summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
-rw-r--r--src/lib/libssl/ssl_srvr.c153
1 files changed, 137 insertions, 16 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 5e10fa01f4..5d741cdc81 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.25 2017/10/11 16:51:39 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.26 2017/10/12 15:52:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -175,6 +175,7 @@ ssl3_accept(SSL *s)
175 unsigned long alg_k; 175 unsigned long alg_k;
176 int ret = -1; 176 int ret = -1;
177 int new_state, state, skip = 0; 177 int new_state, state, skip = 0;
178 int listen;
178 179
179 ERR_clear_error(); 180 ERR_clear_error();
180 errno = 0; 181 errno = 0;
@@ -184,11 +185,17 @@ ssl3_accept(SSL *s)
184 else if (s->ctx->internal->info_callback != NULL) 185 else if (s->ctx->internal->info_callback != NULL)
185 cb = s->ctx->internal->info_callback; 186 cb = s->ctx->internal->info_callback;
186 187
188 if (SSL_IS_DTLS(s))
189 listen = D1I(s)->listen;
190
187 /* init things to blank */ 191 /* init things to blank */
188 s->internal->in_handshake++; 192 s->internal->in_handshake++;
189 if (!SSL_in_init(s) || SSL_in_before(s)) 193 if (!SSL_in_init(s) || SSL_in_before(s))
190 SSL_clear(s); 194 SSL_clear(s);
191 195
196 if (SSL_IS_DTLS(s))
197 D1I(s)->listen = listen;
198
192 if (s->cert == NULL) { 199 if (s->cert == NULL) {
193 SSLerror(s, SSL_R_NO_CERTIFICATE_SET); 200 SSLerror(s, SSL_R_NO_CERTIFICATE_SET);
194 ret = -1; 201 ret = -1;
@@ -211,10 +218,18 @@ ssl3_accept(SSL *s)
211 if (cb != NULL) 218 if (cb != NULL)
212 cb(s, SSL_CB_HANDSHAKE_START, 1); 219 cb(s, SSL_CB_HANDSHAKE_START, 1);
213 220
214 if ((s->version >> 8) != 3) { 221 if (SSL_IS_DTLS(s)) {
215 SSLerror(s, ERR_R_INTERNAL_ERROR); 222 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
216 ret = -1; 223 SSLerror(s, ERR_R_INTERNAL_ERROR);
217 goto end; 224 ret = -1;
225 goto end;
226 }
227 } else {
228 if ((s->version >> 8) != 3) {
229 SSLerror(s, ERR_R_INTERNAL_ERROR);
230 ret = -1;
231 goto end;
232 }
218 } 233 }
219 s->internal->type = SSL_ST_ACCEPT; 234 s->internal->type = SSL_ST_ACCEPT;
220 235
@@ -246,7 +261,7 @@ ssl3_accept(SSL *s)
246 261
247 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; 262 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
248 s->ctx->internal->stats.sess_accept++; 263 s->ctx->internal->stats.sess_accept++;
249 } else if (!S3I(s)->send_connection_binding) { 264 } else if (!SSL_IS_DTLS(s) && !S3I(s)->send_connection_binding) {
250 /* 265 /*
251 * Server attempting to renegotiate with 266 * Server attempting to renegotiate with
252 * client that doesn't support secure 267 * client that doesn't support secure
@@ -270,10 +285,17 @@ ssl3_accept(SSL *s)
270 case SSL3_ST_SW_HELLO_REQ_A: 285 case SSL3_ST_SW_HELLO_REQ_A:
271 case SSL3_ST_SW_HELLO_REQ_B: 286 case SSL3_ST_SW_HELLO_REQ_B:
272 s->internal->shutdown = 0; 287 s->internal->shutdown = 0;
288 if (SSL_IS_DTLS(s)) {
289 dtls1_clear_record_buffer(s);
290 dtls1_start_timer(s);
291 }
273 ret = ssl3_send_hello_request(s); 292 ret = ssl3_send_hello_request(s);
274 if (ret <= 0) 293 if (ret <= 0)
275 goto end; 294 goto end;
276 S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C; 295 if (SSL_IS_DTLS(s))
296 S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
297 else
298 S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
277 S3I(s)->hs.state = SSL3_ST_SW_FLUSH; 299 S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
278 s->internal->init_num = 0; 300 s->internal->init_num = 0;
279 301
@@ -291,19 +313,77 @@ ssl3_accept(SSL *s)
291 case SSL3_ST_SR_CLNT_HELLO_B: 313 case SSL3_ST_SR_CLNT_HELLO_B:
292 case SSL3_ST_SR_CLNT_HELLO_C: 314 case SSL3_ST_SR_CLNT_HELLO_C:
293 s->internal->shutdown = 0; 315 s->internal->shutdown = 0;
294 if (s->internal->rwstate != SSL_X509_LOOKUP) { 316 if (SSL_IS_DTLS(s)) {
295 ret = ssl3_get_client_hello(s); 317 ret = ssl3_get_client_hello(s);
296 if (ret <= 0) 318 if (ret <= 0)
297 goto end; 319 goto end;
320 dtls1_stop_timer(s);
321
322 if (ret == 1 &&
323 (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
324 S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
325 else
326 S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
327
328 s->internal->init_num = 0;
329
330 /*
331 * Reflect ClientHello sequence to remain
332 * stateless while listening.
333 */
334 if (listen) {
335 memcpy(S3I(s)->write_sequence,
336 S3I(s)->read_sequence,
337 sizeof(S3I(s)->write_sequence));
338 }
339
340 /* If we're just listening, stop here */
341 if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
342 ret = 2;
343 D1I(s)->listen = 0;
344 /*
345 * Set expected sequence numbers to
346 * continue the handshake.
347 */
348 D1I(s)->handshake_read_seq = 2;
349 D1I(s)->handshake_write_seq = 1;
350 D1I(s)->next_handshake_write_seq = 1;
351 goto end;
352 }
353 } else {
354 if (s->internal->rwstate != SSL_X509_LOOKUP) {
355 ret = ssl3_get_client_hello(s);
356 if (ret <= 0)
357 goto end;
358 }
359
360 s->internal->renegotiate = 2;
361 S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
362 s->internal->init_num = 0;
298 } 363 }
364 break;
299 365
300 s->internal->renegotiate = 2; 366 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
301 S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A; 367 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
302 s->internal->init_num = 0; 368 ret = dtls1_send_hello_verify_request(s);
369 if (ret <= 0)
370 goto end;
371 S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
372 S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
373
374 /* HelloVerifyRequest resets Finished MAC. */
375 if (!tls1_init_finished_mac(s)) {
376 ret = -1;
377 goto end;
378 }
303 break; 379 break;
304 380
305 case SSL3_ST_SW_SRVR_HELLO_A: 381 case SSL3_ST_SW_SRVR_HELLO_A:
306 case SSL3_ST_SW_SRVR_HELLO_B: 382 case SSL3_ST_SW_SRVR_HELLO_B:
383 if (SSL_IS_DTLS(s)) {
384 s->internal->renegotiate = 2;
385 dtls1_start_timer(s);
386 }
307 ret = ssl3_send_server_hello(s); 387 ret = ssl3_send_server_hello(s);
308 if (ret <= 0) 388 if (ret <= 0)
309 goto end; 389 goto end;
@@ -323,6 +403,8 @@ ssl3_accept(SSL *s)
323 /* Check if it is anon DH or anon ECDH. */ 403 /* Check if it is anon DH or anon ECDH. */
324 if (!(S3I(s)->hs.new_cipher->algorithm_auth & 404 if (!(S3I(s)->hs.new_cipher->algorithm_auth &
325 SSL_aNULL)) { 405 SSL_aNULL)) {
406 if (SSL_IS_DTLS(s))
407 dtls1_start_timer(s);
326 ret = ssl3_send_server_certificate(s); 408 ret = ssl3_send_server_certificate(s);
327 if (ret <= 0) 409 if (ret <= 0)
328 goto end; 410 goto end;
@@ -350,6 +432,8 @@ ssl3_accept(SSL *s)
350 * public key for key exchange. 432 * public key for key exchange.
351 */ 433 */
352 if (alg_k & (SSL_kDHE|SSL_kECDHE)) { 434 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
435 if (SSL_IS_DTLS(s))
436 dtls1_start_timer(s);
353 ret = ssl3_send_server_key_exchange(s); 437 ret = ssl3_send_server_key_exchange(s);
354 if (ret <= 0) 438 if (ret <= 0)
355 goto end; 439 goto end;
@@ -389,7 +473,7 @@ ssl3_accept(SSL *s)
389 skip = 1; 473 skip = 1;
390 S3I(s)->tmp.cert_request = 0; 474 S3I(s)->tmp.cert_request = 0;
391 S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; 475 S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
392 if (S3I(s)->handshake_buffer) { 476 if (!SSL_IS_DTLS(s) && S3I(s)->handshake_buffer) {
393 if (!tls1_digest_cached_records(s)) { 477 if (!tls1_digest_cached_records(s)) {
394 ret = -1; 478 ret = -1;
395 goto end; 479 goto end;
@@ -397,6 +481,8 @@ ssl3_accept(SSL *s)
397 } 481 }
398 } else { 482 } else {
399 S3I(s)->tmp.cert_request = 1; 483 S3I(s)->tmp.cert_request = 1;
484 if (SSL_IS_DTLS(s))
485 dtls1_start_timer(s);
400 ret = ssl3_send_certificate_request(s); 486 ret = ssl3_send_certificate_request(s);
401 if (ret <= 0) 487 if (ret <= 0)
402 goto end; 488 goto end;
@@ -407,6 +493,8 @@ ssl3_accept(SSL *s)
407 493
408 case SSL3_ST_SW_SRVR_DONE_A: 494 case SSL3_ST_SW_SRVR_DONE_A:
409 case SSL3_ST_SW_SRVR_DONE_B: 495 case SSL3_ST_SW_SRVR_DONE_B:
496 if (SSL_IS_DTLS(s))
497 dtls1_start_timer(s);
410 ret = ssl3_send_server_done(s); 498 ret = ssl3_send_server_done(s);
411 if (ret <= 0) 499 if (ret <= 0)
412 goto end; 500 goto end;
@@ -428,6 +516,13 @@ ssl3_accept(SSL *s)
428 */ 516 */
429 s->internal->rwstate = SSL_WRITING; 517 s->internal->rwstate = SSL_WRITING;
430 if (BIO_flush(s->wbio) <= 0) { 518 if (BIO_flush(s->wbio) <= 0) {
519 if (SSL_IS_DTLS(s)) {
520 /* If the write error was fatal, stop trying. */
521 if (!BIO_should_retry(s->wbio)) {
522 s->internal->rwstate = SSL_NOTHING;
523 S3I(s)->hs.state = S3I(s)->hs.next_state;
524 }
525 }
431 ret = -1; 526 ret = -1;
432 goto end; 527 goto end;
433 } 528 }
@@ -451,6 +546,12 @@ ssl3_accept(SSL *s)
451 ret = ssl3_get_client_key_exchange(s); 546 ret = ssl3_get_client_key_exchange(s);
452 if (ret <= 0) 547 if (ret <= 0)
453 goto end; 548 goto end;
549
550 if (SSL_IS_DTLS(s)) {
551 S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
552 s->internal->init_num = 0;
553 }
554
454 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; 555 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
455 if (ret == 2) { 556 if (ret == 2) {
456 /* 557 /*
@@ -509,7 +610,10 @@ ssl3_accept(SSL *s)
509 610
510 case SSL3_ST_SR_CERT_VRFY_A: 611 case SSL3_ST_SR_CERT_VRFY_A:
511 case SSL3_ST_SR_CERT_VRFY_B: 612 case SSL3_ST_SR_CERT_VRFY_B:
512 s->s3->flags |= SSL3_FLAGS_CCS_OK; 613 if (SSL_IS_DTLS(s))
614 D1I(s)->change_cipher_spec_ok = 1;
615 else
616 s->s3->flags |= SSL3_FLAGS_CCS_OK;
513 617
514 /* we should decide if we expected this one */ 618 /* we should decide if we expected this one */
515 ret = ssl3_get_cert_verify(s); 619 ret = ssl3_get_cert_verify(s);
@@ -521,11 +625,16 @@ ssl3_accept(SSL *s)
521 625
522 case SSL3_ST_SR_FINISHED_A: 626 case SSL3_ST_SR_FINISHED_A:
523 case SSL3_ST_SR_FINISHED_B: 627 case SSL3_ST_SR_FINISHED_B:
524 s->s3->flags |= SSL3_FLAGS_CCS_OK; 628 if (SSL_IS_DTLS(s))
629 D1I(s)->change_cipher_spec_ok = 1;
630 else
631 s->s3->flags |= SSL3_FLAGS_CCS_OK;
525 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, 632 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
526 SSL3_ST_SR_FINISHED_B); 633 SSL3_ST_SR_FINISHED_B);
527 if (ret <= 0) 634 if (ret <= 0)
528 goto end; 635 goto end;
636 if (SSL_IS_DTLS(s))
637 dtls1_stop_timer(s);
529 if (s->internal->hit) 638 if (s->internal->hit)
530 S3I(s)->hs.state = SSL_ST_OK; 639 S3I(s)->hs.state = SSL_ST_OK;
531 else if (s->internal->tlsext_ticket_expected) 640 else if (s->internal->tlsext_ticket_expected)
@@ -574,6 +683,8 @@ ssl3_accept(SSL *s)
574 goto end; 683 goto end;
575 } 684 }
576 685
686 if (SSL_IS_DTLS(s))
687 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
577 break; 688 break;
578 689
579 case SSL3_ST_SW_FINISHED_A: 690 case SSL3_ST_SW_FINISHED_A:
@@ -596,8 +707,10 @@ ssl3_accept(SSL *s)
596 /* clean a few things up */ 707 /* clean a few things up */
597 tls1_cleanup_key_block(s); 708 tls1_cleanup_key_block(s);
598 709
599 BUF_MEM_free(s->internal->init_buf); 710 if (!SSL_IS_DTLS(s)) {
600 s->internal->init_buf = NULL; 711 BUF_MEM_free(s->internal->init_buf);
712 s->internal->init_buf = NULL;
713 }
601 714
602 /* remove buffering on output */ 715 /* remove buffering on output */
603 ssl_free_wbio_buffer(s); 716 ssl_free_wbio_buffer(s);
@@ -620,6 +733,14 @@ ssl3_accept(SSL *s)
620 } 733 }
621 734
622 ret = 1; 735 ret = 1;
736
737 if (SSL_IS_DTLS(s)) {
738 /* Done handshaking, next message is client hello. */
739 D1I(s)->handshake_read_seq = 0;
740 /* Next message is server hello. */
741 D1I(s)->handshake_write_seq = 0;
742 D1I(s)->next_handshake_write_seq = 0;
743 }
623 goto end; 744 goto end;
624 /* break; */ 745 /* break; */
625 746
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 18:16:48 +0000