projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
eng_rsax.c: improve portability.
[openssl.git]
/
ssl
/
d1_srvr.c
diff --git
a/ssl/d1_srvr.c
b/ssl/d1_srvr.c
index fb64d49166c0b68c3010a3f2a9463a6ae3299c99..1d3805a1b438e18403d92880be96a43dcbce1de9 100644
(file)
--- a/
ssl/d1_srvr.c
+++ b/
ssl/d1_srvr.c
@@
-147,10
+147,10
@@
int dtls1_accept(SSL *s)
BUF_MEM *buf;
unsigned long Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
BUF_MEM *buf;
unsigned long Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
- long num1;
unsigned long alg_k;
int ret= -1;
int new_state,state,skip=0;
unsigned long alg_k;
int ret= -1;
int new_state,state,skip=0;
+ int listen;
RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
@@
-160,11
+160,15
@@
int dtls1_accept(SSL *s)
cb=s->info_callback;
else if (s->ctx->info_callback != NULL)
cb=s->ctx->info_callback;
cb=s->info_callback;
else if (s->ctx->info_callback != NULL)
cb=s->ctx->info_callback;
+
+ listen = s->d1->listen;
/* init things to blank */
s->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
/* init things to blank */
s->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+ s->d1->listen = listen;
+
if (s->cert == NULL)
{
SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
if (s->cert == NULL)
{
SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
@@
-178,7
+182,7
@@
int dtls1_accept(SSL *s)
switch (s->state)
{
case SSL_ST_RENEGOTIATE:
switch (s->state)
{
case SSL_ST_RENEGOTIATE:
- s->
new_session
=1;
+ s->
renegotiate
=1;
/* s->state=SSL_ST_ACCEPT; */
case SSL_ST_BEFORE:
/* s->state=SSL_ST_ACCEPT; */
case SSL_ST_BEFORE:
@@
-266,7
+270,6
@@
int dtls1_accept(SSL *s)
ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end;
dtls1_stop_timer(s);
ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end;
dtls1_stop_timer(s);
- s->new_session = 2;
if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
@@
-275,11
+278,23
@@
int dtls1_accept(SSL *s)
s->init_num=0;
s->init_num=0;
+ /* Reflect ClientHello sequence to remain stateless while listening */
+ if (listen)
+ {
+ memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
+ }
+
/* If we're just listening, stop here */
/* If we're just listening, stop here */
- if (
s->d1->
listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
+ if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
{
ret = 2;
s->d1->listen = 0;
{
ret = 2;
s->d1->listen = 0;
+ /* Set expected sequence numbers
+ * to continue the handshake.
+ */
+ s->d1->handshake_read_seq = 2;
+ s->d1->handshake_write_seq = 1;
+ s->d1->next_handshake_write_seq = 1;
goto end;
}
goto end;
}
@@
-288,7
+303,6
@@
int dtls1_accept(SSL *s)
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
- dtls1_start_timer(s);
ret = dtls1_send_hello_verify_request(s);
if ( ret <= 0) goto end;
s->state=SSL3_ST_SW_FLUSH;
ret = dtls1_send_hello_verify_request(s);
if ( ret <= 0) goto end;
s->state=SSL3_ST_SW_FLUSH;
@@
-301,6
+315,7
@@
int dtls1_accept(SSL *s)
case SSL3_ST_SW_SRVR_HELLO_A:
case SSL3_ST_SW_SRVR_HELLO_B:
case SSL3_ST_SW_SRVR_HELLO_A:
case SSL3_ST_SW_SRVR_HELLO_B:
+ s->renegotiate = 2;
dtls1_start_timer(s);
ret=dtls1_send_server_hello(s);
if (ret <= 0) goto end;
dtls1_start_timer(s);
ret=dtls1_send_server_hello(s);
if (ret <= 0) goto end;
@@
-454,16
+469,13
@@
int dtls1_accept(SSL *s)
break;
case SSL3_ST_SW_FLUSH:
break;
case SSL3_ST_SW_FLUSH:
- /* number of bytes to be flushed */
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 > 0)
+ s->rwstate=SSL_WRITING;
+ if (BIO_flush(s->wbio) <= 0)
{
{
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
+ ret= -1;
+ goto end;
}
}
-
+ s->rwstate=SSL_NOTHING;
s->state=s->s3->tmp.next_state;
break;
s->state=s->s3->tmp.next_state;
break;
@@
-624,11
+636,12
@@
int dtls1_accept(SSL *s)
s->init_num=0;
s->init_num=0;
- if (s->
new_session
== 2) /* skipped if we just sent a HelloRequest */
+ if (s->
renegotiate
== 2) /* skipped if we just sent a HelloRequest */
{
/* actually not necessarily a 'new' session unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
{
/* actually not necessarily a 'new' session unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+ s->renegotiate=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
@@
-740,9
+753,6
@@
int dtls1_send_hello_verify_request(SSL *s)
/* number of bytes to write */
s->init_num=p-buf;
s->init_off=0;
/* number of bytes to write */
s->init_num=p-buf;
s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
}
/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
}
/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
@@
-1139,7
+1149,7
@@
int dtls1_send_server_key_exchange(SSL *s)
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
- if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
+ if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher
, NULL
))
== NULL)
{
al=SSL_AD_DECODE_ERROR;
== NULL)
{
al=SSL_AD_DECODE_ERROR;
@@
-1529,9
+1539,10
@@
int dtls1_send_newsession_ticket(SSL *s)
p += hlen;
/* Now write out lengths: p points to end of data written */
/* Total length */
p += hlen;
/* Now write out lengths: p points to end of data written */
/* Total length */
- len = p - (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+ len = p - (unsigned char *)(s->init_buf->data);
+ /* Ticket length */
p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
- s2n(len -
18, p); /* Ticket length */
+ s2n(len -
DTLS1_HM_HEADER_LENGTH - 6, p);
/* number of bytes to write */
s->init_num= len;
/* number of bytes to write */
s->init_num= len;