diff options
| -rw-r--r-- | src/lib/libssl/d1_clnt.c | 225 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_clnt.c | 225 | 
2 files changed, 244 insertions, 206 deletions
| diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index fe5f1aa200..ef4a74e0af 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | /* ssl/d1_clnt.c */ | 1 | /* ssl/d1_clnt.c */ | 
| 2 | /* | 2 | /* | 
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu | 
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 
| 5 | */ | 5 | */ | 
| 6 | /* ==================================================================== | 6 | /* ==================================================================== | 
| 7 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. | 7 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. | 
| @@ -11,7 +11,7 @@ | |||
| 11 | * are met: | 11 | * are met: | 
| 12 | * | 12 | * | 
| 13 | * 1. Redistributions of source code must retain the above copyright | 13 | * 1. Redistributions of source code must retain the above copyright | 
| 14 | * notice, this list of conditions and the following disclaimer. | 14 | * notice, this list of conditions and the following disclaimer. | 
| 15 | * | 15 | * | 
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | 16 | * 2. Redistributions in binary form must reproduce the above copyright | 
| 17 | * notice, this list of conditions and the following disclaimer in | 17 | * notice, this list of conditions and the following disclaimer in | 
| @@ -62,21 +62,21 @@ | |||
| 62 | * This package is an SSL implementation written | 62 | * This package is an SSL implementation written | 
| 63 | * by Eric Young (eay@cryptsoft.com). | 63 | * by Eric Young (eay@cryptsoft.com). | 
| 64 | * The implementation was written so as to conform with Netscapes SSL. | 64 | * The implementation was written so as to conform with Netscapes SSL. | 
| 65 | * | 65 | * | 
| 66 | * This library is free for commercial and non-commercial use as long as | 66 | * This library is free for commercial and non-commercial use as long as | 
| 67 | * the following conditions are aheared to. The following conditions | 67 | * the following conditions are aheared to. The following conditions | 
| 68 | * apply to all code found in this distribution, be it the RC4, RSA, | 68 | * apply to all code found in this distribution, be it the RC4, RSA, | 
| 69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 
| 70 | * included with this distribution is covered by the same copyright terms | 70 | * included with this distribution is covered by the same copyright terms | 
| 71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 
| 72 | * | 72 | * | 
| 73 | * Copyright remains Eric Young's, and as such any Copyright notices in | 73 | * Copyright remains Eric Young's, and as such any Copyright notices in | 
| 74 | * the code are not to be removed. | 74 | * the code are not to be removed. | 
| 75 | * If this package is used in a product, Eric Young should be given attribution | 75 | * If this package is used in a product, Eric Young should be given attribution | 
| 76 | * as the author of the parts of the library used. | 76 | * as the author of the parts of the library used. | 
| 77 | * This can be in the form of a textual message at program startup or | 77 | * This can be in the form of a textual message at program startup or | 
| 78 | * in documentation (online or textual) provided with the package. | 78 | * in documentation (online or textual) provided with the package. | 
| 79 | * | 79 | * | 
| 80 | * Redistribution and use in source and binary forms, with or without | 80 | * Redistribution and use in source and binary forms, with or without | 
| 81 | * modification, are permitted provided that the following conditions | 81 | * modification, are permitted provided that the following conditions | 
| 82 | * are met: | 82 | * are met: | 
| @@ -91,10 +91,10 @@ | |||
| 91 | * Eric Young (eay@cryptsoft.com)" | 91 | * Eric Young (eay@cryptsoft.com)" | 
| 92 | * The word 'cryptographic' can be left out if the rouines from the library | 92 | * The word 'cryptographic' can be left out if the rouines from the library | 
| 93 | * being used are not cryptographic related :-). | 93 | * being used are not cryptographic related :-). | 
| 94 | * 4. If you include any Windows specific code (or a derivative thereof) from | 94 | * 4. If you include any Windows specific code (or a derivative thereof) from | 
| 95 | * the apps directory (application code) you must include an acknowledgement: | 95 | * the apps directory (application code) you must include an acknowledgement: | 
| 96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 
| 97 | * | 97 | * | 
| 98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 
| 99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 
| 100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 
| @@ -106,7 +106,7 @@ | |||
| 106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 
| 107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 
| 108 | * SUCH DAMAGE. | 108 | * SUCH DAMAGE. | 
| 109 | * | 109 | * | 
| 110 | * The licence and distribution terms for any publically available version or | 110 | * The licence and distribution terms for any publically available version or | 
| 111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 
| 112 | * copied and put under another distribution licence | 112 | * copied and put under another distribution licence | 
| @@ -225,7 +225,8 @@ dtls1_connect(SSL *s) | |||
| 225 | 225 | ||
| 226 | if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && | 226 | if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && | 
| 227 | (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) { | 227 | (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) { | 
| 228 | SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); | 228 | SSLerr(SSL_F_DTLS1_CONNECT, | 
| 229 | ERR_R_INTERNAL_ERROR); | ||
| 229 | ret = -1; | 230 | ret = -1; | 
| 230 | goto end; | 231 | goto end; | 
| 231 | } | 232 | } | 
| @@ -263,7 +264,8 @@ dtls1_connect(SSL *s) | |||
| 263 | s->ctx->stats.sess_connect++; | 264 | s->ctx->stats.sess_connect++; | 
| 264 | s->init_num = 0; | 265 | s->init_num = 0; | 
| 265 | /* mark client_random uninitialized */ | 266 | /* mark client_random uninitialized */ | 
| 266 | memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); | 267 | memset(s->s3->client_random, 0, | 
| 268 | sizeof(s->s3->client_random)); | ||
| 267 | s->d1->send_cookie = 0; | 269 | s->d1->send_cookie = 0; | 
| 268 | s->hit = 0; | 270 | s->hit = 0; | 
| 269 | break; | 271 | break; | 
| @@ -334,7 +336,6 @@ dtls1_connect(SSL *s) | |||
| 334 | #ifndef OPENSSL_NO_SCTP | 336 | #ifndef OPENSSL_NO_SCTP | 
| 335 | } | 337 | } | 
| 336 | #endif | 338 | #endif | 
| 337 | |||
| 338 | break; | 339 | break; | 
| 339 | 340 | ||
| 340 | case SSL3_ST_CR_SRVR_HELLO_A: | 341 | case SSL3_ST_CR_SRVR_HELLO_A: | 
| @@ -349,14 +350,14 @@ dtls1_connect(SSL *s) | |||
| 349 | * will be ignored if no SCTP used. | 350 | * will be ignored if no SCTP used. | 
| 350 | */ | 351 | */ | 
| 351 | snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), | 352 | snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), | 
| 352 | DTLS1_SCTP_AUTH_LABEL); | 353 | DTLS1_SCTP_AUTH_LABEL); | 
| 353 | 354 | ||
| 354 | SSL_export_keying_material(s, sctpauthkey, | 355 | SSL_export_keying_material(s, sctpauthkey, | 
| 355 | sizeof(sctpauthkey), labelbuffer, | 356 | sizeof(sctpauthkey), labelbuffer, | 
| 356 | sizeof(labelbuffer), NULL, 0, 0); | 357 | sizeof(labelbuffer), NULL, 0, 0); | 
| 357 | 358 | ||
| 358 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, | 359 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, | 
| 359 | sizeof(sctpauthkey), sctpauthkey); | 360 | sizeof(sctpauthkey), sctpauthkey); | 
| 360 | #endif | 361 | #endif | 
| 361 | 362 | ||
| 362 | s->state = SSL3_ST_CR_FINISHED_A; | 363 | s->state = SSL3_ST_CR_FINISHED_A; | 
| @@ -448,12 +449,12 @@ dtls1_connect(SSL *s) | |||
| 448 | s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; | 449 | s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; | 
| 449 | s->init_num = 0; | 450 | s->init_num = 0; | 
| 450 | 451 | ||
| 451 | #ifndef OPENSSL_NO_SCTP | 452 | #ifndef OPENSSL_NO_SCTP | 
| 452 | if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && | 453 | if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && | 
| 453 | state == SSL_ST_RENEGOTIATE) | 454 | state == SSL_ST_RENEGOTIATE) | 
| 454 | s->state = DTLS1_SCTP_ST_CR_READ_SOCK; | 455 | s->state = DTLS1_SCTP_ST_CR_READ_SOCK; | 
| 455 | else | 456 | else | 
| 456 | #endif | 457 | #endif | 
| 457 | s->state = s->s3->tmp.next_state; | 458 | s->state = s->s3->tmp.next_state; | 
| 458 | break; | 459 | break; | 
| 459 | 460 | ||
| @@ -535,7 +536,7 @@ dtls1_connect(SSL *s) | |||
| 535 | if (!s->hit) | 536 | if (!s->hit) | 
| 536 | dtls1_start_timer(s); | 537 | dtls1_start_timer(s); | 
| 537 | ret = dtls1_send_change_cipher_spec(s, | 538 | ret = dtls1_send_change_cipher_spec(s, | 
| 538 | SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); | 539 | SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); | 
| 539 | if (ret <= 0) | 540 | if (ret <= 0) | 
| 540 | goto end; | 541 | goto end; | 
| 541 | 542 | ||
| @@ -581,9 +582,9 @@ dtls1_connect(SSL *s) | |||
| 581 | if (!s->hit) | 582 | if (!s->hit) | 
| 582 | dtls1_start_timer(s); | 583 | dtls1_start_timer(s); | 
| 583 | ret = dtls1_send_finished(s, | 584 | ret = dtls1_send_finished(s, | 
| 584 | SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, | 585 | SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, | 
| 585 | s->method->ssl3_enc->client_finished_label, | 586 | s->method->ssl3_enc->client_finished_label, | 
| 586 | s->method->ssl3_enc->client_finished_label_len); | 587 | s->method->ssl3_enc->client_finished_label_len); | 
| 587 | if (ret <= 0) | 588 | if (ret <= 0) | 
| 588 | goto end; | 589 | goto end; | 
| 589 | s->state = SSL3_ST_CW_FLUSH; | 590 | s->state = SSL3_ST_CW_FLUSH; | 
| @@ -606,7 +607,7 @@ dtls1_connect(SSL *s) | |||
| 606 | s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; | 607 | s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; | 
| 607 | } | 608 | } | 
| 608 | #endif | 609 | #endif | 
| 609 | s->s3->flags|=SSL3_FLAGS_POP_BUFFER; | 610 | s->s3->flags |= SSL3_FLAGS_POP_BUFFER; | 
| 610 | s->s3->delay_buf_pop_ret = 0; | 611 | s->s3->delay_buf_pop_ret = 0; | 
| 611 | } | 612 | } | 
| 612 | } else { | 613 | } else { | 
| @@ -614,15 +615,17 @@ dtls1_connect(SSL *s) | |||
| 614 | /* Change to new shared key of SCTP-Auth, | 615 | /* Change to new shared key of SCTP-Auth, | 
| 615 | * will be ignored if no SCTP used. | 616 | * will be ignored if no SCTP used. | 
| 616 | */ | 617 | */ | 
| 617 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); | 618 | BIO_ctrl(SSL_get_wbio(s), | 
| 619 | BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); | ||
| 618 | #endif | 620 | #endif | 
| 619 | 621 | ||
| 620 | /* Allow NewSessionTicket if ticket expected */ | 622 | /* Allow NewSessionTicket if ticket expected */ | 
| 621 | if (s->tlsext_ticket_expected) | 623 | if (s->tlsext_ticket_expected) | 
| 622 | s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; | 624 | s->s3->tmp.next_state = | 
| 625 | SSL3_ST_CR_SESSION_TICKET_A; | ||
| 623 | else | 626 | else | 
| 624 | 627 | s->s3->tmp.next_state = | |
| 625 | s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; | 628 | SSL3_ST_CR_FINISHED_A; | 
| 626 | } | 629 | } | 
| 627 | s->init_num = 0; | 630 | s->init_num = 0; | 
| 628 | break; | 631 | break; | 
| @@ -661,7 +664,7 @@ dtls1_connect(SSL *s) | |||
| 661 | 664 | ||
| 662 | #ifndef OPENSSL_NO_SCTP | 665 | #ifndef OPENSSL_NO_SCTP | 
| 663 | if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && | 666 | if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && | 
| 664 | state == SSL_ST_RENEGOTIATE) { | 667 | state == SSL_ST_RENEGOTIATE) { | 
| 665 | s->d1->next_state = s->state; | 668 | s->d1->next_state = s->state; | 
| 666 | s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; | 669 | s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; | 
| 667 | } | 670 | } | 
| @@ -786,7 +789,7 @@ dtls1_client_hello(SSL *s) | |||
| 786 | /* if client_random is initialized, reuse it, we are | 789 | /* if client_random is initialized, reuse it, we are | 
| 787 | * required to use same upon reply to HelloVerify */ | 790 | * required to use same upon reply to HelloVerify */ | 
| 788 | for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) | 791 | for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) | 
| 789 | ; | 792 | ; | 
| 790 | if (i == sizeof(s->s3->client_random)) | 793 | if (i == sizeof(s->s3->client_random)) | 
| 791 | ssl_fill_hello_random(s, 0, p, | 794 | ssl_fill_hello_random(s, 0, p, | 
| 792 | sizeof(s->s3->client_random)); | 795 | sizeof(s->s3->client_random)); | 
| @@ -810,7 +813,8 @@ dtls1_client_hello(SSL *s) | |||
| 810 | *(p++) = i; | 813 | *(p++) = i; | 
| 811 | if (i != 0) { | 814 | if (i != 0) { | 
| 812 | if (i > sizeof s->session->session_id) { | 815 | if (i > sizeof s->session->session_id) { | 
| 813 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | 816 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, | 
| 817 | ERR_R_INTERNAL_ERROR); | ||
| 814 | goto err; | 818 | goto err; | 
| 815 | } | 819 | } | 
| 816 | memcpy(p, s->session->session_id, i); | 820 | memcpy(p, s->session->session_id, i); | 
| @@ -829,7 +833,8 @@ dtls1_client_hello(SSL *s) | |||
| 829 | /* Ciphers supported */ | 833 | /* Ciphers supported */ | 
| 830 | i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0); | 834 | i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0); | 
| 831 | if (i == 0) { | 835 | if (i == 0) { | 
| 832 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); | 836 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, | 
| 837 | SSL_R_NO_CIPHERS_AVAILABLE); | ||
| 833 | goto err; | 838 | goto err; | 
| 834 | } | 839 | } | 
| 835 | s2n(i, p); | 840 | s2n(i, p); | 
| @@ -847,7 +852,8 @@ dtls1_client_hello(SSL *s) | |||
| 847 | } | 852 | } | 
| 848 | *(p++) = 0; /* Add the NULL method */ | 853 | *(p++) = 0; /* Add the NULL method */ | 
| 849 | 854 | ||
| 850 | if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { | 855 | if ((p = ssl_add_clienthello_tlsext(s, p, | 
| 856 | buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { | ||
| 851 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | 857 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | 
| 852 | goto err; | 858 | goto err; | 
| 853 | } | 859 | } | 
| @@ -855,7 +861,8 @@ dtls1_client_hello(SSL *s) | |||
| 855 | l = (p - d); | 861 | l = (p - d); | 
| 856 | d = buf; | 862 | d = buf; | 
| 857 | 863 | ||
| 858 | d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l); | 864 | d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, | 
| 865 | l, 0, l); | ||
| 859 | 866 | ||
| 860 | s->state = SSL3_ST_CW_CLNT_HELLO_B; | 867 | s->state = SSL3_ST_CW_CLNT_HELLO_B; | 
| 861 | /* number of bytes to write */ | 868 | /* number of bytes to write */ | 
| @@ -879,12 +886,8 @@ dtls1_get_hello_verify(SSL *s) | |||
| 879 | unsigned char *data; | 886 | unsigned char *data; | 
| 880 | unsigned int cookie_len; | 887 | unsigned int cookie_len; | 
| 881 | 888 | ||
| 882 | n = s->method->ssl_get_message(s, | 889 | n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, | 
| 883 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, | 890 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok); | 
| 884 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, | ||
| 885 | -1, | ||
| 886 | s->max_cert_list, | ||
| 887 | &ok); | ||
| 888 | 891 | ||
| 889 | if (!ok) | 892 | if (!ok) | 
| 890 | return ((int)n); | 893 | return ((int)n); | 
| @@ -954,7 +957,8 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 954 | if ((pkey == NULL) || | 957 | if ((pkey == NULL) || | 
| 955 | (pkey->type != EVP_PKEY_RSA) || | 958 | (pkey->type != EVP_PKEY_RSA) || | 
| 956 | (pkey->pkey.rsa == NULL)) { | 959 | (pkey->pkey.rsa == NULL)) { | 
| 957 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | 960 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 961 | ERR_R_INTERNAL_ERROR); | ||
| 958 | goto err; | 962 | goto err; | 
| 959 | } | 963 | } | 
| 960 | rsa = pkey->pkey.rsa; | 964 | rsa = pkey->pkey.rsa; | 
| @@ -973,9 +977,10 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 973 | if (s->version > SSL3_VERSION) | 977 | if (s->version > SSL3_VERSION) | 
| 974 | p += 2; | 978 | p += 2; | 
| 975 | n = RSA_public_encrypt(sizeof tmp_buf, | 979 | n = RSA_public_encrypt(sizeof tmp_buf, | 
| 976 | tmp_buf, p, rsa, RSA_PKCS1_PADDING); | 980 | tmp_buf, p, rsa, RSA_PKCS1_PADDING); | 
| 977 | if (n <= 0) { | 981 | if (n <= 0) { | 
| 978 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); | 982 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 983 | SSL_R_BAD_RSA_ENCRYPT); | ||
| 979 | goto err; | 984 | goto err; | 
| 980 | } | 985 | } | 
| 981 | 986 | ||
| @@ -986,30 +991,33 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 986 | } | 991 | } | 
| 987 | 992 | ||
| 988 | s->session->master_key_length = | 993 | s->session->master_key_length = | 
| 989 | s->method->ssl3_enc->generate_master_secret(s, | 994 | s->method->ssl3_enc->generate_master_secret(s, | 
| 990 | s->session->master_key, | 995 | s->session->master_key, | 
| 991 | tmp_buf, sizeof tmp_buf); | 996 | tmp_buf, sizeof tmp_buf); | 
| 992 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 997 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 
| 993 | } | 998 | } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 
| 994 | else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | ||
| 995 | DH *dh_srvr, *dh_clnt; | 999 | DH *dh_srvr, *dh_clnt; | 
| 996 | 1000 | ||
| 997 | if (s->session->sess_cert->peer_dh_tmp != NULL) | 1001 | if (s->session->sess_cert->peer_dh_tmp != NULL) | 
| 998 | dh_srvr = s->session->sess_cert->peer_dh_tmp; | 1002 | dh_srvr = s->session->sess_cert->peer_dh_tmp; | 
| 999 | else { | 1003 | else { | 
| 1000 | /* we get them from the cert */ | 1004 | /* we get them from the cert */ | 
| 1001 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | 1005 | ssl3_send_alert(s, SSL3_AL_FATAL, | 
| 1002 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); | 1006 | SSL_AD_HANDSHAKE_FAILURE); | 
| 1007 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1008 | SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); | ||
| 1003 | goto err; | 1009 | goto err; | 
| 1004 | } | 1010 | } | 
| 1005 | 1011 | ||
| 1006 | /* generate a new random key */ | 1012 | /* generate a new random key */ | 
| 1007 | if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { | 1013 | if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { | 
| 1008 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); | 1014 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1015 | ERR_R_DH_LIB); | ||
| 1009 | goto err; | 1016 | goto err; | 
| 1010 | } | 1017 | } | 
| 1011 | if (!DH_generate_key(dh_clnt)) { | 1018 | if (!DH_generate_key(dh_clnt)) { | 
| 1012 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); | 1019 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1020 | ERR_R_DH_LIB); | ||
| 1013 | goto err; | 1021 | goto err; | 
| 1014 | } | 1022 | } | 
| 1015 | 1023 | ||
| @@ -1019,14 +1027,15 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1019 | n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); | 1027 | n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); | 
| 1020 | 1028 | ||
| 1021 | if (n <= 0) { | 1029 | if (n <= 0) { | 
| 1022 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); | 1030 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1031 | ERR_R_DH_LIB); | ||
| 1023 | goto err; | 1032 | goto err; | 
| 1024 | } | 1033 | } | 
| 1025 | 1034 | ||
| 1026 | /* generate master key from the result */ | 1035 | /* generate master key from the result */ | 
| 1027 | s->session->master_key_length = | 1036 | s->session->master_key_length = | 
| 1028 | s->method->ssl3_enc->generate_master_secret(s, | 1037 | s->method->ssl3_enc->generate_master_secret( | 
| 1029 | s->session->master_key, p, n); | 1038 | s, s->session->master_key, p, n); | 
| 1030 | /* clean up */ | 1039 | /* clean up */ | 
| 1031 | memset(p, 0, n); | 1040 | memset(p, 0, n); | 
| 1032 | 1041 | ||
| @@ -1039,8 +1048,7 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1039 | DH_free(dh_clnt); | 1048 | DH_free(dh_clnt); | 
| 1040 | 1049 | ||
| 1041 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 1050 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 
| 1042 | } | 1051 | } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | 
| 1043 | else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | ||
| 1044 | const EC_GROUP *srvr_group = NULL; | 1052 | const EC_GROUP *srvr_group = NULL; | 
| 1045 | EC_KEY *tkey; | 1053 | EC_KEY *tkey; | 
| 1046 | int ecdh_clnt_cert = 0; | 1054 | int ecdh_clnt_cert = 0; | 
| @@ -1051,11 +1059,12 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1051 | * computation as part of client certificate? | 1059 | * computation as part of client certificate? | 
| 1052 | * If so, set ecdh_clnt_cert to 1. | 1060 | * If so, set ecdh_clnt_cert to 1. | 
| 1053 | */ | 1061 | */ | 
| 1054 | if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { | 1062 | if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && | 
| 1063 | (s->cert != NULL)) { | ||
| 1055 | /* XXX: For now, we do not support client | 1064 | /* XXX: For now, we do not support client | 
| 1056 | * authentication using ECDH certificates. | 1065 | * authentication using ECDH certificates. | 
| 1057 | * To add such support, one needs to add | 1066 | * To add such support, one needs to add | 
| 1058 | * code that checks for appropriate | 1067 | * code that checks for appropriate | 
| 1059 | * conditions and sets ecdh_clnt_cert to 1. | 1068 | * conditions and sets ecdh_clnt_cert to 1. | 
| 1060 | * For example, the cert have an ECC | 1069 | * For example, the cert have an ECC | 
| 1061 | * key on the same curve as the server's | 1070 | * key on the same curve as the server's | 
| @@ -1083,7 +1092,7 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1083 | (srvr_pub_pkey->type != EVP_PKEY_EC) || | 1092 | (srvr_pub_pkey->type != EVP_PKEY_EC) || | 
| 1084 | (srvr_pub_pkey->pkey.ec == NULL)) { | 1093 | (srvr_pub_pkey->pkey.ec == NULL)) { | 
| 1085 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1094 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1086 | ERR_R_INTERNAL_ERROR); | 1095 | ERR_R_INTERNAL_ERROR); | 
| 1087 | goto err; | 1096 | goto err; | 
| 1088 | } | 1097 | } | 
| 1089 | 1098 | ||
| @@ -1095,17 +1104,19 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1095 | 1104 | ||
| 1096 | if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { | 1105 | if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { | 
| 1097 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1106 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1098 | ERR_R_INTERNAL_ERROR); | 1107 | ERR_R_INTERNAL_ERROR); | 
| 1099 | goto err; | 1108 | goto err; | 
| 1100 | } | 1109 | } | 
| 1101 | 1110 | ||
| 1102 | if ((clnt_ecdh = EC_KEY_new()) == NULL) { | 1111 | if ((clnt_ecdh = EC_KEY_new()) == NULL) { | 
| 1103 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); | 1112 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1113 | ERR_R_MALLOC_FAILURE); | ||
| 1104 | goto err; | 1114 | goto err; | 
| 1105 | } | 1115 | } | 
| 1106 | 1116 | ||
| 1107 | if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { | 1117 | if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { | 
| 1108 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); | 1118 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1119 | ERR_R_EC_LIB); | ||
| 1109 | goto err; | 1120 | goto err; | 
| 1110 | } | 1121 | } | 
| 1111 | if (ecdh_clnt_cert) { | 1122 | if (ecdh_clnt_cert) { | 
| @@ -1117,17 +1128,20 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1117 | tkey = s->cert->key->privatekey->pkey.ec; | 1128 | tkey = s->cert->key->privatekey->pkey.ec; | 
| 1118 | priv_key = EC_KEY_get0_private_key(tkey); | 1129 | priv_key = EC_KEY_get0_private_key(tkey); | 
| 1119 | if (priv_key == NULL) { | 1130 | if (priv_key == NULL) { | 
| 1120 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); | 1131 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1132 | ERR_R_MALLOC_FAILURE); | ||
| 1121 | goto err; | 1133 | goto err; | 
| 1122 | } | 1134 | } | 
| 1123 | if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { | 1135 | if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { | 
| 1124 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); | 1136 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1137 | ERR_R_EC_LIB); | ||
| 1125 | goto err; | 1138 | goto err; | 
| 1126 | } | 1139 | } | 
| 1127 | } else { | 1140 | } else { | 
| 1128 | /* Generate a new ECDH key pair */ | 1141 | /* Generate a new ECDH key pair */ | 
| 1129 | if (!(EC_KEY_generate_key(clnt_ecdh))) { | 1142 | if (!(EC_KEY_generate_key(clnt_ecdh))) { | 
| 1130 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); | 1143 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1144 | ERR_R_ECDH_LIB); | ||
| 1131 | goto err; | 1145 | goto err; | 
| 1132 | } | 1146 | } | 
| 1133 | } | 1147 | } | 
| @@ -1139,22 +1153,20 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1139 | field_size = EC_GROUP_get_degree(srvr_group); | 1153 | field_size = EC_GROUP_get_degree(srvr_group); | 
| 1140 | if (field_size <= 0) { | 1154 | if (field_size <= 0) { | 
| 1141 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1155 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1142 | ERR_R_ECDH_LIB); | 1156 | ERR_R_ECDH_LIB); | 
| 1143 | goto err; | 1157 | goto err; | 
| 1144 | } | 1158 | } | 
| 1145 | n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); | 1159 | n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); | 
| 1146 | if (n <= 0) { | 1160 | if (n <= 0) { | 
| 1147 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1161 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1148 | ERR_R_ECDH_LIB); | 1162 | ERR_R_ECDH_LIB); | 
| 1149 | goto err; | 1163 | goto err; | 
| 1150 | } | 1164 | } | 
| 1151 | 1165 | ||
| 1152 | /* generate master key from the result */ | 1166 | /* generate master key from the result */ | 
| 1153 | s->session->master_key_length = s->method->ssl3_enc \ | 1167 | s->session->master_key_length = | 
| 1154 | -> generate_master_secret(s, | 1168 | s->method->ssl3_enc->generate_master_secret( | 
| 1155 | s->session->master_key, | 1169 | s, s->session->master_key, p, n); | 
| 1156 | p, n); | ||
| 1157 | |||
| 1158 | memset(p, 0, n); /* clean up */ | 1170 | memset(p, 0, n); /* clean up */ | 
| 1159 | 1171 | ||
| 1160 | if (ecdh_clnt_cert) { | 1172 | if (ecdh_clnt_cert) { | 
| @@ -1164,26 +1176,26 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1164 | /* First check the size of encoding and | 1176 | /* First check the size of encoding and | 
| 1165 | * allocate memory accordingly. | 1177 | * allocate memory accordingly. | 
| 1166 | */ | 1178 | */ | 
| 1167 | encoded_pt_len = | 1179 | encoded_pt_len = EC_POINT_point2oct(srvr_group, | 
| 1168 | EC_POINT_point2oct(srvr_group, | 1180 | EC_KEY_get0_public_key(clnt_ecdh), | 
| 1169 | EC_KEY_get0_public_key(clnt_ecdh), | 1181 | POINT_CONVERSION_UNCOMPRESSED, | 
| 1170 | POINT_CONVERSION_UNCOMPRESSED, | 1182 | NULL, 0, NULL); | 
| 1171 | NULL, 0, NULL); | ||
| 1172 | 1183 | ||
| 1173 | encodedPoint = malloc(encoded_pt_len); | 1184 | encodedPoint = malloc(encoded_pt_len); | 
| 1174 | 1185 | ||
| 1175 | bn_ctx = BN_CTX_new(); | 1186 | bn_ctx = BN_CTX_new(); | 
| 1176 | if ((encodedPoint == NULL) || | 1187 | if ((encodedPoint == NULL) || | 
| 1177 | (bn_ctx == NULL)) { | 1188 | (bn_ctx == NULL)) { | 
| 1178 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); | 1189 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1190 | ERR_R_MALLOC_FAILURE); | ||
| 1179 | goto err; | 1191 | goto err; | 
| 1180 | } | 1192 | } | 
| 1181 | 1193 | ||
| 1182 | /* Encode the public key */ | 1194 | /* Encode the public key */ | 
| 1183 | n = EC_POINT_point2oct(srvr_group, | 1195 | n = EC_POINT_point2oct(srvr_group, | 
| 1184 | EC_KEY_get0_public_key(clnt_ecdh), | 1196 | EC_KEY_get0_public_key(clnt_ecdh), | 
| 1185 | POINT_CONVERSION_UNCOMPRESSED, | 1197 | POINT_CONVERSION_UNCOMPRESSED, | 
| 1186 | encodedPoint, encoded_pt_len, bn_ctx); | 1198 | encodedPoint, encoded_pt_len, bn_ctx); | 
| 1187 | 1199 | ||
| 1188 | *p = n; /* length of encoded point */ | 1200 | *p = n; /* length of encoded point */ | 
| 1189 | /* Encoded point will be copied here */ | 1201 | /* Encoded point will be copied here */ | 
| @@ -1215,7 +1227,7 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1215 | n = 0; | 1227 | n = 0; | 
| 1216 | if (s->psk_client_callback == NULL) { | 1228 | if (s->psk_client_callback == NULL) { | 
| 1217 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1229 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1218 | SSL_R_PSK_NO_CLIENT_CB); | 1230 | SSL_R_PSK_NO_CLIENT_CB); | 
| 1219 | goto err; | 1231 | goto err; | 
| 1220 | } | 1232 | } | 
| 1221 | 1233 | ||
| @@ -1236,7 +1248,8 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1236 | /* create PSK pre_master_secret */ | 1248 | /* create PSK pre_master_secret */ | 
| 1237 | pre_ms_len = 2 + psk_len + 2 + psk_len; | 1249 | pre_ms_len = 2 + psk_len + 2 + psk_len; | 
| 1238 | t = psk_or_pre_ms; | 1250 | t = psk_or_pre_ms; | 
| 1239 | memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len); | 1251 | memmove(psk_or_pre_ms + psk_len + 4, | 
| 1252 | psk_or_pre_ms, psk_len); | ||
| 1240 | s2n(psk_len, t); | 1253 | s2n(psk_len, t); | 
| 1241 | memset(t, 0, psk_len); | 1254 | memset(t, 0, psk_len); | 
| 1242 | t += psk_len; | 1255 | t += psk_len; | 
| @@ -1246,9 +1259,9 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1246 | s->session->psk_identity_hint = | 1259 | s->session->psk_identity_hint = | 
| 1247 | BUF_strdup(s->ctx->psk_identity_hint); | 1260 | BUF_strdup(s->ctx->psk_identity_hint); | 
| 1248 | if (s->ctx->psk_identity_hint != NULL && | 1261 | if (s->ctx->psk_identity_hint != NULL && | 
| 1249 | s->session->psk_identity_hint == NULL) { | 1262 | s->session->psk_identity_hint == NULL) { | 
| 1250 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1263 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1251 | ERR_R_MALLOC_FAILURE); | 1264 | ERR_R_MALLOC_FAILURE); | 
| 1252 | goto psk_err; | 1265 | goto psk_err; | 
| 1253 | } | 1266 | } | 
| 1254 | 1267 | ||
| @@ -1256,14 +1269,14 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1256 | s->session->psk_identity = BUF_strdup(identity); | 1269 | s->session->psk_identity = BUF_strdup(identity); | 
| 1257 | if (s->session->psk_identity == NULL) { | 1270 | if (s->session->psk_identity == NULL) { | 
| 1258 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1271 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1259 | ERR_R_MALLOC_FAILURE); | 1272 | ERR_R_MALLOC_FAILURE); | 
| 1260 | goto psk_err; | 1273 | goto psk_err; | 
| 1261 | } | 1274 | } | 
| 1262 | 1275 | ||
| 1263 | s->session->master_key_length = | 1276 | s->session->master_key_length = | 
| 1264 | s->method->ssl3_enc->generate_master_secret(s, | 1277 | s->method->ssl3_enc->generate_master_secret(s, | 
| 1265 | s->session->master_key, | 1278 | s->session->master_key, | 
| 1266 | psk_or_pre_ms, pre_ms_len); | 1279 | psk_or_pre_ms, pre_ms_len); | 
| 1267 | 1280 | ||
| 1268 | n = strlen(identity); | 1281 | n = strlen(identity); | 
| 1269 | s2n(n, p); | 1282 | s2n(n, p); | 
| @@ -1274,14 +1287,17 @@ psk_err: | |||
| 1274 | OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); | 1287 | OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); | 
| 1275 | OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); | 1288 | OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); | 
| 1276 | if (psk_err != 0) { | 1289 | if (psk_err != 0) { | 
| 1277 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | 1290 | ssl3_send_alert(s, SSL3_AL_FATAL, | 
| 1291 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 1278 | goto err; | 1292 | goto err; | 
| 1279 | } | 1293 | } | 
| 1280 | } | 1294 | } | 
| 1281 | #endif | 1295 | #endif | 
| 1282 | else { | 1296 | else { | 
| 1283 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | 1297 | ssl3_send_alert(s, SSL3_AL_FATAL, | 
| 1284 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | 1298 | SSL_AD_HANDSHAKE_FAILURE); | 
| 1299 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1300 | ERR_R_INTERNAL_ERROR); | ||
| 1285 | goto err; | 1301 | goto err; | 
| 1286 | } | 1302 | } | 
| 1287 | 1303 | ||
| @@ -1338,42 +1354,42 @@ dtls1_send_client_verify(SSL *s) | |||
| 1338 | if (RSA_sign(NID_md5_sha1, data, | 1354 | if (RSA_sign(NID_md5_sha1, data, | 
| 1339 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, | 1355 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, | 
| 1340 | &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { | 1356 | &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { | 
| 1341 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); | 1357 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | 
| 1358 | ERR_R_RSA_LIB); | ||
| 1342 | goto err; | 1359 | goto err; | 
| 1343 | } | 1360 | } | 
| 1344 | s2n(u, p); | 1361 | s2n(u, p); | 
| 1345 | n = u + 2; | 1362 | n = u + 2; | 
| 1346 | } else | 1363 | } else if (pkey->type == EVP_PKEY_DSA) { | 
| 1347 | if (pkey->type == EVP_PKEY_DSA) { | ||
| 1348 | if (!DSA_sign(pkey->save_type, | 1364 | if (!DSA_sign(pkey->save_type, | 
| 1349 | &(data[MD5_DIGEST_LENGTH]), | 1365 | &(data[MD5_DIGEST_LENGTH]), | 
| 1350 | SHA_DIGEST_LENGTH, &(p[2]), | 1366 | SHA_DIGEST_LENGTH, &(p[2]), | 
| 1351 | (unsigned int *)&j, pkey->pkey.dsa)) { | 1367 | (unsigned int *)&j, pkey->pkey.dsa)) { | 
| 1352 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); | 1368 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | 
| 1369 | ERR_R_DSA_LIB); | ||
| 1353 | goto err; | 1370 | goto err; | 
| 1354 | } | 1371 | } | 
| 1355 | s2n(j, p); | 1372 | s2n(j, p); | 
| 1356 | n = j + 2; | 1373 | n = j + 2; | 
| 1357 | } else | 1374 | } else if (pkey->type == EVP_PKEY_EC) { | 
| 1358 | if (pkey->type == EVP_PKEY_EC) { | ||
| 1359 | if (!ECDSA_sign(pkey->save_type, | 1375 | if (!ECDSA_sign(pkey->save_type, | 
| 1360 | &(data[MD5_DIGEST_LENGTH]), | 1376 | &(data[MD5_DIGEST_LENGTH]), | 
| 1361 | SHA_DIGEST_LENGTH, &(p[2]), | 1377 | SHA_DIGEST_LENGTH, &(p[2]), | 
| 1362 | (unsigned int *)&j, pkey->pkey.ec)) { | 1378 | (unsigned int *)&j, pkey->pkey.ec)) { | 
| 1363 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | 1379 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | 
| 1364 | ERR_R_ECDSA_LIB); | 1380 | ERR_R_ECDSA_LIB); | 
| 1365 | goto err; | 1381 | goto err; | 
| 1366 | } | 1382 | } | 
| 1367 | s2n(j, p); | 1383 | s2n(j, p); | 
| 1368 | n = j + 2; | 1384 | n = j + 2; | 
| 1369 | } else | 1385 | } else { | 
| 1370 | { | 1386 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | 
| 1371 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); | 1387 | ERR_R_INTERNAL_ERROR); | 
| 1372 | goto err; | 1388 | goto err; | 
| 1373 | } | 1389 | } | 
| 1374 | 1390 | ||
| 1375 | d = dtls1_set_message_header(s, d, | 1391 | d = dtls1_set_message_header(s, d, | 
| 1376 | SSL3_MT_CERTIFICATE_VERIFY, n, 0, n); | 1392 | SSL3_MT_CERTIFICATE_VERIFY, n, 0, n); | 
| 1377 | 1393 | ||
| 1378 | s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH; | 1394 | s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH; | 
| 1379 | s->init_off = 0; | 1395 | s->init_off = 0; | 
| @@ -1425,7 +1441,8 @@ dtls1_send_client_certificate(SSL *s) | |||
| 1425 | i = 0; | 1441 | i = 0; | 
| 1426 | } else if (i == 1) { | 1442 | } else if (i == 1) { | 
| 1427 | i = 0; | 1443 | i = 0; | 
| 1428 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); | 1444 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, | 
| 1445 | SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); | ||
| 1429 | } | 1446 | } | 
| 1430 | 1447 | ||
| 1431 | if (x509 != NULL) | 1448 | if (x509 != NULL) | 
| @@ -1435,7 +1452,8 @@ dtls1_send_client_certificate(SSL *s) | |||
| 1435 | if (i == 0) { | 1452 | if (i == 0) { | 
| 1436 | if (s->version == SSL3_VERSION) { | 1453 | if (s->version == SSL3_VERSION) { | 
| 1437 | s->s3->tmp.cert_req = 0; | 1454 | s->s3->tmp.cert_req = 0; | 
| 1438 | ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); | 1455 | ssl3_send_alert(s, SSL3_AL_WARNING, | 
| 1456 | SSL_AD_NO_CERTIFICATE); | ||
| 1439 | return (1); | 1457 | return (1); | 
| 1440 | } else { | 1458 | } else { | 
| 1441 | s->s3->tmp.cert_req = 2; | 1459 | s->s3->tmp.cert_req = 2; | 
| @@ -1458,6 +1476,7 @@ dtls1_send_client_certificate(SSL *s) | |||
| 1458 | /* buffer the message to handle re-xmits */ | 1476 | /* buffer the message to handle re-xmits */ | 
| 1459 | dtls1_buffer_message(s, 0); | 1477 | dtls1_buffer_message(s, 0); | 
| 1460 | } | 1478 | } | 
| 1479 | |||
| 1461 | /* SSL3_ST_CW_CERT_D */ | 1480 | /* SSL3_ST_CW_CERT_D */ | 
| 1462 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 1481 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 
| 1463 | } | 1482 | } | 
| diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c index fe5f1aa200..ef4a74e0af 100644 --- a/src/lib/libssl/src/ssl/d1_clnt.c +++ b/src/lib/libssl/src/ssl/d1_clnt.c | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | /* ssl/d1_clnt.c */ | 1 | /* ssl/d1_clnt.c */ | 
| 2 | /* | 2 | /* | 
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu | 
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 
| 5 | */ | 5 | */ | 
| 6 | /* ==================================================================== | 6 | /* ==================================================================== | 
| 7 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. | 7 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. | 
| @@ -11,7 +11,7 @@ | |||
| 11 | * are met: | 11 | * are met: | 
| 12 | * | 12 | * | 
| 13 | * 1. Redistributions of source code must retain the above copyright | 13 | * 1. Redistributions of source code must retain the above copyright | 
| 14 | * notice, this list of conditions and the following disclaimer. | 14 | * notice, this list of conditions and the following disclaimer. | 
| 15 | * | 15 | * | 
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | 16 | * 2. Redistributions in binary form must reproduce the above copyright | 
| 17 | * notice, this list of conditions and the following disclaimer in | 17 | * notice, this list of conditions and the following disclaimer in | 
| @@ -62,21 +62,21 @@ | |||
| 62 | * This package is an SSL implementation written | 62 | * This package is an SSL implementation written | 
| 63 | * by Eric Young (eay@cryptsoft.com). | 63 | * by Eric Young (eay@cryptsoft.com). | 
| 64 | * The implementation was written so as to conform with Netscapes SSL. | 64 | * The implementation was written so as to conform with Netscapes SSL. | 
| 65 | * | 65 | * | 
| 66 | * This library is free for commercial and non-commercial use as long as | 66 | * This library is free for commercial and non-commercial use as long as | 
| 67 | * the following conditions are aheared to. The following conditions | 67 | * the following conditions are aheared to. The following conditions | 
| 68 | * apply to all code found in this distribution, be it the RC4, RSA, | 68 | * apply to all code found in this distribution, be it the RC4, RSA, | 
| 69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 
| 70 | * included with this distribution is covered by the same copyright terms | 70 | * included with this distribution is covered by the same copyright terms | 
| 71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 
| 72 | * | 72 | * | 
| 73 | * Copyright remains Eric Young's, and as such any Copyright notices in | 73 | * Copyright remains Eric Young's, and as such any Copyright notices in | 
| 74 | * the code are not to be removed. | 74 | * the code are not to be removed. | 
| 75 | * If this package is used in a product, Eric Young should be given attribution | 75 | * If this package is used in a product, Eric Young should be given attribution | 
| 76 | * as the author of the parts of the library used. | 76 | * as the author of the parts of the library used. | 
| 77 | * This can be in the form of a textual message at program startup or | 77 | * This can be in the form of a textual message at program startup or | 
| 78 | * in documentation (online or textual) provided with the package. | 78 | * in documentation (online or textual) provided with the package. | 
| 79 | * | 79 | * | 
| 80 | * Redistribution and use in source and binary forms, with or without | 80 | * Redistribution and use in source and binary forms, with or without | 
| 81 | * modification, are permitted provided that the following conditions | 81 | * modification, are permitted provided that the following conditions | 
| 82 | * are met: | 82 | * are met: | 
| @@ -91,10 +91,10 @@ | |||
| 91 | * Eric Young (eay@cryptsoft.com)" | 91 | * Eric Young (eay@cryptsoft.com)" | 
| 92 | * The word 'cryptographic' can be left out if the rouines from the library | 92 | * The word 'cryptographic' can be left out if the rouines from the library | 
| 93 | * being used are not cryptographic related :-). | 93 | * being used are not cryptographic related :-). | 
| 94 | * 4. If you include any Windows specific code (or a derivative thereof) from | 94 | * 4. If you include any Windows specific code (or a derivative thereof) from | 
| 95 | * the apps directory (application code) you must include an acknowledgement: | 95 | * the apps directory (application code) you must include an acknowledgement: | 
| 96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 
| 97 | * | 97 | * | 
| 98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 
| 99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 
| 100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 
| @@ -106,7 +106,7 @@ | |||
| 106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 
| 107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 
| 108 | * SUCH DAMAGE. | 108 | * SUCH DAMAGE. | 
| 109 | * | 109 | * | 
| 110 | * The licence and distribution terms for any publically available version or | 110 | * The licence and distribution terms for any publically available version or | 
| 111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 
| 112 | * copied and put under another distribution licence | 112 | * copied and put under another distribution licence | 
| @@ -225,7 +225,8 @@ dtls1_connect(SSL *s) | |||
| 225 | 225 | ||
| 226 | if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && | 226 | if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && | 
| 227 | (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) { | 227 | (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) { | 
| 228 | SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); | 228 | SSLerr(SSL_F_DTLS1_CONNECT, | 
| 229 | ERR_R_INTERNAL_ERROR); | ||
| 229 | ret = -1; | 230 | ret = -1; | 
| 230 | goto end; | 231 | goto end; | 
| 231 | } | 232 | } | 
| @@ -263,7 +264,8 @@ dtls1_connect(SSL *s) | |||
| 263 | s->ctx->stats.sess_connect++; | 264 | s->ctx->stats.sess_connect++; | 
| 264 | s->init_num = 0; | 265 | s->init_num = 0; | 
| 265 | /* mark client_random uninitialized */ | 266 | /* mark client_random uninitialized */ | 
| 266 | memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); | 267 | memset(s->s3->client_random, 0, | 
| 268 | sizeof(s->s3->client_random)); | ||
| 267 | s->d1->send_cookie = 0; | 269 | s->d1->send_cookie = 0; | 
| 268 | s->hit = 0; | 270 | s->hit = 0; | 
| 269 | break; | 271 | break; | 
| @@ -334,7 +336,6 @@ dtls1_connect(SSL *s) | |||
| 334 | #ifndef OPENSSL_NO_SCTP | 336 | #ifndef OPENSSL_NO_SCTP | 
| 335 | } | 337 | } | 
| 336 | #endif | 338 | #endif | 
| 337 | |||
| 338 | break; | 339 | break; | 
| 339 | 340 | ||
| 340 | case SSL3_ST_CR_SRVR_HELLO_A: | 341 | case SSL3_ST_CR_SRVR_HELLO_A: | 
| @@ -349,14 +350,14 @@ dtls1_connect(SSL *s) | |||
| 349 | * will be ignored if no SCTP used. | 350 | * will be ignored if no SCTP used. | 
| 350 | */ | 351 | */ | 
| 351 | snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), | 352 | snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), | 
| 352 | DTLS1_SCTP_AUTH_LABEL); | 353 | DTLS1_SCTP_AUTH_LABEL); | 
| 353 | 354 | ||
| 354 | SSL_export_keying_material(s, sctpauthkey, | 355 | SSL_export_keying_material(s, sctpauthkey, | 
| 355 | sizeof(sctpauthkey), labelbuffer, | 356 | sizeof(sctpauthkey), labelbuffer, | 
| 356 | sizeof(labelbuffer), NULL, 0, 0); | 357 | sizeof(labelbuffer), NULL, 0, 0); | 
| 357 | 358 | ||
| 358 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, | 359 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, | 
| 359 | sizeof(sctpauthkey), sctpauthkey); | 360 | sizeof(sctpauthkey), sctpauthkey); | 
| 360 | #endif | 361 | #endif | 
| 361 | 362 | ||
| 362 | s->state = SSL3_ST_CR_FINISHED_A; | 363 | s->state = SSL3_ST_CR_FINISHED_A; | 
| @@ -448,12 +449,12 @@ dtls1_connect(SSL *s) | |||
| 448 | s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; | 449 | s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; | 
| 449 | s->init_num = 0; | 450 | s->init_num = 0; | 
| 450 | 451 | ||
| 451 | #ifndef OPENSSL_NO_SCTP | 452 | #ifndef OPENSSL_NO_SCTP | 
| 452 | if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && | 453 | if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && | 
| 453 | state == SSL_ST_RENEGOTIATE) | 454 | state == SSL_ST_RENEGOTIATE) | 
| 454 | s->state = DTLS1_SCTP_ST_CR_READ_SOCK; | 455 | s->state = DTLS1_SCTP_ST_CR_READ_SOCK; | 
| 455 | else | 456 | else | 
| 456 | #endif | 457 | #endif | 
| 457 | s->state = s->s3->tmp.next_state; | 458 | s->state = s->s3->tmp.next_state; | 
| 458 | break; | 459 | break; | 
| 459 | 460 | ||
| @@ -535,7 +536,7 @@ dtls1_connect(SSL *s) | |||
| 535 | if (!s->hit) | 536 | if (!s->hit) | 
| 536 | dtls1_start_timer(s); | 537 | dtls1_start_timer(s); | 
| 537 | ret = dtls1_send_change_cipher_spec(s, | 538 | ret = dtls1_send_change_cipher_spec(s, | 
| 538 | SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); | 539 | SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); | 
| 539 | if (ret <= 0) | 540 | if (ret <= 0) | 
| 540 | goto end; | 541 | goto end; | 
| 541 | 542 | ||
| @@ -581,9 +582,9 @@ dtls1_connect(SSL *s) | |||
| 581 | if (!s->hit) | 582 | if (!s->hit) | 
| 582 | dtls1_start_timer(s); | 583 | dtls1_start_timer(s); | 
| 583 | ret = dtls1_send_finished(s, | 584 | ret = dtls1_send_finished(s, | 
| 584 | SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, | 585 | SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, | 
| 585 | s->method->ssl3_enc->client_finished_label, | 586 | s->method->ssl3_enc->client_finished_label, | 
| 586 | s->method->ssl3_enc->client_finished_label_len); | 587 | s->method->ssl3_enc->client_finished_label_len); | 
| 587 | if (ret <= 0) | 588 | if (ret <= 0) | 
| 588 | goto end; | 589 | goto end; | 
| 589 | s->state = SSL3_ST_CW_FLUSH; | 590 | s->state = SSL3_ST_CW_FLUSH; | 
| @@ -606,7 +607,7 @@ dtls1_connect(SSL *s) | |||
| 606 | s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; | 607 | s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; | 
| 607 | } | 608 | } | 
| 608 | #endif | 609 | #endif | 
| 609 | s->s3->flags|=SSL3_FLAGS_POP_BUFFER; | 610 | s->s3->flags |= SSL3_FLAGS_POP_BUFFER; | 
| 610 | s->s3->delay_buf_pop_ret = 0; | 611 | s->s3->delay_buf_pop_ret = 0; | 
| 611 | } | 612 | } | 
| 612 | } else { | 613 | } else { | 
| @@ -614,15 +615,17 @@ dtls1_connect(SSL *s) | |||
| 614 | /* Change to new shared key of SCTP-Auth, | 615 | /* Change to new shared key of SCTP-Auth, | 
| 615 | * will be ignored if no SCTP used. | 616 | * will be ignored if no SCTP used. | 
| 616 | */ | 617 | */ | 
| 617 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); | 618 | BIO_ctrl(SSL_get_wbio(s), | 
| 619 | BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); | ||
| 618 | #endif | 620 | #endif | 
| 619 | 621 | ||
| 620 | /* Allow NewSessionTicket if ticket expected */ | 622 | /* Allow NewSessionTicket if ticket expected */ | 
| 621 | if (s->tlsext_ticket_expected) | 623 | if (s->tlsext_ticket_expected) | 
| 622 | s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; | 624 | s->s3->tmp.next_state = | 
| 625 | SSL3_ST_CR_SESSION_TICKET_A; | ||
| 623 | else | 626 | else | 
| 624 | 627 | s->s3->tmp.next_state = | |
| 625 | s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; | 628 | SSL3_ST_CR_FINISHED_A; | 
| 626 | } | 629 | } | 
| 627 | s->init_num = 0; | 630 | s->init_num = 0; | 
| 628 | break; | 631 | break; | 
| @@ -661,7 +664,7 @@ dtls1_connect(SSL *s) | |||
| 661 | 664 | ||
| 662 | #ifndef OPENSSL_NO_SCTP | 665 | #ifndef OPENSSL_NO_SCTP | 
| 663 | if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && | 666 | if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && | 
| 664 | state == SSL_ST_RENEGOTIATE) { | 667 | state == SSL_ST_RENEGOTIATE) { | 
| 665 | s->d1->next_state = s->state; | 668 | s->d1->next_state = s->state; | 
| 666 | s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; | 669 | s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; | 
| 667 | } | 670 | } | 
| @@ -786,7 +789,7 @@ dtls1_client_hello(SSL *s) | |||
| 786 | /* if client_random is initialized, reuse it, we are | 789 | /* if client_random is initialized, reuse it, we are | 
| 787 | * required to use same upon reply to HelloVerify */ | 790 | * required to use same upon reply to HelloVerify */ | 
| 788 | for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) | 791 | for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) | 
| 789 | ; | 792 | ; | 
| 790 | if (i == sizeof(s->s3->client_random)) | 793 | if (i == sizeof(s->s3->client_random)) | 
| 791 | ssl_fill_hello_random(s, 0, p, | 794 | ssl_fill_hello_random(s, 0, p, | 
| 792 | sizeof(s->s3->client_random)); | 795 | sizeof(s->s3->client_random)); | 
| @@ -810,7 +813,8 @@ dtls1_client_hello(SSL *s) | |||
| 810 | *(p++) = i; | 813 | *(p++) = i; | 
| 811 | if (i != 0) { | 814 | if (i != 0) { | 
| 812 | if (i > sizeof s->session->session_id) { | 815 | if (i > sizeof s->session->session_id) { | 
| 813 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | 816 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, | 
| 817 | ERR_R_INTERNAL_ERROR); | ||
| 814 | goto err; | 818 | goto err; | 
| 815 | } | 819 | } | 
| 816 | memcpy(p, s->session->session_id, i); | 820 | memcpy(p, s->session->session_id, i); | 
| @@ -829,7 +833,8 @@ dtls1_client_hello(SSL *s) | |||
| 829 | /* Ciphers supported */ | 833 | /* Ciphers supported */ | 
| 830 | i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0); | 834 | i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0); | 
| 831 | if (i == 0) { | 835 | if (i == 0) { | 
| 832 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); | 836 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, | 
| 837 | SSL_R_NO_CIPHERS_AVAILABLE); | ||
| 833 | goto err; | 838 | goto err; | 
| 834 | } | 839 | } | 
| 835 | s2n(i, p); | 840 | s2n(i, p); | 
| @@ -847,7 +852,8 @@ dtls1_client_hello(SSL *s) | |||
| 847 | } | 852 | } | 
| 848 | *(p++) = 0; /* Add the NULL method */ | 853 | *(p++) = 0; /* Add the NULL method */ | 
| 849 | 854 | ||
| 850 | if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { | 855 | if ((p = ssl_add_clienthello_tlsext(s, p, | 
| 856 | buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { | ||
| 851 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | 857 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | 
| 852 | goto err; | 858 | goto err; | 
| 853 | } | 859 | } | 
| @@ -855,7 +861,8 @@ dtls1_client_hello(SSL *s) | |||
| 855 | l = (p - d); | 861 | l = (p - d); | 
| 856 | d = buf; | 862 | d = buf; | 
| 857 | 863 | ||
| 858 | d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l); | 864 | d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, | 
| 865 | l, 0, l); | ||
| 859 | 866 | ||
| 860 | s->state = SSL3_ST_CW_CLNT_HELLO_B; | 867 | s->state = SSL3_ST_CW_CLNT_HELLO_B; | 
| 861 | /* number of bytes to write */ | 868 | /* number of bytes to write */ | 
| @@ -879,12 +886,8 @@ dtls1_get_hello_verify(SSL *s) | |||
| 879 | unsigned char *data; | 886 | unsigned char *data; | 
| 880 | unsigned int cookie_len; | 887 | unsigned int cookie_len; | 
| 881 | 888 | ||
| 882 | n = s->method->ssl_get_message(s, | 889 | n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, | 
| 883 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, | 890 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok); | 
| 884 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, | ||
| 885 | -1, | ||
| 886 | s->max_cert_list, | ||
| 887 | &ok); | ||
| 888 | 891 | ||
| 889 | if (!ok) | 892 | if (!ok) | 
| 890 | return ((int)n); | 893 | return ((int)n); | 
| @@ -954,7 +957,8 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 954 | if ((pkey == NULL) || | 957 | if ((pkey == NULL) || | 
| 955 | (pkey->type != EVP_PKEY_RSA) || | 958 | (pkey->type != EVP_PKEY_RSA) || | 
| 956 | (pkey->pkey.rsa == NULL)) { | 959 | (pkey->pkey.rsa == NULL)) { | 
| 957 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | 960 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 961 | ERR_R_INTERNAL_ERROR); | ||
| 958 | goto err; | 962 | goto err; | 
| 959 | } | 963 | } | 
| 960 | rsa = pkey->pkey.rsa; | 964 | rsa = pkey->pkey.rsa; | 
| @@ -973,9 +977,10 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 973 | if (s->version > SSL3_VERSION) | 977 | if (s->version > SSL3_VERSION) | 
| 974 | p += 2; | 978 | p += 2; | 
| 975 | n = RSA_public_encrypt(sizeof tmp_buf, | 979 | n = RSA_public_encrypt(sizeof tmp_buf, | 
| 976 | tmp_buf, p, rsa, RSA_PKCS1_PADDING); | 980 | tmp_buf, p, rsa, RSA_PKCS1_PADDING); | 
| 977 | if (n <= 0) { | 981 | if (n <= 0) { | 
| 978 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); | 982 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 983 | SSL_R_BAD_RSA_ENCRYPT); | ||
| 979 | goto err; | 984 | goto err; | 
| 980 | } | 985 | } | 
| 981 | 986 | ||
| @@ -986,30 +991,33 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 986 | } | 991 | } | 
| 987 | 992 | ||
| 988 | s->session->master_key_length = | 993 | s->session->master_key_length = | 
| 989 | s->method->ssl3_enc->generate_master_secret(s, | 994 | s->method->ssl3_enc->generate_master_secret(s, | 
| 990 | s->session->master_key, | 995 | s->session->master_key, | 
| 991 | tmp_buf, sizeof tmp_buf); | 996 | tmp_buf, sizeof tmp_buf); | 
| 992 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 997 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 
| 993 | } | 998 | } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 
| 994 | else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | ||
| 995 | DH *dh_srvr, *dh_clnt; | 999 | DH *dh_srvr, *dh_clnt; | 
| 996 | 1000 | ||
| 997 | if (s->session->sess_cert->peer_dh_tmp != NULL) | 1001 | if (s->session->sess_cert->peer_dh_tmp != NULL) | 
| 998 | dh_srvr = s->session->sess_cert->peer_dh_tmp; | 1002 | dh_srvr = s->session->sess_cert->peer_dh_tmp; | 
| 999 | else { | 1003 | else { | 
| 1000 | /* we get them from the cert */ | 1004 | /* we get them from the cert */ | 
| 1001 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | 1005 | ssl3_send_alert(s, SSL3_AL_FATAL, | 
| 1002 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); | 1006 | SSL_AD_HANDSHAKE_FAILURE); | 
| 1007 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1008 | SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); | ||
| 1003 | goto err; | 1009 | goto err; | 
| 1004 | } | 1010 | } | 
| 1005 | 1011 | ||
| 1006 | /* generate a new random key */ | 1012 | /* generate a new random key */ | 
| 1007 | if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { | 1013 | if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { | 
| 1008 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); | 1014 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1015 | ERR_R_DH_LIB); | ||
| 1009 | goto err; | 1016 | goto err; | 
| 1010 | } | 1017 | } | 
| 1011 | if (!DH_generate_key(dh_clnt)) { | 1018 | if (!DH_generate_key(dh_clnt)) { | 
| 1012 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); | 1019 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1020 | ERR_R_DH_LIB); | ||
| 1013 | goto err; | 1021 | goto err; | 
| 1014 | } | 1022 | } | 
| 1015 | 1023 | ||
| @@ -1019,14 +1027,15 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1019 | n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); | 1027 | n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); | 
| 1020 | 1028 | ||
| 1021 | if (n <= 0) { | 1029 | if (n <= 0) { | 
| 1022 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); | 1030 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1031 | ERR_R_DH_LIB); | ||
| 1023 | goto err; | 1032 | goto err; | 
| 1024 | } | 1033 | } | 
| 1025 | 1034 | ||
| 1026 | /* generate master key from the result */ | 1035 | /* generate master key from the result */ | 
| 1027 | s->session->master_key_length = | 1036 | s->session->master_key_length = | 
| 1028 | s->method->ssl3_enc->generate_master_secret(s, | 1037 | s->method->ssl3_enc->generate_master_secret( | 
| 1029 | s->session->master_key, p, n); | 1038 | s, s->session->master_key, p, n); | 
| 1030 | /* clean up */ | 1039 | /* clean up */ | 
| 1031 | memset(p, 0, n); | 1040 | memset(p, 0, n); | 
| 1032 | 1041 | ||
| @@ -1039,8 +1048,7 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1039 | DH_free(dh_clnt); | 1048 | DH_free(dh_clnt); | 
| 1040 | 1049 | ||
| 1041 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 1050 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 
| 1042 | } | 1051 | } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | 
| 1043 | else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | ||
| 1044 | const EC_GROUP *srvr_group = NULL; | 1052 | const EC_GROUP *srvr_group = NULL; | 
| 1045 | EC_KEY *tkey; | 1053 | EC_KEY *tkey; | 
| 1046 | int ecdh_clnt_cert = 0; | 1054 | int ecdh_clnt_cert = 0; | 
| @@ -1051,11 +1059,12 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1051 | * computation as part of client certificate? | 1059 | * computation as part of client certificate? | 
| 1052 | * If so, set ecdh_clnt_cert to 1. | 1060 | * If so, set ecdh_clnt_cert to 1. | 
| 1053 | */ | 1061 | */ | 
| 1054 | if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { | 1062 | if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && | 
| 1063 | (s->cert != NULL)) { | ||
| 1055 | /* XXX: For now, we do not support client | 1064 | /* XXX: For now, we do not support client | 
| 1056 | * authentication using ECDH certificates. | 1065 | * authentication using ECDH certificates. | 
| 1057 | * To add such support, one needs to add | 1066 | * To add such support, one needs to add | 
| 1058 | * code that checks for appropriate | 1067 | * code that checks for appropriate | 
| 1059 | * conditions and sets ecdh_clnt_cert to 1. | 1068 | * conditions and sets ecdh_clnt_cert to 1. | 
| 1060 | * For example, the cert have an ECC | 1069 | * For example, the cert have an ECC | 
| 1061 | * key on the same curve as the server's | 1070 | * key on the same curve as the server's | 
| @@ -1083,7 +1092,7 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1083 | (srvr_pub_pkey->type != EVP_PKEY_EC) || | 1092 | (srvr_pub_pkey->type != EVP_PKEY_EC) || | 
| 1084 | (srvr_pub_pkey->pkey.ec == NULL)) { | 1093 | (srvr_pub_pkey->pkey.ec == NULL)) { | 
| 1085 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1094 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1086 | ERR_R_INTERNAL_ERROR); | 1095 | ERR_R_INTERNAL_ERROR); | 
| 1087 | goto err; | 1096 | goto err; | 
| 1088 | } | 1097 | } | 
| 1089 | 1098 | ||
| @@ -1095,17 +1104,19 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1095 | 1104 | ||
| 1096 | if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { | 1105 | if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { | 
| 1097 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1106 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1098 | ERR_R_INTERNAL_ERROR); | 1107 | ERR_R_INTERNAL_ERROR); | 
| 1099 | goto err; | 1108 | goto err; | 
| 1100 | } | 1109 | } | 
| 1101 | 1110 | ||
| 1102 | if ((clnt_ecdh = EC_KEY_new()) == NULL) { | 1111 | if ((clnt_ecdh = EC_KEY_new()) == NULL) { | 
| 1103 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); | 1112 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1113 | ERR_R_MALLOC_FAILURE); | ||
| 1104 | goto err; | 1114 | goto err; | 
| 1105 | } | 1115 | } | 
| 1106 | 1116 | ||
| 1107 | if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { | 1117 | if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { | 
| 1108 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); | 1118 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1119 | ERR_R_EC_LIB); | ||
| 1109 | goto err; | 1120 | goto err; | 
| 1110 | } | 1121 | } | 
| 1111 | if (ecdh_clnt_cert) { | 1122 | if (ecdh_clnt_cert) { | 
| @@ -1117,17 +1128,20 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1117 | tkey = s->cert->key->privatekey->pkey.ec; | 1128 | tkey = s->cert->key->privatekey->pkey.ec; | 
| 1118 | priv_key = EC_KEY_get0_private_key(tkey); | 1129 | priv_key = EC_KEY_get0_private_key(tkey); | 
| 1119 | if (priv_key == NULL) { | 1130 | if (priv_key == NULL) { | 
| 1120 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); | 1131 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1132 | ERR_R_MALLOC_FAILURE); | ||
| 1121 | goto err; | 1133 | goto err; | 
| 1122 | } | 1134 | } | 
| 1123 | if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { | 1135 | if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { | 
| 1124 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); | 1136 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1137 | ERR_R_EC_LIB); | ||
| 1125 | goto err; | 1138 | goto err; | 
| 1126 | } | 1139 | } | 
| 1127 | } else { | 1140 | } else { | 
| 1128 | /* Generate a new ECDH key pair */ | 1141 | /* Generate a new ECDH key pair */ | 
| 1129 | if (!(EC_KEY_generate_key(clnt_ecdh))) { | 1142 | if (!(EC_KEY_generate_key(clnt_ecdh))) { | 
| 1130 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); | 1143 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1144 | ERR_R_ECDH_LIB); | ||
| 1131 | goto err; | 1145 | goto err; | 
| 1132 | } | 1146 | } | 
| 1133 | } | 1147 | } | 
| @@ -1139,22 +1153,20 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1139 | field_size = EC_GROUP_get_degree(srvr_group); | 1153 | field_size = EC_GROUP_get_degree(srvr_group); | 
| 1140 | if (field_size <= 0) { | 1154 | if (field_size <= 0) { | 
| 1141 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1155 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1142 | ERR_R_ECDH_LIB); | 1156 | ERR_R_ECDH_LIB); | 
| 1143 | goto err; | 1157 | goto err; | 
| 1144 | } | 1158 | } | 
| 1145 | n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); | 1159 | n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); | 
| 1146 | if (n <= 0) { | 1160 | if (n <= 0) { | 
| 1147 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1161 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1148 | ERR_R_ECDH_LIB); | 1162 | ERR_R_ECDH_LIB); | 
| 1149 | goto err; | 1163 | goto err; | 
| 1150 | } | 1164 | } | 
| 1151 | 1165 | ||
| 1152 | /* generate master key from the result */ | 1166 | /* generate master key from the result */ | 
| 1153 | s->session->master_key_length = s->method->ssl3_enc \ | 1167 | s->session->master_key_length = | 
| 1154 | -> generate_master_secret(s, | 1168 | s->method->ssl3_enc->generate_master_secret( | 
| 1155 | s->session->master_key, | 1169 | s, s->session->master_key, p, n); | 
| 1156 | p, n); | ||
| 1157 | |||
| 1158 | memset(p, 0, n); /* clean up */ | 1170 | memset(p, 0, n); /* clean up */ | 
| 1159 | 1171 | ||
| 1160 | if (ecdh_clnt_cert) { | 1172 | if (ecdh_clnt_cert) { | 
| @@ -1164,26 +1176,26 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1164 | /* First check the size of encoding and | 1176 | /* First check the size of encoding and | 
| 1165 | * allocate memory accordingly. | 1177 | * allocate memory accordingly. | 
| 1166 | */ | 1178 | */ | 
| 1167 | encoded_pt_len = | 1179 | encoded_pt_len = EC_POINT_point2oct(srvr_group, | 
| 1168 | EC_POINT_point2oct(srvr_group, | 1180 | EC_KEY_get0_public_key(clnt_ecdh), | 
| 1169 | EC_KEY_get0_public_key(clnt_ecdh), | 1181 | POINT_CONVERSION_UNCOMPRESSED, | 
| 1170 | POINT_CONVERSION_UNCOMPRESSED, | 1182 | NULL, 0, NULL); | 
| 1171 | NULL, 0, NULL); | ||
| 1172 | 1183 | ||
| 1173 | encodedPoint = malloc(encoded_pt_len); | 1184 | encodedPoint = malloc(encoded_pt_len); | 
| 1174 | 1185 | ||
| 1175 | bn_ctx = BN_CTX_new(); | 1186 | bn_ctx = BN_CTX_new(); | 
| 1176 | if ((encodedPoint == NULL) || | 1187 | if ((encodedPoint == NULL) || | 
| 1177 | (bn_ctx == NULL)) { | 1188 | (bn_ctx == NULL)) { | 
| 1178 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); | 1189 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1190 | ERR_R_MALLOC_FAILURE); | ||
| 1179 | goto err; | 1191 | goto err; | 
| 1180 | } | 1192 | } | 
| 1181 | 1193 | ||
| 1182 | /* Encode the public key */ | 1194 | /* Encode the public key */ | 
| 1183 | n = EC_POINT_point2oct(srvr_group, | 1195 | n = EC_POINT_point2oct(srvr_group, | 
| 1184 | EC_KEY_get0_public_key(clnt_ecdh), | 1196 | EC_KEY_get0_public_key(clnt_ecdh), | 
| 1185 | POINT_CONVERSION_UNCOMPRESSED, | 1197 | POINT_CONVERSION_UNCOMPRESSED, | 
| 1186 | encodedPoint, encoded_pt_len, bn_ctx); | 1198 | encodedPoint, encoded_pt_len, bn_ctx); | 
| 1187 | 1199 | ||
| 1188 | *p = n; /* length of encoded point */ | 1200 | *p = n; /* length of encoded point */ | 
| 1189 | /* Encoded point will be copied here */ | 1201 | /* Encoded point will be copied here */ | 
| @@ -1215,7 +1227,7 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1215 | n = 0; | 1227 | n = 0; | 
| 1216 | if (s->psk_client_callback == NULL) { | 1228 | if (s->psk_client_callback == NULL) { | 
| 1217 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1229 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1218 | SSL_R_PSK_NO_CLIENT_CB); | 1230 | SSL_R_PSK_NO_CLIENT_CB); | 
| 1219 | goto err; | 1231 | goto err; | 
| 1220 | } | 1232 | } | 
| 1221 | 1233 | ||
| @@ -1236,7 +1248,8 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1236 | /* create PSK pre_master_secret */ | 1248 | /* create PSK pre_master_secret */ | 
| 1237 | pre_ms_len = 2 + psk_len + 2 + psk_len; | 1249 | pre_ms_len = 2 + psk_len + 2 + psk_len; | 
| 1238 | t = psk_or_pre_ms; | 1250 | t = psk_or_pre_ms; | 
| 1239 | memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len); | 1251 | memmove(psk_or_pre_ms + psk_len + 4, | 
| 1252 | psk_or_pre_ms, psk_len); | ||
| 1240 | s2n(psk_len, t); | 1253 | s2n(psk_len, t); | 
| 1241 | memset(t, 0, psk_len); | 1254 | memset(t, 0, psk_len); | 
| 1242 | t += psk_len; | 1255 | t += psk_len; | 
| @@ -1246,9 +1259,9 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1246 | s->session->psk_identity_hint = | 1259 | s->session->psk_identity_hint = | 
| 1247 | BUF_strdup(s->ctx->psk_identity_hint); | 1260 | BUF_strdup(s->ctx->psk_identity_hint); | 
| 1248 | if (s->ctx->psk_identity_hint != NULL && | 1261 | if (s->ctx->psk_identity_hint != NULL && | 
| 1249 | s->session->psk_identity_hint == NULL) { | 1262 | s->session->psk_identity_hint == NULL) { | 
| 1250 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1263 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1251 | ERR_R_MALLOC_FAILURE); | 1264 | ERR_R_MALLOC_FAILURE); | 
| 1252 | goto psk_err; | 1265 | goto psk_err; | 
| 1253 | } | 1266 | } | 
| 1254 | 1267 | ||
| @@ -1256,14 +1269,14 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1256 | s->session->psk_identity = BUF_strdup(identity); | 1269 | s->session->psk_identity = BUF_strdup(identity); | 
| 1257 | if (s->session->psk_identity == NULL) { | 1270 | if (s->session->psk_identity == NULL) { | 
| 1258 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 1271 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | 
| 1259 | ERR_R_MALLOC_FAILURE); | 1272 | ERR_R_MALLOC_FAILURE); | 
| 1260 | goto psk_err; | 1273 | goto psk_err; | 
| 1261 | } | 1274 | } | 
| 1262 | 1275 | ||
| 1263 | s->session->master_key_length = | 1276 | s->session->master_key_length = | 
| 1264 | s->method->ssl3_enc->generate_master_secret(s, | 1277 | s->method->ssl3_enc->generate_master_secret(s, | 
| 1265 | s->session->master_key, | 1278 | s->session->master_key, | 
| 1266 | psk_or_pre_ms, pre_ms_len); | 1279 | psk_or_pre_ms, pre_ms_len); | 
| 1267 | 1280 | ||
| 1268 | n = strlen(identity); | 1281 | n = strlen(identity); | 
| 1269 | s2n(n, p); | 1282 | s2n(n, p); | 
| @@ -1274,14 +1287,17 @@ psk_err: | |||
| 1274 | OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); | 1287 | OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); | 
| 1275 | OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); | 1288 | OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); | 
| 1276 | if (psk_err != 0) { | 1289 | if (psk_err != 0) { | 
| 1277 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | 1290 | ssl3_send_alert(s, SSL3_AL_FATAL, | 
| 1291 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 1278 | goto err; | 1292 | goto err; | 
| 1279 | } | 1293 | } | 
| 1280 | } | 1294 | } | 
| 1281 | #endif | 1295 | #endif | 
| 1282 | else { | 1296 | else { | 
| 1283 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | 1297 | ssl3_send_alert(s, SSL3_AL_FATAL, | 
| 1284 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | 1298 | SSL_AD_HANDSHAKE_FAILURE); | 
| 1299 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1300 | ERR_R_INTERNAL_ERROR); | ||
| 1285 | goto err; | 1301 | goto err; | 
| 1286 | } | 1302 | } | 
| 1287 | 1303 | ||
| @@ -1338,42 +1354,42 @@ dtls1_send_client_verify(SSL *s) | |||
| 1338 | if (RSA_sign(NID_md5_sha1, data, | 1354 | if (RSA_sign(NID_md5_sha1, data, | 
| 1339 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, | 1355 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, | 
| 1340 | &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { | 1356 | &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { | 
| 1341 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); | 1357 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | 
| 1358 | ERR_R_RSA_LIB); | ||
| 1342 | goto err; | 1359 | goto err; | 
| 1343 | } | 1360 | } | 
| 1344 | s2n(u, p); | 1361 | s2n(u, p); | 
| 1345 | n = u + 2; | 1362 | n = u + 2; | 
| 1346 | } else | 1363 | } else if (pkey->type == EVP_PKEY_DSA) { | 
| 1347 | if (pkey->type == EVP_PKEY_DSA) { | ||
| 1348 | if (!DSA_sign(pkey->save_type, | 1364 | if (!DSA_sign(pkey->save_type, | 
| 1349 | &(data[MD5_DIGEST_LENGTH]), | 1365 | &(data[MD5_DIGEST_LENGTH]), | 
| 1350 | SHA_DIGEST_LENGTH, &(p[2]), | 1366 | SHA_DIGEST_LENGTH, &(p[2]), | 
| 1351 | (unsigned int *)&j, pkey->pkey.dsa)) { | 1367 | (unsigned int *)&j, pkey->pkey.dsa)) { | 
| 1352 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); | 1368 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | 
| 1369 | ERR_R_DSA_LIB); | ||
| 1353 | goto err; | 1370 | goto err; | 
| 1354 | } | 1371 | } | 
| 1355 | s2n(j, p); | 1372 | s2n(j, p); | 
| 1356 | n = j + 2; | 1373 | n = j + 2; | 
| 1357 | } else | 1374 | } else if (pkey->type == EVP_PKEY_EC) { | 
| 1358 | if (pkey->type == EVP_PKEY_EC) { | ||
| 1359 | if (!ECDSA_sign(pkey->save_type, | 1375 | if (!ECDSA_sign(pkey->save_type, | 
| 1360 | &(data[MD5_DIGEST_LENGTH]), | 1376 | &(data[MD5_DIGEST_LENGTH]), | 
| 1361 | SHA_DIGEST_LENGTH, &(p[2]), | 1377 | SHA_DIGEST_LENGTH, &(p[2]), | 
| 1362 | (unsigned int *)&j, pkey->pkey.ec)) { | 1378 | (unsigned int *)&j, pkey->pkey.ec)) { | 
| 1363 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | 1379 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | 
| 1364 | ERR_R_ECDSA_LIB); | 1380 | ERR_R_ECDSA_LIB); | 
| 1365 | goto err; | 1381 | goto err; | 
| 1366 | } | 1382 | } | 
| 1367 | s2n(j, p); | 1383 | s2n(j, p); | 
| 1368 | n = j + 2; | 1384 | n = j + 2; | 
| 1369 | } else | 1385 | } else { | 
| 1370 | { | 1386 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | 
| 1371 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); | 1387 | ERR_R_INTERNAL_ERROR); | 
| 1372 | goto err; | 1388 | goto err; | 
| 1373 | } | 1389 | } | 
| 1374 | 1390 | ||
| 1375 | d = dtls1_set_message_header(s, d, | 1391 | d = dtls1_set_message_header(s, d, | 
| 1376 | SSL3_MT_CERTIFICATE_VERIFY, n, 0, n); | 1392 | SSL3_MT_CERTIFICATE_VERIFY, n, 0, n); | 
| 1377 | 1393 | ||
| 1378 | s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH; | 1394 | s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH; | 
| 1379 | s->init_off = 0; | 1395 | s->init_off = 0; | 
| @@ -1425,7 +1441,8 @@ dtls1_send_client_certificate(SSL *s) | |||
| 1425 | i = 0; | 1441 | i = 0; | 
| 1426 | } else if (i == 1) { | 1442 | } else if (i == 1) { | 
| 1427 | i = 0; | 1443 | i = 0; | 
| 1428 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); | 1444 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, | 
| 1445 | SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); | ||
| 1429 | } | 1446 | } | 
| 1430 | 1447 | ||
| 1431 | if (x509 != NULL) | 1448 | if (x509 != NULL) | 
| @@ -1435,7 +1452,8 @@ dtls1_send_client_certificate(SSL *s) | |||
| 1435 | if (i == 0) { | 1452 | if (i == 0) { | 
| 1436 | if (s->version == SSL3_VERSION) { | 1453 | if (s->version == SSL3_VERSION) { | 
| 1437 | s->s3->tmp.cert_req = 0; | 1454 | s->s3->tmp.cert_req = 0; | 
| 1438 | ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); | 1455 | ssl3_send_alert(s, SSL3_AL_WARNING, | 
| 1456 | SSL_AD_NO_CERTIFICATE); | ||
| 1439 | return (1); | 1457 | return (1); | 
| 1440 | } else { | 1458 | } else { | 
| 1441 | s->s3->tmp.cert_req = 2; | 1459 | s->s3->tmp.cert_req = 2; | 
| @@ -1458,6 +1476,7 @@ dtls1_send_client_certificate(SSL *s) | |||
| 1458 | /* buffer the message to handle re-xmits */ | 1476 | /* buffer the message to handle re-xmits */ | 
| 1459 | dtls1_buffer_message(s, 0); | 1477 | dtls1_buffer_message(s, 0); | 
| 1460 | } | 1478 | } | 
| 1479 | |||
| 1461 | /* SSL3_ST_CW_CERT_D */ | 1480 | /* SSL3_ST_CW_CERT_D */ | 
| 1462 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 1481 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 
| 1463 | } | 1482 | } | 
