195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* 295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * DTLS implementation written by Nagendra Modadugu 395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* ==================================================================== 695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Redistribution and use in source and binary forms, with or without 995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * modification, are permitted provided that the following conditions 1095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * are met: 1195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1. Redistributions of source code must retain the above copyright 1395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer. 1495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2. Redistributions in binary form must reproduce the above copyright 1695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer in 1795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the documentation and/or other materials provided with the 1895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * distribution. 1995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3. All advertising materials mentioning features or use of this 2195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * software must display the following acknowledgment: 2295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software developed by the OpenSSL Project 2395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * endorse or promote products derived from this software without 2795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * prior written permission. For written permission, please contact 2895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * openssl-core@OpenSSL.org. 2995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5. Products derived from this software may not be called "OpenSSL" 3195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * nor may "OpenSSL" appear in their names without prior written 3295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * permission of the OpenSSL Project. 3395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6. Redistributions of any form whatsoever must retain the following 3595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * acknowledgment: 3695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software developed by the OpenSSL Project 3795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 4995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 5195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ==================================================================== 5295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This product includes cryptographic software written by Eric Young 5495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * (eay@cryptsoft.com). This product includes software written by Tim 5595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Hudson (tjh@cryptsoft.com). 5695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 5895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 5995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * All rights reserved. 6095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This package is an SSL implementation written 6295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * by Eric Young (eay@cryptsoft.com). 6395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The implementation was written so as to conform with Netscapes SSL. 6495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This library is free for commercial and non-commercial use as long as 6695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the following conditions are aheared to. The following conditions 6795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * apply to all code found in this distribution, be it the RC4, RSA, 6895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * lhash, DES, etc., code; not just the SSL code. The SSL documentation 6995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * included with this distribution is covered by the same copyright terms 7095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * except that the holder is Tim Hudson (tjh@cryptsoft.com). 7195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 7295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Copyright remains Eric Young's, and as such any Copyright notices in 7395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the code are not to be removed. 7495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * If this package is used in a product, Eric Young should be given attribution 7595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * as the author of the parts of the library used. 7695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This can be in the form of a textual message at program startup or 7795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * in documentation (online or textual) provided with the package. 7895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 7995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Redistribution and use in source and binary forms, with or without 8095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * modification, are permitted provided that the following conditions 8195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * are met: 8295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1. Redistributions of source code must retain the copyright 8395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer. 8495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2. Redistributions in binary form must reproduce the above copyright 8595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer in the 8695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * documentation and/or other materials provided with the distribution. 8795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3. All advertising materials mentioning features or use of this software 8895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * must display the following acknowledgement: 8995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes cryptographic software written by 9095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Eric Young (eay@cryptsoft.com)" 9195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The word 'cryptographic' can be left out if the rouines from the library 9295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * being used are not cryptographic related :-). 9395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 4. If you include any Windows specific code (or a derivative thereof) from 9495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the apps directory (application code) you must include an acknowledgement: 9595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 9695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 9795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 9895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 9995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 10095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 10195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 10295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 10395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 10495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 10595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 10695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 10795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * SUCH DAMAGE. 10895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 10995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The licence and distribution terms for any publically available version or 11095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * derivative of this code cannot be changed. i.e. this code cannot simply be 11195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * copied and put under another distribution licence 11295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * [including the GNU Public Licence.] 11395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 11495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 11595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <stdio.h> 11695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 11795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/bn.h> 11895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/buf.h> 11995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/dh.h> 12095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/evp.h> 12195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/md5.h> 12295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/mem.h> 12395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/obj.h> 12495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/rand.h> 12595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 12695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include "ssl_locl.h" 12795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 12895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic const SSL_METHOD *dtls1_get_client_method(int ver); 12995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int dtls1_get_hello_verify(SSL *s); 13095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 13195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic const SSL_METHOD *dtls1_get_client_method(int ver) 13295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 133cc23df53da503b6095d4c8d0dd5207e90ebf4580David Benjamin if (ver == DTLS1_VERSION) 13495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(DTLSv1_client_method()); 13595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (ver == DTLS1_2_VERSION) 13695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(DTLSv1_2_client_method()); 13795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 13895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(NULL); 13995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 14095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 14195c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleyIMPLEMENT_dtls1_meth_func(DTLS1_VERSION, 14295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley DTLSv1_client_method, 14395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl_undefined_function, 14495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_connect, 14595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_get_client_method, 14695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley DTLSv1_enc_data) 14795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 14895c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleyIMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 14995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley DTLSv1_2_client_method, 15095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl_undefined_function, 15195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_connect, 15295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_get_client_method, 15395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley DTLSv1_2_enc_data) 15495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 15595c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleyIMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 15695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley DTLS_client_method, 15795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl_undefined_function, 15895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_connect, 15995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_get_client_method, 16095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley DTLSv1_2_enc_data) 16195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint dtls1_connect(SSL *s) 16395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 16495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BUF_MEM *buf=NULL; 16595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley void (*cb)(const SSL *ssl,int type,int val)=NULL; 16695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int ret= -1; 16795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int new_state,state,skip=0; 16895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ERR_clear_error(); 17095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ERR_clear_system_error(); 17195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 17295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->info_callback != NULL) 17395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb=s->info_callback; 17495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (s->ctx->info_callback != NULL) 17595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb=s->ctx->info_callback; 17695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 17795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->in_handshake++; 17895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 17995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 18095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley for (;;) 18195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 18295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley state=s->state; 18395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 18495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley switch(s->state) 18595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 18695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL_ST_RENEGOTIATE: 18795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->renegotiate=1; 18895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL_ST_CONNECT; 18995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->ctx->stats.sess_connect_renegotiate++; 19095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* break */ 19195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL_ST_BEFORE: 19295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL_ST_CONNECT: 19395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL_ST_BEFORE|SSL_ST_CONNECT: 19495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL_ST_OK|SSL_ST_CONNECT: 19595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->server=0; 19795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 19895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 199cc23df53da503b6095d4c8d0dd5207e90ebf4580David Benjamin if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) 20095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 20195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, dtls1_connect, ERR_R_INTERNAL_ERROR); 20295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret = -1; 20395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 20495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 20595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 20695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* s->version=SSL3_VERSION; */ 20795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->type=SSL_ST_CONNECT; 20895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 20995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->init_buf == NULL) 21095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 21195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((buf=BUF_MEM_new()) == NULL) 21295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 21395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret= -1; 21495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 21595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 21695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 21795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 21895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret= -1; 21995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 22095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 22195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_buf=buf; 22295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley buf=NULL; 22395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 22495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 22595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 22695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 22795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* setup buffing BIO */ 22895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } 22995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 23095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* don't push the buffering BIO quite yet */ 23195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 23295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CW_CLNT_HELLO_A; 23395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->ctx->stats.sess_connect++; 23495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 23595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->d1->send_cookie = 0; 23695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->hit = 0; 23795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 23895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 23995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_CLNT_HELLO_A: 24095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_CLNT_HELLO_B: 24195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 24295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->shutdown=0; 24395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 24495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* every DTLS ClientHello resets Finished MAC */ 24595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl3_init_finished_mac(s); 24695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 24795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_start_timer(s); 2488da990677b852daff3f6e4a10d9c80c7b4822a06David Benjamin ret=ssl3_send_client_hello(s); 24995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 25095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 25195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ( s->d1->send_cookie) 25295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 25395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CW_FLUSH; 25495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A; 25595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 25695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 257f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; 25895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 25995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 26095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* turn on buffering for the next lot of output */ 26195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->bbio != s->wbio) 26295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->wbio=BIO_push(s->bbio,s->wbio); 26395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 26495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 26595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 266f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: 267f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: 268f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin 269f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin ret = dtls1_get_hello_verify(s); 270f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin if ( ret <= 0) 271f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin goto end; 272f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin if ( s->d1->send_cookie) 273f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin { 274f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin /* start again, with a cookie */ 275f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin dtls1_stop_timer(s); 276f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin s->state = SSL3_ST_CW_CLNT_HELLO_A; 277f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin } 278f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin else 279f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin { 280f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin s->state = SSL3_ST_CR_SRVR_HELLO_A; 281f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin } 282f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin s->init_num = 0; 283f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin break; 284f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin 28595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_SRVR_HELLO_A: 28695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_SRVR_HELLO_B: 28795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl3_get_server_hello(s); 28895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 289f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin 290f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin if (s->hit) 29195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 292f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin s->state=SSL3_ST_CR_FINISHED_A; 293f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin if (s->tlsext_ticket_expected) 29495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 295f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin /* receive renewed session ticket */ 296f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin s->state=SSL3_ST_CR_SESSION_TICKET_A; 29795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 29895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 29995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 300f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin { 301f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin s->state=SSL3_ST_CR_CERT_A; 302f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin } 303f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin s->init_num=0; 30495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 30595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 30695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_CERT_A: 30795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_CERT_B: 3089174312be684ac8419ce243bf56dae74ded0aafbDavid Benjamin if (ssl_cipher_has_server_public_key(s->s3->tmp.new_cipher)) 30995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 31095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl3_get_server_certificate(s); 31195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 3126c7aed048ca0a335e02dfee10976c5dc8620783eDavid Benjamin if (s->s3->tmp.certificate_status_expected) 31395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CR_CERT_STATUS_A; 31495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 31595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CR_KEY_EXCH_A; 31695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 31795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 31895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 31995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley skip = 1; 32095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CR_KEY_EXCH_A; 32195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 32295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 32395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 32495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 32595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_KEY_EXCH_A: 32695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_KEY_EXCH_B: 3278f8040dd4fdf4531391c5653230a6fe3a24cf5bfDavid Benjamin ret=ssl3_get_server_key_exchange(s); 32895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 32995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CR_CERT_REQ_A; 33095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 33195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 33295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* at this point we check that we have the 33395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * required stuff from the server */ 33495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!ssl3_check_cert_and_algorithm(s)) 33595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 33695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret= -1; 33795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 33895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 33995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 34095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 34195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_CERT_REQ_A: 34295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_CERT_REQ_B: 34395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl3_get_certificate_request(s); 34495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 34595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CR_SRVR_DONE_A; 34695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 34795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 34895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 34995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_SRVR_DONE_A: 35095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_SRVR_DONE_B: 35195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl3_get_server_done(s); 35295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 35395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_stop_timer(s); 35495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->s3->tmp.cert_req) 35595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->tmp.next_state=SSL3_ST_CW_CERT_A; 35695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 35795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->tmp.next_state=SSL3_ST_CW_KEY_EXCH_A; 35895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 35995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=s->s3->tmp.next_state; 36095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 36195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 36295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_CERT_A: 36395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_CERT_B: 36495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_CERT_C: 36595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_CERT_D: 36695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_start_timer(s); 36795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl3_send_client_certificate(s); 36895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 36995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CW_KEY_EXCH_A; 37095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 37195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 37295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 37395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_KEY_EXCH_A: 37495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_KEY_EXCH_B: 37595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_start_timer(s); 37695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl3_send_client_key_exchange(s); 37795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 37895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* For TLS, cert_req is set to 2, so a cert chain 37995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * of nothing is sent, but no verify packet is sent */ 38095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->s3->tmp.cert_req == 1) 38195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 38295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CW_CERT_VRFY_A; 38395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 38495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 38595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 38695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CW_CHANGE_A; 38795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->change_cipher_spec=0; 38895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 38995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 39095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 39195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 39295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 39395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_CERT_VRFY_A: 39495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_CERT_VRFY_B: 39595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_start_timer(s); 3968da990677b852daff3f6e4a10d9c80c7b4822a06David Benjamin ret=ssl3_send_cert_verify(s); 39795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 39895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CW_CHANGE_A; 39995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 40095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->change_cipher_spec=0; 40195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 40295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 40395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_CHANGE_A: 40495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_CHANGE_B: 40595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!s->hit) 40695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_start_timer(s); 40795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=dtls1_send_change_cipher_spec(s, 40895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); 40995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 41095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 41195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CW_FINISHED_A; 41295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 41395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 41495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->session->cipher=s->s3->tmp.new_cipher; 41595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!s->method->ssl3_enc->setup_key_block(s)) 41695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 41795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret= -1; 41895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 41995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 42095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 42195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!s->method->ssl3_enc->change_cipher_state(s, 42295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL3_CHANGE_CIPHER_CLIENT_WRITE)) 42395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 42495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret= -1; 42595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 42695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 42795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 42895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); 42995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 43095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 43195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_FINISHED_A: 43295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_FINISHED_B: 43395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!s->hit) 43495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_start_timer(s); 43595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl3_send_finished(s, 43695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, 43795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->method->ssl3_enc->client_finished_label, 43895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->method->ssl3_enc->client_finished_label_len); 43995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 44095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CW_FLUSH; 44195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 44295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* clear flags */ 44395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 44495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->hit) 44595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 44695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->tmp.next_state=SSL_ST_OK; 44795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 44895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 44995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 45095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 45195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Allow NewSessionTicket if ticket expected */ 45295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->tlsext_ticket_expected) 45395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; 45495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 45595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 45695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; 45795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 45895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 45995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 46095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 46195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_SESSION_TICKET_A: 46295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_SESSION_TICKET_B: 46395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl3_get_new_session_ticket(s); 46495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 46595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CR_FINISHED_A; 46695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 46795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 46895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 46995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_CERT_STATUS_A: 47095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_CERT_STATUS_B: 47195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl3_get_cert_status(s); 47295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 47395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CR_KEY_EXCH_A; 47495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 47595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 47695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 47795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_FINISHED_A: 47895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CR_FINISHED_B: 47995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->d1->change_cipher_spec_ok = 1; 48095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, 48195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL3_ST_CR_FINISHED_B); 48295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 48395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dtls1_stop_timer(s); 48495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 48595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->hit) 48695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CW_CHANGE_A; 48795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 48895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL_ST_OK; 48995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 49095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 49195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 49295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 49395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL3_ST_CW_FLUSH: 49495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->rwstate=SSL_WRITING; 49595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (BIO_flush(s->wbio) <= 0) 49695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 49795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* If the write error was fatal, stop trying */ 49895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!BIO_should_retry(s->wbio)) 49995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 50095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->rwstate=SSL_NOTHING; 50195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=s->s3->tmp.next_state; 50295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 50395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 50495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret= -1; 50595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 50695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 50795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->rwstate=SSL_NOTHING; 50895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=s->s3->tmp.next_state; 50995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 51095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 51195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL_ST_OK: 51295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* clean a few things up */ 51395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl3_cleanup_key_block(s); 51495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 51595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#if 0 51695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->init_buf != NULL) 51795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 51895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BUF_MEM_free(s->init_buf); 51995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_buf=NULL; 52095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 52195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#endif 52295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 52395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* If we are not 'joining' the last two packets, 52495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * remove the buffering now */ 52595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) 52695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl_free_wbio_buffer(s); 52795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* else do it later in ssl3_write */ 52895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 52995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 53095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->renegotiate=0; 53195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->new_session=0; 53295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 53395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); 53495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->hit) s->ctx->stats.sess_hit++; 53595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 53695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=1; 53795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* s->server=0; */ 53895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->handshake_func=dtls1_connect; 53995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->ctx->stats.sess_connect_good++; 54095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); 54295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* done with handshaking */ 54495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->d1->handshake_read_seq = 0; 54595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->d1->next_handshake_write_seq = 0; 54695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 54795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* break; */ 54895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley default: 55095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, dtls1_connect, SSL_R_UNKNOWN_STATE); 55195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret= -1; 55295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 55395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* break; */ 55495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 55595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 55695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* did we do anything */ 55795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!s->s3->tmp.reuse_message && !skip) 55895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 55995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->debug) 56095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 56195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((ret=BIO_flush(s->wbio)) <= 0) 56295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 56395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 56495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 56595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((cb != NULL) && (s->state != state)) 56695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 56795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley new_state=s->state; 56895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=state; 56995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb(s,SSL_CB_CONNECT_LOOP,1); 57095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=new_state; 57195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 57295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 57395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley skip=0; 57495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 57595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyend: 57695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->in_handshake--; 57795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 57895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (buf != NULL) 57995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BUF_MEM_free(buf); 58095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (cb != NULL) 58195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb(s,SSL_CB_CONNECT_EXIT,ret); 58295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(ret); 58395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 58495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 58595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int dtls1_get_hello_verify(SSL *s) 58695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 58751e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin long n; 58851e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin int al, ok = 0; 58951e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin CBS hello_verify_request, cookie; 59051e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin uint16_t server_version; 59195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 59295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->first_packet = 1; 59395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley n=s->method->ssl_get_message(s, 59495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, 59595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, 59695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley -1, 597f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin /* Use the same maximum size as ssl3_get_server_hello. */ 598f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin 20000, 599590cbe970c75973f38aeba4b7146dc0b84b66348David Benjamin SSL_GET_MESSAGE_HASH_MESSAGE, 60095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley &ok); 60195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->first_packet = 0; 60295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 60395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!ok) return((int)n); 60495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 60595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) 60695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 60795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->d1->send_cookie = 0; 608f2fedefdcaf62f10b566f55858c25f35112072eaDavid Benjamin s->s3->tmp.reuse_message = 1; 60995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(1); 61095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 61195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 61251e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin CBS_init(&hello_verify_request, s->init_msg, n); 61351e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin 61451e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin if (!CBS_get_u16(&hello_verify_request, &server_version) || 61551e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin !CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) || 61651e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin CBS_len(&hello_verify_request) != 0) 61751e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin { 61851e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin al = SSL_AD_DECODE_ERROR; 61951e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_status, SSL_R_DECODE_ERROR); 62051e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin goto f_err; 62151e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin } 62251e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin 62351e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin if (CBS_len(&cookie) > sizeof(s->d1->cookie)) 62495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 62595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley al=SSL_AD_ILLEGAL_PARAMETER; 62695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto f_err; 62795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 62895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 62951e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin memcpy(s->d1->cookie, CBS_data(&cookie), CBS_len(&cookie)); 63051e3283d62eab1f2aab69f02b26f6b03896b5ccdDavid Benjamin s->d1->cookie_len = CBS_len(&cookie); 63195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 63295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->d1->send_cookie = 1; 63395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 63495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 63595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyf_err: 63695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl3_send_alert(s, SSL3_AL_FATAL, al); 63795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return -1; 63895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 63995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 640