OLD | NEW |
1 /* ssl/d1_srvr.c */ | 1 /* ssl/d1_srvr.c */ |
2 /* | 2 /* |
3 * DTLS implementation written by Nagendra Modadugu | 3 * DTLS implementation written by Nagendra Modadugu |
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
5 */ | 5 */ |
6 /* ==================================================================== | 6 /* ==================================================================== |
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
8 * | 8 * |
9 * Redistribution and use in source and binary forms, with or without | 9 * Redistribution and use in source and binary forms, with or without |
10 * modification, are permitted provided that the following conditions | 10 * modification, are permitted provided that the following conditions |
11 * are met: | 11 * are met: |
12 * | 12 * |
13 * 1. Redistributions of source code must retain the above copyright | 13 * 1. Redistributions of source code must retain the above copyright |
14 * notice, this list of conditions and the following disclaimer. | 14 * notice, this list of conditions and the following disclaimer. |
15 * | 15 * |
16 * 2. Redistributions in binary form must reproduce the above copyright | 16 * 2. Redistributions in binary form must reproduce the above copyright |
17 * notice, this list of conditions and the following disclaimer in | 17 * notice, this list of conditions and the following disclaimer in |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
114 */ | 114 */ |
115 | 115 |
116 #include <stdio.h> | 116 #include <stdio.h> |
117 #include "ssl_locl.h" | 117 #include "ssl_locl.h" |
118 #include <openssl/buffer.h> | 118 #include <openssl/buffer.h> |
119 #include <openssl/rand.h> | 119 #include <openssl/rand.h> |
120 #include <openssl/objects.h> | 120 #include <openssl/objects.h> |
121 #include <openssl/evp.h> | 121 #include <openssl/evp.h> |
122 #include <openssl/x509.h> | 122 #include <openssl/x509.h> |
123 #include <openssl/md5.h> | 123 #include <openssl/md5.h> |
| 124 #include <openssl/bn.h> |
124 #ifndef OPENSSL_NO_DH | 125 #ifndef OPENSSL_NO_DH |
125 #include <openssl/dh.h> | 126 #include <openssl/dh.h> |
126 #endif | 127 #endif |
127 | 128 |
128 static SSL_METHOD *dtls1_get_server_method(int ver); | 129 static const SSL_METHOD *dtls1_get_server_method(int ver); |
129 static int dtls1_send_hello_verify_request(SSL *s); | 130 static int dtls1_send_hello_verify_request(SSL *s); |
130 | 131 |
131 static SSL_METHOD *dtls1_get_server_method(int ver) | 132 static const SSL_METHOD *dtls1_get_server_method(int ver) |
132 { | 133 { |
133 if (ver == DTLS1_VERSION) | 134 if (ver == DTLS1_VERSION) |
134 return(DTLSv1_server_method()); | 135 return(DTLSv1_server_method()); |
135 else | 136 else |
136 return(NULL); | 137 return(NULL); |
137 } | 138 } |
138 | 139 |
139 IMPLEMENT_dtls1_meth_func(DTLSv1_server_method, | 140 IMPLEMENT_dtls1_meth_func(DTLSv1_server_method, |
140 dtls1_accept, | 141 dtls1_accept, |
141 ssl_undefined_function, | 142 ssl_undefined_function, |
142 dtls1_get_server_method) | 143 dtls1_get_server_method) |
143 | 144 |
144 int dtls1_accept(SSL *s) | 145 int dtls1_accept(SSL *s) |
145 { | 146 { |
146 BUF_MEM *buf; | 147 BUF_MEM *buf; |
147 » unsigned long l,Time=(unsigned long)time(NULL); | 148 » unsigned long Time=(unsigned long)time(NULL); |
148 void (*cb)(const SSL *ssl,int type,int val)=NULL; | 149 void (*cb)(const SSL *ssl,int type,int val)=NULL; |
| 150 unsigned long alg_k; |
149 int ret= -1; | 151 int ret= -1; |
150 int new_state,state,skip=0; | 152 int new_state,state,skip=0; |
| 153 int listen; |
151 | 154 |
152 RAND_add(&Time,sizeof(Time),0); | 155 RAND_add(&Time,sizeof(Time),0); |
153 ERR_clear_error(); | 156 ERR_clear_error(); |
154 clear_sys_error(); | 157 clear_sys_error(); |
155 | 158 |
156 if (s->info_callback != NULL) | 159 if (s->info_callback != NULL) |
157 cb=s->info_callback; | 160 cb=s->info_callback; |
158 else if (s->ctx->info_callback != NULL) | 161 else if (s->ctx->info_callback != NULL) |
159 cb=s->ctx->info_callback; | 162 cb=s->ctx->info_callback; |
| 163 |
| 164 listen = s->d1->listen; |
160 | 165 |
161 /* init things to blank */ | 166 /* init things to blank */ |
162 s->in_handshake++; | 167 s->in_handshake++; |
163 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | 168 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); |
164 | 169 |
| 170 s->d1->listen = listen; |
| 171 |
165 if (s->cert == NULL) | 172 if (s->cert == NULL) |
166 { | 173 { |
167 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); | 174 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); |
168 return(-1); | 175 return(-1); |
169 } | 176 } |
170 | 177 |
171 for (;;) | 178 for (;;) |
172 { | 179 { |
173 state=s->state; | 180 state=s->state; |
174 | 181 |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
264 if (ret <= 0) goto end; | 271 if (ret <= 0) goto end; |
265 dtls1_stop_timer(s); | 272 dtls1_stop_timer(s); |
266 | 273 |
267 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCH
ANGE)) | 274 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCH
ANGE)) |
268 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; | 275 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; |
269 else | 276 else |
270 s->state = SSL3_ST_SW_SRVR_HELLO_A; | 277 s->state = SSL3_ST_SW_SRVR_HELLO_A; |
271 | 278 |
272 s->init_num=0; | 279 s->init_num=0; |
273 | 280 |
| 281 /* Reflect ClientHello sequence to remain stateless whil
e listening */ |
| 282 if (listen) |
| 283 { |
| 284 memcpy(s->s3->write_sequence, s->s3->read_sequen
ce, sizeof(s->s3->write_sequence)); |
| 285 } |
| 286 |
274 /* If we're just listening, stop here */ | 287 /* If we're just listening, stop here */ |
275 » » » if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A
) | 288 » » » if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) |
276 { | 289 { |
277 ret = 2; | 290 ret = 2; |
278 s->d1->listen = 0; | 291 s->d1->listen = 0; |
| 292 /* Set expected sequence numbers |
| 293 * to continue the handshake. |
| 294 */ |
| 295 s->d1->handshake_read_seq = 2; |
| 296 s->d1->handshake_write_seq = 1; |
| 297 s->d1->next_handshake_write_seq = 1; |
279 goto end; | 298 goto end; |
280 } | 299 } |
281 | 300 |
282 break; | 301 break; |
283 | 302 |
284 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | 303 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: |
285 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | 304 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: |
286 | 305 |
287 dtls1_start_timer(s); | |
288 ret = dtls1_send_hello_verify_request(s); | 306 ret = dtls1_send_hello_verify_request(s); |
289 if ( ret <= 0) goto end; | 307 if ( ret <= 0) goto end; |
290 s->state=SSL3_ST_SW_FLUSH; | 308 s->state=SSL3_ST_SW_FLUSH; |
291 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; | 309 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; |
292 | 310 |
293 » » » /* HelloVerifyRequests resets Finished MAC */ | 311 » » » /* HelloVerifyRequest resets Finished MAC */ |
294 » » » if (s->client_version != DTLS1_BAD_VER) | 312 » » » if (s->version != DTLS1_BAD_VER) |
295 ssl3_init_finished_mac(s); | 313 ssl3_init_finished_mac(s); |
296 break; | 314 break; |
297 | 315 |
298 case SSL3_ST_SW_SRVR_HELLO_A: | 316 case SSL3_ST_SW_SRVR_HELLO_A: |
299 case SSL3_ST_SW_SRVR_HELLO_B: | 317 case SSL3_ST_SW_SRVR_HELLO_B: |
300 s->new_session = 2; | 318 s->new_session = 2; |
301 dtls1_start_timer(s); | 319 dtls1_start_timer(s); |
302 ret=dtls1_send_server_hello(s); | 320 ret=dtls1_send_server_hello(s); |
303 if (ret <= 0) goto end; | 321 if (ret <= 0) goto end; |
304 | 322 |
305 #ifndef OPENSSL_NO_TLSEXT | 323 #ifndef OPENSSL_NO_TLSEXT |
306 if (s->hit) | 324 if (s->hit) |
307 { | 325 { |
308 if (s->tlsext_ticket_expected) | 326 if (s->tlsext_ticket_expected) |
309 s->state=SSL3_ST_SW_SESSION_TICKET_A; | 327 s->state=SSL3_ST_SW_SESSION_TICKET_A; |
310 else | 328 else |
311 s->state=SSL3_ST_SW_CHANGE_A; | 329 s->state=SSL3_ST_SW_CHANGE_A; |
312 } | 330 } |
313 #else | 331 #else |
314 if (s->hit) | 332 if (s->hit) |
315 s->state=SSL3_ST_SW_CHANGE_A; | 333 s->state=SSL3_ST_SW_CHANGE_A; |
316 #endif | 334 #endif |
317 else | 335 else |
318 s->state=SSL3_ST_SW_CERT_A; | 336 s->state=SSL3_ST_SW_CERT_A; |
319 s->init_num=0; | 337 s->init_num=0; |
320 break; | 338 break; |
321 | 339 |
322 case SSL3_ST_SW_CERT_A: | 340 case SSL3_ST_SW_CERT_A: |
323 case SSL3_ST_SW_CERT_B: | 341 case SSL3_ST_SW_CERT_B: |
324 » » » /* Check if it is anon DH */ | 342 » » » /* Check if it is anon DH or normal PSK */ |
325 » » » if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) | 343 » » » if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) |
| 344 » » » » && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL
_kPSK)) |
326 { | 345 { |
327 dtls1_start_timer(s); | 346 dtls1_start_timer(s); |
328 ret=dtls1_send_server_certificate(s); | 347 ret=dtls1_send_server_certificate(s); |
329 if (ret <= 0) goto end; | 348 if (ret <= 0) goto end; |
330 #ifndef OPENSSL_NO_TLSEXT | 349 #ifndef OPENSSL_NO_TLSEXT |
331 if (s->tlsext_status_expected) | 350 if (s->tlsext_status_expected) |
332 s->state=SSL3_ST_SW_CERT_STATUS_A; | 351 s->state=SSL3_ST_SW_CERT_STATUS_A; |
333 else | 352 else |
334 s->state=SSL3_ST_SW_KEY_EXCH_A; | 353 s->state=SSL3_ST_SW_KEY_EXCH_A; |
335 } | 354 } |
336 else | 355 else |
337 { | 356 { |
338 skip = 1; | 357 skip = 1; |
339 s->state=SSL3_ST_SW_KEY_EXCH_A; | 358 s->state=SSL3_ST_SW_KEY_EXCH_A; |
340 } | 359 } |
341 #else | 360 #else |
342 } | 361 } |
343 else | 362 else |
344 skip=1; | 363 skip=1; |
345 | 364 |
346 s->state=SSL3_ST_SW_KEY_EXCH_A; | 365 s->state=SSL3_ST_SW_KEY_EXCH_A; |
347 #endif | 366 #endif |
348 s->init_num=0; | 367 s->init_num=0; |
349 break; | 368 break; |
350 | 369 |
351 case SSL3_ST_SW_KEY_EXCH_A: | 370 case SSL3_ST_SW_KEY_EXCH_A: |
352 case SSL3_ST_SW_KEY_EXCH_B: | 371 case SSL3_ST_SW_KEY_EXCH_B: |
353 » » » l=s->s3->tmp.new_cipher->algorithms; | 372 » » » alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
354 | 373 |
355 /* clear this, it may get reset by | 374 /* clear this, it may get reset by |
356 * send_server_key_exchange */ | 375 * send_server_key_exchange */ |
357 if ((s->options & SSL_OP_EPHEMERAL_RSA) | 376 if ((s->options & SSL_OP_EPHEMERAL_RSA) |
358 #ifndef OPENSSL_NO_KRB5 | 377 #ifndef OPENSSL_NO_KRB5 |
359 » » » » && !(l & SSL_KRB5) | 378 » » » » && !(alg_k & SSL_kKRB5) |
360 #endif /* OPENSSL_NO_KRB5 */ | 379 #endif /* OPENSSL_NO_KRB5 */ |
361 ) | 380 ) |
362 /* option SSL_OP_EPHEMERAL_RSA sends temporary R
SA key | 381 /* option SSL_OP_EPHEMERAL_RSA sends temporary R
SA key |
363 * even when forbidden by protocol specs | 382 * even when forbidden by protocol specs |
364 * (handshake may fail as clients are not requir
ed to | 383 * (handshake may fail as clients are not requir
ed to |
365 * be able to handle this) */ | 384 * be able to handle this) */ |
366 s->s3->tmp.use_rsa_tmp=1; | 385 s->s3->tmp.use_rsa_tmp=1; |
367 else | 386 else |
368 s->s3->tmp.use_rsa_tmp=0; | 387 s->s3->tmp.use_rsa_tmp=0; |
369 | 388 |
370 » » » /* only send if a DH key exchange, fortezza or | 389 » » » /* only send if a DH key exchange or |
371 * RSA but we have a sign only certificate */ | 390 * RSA but we have a sign only certificate */ |
372 if (s->s3->tmp.use_rsa_tmp | 391 if (s->s3->tmp.use_rsa_tmp |
373 » » » || (l & (SSL_DH|SSL_kFZA)) | 392 » » » /* PSK: send ServerKeyExchange if PSK identity |
374 » » » || ((l & SSL_kRSA) | 393 » » » * hint if provided */ |
| 394 #ifndef OPENSSL_NO_PSK |
| 395 » » » || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) |
| 396 #endif |
| 397 » » » || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) |
| 398 » » » || (alg_k & SSL_kEECDH) |
| 399 » » » || ((alg_k & SSL_kRSA) |
375 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey
== NULL | 400 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey
== NULL |
376 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) | 401 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) |
377 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY
_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) | 402 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY
_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) |
378 ) | 403 ) |
379 ) | 404 ) |
380 ) | 405 ) |
381 ) | 406 ) |
382 { | 407 { |
383 dtls1_start_timer(s); | 408 dtls1_start_timer(s); |
384 ret=dtls1_send_server_key_exchange(s); | 409 ret=dtls1_send_server_key_exchange(s); |
(...skipping 10 matching lines...) Expand all Loading... |
395 case SSL3_ST_SW_CERT_REQ_B: | 420 case SSL3_ST_SW_CERT_REQ_B: |
396 if (/* don't request cert unless asked for it: */ | 421 if (/* don't request cert unless asked for it: */ |
397 !(s->verify_mode & SSL_VERIFY_PEER) || | 422 !(s->verify_mode & SSL_VERIFY_PEER) || |
398 /* if SSL_VERIFY_CLIENT_ONCE is set, | 423 /* if SSL_VERIFY_CLIENT_ONCE is set, |
399 * don't request cert during re-negotiation: */ | 424 * don't request cert during re-negotiation: */ |
400 ((s->session->peer != NULL) && | 425 ((s->session->peer != NULL) && |
401 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | 426 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || |
402 /* never request cert in anonymous ciphersuites | 427 /* never request cert in anonymous ciphersuites |
403 * (see section "Certificate request" in SSL 3 d
rafts | 428 * (see section "Certificate request" in SSL 3 d
rafts |
404 * and in RFC 2246): */ | 429 * and in RFC 2246): */ |
405 » » » » ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
&& | 430 » » » » ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aN
ULL) && |
406 /* ... except when the application insists on v
erification | 431 /* ... except when the application insists on v
erification |
407 * (against the specs, but s3_clnt.c accepts th
is for SSL 3) */ | 432 * (against the specs, but s3_clnt.c accepts th
is for SSL 3) */ |
408 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_C
ERT)) || | 433 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_C
ERT)) || |
409 /* never request cert in Kerberos ciphersuites
*/ | 434 » » » » /* never request cert in Kerberos ciphersuites
*/ |
410 (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) | 435 » » » » (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKR
B5) |
| 436 » » » » /* With normal PSK Certificates and |
| 437 » » » » * Certificate Requests are omitted */ |
| 438 » » » » || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_
kPSK)) |
411 { | 439 { |
412 /* no cert request */ | 440 /* no cert request */ |
413 skip=1; | 441 skip=1; |
414 s->s3->tmp.cert_request=0; | 442 s->s3->tmp.cert_request=0; |
415 s->state=SSL3_ST_SW_SRVR_DONE_A; | 443 s->state=SSL3_ST_SW_SRVR_DONE_A; |
416 } | 444 } |
417 else | 445 else |
418 { | 446 { |
419 s->s3->tmp.cert_request=1; | 447 s->s3->tmp.cert_request=1; |
420 dtls1_start_timer(s); | 448 dtls1_start_timer(s); |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
472 break; | 500 break; |
473 | 501 |
474 case SSL3_ST_SR_KEY_EXCH_A: | 502 case SSL3_ST_SR_KEY_EXCH_A: |
475 case SSL3_ST_SR_KEY_EXCH_B: | 503 case SSL3_ST_SR_KEY_EXCH_B: |
476 ret=ssl3_get_client_key_exchange(s); | 504 ret=ssl3_get_client_key_exchange(s); |
477 if (ret <= 0) goto end; | 505 if (ret <= 0) goto end; |
478 dtls1_stop_timer(s); | 506 dtls1_stop_timer(s); |
479 s->state=SSL3_ST_SR_CERT_VRFY_A; | 507 s->state=SSL3_ST_SR_CERT_VRFY_A; |
480 s->init_num=0; | 508 s->init_num=0; |
481 | 509 |
482 » » » /* We need to get hashes here so if there is | 510 » » » if (ret == 2) |
483 » » » * a client cert, it can be verified */ | 511 » » » » { |
484 » » » s->method->ssl3_enc->cert_verify_mac(s, | 512 » » » » /* For the ECDH ciphersuites when |
485 » » » » &(s->s3->finish_dgst1), | 513 » » » » * the client sends its ECDH pub key in |
486 » » » » &(s->s3->tmp.cert_verify_md[0])); | 514 » » » » * a certificate, the CertificateVerify |
487 » » » s->method->ssl3_enc->cert_verify_mac(s, | 515 » » » » * message is not sent. |
488 » » » » &(s->s3->finish_dgst2), | 516 » » » » */ |
489 » » » » &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]))
; | 517 » » » » s->state=SSL3_ST_SR_FINISHED_A; |
| 518 » » » » s->init_num = 0; |
| 519 » » » » } |
| 520 » » » else |
| 521 » » » » { |
| 522 » » » » s->state=SSL3_ST_SR_CERT_VRFY_A; |
| 523 » » » » s->init_num=0; |
490 | 524 |
| 525 /* We need to get hashes here so if there is |
| 526 * a client cert, it can be verified */ |
| 527 s->method->ssl3_enc->cert_verify_mac(s, |
| 528 NID_md5, |
| 529 &(s->s3->tmp.cert_verify_md[0])); |
| 530 s->method->ssl3_enc->cert_verify_mac(s, |
| 531 NID_sha1, |
| 532 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_L
ENGTH])); |
| 533 } |
491 break; | 534 break; |
492 | 535 |
493 case SSL3_ST_SR_CERT_VRFY_A: | 536 case SSL3_ST_SR_CERT_VRFY_A: |
494 case SSL3_ST_SR_CERT_VRFY_B: | 537 case SSL3_ST_SR_CERT_VRFY_B: |
495 | 538 |
496 s->d1->change_cipher_spec_ok = 1; | 539 s->d1->change_cipher_spec_ok = 1; |
497 /* we should decide if we expected this one */ | 540 /* we should decide if we expected this one */ |
498 ret=ssl3_get_cert_verify(s); | 541 ret=ssl3_get_cert_verify(s); |
499 if (ret <= 0) goto end; | 542 if (ret <= 0) goto end; |
500 dtls1_stop_timer(s); | 543 dtls1_stop_timer(s); |
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
679 int dtls1_send_hello_verify_request(SSL *s) | 722 int dtls1_send_hello_verify_request(SSL *s) |
680 { | 723 { |
681 unsigned int msg_len; | 724 unsigned int msg_len; |
682 unsigned char *msg, *buf, *p; | 725 unsigned char *msg, *buf, *p; |
683 | 726 |
684 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) | 727 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) |
685 { | 728 { |
686 buf = (unsigned char *)s->init_buf->data; | 729 buf = (unsigned char *)s->init_buf->data; |
687 | 730 |
688 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); | 731 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); |
689 » » if (s->client_version == DTLS1_BAD_VER) | 732 » » *(p++) = s->version >> 8; |
690 » » » *(p++) = DTLS1_BAD_VER>>8, | 733 » » *(p++) = s->version & 0xFF; |
691 » » » *(p++) = DTLS1_BAD_VER&0xff; | |
692 » » else | |
693 » » » *(p++) = s->version >> 8, | |
694 » » » *(p++) = s->version & 0xFF; | |
695 | 734 |
696 if (s->ctx->app_gen_cookie_cb == NULL || | 735 if (s->ctx->app_gen_cookie_cb == NULL || |
697 s->ctx->app_gen_cookie_cb(s, s->d1->cookie, | 736 s->ctx->app_gen_cookie_cb(s, s->d1->cookie, |
698 &(s->d1->cookie_len)) == 0) | 737 &(s->d1->cookie_len)) == 0) |
699 { | 738 { |
700 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTER
NAL_ERROR); | 739 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTER
NAL_ERROR); |
701 return 0; | 740 return 0; |
702 } | 741 } |
703 | 742 |
704 *(p++) = (unsigned char) s->d1->cookie_len; | 743 *(p++) = (unsigned char) s->d1->cookie_len; |
705 memcpy(p, s->d1->cookie, s->d1->cookie_len); | 744 memcpy(p, s->d1->cookie, s->d1->cookie_len); |
706 p += s->d1->cookie_len; | 745 p += s->d1->cookie_len; |
707 msg_len = p - msg; | 746 msg_len = p - msg; |
708 | 747 |
709 dtls1_set_message_header(s, buf, | 748 dtls1_set_message_header(s, buf, |
710 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len); | 749 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len); |
711 | 750 |
712 s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; | 751 s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; |
713 /* number of bytes to write */ | 752 /* number of bytes to write */ |
714 s->init_num=p-buf; | 753 s->init_num=p-buf; |
715 s->init_off=0; | 754 s->init_off=0; |
716 | |
717 /* buffer the message to handle re-xmits */ | |
718 dtls1_buffer_message(s, 0); | |
719 } | 755 } |
720 | 756 |
721 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ | 757 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ |
722 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | 758 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); |
723 } | 759 } |
724 | 760 |
725 int dtls1_send_server_hello(SSL *s) | 761 int dtls1_send_server_hello(SSL *s) |
726 { | 762 { |
727 unsigned char *buf; | 763 unsigned char *buf; |
728 unsigned char *p,*d; | 764 unsigned char *p,*d; |
729 int i; | 765 int i; |
730 unsigned int sl; | 766 unsigned int sl; |
731 unsigned long l,Time; | 767 unsigned long l,Time; |
732 | 768 |
733 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) | 769 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) |
734 { | 770 { |
735 buf=(unsigned char *)s->init_buf->data; | 771 buf=(unsigned char *)s->init_buf->data; |
736 p=s->s3->server_random; | 772 p=s->s3->server_random; |
737 Time=(unsigned long)time(NULL); /* Time */ | 773 Time=(unsigned long)time(NULL); /* Time */ |
738 l2n(Time,p); | 774 l2n(Time,p); |
739 RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); | 775 RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); |
740 /* Do the message type and length last */ | 776 /* Do the message type and length last */ |
741 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); | 777 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); |
742 | 778 |
743 » » if (s->client_version == DTLS1_BAD_VER) | 779 » » *(p++)=s->version>>8; |
744 » » » *(p++)=DTLS1_BAD_VER>>8, | 780 » » *(p++)=s->version&0xff; |
745 » » » *(p++)=DTLS1_BAD_VER&0xff; | |
746 » » else | |
747 » » » *(p++)=s->version>>8, | |
748 » » » *(p++)=s->version&0xff; | |
749 | 781 |
750 /* Random stuff */ | 782 /* Random stuff */ |
751 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | 783 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); |
752 p+=SSL3_RANDOM_SIZE; | 784 p+=SSL3_RANDOM_SIZE; |
753 | 785 |
754 /* now in theory we have 3 options to sending back the | 786 /* now in theory we have 3 options to sending back the |
755 * session id. If it is a re-use, we send back the | 787 * session id. If it is a re-use, we send back the |
756 * old session-id, if it is a new session, we send | 788 * old session-id, if it is a new session, we send |
757 * back the new session-id or we send back a 0 length | 789 * back the new session-id or we send back a 0 length |
758 * session-id if we want it to be single use. | 790 * session-id if we want it to be single use. |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
844 #ifndef OPENSSL_NO_RSA | 876 #ifndef OPENSSL_NO_RSA |
845 unsigned char *q; | 877 unsigned char *q; |
846 int j,num; | 878 int j,num; |
847 RSA *rsa; | 879 RSA *rsa; |
848 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | 880 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; |
849 unsigned int u; | 881 unsigned int u; |
850 #endif | 882 #endif |
851 #ifndef OPENSSL_NO_DH | 883 #ifndef OPENSSL_NO_DH |
852 DH *dh=NULL,*dhp; | 884 DH *dh=NULL,*dhp; |
853 #endif | 885 #endif |
| 886 #ifndef OPENSSL_NO_ECDH |
| 887 EC_KEY *ecdh=NULL, *ecdhp; |
| 888 unsigned char *encodedPoint = NULL; |
| 889 int encodedlen = 0; |
| 890 int curve_id = 0; |
| 891 BN_CTX *bn_ctx = NULL; |
| 892 #endif |
854 EVP_PKEY *pkey; | 893 EVP_PKEY *pkey; |
855 unsigned char *p,*d; | 894 unsigned char *p,*d; |
856 int al,i; | 895 int al,i; |
857 unsigned long type; | 896 unsigned long type; |
858 int n; | 897 int n; |
859 CERT *cert; | 898 CERT *cert; |
860 BIGNUM *r[4]; | 899 BIGNUM *r[4]; |
861 int nr[4],kn; | 900 int nr[4],kn; |
862 BUF_MEM *buf; | 901 BUF_MEM *buf; |
863 EVP_MD_CTX md_ctx; | 902 EVP_MD_CTX md_ctx; |
864 | 903 |
865 EVP_MD_CTX_init(&md_ctx); | 904 EVP_MD_CTX_init(&md_ctx); |
866 if (s->state == SSL3_ST_SW_KEY_EXCH_A) | 905 if (s->state == SSL3_ST_SW_KEY_EXCH_A) |
867 { | 906 { |
868 » » type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; | 907 » » type=s->s3->tmp.new_cipher->algorithm_mkey; |
869 cert=s->cert; | 908 cert=s->cert; |
870 | 909 |
871 buf=s->init_buf; | 910 buf=s->init_buf; |
872 | 911 |
873 r[0]=r[1]=r[2]=r[3]=NULL; | 912 r[0]=r[1]=r[2]=r[3]=NULL; |
874 n=0; | 913 n=0; |
875 #ifndef OPENSSL_NO_RSA | 914 #ifndef OPENSSL_NO_RSA |
876 if (type & SSL_kRSA) | 915 if (type & SSL_kRSA) |
877 { | 916 { |
878 rsa=cert->rsa_tmp; | 917 rsa=cert->rsa_tmp; |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
952 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHA
NGE,ERR_R_DH_LIB); | 991 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHA
NGE,ERR_R_DH_LIB); |
953 goto err; | 992 goto err; |
954 } | 993 } |
955 } | 994 } |
956 r[0]=dh->p; | 995 r[0]=dh->p; |
957 r[1]=dh->g; | 996 r[1]=dh->g; |
958 r[2]=dh->pub_key; | 997 r[2]=dh->pub_key; |
959 } | 998 } |
960 else | 999 else |
961 #endif | 1000 #endif |
| 1001 #ifndef OPENSSL_NO_ECDH |
| 1002 if (type & SSL_kEECDH) |
| 1003 { |
| 1004 const EC_GROUP *group; |
| 1005 |
| 1006 ecdhp=cert->ecdh_tmp; |
| 1007 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) |
| 1008 { |
| 1009 ecdhp=s->cert->ecdh_tmp_cb(s, |
| 1010 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), |
| 1011 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cip
her)); |
| 1012 } |
| 1013 if (ecdhp == NULL) |
| 1014 { |
| 1015 al=SSL_AD_HANDSHAKE_FAILURE; |
| 1016 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_
R_MISSING_TMP_ECDH_KEY); |
| 1017 goto f_err; |
| 1018 } |
| 1019 |
| 1020 if (s->s3->tmp.ecdh != NULL) |
| 1021 { |
| 1022 EC_KEY_free(s->s3->tmp.ecdh); |
| 1023 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR
_R_INTERNAL_ERROR); |
| 1024 goto err; |
| 1025 } |
| 1026 |
| 1027 /* Duplicate the ECDH structure. */ |
| 1028 if (ecdhp == NULL) |
| 1029 { |
| 1030 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_
R_ECDH_LIB); |
| 1031 goto err; |
| 1032 } |
| 1033 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) |
| 1034 { |
| 1035 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_
R_ECDH_LIB); |
| 1036 goto err; |
| 1037 } |
| 1038 |
| 1039 s->s3->tmp.ecdh=ecdh; |
| 1040 if ((EC_KEY_get0_public_key(ecdh) == NULL) || |
| 1041 (EC_KEY_get0_private_key(ecdh) == NULL) || |
| 1042 (s->options & SSL_OP_SINGLE_ECDH_USE)) |
| 1043 { |
| 1044 if(!EC_KEY_generate_key(ecdh)) |
| 1045 { |
| 1046 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
ERR_R_ECDH_LIB); |
| 1047 goto err; |
| 1048 } |
| 1049 } |
| 1050 |
| 1051 if (((group = EC_KEY_get0_group(ecdh)) == NULL) || |
| 1052 (EC_KEY_get0_public_key(ecdh) == NULL) || |
| 1053 (EC_KEY_get0_private_key(ecdh) == NULL)) |
| 1054 { |
| 1055 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_
R_ECDH_LIB); |
| 1056 goto err; |
| 1057 } |
| 1058 |
| 1059 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && |
| 1060 (EC_GROUP_get_degree(group) > 163)) |
| 1061 { |
| 1062 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_
R_ECGROUP_TOO_LARGE_FOR_CIPHER); |
| 1063 goto err; |
| 1064 } |
| 1065 |
| 1066 /* XXX: For now, we only support ephemeral ECDH |
| 1067 * keys over named (not generic) curves. For |
| 1068 * supported named curves, curve_id is non-zero. |
| 1069 */ |
| 1070 if ((curve_id = |
| 1071 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group))
) |
| 1072 == 0) |
| 1073 { |
| 1074 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_
R_UNSUPPORTED_ELLIPTIC_CURVE); |
| 1075 goto err; |
| 1076 } |
| 1077 |
| 1078 /* Encode the public key. |
| 1079 * First check the size of encoding and |
| 1080 * allocate memory accordingly. |
| 1081 */ |
| 1082 encodedlen = EC_POINT_point2oct(group, |
| 1083 EC_KEY_get0_public_key(ecdh), |
| 1084 POINT_CONVERSION_UNCOMPRESSED, |
| 1085 NULL, 0, NULL); |
| 1086 |
| 1087 encodedPoint = (unsigned char *) |
| 1088 OPENSSL_malloc(encodedlen*sizeof(unsigned char)); |
| 1089 bn_ctx = BN_CTX_new(); |
| 1090 if ((encodedPoint == NULL) || (bn_ctx == NULL)) |
| 1091 { |
| 1092 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_
R_MALLOC_FAILURE); |
| 1093 goto err; |
| 1094 } |
| 1095 |
| 1096 |
| 1097 encodedlen = EC_POINT_point2oct(group, |
| 1098 EC_KEY_get0_public_key(ecdh), |
| 1099 POINT_CONVERSION_UNCOMPRESSED, |
| 1100 encodedPoint, encodedlen, bn_ctx); |
| 1101 |
| 1102 if (encodedlen == 0) |
| 1103 { |
| 1104 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_
R_ECDH_LIB); |
| 1105 goto err; |
| 1106 } |
| 1107 |
| 1108 BN_CTX_free(bn_ctx); bn_ctx=NULL; |
| 1109 |
| 1110 /* XXX: For now, we only support named (not |
| 1111 * generic) curves in ECDH ephemeral key exchanges. |
| 1112 * In this situation, we need four additional bytes |
| 1113 * to encode the entire ServerECDHParams |
| 1114 * structure. |
| 1115 */ |
| 1116 n = 4 + encodedlen; |
| 1117 |
| 1118 /* We'll generate the serverKeyExchange message |
| 1119 * explicitly so we can set these to NULLs |
| 1120 */ |
| 1121 r[0]=NULL; |
| 1122 r[1]=NULL; |
| 1123 r[2]=NULL; |
| 1124 r[3]=NULL; |
| 1125 } |
| 1126 else |
| 1127 #endif /* !OPENSSL_NO_ECDH */ |
| 1128 #ifndef OPENSSL_NO_PSK |
| 1129 if (type & SSL_kPSK) |
| 1130 { |
| 1131 /* reserve size for record length and PSK identi
ty hint*/ |
| 1132 n+=2+strlen(s->ctx->psk_identity_hint); |
| 1133 } |
| 1134 else |
| 1135 #endif /* !OPENSSL_NO_PSK */ |
962 { | 1136 { |
963 al=SSL_AD_HANDSHAKE_FAILURE; | 1137 al=SSL_AD_HANDSHAKE_FAILURE; |
964 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOW
N_KEY_EXCHANGE_TYPE); | 1138 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOW
N_KEY_EXCHANGE_TYPE); |
965 goto f_err; | 1139 goto f_err; |
966 } | 1140 } |
967 for (i=0; r[i] != NULL; i++) | 1141 for (i=0; r[i] != NULL; i++) |
968 { | 1142 { |
969 nr[i]=BN_num_bytes(r[i]); | 1143 nr[i]=BN_num_bytes(r[i]); |
970 n+=2+nr[i]; | 1144 n+=2+nr[i]; |
971 } | 1145 } |
972 | 1146 |
973 » » if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) | 1147 » » if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) |
| 1148 » » » && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) |
974 { | 1149 { |
975 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher)) | 1150 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher)) |
976 == NULL) | 1151 == NULL) |
977 { | 1152 { |
978 al=SSL_AD_DECODE_ERROR; | 1153 al=SSL_AD_DECODE_ERROR; |
979 goto f_err; | 1154 goto f_err; |
980 } | 1155 } |
981 kn=EVP_PKEY_size(pkey); | 1156 kn=EVP_PKEY_size(pkey); |
982 } | 1157 } |
983 else | 1158 else |
(...skipping 10 matching lines...) Expand all Loading... |
994 d=(unsigned char *)s->init_buf->data; | 1169 d=(unsigned char *)s->init_buf->data; |
995 p= &(d[DTLS1_HM_HEADER_LENGTH]); | 1170 p= &(d[DTLS1_HM_HEADER_LENGTH]); |
996 | 1171 |
997 for (i=0; r[i] != NULL; i++) | 1172 for (i=0; r[i] != NULL; i++) |
998 { | 1173 { |
999 s2n(nr[i],p); | 1174 s2n(nr[i],p); |
1000 BN_bn2bin(r[i],p); | 1175 BN_bn2bin(r[i],p); |
1001 p+=nr[i]; | 1176 p+=nr[i]; |
1002 } | 1177 } |
1003 | 1178 |
| 1179 #ifndef OPENSSL_NO_ECDH |
| 1180 if (type & SSL_kEECDH) |
| 1181 { |
| 1182 /* XXX: For now, we only support named (not generic) cur
ves. |
| 1183 * In this situation, the serverKeyExchange message has: |
| 1184 * [1 byte CurveType], [2 byte CurveName] |
| 1185 * [1 byte length of encoded point], followed by |
| 1186 * the actual encoded point itself |
| 1187 */ |
| 1188 *p = NAMED_CURVE_TYPE; |
| 1189 p += 1; |
| 1190 *p = 0; |
| 1191 p += 1; |
| 1192 *p = curve_id; |
| 1193 p += 1; |
| 1194 *p = encodedlen; |
| 1195 p += 1; |
| 1196 memcpy((unsigned char*)p, |
| 1197 (unsigned char *)encodedPoint, |
| 1198 encodedlen); |
| 1199 OPENSSL_free(encodedPoint); |
| 1200 p += encodedlen; |
| 1201 } |
| 1202 #endif |
| 1203 |
| 1204 #ifndef OPENSSL_NO_PSK |
| 1205 if (type & SSL_kPSK) |
| 1206 { |
| 1207 /* copy PSK identity hint */ |
| 1208 s2n(strlen(s->ctx->psk_identity_hint), p); |
| 1209 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->
ctx->psk_identity_hint)); |
| 1210 p+=strlen(s->ctx->psk_identity_hint); |
| 1211 } |
| 1212 #endif |
| 1213 |
1004 /* not anonymous */ | 1214 /* not anonymous */ |
1005 if (pkey != NULL) | 1215 if (pkey != NULL) |
1006 { | 1216 { |
1007 /* n is the length of the params, they start at | 1217 /* n is the length of the params, they start at |
1008 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the spac
e | 1218 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the spac
e |
1009 * at the end. */ | 1219 * at the end. */ |
1010 #ifndef OPENSSL_NO_RSA | 1220 #ifndef OPENSSL_NO_RSA |
1011 if (pkey->type == EVP_PKEY_RSA) | 1221 if (pkey->type == EVP_PKEY_RSA) |
1012 { | 1222 { |
1013 q=md_buf; | 1223 q=md_buf; |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1047 (unsigned int *)&i,pkey)) | 1257 (unsigned int *)&i,pkey)) |
1048 { | 1258 { |
1049 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHA
NGE,ERR_LIB_DSA); | 1259 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHA
NGE,ERR_LIB_DSA); |
1050 goto err; | 1260 goto err; |
1051 } | 1261 } |
1052 s2n(i,p); | 1262 s2n(i,p); |
1053 n+=i+2; | 1263 n+=i+2; |
1054 } | 1264 } |
1055 else | 1265 else |
1056 #endif | 1266 #endif |
| 1267 #if !defined(OPENSSL_NO_ECDSA) |
| 1268 if (pkey->type == EVP_PKEY_EC) |
| 1269 { |
| 1270 /* let's do ECDSA */ |
| 1271 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); |
| 1272 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]
),SSL3_RANDOM_SIZE); |
| 1273 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]
),SSL3_RANDOM_SIZE); |
| 1274 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGT
H]),n); |
| 1275 if (!EVP_SignFinal(&md_ctx,&(p[2]), |
| 1276 (unsigned int *)&i,pkey)) |
| 1277 { |
| 1278 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHA
NGE,ERR_LIB_ECDSA); |
| 1279 goto err; |
| 1280 } |
| 1281 s2n(i,p); |
| 1282 n+=i+2; |
| 1283 } |
| 1284 else |
| 1285 #endif |
1057 { | 1286 { |
1058 /* Is this error check actually needed? */ | 1287 /* Is this error check actually needed? */ |
1059 al=SSL_AD_HANDSHAKE_FAILURE; | 1288 al=SSL_AD_HANDSHAKE_FAILURE; |
1060 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_
R_UNKNOWN_PKEY_TYPE); | 1289 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_
R_UNKNOWN_PKEY_TYPE); |
1061 goto f_err; | 1290 goto f_err; |
1062 } | 1291 } |
1063 } | 1292 } |
1064 | 1293 |
1065 d = dtls1_set_message_header(s, d, | 1294 d = dtls1_set_message_header(s, d, |
1066 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n); | 1295 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n); |
1067 | 1296 |
1068 /* we should now have things packed up, so lets send | 1297 /* we should now have things packed up, so lets send |
1069 * it off */ | 1298 * it off */ |
1070 s->init_num=n+DTLS1_HM_HEADER_LENGTH; | 1299 s->init_num=n+DTLS1_HM_HEADER_LENGTH; |
1071 s->init_off=0; | 1300 s->init_off=0; |
1072 | 1301 |
1073 /* buffer the message to handle re-xmits */ | 1302 /* buffer the message to handle re-xmits */ |
1074 dtls1_buffer_message(s, 0); | 1303 dtls1_buffer_message(s, 0); |
1075 } | 1304 } |
1076 | 1305 |
1077 s->state = SSL3_ST_SW_KEY_EXCH_B; | 1306 s->state = SSL3_ST_SW_KEY_EXCH_B; |
1078 EVP_MD_CTX_cleanup(&md_ctx); | 1307 EVP_MD_CTX_cleanup(&md_ctx); |
1079 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | 1308 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); |
1080 f_err: | 1309 f_err: |
1081 ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1310 ssl3_send_alert(s,SSL3_AL_FATAL,al); |
1082 err: | 1311 err: |
| 1312 #ifndef OPENSSL_NO_ECDH |
| 1313 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); |
| 1314 BN_CTX_free(bn_ctx); |
| 1315 #endif |
1083 EVP_MD_CTX_cleanup(&md_ctx); | 1316 EVP_MD_CTX_cleanup(&md_ctx); |
1084 return(-1); | 1317 return(-1); |
1085 } | 1318 } |
1086 | 1319 |
1087 int dtls1_send_certificate_request(SSL *s) | 1320 int dtls1_send_certificate_request(SSL *s) |
1088 { | 1321 { |
1089 unsigned char *p,*d; | 1322 unsigned char *p,*d; |
1090 int i,j,nl,off,n; | 1323 int i,j,nl,off,n; |
1091 STACK_OF(X509_NAME) *sk=NULL; | 1324 STACK_OF(X509_NAME) *sk=NULL; |
1092 X509_NAME *name; | 1325 X509_NAME *name; |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1186 } | 1419 } |
1187 | 1420 |
1188 int dtls1_send_server_certificate(SSL *s) | 1421 int dtls1_send_server_certificate(SSL *s) |
1189 { | 1422 { |
1190 unsigned long l; | 1423 unsigned long l; |
1191 X509 *x; | 1424 X509 *x; |
1192 | 1425 |
1193 if (s->state == SSL3_ST_SW_CERT_A) | 1426 if (s->state == SSL3_ST_SW_CERT_A) |
1194 { | 1427 { |
1195 x=ssl_get_server_send_cert(s); | 1428 x=ssl_get_server_send_cert(s); |
1196 » » if (x == NULL && | 1429 » » if (x == NULL) |
1197 /* VRS: allow null cert if auth == KRB5 */ | |
1198 (s->s3->tmp.new_cipher->algorithms | |
1199 & (SSL_MKEY_MASK|SSL_AUTH_MASK)) | |
1200 != (SSL_aKRB5|SSL_kKRB5)) | |
1201 { | 1430 { |
1202 » » » SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNA
L_ERROR); | 1431 » » » /* VRS: allow null cert if auth == KRB5 */ |
1203 » » » return(0); | 1432 » » » if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5)
|| |
| 1433 » » » (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)
) |
| 1434 » » » » { |
| 1435 » » » » SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R
_INTERNAL_ERROR); |
| 1436 » » » » return(0); |
| 1437 » » » » } |
1204 } | 1438 } |
1205 | 1439 |
1206 l=dtls1_output_cert_chain(s,x); | 1440 l=dtls1_output_cert_chain(s,x); |
1207 s->state=SSL3_ST_SW_CERT_B; | 1441 s->state=SSL3_ST_SW_CERT_B; |
1208 s->init_num=(int)l; | 1442 s->init_num=(int)l; |
1209 s->init_off=0; | 1443 s->init_off=0; |
1210 | 1444 |
1211 /* buffer the message to handle re-xmits */ | 1445 /* buffer the message to handle re-xmits */ |
1212 dtls1_buffer_message(s, 0); | 1446 dtls1_buffer_message(s, 0); |
1213 } | 1447 } |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1320 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); | 1554 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); |
1321 | 1555 |
1322 /* buffer the message to handle re-xmits */ | 1556 /* buffer the message to handle re-xmits */ |
1323 dtls1_buffer_message(s, 0); | 1557 dtls1_buffer_message(s, 0); |
1324 } | 1558 } |
1325 | 1559 |
1326 /* SSL3_ST_SW_SESSION_TICKET_B */ | 1560 /* SSL3_ST_SW_SESSION_TICKET_B */ |
1327 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | 1561 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); |
1328 } | 1562 } |
1329 #endif | 1563 #endif |
OLD | NEW |