projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
PR: 2505
[openssl.git] / ssl / d1_clnt.c
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index dcca4dbd8b5abb7f4bebe7407fde577bb3ec107e..887e3244e772363ddc0eebce5f2f0bc43c15399c 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -114,6 +114,7 @@
  */
 
 #include <stdio.h>
  */
 
 #include <stdio.h>
+#include <openssl/crypto.h>
 #include "ssl_locl.h"
 #ifndef OPENSSL_NO_KRB5
 #include "kssl_lcl.h"
 #include "ssl_locl.h"
 #ifndef OPENSSL_NO_KRB5
 #include "kssl_lcl.h"
@@ -148,7 +149,6 @@ int dtls1_connect(SSL *s)
        {
        BUF_MEM *buf=NULL;
        unsigned long Time=(unsigned long)time(NULL);
        {
        BUF_MEM *buf=NULL;
        unsigned long Time=(unsigned long)time(NULL);
-       long num1;
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
        int ret= -1;
        int new_state,state,skip=0;;
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
        int ret= -1;
        int new_state,state,skip=0;;
@@ -172,7 +172,7 @@ int dtls1_connect(SSL *s)
                switch(s->state)
                        {
                case SSL_ST_RENEGOTIATE:
                switch(s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                       s->new_session=1;
+                       s->renegotiate=1;
                        s->state=SSL_ST_CONNECT;
                        s->ctx->stats.sess_connect_renegotiate++;
                        /* break */
                        s->state=SSL_ST_CONNECT;
                        s->ctx->stats.sess_connect_renegotiate++;
                        /* break */
@@ -223,6 +223,8 @@ int dtls1_connect(SSL *s)
                        s->init_num=0;
                        /* mark client_random uninitialized */
                        memset(s->s3->client_random,0,sizeof(s->s3->client_random));
                        s->init_num=0;
                        /* mark client_random uninitialized */
                        memset(s->s3->client_random,0,sizeof(s->s3->client_random));
+                       s->d1->send_cookie = 0;
+                       s->hit = 0;
                        break;
 
                case SSL3_ST_CW_CLNT_HELLO_A:
                        break;
 
                case SSL3_ST_CW_CLNT_HELLO_A:
@@ -284,16 +286,44 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CR_CERT_A:
                case SSL3_ST_CR_CERT_B:
 
                case SSL3_ST_CR_CERT_A:
                case SSL3_ST_CR_CERT_B:
+#ifndef OPENSSL_NO_TLSEXT
+                       ret=ssl3_check_finished(s);
+                       if (ret <= 0) goto end;
+                       if (ret == 2)
+                               {
+                               s->hit = 1;
+                               if (s->tlsext_ticket_expected)
+                                       s->state=SSL3_ST_CR_SESSION_TICKET_A;
+                               else
+                                       s->state=SSL3_ST_CR_FINISHED_A;
+                               s->init_num=0;
+                               break;
+                               }
+#endif
                        /* Check if it is anon DH or PSK */
                        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
                            !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                                {
                                ret=ssl3_get_server_certificate(s);
                                if (ret <= 0) goto end;
                        /* Check if it is anon DH or PSK */
                        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
                            !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                                {
                                ret=ssl3_get_server_certificate(s);
                                if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
+                               if (s->tlsext_status_expected)
+                                       s->state=SSL3_ST_CR_CERT_STATUS_A;
+                               else
+                                       s->state=SSL3_ST_CR_KEY_EXCH_A;
+                               }
+                       else
+                               {
+                               skip = 1;
+                               s->state=SSL3_ST_CR_KEY_EXCH_A;
+                               }
+#else
                                }
                        else
                                skip=1;
                                }
                        else
                                skip=1;
+
                        s->state=SSL3_ST_CR_KEY_EXCH_A;
                        s->state=SSL3_ST_CR_KEY_EXCH_A;
+#endif
                        s->init_num=0;
                        break;
 
                        s->init_num=0;
                        break;
 
@@ -378,7 +408,8 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_CHANGE_A:
                case SSL3_ST_CW_CHANGE_B:
 
                case SSL3_ST_CW_CHANGE_A:
                case SSL3_ST_CW_CHANGE_B:
-                       dtls1_start_timer(s);
+                       if (!s->hit)
+                               dtls1_start_timer(s);
                        ret=dtls1_send_change_cipher_spec(s,
                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0) goto end;
                        ret=dtls1_send_change_cipher_spec(s,
                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0) goto end;
@@ -413,7 +444,8 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_FINISHED_A:
                case SSL3_ST_CW_FINISHED_B:
 
                case SSL3_ST_CW_FINISHED_A:
                case SSL3_ST_CW_FINISHED_B:
-                       dtls1_start_timer(s);
+                       if (!s->hit)
+                               dtls1_start_timer(s);
                        ret=dtls1_send_finished(s,
                                SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
                                s->method->ssl3_enc->client_finished_label,
                        ret=dtls1_send_finished(s,
                                SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
                                s->method->ssl3_enc->client_finished_label,
@@ -435,11 +467,36 @@ int dtls1_connect(SSL *s)
                                }
                        else
                                {
                                }
                        else
                                {
+#ifndef OPENSSL_NO_TLSEXT
+                               /* Allow NewSessionTicket if ticket expected */
+                               if (s->tlsext_ticket_expected)
+                                       s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
+                               else
+#endif
+                               
                                s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
                                }
                        s->init_num=0;
                        break;
 
                                s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
                                }
                        s->init_num=0;
                        break;
 
+#ifndef OPENSSL_NO_TLSEXT
+               case SSL3_ST_CR_SESSION_TICKET_A:
+               case SSL3_ST_CR_SESSION_TICKET_B:
+                       ret=ssl3_get_new_session_ticket(s);
+                       if (ret <= 0) goto end;
+                       s->state=SSL3_ST_CR_FINISHED_A;
+                       s->init_num=0;
+               break;
+
+               case SSL3_ST_CR_CERT_STATUS_A:
+               case SSL3_ST_CR_CERT_STATUS_B:
+                       ret=ssl3_get_cert_status(s);
+                       if (ret <= 0) goto end;
+                       s->state=SSL3_ST_CR_KEY_EXCH_A;
+                       s->init_num=0;
+               break;
+#endif
+
                case SSL3_ST_CR_FINISHED_A:
                case SSL3_ST_CR_FINISHED_B:
                        s->d1->change_cipher_spec_ok = 1;
                case SSL3_ST_CR_FINISHED_A:
                case SSL3_ST_CR_FINISHED_B:
                        s->d1->change_cipher_spec_ok = 1;
@@ -456,16 +513,13 @@ int dtls1_connect(SSL *s)
                        break;
 
                case SSL3_ST_CW_FLUSH:
                        break;
 
                case SSL3_ST_CW_FLUSH:
-                       /* number of bytes to be flushed */
-                       num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-                       if (num1 > 0)
+                       s->rwstate=SSL_WRITING;
+                       if (BIO_flush(s->wbio) <= 0)
                                {
                                {
-                               s->rwstate=SSL_WRITING;
-                               num1=BIO_flush(s->wbio);
-                               if (num1 <= 0) { ret= -1; goto end; }
-                               s->rwstate=SSL_NOTHING;
+                               ret= -1;
+                               goto end;
                                }
                                }
-
+                       s->rwstate=SSL_NOTHING;
                        s->state=s->s3->tmp.next_state;
                        break;
 
                        s->state=s->s3->tmp.next_state;
                        break;
 
@@ -488,6 +542,7 @@ int dtls1_connect(SSL *s)
                        /* else do it later in ssl3_write */
 
                        s->init_num=0;
                        /* else do it later in ssl3_write */
 
                        s->init_num=0;
+                       s->renegotiate=0;
                        s->new_session=0;
 
                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
                        s->new_session=0;
 
                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
@@ -552,8 +607,14 @@ int dtls1_client_hello(SSL *s)
        buf=(unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
                {
        buf=(unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
                {
+               SSL_SESSION *sess = s->session;
                if ((s->session == NULL) ||
                        (s->session->ssl_version != s->version) ||
                if ((s->session == NULL) ||
                        (s->session->ssl_version != s->version) ||
+#ifdef OPENSSL_NO_TLSEXT
+                       !sess->session_id_length ||
+#else
+                       (!sess->session_id_length && !sess->tlsext_tick) ||
+#endif
                        (s->session->not_resumable))
                        {
                        if (!ssl_get_new_session(s,0))
                        (s->session->not_resumable))
                        {
                        if (!ssl_get_new_session(s,0))
@@ -633,7 +694,15 @@ int dtls1_client_hello(SSL *s)
                        *(p++)=comp->id;
                        }
                *(p++)=0; /* Add the NULL method */
                        *(p++)=comp->id;
                        }
                *(p++)=0; /* Add the NULL method */
-               
+
+#ifndef OPENSSL_NO_TLSEXT
+               if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+                       {
+                       SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+                       goto err;
+                       }
+#endif         
+
                l=(p-d);
                d=buf;
 
                l=(p-d);
                d=buf;
 
Unnamed repository; edit this file 'description' to name the repository.