}
#endif
-#if 0
-int ssl3_accept(SSL *s)
-{
- BUF_MEM *buf;
- unsigned long alg_k, Time = (unsigned long)time(NULL);
- void (*cb) (const SSL *ssl, int type, int val) = NULL;
- int ret = -1;
- int new_state, state, skip = 0;
-
- RAND_add(&Time, sizeof(Time), 0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb = s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb = s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) {
- if (!SSL_clear(s))
- return -1;
- }
-
-#ifndef OPENSSL_NO_HEARTBEATS
- /*
- * If we're awaiting a HeartbeatResponse, pretend we already got and
- * don't await it anymore, because Heartbeats don't make sense during
- * handshakes anyway.
- */
- if (s->tlsext_hb_pending) {
- s->tlsext_hb_pending = 0;
- s->tlsext_hb_seq++;
- }
-#endif
-
- for (;;) {
- state = s->state;
-
- switch (s->state) {
- case SSL_ST_RENEGOTIATE:
- s->renegotiate = 1;
- /* s->state=SSL_ST_ACCEPT; */
-
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE | SSL_ST_ACCEPT:
- case SSL_ST_OK | SSL_ST_ACCEPT:
-
- s->server = 1;
- if (cb != NULL)
- cb(s, SSL_CB_HANDSHAKE_START, 1);
-
- if ((s->version >> 8 != 3) && s->version != TLS_ANY_VERSION) {
- SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
- s->state = SSL_ST_ERR;
- return -1;
- }
-
- if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) {
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_VERSION_TOO_LOW);
- return -1;
- }
-
- s->type = SSL_ST_ACCEPT;
-
- if (s->init_buf == NULL) {
- if ((buf = BUF_MEM_new()) == NULL) {
- ret = -1;
- s->state = SSL_ST_ERR;
- goto end;
- }
- if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
- BUF_MEM_free(buf);
- ret = -1;
- s->state = SSL_ST_ERR;
- goto end;
- }
- s->init_buf = buf;
- }
-
- if (!ssl3_setup_buffers(s)) {
- ret = -1;
- s->state = SSL_ST_ERR;
- goto end;
- }
-
- s->init_num = 0;
- s->s3->flags &= ~TLS1_FLAGS_SKIP_CERT_VERIFY;
- /*
- * Should have been reset by ssl3_get_finished, too.
- */
- s->s3->change_cipher_spec = 0;
-
- if (s->state != SSL_ST_RENEGOTIATE) {
- /*
- * Ok, we now need to push on a buffering BIO so that the
- * output is sent in a way that TCP likes :-)
- */
- if (!ssl_init_wbio_buffer(s, 1)) {
- ret = -1;
- s->state = SSL_ST_ERR;
- goto end;
- }
-
- ssl3_init_finished_mac(s);
- s->state = SSL3_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
- } else if (!s->s3->send_connection_binding &&
- !(s->options &
- SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
- /*
- * Server attempting to renegotiate with client that doesn't
- * support secure renegotiation.
- */
- SSLerr(SSL_F_SSL3_ACCEPT,
- SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- ret = -1;
- s->state = SSL_ST_ERR;
- goto end;
- } else {
- /*
- * s->state == SSL_ST_RENEGOTIATE, we will just send a
- * HelloRequest
- */
- s->ctx->stats.sess_accept_renegotiate++;
- s->state = SSL3_ST_SW_HELLO_REQ_A;
- }
- break;
-
- case SSL3_ST_SW_HELLO_REQ_A:
- case SSL3_ST_SW_HELLO_REQ_B:
-
- s->shutdown = 0;
- ret = ssl3_send_hello_request(s);
- if (ret <= 0)
- goto end;
- s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
- s->state = SSL3_ST_SW_FLUSH;
- s->init_num = 0;
-
- ssl3_init_finished_mac(s);
- break;
-
- case SSL3_ST_SW_HELLO_REQ_C:
- s->state = SSL_ST_OK;
- break;
-
- case SSL3_ST_SR_CLNT_HELLO_A:
- case SSL3_ST_SR_CLNT_HELLO_B:
- case SSL3_ST_SR_CLNT_HELLO_C:
-
- ret = ssl3_get_client_hello(s);
- if (ret <= 0)
- goto end;
-
- s->state = SSL3_ST_SW_SRVR_HELLO_A;
- s->init_num = 0;
- break;
-
-#ifndef OPENSSL_NO_SRP
- case SSL3_ST_SR_CLNT_HELLO_D:
- {
- enum WORK_STATE wst_ret;
-
- wst_ret = tls_post_process_client_hello(s, WORK_MORE_B);
- if (wst_ret == WORK_MORE_B)
- goto end;
- if (wst_ret == WORK_ERROR) {
- ret = -1;
- goto end;
- }
- }
-
- s->state = SSL3_ST_SW_SRVR_HELLO_A;
- s->init_num = 0;
- break;
-#endif
-
- case SSL3_ST_SW_SRVR_HELLO_A:
- case SSL3_ST_SW_SRVR_HELLO_B:
- ret = ssl3_send_server_hello(s);
- if (ret <= 0)
- goto end;
-
- if (s->hit) {
- if (s->tlsext_ticket_expected)
- s->state = SSL3_ST_SW_SESSION_TICKET_A;
- else
- s->state = SSL3_ST_SW_CHANGE_A;
- } else {
- s->state = SSL3_ST_SW_CERT_A;
- }
- s->init_num = 0;
- break;
-
- case SSL3_ST_SW_CERT_A:
- case SSL3_ST_SW_CERT_B:
- /* Check if it is anon DH or anon ECDH, */
- /* normal PSK or SRP */
- if (!(s->s3->tmp.new_cipher->algorithm_auth &
- (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
- ret = ssl3_send_server_certificate(s);
- if (ret <= 0)
- goto end;
-
- if (s->tlsext_status_expected)
- s->state = SSL3_ST_SW_CERT_STATUS_A;
- else
- s->state = SSL3_ST_SW_KEY_EXCH_A;
- } else {
- skip = 1;
- s->state = SSL3_ST_SW_KEY_EXCH_A;
- }
- s->init_num = 0;
- break;
-
- case SSL3_ST_SW_KEY_EXCH_A:
- case SSL3_ST_SW_KEY_EXCH_B:
- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
- /*
- * clear this, it may get reset by
- * send_server_key_exchange
- */
- s->s3->tmp.use_rsa_tmp = 0;
-
- /*
- * only send if a DH key exchange, fortezza or RSA but we have a
- * sign only certificate PSK: may send PSK identity hints For
- * ECC ciphersuites, we send a serverKeyExchange message only if
- * the cipher suite is either ECDH-anon or ECDHE. In other cases,
- * the server certificate contains the server's public key for
- * key exchange.
- */
- if (0
- /*
- * PSK: send ServerKeyExchange if PSK identity hint if
- * provided
- */
-#ifndef OPENSSL_NO_PSK
- /* Only send SKE if we have identity hint for plain PSK */
- || ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) && s->cert->psk_identity_hint)
- /* For other PSK always send SKE */
- || (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))
-#endif
-#ifndef OPENSSL_NO_SRP
- /* SRP: send ServerKeyExchange */
- || (alg_k & SSL_kSRP)
-#endif
- || (alg_k & SSL_kDHE)
- || (alg_k & SSL_kECDHE)
- || ((alg_k & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->pkeys
- [SSL_PKEY_RSA_ENC].privatekey) *
- 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
- )
- )
- )
- ) {
- ret = ssl3_send_server_key_exchange(s);
- if (ret <= 0)
- goto end;
- } else
- skip = 1;
-
- s->state = SSL3_ST_SW_CERT_REQ_A;
- s->init_num = 0;
- break;
-
- case SSL3_ST_SW_CERT_REQ_A:
- case SSL3_ST_SW_CERT_REQ_B:
- if ( /* don't request cert unless asked for it: */
- !(s->verify_mode & SSL_VERIFY_PEER) ||
- /*
- * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
- * during re-negotiation:
- */
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
- /*
- * never request cert in anonymous ciphersuites (see
- * section "Certificate request" in SSL 3 drafts and in
- * RFC 2246):
- */
- ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
- /*
- * ... except when the application insists on
- * verification (against the specs, but s3_clnt.c accepts
- * this for SSL 3)
- */
- !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
- /* don't request certificate for SRP auth */
- (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
- /*
- * With normal PSK Certificates and Certificate Requests
- * are omitted
- */
- || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) {
- /* no cert request */
- skip = 1;
- s->s3->tmp.cert_request = 0;
- s->state = SSL3_ST_SW_SRVR_DONE_A;
- if (!ssl3_digest_cached_records(s, 0)) {
- s->state = SSL_ST_ERR;
- return -1;
- }
- } else {
- s->s3->tmp.cert_request = 1;
- ret = ssl3_send_certificate_request(s);
- if (ret <= 0)
- goto end;
- s->state = SSL3_ST_SW_SRVR_DONE_A;
- s->init_num = 0;
- }
- break;
-
- case SSL3_ST_SW_SRVR_DONE_A:
- case SSL3_ST_SW_SRVR_DONE_B:
- ret = ssl3_send_server_done(s);
- if (ret <= 0)
- goto end;
- s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
- s->state = SSL3_ST_SW_FLUSH;
- s->init_num = 0;
- break;
-
- case SSL3_ST_SW_FLUSH:
-
- /*
- * This code originally checked to see if any data was pending
- * using BIO_CTRL_INFO and then flushed. This caused problems as
- * documented in PR#1939. The proposed fix doesn't completely
- * resolve this issue as buggy implementations of
- * BIO_CTRL_PENDING still exist. So instead we just flush
- * unconditionally.
- */
-
- s->rwstate = SSL_WRITING;
- if (BIO_flush(s->wbio) <= 0) {
- ret = -1;
- goto end;
- }
- s->rwstate = SSL_NOTHING;
-
- s->state = s->s3->tmp.next_state;
- break;
-
- case SSL3_ST_SR_CERT_A:
- case SSL3_ST_SR_CERT_B:
- if (s->s3->tmp.cert_request) {
- ret = ssl3_get_client_certificate(s);
- if (ret <= 0)
- goto end;
- }
- s->init_num = 0;
- s->state = SSL3_ST_SR_KEY_EXCH_A;
- break;
-
- case SSL3_ST_SR_KEY_EXCH_A:
- case SSL3_ST_SR_KEY_EXCH_B:
- ret = ssl3_get_client_key_exchange(s);
- if (ret <= 0)
- goto end;
- if (s->no_cert_verify) {
- /*
- * For the ECDH ciphersuites when the client sends its ECDH
- * pub key in a certificate, the CertificateVerify message is
- * not sent. Also for GOST ciphersuites when the client uses
- * its key from the certificate for key exchange.
- */
- s->state = SSL3_ST_SR_CHANGE_A;
- s->init_num = 0;
- } else if (SSL_USE_SIGALGS(s)) {
- s->state = SSL3_ST_SR_CERT_VRFY_A;
- s->init_num = 0;
- if (!s->session->peer)
- break;
- if (!s->s3->handshake_buffer) {
- SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
- s->state = SSL_ST_ERR;
- return -1;
- }
- /*
- * For sigalgs freeze the handshake buffer. If we support
- * extms we've done this already so this is a no-op
- */
- if (!ssl3_digest_cached_records(s, 1)) {
- s->state = SSL_ST_ERR;
- return -1;
- }
- } else {
- int offset = 0;
- int dgst_num;
-
- s->state = SSL3_ST_SR_CERT_VRFY_A;
- s->init_num = 0;
-
- /*
- * We need to get hashes here so if there is a client cert,
- * it can be verified FIXME - digest processing for
- * CertificateVerify should be generalized. But it is next
- * step
- */
- if (!ssl3_digest_cached_records(s, 0)) {
- s->state = SSL_ST_ERR;
- return -1;
- }
- for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++)
- if (s->s3->handshake_dgst[dgst_num]) {
- int dgst_size;
-
- s->method->ssl3_enc->cert_verify_mac(s,
- EVP_MD_CTX_type
- (s->
- s3->handshake_dgst
- [dgst_num]),
- &(s->s3->
- tmp.cert_verify_md
- [offset]));
- dgst_size =
- EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
- if (dgst_size < 0) {
- s->state = SSL_ST_ERR;
- ret = -1;
- goto end;
- }
- offset += dgst_size;
- }
- }
- break;
-
- case SSL3_ST_SR_CERT_VRFY_A:
- case SSL3_ST_SR_CERT_VRFY_B:
- ret = ssl3_get_cert_verify(s);
- if (ret <= 0)
- goto end;
-
- s->state = SSL3_ST_SR_CHANGE_A;
- s->init_num = 0;
- break;
-
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
- case SSL3_ST_SR_NEXT_PROTO_A:
- case SSL3_ST_SR_NEXT_PROTO_B:
- ret = ssl3_get_next_proto(s);
- if (ret <= 0)
- goto end;
- s->init_num = 0;
- s->state = SSL3_ST_SR_FINISHED_A;
- break;
-#endif
-
-
- case SSL3_ST_SR_CHANGE_A:
- case SSL3_ST_SR_CHANGE_B:
- ret = ssl3_get_change_cipher_spec(s, SSL3_ST_SR_CHANGE_A,
- SSL3_ST_SR_CHANGE_B);
- if (ret <= 0)
- goto end;
-
-#if defined(OPENSSL_NO_NEXTPROTONEG)
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
- if (s->s3->next_proto_neg_seen)
- s->state = SSL3_ST_SR_NEXT_PROTO_A;
- else
- s->state = SSL3_ST_SR_FINISHED_A;
-#endif
- s->init_num = 0;
- break;
-
- case SSL3_ST_SR_FINISHED_A:
- case SSL3_ST_SR_FINISHED_B:
- ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
- SSL3_ST_SR_FINISHED_B);
- if (ret <= 0)
- goto end;
- if (s->hit)
- s->state = SSL_ST_OK;
- else if (s->tlsext_ticket_expected)
- s->state = SSL3_ST_SW_SESSION_TICKET_A;
- else
- s->state = SSL3_ST_SW_CHANGE_A;
- s->init_num = 0;
- break;
-
- case SSL3_ST_SW_SESSION_TICKET_A:
- case SSL3_ST_SW_SESSION_TICKET_B:
- ret = ssl3_send_newsession_ticket(s);
- if (ret <= 0)
- goto end;
- s->state = SSL3_ST_SW_CHANGE_A;
- s->init_num = 0;
- break;
-
- case SSL3_ST_SW_CERT_STATUS_A:
- case SSL3_ST_SW_CERT_STATUS_B:
- ret = ssl3_send_cert_status(s);
- if (ret <= 0)
- goto end;
- s->state = SSL3_ST_SW_KEY_EXCH_A;
- s->init_num = 0;
- break;
-
- case SSL3_ST_SW_CHANGE_A:
- case SSL3_ST_SW_CHANGE_B:
-
- s->session->cipher = s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s)) {
- ret = -1;
- s->state = SSL_ST_ERR;
- goto end;
- }
-
- ret = ssl3_send_change_cipher_spec(s,
- SSL3_ST_SW_CHANGE_A,
- SSL3_ST_SW_CHANGE_B);
-
- if (ret <= 0)
- goto end;
- s->state = SSL3_ST_SW_FINISHED_A;
- s->init_num = 0;
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_SERVER_WRITE))
- {
- ret = -1;
- s->state = SSL_ST_ERR;
- goto end;
- }
-
- break;
-
- case SSL3_ST_SW_FINISHED_A:
- case SSL3_ST_SW_FINISHED_B:
- ret = ssl3_send_finished(s,
- SSL3_ST_SW_FINISHED_A,
- SSL3_ST_SW_FINISHED_B,
- s->method->
- ssl3_enc->server_finished_label,
- s->method->
- ssl3_enc->server_finished_label_len);
- if (ret <= 0)
- goto end;
- s->state = SSL3_ST_SW_FLUSH;
- if (s->hit) {
- s->s3->tmp.next_state = SSL3_ST_SR_CHANGE_A;
- } else
- s->s3->tmp.next_state = SSL_ST_OK;
- s->init_num = 0;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
- BUF_MEM_free(s->init_buf);
- s->init_buf = NULL;
-
- /* remove buffering on output */
- ssl_free_wbio_buffer(s);
-
- s->init_num = 0;
-
- if (s->renegotiate == 2) { /* skipped if we just sent a
- * HelloRequest */
- s->renegotiate = 0;
- s->new_session = 0;
-
- ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- s->handshake_func = ssl3_accept;
-
- if (cb != NULL)
- cb(s, SSL_CB_HANDSHAKE_DONE, 1);
- }
-
- ret = 1;
- goto end;
- /* break; */
-
- case SSL_ST_ERR:
- default:
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
- ret = -1;
- goto end;
- /* break; */
- }
-
- if (!s->s3->tmp.reuse_message && !skip) {
- if (s->debug) {
- if ((ret = BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
- if ((cb != NULL) && (s->state != state)) {
- new_state = s->state;
- s->state = state;
- cb(s, SSL_CB_ACCEPT_LOOP, 1);
- s->state = new_state;
- }
- }
- skip = 0;
- }
- end:
- /* BIO_flush(s->wbio); */
-
- s->in_handshake--;
- if (cb != NULL)
- cb(s, SSL_CB_ACCEPT_EXIT, ret);
- return (ret);
-}
-#endif
-
-int ssl3_send_hello_request(SSL *s)
-{
-
- if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
- if (tls_construct_hello_request(s) == 0) {
- return -1;
- }
- s->state = SSL3_ST_SW_HELLO_REQ_B;
- }
-
- /* SSL3_ST_SW_HELLO_REQ_B */
- return ssl_do_write(s);
-}
-
int tls_construct_hello_request(SSL *s)
{
if (!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) {
return 1;
}
-int ssl3_get_client_hello(SSL *s)
-{
- int ok;
- long n;
- enum WORK_STATE wst_ret;
-
- if (s->state == SSL3_ST_SR_CLNT_HELLO_C && !s->first_packet)
- goto retry_cert;
-
- /*
- * We do this so that we will respond with our native type. If we are
- * TLSv1 and we get SSLv3, we will respond with TLSv1, This down
- * switching should be handled by a different method. If we are SSLv3, we
- * will respond with SSLv3, even if prompted with TLSv1.
- */
- if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
- s->state = SSL3_ST_SR_CLNT_HELLO_B;
- }
- s->first_packet = 1;
- n = s->method->ssl_get_message(s,
- SSL3_ST_SR_CLNT_HELLO_B,
- SSL3_ST_SR_CLNT_HELLO_C,
- SSL3_MT_CLIENT_HELLO,
- SSL3_RT_MAX_PLAIN_LENGTH, &ok);
-
- if (!ok)
- return ((int)n);
- s->first_packet = 0;
-
- if (tls_process_client_hello(s, n) == 0)
- return -1;
-
- retry_cert:
- wst_ret = tls_post_process_client_hello(s, WORK_MORE_A);
- if (wst_ret == WORK_MORE_A || wst_ret == WORK_ERROR)
- return -1;
- if (wst_ret == WORK_MORE_B) {
- s->state = SSL3_ST_SR_CLNT_HELLO_D;
- return -1;
- }
- return n;
-}
-
enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, long n)
{
int i, al = SSL_AD_INTERNAL_ERROR;
return WORK_ERROR;
}
-int ssl3_send_server_hello(SSL *s)
-{
- if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
- if (tls_construct_server_hello(s) != 1)
- return -1;
- s->state = SSL3_ST_SW_SRVR_HELLO_B;
- }
-
- /* SSL3_ST_SW_SRVR_HELLO_B */
- return ssl_do_write(s);
-}
-
int tls_construct_server_hello(SSL *s)
{
unsigned char *buf;
return 1;
}
-int ssl3_send_server_done(SSL *s)
-{
-
- if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
- if (tls_construct_server_done(s) == 0)
- return -1;
- s->state = SSL3_ST_SW_SRVR_DONE_B;
- }
-
- /* SSL3_ST_SW_SRVR_DONE_B */
- return ssl_do_write(s);
-}
-
int tls_construct_server_done(SSL *s)
{
if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0)) {
return 1;
}
-int ssl3_send_server_key_exchange(SSL *s)
-{
- if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
- if (tls_construct_server_key_exchange(s) == 0)
- return -1;
- }
-
- s->state = SSL3_ST_SW_KEY_EXCH_B;
- return ssl_do_write(s);
-}
-
int tls_construct_server_key_exchange(SSL *s)
{
#ifndef OPENSSL_NO_RSA
return 0;
}
-int ssl3_send_certificate_request(SSL *s)
-{
- if (s->state == SSL3_ST_SW_CERT_REQ_A) {
- if (tls_construct_certificate_request(s) == 0)
- return -1;
- s->state = SSL3_ST_SW_CERT_REQ_B;
- }
-
- /* SSL3_ST_SW_CERT_REQ_B */
- return ssl_do_write(s);
-}
-
int tls_construct_certificate_request(SSL *s)
{
unsigned char *p, *d;
return 0;
}
-int ssl3_get_client_key_exchange(SSL *s)
-{
- int ok;
- long n;
-
- n = s->method->ssl_get_message(s,
- SSL3_ST_SR_KEY_EXCH_A,
- SSL3_ST_SR_KEY_EXCH_B,
- SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
-
- if (!ok)
- return ((int)n);
-
- if (tls_process_client_key_exchange(s, n) == 0)
- return -1;
-
- return n;
-}
-
enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, long n)
{
int al;
return WORK_FINISHED_CONTINUE;
}
-int ssl3_get_cert_verify(SSL *s)
-{
- int ok, ret = 1;
- long n;
-
- /*
- * We should only process a CertificateVerify message if we have received
- * a Certificate from the client. If so then |s->session->peer| will be non
- * NULL. In some instances a CertificateVerify message is not required even
- * if the peer has sent a Certificate (e.g. such as in the case of static
- * DH). In that case the ClientKeyExchange processing will skip the
- * CertificateVerify state so we should not arrive here.
- */
- if (s->session->peer == NULL) {
- goto end;
- }
-
- n = s->method->ssl_get_message(s,
- SSL3_ST_SR_CERT_VRFY_A,
- SSL3_ST_SR_CERT_VRFY_B,
- SSL3_MT_CERTIFICATE_VERIFY,
- SSL3_RT_MAX_PLAIN_LENGTH, &ok);
-
- if (!ok)
- return ((int)n);
-
- if (tls_process_cert_verify(s, n) == 0)
- ret = -1;
-
- end:
- BIO_free(s->s3->handshake_buffer);
- s->s3->handshake_buffer = NULL;
- return ret;
-}
-
-
enum MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, long n)
{
EVP_PKEY *pkey = NULL;
return ret;
}
-int ssl3_get_client_certificate(SSL *s)
-{
- int ok, al;
- long n;
-
- n = s->method->ssl_get_message(s,
- SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B,
- -1, s->max_cert_list, &ok);
-
- if (!ok)
- return ((int)n);
-
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
- if ((s->verify_mode & SSL_VERIFY_PEER) &&
- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
- SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- al = SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
- }
- /*
- * If tls asked for a client cert, the client must return a 0 list
- */
- if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
- SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
- al = SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
- s->s3->tmp.reuse_message = 1;
- return 1;
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_WRONG_MESSAGE_TYPE);
- goto f_err;
- }
-
- if (tls_process_client_certificate(s, n) == 0)
- goto f_err;
-
- return 1;
- f_err:
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
- s->state = SSL_ST_ERR;
- return -1;
-}
-
enum MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, long n)
{
int i, al, ret = MSG_PROCESS_ERROR;
return ret;
}
-int ssl3_send_server_certificate(SSL *s)
-{
- if (s->state == SSL3_ST_SW_CERT_A) {
- if (tls_construct_server_certificate(s) == 0)
- return 0;
- s->state = SSL3_ST_SW_CERT_B;
- }
-
- /* SSL3_ST_SW_CERT_B */
- return ssl_do_write(s);
-}
-
int tls_construct_server_certificate(SSL *s)
{
CERT_PKEY *cpk;
return 1;
}
-/* send a new session ticket (not necessarily for a new session) */
-int ssl3_send_newsession_ticket(SSL *s)
-{
- if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
- if (tls_construct_new_session_ticket(s) == 0)
- return -1;
-
- s->state = SSL3_ST_SW_SESSION_TICKET_B;
- }
-
- /* SSL3_ST_SW_SESSION_TICKET_B */
- return ssl_do_write(s);
-}
-
int tls_construct_new_session_ticket(SSL *s)
{
unsigned char *senc = NULL;
return 0;
}
-int ssl3_send_cert_status(SSL *s)
-{
- if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
- if (tls_construct_cert_status(s) == 0)
- return -1;
-
- s->state = SSL3_ST_SW_CERT_STATUS_B;
- }
-
- /* SSL3_ST_SW_CERT_STATUS_B */
- return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
int tls_construct_cert_status(SSL *s)
{
unsigned char *p;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
-/*
- * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
- * It sets the next_proto member in s if found
- */
-int ssl3_get_next_proto(SSL *s)
-{
- int ok;
- long n;
-
- /*
- * Clients cannot send a NextProtocol message if we didn't see the
- * extension in their ClientHello
- */
- if (!s->s3->next_proto_neg_seen) {
- SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
- SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
- s->state = SSL_ST_ERR;
- return -1;
- }
-
- /* See the payload format below */
- n = s->method->ssl_get_message(s,
- SSL3_ST_SR_NEXT_PROTO_A,
- SSL3_ST_SR_NEXT_PROTO_B,
- SSL3_MT_NEXT_PROTO, 514, &ok);
-
- if (!ok)
- return ((int)n);
-
- /*
- * s->state doesn't reflect whether ChangeCipherSpec has been received in
- * this handshake, but s->s3->change_cipher_spec does (will be reset by
- * ssl3_get_finished).
- */
- if (!s->s3->change_cipher_spec) {
- SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
- statem_set_error(s);
- return -1;
- }
-
- if (tls_process_next_proto(s, n) == 0)
- return -1;
-
- return n;
-}
-
/*
* tls_process_next_proto reads a Next Protocol Negotiation handshake message.
* It sets the next_proto member in s if found