summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/ssl/d1_srvr.c
diff options
context:
space:
mode:
authorjsing <jsing@openbsd.org>2014-04-14 14:51:11 +0000
committerjsing <jsing@openbsd.org>2014-04-14 14:51:11 +0000
commitce8f2adf972e266554f5a2fd4d271957a24b903e (patch)
tree29b0f1f764a1f4fb2b293cfb79e00776f57f70c9 /lib/libssl/src/ssl/d1_srvr.c
parentreplace PTR_SIZE_INT (only used for VMS) with uintptr_t, tweaks from jca@, (diff)
downloadwireguard-openbsd-ce8f2adf972e266554f5a2fd4d271957a24b903e.tar.xz
wireguard-openbsd-ce8f2adf972e266554f5a2fd4d271957a24b903e.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'lib/libssl/src/ssl/d1_srvr.c')
-rw-r--r--lib/libssl/src/ssl/d1_srvr.c1523
1 files changed, 726 insertions, 797 deletions
diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c
index aacf8fd380d..95dffe94841 100644
--- a/lib/libssl/src/ssl/d1_srvr.c
+++ b/lib/libssl/src/ssl/d1_srvr.c
@@ -129,47 +129,48 @@
static const SSL_METHOD *dtls1_get_server_method(int ver);
static int dtls1_send_hello_verify_request(SSL *s);
-static const SSL_METHOD *dtls1_get_server_method(int ver)
- {
+static const SSL_METHOD
+*dtls1_get_server_method(int ver)
+{
if (ver == DTLS1_VERSION)
- return(DTLSv1_server_method());
+ return (DTLSv1_server_method());
else
- return(NULL);
- }
+ return (NULL);
+}
IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
- dtls1_accept,
- ssl_undefined_function,
- dtls1_get_server_method)
+ dtls1_accept, ssl_undefined_function, dtls1_get_server_method)
-int dtls1_accept(SSL *s)
- {
+int
+dtls1_accept(SSL *s)
+{
BUF_MEM *buf;
- unsigned long Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
+ unsigned long Time = (unsigned long)time(NULL);
+ void (*cb)(const SSL *ssl, int type, int val) = NULL;
unsigned long alg_k;
- int ret= -1;
- int new_state,state,skip=0;
+ int ret = -1;
+ int new_state, state, skip = 0;
int listen;
#ifndef OPENSSL_NO_SCTP
unsigned char sctpauthkey[64];
char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
#endif
- RAND_add(&Time,sizeof(Time),0);
+ RAND_add(&Time, sizeof(Time), 0);
ERR_clear_error();
errno = 0;
if (s->info_callback != NULL)
- cb=s->info_callback;
+ cb = s->info_callback;
else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
+ cb = s->ctx->info_callback;
+
listen = s->d1->listen;
/* init things to blank */
s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+ if (!SSL_in_init(s) || SSL_in_before(s))
+ SSL_clear(s);
s->d1->listen = listen;
#ifndef OPENSSL_NO_SCTP
@@ -177,36 +178,33 @@ int dtls1_accept(SSL *s)
* mode and prevent stream identifier other
* than 0. Will be ignored if no SCTP is used.
*/
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+ s->in_handshake, NULL);
#endif
- if (s->cert == NULL)
- {
- SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
+ if (s->cert == NULL) {
+ SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+ return (-1);
+ }
#ifndef OPENSSL_NO_HEARTBEATS
/* If we're awaiting a HeartbeatResponse, pretend we
* already got and don't await it anymore, because
* Heartbeats don't make sense during handshakes anyway.
*/
- if (s->tlsext_hb_pending)
- {
+ if (s->tlsext_hb_pending) {
dtls1_stop_timer(s);
s->tlsext_hb_pending = 0;
s->tlsext_hb_seq++;
- }
+ }
#endif
- for (;;)
- {
- state=s->state;
+ for (;;) {
+ state = s->state;
- switch (s->state)
- {
+ switch (s->state) {
case SSL_ST_RENEGOTIATE:
- s->renegotiate=1;
+ s->renegotiate = 1;
/* s->state=SSL_ST_ACCEPT; */
case SSL_ST_BEFORE:
@@ -214,41 +212,36 @@ int dtls1_accept(SSL *s)
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+ s->server = 1;
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_START, 1);
- if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
- {
+ if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
return -1;
- }
- s->type=SSL_ST_ACCEPT;
+ }
+ s->type = SSL_ST_ACCEPT;
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
+ if (s->init_buf == NULL) {
+ if ((buf = BUF_MEM_new()) == NULL) {
+ ret = -1;
goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
+ }
+ if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+ ret = -1;
goto end;
- }
- s->init_buf=buf;
}
+ s->init_buf = buf;
+ }
- if (!ssl3_setup_buffers(s))
- {
- ret= -1;
+ if (!ssl3_setup_buffers(s)) {
+ ret = -1;
goto end;
- }
+ }
- s->init_num=0;
+ s->init_num = 0;
- if (s->state != SSL_ST_RENEGOTIATE)
- {
+ if (s->state != SSL_ST_RENEGOTIATE) {
/* Ok, we now need to push on a buffering BIO so that
* the output is sent in a way that TCP likes :-)
* ...but not with SCTP :-)
@@ -256,48 +249,51 @@ int dtls1_accept(SSL *s)
#ifndef OPENSSL_NO_SCTP
if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
#endif
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+ if (!ssl_init_wbio_buffer(s, 1)) {
+ ret = -1;
+ goto end;
+ }
ssl3_init_finished_mac(s);
- s->state=SSL3_ST_SR_CLNT_HELLO_A;
+ s->state = SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->stats.sess_accept++;
- }
- else
- {
+ } else {
/* s->state == SSL_ST_RENEGOTIATE,
* we will just send a HelloRequest */
s->ctx->stats.sess_accept_renegotiate++;
- s->state=SSL3_ST_SW_HELLO_REQ_A;
- }
+ s->state = SSL3_ST_SW_HELLO_REQ_A;
+ }
break;
case SSL3_ST_SW_HELLO_REQ_A:
case SSL3_ST_SW_HELLO_REQ_B:
- s->shutdown=0;
+ s->shutdown = 0;
dtls1_clear_record_buffer(s);
dtls1_start_timer(s);
- ret=dtls1_send_hello_request(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
+ ret = dtls1_send_hello_request(s);
+ if (ret <= 0)
+ goto end;
+ s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+ s->state = SSL3_ST_SW_FLUSH;
+ s->init_num = 0;
ssl3_init_finished_mac(s);
break;
case SSL3_ST_SW_HELLO_REQ_C:
- s->state=SSL_ST_OK;
+ s->state = SSL_ST_OK;
break;
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
- s->shutdown=0;
- ret=ssl3_get_client_hello(s);
- if (ret <= 0) goto end;
+ s->shutdown = 0;
+ ret = ssl3_get_client_hello(s);
+ if (ret <= 0)
+ goto end;
dtls1_stop_timer(s);
if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
@@ -305,17 +301,15 @@ int dtls1_accept(SSL *s)
else
s->state = SSL3_ST_SW_SRVR_HELLO_A;
- s->init_num=0;
+ s->init_num = 0;
/* Reflect ClientHello sequence to remain stateless while listening */
- if (listen)
- {
+ if (listen) {
memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
- }
+ }
/* If we're just listening, stop here */
- if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
- {
+ if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
ret = 2;
s->d1->listen = 0;
/* Set expected sequence numbers
@@ -325,57 +319,56 @@ int dtls1_accept(SSL *s)
s->d1->handshake_write_seq = 1;
s->d1->next_handshake_write_seq = 1;
goto end;
- }
-
+ }
+
break;
-
+
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
ret = dtls1_send_hello_verify_request(s);
- if ( ret <= 0) goto end;
- s->state=SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_FLUSH;
+ s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
/* HelloVerifyRequest resets Finished MAC */
if (s->version != DTLS1_BAD_VER)
ssl3_init_finished_mac(s);
break;
-
+
#ifndef OPENSSL_NO_SCTP
case DTLS1_SCTP_ST_SR_READ_SOCK:
-
- if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
- {
- s->s3->in_read_app_data=2;
- s->rwstate=SSL_READING;
+
+ if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+ s->s3->in_read_app_data = 2;
+ s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
ret = -1;
goto end;
- }
-
- s->state=SSL3_ST_SR_FINISHED_A;
+ }
+
+ s->state = SSL3_ST_SR_FINISHED_A;
break;
-
+
case DTLS1_SCTP_ST_SW_WRITE_SOCK:
ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
- if (ret < 0) goto end;
-
- if (ret == 0)
- {
- if (s->d1->next_state != SSL_ST_OK)
- {
- s->s3->in_read_app_data=2;
- s->rwstate=SSL_READING;
+ if (ret < 0)
+ goto end;
+
+ if (ret == 0) {
+ if (s->d1->next_state != SSL_ST_OK) {
+ s->s3->in_read_app_data = 2;
+ s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
ret = -1;
goto end;
- }
}
+ }
- s->state=s->d1->next_state;
+ s->state = s->d1->next_state;
break;
#endif
@@ -383,67 +376,65 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_SRVR_HELLO_B:
s->renegotiate = 2;
dtls1_start_timer(s);
- ret=dtls1_send_server_hello(s);
- if (ret <= 0) goto end;
+ ret = dtls1_send_server_hello(s);
+ if (ret <= 0)
+ goto end;
- if (s->hit)
- {
+ if (s->hit) {
#ifndef OPENSSL_NO_SCTP
/* Add new shared key for SCTP-Auth,
* will be ignored if no SCTP used.
*/
- snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
- DTLS1_SCTP_AUTH_LABEL);
+ snprintf((char*)labelbuffer,
+ sizeof(DTLS1_SCTP_AUTH_LABEL),
+ DTLS1_SCTP_AUTH_LABEL);
SSL_export_keying_material(s, sctpauthkey,
- sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
-
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
- sizeof(sctpauthkey), sctpauthkey);
+ sizeof(sctpauthkey), labelbuffer,
+ sizeof(labelbuffer), NULL, 0, 0);
+
+ BIO_ctrl(SSL_get_wbio(s),
+ BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+ sizeof(sctpauthkey), sctpauthkey);
#endif
#ifndef OPENSSL_NO_TLSEXT
if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_SW_SESSION_TICKET_A;
+ s->state = SSL3_ST_SW_SESSION_TICKET_A;
else
- s->state=SSL3_ST_SW_CHANGE_A;
+ s->state = SSL3_ST_SW_CHANGE_A;
#else
- s->state=SSL3_ST_SW_CHANGE_A;
+ s->state = SSL3_ST_SW_CHANGE_A;
#endif
- }
- else
- s->state=SSL3_ST_SW_CERT_A;
- s->init_num=0;
+ } else
+ s->state = SSL3_ST_SW_CERT_A;
+ s->init_num = 0;
break;
case SSL3_ST_SW_CERT_A:
case SSL3_ST_SW_CERT_B:
/* Check if it is anon DH or normal PSK */
- if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
- && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
- {
+ if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
+ !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
dtls1_start_timer(s);
- ret=dtls1_send_server_certificate(s);
- if (ret <= 0) goto end;
+ ret = dtls1_send_server_certificate(s);
+ if (ret <= 0)
+ goto end;
#ifndef OPENSSL_NO_TLSEXT
if (s->tlsext_status_expected)
- s->state=SSL3_ST_SW_CERT_STATUS_A;
+ s->state = SSL3_ST_SW_CERT_STATUS_A;
else
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- }
- else
- {
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+ } else {
skip = 1;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- }
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+ }
#else
- }
- else
- skip=1;
+ } else
+ skip = 1;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
#endif
- s->init_num=0;
+ s->init_num = 0;
break;
case SSL3_ST_SW_KEY_EXCH_A:
@@ -454,16 +445,16 @@ int dtls1_accept(SSL *s)
* send_server_key_exchange */
if ((s->options & SSL_OP_EPHEMERAL_RSA)
#ifndef OPENSSL_NO_KRB5
- && !(alg_k & SSL_kKRB5)
+ && !(alg_k & SSL_kKRB5)
#endif /* OPENSSL_NO_KRB5 */
- )
+ )
/* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
* even when forbidden by protocol specs
* (handshake may fail as clients are not required to
* be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
+ s->s3->tmp.use_rsa_tmp = 1;
else
- s->s3->tmp.use_rsa_tmp=0;
+ s->s3->tmp.use_rsa_tmp = 0;
/* only send if a DH key exchange or
* RSA but we have a sign only certificate */
@@ -471,119 +462,112 @@ int dtls1_accept(SSL *s)
/* PSK: send ServerKeyExchange if PSK identity
* hint if provided */
#ifndef OPENSSL_NO_PSK
- || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
+ || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
#endif
- || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- || (alg_k & SSL_kEECDH)
- || ((alg_k & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
- )
- )
- )
- )
- {
+ || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ || (alg_k & SSL_kEECDH)
+ || ((alg_k & SSL_kRSA)
+ && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+ || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
+ && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
+ )
+ )
+ )
+ ) {
dtls1_start_timer(s);
- ret=dtls1_send_server_key_exchange(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
+ ret = dtls1_send_server_key_exchange(s);
+ if (ret <= 0)
+ goto end;
+ } else
+ skip = 1;
- s->state=SSL3_ST_SW_CERT_REQ_A;
- s->init_num=0;
+ s->state = SSL3_ST_SW_CERT_REQ_A;
+ s->init_num = 0;
break;
case SSL3_ST_SW_CERT_REQ_A:
case SSL3_ST_SW_CERT_REQ_B:
if (/* don't request cert unless asked for it: */
- !(s->verify_mode & SSL_VERIFY_PEER) ||
+ !(s->verify_mode & SSL_VERIFY_PEER) ||
/* if SSL_VERIFY_CLIENT_ONCE is set,
* don't request cert during re-negotiation: */
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+ ((s->session->peer != NULL) &&
+ (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
/* never request cert in anonymous ciphersuites
* (see section "Certificate request" in SSL 3 drafts
* and in RFC 2246): */
- ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
+ ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
/* ... except when the application insists on verification
* (against the specs, but s3_clnt.c accepts this for SSL 3) */
- !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
- /* never request cert in Kerberos ciphersuites */
- (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
+ !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+ /* never request cert in Kerberos ciphersuites */
+ (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
/* With normal PSK Certificates and
* Certificate Requests are omitted */
- || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
- {
+ || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
/* no cert request */
- skip=1;
- s->s3->tmp.cert_request=0;
- s->state=SSL3_ST_SW_SRVR_DONE_A;
+ skip = 1;
+ s->s3->tmp.cert_request = 0;
+ s->state = SSL3_ST_SW_SRVR_DONE_A;
#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
- {
+ if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
- }
-#endif
}
- else
- {
- s->s3->tmp.cert_request=1;
+#endif
+ } else {
+ s->s3->tmp.cert_request = 1;
dtls1_start_timer(s);
- ret=dtls1_send_certificate_request(s);
- if (ret <= 0) goto end;
+ ret = dtls1_send_certificate_request(s);
+ if (ret <= 0)
+ goto end;
#ifndef NETSCAPE_HANG_BUG
- s->state=SSL3_ST_SW_SRVR_DONE_A;
+ s->state = SSL3_ST_SW_SRVR_DONE_A;
#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
- {
+ if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
- }
+ }
#endif
#else
- s->state=SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+ s->state = SSL3_ST_SW_FLUSH;
+ s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
- {
+ if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
s->d1->next_state = s->s3->tmp.next_state;
- s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
- }
+ s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
+ }
#endif
#endif
- s->init_num=0;
- }
+ s->init_num = 0;
+ }
break;
case SSL3_ST_SW_SRVR_DONE_A:
case SSL3_ST_SW_SRVR_DONE_B:
dtls1_start_timer(s);
- ret=dtls1_send_server_done(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
+ ret = dtls1_send_server_done(s);
+ if (ret <= 0)
+ goto end;
+ s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
+ s->state = SSL3_ST_SW_FLUSH;
+ s->init_num = 0;
break;
-
+
case SSL3_ST_SW_FLUSH:
- s->rwstate=SSL_WRITING;
- if (BIO_flush(s->wbio) <= 0)
- {
+ s->rwstate = SSL_WRITING;
+ if (BIO_flush(s->wbio) <= 0) {
/* If the write error was fatal, stop trying */
- if (!BIO_should_retry(s->wbio))
- {
- s->rwstate=SSL_NOTHING;
- s->state=s->s3->tmp.next_state;
- }
-
- ret= -1;
- goto end;
+ if (!BIO_should_retry(s->wbio)) {
+ s->rwstate = SSL_NOTHING;
+ s->state = s->s3->tmp.next_state;
}
- s->rwstate=SSL_NOTHING;
- s->state=s->s3->tmp.next_state;
+
+ ret = -1;
+ goto end;
+ }
+ s->rwstate = SSL_NOTHING;
+ s->state = s->s3->tmp.next_state;
break;
case SSL3_ST_SR_CERT_A:
@@ -592,67 +576,65 @@ int dtls1_accept(SSL *s)
ret = ssl3_check_client_hello(s);
if (ret <= 0)
goto end;
- if (ret == 2)
- {
+ if (ret == 2) {
dtls1_stop_timer(s);
s->state = SSL3_ST_SR_CLNT_HELLO_C;
- }
- else {
+ } else {
/* could be sent for a DH cert, even if we
* have not asked for it :-) */
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL3_ST_SR_KEY_EXCH_A;
+ ret = ssl3_get_client_certificate(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL3_ST_SR_KEY_EXCH_A;
}
break;
case SSL3_ST_SR_KEY_EXCH_A:
case SSL3_ST_SR_KEY_EXCH_B:
- ret=ssl3_get_client_key_exchange(s);
- if (ret <= 0) goto end;
+ ret = ssl3_get_client_key_exchange(s);
+ if (ret <= 0)
+ goto end;
#ifndef OPENSSL_NO_SCTP
/* Add new shared key for SCTP-Auth,
* will be ignored if no SCTP used.
*/
- snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
- DTLS1_SCTP_AUTH_LABEL);
+ snprintf((char *)labelbuffer,
+ sizeof(DTLS1_SCTP_AUTH_LABEL),
+ DTLS1_SCTP_AUTH_LABEL);
SSL_export_keying_material(s, sctpauthkey,
- sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(sctpauthkey), labelbuffer,
+ sizeof(labelbuffer), NULL, 0, 0);
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
- sizeof(sctpauthkey), sctpauthkey);
+ BIO_ctrl(SSL_get_wbio(s),
+ BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+ sizeof(sctpauthkey), sctpauthkey);
#endif
- s->state=SSL3_ST_SR_CERT_VRFY_A;
- s->init_num=0;
+ s->state = SSL3_ST_SR_CERT_VRFY_A;
+ s->init_num = 0;
- if (ret == 2)
- {
+ if (ret == 2) {
/* For the ECDH ciphersuites when
* the client sends its ECDH pub key in
* a certificate, the CertificateVerify
* message is not sent.
*/
- s->state=SSL3_ST_SR_FINISHED_A;
+ s->state = SSL3_ST_SR_FINISHED_A;
+ s->init_num = 0;
+ } else {
+ s->state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0;
- }
- else
- {
- s->state=SSL3_ST_SR_CERT_VRFY_A;
- s->init_num=0;
/* We need to get hashes here so if there is
* a client cert, it can be verified */
s->method->ssl3_enc->cert_verify_mac(s,
- NID_md5,
- &(s->s3->tmp.cert_verify_md[0]));
+ NID_md5, &(s->s3->tmp.cert_verify_md[0]));
s->method->ssl3_enc->cert_verify_mac(s,
- NID_sha1,
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
- }
+ NID_sha1,
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+ }
break;
case SSL3_ST_SR_CERT_VRFY_A:
@@ -660,51 +642,55 @@ int dtls1_accept(SSL *s)
s->d1->change_cipher_spec_ok = 1;
/* we should decide if we expected this one */
- ret=ssl3_get_cert_verify(s);
- if (ret <= 0) goto end;
+ ret = ssl3_get_cert_verify(s);
+ if (ret <= 0)
+ goto end;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
state == SSL_ST_RENEGOTIATE)
- s->state=DTLS1_SCTP_ST_SR_READ_SOCK;
+ s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
else
#endif
- s->state=SSL3_ST_SR_FINISHED_A;
- s->init_num=0;
+ s->state = SSL3_ST_SR_FINISHED_A;
+ s->init_num = 0;
break;
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
s->d1->change_cipher_spec_ok = 1;
- ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
- SSL3_ST_SR_FINISHED_B);
- if (ret <= 0) goto end;
+ ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
+ SSL3_ST_SR_FINISHED_B);
+ if (ret <= 0)
+ goto end;
dtls1_stop_timer(s);
if (s->hit)
- s->state=SSL_ST_OK;
+ s->state = SSL_ST_OK;
#ifndef OPENSSL_NO_TLSEXT
else if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_SW_SESSION_TICKET_A;
+ s->state = SSL3_ST_SW_SESSION_TICKET_A;
#endif
else
- s->state=SSL3_ST_SW_CHANGE_A;
- s->init_num=0;
+ s->state = SSL3_ST_SW_CHANGE_A;
+ s->init_num = 0;
break;
#ifndef OPENSSL_NO_TLSEXT
case SSL3_ST_SW_SESSION_TICKET_A:
case SSL3_ST_SW_SESSION_TICKET_B:
- ret=dtls1_send_newsession_ticket(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_CHANGE_A;
- s->init_num=0;
+ ret = dtls1_send_newsession_ticket(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_CHANGE_A;
+ s->init_num = 0;
break;
case SSL3_ST_SW_CERT_STATUS_A:
case SSL3_ST_SW_CERT_STATUS_B:
- ret=ssl3_send_cert_status(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- s->init_num=0;
+ ret = ssl3_send_cert_status(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+ s->init_num = 0;
break;
#endif
@@ -712,69 +698,69 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_CHANGE_A:
case SSL3_ST_SW_CHANGE_B:
- s->session->cipher=s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s))
- { ret= -1; goto end; }
+ s->session->cipher = s->s3->tmp.new_cipher;
+ if (!s->method->ssl3_enc->setup_key_block(s)) {
+ ret = -1;
+ goto end;
+ }
- ret=dtls1_send_change_cipher_spec(s,
- SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
+ ret = dtls1_send_change_cipher_spec(s,
+ SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
- if (ret <= 0) goto end;
+ if (ret <= 0)
+ goto end;
#ifndef OPENSSL_NO_SCTP
- if (!s->hit)
- {
+ if (!s->hit) {
/* Change to new shared key of SCTP-Auth,
* will be ignored if no SCTP used.
*/
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
- }
+ BIO_ctrl(SSL_get_wbio(s),
+ BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+ }
#endif
- s->state=SSL3_ST_SW_FINISHED_A;
- s->init_num=0;
+ s->state = SSL3_ST_SW_FINISHED_A;
+ s->init_num = 0;
if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_SERVER_WRITE))
- {
- ret= -1;
+ SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
+ ret = -1;
goto end;
- }
+ }
dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
break;
case SSL3_ST_SW_FINISHED_A:
case SSL3_ST_SW_FINISHED_B:
- ret=dtls1_send_finished(s,
- SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
- s->method->ssl3_enc->server_finished_label,
- s->method->ssl3_enc->server_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FLUSH;
- if (s->hit)
- {
- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ ret = dtls1_send_finished(s,
+ SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
+ s->method->ssl3_enc->server_finished_label,
+ s->method->ssl3_enc->server_finished_label_len);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_FLUSH;
+ if (s->hit) {
+ s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
#ifndef OPENSSL_NO_SCTP
/* Change to new shared key of SCTP-Auth,
* will be ignored if no SCTP used.
*/
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+ BIO_ctrl(SSL_get_wbio(s),
+ BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
#endif
- }
- else
- {
- s->s3->tmp.next_state=SSL_ST_OK;
+ } else {
+ s->s3->tmp.next_state = SSL_ST_OK;
#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
- {
+ if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
s->d1->next_state = s->s3->tmp.next_state;
- s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
- }
-#endif
+ s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
}
- s->init_num=0;
+#endif
+ }
+ s->init_num = 0;
break;
case SSL_ST_OK:
@@ -783,28 +769,29 @@ int dtls1_accept(SSL *s)
#if 0
BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
+ s->init_buf = NULL;
#endif
/* remove buffering on output */
ssl_free_wbio_buffer(s);
- s->init_num=0;
+ s->init_num = 0;
if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
- {
- s->renegotiate=0;
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
+ {
+ s->renegotiate = 0;
+ s->new_session = 0;
+
+ ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
s->ctx->stats.sess_accept_good++;
/* s->server=1; */
- s->handshake_func=dtls1_accept;
+ s->handshake_func = dtls1_accept;
+
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+ }
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
- }
-
ret = 1;
/* done handshaking, next message is client hello */
@@ -816,77 +803,74 @@ int dtls1_accept(SSL *s)
/* break; */
default:
- SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
+ SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
+ ret = -1;
goto end;
/* break; */
- }
-
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
+ }
+ if (!s->s3->tmp.reuse_message && !skip) {
+ if (s->debug) {
+ if ((ret = BIO_flush(s->wbio)) <= 0)
+ goto end;
+ }
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
+ if ((cb != NULL) && (s->state != state)) {
+ new_state = s->state;
+ s->state = state;
+ cb(s, SSL_CB_ACCEPT_LOOP, 1);
+ s->state = new_state;
}
- skip=0;
}
+ skip = 0;
+ }
end:
/* BIO_flush(s->wbio); */
s->in_handshake--;
#ifndef OPENSSL_NO_SCTP
- /* Notify SCTP BIO socket to leave handshake
- * mode and prevent stream identifier other
- * than 0. Will be ignored if no SCTP is used.
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
+ /* Notify SCTP BIO socket to leave handshake
+ * mode and prevent stream identifier other
+ * than 0. Will be ignored if no SCTP is used.
+ */
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+ s->in_handshake, NULL);
#endif
if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
+ cb(s, SSL_CB_ACCEPT_EXIT, ret);
+ return (ret);
+}
-int dtls1_send_hello_request(SSL *s)
- {
+int
+dtls1_send_hello_request(SSL *s)
+{
unsigned char *p;
- if (s->state == SSL3_ST_SW_HELLO_REQ_A)
- {
- p=(unsigned char *)s->init_buf->data;
+ if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
+ p = (unsigned char *)s->init_buf->data;
p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
- s->state=SSL3_ST_SW_HELLO_REQ_B;
+ s->state = SSL3_ST_SW_HELLO_REQ_B;
/* number of bytes to write */
- s->init_num=DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
+ s->init_num = DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
/* no need to buffer this message, since there are no retransmit
* requests for it */
- }
+ }
/* SSL3_ST_SW_HELLO_REQ_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
-int dtls1_send_hello_verify_request(SSL *s)
- {
+int
+dtls1_send_hello_verify_request(SSL *s)
+{
unsigned int msg_len;
unsigned char *msg, *buf, *p;
- if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A)
- {
+ if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
buf = (unsigned char *)s->init_buf->data;
msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
@@ -894,12 +878,11 @@ int dtls1_send_hello_verify_request(SSL *s)
*(p++) = s->version & 0xFF;
if (s->ctx->app_gen_cookie_cb == NULL ||
- s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
- &(s->d1->cookie_len)) == 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+ s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+ &(s->d1->cookie_len)) == 0) {
+ SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR);
return 0;
- }
+ }
*(p++) = (unsigned char) s->d1->cookie_len;
memcpy(p, s->d1->cookie, s->d1->cookie_len);
@@ -907,40 +890,40 @@ int dtls1_send_hello_verify_request(SSL *s)
msg_len = p - msg;
dtls1_set_message_header(s, buf,
- DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
+ DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
- s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
+ s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
/* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
- }
+ s->init_num = p - buf;
+ s->init_off = 0;
+ }
/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
-int dtls1_send_server_hello(SSL *s)
- {
+int
+dtls1_send_server_hello(SSL *s)
+{
unsigned char *buf;
- unsigned char *p,*d;
+ unsigned char *p, *d;
int i;
unsigned int sl;
unsigned long l;
- if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
- {
- buf=(unsigned char *)s->init_buf->data;
- p=s->s3->server_random;
+ if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
+ buf = (unsigned char *)s->init_buf->data;
+ p = s->s3->server_random;
ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
/* Do the message type and length last */
- d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
+ d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
+ *(p++) = s->version >> 8;
+ *(p++) = s->version&0xff;
/* Random stuff */
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
/* now in theory we have 3 options to sending back the
* session id. If it is a re-use, we send back the
@@ -951,320 +934,292 @@ int dtls1_send_server_hello(SSL *s)
* 12-Jan-98 - I'll now support the '0' length stuff.
*/
if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
- s->session->session_id_length=0;
+ s->session->session_id_length = 0;
- sl=s->session->session_id_length;
- if (sl > sizeof s->session->session_id)
- {
+ sl = s->session->session_id_length;
+ if (sl > sizeof s->session->session_id) {
SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
- }
- *(p++)=sl;
- memcpy(p,s->session->session_id,sl);
- p+=sl;
+ }
+ *(p++) = sl;
+ memcpy(p, s->session->session_id, sl);
+ p += sl;
/* put the cipher */
if (s->s3->tmp.new_cipher == NULL)
return -1;
- i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
- p+=i;
+ i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
+ p += i;
/* put the compression method */
#ifdef OPENSSL_NO_COMP
- *(p++)=0;
+ *(p++) = 0;
#else
if (s->s3->tmp.new_compression == NULL)
- *(p++)=0;
+ *(p++) = 0;
else
- *(p++)=s->s3->tmp.new_compression->id;
+ *(p++) = s->s3->tmp.new_compression->id;
#endif
#ifndef OPENSSL_NO_TLSEXT
- if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
+ if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
- }
+ }
#endif
/* do the header */
- l=(p-d);
- d=buf;
+ l = (p - d);
+ d = buf;
d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
- s->state=SSL3_ST_SW_SRVR_HELLO_B;
+ s->state = SSL3_ST_SW_SRVR_HELLO_B;
/* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
+ s->init_num = p - buf;
+ s->init_off = 0;
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
- }
+ }
/* SSL3_ST_SW_SRVR_HELLO_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
-int dtls1_send_server_done(SSL *s)
- {
+int
+dtls1_send_server_done(SSL *s)
+{
unsigned char *p;
- if (s->state == SSL3_ST_SW_SRVR_DONE_A)
- {
- p=(unsigned char *)s->init_buf->data;
+ if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
+ p = (unsigned char *)s->init_buf->data;
/* do the header */
p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
- s->state=SSL3_ST_SW_SRVR_DONE_B;
+ s->state = SSL3_ST_SW_SRVR_DONE_B;
/* number of bytes to write */
- s->init_num=DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
+ s->init_num = DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
- }
+ }
/* SSL3_ST_SW_SRVR_DONE_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
-int dtls1_send_server_key_exchange(SSL *s)
- {
+int
+dtls1_send_server_key_exchange(SSL *s)
+{
#ifndef OPENSSL_NO_RSA
unsigned char *q;
- int j,num;
+ int j, num;
RSA *rsa;
- unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+ unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
unsigned int u;
#endif
#ifndef OPENSSL_NO_DH
- DH *dh=NULL,*dhp;
+ DH *dh = NULL, *dhp;
#endif
#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh=NULL, *ecdhp;
+ EC_KEY *ecdh = NULL, *ecdhp;
unsigned char *encodedPoint = NULL;
int encodedlen = 0;
int curve_id = 0;
- BN_CTX *bn_ctx = NULL;
+ BN_CTX *bn_ctx = NULL;
+
#endif
EVP_PKEY *pkey;
- unsigned char *p,*d;
- int al,i;
+ unsigned char *p, *d;
+ int al, i;
unsigned long type;
int n;
CERT *cert;
BIGNUM *r[4];
- int nr[4],kn;
+ int nr[4], kn;
BUF_MEM *buf;
EVP_MD_CTX md_ctx;
EVP_MD_CTX_init(&md_ctx);
- if (s->state == SSL3_ST_SW_KEY_EXCH_A)
- {
- type=s->s3->tmp.new_cipher->algorithm_mkey;
- cert=s->cert;
+ if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
+ type = s->s3->tmp.new_cipher->algorithm_mkey;
+ cert = s->cert;
- buf=s->init_buf;
+ buf = s->init_buf;
- r[0]=r[1]=r[2]=r[3]=NULL;
- n=0;
+ r[0] = r[1] = r[2] = r[3] = NULL;
+ n = 0;
#ifndef OPENSSL_NO_RSA
- if (type & SSL_kRSA)
- {
- rsa=cert->rsa_tmp;
- if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
- {
- rsa=s->cert->rsa_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if(rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+ if (type & SSL_kRSA) {
+ rsa = cert->rsa_tmp;
+ if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
+ rsa = s->cert->rsa_tmp_cb(s,
+ SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+ if (rsa == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
goto f_err;
}
RSA_up_ref(rsa);
- cert->rsa_tmp=rsa;
- }
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
+ cert->rsa_tmp = rsa;
+ }
+ if (rsa == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_RSA_KEY);
goto f_err;
- }
- r[0]=rsa->n;
- r[1]=rsa->e;
- s->s3->tmp.use_rsa_tmp=1;
}
- else
+ r[0] = rsa->n;
+ r[1] = rsa->e;
+ s->s3->tmp.use_rsa_tmp = 1;
+ } else
#endif
#ifndef OPENSSL_NO_DH
- if (type & SSL_kEDH)
- {
- dhp=cert->dh_tmp;
+ if (type & SSL_kEDH) {
+ dhp = cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
- dhp=s->cert->dh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if (dhp == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
+ dhp = s->cert->dh_tmp_cb(s,
+ SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+ if (dhp == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
- }
+ }
- if (s->s3->tmp.dh != NULL)
- {
+ if (s->s3->tmp.dh != NULL) {
DH_free(dh);
SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
- }
+ }
- if ((dh=DHparams_dup(dhp)) == NULL)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+ if ((dh = DHparams_dup(dhp)) == NULL) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
goto err;
- }
+ }
- s->s3->tmp.dh=dh;
- if ((dhp->pub_key == NULL ||
- dhp->priv_key == NULL ||
- (s->options & SSL_OP_SINGLE_DH_USE)))
- {
- if(!DH_generate_key(dh))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
- ERR_R_DH_LIB);
- goto err;
- }
+ s->s3->tmp.dh = dh;
+ if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
+ (s->options & SSL_OP_SINGLE_DH_USE))) {
+ if (!DH_generate_key(dh)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+ ERR_R_DH_LIB);
+ goto err;
}
- else
- {
- dh->pub_key=BN_dup(dhp->pub_key);
- dh->priv_key=BN_dup(dhp->priv_key);
+ } else {
+ dh->pub_key = BN_dup(dhp->pub_key);
+ dh->priv_key = BN_dup(dhp->priv_key);
if ((dh->pub_key == NULL) ||
- (dh->priv_key == NULL))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+ (dh->priv_key == NULL)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
goto err;
- }
}
- r[0]=dh->p;
- r[1]=dh->g;
- r[2]=dh->pub_key;
}
- else
+ r[0] = dh->p;
+ r[1] = dh->g;
+ r[2] = dh->pub_key;
+ } else
#endif
#ifndef OPENSSL_NO_ECDH
- if (type & SSL_kEECDH)
- {
+ if (type & SSL_kEECDH) {
const EC_GROUP *group;
- ecdhp=cert->ecdh_tmp;
- if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
- {
- ecdhp=s->cert->ecdh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- }
- if (ecdhp == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
+ ecdhp = cert->ecdh_tmp;
+ if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) {
+ ecdhp = s->cert->ecdh_tmp_cb(s,
+ SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+ }
+ if (ecdhp == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY);
goto f_err;
- }
+ }
+
+ if (s->s3->tmp.ecdh != NULL) {
+ EC_KEY_free(s->s3->tmp.ecdh);
- if (s->s3->tmp.ecdh != NULL)
- {
- EC_KEY_free(s->s3->tmp.ecdh);
SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
- }
+ }
/* Duplicate the ECDH structure. */
- if (ecdhp == NULL)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ if (ecdhp == NULL) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
goto err;
- }
- if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ }
+ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
goto err;
- }
+ }
- s->s3->tmp.ecdh=ecdh;
+ s->s3->tmp.ecdh = ecdh;
if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
(EC_KEY_get0_private_key(ecdh) == NULL) ||
- (s->options & SSL_OP_SINGLE_ECDH_USE))
- {
- if(!EC_KEY_generate_key(ecdh))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
+ (s->options & SSL_OP_SINGLE_ECDH_USE)) {
+ if (!EC_KEY_generate_key(ecdh)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ goto err;
}
+ }
if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
(EC_KEY_get0_public_key(ecdh) == NULL) ||
- (EC_KEY_get0_private_key(ecdh) == NULL))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ (EC_KEY_get0_private_key(ecdh) == NULL)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
goto err;
- }
+ }
if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
- (EC_GROUP_get_degree(group) > 163))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+ (EC_GROUP_get_degree(group) > 163)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
goto err;
- }
+ }
/* XXX: For now, we only support ephemeral ECDH
* keys over named (not generic) curves. For
* supported named curves, curve_id is non-zero.
*/
- if ((curve_id =
- tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
- == 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+ if ((curve_id = tls1_ec_nid2curve_id(
+ EC_GROUP_get_curve_name(group))) == 0) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
goto err;
- }
+ }
/* Encode the public key.
* First check the size of encoding and
* allocate memory accordingly.
*/
- encodedlen = EC_POINT_point2oct(group,
- EC_KEY_get0_public_key(ecdh),
- POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, NULL);
+ encodedlen = EC_POINT_point2oct(group,
+ EC_KEY_get0_public_key(ecdh),
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, NULL);
+
+ encodedPoint = (unsigned char *)
+ OPENSSL_malloc(encodedlen*sizeof(unsigned char));
- encodedPoint = (unsigned char *)
- OPENSSL_malloc(encodedlen*sizeof(unsigned char));
bn_ctx = BN_CTX_new();
- if ((encodedPoint == NULL) || (bn_ctx == NULL))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+ if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto err;
- }
+ }
- encodedlen = EC_POINT_point2oct(group,
- EC_KEY_get0_public_key(ecdh),
- POINT_CONVERSION_UNCOMPRESSED,
- encodedPoint, encodedlen, bn_ctx);
+ encodedlen = EC_POINT_point2oct(group,
+ EC_KEY_get0_public_key(ecdh),
+ POINT_CONVERSION_UNCOMPRESSED,
+ encodedPoint, encodedlen, bn_ctx);
- if (encodedlen == 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ if (encodedlen == 0) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
goto err;
- }
+ }
- BN_CTX_free(bn_ctx); bn_ctx=NULL;
+ BN_CTX_free(bn_ctx);
+ bn_ctx = NULL;
/* XXX: For now, we only support named (not
* generic) curves in ECDH ephemeral key exchanges.
@@ -1277,67 +1232,56 @@ int dtls1_send_server_key_exchange(SSL *s)
/* We'll generate the serverKeyExchange message
* explicitly so we can set these to NULLs
*/
- r[0]=NULL;
- r[1]=NULL;
- r[2]=NULL;
- r[3]=NULL;
- }
- else
+ r[0] = NULL;
+ r[1] = NULL;
+ r[2] = NULL;
+ r[3] = NULL;
+ } else
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
- if (type & SSL_kPSK)
- {
- /* reserve size for record length and PSK identity hint*/
- n+=2+strlen(s->ctx->psk_identity_hint);
- }
- else
+ if (type & SSL_kPSK) {
+ /* reserve size for record length and PSK identity hint*/
+ n += 2 + strlen(s->ctx->psk_identity_hint);
+ } else
#endif /* !OPENSSL_NO_PSK */
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+ {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
goto f_err;
- }
- for (i=0; r[i] != NULL; i++)
- {
- nr[i]=BN_num_bytes(r[i]);
- n+=2+nr[i];
- }
+ }
+ for (i = 0; r[i] != NULL; i++) {
+ nr[i] = BN_num_bytes(r[i]);
+ n += 2 + nr[i];
+ }
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
- && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
- {
- if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL))
- == NULL)
- {
- al=SSL_AD_DECODE_ERROR;
+ && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+ if ((pkey = ssl_get_sign_pkey(s,
+ s->s3->tmp.new_cipher, NULL)) == NULL) {
+ al = SSL_AD_DECODE_ERROR;
goto f_err;
- }
- kn=EVP_PKEY_size(pkey);
- }
- else
- {
- pkey=NULL;
- kn=0;
}
+ kn = EVP_PKEY_size(pkey);
+ } else {
+ pkey = NULL;
+ kn = 0;
+ }
- if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
+ if (!BUF_MEM_grow_clean(buf, n + DTLS1_HM_HEADER_LENGTH + kn)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
goto err;
- }
- d=(unsigned char *)s->init_buf->data;
- p= &(d[DTLS1_HM_HEADER_LENGTH]);
+ }
+ d = (unsigned char *)s->init_buf->data;
+ p = &(d[DTLS1_HM_HEADER_LENGTH]);
- for (i=0; r[i] != NULL; i++)
- {
- s2n(nr[i],p);
- BN_bn2bin(r[i],p);
- p+=nr[i];
- }
+ for (i = 0; r[i] != NULL; i++) {
+ s2n(nr[i], p);
+ BN_bn2bin(r[i], p);
+ p += nr[i];
+ }
#ifndef OPENSSL_NO_ECDH
- if (type & SSL_kEECDH)
- {
+ if (type & SSL_kEECDH) {
/* XXX: For now, we only support named (not generic) curves.
* In this situation, the serverKeyExchange message has:
* [1 byte CurveType], [2 byte CurveName]
@@ -1352,268 +1296,257 @@ int dtls1_send_server_key_exchange(SSL *s)
p += 1;
*p = encodedlen;
p += 1;
- memcpy((unsigned char*)p,
- (unsigned char *)encodedPoint,
- encodedlen);
+ memcpy((unsigned char*)p,
+ (unsigned char *)encodedPoint,
+ encodedlen);
OPENSSL_free(encodedPoint);
p += encodedlen;
- }
+ }
#endif
#ifndef OPENSSL_NO_PSK
- if (type & SSL_kPSK)
- {
+ if (type & SSL_kPSK) {
/* copy PSK identity hint */
- s2n(strlen(s->ctx->psk_identity_hint), p);
+ s2n(strlen(s->ctx->psk_identity_hint), p);
+
strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
- p+=strlen(s->ctx->psk_identity_hint);
- }
+ p += strlen(s->ctx->psk_identity_hint);
+ }
#endif
/* not anonymous */
- if (pkey != NULL)
- {
+ if (pkey != NULL) {
/* n is the length of the params, they start at
* &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
* at the end. */
#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- q=md_buf;
- j=0;
- for (num=2; num > 0; num--)
- {
- EVP_DigestInit_ex(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
- EVP_DigestFinal_ex(&md_ctx,q,
- (unsigned int *)&i);
- q+=i;
- j+=i;
- }
- if (RSA_sign(NID_md5_sha1, md_buf, j,
- &(p[2]), &u, pkey->pkey.rsa) <= 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
+ if (pkey->type == EVP_PKEY_RSA) {
+ q = md_buf;
+ j = 0;
+ for (num = 2; num > 0; num--) {
+ EVP_DigestInit_ex(&md_ctx, (num == 2)
+ ? s->ctx->md5 : s->ctx->sha1, NULL);
+ EVP_DigestUpdate(&md_ctx,
+ &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&md_ctx,
+ &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&md_ctx,
+ &(d[DTLS1_HM_HEADER_LENGTH]), n);
+ EVP_DigestFinal_ex(&md_ctx, q,
+ (unsigned int *)&i);
+ q += i;
+ j += i;
+ }
+ if (RSA_sign(NID_md5_sha1, md_buf, j, &(p[2]),
+ &u, pkey->pkey.rsa) <= 0) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
goto err;
- }
- s2n(u,p);
- n+=u+2;
}
- else
+ s2n(u, p);
+ n += u + 2;
+ } else
#endif
#if !defined(OPENSSL_NO_DSA)
- if (pkey->type == EVP_PKEY_DSA)
- {
+ if (pkey->type == EVP_PKEY_DSA) {
/* lets do DSS */
- EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
- EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
- if (!EVP_SignFinal(&md_ctx,&(p[2]),
- (unsigned int *)&i,pkey))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
+ EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
+ EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
+ if (!EVP_SignFinal(&md_ctx, &(p[2]),
+ (unsigned int *)&i, pkey)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA);
goto err;
- }
- s2n(i,p);
- n+=i+2;
}
- else
+ s2n(i, p);
+ n += i + 2;
+ } else
#endif
#if !defined(OPENSSL_NO_ECDSA)
- if (pkey->type == EVP_PKEY_EC)
- {
+ if (pkey->type == EVP_PKEY_EC) {
/* let's do ECDSA */
- EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
- EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
- if (!EVP_SignFinal(&md_ctx,&(p[2]),
- (unsigned int *)&i,pkey))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
+ EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL);
+ EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
+ if (!EVP_SignFinal(&md_ctx, &(p[2]),
+ (unsigned int *)&i, pkey)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_ECDSA);
goto err;
- }
- s2n(i,p);
- n+=i+2;
}
- else
+ s2n(i, p);
+ n += i + 2;
+ } else
#endif
- {
+ {
/* Is this error check actually needed? */
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_PKEY_TYPE);
goto f_err;
- }
}
+ }
d = dtls1_set_message_header(s, d,
- SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
+ SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
/* we should now have things packed up, so lets send
* it off */
- s->init_num=n+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
+ s->init_num = n + DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
- }
+ }
s->state = SSL3_ST_SW_KEY_EXCH_B;
EVP_MD_CTX_cleanup(&md_ctx);
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
#ifndef OPENSSL_NO_ECDH
- if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
+ if (encodedPoint != NULL)
+ OPENSSL_free(encodedPoint);
BN_CTX_free(bn_ctx);
#endif
EVP_MD_CTX_cleanup(&md_ctx);
- return(-1);
- }
-
-int dtls1_send_certificate_request(SSL *s)
- {
- unsigned char *p,*d;
- int i,j,nl,off,n;
- STACK_OF(X509_NAME) *sk=NULL;
+ return (-1);
+}
+
+int
+dtls1_send_certificate_request(SSL *s)
+{
+ unsigned char *p, *d;
+ int i, j, nl, off, n;
+ STACK_OF(X509_NAME) *sk = NULL;
X509_NAME *name;
BUF_MEM *buf;
unsigned int msg_len;
- if (s->state == SSL3_ST_SW_CERT_REQ_A)
- {
- buf=s->init_buf;
+ if (s->state == SSL3_ST_SW_CERT_REQ_A) {
+ buf = s->init_buf;
- d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
+ d = p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
/* get the list of acceptable cert types */
p++;
- n=ssl3_get_req_cert_type(s,p);
- d[0]=n;
- p+=n;
+ n = ssl3_get_req_cert_type(s, p);
+ d[0] = n;
+ p += n;
n++;
- off=n;
- p+=2;
- n+=2;
-
- sk=SSL_get_client_CA_list(s);
- nl=0;
- if (sk != NULL)
- {
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- name=sk_X509_NAME_value(sk,i);
- j=i2d_X509_NAME(name,NULL);
- if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
- {
- SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+ off = n;
+ p += 2;
+ n += 2;
+
+ sk = SSL_get_client_CA_list(s);
+ nl = 0;
+ if (sk != NULL) {
+ for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+ name = sk_X509_NAME_value(sk, i);
+ j = i2d_X509_NAME(name, NULL);
+ if (!BUF_MEM_grow_clean(buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
+ SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
goto err;
- }
- p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- {
- s2n(j,p);
- i2d_X509_NAME(name,&p);
- n+=2+j;
- nl+=2+j;
- }
- else
- {
- d=p;
- i2d_X509_NAME(name,&p);
- j-=2; s2n(j,d); j+=2;
- n+=j;
- nl+=j;
- }
+ }
+ p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
+ if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
+ s2n(j, p);
+ i2d_X509_NAME(name, &p);
+ n += 2 + j;
+ nl += 2 + j;
+ } else {
+ d = p;
+ i2d_X509_NAME(name, &p);
+ j -= 2;
+ s2n(j, d);
+ j += 2;
+ n += j;
+ nl += j;
}
}
+ }
/* else no CA names */
- p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]);
- s2n(nl,p);
+ p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
+ s2n(nl, p);
- d=(unsigned char *)buf->data;
- *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
- l2n3(n,d);
- s2n(s->d1->handshake_write_seq,d);
+ d = (unsigned char *)buf->data;
+ *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
+ l2n3(n, d);
+ s2n(s->d1->handshake_write_seq, d);
s->d1->handshake_write_seq++;
/* we should now have things packed up, so lets send
* it off */
- s->init_num=n+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
+ s->init_num = n + DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
#ifdef NETSCAPE_HANG_BUG
/* XXX: what to do about this? */
- p=(unsigned char *)s->init_buf->data + s->init_num;
+ p = (unsigned char *)s->init_buf->data + s->init_num;
/* do the header */
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
+ *(p++) = SSL3_MT_SERVER_DONE;
+ *(p++) = 0;
+ *(p++) = 0;
+ *(p++) = 0;
s->init_num += 4;
#endif
/* XDTLS: set message header ? */
msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
dtls1_set_message_header(s, (void *)s->init_buf->data,
- SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
+ SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
s->state = SSL3_ST_SW_CERT_REQ_B;
- }
+ }
/* SSL3_ST_SW_CERT_REQ_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
err:
- return(-1);
- }
+ return (-1);
+}
-int dtls1_send_server_certificate(SSL *s)
- {
+int
+dtls1_send_server_certificate(SSL *s)
+{
unsigned long l;
X509 *x;
- if (s->state == SSL3_ST_SW_CERT_A)
- {
- x=ssl_get_server_send_cert(s);
- if (x == NULL)
- {
+ if (s->state == SSL3_ST_SW_CERT_A) {
+ x = ssl_get_server_send_cert(s);
+ if (x == NULL) {
/* VRS: allow null cert if auth == KRB5 */
if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
- (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
- return(0);
- }
+ (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ return (0);
}
+ }
- l=dtls1_output_cert_chain(s,x);
- s->state=SSL3_ST_SW_CERT_B;
- s->init_num=(int)l;
- s->init_off=0;
+ l = dtls1_output_cert_chain(s, x);
+ s->state = SSL3_ST_SW_CERT_B;
+ s->init_num = (int)l;
+ s->init_off = 0;
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
- }
+ }
/* SSL3_ST_SW_CERT_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
#ifndef OPENSSL_NO_TLSEXT
-int dtls1_send_newsession_ticket(SSL *s)
- {
- if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
- {
+int
+dtls1_send_newsession_ticket(SSL *s)
+{
+ if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
unsigned char *p, *senc, *macstart;
int len, slen;
unsigned int hlen, msg_len;
@@ -1638,8 +1571,8 @@ int dtls1_send_newsession_ticket(SSL *s)
* length) + max_md_size (HMAC).
*/
if (!BUF_MEM_grow(s->init_buf,
- DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
- EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
+ DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
+ EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
return -1;
senc = OPENSSL_malloc(slen);
if (!senc)
@@ -1647,31 +1580,27 @@ int dtls1_send_newsession_ticket(SSL *s)
p = senc;
i2d_SSL_SESSION(s->session, &p);
- p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+ p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
EVP_CIPHER_CTX_init(&ctx);
HMAC_CTX_init(&hctx);
/* Initialize HMAC and cipher contexts. If callback present
* it does all the work otherwise use generated values
* from parent ctx.
*/
- if (tctx->tlsext_ticket_key_cb)
- {
+ if (tctx->tlsext_ticket_key_cb) {
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
- &hctx, 1) < 0)
- {
+ &hctx, 1) < 0) {
OPENSSL_free(senc);
return -1;
- }
}
- else
- {
+ } else {
RAND_pseudo_bytes(iv, 16);
EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
- tctx->tlsext_tick_aes_key, iv);
+ tctx->tlsext_tick_aes_key, iv);
HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
+ tlsext_tick_md(), NULL);
memcpy(key_name, tctx->tlsext_tick_key_name, 16);
- }
+ }
l2n(s->session->tlsext_tick_lifetime_hint, p);
/* Skip ticket length for now */
p += 2;
@@ -1698,25 +1627,25 @@ int dtls1_send_newsession_ticket(SSL *s)
/* Total length */
len = p - (unsigned char *)(s->init_buf->data);
/* Ticket length */
- p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
+ p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
/* number of bytes to write */
- s->init_num= len;
- s->state=SSL3_ST_SW_SESSION_TICKET_B;
- s->init_off=0;
+ s->init_num = len;
+ s->state = SSL3_ST_SW_SESSION_TICKET_B;
+ s->init_off = 0;
OPENSSL_free(senc);
/* XDTLS: set message header ? */
msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
dtls1_set_message_header(s, (void *)s->init_buf->data,
- SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
+ SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
- }
+ }
/* SSL3_ST_SW_SESSION_TICKET_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
#endif
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.