2]), 1525 SHA_DIGEST_LENGTH, &(p[2]),
1587 (unsigned int *)&j,pkey->pkey.dsa)) 1526 (unsigned int *)&j, pkey->pkey.dsa)) {
1588 { 1527 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
1589 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
1590 goto err; 1528 goto err;
1591 }
1592 s2n(j,p);
1593 n=j+2;
1594 } 1529 }
1595 else 1530 s2n(j, p);
1531 n = j + 2;
1532 } else
1596#endif 1533#endif
1597#ifndef OPENSSL_NO_ECDSA 1534#ifndef OPENSSL_NO_ECDSA
1598 if (pkey->type == EVP_PKEY_EC) 1535 if (pkey->type == EVP_PKEY_EC) {
1599 {
1600 if (!ECDSA_sign(pkey->save_type, 1536 if (!ECDSA_sign(pkey->save_type,
1601 &(data[MD5_DIGEST_LENGTH]), 1537 &(data[MD5_DIGEST_LENGTH]),
1602 SHA_DIGEST_LENGTH,&(p[2]), 1538 SHA_DIGEST_LENGTH, &(p[2]),
1603 (unsigned int *)&j,pkey->pkey.ec)) 1539 (unsigned int *)&j, pkey->pkey.ec)) {
1604 {
1605 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, 1540 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1606 ERR_R_ECDSA_LIB); 1541 ERR_R_ECDSA_LIB);
1607 goto err; 1542 goto err;
1608 }
1609 s2n(j,p);
1610 n=j+2;
1611 } 1543 }
1612 else 1544 s2n(j, p);
1545 n = j + 2;
1546 } else
1613#endif 1547#endif
1614 { 1548 {
1615 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); 1549 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
1616 goto err; 1550 goto err;
1617 } 1551 }
1618 1552
1619 d = dtls1_set_message_header(s, d, 1553 d = dtls1_set_message_header(s, d,
1620 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ; 1554 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
1621 1555
1622 s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH; 1556 s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
1623 s->init_off=0; 1557 s->init_off = 0;
1624 1558
1625 /* buffer the message to handle re-xmits */ 1559 /* buffer the message to handle re-xmits */
1626 dtls1_buffer_message(s, 0); 1560 dtls1_buffer_message(s, 0);
1627 1561
1628 s->state = SSL3_ST_CW_CERT_VRFY_B; 1562 s->state = SSL3_ST_CW_CERT_VRFY_B;
1629 } 1563 }
1630 1564
1631 /* s->state = SSL3_ST_CW_CERT_VRFY_B */ 1565 /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1632 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1566 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1633err: 1567err:
1634 return(-1); 1568 return (-1);
1635 } 1569}
1636 1570
1637int dtls1_send_client_certificate(SSL *s) 1571int
1638 { 1572dtls1_send_client_certificate(SSL *s)
1639 X509 *x509=NULL; 1573{
1640 EVP_PKEY *pkey=NULL; 1574 X509 *x509 = NULL;
1575 EVP_PKEY *pkey = NULL;
1641 int i; 1576 int i;
1642 unsigned long l; 1577 unsigned long l;
1643 1578
1644 if (s->state == SSL3_ST_CW_CERT_A) 1579 if (s->state == SSL3_ST_CW_CERT_A) {
1645 { 1580 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
1646 if ((s->cert == NULL) || 1581 (s->cert->key->privatekey == NULL))
1647 (s->cert->key->x509 == NULL) || 1582 s->state = SSL3_ST_CW_CERT_B;
1648 (s->cert->key->privatekey == NULL))
1649 s->state=SSL3_ST_CW_CERT_B;
1650 else 1583 else
1651 s->state=SSL3_ST_CW_CERT_C; 1584 s->state = SSL3_ST_CW_CERT_C;
1652 } 1585 }
1653 1586
1654 /* We need to get a client cert */ 1587 /* We need to get a client cert */
1655 if (s->state == SSL3_ST_CW_CERT_B) 1588 if (s->state == SSL3_ST_CW_CERT_B) {
1656 {
1657 /* If we get an error, we need to 1589 /* If we get an error, we need to
1658 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 1590 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1659 * We then get retied later */ 1591 * We then get retied later */
1660 i=0; 1592 i = 0;
1661 i = ssl_do_client_cert_cb(s, &x509, &pkey); 1593 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1662 if (i < 0) 1594 if (i < 0) {
1663 { 1595 s->rwstate = SSL_X509_LOOKUP;
1664 s->rwstate=SSL_X509_LOOKUP; 1596 return (-1);
1665 return(-1); 1597 }
1666 } 1598 s->rwstate = SSL_NOTHING;
1667 s->rwstate=SSL_NOTHING; 1599 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
1668 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) 1600 s->state = SSL3_ST_CW_CERT_B;
1669 { 1601 if (!SSL_use_certificate(s, x509) ||
1670 s->state=SSL3_ST_CW_CERT_B; 1602 !SSL_use_PrivateKey(s, pkey))
1671 if ( !SSL_use_certificate(s,x509) || 1603 i = 0;
1672 !SSL_use_PrivateKey(s,pkey)) 1604 } else if (i == 1) {
1673 i=0; 1605 i = 0;
1674 } 1606 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1675 else if (i == 1) 1607 }
1676 {
1677 i=0;
1678 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1679 }
1680 1608
1681 if (x509 != NULL) X509_free(x509); 1609 if (x509 != NULL)
1682 if (pkey != NULL) EVP_PKEY_free(pkey); 1610 X509_free(x509);
1683 if (i == 0) 1611 if (pkey != NULL)
1684 { 1612 EVP_PKEY_free(pkey);
1685 if (s->version == SSL3_VERSION) 1613 if (i == 0) {
1686 { 1614 if (s->version == SSL3_VERSION) {
1687 s->s3->tmp.cert_req=0; 1615 s->s3->tmp.cert_req = 0;
1688 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); 1616 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
1689 return(1); 1617 return (1);
1690 } 1618 } else {
1691 else 1619 s->s3->tmp.cert_req = 2;
1692 {
1693 s->s3->tmp.cert_req=2;
1694 }
1695 } 1620 }
1621 }
1696 1622
1697 /* Ok, we have a cert */ 1623 /* Ok, we have a cert */
1698 s->state=SSL3_ST_CW_CERT_C; 1624 s->state = SSL3_ST_CW_CERT_C;
1699 } 1625 }
1700 1626
1701 if (s->state == SSL3_ST_CW_CERT_C) 1627 if (s->state == SSL3_ST_CW_CERT_C) {
1702 { 1628 s->state = SSL3_ST_CW_CERT_D;
1703 s->state=SSL3_ST_CW_CERT_D; 1629 l = dtls1_output_cert_chain(s,
1704 l=dtls1_output_cert_chain(s, 1630 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
1705 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); 1631 s->init_num = (int)l;
1706 s->init_num=(int)l; 1632 s->init_off = 0;
1707 s->init_off=0;
1708 1633
1709 /* set header called by dtls1_output_cert_chain() */ 1634 /* set header called by dtls1_output_cert_chain() */
1710 1635
1711 /* buffer the message to handle re-xmits */ 1636 /* buffer the message to handle re-xmits */
1712 dtls1_buffer_message(s, 0); 1637 dtls1_buffer_message(s, 0);
1713 }
1714 /* SSL3_ST_CW_CERT_D */
1715 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1716 } 1638 }
1717 1639 /* SSL3_ST_CW_CERT_D */
1718 1640 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1641}
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index aacf8fd380..95dffe9484 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -129,47 +129,48 @@
129static const SSL_METHOD *dtls1_get_server_method(int ver); 129static const SSL_METHOD *dtls1_get_server_method(int ver);
130static int dtls1_send_hello_verify_request(SSL *s); 130static int dtls1_send_hello_verify_request(SSL *s);
131 131
132static const SSL_METHOD *dtls1_get_server_method(int ver) 132static const SSL_METHOD
133 { 133*dtls1_get_server_method(int ver)
134{
134 if (ver == DTLS1_VERSION) 135 if (ver == DTLS1_VERSION)
135 return(DTLSv1_server_method()); 136 return (DTLSv1_server_method());
136 else 137 else
137 return(NULL); 138 return (NULL);
138 } 139}
139 140
140IMPLEMENT_dtls1_meth_func(DTLSv1_server_method, 141IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
141 dtls1_accept, 142 dtls1_accept, ssl_undefined_function, dtls1_get_server_method)
142 ssl_undefined_function,
143 dtls1_get_server_method)
144 143
145int dtls1_accept(SSL *s) 144int
146 { 145dtls1_accept(SSL *s)
146{
147 BUF_MEM *buf; 147 BUF_MEM *buf;
148 unsigned long Time=(unsigned long)time(NULL); 148 unsigned long Time = (unsigned long)time(NULL);
149 void (*cb)(const SSL *ssl,int type,int val)=NULL; 149 void (*cb)(const SSL *ssl, int type, int val) = NULL;
150 unsigned long alg_k; 150 unsigned long alg_k;
151 int ret= -1; 151 int ret = -1;
152 int new_state,state,skip=0; 152 int new_state, state, skip = 0;
153 int listen; 153 int listen;
154#ifndef OPENSSL_NO_SCTP 154#ifndef OPENSSL_NO_SCTP
155 unsigned char sctpauthkey[64]; 155 unsigned char sctpauthkey[64];
156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; 156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
157#endif 157#endif
158 158
159 RAND_add(&Time,sizeof(Time),0); 159 RAND_add(&Time, sizeof(Time), 0);
160 ERR_clear_error(); 160 ERR_clear_error();
161 errno = 0; 161 errno = 0;
162 162
163 if (s->info_callback != NULL) 163 if (s->info_callback != NULL)
164 cb=s->info_callback; 164 cb = s->info_callback;
165 else if (s->ctx->info_callback != NULL) 165 else if (s->ctx->info_callback != NULL)
166 cb=s->ctx->info_callback; 166 cb = s->ctx->info_callback;
167 167
168 listen = s->d1->listen; 168 listen = s->d1->listen;
169 169
170 /* init things to blank */ 170 /* init things to blank */
171 s->in_handshake++; 171 s->in_handshake++;
172 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 172 if (!SSL_in_init(s) || SSL_in_before(s))
173 SSL_clear(s);
173 174
174 s->d1->listen = listen; 175 s->d1->listen = listen;
175#ifndef OPENSSL_NO_SCTP 176#ifndef OPENSSL_NO_SCTP
@@ -177,36 +178,33 @@ int dtls1_accept(SSL *s)
177 * mode and prevent stream identifier other 178 * mode and prevent stream identifier other
178 * than 0. Will be ignored if no SCTP is used. 179 * than 0. Will be ignored if no SCTP is used.
179 */ 180 */
180 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 181 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
182 s->in_handshake, NULL);
181#endif 183#endif
182 184
183 if (s->cert == NULL) 185 if (s->cert == NULL) {
184 { 186 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
185 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); 187 return (-1);
186 return(-1); 188 }
187 }
188 189
189#ifndef OPENSSL_NO_HEARTBEATS 190#ifndef OPENSSL_NO_HEARTBEATS
190 /* If we're awaiting a HeartbeatResponse, pretend we 191 /* If we're awaiting a HeartbeatResponse, pretend we
191 * already got and don't await it anymore, because 192 * already got and don't await it anymore, because
192 * Heartbeats don't make sense during handshakes anyway. 193 * Heartbeats don't make sense during handshakes anyway.
193 */ 194 */
194 if (s->tlsext_hb_pending) 195 if (s->tlsext_hb_pending) {
195 {
196 dtls1_stop_timer(s); 196 dtls1_stop_timer(s);
197 s->tlsext_hb_pending = 0; 197 s->tlsext_hb_pending = 0;
198 s->tlsext_hb_seq++; 198 s->tlsext_hb_seq++;
199 } 199 }
200#endif 200#endif
201 201
202 for (;;) 202 for (;;) {
203 { 203 state = s->state;
204 state=s->state;
205 204
206 switch (s->state) 205 switch (s->state) {
207 {
208 case SSL_ST_RENEGOTIATE: 206 case SSL_ST_RENEGOTIATE:
209 s->renegotiate=1; 207 s->renegotiate = 1;
210 /* s->state=SSL_ST_ACCEPT; */ 208 /* s->state=SSL_ST_ACCEPT; */
211 209
212 case SSL_ST_BEFORE: 210 case SSL_ST_BEFORE:
@@ -214,41 +212,36 @@ int dtls1_accept(SSL *s)
214 case SSL_ST_BEFORE|SSL_ST_ACCEPT: 212 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
215 case SSL_ST_OK|SSL_ST_ACCEPT: 213 case SSL_ST_OK|SSL_ST_ACCEPT:
216 214
217 s->server=1; 215 s->server = 1;
218 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 216 if (cb != NULL)
217 cb(s, SSL_CB_HANDSHAKE_START, 1);
219 218
220 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) 219 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
221 {
222 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); 220 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
223 return -1; 221 return -1;
224 } 222 }
225 s->type=SSL_ST_ACCEPT; 223 s->type = SSL_ST_ACCEPT;
226 224
227 if (s->init_buf == NULL) 225 if (s->init_buf == NULL) {
228 { 226 if ((buf = BUF_MEM_new()) == NULL) {
229 if ((buf=BUF_MEM_new()) == NULL) 227 ret = -1;
230 {
231 ret= -1;
232 goto end; 228 goto end;
233 } 229 }
234 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 230 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
235 { 231 ret = -1;
236 ret= -1;
237 goto end; 232 goto end;
238 }
239 s->init_buf=buf;
240 } 233 }
234 s->init_buf = buf;
235 }
241 236
242 if (!ssl3_setup_buffers(s)) 237 if (!ssl3_setup_buffers(s)) {
243 { 238 ret = -1;
244 ret= -1;
245 goto end; 239 goto end;
246 } 240 }
247 241
248 s->init_num=0; 242 s->init_num = 0;
249 243
250 if (s->state != SSL_ST_RENEGOTIATE) 244 if (s->state != SSL_ST_RENEGOTIATE) {
251 {
252 /* Ok, we now need to push on a buffering BIO so that 245 /* Ok, we now need to push on a buffering BIO so that
253 * the output is sent in a way that TCP likes :-) 246 * the output is sent in a way that TCP likes :-)
254 * ...but not with SCTP :-) 247 * ...but not with SCTP :-)
@@ -256,48 +249,51 @@ int dtls1_accept(SSL *s)
256#ifndef OPENSSL_NO_SCTP 249#ifndef OPENSSL_NO_SCTP
257 if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) 250 if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
258#endif 251#endif
259 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } 252 if (!ssl_init_wbio_buffer(s, 1)) {
253 ret = -1;
254 goto end;
255 }
260 256
261 ssl3_init_finished_mac(s); 257 ssl3_init_finished_mac(s);
262 s->state=SSL3_ST_SR_CLNT_HELLO_A; 258 s->state = SSL3_ST_SR_CLNT_HELLO_A;
263 s->ctx->stats.sess_accept++; 259 s->ctx->stats.sess_accept++;
264 } 260 } else {
265 else
266 {
267 /* s->state == SSL_ST_RENEGOTIATE, 261 /* s->state == SSL_ST_RENEGOTIATE,
268 * we will just send a HelloRequest */ 262 * we will just send a HelloRequest */
269 s->ctx->stats.sess_accept_renegotiate++; 263 s->ctx->stats.sess_accept_renegotiate++;
270 s->state=SSL3_ST_SW_HELLO_REQ_A; 264 s->state = SSL3_ST_SW_HELLO_REQ_A;
271 } 265 }
272 266
273 break; 267 break;
274 268
275 case SSL3_ST_SW_HELLO_REQ_A: 269 case SSL3_ST_SW_HELLO_REQ_A:
276 case SSL3_ST_SW_HELLO_REQ_B: 270 case SSL3_ST_SW_HELLO_REQ_B:
277 271
278 s->shutdown=0; 272 s->shutdown = 0;
279 dtls1_clear_record_buffer(s); 273 dtls1_clear_record_buffer(s);
280 dtls1_start_timer(s); 274 dtls1_start_timer(s);
281 ret=dtls1_send_hello_request(s); 275 ret = dtls1_send_hello_request(s);
282 if (ret <= 0) goto end; 276 if (ret <= 0)
283 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; 277 goto end;
284 s->state=SSL3_ST_SW_FLUSH; 278 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
285 s->init_num=0; 279 s->state = SSL3_ST_SW_FLUSH;
280 s->init_num = 0;
286 281
287 ssl3_init_finished_mac(s); 282 ssl3_init_finished_mac(s);
288 break; 283 break;
289 284
290 case SSL3_ST_SW_HELLO_REQ_C: 285 case SSL3_ST_SW_HELLO_REQ_C:
291 s->state=SSL_ST_OK; 286 s->state = SSL_ST_OK;
292 break; 287 break;
293 288
294 case SSL3_ST_SR_CLNT_HELLO_A: 289 case SSL3_ST_SR_CLNT_HELLO_A:
295 case SSL3_ST_SR_CLNT_HELLO_B: 290 case SSL3_ST_SR_CLNT_HELLO_B:
296 case SSL3_ST_SR_CLNT_HELLO_C: 291 case SSL3_ST_SR_CLNT_HELLO_C:
297 292
298 s->shutdown=0; 293 s->shutdown = 0;
299 ret=ssl3_get_client_hello(s); 294 ret = ssl3_get_client_hello(s);
300 if (ret <= 0) goto end; 295 if (ret <= 0)
296 goto end;
301 dtls1_stop_timer(s); 297 dtls1_stop_timer(s);
302 298
303 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) 299 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
@@ -305,17 +301,15 @@ int dtls1_accept(SSL *s)
305 else 301 else
306 s->state = SSL3_ST_SW_SRVR_HELLO_A; 302 s->state = SSL3_ST_SW_SRVR_HELLO_A;
307 303
308 s->init_num=0; 304 s->init_num = 0;
309 305
310 /* Reflect ClientHello sequence to remain stateless while listening */ 306 /* Reflect ClientHello sequence to remain stateless while listening */
311 if (listen) 307 if (listen) {
312 {
313 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); 308 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
314 } 309 }
315 310
316 /* If we're just listening, stop here */ 311 /* If we're just listening, stop here */
317 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) 312 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
318 {
319 ret = 2; 313 ret = 2;
320 s->d1->listen = 0; 314 s->d1->listen = 0;
321 /* Set expected sequence numbers 315 /* Set expected sequence numbers
@@ -325,57 +319,56 @@ int dtls1_accept(SSL *s)
325 s->d1->handshake_write_seq = 1; 319 s->d1->handshake_write_seq = 1;
326 s->d1->next_handshake_write_seq = 1; 320 s->d1->next_handshake_write_seq = 1;
327 goto end; 321 goto end;
328 } 322 }
329 323
330 break; 324 break;
331 325
332 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: 326 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
333 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: 327 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
334 328
335 ret = dtls1_send_hello_verify_request(s); 329 ret = dtls1_send_hello_verify_request(s);
336 if ( ret <= 0) goto end; 330 if (ret <= 0)
337 s->state=SSL3_ST_SW_FLUSH; 331 goto end;
338 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; 332 s->state = SSL3_ST_SW_FLUSH;
333 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
339 334
340 /* HelloVerifyRequest resets Finished MAC */ 335 /* HelloVerifyRequest resets Finished MAC */
341 if (s->version != DTLS1_BAD_VER) 336 if (s->version != DTLS1_BAD_VER)
342 ssl3_init_finished_mac(s); 337 ssl3_init_finished_mac(s);
343 break; 338 break;
344 339
345#ifndef OPENSSL_NO_SCTP 340#ifndef OPENSSL_NO_SCTP
346 case DTLS1_SCTP_ST_SR_READ_SOCK: 341 case DTLS1_SCTP_ST_SR_READ_SOCK:
347 342
348 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 343 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
349 { 344 s->s3->in_read_app_data = 2;
350 s->s3->in_read_app_data=2; 345 s->rwstate = SSL_READING;
351 s->rwstate=SSL_READING;
352 BIO_clear_retry_flags(SSL_get_rbio(s)); 346 BIO_clear_retry_flags(SSL_get_rbio(s));
353 BIO_set_retry_read(SSL_get_rbio(s)); 347 BIO_set_retry_read(SSL_get_rbio(s));
354 ret = -1; 348 ret = -1;
355 goto end; 349 goto end;
356 } 350 }
357 351
358 s->state=SSL3_ST_SR_FINISHED_A; 352 s->state = SSL3_ST_SR_FINISHED_A;
359 break; 353 break;
360 354
361 case DTLS1_SCTP_ST_SW_WRITE_SOCK: 355 case DTLS1_SCTP_ST_SW_WRITE_SOCK:
362 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); 356 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
363 if (ret < 0) goto end; 357 if (ret < 0)
364 358 goto end;
365 if (ret == 0) 359
366 { 360 if (ret == 0) {
367 if (s->d1->next_state != SSL_ST_OK) 361 if (s->d1->next_state != SSL_ST_OK) {
368 { 362 s->s3->in_read_app_data = 2;
369 s->s3->in_read_app_data=2; 363 s->rwstate = SSL_READING;
370 s->rwstate=SSL_READING;
371 BIO_clear_retry_flags(SSL_get_rbio(s)); 364 BIO_clear_retry_flags(SSL_get_rbio(s));
372 BIO_set_retry_read(SSL_get_rbio(s)); 365 BIO_set_retry_read(SSL_get_rbio(s));
373 ret = -1; 366 ret = -1;
374 goto end; 367 goto end;
375 }
376 } 368 }
369 }
377 370
378 s->state=s->d1->next_state; 371 s->state = s->d1->next_state;
379 break; 372 break;
380#endif 373#endif
381 374
@@ -383,67 +376,65 @@ int dtls1_accept(SSL *s)
383 case SSL3_ST_SW_SRVR_HELLO_B: 376 case SSL3_ST_SW_SRVR_HELLO_B:
384 s->renegotiate = 2; 377 s->renegotiate = 2;
385 dtls1_start_timer(s); 378 dtls1_start_timer(s);
386 ret=dtls1_send_server_hello(s); 379 ret = dtls1_send_server_hello(s);
387 if (ret <= 0) goto end; 380 if (ret <= 0)
381 goto end;
388 382
389 if (s->hit) 383 if (s->hit) {
390 {
391#ifndef OPENSSL_NO_SCTP 384#ifndef OPENSSL_NO_SCTP
392 /* Add new shared key for SCTP-Auth, 385 /* Add new shared key for SCTP-Auth,
393 * will be ignored if no SCTP used. 386 * will be ignored if no SCTP used.
394 */ 387 */
395 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 388 snprintf((char*)labelbuffer,
396 DTLS1_SCTP_AUTH_LABEL); 389 sizeof(DTLS1_SCTP_AUTH_LABEL),
390 DTLS1_SCTP_AUTH_LABEL);
397 391
398 SSL_export_keying_material(s, sctpauthkey, 392 SSL_export_keying_material(s, sctpauthkey,
399 sizeof(sctpauthkey), labelbuffer, 393 sizeof(sctpauthkey), labelbuffer,
400 sizeof(labelbuffer), NULL, 0, 0); 394 sizeof(labelbuffer), NULL, 0, 0);
401 395
402 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 396 BIO_ctrl(SSL_get_wbio(s),
403 sizeof(sctpauthkey), sctpauthkey); 397 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
398 sizeof(sctpauthkey), sctpauthkey);
404#endif 399#endif
405#ifndef OPENSSL_NO_TLSEXT 400#ifndef OPENSSL_NO_TLSEXT
406 if (s->tlsext_ticket_expected) 401 if (s->tlsext_ticket_expected)
407 s->state=SSL3_ST_SW_SESSION_TICKET_A; 402 s->state = SSL3_ST_SW_SESSION_TICKET_A;
408 else 403 else
409 s->state=SSL3_ST_SW_CHANGE_A; 404 s->state = SSL3_ST_SW_CHANGE_A;
410#else 405#else
411 s->state=SSL3_ST_SW_CHANGE_A; 406 s->state = SSL3_ST_SW_CHANGE_A;
412#endif 407#endif
413 } 408 } else
414 else 409 s->state = SSL3_ST_SW_CERT_A;
415 s->state=SSL3_ST_SW_CERT_A; 410 s->init_num = 0;
416 s->init_num=0;
417 break; 411 break;
418 412
419 case SSL3_ST_SW_CERT_A: 413 case SSL3_ST_SW_CERT_A:
420 case SSL3_ST_SW_CERT_B: 414 case SSL3_ST_SW_CERT_B:
421 /* Check if it is anon DH or normal PSK */ 415 /* Check if it is anon DH or normal PSK */
422 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) 416 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
423 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 417 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
424 {
425 dtls1_start_timer(s); 418 dtls1_start_timer(s);
426 ret=dtls1_send_server_certificate(s); 419 ret = dtls1_send_server_certificate(s);
427 if (ret <= 0) goto end; 420 if (ret <= 0)
421 goto end;
428#ifndef OPENSSL_NO_TLSEXT 422#ifndef OPENSSL_NO_TLSEXT
429 if (s->tlsext_status_expected) 423 if (s->tlsext_status_expected)
430 s->state=SSL3_ST_SW_CERT_STATUS_A; 424 s->state = SSL3_ST_SW_CERT_STATUS_A;
431 else 425 else
432 s->state=SSL3_ST_SW_KEY_EXCH_A; 426 s->state = SSL3_ST_SW_KEY_EXCH_A;
433 } 427 } else {
434 else
435 {
436 skip = 1; 428 skip = 1;
437 s->state=SSL3_ST_SW_KEY_EXCH_A; 429 s->state = SSL3_ST_SW_KEY_EXCH_A;
438 } 430 }
439#else 431#else
440 } 432 } else
441 else 433 skip = 1;
442 skip=1;
443 434
444 s->state=SSL3_ST_SW_KEY_EXCH_A; 435 s->state = SSL3_ST_SW_KEY_EXCH_A;
445#endif 436#endif
446 s->init_num=0; 437 s->init_num = 0;
447 break; 438 break;
448 439
449 case SSL3_ST_SW_KEY_EXCH_A: 440 case SSL3_ST_SW_KEY_EXCH_A:
@@ -454,16 +445,16 @@ int dtls1_accept(SSL *s)
454 * send_server_key_exchange */ 445 * send_server_key_exchange */
455 if ((s->options & SSL_OP_EPHEMERAL_RSA) 446 if ((s->options & SSL_OP_EPHEMERAL_RSA)
456#ifndef OPENSSL_NO_KRB5 447#ifndef OPENSSL_NO_KRB5
457 && !(alg_k & SSL_kKRB5) 448 && !(alg_k & SSL_kKRB5)
458#endif /* OPENSSL_NO_KRB5 */ 449#endif /* OPENSSL_NO_KRB5 */
459 ) 450 )
460 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key 451 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
461 * even when forbidden by protocol specs 452 * even when forbidden by protocol specs
462 * (handshake may fail as clients are not required to 453 * (handshake may fail as clients are not required to
463 * be able to handle this) */ 454 * be able to handle this) */
464 s->s3->tmp.use_rsa_tmp=1; 455 s->s3->tmp.use_rsa_tmp = 1;
465 else 456 else
466 s->s3->tmp.use_rsa_tmp=0; 457 s->s3->tmp.use_rsa_tmp = 0;
467 458
468 /* only send if a DH key exchange or 459 /* only send if a DH key exchange or
469 * RSA but we have a sign only certificate */ 460 * RSA but we have a sign only certificate */
@@ -471,119 +462,112 @@ int dtls1_accept(SSL *s)
471 /* PSK: send ServerKeyExchange if PSK identity 462 /* PSK: send ServerKeyExchange if PSK identity
472 * hint if provided */ 463 * hint if provided */
473#ifndef OPENSSL_NO_PSK 464#ifndef OPENSSL_NO_PSK
474 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) 465 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
475#endif 466#endif
476 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 467 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
477 || (alg_k & SSL_kEECDH) 468 || (alg_k & SSL_kEECDH)
478 || ((alg_k & SSL_kRSA) 469 || ((alg_k & SSL_kRSA)
479 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL 470 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
480 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) 471 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
481 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) 472 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
482 ) 473 )
483 ) 474 )
484 ) 475 )
485 ) 476 ) {
486 {
487 dtls1_start_timer(s); 477 dtls1_start_timer(s);
488 ret=dtls1_send_server_key_exchange(s); 478 ret = dtls1_send_server_key_exchange(s);
489 if (ret <= 0) goto end; 479 if (ret <= 0)
490 } 480 goto end;
491 else 481 } else
492 skip=1; 482 skip = 1;
493 483
494 s->state=SSL3_ST_SW_CERT_REQ_A; 484 s->state = SSL3_ST_SW_CERT_REQ_A;
495 s->init_num=0; 485 s->init_num = 0;
496 break; 486 break;
497 487
498 case SSL3_ST_SW_CERT_REQ_A: 488 case SSL3_ST_SW_CERT_REQ_A:
499 case SSL3_ST_SW_CERT_REQ_B: 489 case SSL3_ST_SW_CERT_REQ_B:
500 if (/* don't request cert unless asked for it: */ 490 if (/* don't request cert unless asked for it: */
501 !(s->verify_mode & SSL_VERIFY_PEER) || 491 !(s->verify_mode & SSL_VERIFY_PEER) ||
502 /* if SSL_VERIFY_CLIENT_ONCE is set, 492 /* if SSL_VERIFY_CLIENT_ONCE is set,
503 * don't request cert during re-negotiation: */ 493 * don't request cert during re-negotiation: */
504 ((s->session->peer != NULL) && 494 ((s->session->peer != NULL) &&
505 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || 495 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
506 /* never request cert in anonymous ciphersuites 496 /* never request cert in anonymous ciphersuites
507 * (see section "Certificate request" in SSL 3 drafts 497 * (see section "Certificate request" in SSL 3 drafts
508 * and in RFC 2246): */ 498 * and in RFC 2246): */
509 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 499 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
510 /* ... except when the application insists on verification 500 /* ... except when the application insists on verification
511 * (against the specs, but s3_clnt.c accepts this for SSL 3) */ 501 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
512 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || 502 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
513 /* never request cert in Kerberos ciphersuites */ 503 /* never request cert in Kerberos ciphersuites */
514 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) 504 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
515 /* With normal PSK Certificates and 505 /* With normal PSK Certificates and
516 * Certificate Requests are omitted */ 506 * Certificate Requests are omitted */
517 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 507 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
518 {
519 /* no cert request */ 508 /* no cert request */
520 skip=1; 509 skip = 1;
521 s->s3->tmp.cert_request=0; 510 s->s3->tmp.cert_request = 0;
522 s->state=SSL3_ST_SW_SRVR_DONE_A; 511 s->state = SSL3_ST_SW_SRVR_DONE_A;
523#ifndef OPENSSL_NO_SCTP 512#ifndef OPENSSL_NO_SCTP
524 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 513 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
525 {
526 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; 514 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
527 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; 515 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
528 }
529#endif
530 } 516 }
531 else 517#endif
532 { 518 } else {
533 s->s3->tmp.cert_request=1; 519 s->s3->tmp.cert_request = 1;
534 dtls1_start_timer(s); 520 dtls1_start_timer(s);
535 ret=dtls1_send_certificate_request(s); 521 ret = dtls1_send_certificate_request(s);
536 if (ret <= 0) goto end; 522 if (ret <= 0)
523 goto end;
537#ifndef NETSCAPE_HANG_BUG 524#ifndef NETSCAPE_HANG_BUG
538 s->state=SSL3_ST_SW_SRVR_DONE_A; 525 s->state = SSL3_ST_SW_SRVR_DONE_A;
539#ifndef OPENSSL_NO_SCTP 526#ifndef OPENSSL_NO_SCTP
540 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 527 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
541 {
542 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; 528 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
543 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; 529 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
544 } 530 }
545#endif 531#endif
546#else 532#else
547 s->state=SSL3_ST_SW_FLUSH; 533 s->state = SSL3_ST_SW_FLUSH;
548 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; 534 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
549#ifndef OPENSSL_NO_SCTP 535#ifndef OPENSSL_NO_SCTP
550 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 536 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
551 {
552 s->d1->next_state = s->s3->tmp.next_state; 537 s->d1->next_state = s->s3->tmp.next_state;
553 s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; 538 s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
554 } 539 }
555#endif 540#endif
556#endif 541#endif
557 s->init_num=0; 542 s->init_num = 0;
558 } 543 }
559 break; 544 break;
560 545
561 case SSL3_ST_SW_SRVR_DONE_A: 546 case SSL3_ST_SW_SRVR_DONE_A:
562 case SSL3_ST_SW_SRVR_DONE_B: 547 case SSL3_ST_SW_SRVR_DONE_B:
563 dtls1_start_timer(s); 548 dtls1_start_timer(s);
564 ret=dtls1_send_server_done(s); 549 ret = dtls1_send_server_done(s);
565 if (ret <= 0) goto end; 550 if (ret <= 0)
566 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; 551 goto end;
567 s->state=SSL3_ST_SW_FLUSH; 552 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
568 s->init_num=0; 553 s->state = SSL3_ST_SW_FLUSH;
554 s->init_num = 0;
569 break; 555 break;
570 556
571 case SSL3_ST_SW_FLUSH: 557 case SSL3_ST_SW_FLUSH:
572 s->rwstate=SSL_WRITING; 558 s->rwstate = SSL_WRITING;
573 if (BIO_flush(s->wbio) <= 0) 559 if (BIO_flush(s->wbio) <= 0) {
574 {
575 /* If the write error was fatal, stop trying */ 560 /* If the write error was fatal, stop trying */
576 if (!BIO_should_retry(s->wbio)) 561 if (!BIO_should_retry(s->wbio)) {
577 { 562 s->rwstate = SSL_NOTHING;
578 s->rwstate=SSL_NOTHING; 563 s->state = s->s3->tmp.next_state;
579 s->state=s->s3->tmp.next_state;
580 }
581
582 ret= -1;
583 goto end;
584 } 564 }
585 s->rwstate=SSL_NOTHING; 565
586 s->state=s->s3->tmp.next_state; 566 ret = -1;
567 goto end;
568 }
569 s->rwstate = SSL_NOTHING;
570 s->state = s->s3->tmp.next_state;
587 break; 571 break;
588 572
589 case SSL3_ST_SR_CERT_A: 573 case SSL3_ST_SR_CERT_A:
@@ -592,67 +576,65 @@ int dtls1_accept(SSL *s)
592 ret = ssl3_check_client_hello(s); 576 ret = ssl3_check_client_hello(s);
593 if (ret <= 0) 577 if (ret <= 0)
594 goto end; 578 goto end;
595 if (ret == 2) 579 if (ret == 2) {
596 {
597 dtls1_stop_timer(s); 580 dtls1_stop_timer(s);
598 s->state = SSL3_ST_SR_CLNT_HELLO_C; 581 s->state = SSL3_ST_SR_CLNT_HELLO_C;
599 } 582 } else {
600 else {
601 /* could be sent for a DH cert, even if we 583 /* could be sent for a DH cert, even if we
602 * have not asked for it :-) */ 584 * have not asked for it :-) */
603 ret=ssl3_get_client_certificate(s); 585 ret = ssl3_get_client_certificate(s);
604 if (ret <= 0) goto end; 586 if (ret <= 0)
605 s->init_num=0; 587 goto end;
606 s->state=SSL3_ST_SR_KEY_EXCH_A; 588 s->init_num = 0;
589 s->state = SSL3_ST_SR_KEY_EXCH_A;
607 } 590 }
608 break; 591 break;
609 592
610 case SSL3_ST_SR_KEY_EXCH_A: 593 case SSL3_ST_SR_KEY_EXCH_A:
611 case SSL3_ST_SR_KEY_EXCH_B: 594 case SSL3_ST_SR_KEY_EXCH_B:
612 ret=ssl3_get_client_key_exchange(s); 595 ret = ssl3_get_client_key_exchange(s);
613 if (ret <= 0) goto end; 596 if (ret <= 0)
597 goto end;
614#ifndef OPENSSL_NO_SCTP 598#ifndef OPENSSL_NO_SCTP
615 /* Add new shared key for SCTP-Auth, 599 /* Add new shared key for SCTP-Auth,
616 * will be ignored if no SCTP used. 600 * will be ignored if no SCTP used.
617 */ 601 */
618 snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), 602 snprintf((char *)labelbuffer,
619 DTLS1_SCTP_AUTH_LABEL); 603 sizeof(DTLS1_SCTP_AUTH_LABEL),
604 DTLS1_SCTP_AUTH_LABEL);
620 605
621 SSL_export_keying_material(s, sctpauthkey, 606 SSL_export_keying_material(s, sctpauthkey,
622 sizeof(sctpauthkey), labelbuffer, 607 sizeof(sctpauthkey), labelbuffer,
623 sizeof(labelbuffer), NULL, 0, 0); 608 sizeof(labelbuffer), NULL, 0, 0);
624 609
625 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 610 BIO_ctrl(SSL_get_wbio(s),
626 sizeof(sctpauthkey), sctpauthkey); 611 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
612 sizeof(sctpauthkey), sctpauthkey);
627#endif 613#endif
628 614
629 s->state=SSL3_ST_SR_CERT_VRFY_A; 615 s->state = SSL3_ST_SR_CERT_VRFY_A;
630 s->init_num=0; 616 s->init_num = 0;
631 617
632 if (ret == 2) 618 if (ret == 2) {
633 {
634 /* For the ECDH ciphersuites when 619 /* For the ECDH ciphersuites when
635 * the client sends its ECDH pub key in 620 * the client sends its ECDH pub key in
636 * a certificate, the CertificateVerify 621 * a certificate, the CertificateVerify
637 * message is not sent. 622 * message is not sent.
638 */ 623 */
639 s->state=SSL3_ST_SR_FINISHED_A; 624 s->state = SSL3_ST_SR_FINISHED_A;
625 s->init_num = 0;
626 } else {
627 s->state = SSL3_ST_SR_CERT_VRFY_A;
640 s->init_num = 0; 628 s->init_num = 0;
641 }
642 else
643 {
644 s->state=SSL3_ST_SR_CERT_VRFY_A;
645 s->init_num=0;
646 629
647 /* We need to get hashes here so if there is 630 /* We need to get hashes here so if there is
648 * a client cert, it can be verified */ 631 * a client cert, it can be verified */
649 s->method->ssl3_enc->cert_verify_mac(s, 632 s->method->ssl3_enc->cert_verify_mac(s,
650 NID_md5, 633 NID_md5, &(s->s3->tmp.cert_verify_md[0]));
651 &(s->s3->tmp.cert_verify_md[0]));
652 s->method->ssl3_enc->cert_verify_mac(s, 634 s->method->ssl3_enc->cert_verify_mac(s,
653 NID_sha1, 635 NID_sha1,
654 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); 636 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
655 } 637 }
656 break; 638 break;
657 639
658 case SSL3_ST_SR_CERT_VRFY_A: 640 case SSL3_ST_SR_CERT_VRFY_A:
@@ -660,51 +642,55 @@ int dtls1_accept(SSL *s)
660 642
661 s->d1->change_cipher_spec_ok = 1; 643 s->d1->change_cipher_spec_ok = 1;
662 /* we should decide if we expected this one */ 644 /* we should decide if we expected this one */
663 ret=ssl3_get_cert_verify(s); 645 ret = ssl3_get_cert_verify(s);
664 if (ret <= 0) goto end; 646 if (ret <= 0)
647 goto end;
665#ifndef OPENSSL_NO_SCTP 648#ifndef OPENSSL_NO_SCTP
666 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 649 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
667 state == SSL_ST_RENEGOTIATE) 650 state == SSL_ST_RENEGOTIATE)
668 s->state=DTLS1_SCTP_ST_SR_READ_SOCK; 651 s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
669 else 652 else
670#endif 653#endif
671 s->state=SSL3_ST_SR_FINISHED_A; 654 s->state = SSL3_ST_SR_FINISHED_A;
672 s->init_num=0; 655 s->init_num = 0;
673 break; 656 break;
674 657
675 case SSL3_ST_SR_FINISHED_A: 658 case SSL3_ST_SR_FINISHED_A:
676 case SSL3_ST_SR_FINISHED_B: 659 case SSL3_ST_SR_FINISHED_B:
677 s->d1->change_cipher_spec_ok = 1; 660 s->d1->change_cipher_spec_ok = 1;
678 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, 661 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
679 SSL3_ST_SR_FINISHED_B); 662 SSL3_ST_SR_FINISHED_B);
680 if (ret <= 0) goto end; 663 if (ret <= 0)
664 goto end;
681 dtls1_stop_timer(s); 665 dtls1_stop_timer(s);
682 if (s->hit) 666 if (s->hit)
683 s->state=SSL_ST_OK; 667 s->state = SSL_ST_OK;
684#ifndef OPENSSL_NO_TLSEXT 668#ifndef OPENSSL_NO_TLSEXT
685 else if (s->tlsext_ticket_expected) 669 else if (s->tlsext_ticket_expected)
686 s->state=SSL3_ST_SW_SESSION_TICKET_A; 670 s->state = SSL3_ST_SW_SESSION_TICKET_A;
687#endif 671#endif
688 else 672 else
689 s->state=SSL3_ST_SW_CHANGE_A; 673 s->state = SSL3_ST_SW_CHANGE_A;
690 s->init_num=0; 674 s->init_num = 0;
691 break; 675 break;
692 676
693#ifndef OPENSSL_NO_TLSEXT 677#ifndef OPENSSL_NO_TLSEXT
694 case SSL3_ST_SW_SESSION_TICKET_A: 678 case SSL3_ST_SW_SESSION_TICKET_A:
695 case SSL3_ST_SW_SESSION_TICKET_B: 679 case SSL3_ST_SW_SESSION_TICKET_B:
696 ret=dtls1_send_newsession_ticket(s); 680 ret = dtls1_send_newsession_ticket(s);
697 if (ret <= 0) goto end; 681 if (ret <= 0)
698 s->state=SSL3_ST_SW_CHANGE_A; 682 goto end;
699 s->init_num=0; 683 s->state = SSL3_ST_SW_CHANGE_A;
684 s->init_num = 0;
700 break; 685 break;
701 686
702 case SSL3_ST_SW_CERT_STATUS_A: 687 case SSL3_ST_SW_CERT_STATUS_A:
703 case SSL3_ST_SW_CERT_STATUS_B: 688 case SSL3_ST_SW_CERT_STATUS_B:
704 ret=ssl3_send_cert_status(s); 689 ret = ssl3_send_cert_status(s);
705 if (ret <= 0) goto end; 690 if (ret <= 0)
706 s->state=SSL3_ST_SW_KEY_EXCH_A; 691 goto end;
707 s->init_num=0; 692 s->state = SSL3_ST_SW_KEY_EXCH_A;
693 s->init_num = 0;
708 break; 694 break;
709 695
710#endif 696#endif
@@ -712,69 +698,69 @@ int dtls1_accept(SSL *s)
712 case SSL3_ST_SW_CHANGE_A: 698 case SSL3_ST_SW_CHANGE_A:
713 case SSL3_ST_SW_CHANGE_B: 699 case SSL3_ST_SW_CHANGE_B:
714 700
715 s->session->cipher=s->s3->tmp.new_cipher; 701 s->session->cipher = s->s3->tmp.new_cipher;
716 if (!s->method->ssl3_enc->setup_key_block(s)) 702 if (!s->method->ssl3_enc->setup_key_block(s)) {
717 { ret= -1; goto end; } 703 ret = -1;
704 goto end;
705 }
718 706
719 ret=dtls1_send_change_cipher_spec(s, 707 ret = dtls1_send_change_cipher_spec(s,
720 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); 708 SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
721 709
722 if (ret <= 0) goto end; 710 if (ret <= 0)
711 goto end;
723 712
724#ifndef OPENSSL_NO_SCTP 713#ifndef OPENSSL_NO_SCTP
725 if (!s->hit) 714 if (!s->hit) {
726 {
727 /* Change to new shared key of SCTP-Auth, 715 /* Change to new shared key of SCTP-Auth,
728 * will be ignored if no SCTP used. 716 * will be ignored if no SCTP used.
729 */ 717 */
730 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 718 BIO_ctrl(SSL_get_wbio(s),
731 } 719 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
720 }
732#endif 721#endif
733 722
734 s->state=SSL3_ST_SW_FINISHED_A; 723 s->state = SSL3_ST_SW_FINISHED_A;
735 s->init_num=0; 724 s->init_num = 0;
736 725
737 if (!s->method->ssl3_enc->change_cipher_state(s, 726 if (!s->method->ssl3_enc->change_cipher_state(s,
738 SSL3_CHANGE_CIPHER_SERVER_WRITE)) 727 SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
739 { 728 ret = -1;
740 ret= -1;
741 goto end; 729 goto end;
742 } 730 }
743 731
744 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); 732 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
745 break; 733 break;
746 734
747 case SSL3_ST_SW_FINISHED_A: 735 case SSL3_ST_SW_FINISHED_A:
748 case SSL3_ST_SW_FINISHED_B: 736 case SSL3_ST_SW_FINISHED_B:
749 ret=dtls1_send_finished(s, 737 ret = dtls1_send_finished(s,
750 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, 738 SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
751 s->method->ssl3_enc->server_finished_label, 739 s->method->ssl3_enc->server_finished_label,
752 s->method->ssl3_enc->server_finished_label_len); 740 s->method->ssl3_enc->server_finished_label_len);
753 if (ret <= 0) goto end; 741 if (ret <= 0)
754 s->state=SSL3_ST_SW_FLUSH; 742 goto end;
755 if (s->hit) 743 s->state = SSL3_ST_SW_FLUSH;
756 { 744 if (s->hit) {
757 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; 745 s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
758 746
759#ifndef OPENSSL_NO_SCTP 747#ifndef OPENSSL_NO_SCTP
760 /* Change to new shared key of SCTP-Auth, 748 /* Change to new shared key of SCTP-Auth,
761 * will be ignored if no SCTP used. 749 * will be ignored if no SCTP used.
762 */ 750 */
763 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 751 BIO_ctrl(SSL_get_wbio(s),
752 BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
764#endif 753#endif
765 } 754 } else {
766 else 755 s->s3->tmp.next_state = SSL_ST_OK;
767 {
768 s->s3->tmp.next_state=SSL_ST_OK;
769#ifndef OPENSSL_NO_SCTP 756#ifndef OPENSSL_NO_SCTP
770 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 757 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
771 {
772 s->d1->next_state = s->s3->tmp.next_state; 758 s->d1->next_state = s->s3->tmp.next_state;
773 s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; 759 s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
774 }
775#endif
776 } 760 }
777 s->init_num=0; 761#endif
762 }
763 s->init_num = 0;
778 break; 764 break;
779 765
780 case SSL_ST_OK: 766 case SSL_ST_OK:
@@ -783,28 +769,29 @@ int dtls1_accept(SSL *s)
783 769
784#if 0 770#if 0
785 BUF_MEM_free(s->init_buf); 771 BUF_MEM_free(s->init_buf);
786 s->init_buf=NULL; 772 s->init_buf = NULL;
787#endif 773#endif
788 774
789 /* remove buffering on output */ 775 /* remove buffering on output */
790 ssl_free_wbio_buffer(s); 776 ssl_free_wbio_buffer(s);
791 777
792 s->init_num=0; 778 s->init_num = 0;
793 779
794 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ 780 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
795 { 781 {
796 s->renegotiate=0; 782 s->renegotiate = 0;
797 s->new_session=0; 783 s->new_session = 0;
798 784
799 ssl_update_cache(s,SSL_SESS_CACHE_SERVER); 785 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
800 786
801 s->ctx->stats.sess_accept_good++; 787 s->ctx->stats.sess_accept_good++;
802 /* s->server=1; */ 788 /* s->server=1; */
803 s->handshake_func=dtls1_accept; 789 s->handshake_func = dtls1_accept;
790
791 if (cb != NULL)
792 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
793 }
804 794
805 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
806 }
807
808 ret = 1; 795 ret = 1;
809 796
810 /* done handshaking, next message is client hello */ 797 /* done handshaking, next message is client hello */
@@ -816,77 +803,74 @@ int dtls1_accept(SSL *s)
816 /* break; */ 803 /* break; */
817 804
818 default: 805 default:
819 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE); 806 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
820 ret= -1; 807 ret = -1;
821 goto end; 808 goto end;
822 /* break; */ 809 /* break; */
823 } 810 }
824
825 if (!s->s3->tmp.reuse_message && !skip)
826 {
827 if (s->debug)
828 {
829 if ((ret=BIO_flush(s->wbio)) <= 0)
830 goto end;
831 }
832 811
812 if (!s->s3->tmp.reuse_message && !skip) {
813 if (s->debug) {
814 if ((ret = BIO_flush(s->wbio)) <= 0)
815 goto end;
816 }
833 817
834 if ((cb != NULL) && (s->state != state)) 818 if ((cb != NULL) && (s->state != state)) {
835 { 819 new_state = s->state;
836 new_state=s->state; 820 s->state = state;
837 s->state=state; 821 cb(s, SSL_CB_ACCEPT_LOOP, 1);
838 cb(s,SSL_CB_ACCEPT_LOOP,1); 822 s->state = new_state;
839 s->state=new_state;
840 }
841 } 823 }
842 skip=0;
843 } 824 }
825 skip = 0;
826 }
844end: 827end:
845 /* BIO_flush(s->wbio); */ 828 /* BIO_flush(s->wbio); */
846 829
847 s->in_handshake--; 830 s->in_handshake--;
848#ifndef OPENSSL_NO_SCTP 831#ifndef OPENSSL_NO_SCTP
849 /* Notify SCTP BIO socket to leave handshake 832 /* Notify SCTP BIO socket to leave handshake
850 * mode and prevent stream identifier other 833 * mode and prevent stream identifier other
851 * than 0. Will be ignored if no SCTP is used. 834 * than 0. Will be ignored if no SCTP is used.
852 */ 835 */
853 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); 836 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
837 s->in_handshake, NULL);
854#endif 838#endif
855 839
856 if (cb != NULL) 840 if (cb != NULL)
857 cb(s,SSL_CB_ACCEPT_EXIT,ret); 841 cb(s, SSL_CB_ACCEPT_EXIT, ret);
858 return(ret); 842 return (ret);
859 } 843}
860 844
861int dtls1_send_hello_request(SSL *s) 845int
862 { 846dtls1_send_hello_request(SSL *s)
847{
863 unsigned char *p; 848 unsigned char *p;
864 849
865 if (s->state == SSL3_ST_SW_HELLO_REQ_A) 850 if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
866 { 851 p = (unsigned char *)s->init_buf->data;
867 p=(unsigned char *)s->init_buf->data;
868 p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0); 852 p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
869 853
870 s->state=SSL3_ST_SW_HELLO_REQ_B; 854 s->state = SSL3_ST_SW_HELLO_REQ_B;
871 /* number of bytes to write */ 855 /* number of bytes to write */
872 s->init_num=DTLS1_HM_HEADER_LENGTH; 856 s->init_num = DTLS1_HM_HEADER_LENGTH;
873 s->init_off=0; 857 s->init_off = 0;
874 858
875 /* no need to buffer this message, since there are no retransmit 859 /* no need to buffer this message, since there are no retransmit
876 * requests for it */ 860 * requests for it */
877 } 861 }
878 862
879 /* SSL3_ST_SW_HELLO_REQ_B */ 863 /* SSL3_ST_SW_HELLO_REQ_B */
880 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 864 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
881 } 865}
882 866
883int dtls1_send_hello_verify_request(SSL *s) 867int
884 { 868dtls1_send_hello_verify_request(SSL *s)
869{
885 unsigned int msg_len; 870 unsigned int msg_len;
886 unsigned char *msg, *buf, *p; 871 unsigned char *msg, *buf, *p;
887 872
888 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) 873 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
889 {
890 buf = (unsigned char *)s->init_buf->data; 874 buf = (unsigned char *)s->init_buf->data;
891 875
892 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); 876 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
@@ -894,12 +878,11 @@ int dtls1_send_hello_verify_request(SSL *s)
894 *(p++) = s->version & 0xFF; 878 *(p++) = s->version & 0xFF;
895 879
896 if (s->ctx->app_gen_cookie_cb == NULL || 880 if (s->ctx->app_gen_cookie_cb == NULL ||
897 s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 881 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
898 &(s->d1->cookie_len)) == 0) 882 &(s->d1->cookie_len)) == 0) {
899 { 883 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR);
900 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
901 return 0; 884 return 0;
902 } 885 }
903 886
904 *(p++) = (unsigned char) s->d1->cookie_len; 887 *(p++) = (unsigned char) s->d1->cookie_len;
905 memcpy(p, s->d1->cookie, s->d1->cookie_len); 888 memcpy(p, s->d1->cookie, s->d1->cookie_len);
@@ -907,40 +890,40 @@ int dtls1_send_hello_verify_request(SSL *s)
907 msg_len = p - msg; 890 msg_len = p - msg;
908 891
909 dtls1_set_message_header(s, buf, 892 dtls1_set_message_header(s, buf,
910 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len); 893 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
911 894
912 s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; 895 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
913 /* number of bytes to write */ 896 /* number of bytes to write */
914 s->init_num=p-buf; 897 s->init_num = p - buf;
915 s->init_off=0; 898 s->init_off = 0;
916 } 899 }
917 900
918 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ 901 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
919 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 902 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
920 } 903}
921 904
922int dtls1_send_server_hello(SSL *s) 905int
923 { 906dtls1_send_server_hello(SSL *s)
907{
924 unsigned char *buf; 908 unsigned char *buf;
925 unsigned char *p,*d; 909 unsigned char *p, *d;
926 int i; 910 int i;
927 unsigned int sl; 911 unsigned int sl;
928 unsigned long l; 912 unsigned long l;
929 913
930 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) 914 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
931 { 915 buf = (unsigned char *)s->init_buf->data;
932 buf=(unsigned char *)s->init_buf->data; 916 p = s->s3->server_random;
933 p=s->s3->server_random;
934 ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE); 917 ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
935 /* Do the message type and length last */ 918 /* Do the message type and length last */
936 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); 919 d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
937 920
938 *(p++)=s->version>>8; 921 *(p++) = s->version >> 8;
939 *(p++)=s->version&0xff; 922 *(p++) = s->version&0xff;
940 923
941 /* Random stuff */ 924 /* Random stuff */
942 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); 925 memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
943 p+=SSL3_RANDOM_SIZE; 926 p += SSL3_RANDOM_SIZE;
944 927
945 /* now in theory we have 3 options to sending back the 928 /* now in theory we have 3 options to sending back the
946 * session id. If it is a re-use, we send back the 929 * session id. If it is a re-use, we send back the
@@ -951,320 +934,292 @@ int dtls1_send_server_hello(SSL *s)
951 * 12-Jan-98 - I'll now support the '0' length stuff. 934 * 12-Jan-98 - I'll now support the '0' length stuff.
952 */ 935 */
953 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) 936 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
954 s->session->session_id_length=0; 937 s->session->session_id_length = 0;
955 938
956 sl=s->session->session_id_length; 939 sl = s->session->session_id_length;
957 if (sl > sizeof s->session->session_id) 940 if (sl > sizeof s->session->session_id) {
958 {
959 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); 941 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
960 return -1; 942 return -1;
961 } 943 }
962 *(p++)=sl; 944 *(p++) = sl;
963 memcpy(p,s->session->session_id,sl); 945 memcpy(p, s->session->session_id, sl);
964 p+=sl; 946 p += sl;
965 947
966 /* put the cipher */ 948 /* put the cipher */
967 if (s->s3->tmp.new_cipher == NULL) 949 if (s->s3->tmp.new_cipher == NULL)
968 return -1; 950 return -1;
969 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); 951 i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
970 p+=i; 952 p += i;
971 953
972 /* put the compression method */ 954 /* put the compression method */
973#ifdef OPENSSL_NO_COMP 955#ifdef OPENSSL_NO_COMP
974 *(p++)=0; 956 *(p++) = 0;
975#else 957#else
976 if (s->s3->tmp.new_compression == NULL) 958 if (s->s3->tmp.new_compression == NULL)
977 *(p++)=0; 959 *(p++) = 0;
978 else 960 else
979 *(p++)=s->s3->tmp.new_compression->id; 961 *(p++) = s->s3->tmp.new_compression->id;
980#endif 962#endif
981 963
982#ifndef OPENSSL_NO_TLSEXT 964#ifndef OPENSSL_NO_TLSEXT
983 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 965 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
984 { 966 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
985 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
986 return -1; 967 return -1;
987 } 968 }
988#endif 969#endif
989 970
990 /* do the header */ 971 /* do the header */
991 l=(p-d); 972 l = (p - d);
992 d=buf; 973 d = buf;
993 974
994 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); 975 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
995 976
996 s->state=SSL3_ST_SW_SRVR_HELLO_B; 977 s->state = SSL3_ST_SW_SRVR_HELLO_B;
997 /* number of bytes to write */ 978 /* number of bytes to write */
998 s->init_num=p-buf; 979 s->init_num = p - buf;
999 s->init_off=0; 980 s->init_off = 0;
1000 981
1001 /* buffer the message to handle re-xmits */ 982 /* buffer the message to handle re-xmits */
1002 dtls1_buffer_message(s, 0); 983 dtls1_buffer_message(s, 0);
1003 } 984 }
1004 985
1005 /* SSL3_ST_SW_SRVR_HELLO_B */ 986 /* SSL3_ST_SW_SRVR_HELLO_B */
1006 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 987 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1007 } 988}
1008 989
1009int dtls1_send_server_done(SSL *s) 990int
1010 { 991dtls1_send_server_done(SSL *s)
992{
1011 unsigned char *p; 993 unsigned char *p;
1012 994
1013 if (s->state == SSL3_ST_SW_SRVR_DONE_A) 995 if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
1014 { 996 p = (unsigned char *)s->init_buf->data;
1015 p=(unsigned char *)s->init_buf->data;
1016 997
1017 /* do the header */ 998 /* do the header */
1018 p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0); 999 p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
1019 1000
1020 s->state=SSL3_ST_SW_SRVR_DONE_B; 1001 s->state = SSL3_ST_SW_SRVR_DONE_B;
1021 /* number of bytes to write */ 1002 /* number of bytes to write */
1022 s->init_num=DTLS1_HM_HEADER_LENGTH; 1003 s->init_num = DTLS1_HM_HEADER_LENGTH;
1023 s->init_off=0; 1004 s->init_off = 0;
1024 1005
1025 /* buffer the message to handle re-xmits */ 1006 /* buffer the message to handle re-xmits */
1026 dtls1_buffer_message(s, 0); 1007 dtls1_buffer_message(s, 0);
1027 } 1008 }
1028 1009
1029 /* SSL3_ST_SW_SRVR_DONE_B */ 1010 /* SSL3_ST_SW_SRVR_DONE_B */
1030 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1011 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1031 } 1012}
1032 1013
1033int dtls1_send_server_key_exchange(SSL *s) 1014int
1034 { 1015dtls1_send_server_key_exchange(SSL *s)
1016{
1035#ifndef OPENSSL_NO_RSA 1017#ifndef OPENSSL_NO_RSA
1036 unsigned char *q; 1018 unsigned char *q;
1037 int j,num; 1019 int j, num;
1038 RSA *rsa; 1020 RSA *rsa;
1039 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 1021 unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1040 unsigned int u; 1022 unsigned int u;
1041#endif 1023#endif
1042#ifndef OPENSSL_NO_DH 1024#ifndef OPENSSL_NO_DH
1043 DH *dh=NULL,*dhp; 1025 DH *dh = NULL, *dhp;
1044#endif 1026#endif
1045#ifndef OPENSSL_NO_ECDH 1027#ifndef OPENSSL_NO_ECDH
1046 EC_KEY *ecdh=NULL, *ecdhp; 1028 EC_KEY *ecdh = NULL, *ecdhp;
1047 unsigned char *encodedPoint = NULL; 1029 unsigned char *encodedPoint = NULL;
1048 int encodedlen = 0; 1030 int encodedlen = 0;
1049 int curve_id = 0; 1031 int curve_id = 0;
1050 BN_CTX *bn_ctx = NULL; 1032 BN_CTX *bn_ctx = NULL;
1033
1051#endif 1034#endif
1052 EVP_PKEY *pkey; 1035 EVP_PKEY *pkey;
1053 unsigned char *p,*d; 1036 unsigned char *p, *d;
1054 int al,i; 1037 int al, i;
1055 unsigned long type; 1038 unsigned long type;
1056 int n; 1039 int n;
1057 CERT *cert; 1040 CERT *cert;
1058 BIGNUM *r[4]; 1041 BIGNUM *r[4];
1059 int nr[4],kn; 1042 int nr[4], kn;
1060 BUF_MEM *buf; 1043 BUF_MEM *buf;
1061 EVP_MD_CTX md_ctx; 1044 EVP_MD_CTX md_ctx;
1062 1045
1063 EVP_MD_CTX_init(&md_ctx); 1046 EVP_MD_CTX_init(&md_ctx);
1064 if (s->state == SSL3_ST_SW_KEY_EXCH_A) 1047 if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
1065 { 1048 type = s->s3->tmp.new_cipher->algorithm_mkey;
1066 type=s->s3->tmp.new_cipher->algorithm_mkey; 1049 cert = s->cert;
1067 cert=s->cert;
1068 1050
1069 buf=s->init_buf; 1051 buf = s->init_buf;
1070 1052
1071 r[0]=r[1]=r[2]=r[3]=NULL; 1053 r[0] = r[1] = r[2] = r[3] = NULL;
1072 n=0; 1054 n = 0;
1073#ifndef OPENSSL_NO_RSA 1055#ifndef OPENSSL_NO_RSA
1074 if (type & SSL_kRSA) 1056 if (type & SSL_kRSA) {
1075 { 1057 rsa = cert->rsa_tmp;
1076 rsa=cert->rsa_tmp; 1058 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
1077 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) 1059 rsa = s->cert->rsa_tmp_cb(s,
1078 { 1060 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1079 rsa=s->cert->rsa_tmp_cb(s, 1061 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1080 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), 1062 if (rsa == NULL) {
1081 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); 1063 al = SSL_AD_HANDSHAKE_FAILURE;
1082 if(rsa == NULL) 1064 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1083 {
1084 al=SSL_AD_HANDSHAKE_FAILURE;
1085 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1086 goto f_err; 1065 goto f_err;
1087 } 1066 }
1088 RSA_up_ref(rsa); 1067 RSA_up_ref(rsa);
1089 cert->rsa_tmp=rsa; 1068 cert->rsa_tmp = rsa;
1090 } 1069 }
1091 if (rsa == NULL) 1070 if (rsa == NULL) {
1092 { 1071 al = SSL_AD_HANDSHAKE_FAILURE;
1093 al=SSL_AD_HANDSHAKE_FAILURE; 1072 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_RSA_KEY);
1094 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
1095 goto f_err; 1073 goto f_err;
1096 }
1097 r[0]=rsa->n;
1098 r[1]=rsa->e;
1099 s->s3->tmp.use_rsa_tmp=1;
1100 } 1074 }
1101 else 1075 r[0] = rsa->n;
1076 r[1] = rsa->e;
1077 s->s3->tmp.use_rsa_tmp = 1;
1078 } else
1102#endif 1079#endif
1103#ifndef OPENSSL_NO_DH 1080#ifndef OPENSSL_NO_DH
1104 if (type & SSL_kEDH) 1081 if (type & SSL_kEDH) {
1105 { 1082 dhp = cert->dh_tmp;
1106 dhp=cert->dh_tmp;
1107 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1083 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1108 dhp=s->cert->dh_tmp_cb(s, 1084 dhp = s->cert->dh_tmp_cb(s,
1109 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), 1085 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1110 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); 1086 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1111 if (dhp == NULL) 1087 if (dhp == NULL) {
1112 { 1088 al = SSL_AD_HANDSHAKE_FAILURE;
1113 al=SSL_AD_HANDSHAKE_FAILURE; 1089 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY);
1114 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
1115 goto f_err; 1090 goto f_err;
1116 } 1091 }
1117 1092
1118 if (s->s3->tmp.dh != NULL) 1093 if (s->s3->tmp.dh != NULL) {
1119 {
1120 DH_free(dh); 1094 DH_free(dh);
1121 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1095 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1122 goto err; 1096 goto err;
1123 } 1097 }
1124 1098
1125 if ((dh=DHparams_dup(dhp)) == NULL) 1099 if ((dh = DHparams_dup(dhp)) == NULL) {
1126 { 1100 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
1127 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1128 goto err; 1101 goto err;
1129 } 1102 }
1130 1103
1131 s->s3->tmp.dh=dh; 1104 s->s3->tmp.dh = dh;
1132 if ((dhp->pub_key == NULL || 1105 if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
1133 dhp->priv_key == NULL || 1106 (s->options & SSL_OP_SINGLE_DH_USE))) {
1134 (s->options & SSL_OP_SINGLE_DH_USE))) 1107 if (!DH_generate_key(dh)) {
1135 { 1108 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
1136 if(!DH_generate_key(dh)) 1109 ERR_R_DH_LIB);
1137 { 1110 goto err;
1138 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
1139 ERR_R_DH_LIB);
1140 goto err;
1141 }
1142 } 1111 }
1143 else 1112 } else {
1144 { 1113 dh->pub_key = BN_dup(dhp->pub_key);
1145 dh->pub_key=BN_dup(dhp->pub_key); 1114 dh->priv_key = BN_dup(dhp->priv_key);
1146 dh->priv_key=BN_dup(dhp->priv_key);
1147 if ((dh->pub_key == NULL) || 1115 if ((dh->pub_key == NULL) ||
1148 (dh->priv_key == NULL)) 1116 (dh->priv_key == NULL)) {
1149 { 1117 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
1150 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1151 goto err; 1118 goto err;
1152 }
1153 } 1119 }
1154 r[0]=dh->p;
1155 r[1]=dh->g;
1156 r[2]=dh->pub_key;
1157 } 1120 }
1158 else 1121 r[0] = dh->p;
1122 r[1] = dh->g;
1123 r[2] = dh->pub_key;
1124 } else
1159#endif 1125#endif
1160#ifndef OPENSSL_NO_ECDH 1126#ifndef OPENSSL_NO_ECDH
1161 if (type & SSL_kEECDH) 1127 if (type & SSL_kEECDH) {
1162 {
1163 const EC_GROUP *group; 1128 const EC_GROUP *group;
1164 1129
1165 ecdhp=cert->ecdh_tmp; 1130 ecdhp = cert->ecdh_tmp;
1166 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) 1131 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) {
1167 { 1132 ecdhp = s->cert->ecdh_tmp_cb(s,
1168 ecdhp=s->cert->ecdh_tmp_cb(s, 1133 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1169 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), 1134 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1170 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); 1135 }
1171 } 1136 if (ecdhp == NULL) {
1172 if (ecdhp == NULL) 1137 al = SSL_AD_HANDSHAKE_FAILURE;
1173 { 1138 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY);
1174 al=SSL_AD_HANDSHAKE_FAILURE;
1175 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1176 goto f_err; 1139 goto f_err;
1177 } 1140 }
1141
1142 if (s->s3->tmp.ecdh != NULL) {
1143 EC_KEY_free(s->s3->tmp.ecdh);
1178 1144
1179 if (s->s3->tmp.ecdh != NULL)
1180 {
1181 EC_KEY_free(s->s3->tmp.ecdh);
1182 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1145 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1183 goto err; 1146 goto err;
1184 } 1147 }
1185 1148
1186 /* Duplicate the ECDH structure. */ 1149 /* Duplicate the ECDH structure. */
1187 if (ecdhp == NULL) 1150 if (ecdhp == NULL) {
1188 { 1151 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1189 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1190 goto err; 1152 goto err;
1191 } 1153 }
1192 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) 1154 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
1193 { 1155 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1194 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1195 goto err; 1156 goto err;
1196 } 1157 }
1197 1158
1198 s->s3->tmp.ecdh=ecdh; 1159 s->s3->tmp.ecdh = ecdh;
1199 if ((EC_KEY_get0_public_key(ecdh) == NULL) || 1160 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1200 (EC_KEY_get0_private_key(ecdh) == NULL) || 1161 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1201 (s->options & SSL_OP_SINGLE_ECDH_USE)) 1162 (s->options & SSL_OP_SINGLE_ECDH_USE)) {
1202 { 1163 if (!EC_KEY_generate_key(ecdh)) {
1203 if(!EC_KEY_generate_key(ecdh)) 1164 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1204 { 1165 goto err;
1205 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1206 goto err;
1207 }
1208 } 1166 }
1167 }
1209 1168
1210 if (((group = EC_KEY_get0_group(ecdh)) == NULL) || 1169 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1211 (EC_KEY_get0_public_key(ecdh) == NULL) || 1170 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1212 (EC_KEY_get0_private_key(ecdh) == NULL)) 1171 (EC_KEY_get0_private_key(ecdh) == NULL)) {
1213 { 1172 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1214 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1215 goto err; 1173 goto err;
1216 } 1174 }
1217 1175
1218 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 1176 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1219 (EC_GROUP_get_degree(group) > 163)) 1177 (EC_GROUP_get_degree(group) > 163)) {
1220 { 1178 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1221 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1222 goto err; 1179 goto err;
1223 } 1180 }
1224 1181
1225 /* XXX: For now, we only support ephemeral ECDH 1182 /* XXX: For now, we only support ephemeral ECDH
1226 * keys over named (not generic) curves. For 1183 * keys over named (not generic) curves. For
1227 * supported named curves, curve_id is non-zero. 1184 * supported named curves, curve_id is non-zero.
1228 */ 1185 */
1229 if ((curve_id = 1186 if ((curve_id = tls1_ec_nid2curve_id(
1230 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group))) 1187 EC_GROUP_get_curve_name(group))) == 0) {
1231 == 0) 1188 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1232 {
1233 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1234 goto err; 1189 goto err;
1235 } 1190 }
1236 1191
1237 /* Encode the public key. 1192 /* Encode the public key.
1238 * First check the size of encoding and 1193 * First check the size of encoding and
1239 * allocate memory accordingly. 1194 * allocate memory accordingly.
1240 */ 1195 */
1241 encodedlen = EC_POINT_point2oct(group, 1196 encodedlen = EC_POINT_point2oct(group,
1242 EC_KEY_get0_public_key(ecdh), 1197 EC_KEY_get0_public_key(ecdh),
1243 POINT_CONVERSION_UNCOMPRESSED, 1198 POINT_CONVERSION_UNCOMPRESSED,
1244 NULL, 0, NULL); 1199 NULL, 0, NULL);
1200
1201 encodedPoint = (unsigned char *)
1202 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1245 1203
1246 encodedPoint = (unsigned char *)
1247 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1248 bn_ctx = BN_CTX_new(); 1204 bn_ctx = BN_CTX_new();
1249 if ((encodedPoint == NULL) || (bn_ctx == NULL)) 1205 if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
1250 { 1206 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1251 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1252 goto err; 1207 goto err;
1253 } 1208 }
1254 1209
1255 1210
1256 encodedlen = EC_POINT_point2oct(group, 1211 encodedlen = EC_POINT_point2oct(group,
1257 EC_KEY_get0_public_key(ecdh), 1212 EC_KEY_get0_public_key(ecdh),
1258 POINT_CONVERSION_UNCOMPRESSED, 1213 POINT_CONVERSION_UNCOMPRESSED,
1259 encodedPoint, encodedlen, bn_ctx); 1214 encodedPoint, encodedlen, bn_ctx);
1260 1215
1261 if (encodedlen == 0) 1216 if (encodedlen == 0) {
1262 { 1217 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1263 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1264 goto err; 1218 goto err;
1265 } 1219 }
1266 1220
1267 BN_CTX_free(bn_ctx); bn_ctx=NULL; 1221 BN_CTX_free(bn_ctx);
1222 bn_ctx = NULL;
1268 1223
1269 /* XXX: For now, we only support named (not 1224 /* XXX: For now, we only support named (not
1270 * generic) curves in ECDH ephemeral key exchanges. 1225 * generic) curves in ECDH ephemeral key exchanges.
@@ -1277,67 +1232,56 @@ int dtls1_send_server_key_exchange(SSL *s)
1277 /* We'll generate the serverKeyExchange message 1232 /* We'll generate the serverKeyExchange message
1278 * explicitly so we can set these to NULLs 1233 * explicitly so we can set these to NULLs
1279 */ 1234 */
1280 r[0]=NULL; 1235 r[0] = NULL;
1281 r[1]=NULL; 1236 r[1] = NULL;
1282 r[2]=NULL; 1237 r[2] = NULL;
1283 r[3]=NULL; 1238 r[3] = NULL;
1284 } 1239 } else
1285 else
1286#endif /* !OPENSSL_NO_ECDH */ 1240#endif /* !OPENSSL_NO_ECDH */
1287#ifndef OPENSSL_NO_PSK 1241#ifndef OPENSSL_NO_PSK
1288 if (type & SSL_kPSK) 1242 if (type & SSL_kPSK) {
1289 { 1243 /* reserve size for record length and PSK identity hint*/
1290 /* reserve size for record length and PSK identity hint*/ 1244 n += 2 + strlen(s->ctx->psk_identity_hint);
1291 n+=2+strlen(s->ctx->psk_identity_hint); 1245 } else
1292 }
1293 else
1294#endif /* !OPENSSL_NO_PSK */ 1246#endif /* !OPENSSL_NO_PSK */
1295 { 1247 {
1296 al=SSL_AD_HANDSHAKE_FAILURE; 1248 al = SSL_AD_HANDSHAKE_FAILURE;
1297 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1249 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1298 goto f_err; 1250 goto f_err;
1299 } 1251 }
1300 for (i=0; r[i] != NULL; i++) 1252 for (i = 0; r[i] != NULL; i++) {
1301 { 1253 nr[i] = BN_num_bytes(r[i]);
1302 nr[i]=BN_num_bytes(r[i]); 1254 n += 2 + nr[i];
1303 n+=2+nr[i]; 1255 }
1304 }
1305 1256
1306 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) 1257 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1307 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 1258 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
1308 { 1259 if ((pkey = ssl_get_sign_pkey(s,
1309 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL)) 1260 s->s3->tmp.new_cipher, NULL)) == NULL) {
1310 == NULL) 1261 al = SSL_AD_DECODE_ERROR;
1311 {
1312 al=SSL_AD_DECODE_ERROR;
1313 goto f_err; 1262 goto f_err;
1314 }
1315 kn=EVP_PKEY_size(pkey);
1316 }
1317 else
1318 {
1319 pkey=NULL;
1320 kn=0;
1321 } 1263 }
1264 kn = EVP_PKEY_size(pkey);
1265 } else {
1266 pkey = NULL;
1267 kn = 0;
1268 }
1322 1269
1323 if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn)) 1270 if (!BUF_MEM_grow_clean(buf, n + DTLS1_HM_HEADER_LENGTH + kn)) {
1324 { 1271 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
1325 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1326 goto err; 1272 goto err;
1327 } 1273 }
1328 d=(unsigned char *)s->init_buf->data; 1274 d = (unsigned char *)s->init_buf->data;
1329 p= &(d[DTLS1_HM_HEADER_LENGTH]); 1275 p = &(d[DTLS1_HM_HEADER_LENGTH]);
1330 1276
1331 for (i=0; r[i] != NULL; i++) 1277 for (i = 0; r[i] != NULL; i++) {
1332 { 1278 s2n(nr[i], p);
1333 s2n(nr[i],p); 1279 BN_bn2bin(r[i], p);
1334 BN_bn2bin(r[i],p); 1280 p += nr[i];
1335 p+=nr[i]; 1281 }
1336 }
1337 1282
1338#ifndef OPENSSL_NO_ECDH 1283#ifndef OPENSSL_NO_ECDH
1339 if (type & SSL_kEECDH) 1284 if (type & SSL_kEECDH) {
1340 {
1341 /* XXX: For now, we only support named (not generic) curves. 1285 /* XXX: For now, we only support named (not generic) curves.
1342 * In this situation, the serverKeyExchange message has: 1286 * In this situation, the serverKeyExchange message has:
1343 * [1 byte CurveType], [2 byte CurveName] 1287 * [1 byte CurveType], [2 byte CurveName]
@@ -1352,268 +1296,257 @@ int dtls1_send_server_key_exchange(SSL *s)
1352 p += 1; 1296 p += 1;
1353 *p = encodedlen; 1297 *p = encodedlen;
1354 p += 1; 1298 p += 1;
1355 memcpy((unsigned char*)p, 1299 memcpy((unsigned char*)p,
1356 (unsigned char *)encodedPoint, 1300 (unsigned char *)encodedPoint,
1357 encodedlen); 1301 encodedlen);
1358 OPENSSL_free(encodedPoint); 1302 OPENSSL_free(encodedPoint);
1359 p += encodedlen; 1303 p += encodedlen;
1360 } 1304 }
1361#endif 1305#endif
1362 1306
1363#ifndef OPENSSL_NO_PSK 1307#ifndef OPENSSL_NO_PSK
1364 if (type & SSL_kPSK) 1308 if (type & SSL_kPSK) {
1365 {
1366 /* copy PSK identity hint */ 1309 /* copy PSK identity hint */
1367 s2n(strlen(s->ctx->psk_identity_hint), p); 1310 s2n(strlen(s->ctx->psk_identity_hint), p);
1311
1368 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint)); 1312 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1369 p+=strlen(s->ctx->psk_identity_hint); 1313 p += strlen(s->ctx->psk_identity_hint);
1370 } 1314 }
1371#endif 1315#endif
1372 1316
1373 /* not anonymous */ 1317 /* not anonymous */
1374 if (pkey != NULL) 1318 if (pkey != NULL) {
1375 {
1376 /* n is the length of the params, they start at 1319 /* n is the length of the params, they start at
1377 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space 1320 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
1378 * at the end. */ 1321 * at the end. */
1379#ifndef OPENSSL_NO_RSA 1322#ifndef OPENSSL_NO_RSA
1380 if (pkey->type == EVP_PKEY_RSA) 1323 if (pkey->type == EVP_PKEY_RSA) {
1381 { 1324 q = md_buf;
1382 q=md_buf; 1325 j = 0;
1383 j=0; 1326 for (num = 2; num > 0; num--) {
1384 for (num=2; num > 0; num--) 1327 EVP_DigestInit_ex(&md_ctx, (num == 2)
1385 { 1328 ? s->ctx->md5 : s->ctx->sha1, NULL);
1386 EVP_DigestInit_ex(&md_ctx,(num == 2) 1329 EVP_DigestUpdate(&md_ctx,
1387 ?s->ctx->md5:s->ctx->sha1, NULL); 1330 &(s->s3->client_random[0]),
1388 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1331 SSL3_RANDOM_SIZE);
1389 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1332 EVP_DigestUpdate(&md_ctx,
1390 EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); 1333 &(s->s3->server_random[0]),
1391 EVP_DigestFinal_ex(&md_ctx,q, 1334 SSL3_RANDOM_SIZE);
1392 (unsigned int *)&i); 1335 EVP_DigestUpdate(&md_ctx,
1393 q+=i; 1336 &(d[DTLS1_HM_HEADER_LENGTH]), n);
1394 j+=i; 1337 EVP_DigestFinal_ex(&md_ctx, q,
1395 } 1338 (unsigned int *)&i);
1396 if (RSA_sign(NID_md5_sha1, md_buf, j, 1339 q += i;
1397 &(p[2]), &u, pkey->pkey.rsa) <= 0) 1340 j += i;
1398 { 1341 }
1399 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); 1342 if (RSA_sign(NID_md5_sha1, md_buf, j, &(p[2]),
1343 &u, pkey->pkey.rsa) <= 0) {
1344 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
1400 goto err; 1345 goto err;
1401 }
1402 s2n(u,p);
1403 n+=u+2;
1404 } 1346 }
1405 else 1347 s2n(u, p);
1348 n += u + 2;
1349 } else
1406#endif 1350#endif
1407#if !defined(OPENSSL_NO_DSA) 1351#if !defined(OPENSSL_NO_DSA)
1408 if (pkey->type == EVP_PKEY_DSA) 1352 if (pkey->type == EVP_PKEY_DSA) {
1409 {
1410 /* lets do DSS */ 1353 /* lets do DSS */
1411 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); 1354 EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
1412 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1355 EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1413 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1356 EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1414 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); 1357 EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
1415 if (!EVP_SignFinal(&md_ctx,&(p[2]), 1358 if (!EVP_SignFinal(&md_ctx, &(p[2]),
1416 (unsigned int *)&i,pkey)) 1359 (unsigned int *)&i, pkey)) {
1417 { 1360 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA);
1418 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
1419 goto err; 1361 goto err;
1420 }
1421 s2n(i,p);
1422 n+=i+2;
1423 } 1362 }
1424 else 1363 s2n(i, p);
1364 n += i + 2;
1365 } else
1425#endif 1366#endif
1426#if !defined(OPENSSL_NO_ECDSA) 1367#if !defined(OPENSSL_NO_ECDSA)
1427 if (pkey->type == EVP_PKEY_EC) 1368 if (pkey->type == EVP_PKEY_EC) {
1428 {
1429 /* let's do ECDSA */ 1369 /* let's do ECDSA */
1430 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); 1370 EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL);
1431 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1371 EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1432 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1372 EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1433 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); 1373 EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
1434 if (!EVP_SignFinal(&md_ctx,&(p[2]), 1374 if (!EVP_SignFinal(&md_ctx, &(p[2]),
1435 (unsigned int *)&i,pkey)) 1375 (unsigned int *)&i, pkey)) {
1436 { 1376 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_ECDSA);
1437 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
1438 goto err; 1377 goto err;
1439 }
1440 s2n(i,p);
1441 n+=i+2;
1442 } 1378 }
1443 else 1379 s2n(i, p);
1380 n += i + 2;
1381 } else
1444#endif 1382#endif
1445 { 1383 {
1446 /* Is this error check actually needed? */ 1384 /* Is this error check actually needed? */
1447 al=SSL_AD_HANDSHAKE_FAILURE; 1385 al = SSL_AD_HANDSHAKE_FAILURE;
1448 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE); 1386 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_PKEY_TYPE);
1449 goto f_err; 1387 goto f_err;
1450 }
1451 } 1388 }
1389 }
1452 1390
1453 d = dtls1_set_message_header(s, d, 1391 d = dtls1_set_message_header(s, d,
1454 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n); 1392 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
1455 1393
1456 /* we should now have things packed up, so lets send 1394 /* we should now have things packed up, so lets send
1457 * it off */ 1395 * it off */
1458 s->init_num=n+DTLS1_HM_HEADER_LENGTH; 1396 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1459 s->init_off=0; 1397 s->init_off = 0;
1460 1398
1461 /* buffer the message to handle re-xmits */ 1399 /* buffer the message to handle re-xmits */
1462 dtls1_buffer_message(s, 0); 1400 dtls1_buffer_message(s, 0);
1463 } 1401 }
1464 1402
1465 s->state = SSL3_ST_SW_KEY_EXCH_B; 1403 s->state = SSL3_ST_SW_KEY_EXCH_B;
1466 EVP_MD_CTX_cleanup(&md_ctx); 1404 EVP_MD_CTX_cleanup(&md_ctx);
1467 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1405 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1468f_err: 1406f_err:
1469 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1407 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1470err: 1408err:
1471#ifndef OPENSSL_NO_ECDH 1409#ifndef OPENSSL_NO_ECDH
1472 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 1410 if (encodedPoint != NULL)
1411 OPENSSL_free(encodedPoint);
1473 BN_CTX_free(bn_ctx); 1412 BN_CTX_free(bn_ctx);
1474#endif 1413#endif
1475 EVP_MD_CTX_cleanup(&md_ctx); 1414 EVP_MD_CTX_cleanup(&md_ctx);
1476 return(-1); 1415 return (-1);
1477 } 1416}
1478 1417
1479int dtls1_send_certificate_request(SSL *s) 1418int
1480 { 1419dtls1_send_certificate_request(SSL *s)
1481 unsigned char *p,*d; 1420{
1482 int i,j,nl,off,n; 1421 unsigned char *p, *d;
1483 STACK_OF(X509_NAME) *sk=NULL; 1422 int i, j, nl, off, n;
1423 STACK_OF(X509_NAME) *sk = NULL;
1484 X509_NAME *name; 1424 X509_NAME *name;
1485 BUF_MEM *buf; 1425 BUF_MEM *buf;
1486 unsigned int msg_len; 1426 unsigned int msg_len;
1487 1427
1488 if (s->state == SSL3_ST_SW_CERT_REQ_A) 1428 if (s->state == SSL3_ST_SW_CERT_REQ_A) {
1489 { 1429 buf = s->init_buf;
1490 buf=s->init_buf;
1491 1430
1492 d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); 1431 d = p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1493 1432
1494 /* get the list of acceptable cert types */ 1433 /* get the list of acceptable cert types */
1495 p++; 1434 p++;
1496 n=ssl3_get_req_cert_type(s,p); 1435 n = ssl3_get_req_cert_type(s, p);
1497 d[0]=n; 1436 d[0] = n;
1498 p+=n; 1437 p += n;
1499 n++; 1438 n++;
1500 1439
1501 off=n; 1440 off = n;
1502 p+=2; 1441 p += 2;
1503 n+=2; 1442 n += 2;
1504 1443
1505 sk=SSL_get_client_CA_list(s); 1444 sk = SSL_get_client_CA_list(s);
1506 nl=0; 1445 nl = 0;
1507 if (sk != NULL) 1446 if (sk != NULL) {
1508 { 1447 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
1509 for (i=0; i<sk_X509_NAME_num(sk); i++) 1448 name = sk_X509_NAME_value(sk, i);
1510 { 1449 j = i2d_X509_NAME(name, NULL);
1511 name=sk_X509_NAME_value(sk,i); 1450 if (!BUF_MEM_grow_clean(buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
1512 j=i2d_X509_NAME(name,NULL); 1451 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
1513 if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
1514 {
1515 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1516 goto err; 1452 goto err;
1517 } 1453 }
1518 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]); 1454 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
1519 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) 1455 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
1520 { 1456 s2n(j, p);
1521 s2n(j,p); 1457 i2d_X509_NAME(name, &p);
1522 i2d_X509_NAME(name,&p); 1458 n += 2 + j;
1523 n+=2+j; 1459 nl += 2 + j;
1524 nl+=2+j; 1460 } else {
1525 } 1461 d = p;
1526 else 1462 i2d_X509_NAME(name, &p);
1527 { 1463 j -= 2;
1528 d=p; 1464 s2n(j, d);
1529 i2d_X509_NAME(name,&p); 1465 j += 2;
1530 j-=2; s2n(j,d); j+=2; 1466 n += j;
1531 n+=j; 1467 nl += j;
1532 nl+=j;
1533 }
1534 } 1468 }
1535 } 1469 }
1470 }
1536 /* else no CA names */ 1471 /* else no CA names */
1537 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]); 1472 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
1538 s2n(nl,p); 1473 s2n(nl, p);
1539 1474
1540 d=(unsigned char *)buf->data; 1475 d = (unsigned char *)buf->data;
1541 *(d++)=SSL3_MT_CERTIFICATE_REQUEST; 1476 *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
1542 l2n3(n,d); 1477 l2n3(n, d);
1543 s2n(s->d1->handshake_write_seq,d); 1478 s2n(s->d1->handshake_write_seq, d);
1544 s->d1->handshake_write_seq++; 1479 s->d1->handshake_write_seq++;
1545 1480
1546 /* we should now have things packed up, so lets send 1481 /* we should now have things packed up, so lets send
1547 * it off */ 1482 * it off */
1548 1483
1549 s->init_num=n+DTLS1_HM_HEADER_LENGTH; 1484 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1550 s->init_off=0; 1485 s->init_off = 0;
1551#ifdef NETSCAPE_HANG_BUG 1486#ifdef NETSCAPE_HANG_BUG
1552/* XXX: what to do about this? */ 1487/* XXX: what to do about this? */
1553 p=(unsigned char *)s->init_buf->data + s->init_num; 1488 p = (unsigned char *)s->init_buf->data + s->init_num;
1554 1489
1555 /* do the header */ 1490 /* do the header */
1556 *(p++)=SSL3_MT_SERVER_DONE; 1491 *(p++) = SSL3_MT_SERVER_DONE;
1557 *(p++)=0; 1492 *(p++) = 0;
1558 *(p++)=0; 1493 *(p++) = 0;
1559 *(p++)=0; 1494 *(p++) = 0;
1560 s->init_num += 4; 1495 s->init_num += 4;
1561#endif 1496#endif
1562 1497
1563 /* XDTLS: set message header ? */ 1498 /* XDTLS: set message header ? */
1564 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; 1499 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1565 dtls1_set_message_header(s, (void *)s->init_buf->data, 1500 dtls1_set_message_header(s, (void *)s->init_buf->data,
1566 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); 1501 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
1567 1502
1568 /* buffer the message to handle re-xmits */ 1503 /* buffer the message to handle re-xmits */
1569 dtls1_buffer_message(s, 0); 1504 dtls1_buffer_message(s, 0);
1570 1505
1571 s->state = SSL3_ST_SW_CERT_REQ_B; 1506 s->state = SSL3_ST_SW_CERT_REQ_B;
1572 } 1507 }
1573 1508
1574 /* SSL3_ST_SW_CERT_REQ_B */ 1509 /* SSL3_ST_SW_CERT_REQ_B */
1575 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1510 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1576err: 1511err:
1577 return(-1); 1512 return (-1);
1578 } 1513}
1579 1514
1580int dtls1_send_server_certificate(SSL *s) 1515int
1581 { 1516dtls1_send_server_certificate(SSL *s)
1517{
1582 unsigned long l; 1518 unsigned long l;
1583 X509 *x; 1519 X509 *x;
1584 1520
1585 if (s->state == SSL3_ST_SW_CERT_A) 1521 if (s->state == SSL3_ST_SW_CERT_A) {
1586 { 1522 x = ssl_get_server_send_cert(s);
1587 x=ssl_get_server_send_cert(s); 1523 if (x == NULL) {
1588 if (x == NULL)
1589 {
1590 /* VRS: allow null cert if auth == KRB5 */ 1524 /* VRS: allow null cert if auth == KRB5 */
1591 if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) || 1525 if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
1592 (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) 1526 (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) {
1593 { 1527 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
1594 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); 1528 return (0);
1595 return(0);
1596 }
1597 } 1529 }
1530 }
1598 1531
1599 l=dtls1_output_cert_chain(s,x); 1532 l = dtls1_output_cert_chain(s, x);
1600 s->state=SSL3_ST_SW_CERT_B; 1533 s->state = SSL3_ST_SW_CERT_B;
1601 s->init_num=(int)l; 1534 s->init_num = (int)l;
1602 s->init_off=0; 1535 s->init_off = 0;
1603 1536
1604 /* buffer the message to handle re-xmits */ 1537 /* buffer the message to handle re-xmits */
1605 dtls1_buffer_message(s, 0); 1538 dtls1_buffer_message(s, 0);
1606 } 1539 }
1607 1540
1608 /* SSL3_ST_SW_CERT_B */ 1541 /* SSL3_ST_SW_CERT_B */
1609 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1542 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1610 } 1543}
1611 1544
1612#ifndef OPENSSL_NO_TLSEXT 1545#ifndef OPENSSL_NO_TLSEXT
1613int dtls1_send_newsession_ticket(SSL *s) 1546int
1614 { 1547dtls1_send_newsession_ticket(SSL *s)
1615 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) 1548{
1616 { 1549 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
1617 unsigned char *p, *senc, *macstart; 1550 unsigned char *p, *senc, *macstart;
1618 int len, slen; 1551 int len, slen;
1619 unsigned int hlen, msg_len; 1552 unsigned int hlen, msg_len;
@@ -1638,8 +1571,8 @@ int dtls1_send_newsession_ticket(SSL *s)
1638 * length) + max_md_size (HMAC). 1571 * length) + max_md_size (HMAC).
1639 */ 1572 */
1640 if (!BUF_MEM_grow(s->init_buf, 1573 if (!BUF_MEM_grow(s->init_buf,
1641 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH + 1574 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
1642 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) 1575 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
1643 return -1; 1576 return -1;
1644 senc = OPENSSL_malloc(slen); 1577 senc = OPENSSL_malloc(slen);
1645 if (!senc) 1578 if (!senc)
@@ -1647,31 +1580,27 @@ int dtls1_send_newsession_ticket(SSL *s)
1647 p = senc; 1580 p = senc;
1648 i2d_SSL_SESSION(s->session, &p); 1581 i2d_SSL_SESSION(s->session, &p);
1649 1582
1650 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); 1583 p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
1651 EVP_CIPHER_CTX_init(&ctx); 1584 EVP_CIPHER_CTX_init(&ctx);
1652 HMAC_CTX_init(&hctx); 1585 HMAC_CTX_init(&hctx);
1653 /* Initialize HMAC and cipher contexts. If callback present 1586 /* Initialize HMAC and cipher contexts. If callback present
1654 * it does all the work otherwise use generated values 1587 * it does all the work otherwise use generated values
1655 * from parent ctx. 1588 * from parent ctx.
1656 */ 1589 */
1657 if (tctx->tlsext_ticket_key_cb) 1590 if (tctx->tlsext_ticket_key_cb) {
1658 {
1659 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, 1591 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
1660 &hctx, 1) < 0) 1592 &hctx, 1) < 0) {
1661 {
1662 OPENSSL_free(senc); 1593 OPENSSL_free(senc);
1663 return -1; 1594 return -1;
1664 }
1665 } 1595 }
1666 else 1596 } else {
1667 {
1668 RAND_pseudo_bytes(iv, 16); 1597 RAND_pseudo_bytes(iv, 16);
1669 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 1598 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
1670 tctx->tlsext_tick_aes_key, iv); 1599 tctx->tlsext_tick_aes_key, iv);
1671 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, 1600 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
1672 tlsext_tick_md(), NULL); 1601 tlsext_tick_md(), NULL);
1673 memcpy(key_name, tctx->tlsext_tick_key_name, 16); 1602 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
1674 } 1603 }
1675 l2n(s->session->tlsext_tick_lifetime_hint, p); 1604 l2n(s->session->tlsext_tick_lifetime_hint, p);
1676 /* Skip ticket length for now */ 1605 /* Skip ticket length for now */
1677 p += 2; 1606 p += 2;
@@ -1698,25 +1627,25 @@ int dtls1_send_newsession_ticket(SSL *s)
1698 /* Total length */ 1627 /* Total length */
1699 len = p - (unsigned char *)(s->init_buf->data); 1628 len = p - (unsigned char *)(s->init_buf->data);
1700 /* Ticket length */ 1629 /* Ticket length */
1701 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4; 1630 p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
1702 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p); 1631 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
1703 1632
1704 /* number of bytes to write */ 1633 /* number of bytes to write */
1705 s->init_num= len; 1634 s->init_num = len;
1706 s->state=SSL3_ST_SW_SESSION_TICKET_B; 1635 s->state = SSL3_ST_SW_SESSION_TICKET_B;
1707 s->init_off=0; 1636 s->init_off = 0;
1708 OPENSSL_free(senc); 1637 OPENSSL_free(senc);
1709 1638
1710 /* XDTLS: set message header ? */ 1639 /* XDTLS: set message header ? */
1711 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; 1640 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1712 dtls1_set_message_header(s, (void *)s->init_buf->data, 1641 dtls1_set_message_header(s, (void *)s->init_buf->data,
1713 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); 1642 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
1714 1643
1715 /* buffer the message to handle re-xmits */ 1644 /* buffer the message to handle re-xmits */
1716 dtls1_buffer_message(s, 0); 1645 dtls1_buffer_message(s, 0);
1717 } 1646 }
1718 1647
1719 /* SSL3_ST_SW_SESSION_TICKET_B */ 1648 /* SSL3_ST_SW_SESSION_TICKET_B */
1720 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1649 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1721 } 1650}
1722#endif 1651#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 14:23:36 +0000