projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix compilation error
[openssl.git] / ssl / d1_srvr.c
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 6967d8eabf14dd8ed3ef4c40a1e84ea0a60ea9a5..059385c310920e8566dce3245788a239837f719a 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -133,6 +133,8 @@ static const SSL_METHOD *dtls1_get_server_method(int ver)
        {
        if (ver == DTLS1_VERSION)
                return(DTLSv1_server_method());
+       else if (ver == DTLS1_2_VERSION)
+               return(DTLSv1_2_server_method());
        else
                return(NULL);
        }
@@ -144,6 +146,20 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
                        dtls1_get_server_method,
                        DTLSv1_enc_data)
 
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
+                       DTLSv1_2_server_method,
+                       dtls1_accept,
+                       ssl_undefined_function,
+                       dtls1_get_server_method,
+                       DTLSv1_2_enc_data)
+
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
+                       DTLS_server_method,
+                       dtls1_accept,
+                       ssl_undefined_function,
+                       dtls1_get_server_method,
+                       DTLSv1_2_enc_data)
+
 int dtls1_accept(SSL *s)
        {
        BUF_MEM *buf;
@@ -235,6 +251,7 @@ int dtls1_accept(SSL *s)
                                        }
                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
                                        {
+                                       BUF_MEM_free(buf);
                                        ret= -1;
                                        goto end;
                                        }
@@ -248,6 +265,9 @@ int dtls1_accept(SSL *s)
                                }
 
                        s->init_num=0;
+                       s->d1->change_cipher_spec_ok = 0;
+                       /* Should have been reset by ssl3_get_finished, too. */
+                       s->s3->change_cipher_spec = 0;
 
                        if (s->state != SSL_ST_RENEGOTIATE)
                                {
@@ -278,10 +298,11 @@ int dtls1_accept(SSL *s)
                case SSL3_ST_SW_HELLO_REQ_B:
 
                        s->shutdown=0;
+                       dtls1_clear_record_buffer(s);
                        dtls1_start_timer(s);
                        ret=ssl3_send_hello_request(s);
                        if (ret <= 0) goto end;
-                       s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+                       s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
                        s->state=SSL3_ST_SW_FLUSH;
                        s->init_num=0;
 
@@ -451,31 +472,22 @@ int dtls1_accept(SSL *s)
                case SSL3_ST_SW_KEY_EXCH_B:
                        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
-                       /* clear this, it may get reset by
-                        * send_server_key_exchange */
-                       if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
-                               && !(alg_k & SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
-                               )
-                               /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
-                                * even when forbidden by protocol specs
-                                * (handshake may fail as clients are not required to
-                                * be able to handle this) */
-                               s->s3->tmp.use_rsa_tmp=1;
-                       else
-                               s->s3->tmp.use_rsa_tmp=0;
+                       /*
+                        * clear this, it may get reset by
+                        * send_server_key_exchange
+                        */
+                       s->s3->tmp.use_rsa_tmp=0;
 
                        /* only send if a DH key exchange or
                         * RSA but we have a sign only certificate */
-                       if (s->s3->tmp.use_rsa_tmp
+                       if (0
                        /* PSK: send ServerKeyExchange if PSK identity
                         * hint if provided */
 #ifndef OPENSSL_NO_PSK
                            || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-                           || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-                           || (alg_k & SSL_kEECDH)
+                           || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
+                           || (alg_k & SSL_kECDHE)
                            || ((alg_k & SSL_kRSA)
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
@@ -589,23 +601,13 @@ int dtls1_accept(SSL *s)
 
                case SSL3_ST_SR_CERT_A:
                case SSL3_ST_SR_CERT_B:
-                       /* Check for second client hello (MS SGC) */
-                       ret = ssl3_check_client_hello(s);
-                       if (ret <= 0)
-                               goto end;
-                       if (ret == 2)
+                       if (s->s3->tmp.cert_request)
                                {
-                               dtls1_stop_timer(s);
-                               s->state = SSL3_ST_SR_CLNT_HELLO_C;
-                               }
-                       else {
-                               /* could be sent for a DH cert, even if we
-                                * have not asked for it :-) */
                                ret=ssl3_get_client_certificate(s);
                                if (ret <= 0) goto end;
-                               s->init_num=0;
-                               s->state=SSL3_ST_SR_KEY_EXCH_A;
-                       }
+                               }
+                       s->init_num=0;
+                       s->state=SSL3_ST_SR_KEY_EXCH_A;
                        break;
 
                case SSL3_ST_SR_KEY_EXCH_A:
@@ -640,6 +642,24 @@ int dtls1_accept(SSL *s)
                                s->state=SSL3_ST_SR_FINISHED_A;
                                s->init_num = 0;
                                }
+                       else if (SSL_USE_SIGALGS(s))
+                               {
+                               s->state=SSL3_ST_SR_CERT_VRFY_A;
+                               s->init_num=0;
+                               if (!s->session->peer)
+                                       break;
+                               /* For sigalgs freeze the handshake buffer
+                                * at this point and digest cached records.
+                                */
+                               if (!s->s3->handshake_buffer)
+                                       {
+                                       SSLerr(SSL_F_DTLS1_ACCEPT,ERR_R_INTERNAL_ERROR);
+                                       return -1;
+                                       }
+                               s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+                               if (!ssl3_digest_cached_records(s))
+                                       return -1;
+                               }
                        else
                                {
                                s->state=SSL3_ST_SR_CERT_VRFY_A;
@@ -658,8 +678,14 @@ int dtls1_accept(SSL *s)
 
                case SSL3_ST_SR_CERT_VRFY_A:
                case SSL3_ST_SR_CERT_VRFY_B:
-
-                       s->d1->change_cipher_spec_ok = 1;
+                       /*
+                        * This *should* be the first time we enable CCS, but be
+                        * extra careful about surrounding code changes. We need
+                        * to set this here because we don't know if we're
+                        * expecting a CertificateVerify or not.
+                        */
+                       if (!s->s3->change_cipher_spec)
+                               s->d1->change_cipher_spec_ok = 1;
                        /* we should decide if we expected this one */
                        ret=ssl3_get_cert_verify(s);
                        if (ret <= 0) goto end;
@@ -675,7 +701,18 @@ int dtls1_accept(SSL *s)
 
                case SSL3_ST_SR_FINISHED_A:
                case SSL3_ST_SR_FINISHED_B:
-                       s->d1->change_cipher_spec_ok = 1;
+                       /*
+                        * Enable CCS for resumed handshakes.
+                        * In a full handshake, we end up here through
+                        * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was
+                        * already set. Receiving a CCS clears the flag, so make
+                        * sure not to re-enable it to ban duplicates.
+                        * s->s3->change_cipher_spec is set when a CCS is
+                        * processed in d1_pkt.c, and remains set until
+                        * the client's Finished message is read.
+                        */
+                       if (!s->s3->change_cipher_spec)
+                               s->d1->change_cipher_spec_ok = 1;
                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
                                SSL3_ST_SR_FINISHED_B);
                        if (ret <= 0) goto end;
@@ -723,10 +760,13 @@ int dtls1_accept(SSL *s)
                        if (ret <= 0) goto end;
 
 #ifndef OPENSSL_NO_SCTP
-                       /* Change to new shared key of SCTP-Auth,
-                        * will be ignored if no SCTP used.
-                        */
-                       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                       if (!s->hit)
+                               {
+                               /* Change to new shared key of SCTP-Auth,
+                                * will be ignored if no SCTP used.
+                                */
+                               BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                               }
 #endif
 
                        s->state=SSL3_ST_SW_FINISHED_A;
@@ -751,7 +791,16 @@ int dtls1_accept(SSL *s)
                        if (ret <= 0) goto end;
                        s->state=SSL3_ST_SW_FLUSH;
                        if (s->hit)
+                               {
                                s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+
+#ifndef OPENSSL_NO_SCTP
+                               /* Change to new shared key of SCTP-Auth,
+                                * will be ignored if no SCTP used.
+                                */
+                               BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+                               }
                        else
                                {
                                s->s3->tmp.next_state=SSL_ST_OK;
@@ -857,8 +906,9 @@ int dtls1_send_hello_verify_request(SSL *s)
                buf = (unsigned char *)s->init_buf->data;
 
                msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
-               *(p++) = s->version >> 8;
-               *(p++) = s->version & 0xFF;
+               /* Always use DTLS 1.0 version: see RFC 6347 */
+               *(p++) = DTLS1_VERSION >> 8;
+               *(p++) = DTLS1_VERSION & 0xFF;
 
                if (s->ctx->app_gen_cookie_cb == NULL ||
                     s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
Unnamed repository; edit this file 'description' to name the repository.