| GCC Code Coverage Report | |||||||||||||||||||||
|
|||||||||||||||||||||
| Line | Branch | Exec | Source |
1 |
/* $OpenBSD: d1_clnt.c,v 1.76 2017/05/07 04:22:24 beck Exp $ */ |
||
2 |
/* |
||
3 |
* DTLS implementation written by Nagendra Modadugu |
||
4 |
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
||
5 |
*/ |
||
6 |
/* ==================================================================== |
||
7 |
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
||
8 |
* |
||
9 |
* Redistribution and use in source and binary forms, with or without |
||
10 |
* modification, are permitted provided that the following conditions |
||
11 |
* are met: |
||
12 |
* |
||
13 |
* 1. Redistributions of source code must retain the above copyright |
||
14 |
* notice, this list of conditions and the following disclaimer. |
||
15 |
* |
||
16 |
* 2. Redistributions in binary form must reproduce the above copyright |
||
17 |
* notice, this list of conditions and the following disclaimer in |
||
18 |
* the documentation and/or other materials provided with the |
||
19 |
* distribution. |
||
20 |
* |
||
21 |
* 3. All advertising materials mentioning features or use of this |
||
22 |
* software must display the following acknowledgment: |
||
23 |
* "This product includes software developed by the OpenSSL Project |
||
24 |
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
||
25 |
* |
||
26 |
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
||
27 |
* endorse or promote products derived from this software without |
||
28 |
* prior written permission. For written permission, please contact |
||
29 |
* openssl-core@OpenSSL.org. |
||
30 |
* |
||
31 |
* 5. Products derived from this software may not be called "OpenSSL" |
||
32 |
* nor may "OpenSSL" appear in their names without prior written |
||
33 |
* permission of the OpenSSL Project. |
||
34 |
* |
||
35 |
* 6. Redistributions of any form whatsoever must retain the following |
||
36 |
* acknowledgment: |
||
37 |
* "This product includes software developed by the OpenSSL Project |
||
38 |
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
||
39 |
* |
||
40 |
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
||
41 |
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
||
42 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
||
43 |
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
||
44 |
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||
45 |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
||
46 |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
47 |
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
||
48 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
||
49 |
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
||
50 |
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
||
51 |
* OF THE POSSIBILITY OF SUCH DAMAGE. |
||
52 |
* ==================================================================== |
||
53 |
* |
||
54 |
* This product includes cryptographic software written by Eric Young |
||
55 |
* (eay@cryptsoft.com). This product includes software written by Tim |
||
56 |
* Hudson (tjh@cryptsoft.com). |
||
57 |
* |
||
58 |
*/ |
||
59 |
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
||
60 |
* All rights reserved. |
||
61 |
* |
||
62 |
* This package is an SSL implementation written |
||
63 |
* by Eric Young (eay@cryptsoft.com). |
||
64 |
* The implementation was written so as to conform with Netscapes SSL. |
||
65 |
* |
||
66 |
* This library is free for commercial and non-commercial use as long as |
||
67 |
* the following conditions are aheared to. The following conditions |
||
68 |
* apply to all code found in this distribution, be it the RC4, RSA, |
||
69 |
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
||
70 |
* included with this distribution is covered by the same copyright terms |
||
71 |
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
||
72 |
* |
||
73 |
* Copyright remains Eric Young's, and as such any Copyright notices in |
||
74 |
* the code are not to be removed. |
||
75 |
* If this package is used in a product, Eric Young should be given attribution |
||
76 |
* as the author of the parts of the library used. |
||
77 |
* This can be in the form of a textual message at program startup or |
||
78 |
* in documentation (online or textual) provided with the package. |
||
79 |
* |
||
80 |
* Redistribution and use in source and binary forms, with or without |
||
81 |
* modification, are permitted provided that the following conditions |
||
82 |
* are met: |
||
83 |
* 1. Redistributions of source code must retain the copyright |
||
84 |
* notice, this list of conditions and the following disclaimer. |
||
85 |
* 2. Redistributions in binary form must reproduce the above copyright |
||
86 |
* notice, this list of conditions and the following disclaimer in the |
||
87 |
* documentation and/or other materials provided with the distribution. |
||
88 |
* 3. All advertising materials mentioning features or use of this software |
||
89 |
* must display the following acknowledgement: |
||
90 |
* "This product includes cryptographic software written by |
||
91 |
* Eric Young (eay@cryptsoft.com)" |
||
92 |
* The word 'cryptographic' can be left out if the rouines from the library |
||
93 |
* being used are not cryptographic related :-). |
||
94 |
* 4. If you include any Windows specific code (or a derivative thereof) from |
||
95 |
* the apps directory (application code) you must include an acknowledgement: |
||
96 |
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
||
97 |
* |
||
98 |
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
||
99 |
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
||
100 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
||
101 |
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
||
102 |
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
||
103 |
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
||
104 |
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
||
105 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
||
106 |
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
||
107 |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
||
108 |
* SUCH DAMAGE. |
||
109 |
* |
||
110 |
* The licence and distribution terms for any publically available version or |
||
111 |
* derivative of this code cannot be changed. i.e. this code cannot simply be |
||
112 |
* copied and put under another distribution licence |
||
113 |
* [including the GNU Public Licence.] |
||
114 |
*/ |
||
115 |
|||
116 |
#include <limits.h> |
||
117 |
#include <stdio.h> |
||
118 |
|||
119 |
#include "ssl_locl.h" |
||
120 |
|||
121 |
#include <openssl/bn.h> |
||
122 |
#include <openssl/buffer.h> |
||
123 |
#include <openssl/dh.h> |
||
124 |
#include <openssl/evp.h> |
||
125 |
#include <openssl/md5.h> |
||
126 |
#include <openssl/objects.h> |
||
127 |
|||
128 |
#include "bytestring.h" |
||
129 |
|||
130 |
static int dtls1_get_hello_verify(SSL *s); |
||
131 |
|||
132 |
static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { |
||
133 |
.version = DTLS1_VERSION, |
||
134 |
.min_version = DTLS1_VERSION, |
||
135 |
.max_version = DTLS1_VERSION, |
||
136 |
.ssl_new = dtls1_new, |
||
137 |
.ssl_clear = dtls1_clear, |
||
138 |
.ssl_free = dtls1_free, |
||
139 |
.ssl_accept = ssl_undefined_function, |
||
140 |
.ssl_connect = dtls1_connect, |
||
141 |
.ssl_read = ssl3_read, |
||
142 |
.ssl_peek = ssl3_peek, |
||
143 |
.ssl_write = ssl3_write, |
||
144 |
.ssl_shutdown = dtls1_shutdown, |
||
145 |
.ssl_pending = ssl3_pending, |
||
146 |
.get_ssl_method = dtls1_get_client_method, |
||
147 |
.get_timeout = dtls1_default_timeout, |
||
148 |
.ssl_version = ssl_undefined_void_function, |
||
149 |
.ssl_renegotiate = ssl3_renegotiate, |
||
150 |
.ssl_renegotiate_check = ssl3_renegotiate_check, |
||
151 |
.ssl_get_message = dtls1_get_message, |
||
152 |
.ssl_read_bytes = dtls1_read_bytes, |
||
153 |
.ssl_write_bytes = dtls1_write_app_data_bytes, |
||
154 |
.ssl3_enc = &DTLSv1_enc_data, |
||
155 |
}; |
||
156 |
|||
157 |
static const SSL_METHOD DTLSv1_client_method_data = { |
||
158 |
.ssl_dispatch_alert = dtls1_dispatch_alert, |
||
159 |
.num_ciphers = ssl3_num_ciphers, |
||
160 |
.get_cipher = dtls1_get_cipher, |
||
161 |
.get_cipher_by_char = ssl3_get_cipher_by_char, |
||
162 |
.put_cipher_by_char = ssl3_put_cipher_by_char, |
||
163 |
.internal = &DTLSv1_client_method_internal_data, |
||
164 |
}; |
||
165 |
|||
166 |
const SSL_METHOD * |
||
167 |
DTLSv1_client_method(void) |
||
168 |
{ |
||
169 |
128 |
return &DTLSv1_client_method_data; |
|
170 |
} |
||
171 |
|||
172 |
const SSL_METHOD * |
||
173 |
dtls1_get_client_method(int ver) |
||
174 |
{ |
||
175 |
✓✗ | 96 |
if (ver == DTLS1_VERSION) |
176 |
48 |
return (DTLSv1_client_method()); |
|
177 |
return (NULL); |
||
178 |
48 |
} |
|
179 |
|||
180 |
int |
||
181 |
dtls1_connect(SSL *s) |
||
182 |
{ |
||
183 |
void (*cb)(const SSL *ssl, int type, int val) = NULL; |
||
184 |
int ret = -1; |
||
185 |
int new_state, state, skip = 0; |
||
186 |
|||
187 |
296 |
ERR_clear_error(); |
|
188 |
148 |
errno = 0; |
|
189 |
|||
190 |
✗✓ | 148 |
if (s->internal->info_callback != NULL) |
191 |
cb = s->internal->info_callback; |
||
192 |
✗✓ | 148 |
else if (s->ctx->internal->info_callback != NULL) |
193 |
cb = s->ctx->internal->info_callback; |
||
194 |
|||
195 |
148 |
s->internal->in_handshake++; |
|
196 |
✓✗✓✓ |
296 |
if (!SSL_in_init(s) || SSL_in_before(s)) |
197 |
52 |
SSL_clear(s); |
|
198 |
|||
199 |
|||
200 |
696 |
for (;;) { |
|
201 |
844 |
state = S3I(s)->hs.state; |
|
202 |
|||
203 |
✗✗✗✗ ✓✗✓✗ ✓✗✓✗ ✓✗✓✗ ✓✗✓✗ ✗✗✓✗ ✓✗✓✗ ✓✗✓✗ ✓✗✗✗ ✓✓✓✗ |
844 |
switch (S3I(s)->hs.state) { |
204 |
case SSL_ST_RENEGOTIATE: |
||
205 |
s->internal->renegotiate = 1; |
||
206 |
S3I(s)->hs.state = SSL_ST_CONNECT; |
||
207 |
s->ctx->internal->stats.sess_connect_renegotiate++; |
||
208 |
/* break */ |
||
209 |
case SSL_ST_BEFORE: |
||
210 |
case SSL_ST_CONNECT: |
||
211 |
case SSL_ST_BEFORE|SSL_ST_CONNECT: |
||
212 |
case SSL_ST_OK|SSL_ST_CONNECT: |
||
213 |
|||
214 |
52 |
s->server = 0; |
|
215 |
✗✓ | 52 |
if (cb != NULL) |
216 |
cb(s, SSL_CB_HANDSHAKE_START, 1); |
||
217 |
|||
218 |
✗✓ | 52 |
if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) { |
219 |
SSLerror(s, ERR_R_INTERNAL_ERROR); |
||
220 |
ret = -1; |
||
221 |
goto end; |
||
222 |
} |
||
223 |
|||
224 |
/* s->version=SSL3_VERSION; */ |
||
225 |
52 |
s->internal->type = SSL_ST_CONNECT; |
|
226 |
|||
227 |
✗✓ | 52 |
if (!ssl3_setup_init_buffer(s)) { |
228 |
ret = -1; |
||
229 |
goto end; |
||
230 |
} |
||
231 |
✗✓ | 52 |
if (!ssl3_setup_buffers(s)) { |
232 |
ret = -1; |
||
233 |
goto end; |
||
234 |
} |
||
235 |
✗✓ | 52 |
if (!ssl_init_wbio_buffer(s, 0)) { |
236 |
ret = -1; |
||
237 |
goto end; |
||
238 |
} |
||
239 |
|||
240 |
/* don't push the buffering BIO quite yet */ |
||
241 |
|||
242 |
52 |
S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; |
|
243 |
52 |
s->ctx->internal->stats.sess_connect++; |
|
244 |
52 |
s->internal->init_num = 0; |
|
245 |
/* mark client_random uninitialized */ |
||
246 |
52 |
memset(s->s3->client_random, 0, |
|
247 |
sizeof(s->s3->client_random)); |
||
248 |
52 |
D1I(s)->send_cookie = 0; |
|
249 |
52 |
s->internal->hit = 0; |
|
250 |
52 |
break; |
|
251 |
|||
252 |
|||
253 |
case SSL3_ST_CW_CLNT_HELLO_A: |
||
254 |
case SSL3_ST_CW_CLNT_HELLO_B: |
||
255 |
|||
256 |
52 |
s->internal->shutdown = 0; |
|
257 |
|||
258 |
/* every DTLS ClientHello resets Finished MAC */ |
||
259 |
✗✓ | 52 |
if (!tls1_init_finished_mac(s)) { |
260 |
ret = -1; |
||
261 |
goto end; |
||
262 |
} |
||
263 |
|||
264 |
52 |
dtls1_start_timer(s); |
|
265 |
52 |
ret = ssl3_client_hello(s); |
|
266 |
✓✗ | 52 |
if (ret <= 0) |
267 |
goto end; |
||
268 |
|||
269 |
✗✓ | 52 |
if (D1I(s)->send_cookie) { |
270 |
S3I(s)->hs.state = SSL3_ST_CW_FLUSH; |
||
271 |
S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A; |
||
272 |
} else |
||
273 |
52 |
S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; |
|
274 |
|||
275 |
52 |
s->internal->init_num = 0; |
|
276 |
|||
277 |
/* turn on buffering for the next lot of output */ |
||
278 |
✓✗ | 52 |
if (s->bbio != s->wbio) |
279 |
52 |
s->wbio = BIO_push(s->bbio, s->wbio); |
|
280 |
|||
281 |
break; |
||
282 |
|||
283 |
case SSL3_ST_CR_SRVR_HELLO_A: |
||
284 |
case SSL3_ST_CR_SRVR_HELLO_B: |
||
285 |
100 |
ret = ssl3_get_server_hello(s); |
|
286 |
✓✓ | 100 |
if (ret <= 0) |
287 |
goto end; |
||
288 |
else { |
||
289 |
48 |
if (s->internal->hit) { |
|
290 |
|||
291 |
S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; |
||
292 |
} else |
||
293 |
S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; |
||
294 |
} |
||
295 |
48 |
s->internal->init_num = 0; |
|
296 |
48 |
break; |
|
297 |
|||
298 |
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: |
||
299 |
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: |
||
300 |
|||
301 |
48 |
ret = dtls1_get_hello_verify(s); |
|
302 |
✓✗ | 48 |
if (ret <= 0) |
303 |
goto end; |
||
304 |
48 |
dtls1_stop_timer(s); |
|
305 |
48 |
if ( D1I(s)->send_cookie) /* start again, with a cookie */ |
|
306 |
S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; |
||
307 |
else |
||
308 |
S3I(s)->hs.state = SSL3_ST_CR_CERT_A; |
||
309 |
48 |
s->internal->init_num = 0; |
|
310 |
48 |
break; |
|
311 |
|||
312 |
case SSL3_ST_CR_CERT_A: |
||
313 |
case SSL3_ST_CR_CERT_B: |
||
314 |
48 |
ret = ssl3_check_finished(s); |
|
315 |
✓✗ | 48 |
if (ret <= 0) |
316 |
goto end; |
||
317 |
✗✓ | 48 |
if (ret == 2) { |
318 |
s->internal->hit = 1; |
||
319 |
if (s->internal->tlsext_ticket_expected) |
||
320 |
S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; |
||
321 |
else |
||
322 |
S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; |
||
323 |
s->internal->init_num = 0; |
||
324 |
break; |
||
325 |
} |
||
326 |
/* Check if it is anon DH. */ |
||
327 |
✓✗ | 48 |
if (!(S3I(s)->hs.new_cipher->algorithm_auth & |
328 |
SSL_aNULL)) { |
||
329 |
48 |
ret = ssl3_get_server_certificate(s); |
|
330 |
✓✗ | 48 |
if (ret <= 0) |
331 |
goto end; |
||
332 |
48 |
if (s->internal->tlsext_status_expected) |
|
333 |
S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A; |
||
334 |
else |
||
335 |
S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; |
||
336 |
48 |
} else { |
|
337 |
skip = 1; |
||
338 |
S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; |
||
339 |
} |
||
340 |
48 |
s->internal->init_num = 0; |
|
341 |
48 |
break; |
|
342 |
|||
343 |
case SSL3_ST_CR_KEY_EXCH_A: |
||
344 |
case SSL3_ST_CR_KEY_EXCH_B: |
||
345 |
48 |
ret = ssl3_get_server_key_exchange(s); |
|
346 |
✓✗ | 48 |
if (ret <= 0) |
347 |
goto end; |
||
348 |
48 |
S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A; |
|
349 |
48 |
s->internal->init_num = 0; |
|
350 |
|||
351 |
/* at this point we check that we have the |
||
352 |
* required stuff from the server */ |
||
353 |
✗✓ | 48 |
if (!ssl3_check_cert_and_algorithm(s)) { |
354 |
ret = -1; |
||
355 |
goto end; |
||
356 |
} |
||
357 |
break; |
||
358 |
|||
359 |
case SSL3_ST_CR_CERT_REQ_A: |
||
360 |
case SSL3_ST_CR_CERT_REQ_B: |
||
361 |
48 |
ret = ssl3_get_certificate_request(s); |
|
362 |
✓✗ | 48 |
if (ret <= 0) |
363 |
goto end; |
||
364 |
48 |
S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A; |
|
365 |
48 |
s->internal->init_num = 0; |
|
366 |
48 |
break; |
|
367 |
|||
368 |
case SSL3_ST_CR_SRVR_DONE_A: |
||
369 |
case SSL3_ST_CR_SRVR_DONE_B: |
||
370 |
48 |
ret = ssl3_get_server_done(s); |
|
371 |
✓✗ | 48 |
if (ret <= 0) |
372 |
goto end; |
||
373 |
48 |
dtls1_stop_timer(s); |
|
374 |
48 |
if (S3I(s)->tmp.cert_req) |
|
375 |
S3I(s)->hs.next_state = SSL3_ST_CW_CERT_A; |
||
376 |
else |
||
377 |
S3I(s)->hs.next_state = SSL3_ST_CW_KEY_EXCH_A; |
||
378 |
48 |
s->internal->init_num = 0; |
|
379 |
48 |
S3I(s)->hs.state = S3I(s)->hs.next_state; |
|
380 |
48 |
break; |
|
381 |
|||
382 |
case SSL3_ST_CW_CERT_A: |
||
383 |
case SSL3_ST_CW_CERT_B: |
||
384 |
case SSL3_ST_CW_CERT_C: |
||
385 |
case SSL3_ST_CW_CERT_D: |
||
386 |
8 |
dtls1_start_timer(s); |
|
387 |
8 |
ret = ssl3_send_client_certificate(s); |
|
388 |
✓✗ | 8 |
if (ret <= 0) |
389 |
goto end; |
||
390 |
8 |
S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; |
|
391 |
8 |
s->internal->init_num = 0; |
|
392 |
8 |
break; |
|
393 |
|||
394 |
case SSL3_ST_CW_KEY_EXCH_A: |
||
395 |
case SSL3_ST_CW_KEY_EXCH_B: |
||
396 |
48 |
dtls1_start_timer(s); |
|
397 |
48 |
ret = ssl3_send_client_key_exchange(s); |
|
398 |
✓✗ | 48 |
if (ret <= 0) |
399 |
goto end; |
||
400 |
|||
401 |
/* EAY EAY EAY need to check for DH fix cert |
||
402 |
* sent back */ |
||
403 |
/* For TLS, cert_req is set to 2, so a cert chain |
||
404 |
* of nothing is sent, but no verify packet is sent */ |
||
405 |
✓✓ | 48 |
if (S3I(s)->tmp.cert_req == 1) { |
406 |
8 |
S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A; |
|
407 |
8 |
} else { |
|
408 |
40 |
S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; |
|
409 |
40 |
S3I(s)->change_cipher_spec = 0; |
|
410 |
} |
||
411 |
|||
412 |
48 |
s->internal->init_num = 0; |
|
413 |
48 |
break; |
|
414 |
|||
415 |
case SSL3_ST_CW_CERT_VRFY_A: |
||
416 |
case SSL3_ST_CW_CERT_VRFY_B: |
||
417 |
8 |
dtls1_start_timer(s); |
|
418 |
8 |
ret = ssl3_send_client_verify(s); |
|
419 |
✓✗ | 8 |
if (ret <= 0) |
420 |
goto end; |
||
421 |
8 |
S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; |
|
422 |
8 |
s->internal->init_num = 0; |
|
423 |
8 |
S3I(s)->change_cipher_spec = 0; |
|
424 |
8 |
break; |
|
425 |
|||
426 |
case SSL3_ST_CW_CHANGE_A: |
||
427 |
case SSL3_ST_CW_CHANGE_B: |
||
428 |
✓✗ | 48 |
if (!s->internal->hit) |
429 |
48 |
dtls1_start_timer(s); |
|
430 |
48 |
ret = dtls1_send_change_cipher_spec(s, |
|
431 |
SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); |
||
432 |
✓✗ | 48 |
if (ret <= 0) |
433 |
goto end; |
||
434 |
|||
435 |
48 |
S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; |
|
436 |
48 |
s->internal->init_num = 0; |
|
437 |
|||
438 |
48 |
s->session->cipher = S3I(s)->hs.new_cipher; |
|
439 |
✗✓ | 48 |
if (!tls1_setup_key_block(s)) { |
440 |
ret = -1; |
||
441 |
goto end; |
||
442 |
} |
||
443 |
|||
444 |
✗✓ | 48 |
if (!tls1_change_cipher_state(s, |
445 |
SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { |
||
446 |
ret = -1; |
||
447 |
goto end; |
||
448 |
} |
||
449 |
|||
450 |
|||
451 |
48 |
dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); |
|
452 |
48 |
break; |
|
453 |
|||
454 |
case SSL3_ST_CW_FINISHED_A: |
||
455 |
case SSL3_ST_CW_FINISHED_B: |
||
456 |
✓✗ | 48 |
if (!s->internal->hit) |
457 |
48 |
dtls1_start_timer(s); |
|
458 |
48 |
ret = ssl3_send_finished(s, |
|
459 |
SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, |
||
460 |
TLS_MD_CLIENT_FINISH_CONST, |
||
461 |
TLS_MD_CLIENT_FINISH_CONST_SIZE); |
||
462 |
✓✗ | 48 |
if (ret <= 0) |
463 |
goto end; |
||
464 |
48 |
S3I(s)->hs.state = SSL3_ST_CW_FLUSH; |
|
465 |
|||
466 |
/* clear flags */ |
||
467 |
48 |
s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; |
|
468 |
✗✓ | 48 |
if (s->internal->hit) { |
469 |
S3I(s)->hs.next_state = SSL_ST_OK; |
||
470 |
if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { |
||
471 |
S3I(s)->hs.state = SSL_ST_OK; |
||
472 |
s->s3->flags |= SSL3_FLAGS_POP_BUFFER; |
||
473 |
S3I(s)->delay_buf_pop_ret = 0; |
||
474 |
} |
||
475 |
} else { |
||
476 |
|||
477 |
/* Allow NewSessionTicket if ticket expected */ |
||
478 |
48 |
if (s->internal->tlsext_ticket_expected) |
|
479 |
S3I(s)->hs.next_state = |
||
480 |
SSL3_ST_CR_SESSION_TICKET_A; |
||
481 |
else |
||
482 |
S3I(s)->hs.next_state = |
||
483 |
SSL3_ST_CR_FINISHED_A; |
||
484 |
} |
||
485 |
48 |
s->internal->init_num = 0; |
|
486 |
48 |
break; |
|
487 |
|||
488 |
case SSL3_ST_CR_SESSION_TICKET_A: |
||
489 |
case SSL3_ST_CR_SESSION_TICKET_B: |
||
490 |
96 |
ret = ssl3_get_new_session_ticket(s); |
|
491 |
✓✓ | 96 |
if (ret <= 0) |
492 |
goto end; |
||
493 |
48 |
S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; |
|
494 |
48 |
s->internal->init_num = 0; |
|
495 |
48 |
break; |
|
496 |
|||
497 |
case SSL3_ST_CR_CERT_STATUS_A: |
||
498 |
case SSL3_ST_CR_CERT_STATUS_B: |
||
499 |
ret = ssl3_get_cert_status(s); |
||
500 |
if (ret <= 0) |
||
501 |
goto end; |
||
502 |
S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; |
||
503 |
s->internal->init_num = 0; |
||
504 |
break; |
||
505 |
|||
506 |
case SSL3_ST_CR_FINISHED_A: |
||
507 |
case SSL3_ST_CR_FINISHED_B: |
||
508 |
48 |
D1I(s)->change_cipher_spec_ok = 1; |
|
509 |
48 |
ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, |
|
510 |
SSL3_ST_CR_FINISHED_B); |
||
511 |
✓✗ | 48 |
if (ret <= 0) |
512 |
goto end; |
||
513 |
48 |
dtls1_stop_timer(s); |
|
514 |
|||
515 |
48 |
if (s->internal->hit) |
|
516 |
S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; |
||
517 |
else |
||
518 |
S3I(s)->hs.state = SSL_ST_OK; |
||
519 |
|||
520 |
|||
521 |
48 |
s->internal->init_num = 0; |
|
522 |
48 |
break; |
|
523 |
|||
524 |
case SSL3_ST_CW_FLUSH: |
||
525 |
48 |
s->internal->rwstate = SSL_WRITING; |
|
526 |
✗✓ | 48 |
if (BIO_flush(s->wbio) <= 0) { |
527 |
/* If the write error was fatal, stop trying */ |
||
528 |
if (!BIO_should_retry(s->wbio)) { |
||
529 |
s->internal->rwstate = SSL_NOTHING; |
||
530 |
S3I(s)->hs.state = S3I(s)->hs.next_state; |
||
531 |
} |
||
532 |
|||
533 |
ret = -1; |
||
534 |
goto end; |
||
535 |
} |
||
536 |
48 |
s->internal->rwstate = SSL_NOTHING; |
|
537 |
48 |
S3I(s)->hs.state = S3I(s)->hs.next_state; |
|
538 |
48 |
break; |
|
539 |
|||
540 |
case SSL_ST_OK: |
||
541 |
/* clean a few things up */ |
||
542 |
48 |
tls1_cleanup_key_block(s); |
|
543 |
|||
544 |
/* If we are not 'joining' the last two packets, |
||
545 |
* remove the buffering now */ |
||
546 |
✓✗ | 48 |
if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) |
547 |
48 |
ssl_free_wbio_buffer(s); |
|
548 |
/* else do it later in ssl3_write */ |
||
549 |
|||
550 |
48 |
s->internal->init_num = 0; |
|
551 |
48 |
s->internal->renegotiate = 0; |
|
552 |
48 |
s->internal->new_session = 0; |
|
553 |
|||
554 |
48 |
ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); |
|
555 |
✗✓ | 48 |
if (s->internal->hit) |
556 |
s->ctx->internal->stats.sess_hit++; |
||
557 |
|||
558 |
ret = 1; |
||
559 |
/* s->server=0; */ |
||
560 |
48 |
s->internal->handshake_func = dtls1_connect; |
|
561 |
48 |
s->ctx->internal->stats.sess_connect_good++; |
|
562 |
|||
563 |
✗✓ | 48 |
if (cb != NULL) |
564 |
cb(s, SSL_CB_HANDSHAKE_DONE, 1); |
||
565 |
|||
566 |
/* done with handshaking */ |
||
567 |
48 |
D1I(s)->handshake_read_seq = 0; |
|
568 |
48 |
D1I(s)->next_handshake_write_seq = 0; |
|
569 |
48 |
goto end; |
|
570 |
/* break; */ |
||
571 |
|||
572 |
default: |
||
573 |
SSLerror(s, SSL_R_UNKNOWN_STATE); |
||
574 |
ret = -1; |
||
575 |
goto end; |
||
576 |
/* break; */ |
||
577 |
} |
||
578 |
|||
579 |
/* did we do anything */ |
||
580 |
✓✓ | 696 |
if (!S3I(s)->tmp.reuse_message && !skip) { |
581 |
✗✓ | 576 |
if (s->internal->debug) { |
582 |
if ((ret = BIO_flush(s->wbio)) <= 0) |
||
583 |
goto end; |
||
584 |
} |
||
585 |
|||
586 |
✗✓✗✗ |
576 |
if ((cb != NULL) && (S3I(s)->hs.state != state)) { |
587 |
new_state = S3I(s)->hs.state; |
||
588 |
S3I(s)->hs.state = state; |
||
589 |
cb(s, SSL_CB_CONNECT_LOOP, 1); |
||
590 |
S3I(s)->hs.state = new_state; |
||
591 |
} |
||
592 |
} |
||
593 |
skip = 0; |
||
594 |
} |
||
595 |
|||
596 |
end: |
||
597 |
148 |
s->internal->in_handshake--; |
|
598 |
✗✓ | 148 |
if (cb != NULL) |
599 |
cb(s, SSL_CB_CONNECT_EXIT, ret); |
||
600 |
|||
601 |
148 |
return (ret); |
|
602 |
} |
||
603 |
|||
604 |
static int |
||
605 |
dtls1_get_hello_verify(SSL *s) |
||
606 |
{ |
||
607 |
long n; |
||
608 |
96 |
int al, ok = 0; |
|
609 |
48 |
size_t cookie_len; |
|
610 |
48 |
uint16_t ssl_version; |
|
611 |
48 |
CBS hello_verify_request, cookie; |
|
612 |
|||
613 |
96 |
n = s->method->internal->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, |
|
614 |
48 |
DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok); |
|
615 |
|||
616 |
✗✓ | 48 |
if (!ok) |
617 |
return ((int)n); |
||
618 |
|||
619 |
✓✗ | 48 |
if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { |
620 |
48 |
D1I(s)->send_cookie = 0; |
|
621 |
48 |
S3I(s)->tmp.reuse_message = 1; |
|
622 |
48 |
return (1); |
|
623 |
} |
||
624 |
|||
625 |
if (n < 0) |
||
626 |
goto truncated; |
||
627 |
|||
628 |
CBS_init(&hello_verify_request, s->internal->init_msg, n); |
||
629 |
|||
630 |
if (!CBS_get_u16(&hello_verify_request, &ssl_version)) |
||
631 |
goto truncated; |
||
632 |
|||
633 |
if (ssl_version != s->version) { |
||
634 |
SSLerror(s, SSL_R_WRONG_SSL_VERSION); |
||
635 |
s->version = (s->version & 0xff00) | (ssl_version & 0xff); |
||
636 |
al = SSL_AD_PROTOCOL_VERSION; |
||
637 |
goto f_err; |
||
638 |
} |
||
639 |
|||
640 |
if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) |
||
641 |
goto truncated; |
||
642 |
|||
643 |
if (!CBS_write_bytes(&cookie, D1I(s)->cookie, |
||
644 |
sizeof(D1I(s)->cookie), &cookie_len)) { |
||
645 |
D1I(s)->cookie_len = 0; |
||
646 |
al = SSL_AD_ILLEGAL_PARAMETER; |
||
647 |
goto f_err; |
||
648 |
} |
||
649 |
D1I(s)->cookie_len = cookie_len; |
||
650 |
D1I(s)->send_cookie = 1; |
||
651 |
|||
652 |
return 1; |
||
653 |
|||
654 |
truncated: |
||
655 |
al = SSL_AD_DECODE_ERROR; |
||
656 |
f_err: |
||
657 |
ssl3_send_alert(s, SSL3_AL_FATAL, al); |
||
658 |
return -1; |
||
659 |
48 |
} |
| Generated by: GCOVR (Version 3.3) |