Update from 1.0.0-stable.

[openssl.git] / ssl / d1_clnt.c
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c

index bcf5ebbd3ed737dbfac91f52bd63970e64414787..0425af5a587d1cf054b3e1034b2a481bbd8de011 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -4,7 +4,7 @@
   * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
   */
  /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
@@ -115,50 +115,39 @@
  
  #include <stdio.h>
  #include "ssl_locl.h"
+#ifndef OPENSSL_NO_KRB5
+#include "kssl_lcl.h"
+#endif
  #include <openssl/buffer.h>
  #include <openssl/rand.h>
  #include <openssl/objects.h>
  #include <openssl/evp.h>
  #include <openssl/md5.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
  
-static SSL_METHOD *dtls1_get_client_method(int ver);
+static const SSL_METHOD *dtls1_get_client_method(int ver);
  static int dtls1_get_hello_verify(SSL *s);
  
-static SSL_METHOD *dtls1_get_client_method(int ver)
+static const SSL_METHOD *dtls1_get_client_method(int ver)
         {
-       if (ver == DTLS1_VERSION)
+       if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
                 return(DTLSv1_client_method());
         else
                 return(NULL);
         }
  
-SSL_METHOD *DTLSv1_client_method(void)
-       {
-       static int init=1;
-       static SSL_METHOD DTLSv1_client_data;
-
-       if (init)
-               {
-               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-               if (init)
-                       {
-                       memcpy((char *)&DTLSv1_client_data,(char *)dtlsv1_base_method(),
-                               sizeof(SSL_METHOD));
-                       DTLSv1_client_data.ssl_connect=dtls1_connect;
-                       DTLSv1_client_data.get_ssl_method=dtls1_get_client_method;
-                       init=0;
-                       }
-               
-               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-               }
-       return(&DTLSv1_client_data);
-       }
+IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
+                       ssl_undefined_function,
+                       dtls1_connect,
+                       dtls1_get_client_method)
  
  int dtls1_connect(SSL *s)
         {
         BUF_MEM *buf=NULL;
-       unsigned long Time=time(NULL),l;
+       unsigned long Time=(unsigned long)time(NULL);
         long num1;
         void (*cb)(const SSL *ssl,int type,int val)=NULL;
         int ret= -1;
@@ -195,7 +184,8 @@ int dtls1_connect(SSL *s)
                         s->server=0;
                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
  
-                       if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+                       if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
+                           (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
                                 {
                                 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
                                 ret = -1;
@@ -228,17 +218,22 @@ int dtls1_connect(SSL *s)
  
                         /* don't push the buffering BIO quite yet */
  
-                       ssl3_init_finished_mac(s);
-
                         s->state=SSL3_ST_CW_CLNT_HELLO_A;
                         s->ctx->stats.sess_connect++;
                         s->init_num=0;
+                       /* mark client_random uninitialized */
+                       memset(s->s3->client_random,0,sizeof(s->s3->client_random));
                         break;
  
                 case SSL3_ST_CW_CLNT_HELLO_A:
                 case SSL3_ST_CW_CLNT_HELLO_B:
  
                         s->shutdown=0;
+
+                       /* every DTLS ClientHello resets Finished MAC */
+                       ssl3_init_finished_mac(s);
+
+                       dtls1_start_timer(s);
                         ret=dtls1_client_hello(s);
                         if (ret <= 0) goto end;
  
@@ -264,6 +259,7 @@ int dtls1_connect(SSL *s)
                         if (ret <= 0) goto end;
                         else
                                 {
+                               dtls1_stop_timer(s);
                                 if (s->hit)
                                         s->state=SSL3_ST_CR_FINISHED_A;
                                 else
@@ -278,6 +274,7 @@ int dtls1_connect(SSL *s)
                         ret = dtls1_get_hello_verify(s);
                         if ( ret <= 0)
                                 goto end;
+                       dtls1_stop_timer(s);
                         if ( s->d1->send_cookie) /* start again, with a cookie */
                                 s->state=SSL3_ST_CW_CLNT_HELLO_A;
                         else
@@ -288,7 +285,7 @@ int dtls1_connect(SSL *s)
                 case SSL3_ST_CR_CERT_A:
                 case SSL3_ST_CR_CERT_B:
                         /* Check if it is anon DH */
-                       if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                       if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
                                 {
                                 ret=ssl3_get_server_certificate(s);
                                 if (ret <= 0) goto end;
@@ -339,6 +336,7 @@ int dtls1_connect(SSL *s)
                 case SSL3_ST_CW_CERT_B:
                 case SSL3_ST_CW_CERT_C:
                 case SSL3_ST_CW_CERT_D:
+                       dtls1_start_timer(s);
                         ret=dtls1_send_client_certificate(s);
                         if (ret <= 0) goto end;
                         s->state=SSL3_ST_CW_KEY_EXCH_A;
@@ -347,9 +345,9 @@ int dtls1_connect(SSL *s)
  
                 case SSL3_ST_CW_KEY_EXCH_A:
                 case SSL3_ST_CW_KEY_EXCH_B:
+                       dtls1_start_timer(s);
                         ret=dtls1_send_client_key_exchange(s);
                         if (ret <= 0) goto end;
-                       l=s->s3->tmp.new_cipher->algorithms;
                         /* EAY EAY EAY need to check for DH fix cert
                          * sent back */
                         /* For TLS, cert_req is set to 2, so a cert chain
@@ -369,6 +367,7 @@ int dtls1_connect(SSL *s)
  
                 case SSL3_ST_CW_CERT_VRFY_A:
                 case SSL3_ST_CW_CERT_VRFY_B:
+                       dtls1_start_timer(s);
                         ret=dtls1_send_client_verify(s);
                         if (ret <= 0) goto end;
                         s->state=SSL3_ST_CW_CHANGE_A;
@@ -378,6 +377,7 @@ int dtls1_connect(SSL *s)
  
                 case SSL3_ST_CW_CHANGE_A:
                 case SSL3_ST_CW_CHANGE_B:
+                       dtls1_start_timer(s);
                         ret=dtls1_send_change_cipher_spec(s,
                                 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                         if (ret <= 0) goto end;
@@ -385,11 +385,15 @@ int dtls1_connect(SSL *s)
                         s->init_num=0;
  
                         s->session->cipher=s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+                       s->session->compress_meth=0;
+#else
                         if (s->s3->tmp.new_compression == NULL)
                                 s->session->compress_meth=0;
                         else
                                 s->session->compress_meth=
                                         s->s3->tmp.new_compression->id;
+#endif
                         if (!s->method->ssl3_enc->setup_key_block(s))
                                 {
                                 ret= -1;
@@ -408,6 +412,7 @@ int dtls1_connect(SSL *s)
  
                 case SSL3_ST_CW_FINISHED_A:
                 case SSL3_ST_CW_FINISHED_B:
+                       dtls1_start_timer(s);
                         ret=dtls1_send_finished(s,
                                 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
                                 s->method->ssl3_enc->client_finished_label,
@@ -440,6 +445,7 @@ int dtls1_connect(SSL *s)
                         ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
                                 SSL3_ST_CR_FINISHED_B);
                         if (ret <= 0) goto end;
+                       dtls1_stop_timer(s);
  
                         if (s->hit)
                                 s->state=SSL3_ST_CW_CHANGE_A;
@@ -495,6 +501,7 @@ int dtls1_connect(SSL *s)
  
                         /* done with handshaking */
                         s->d1->handshake_read_seq  = 0;
+                       s->d1->next_handshake_write_seq = 0;
                         goto end;
                         /* break; */
                         
@@ -537,7 +544,7 @@ int dtls1_client_hello(SSL *s)
         {
         unsigned char *buf;
         unsigned char *p,*d;
-       int i,j;
+       unsigned int i,j;
         unsigned long Time,l;
         SSL_COMP *comp;
  
@@ -554,9 +561,16 @@ int dtls1_client_hello(SSL *s)
                 /* else use the pre-loaded session */
  
                 p=s->s3->client_random;
-               Time=time(NULL);                        /* Time */
-               l2n(Time,p);
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+
+               /* if client_random is initialized, reuse it, we are
+                * required to use same upon reply to HelloVerify */
+               for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
+               if (i==sizeof(s->s3->client_random))
+                       {
+                       Time=(unsigned long)time(NULL); /* Time */
+                       l2n(Time,p);
+                       RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
+                       }
  
                 /* Do the message type and length last */
                 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
@@ -694,7 +708,7 @@ int dtls1_send_client_key_exchange(SSL *s)
         {
         unsigned char *p,*d;
         int n;
-       unsigned long l;
+       unsigned long alg_k;
  #ifndef OPENSSL_NO_RSA
         unsigned char *q;
         EVP_PKEY *pkey=NULL;
@@ -707,13 +721,13 @@ int dtls1_send_client_key_exchange(SSL *s)
                 {
                 d=(unsigned char *)s->init_buf->data;
                 p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
-               l=s->s3->tmp.new_cipher->algorithms;
+               
+               alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
  
                  /* Fool emacs indentation */
                  if (0) {}
  #ifndef OPENSSL_NO_RSA
-               else if (l & SSL_kRSA)
+               else if (alg_k & SSL_kRSA)
                         {
                         RSA *rsa;
                         unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -742,7 +756,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                         s->session->master_key_length=sizeof tmp_buf;
  
                         q=p;
-                       /* Fix buf for TLS and beyond */
+                       /* Fix buf for TLS and [incidentally] DTLS */
                         if (s->version > SSL3_VERSION)
                                 p+=2;
                         n=RSA_public_encrypt(sizeof tmp_buf,
@@ -757,7 +771,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                                 goto err;
                                 }
  
-                       /* Fix buf for TLS and beyond */
+                       /* Fix buf for TLS and [incidentally] DTLS */
                         if (s->version > SSL3_VERSION)
                                 {
                                 s2n(n,q);
@@ -772,7 +786,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                         }
  #endif
  #ifndef OPENSSL_NO_KRB5
-               else if (l & SSL_kKRB5)
+               else if (alg_k & SSL_kKRB5)
                          {
                          krb5_error_code        krb5rc;
                          KSSL_CTX       *kssl_ctx = s->kssl_ctx;
@@ -780,7 +794,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                          krb5_data      *enc_ticket;
                          krb5_data      authenticator, *authp = NULL;
                         EVP_CIPHER_CTX  ciph_ctx;
-                       EVP_CIPHER      *enc = NULL;
+                       const EVP_CIPHER *enc = NULL;
                         unsigned char   iv[EVP_MAX_IV_LENGTH];
                         unsigned char   tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
                         unsigned char   epms[SSL_MAX_MASTER_KEY_LENGTH 
@@ -791,7 +805,7 @@ int dtls1_send_client_key_exchange(SSL *s)
  
  #ifdef KSSL_DEBUG
                          printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
-                                l, SSL_kKRB5);
+                                alg_k, SSL_kKRB5);
  #endif /* KSSL_DEBUG */
  
                         authp = NULL;
@@ -881,7 +895,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                                 sizeof tmp_buf);
                         EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                         outl += padl;
-                       if (outl > sizeof epms)
+                       if (outl > (int)sizeof epms)
                                 {
                                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                 goto err;
@@ -904,7 +918,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                          }
  #endif
  #ifndef OPENSSL_NO_DH
-               else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+               else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
                         {
                         DH *dh_srvr,*dh_clnt;
  
@@ -1009,14 +1023,16 @@ int dtls1_send_client_verify(SSL *s)
                 p= &(d[DTLS1_HM_HEADER_LENGTH]);
                 pkey=s->cert->key->privatekey;
  
-               s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
+               s->method->ssl3_enc->cert_verify_mac(s,
+               NID_sha1,
                         &(data[MD5_DIGEST_LENGTH]));
  
  #ifndef OPENSSL_NO_RSA
                 if (pkey->type == EVP_PKEY_RSA)
                         {
                         s->method->ssl3_enc->cert_verify_mac(s,
-                               &(s->s3->finish_dgst1),&(data[0]));
+                               NID_md5,
+                               &(data[0]));
                         if (RSA_sign(NID_md5_sha1, data,
                                          MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
                                         &(p[2]), &u, pkey->pkey.rsa) <= 0 )
@@ -1092,8 +1108,7 @@ int dtls1_send_client_certificate(SSL *s)
                  * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
                  * We then get retied later */
                 i=0;
-               if (s->ctx->client_cert_cb != NULL)
-                       i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+               i = ssl_do_client_cert_cb(s, &x509, &pkey);
                 if (i < 0)
                         {
                         s->rwstate=SSL_X509_LOOKUP;