projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
PR: 1829
[oweals/openssl.git]
/
ssl
/
d1_srvr.c
diff --git
a/ssl/d1_srvr.c
b/ssl/d1_srvr.c
index 76c51691c39c3672baccc431660c5fd5e38a178c..bb290b88e34dd6ac817d33e2406f5a0358d7890b 100644
(file)
--- a/
ssl/d1_srvr.c
+++ b/
ssl/d1_srvr.c
@@
-144,7
+144,7
@@
IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
int dtls1_accept(SSL *s)
{
BUF_MEM *buf;
int dtls1_accept(SSL *s)
{
BUF_MEM *buf;
- unsigned long l,Time=time(NULL);
+ unsigned long l,Time=
(unsigned long)
time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
long num1;
int ret= -1;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
long num1;
int ret= -1;
@@
-247,6
+247,7
@@
int dtls1_accept(SSL *s)
case SSL3_ST_SW_HELLO_REQ_B:
s->shutdown=0;
case SSL3_ST_SW_HELLO_REQ_B:
s->shutdown=0;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
ret=dtls1_send_hello_request(s);
if (ret <= 0) goto end;
s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
ret=dtls1_send_hello_request(s);
if (ret <= 0) goto end;
s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
@@
-267,6
+268,7
@@
int dtls1_accept(SSL *s)
s->shutdown=0;
ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end;
s->shutdown=0;
ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
s->new_session = 2;
if ( s->d1->send_cookie)
s->new_session = 2;
if ( s->d1->send_cookie)
@@
-280,15
+282,21
@@
int dtls1_accept(SSL *s)
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
ret = dtls1_send_hello_verify_request(s);
if ( ret <= 0) goto end;
s->d1->send_cookie = 0;
s->state=SSL3_ST_SW_FLUSH;
s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
ret = dtls1_send_hello_verify_request(s);
if ( ret <= 0) goto end;
s->d1->send_cookie = 0;
s->state=SSL3_ST_SW_FLUSH;
s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+ /* HelloVerifyRequests resets Finished MAC */
+ if (s->client_version != DTLS1_BAD_VER)
+ ssl3_init_finished_mac(s);
break;
case SSL3_ST_SW_SRVR_HELLO_A:
case SSL3_ST_SW_SRVR_HELLO_B:
break;
case SSL3_ST_SW_SRVR_HELLO_A:
case SSL3_ST_SW_SRVR_HELLO_B:
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
ret=dtls1_send_server_hello(s);
if (ret <= 0) goto end;
ret=dtls1_send_server_hello(s);
if (ret <= 0) goto end;
@@
-304,6
+312,7
@@
int dtls1_accept(SSL *s)
/* Check if it is anon DH */
if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
{
/* Check if it is anon DH */
if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
{
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
ret=dtls1_send_server_certificate(s);
if (ret <= 0) goto end;
}
ret=dtls1_send_server_certificate(s);
if (ret <= 0) goto end;
}
@@
-345,6
+354,7
@@
int dtls1_accept(SSL *s)
)
)
{
)
)
{
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
ret=dtls1_send_server_key_exchange(s);
if (ret <= 0) goto end;
}
ret=dtls1_send_server_key_exchange(s);
if (ret <= 0) goto end;
}
@@
-381,6
+391,7
@@
int dtls1_accept(SSL *s)
else
{
s->s3->tmp.cert_request=1;
else
{
s->s3->tmp.cert_request=1;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
ret=dtls1_send_certificate_request(s);
if (ret <= 0) goto end;
#ifndef NETSCAPE_HANG_BUG
ret=dtls1_send_certificate_request(s);
if (ret <= 0) goto end;
#ifndef NETSCAPE_HANG_BUG
@@
-395,6
+406,7
@@
int dtls1_accept(SSL *s)
case SSL3_ST_SW_SRVR_DONE_A:
case SSL3_ST_SW_SRVR_DONE_B:
case SSL3_ST_SW_SRVR_DONE_A:
case SSL3_ST_SW_SRVR_DONE_B:
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL);
ret=dtls1_send_server_done(s);
if (ret <= 0) goto end;
s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
ret=dtls1_send_server_done(s);
if (ret <= 0) goto end;
s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
@@
-422,6
+434,7
@@
int dtls1_accept(SSL *s)
ret = ssl3_check_client_hello(s);
if (ret <= 0)
goto end;
ret = ssl3_check_client_hello(s);
if (ret <= 0)
goto end;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
if (ret == 2)
s->state = SSL3_ST_SR_CLNT_HELLO_C;
else {
if (ret == 2)
s->state = SSL3_ST_SR_CLNT_HELLO_C;
else {
@@
-429,6
+442,7
@@
int dtls1_accept(SSL *s)
* have not asked for it :-) */
ret=ssl3_get_client_certificate(s);
if (ret <= 0) goto end;
* have not asked for it :-) */
ret=ssl3_get_client_certificate(s);
if (ret <= 0) goto end;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
s->init_num=0;
s->state=SSL3_ST_SR_KEY_EXCH_A;
}
s->init_num=0;
s->state=SSL3_ST_SR_KEY_EXCH_A;
}
@@
-438,6
+452,7
@@
int dtls1_accept(SSL *s)
case SSL3_ST_SR_KEY_EXCH_B:
ret=ssl3_get_client_key_exchange(s);
if (ret <= 0) goto end;
case SSL3_ST_SR_KEY_EXCH_B:
ret=ssl3_get_client_key_exchange(s);
if (ret <= 0) goto end;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
s->state=SSL3_ST_SR_CERT_VRFY_A;
s->init_num=0;
s->state=SSL3_ST_SR_CERT_VRFY_A;
s->init_num=0;
@@
-458,6
+473,7
@@
int dtls1_accept(SSL *s)
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
s->state=SSL3_ST_SR_FINISHED_A;
s->init_num=0;
s->state=SSL3_ST_SR_FINISHED_A;
s->init_num=0;
@@
-468,6
+484,7
@@
int dtls1_accept(SSL *s)
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
if (s->hit)
s->state=SSL_ST_OK;
else
if (s->hit)
s->state=SSL_ST_OK;
else
@@
-620,20
+637,24
@@
int dtls1_send_hello_verify_request(SSL *s)
buf = (unsigned char *)s->init_buf->data;
msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
buf = (unsigned char *)s->init_buf->data;
msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
- *(p++) = s->version >> 8;
- *(p++) = s->version & 0xFF;
+ if (s->client_version == DTLS1_BAD_VER)
+ *(p++) = DTLS1_BAD_VER>>8,
+ *(p++) = DTLS1_BAD_VER&0xff;
+ else
+ *(p++) = s->version >> 8,
+ *(p++) = s->version & 0xFF;
- *(p++) = (unsigned char) s->d1->cookie_len;
- if ( s->ctx->app_gen_cookie_cb != NULL &&
- s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
- &(s->d1->cookie_len)) == 0)
- {
+ if (s->ctx->app_gen_cookie_cb != NULL &&
+ s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+ &(s->d1->cookie_len)) == 0)
+ {
SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
- return 0;
- }
- /* else the cookie is assumed to have
- * been initialized by the application */
+
return 0;
+
}
+
/* else the cookie is assumed to have
+
* been initialized by the application */
+ *(p++) = (unsigned char) s->d1->cookie_len;
memcpy(p, s->d1->cookie, s->d1->cookie_len);
p += s->d1->cookie_len;
msg_len = p - msg;
memcpy(p, s->d1->cookie, s->d1->cookie_len);
p += s->d1->cookie_len;
msg_len = p - msg;
@@
-666,14
+687,18
@@
int dtls1_send_server_hello(SSL *s)
{
buf=(unsigned char *)s->init_buf->data;
p=s->s3->server_random;
{
buf=(unsigned char *)s->init_buf->data;
p=s->s3->server_random;
- Time=
time(NULL);
/* Time */
+ Time=
(unsigned long)time(NULL);
/* Time */
l2n(Time,p);
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
/* Do the message type and length last */
d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
l2n(Time,p);
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
/* Do the message type and length last */
d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
+ if (s->client_version == DTLS1_BAD_VER)
+ *(p++)=DTLS1_BAD_VER>>8,
+ *(p++)=DTLS1_BAD_VER&0xff;
+ else
+ *(p++)=s->version>>8,
+ *(p++)=s->version&0xff;
/* Random stuff */
memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
/* Random stuff */
memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
@@
-705,10
+730,14
@@
int dtls1_send_server_hello(SSL *s)
p+=i;
/* put the compression method */
p+=i;
/* put the compression method */
+#ifdef OPENSSL_NO_COMP
+ *(p++)=0;
+#else
if (s->s3->tmp.new_compression == NULL)
*(p++)=0;
else
*(p++)=s->s3->tmp.new_compression->id;
if (s->s3->tmp.new_compression == NULL)
*(p++)=0;
else
*(p++)=s->s3->tmp.new_compression->id;
+#endif
/* do the header */
l=(p-d);
/* do the header */
l=(p-d);
@@
-716,7
+745,7
@@
int dtls1_send_server_hello(SSL *s)
d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
- s->state=SSL3_ST_
CW_CLNT
_HELLO_B;
+ s->state=SSL3_ST_
SW_SRVR
_HELLO_B;
/* number of bytes to write */
s->init_num=p-buf;
s->init_off=0;
/* number of bytes to write */
s->init_num=p-buf;
s->init_off=0;
@@
-725,7
+754,7
@@
int dtls1_send_server_hello(SSL *s)
dtls1_buffer_message(s, 0);
}
dtls1_buffer_message(s, 0);
}
- /* SSL3_ST_
CW_CLNT
_HELLO_B */
+ /* SSL3_ST_
SW_SRVR
_HELLO_B */
return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
}
return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
}
@@
-749,7
+778,7
@@
int dtls1_send_server_done(SSL *s)
dtls1_buffer_message(s, 0);
}
dtls1_buffer_message(s, 0);
}
- /* SSL3_ST_
CW_CLNT_HELLO
_B */
+ /* SSL3_ST_
SW_SRVR_DONE
_B */
return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
}
return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
}
@@
-1005,6
+1034,7
@@
int dtls1_send_certificate_request(SSL *s)
STACK_OF(X509_NAME) *sk=NULL;
X509_NAME *name;
BUF_MEM *buf;
STACK_OF(X509_NAME) *sk=NULL;
X509_NAME *name;
BUF_MEM *buf;
+ unsigned int msg_len;
if (s->state == SSL3_ST_SW_CERT_REQ_A)
{
if (s->state == SSL3_ST_SW_CERT_REQ_A)
{
@@
-1082,6
+1112,10
@@
int dtls1_send_certificate_request(SSL *s)
#endif
/* XDTLS: set message header ? */
#endif
/* XDTLS: set message header ? */
+ msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+ dtls1_set_message_header(s, (void *)s->init_buf->data,
+ SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
+
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);