/* $OpenBSD: d1_srvr.c,v 1.88 2017/05/07 04:22:24 beck Exp $ */

/*

 * DTLS implementation written by Nagendra Modadugu

 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

 */

/* ====================================================================

 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this

 *    software must display the following acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

 *

 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    openssl-core@OpenSSL.org.

 *

 * 5. Products derived from this software may not be called "OpenSSL"

 *    nor may "OpenSSL" appear in their names without prior written

 *    permission of the OpenSSL Project.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

 *

 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 * ====================================================================

 *

 * This product includes cryptographic software written by Eric Young

 * (eay@cryptsoft.com).  This product includes software written by Tim

 * Hudson (tjh@cryptsoft.com).

 *

 */

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

 * All rights reserved.

 *

 * This package is an SSL implementation written

 * by Eric Young (eay@cryptsoft.com).

 * The implementation was written so as to conform with Netscapes SSL.

 *

 * This library is free for commercial and non-commercial use as long as

 * the following conditions are aheared to.  The following conditions

 * apply to all code found in this distribution, be it the RC4, RSA,

 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

 * included with this distribution is covered by the same copyright terms

 * except that the holder is Tim Hudson (tjh@cryptsoft.com).

 *

 * Copyright remains Eric Young's, and as such any Copyright notices in

 * the code are not to be removed.

 * If this package is used in a product, Eric Young should be given attribution

 * as the author of the parts of the library used.

 * This can be in the form of a textual message at program startup or

 * in documentation (online or textual) provided with the package.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 * 3. All advertising materials mentioning features or use of this software

 *    must display the following acknowledgement:

 *    "This product includes cryptographic software written by

 *     Eric Young (eay@cryptsoft.com)"

 *    The word 'cryptographic' can be left out if the rouines from the library

 *    being used are not cryptographic related :-).

 * 4. If you include any Windows specific code (or a derivative thereof) from

 *    the apps directory (application code) you must include an acknowledgement:

 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

 *

 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * The licence and distribution terms for any publically available version or

 * derivative of this code cannot be changed.  i.e. this code cannot simply be

 * copied and put under another distribution licence

 * [including the GNU Public Licence.]

 */

#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/bn.h>

#include <openssl/buffer.h>

#include <openssl/dh.h>

#include <openssl/evp.h>

#include <openssl/md5.h>

#include <openssl/objects.h>

#include <openssl/x509.h>

static int dtls1_send_hello_verify_request(SSL *s);

static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {

	.version = DTLS1_VERSION,

	.min_version = DTLS1_VERSION,

	.max_version = DTLS1_VERSION,

	.ssl_new = dtls1_new,

	.ssl_clear = dtls1_clear,

	.ssl_free = dtls1_free,

	.ssl_accept = dtls1_accept,

	.ssl_connect = ssl_undefined_function,

	.ssl_read = ssl3_read,

	.ssl_peek = ssl3_peek,

	.ssl_write = ssl3_write,

	.ssl_shutdown = dtls1_shutdown,

	.ssl_pending = ssl3_pending,

	.get_ssl_method = dtls1_get_server_method,

	.get_timeout = dtls1_default_timeout,

	.ssl_version = ssl_undefined_void_function,

	.ssl_renegotiate = ssl3_renegotiate,

	.ssl_renegotiate_check = ssl3_renegotiate_check,

	.ssl_get_message = dtls1_get_message,

	.ssl_read_bytes = dtls1_read_bytes,

	.ssl_write_bytes = dtls1_write_app_data_bytes,

	.ssl3_enc = &DTLSv1_enc_data,

};

static const SSL_METHOD DTLSv1_server_method_data = {

	.ssl_dispatch_alert = dtls1_dispatch_alert,

	.num_ciphers = ssl3_num_ciphers,

	.get_cipher = dtls1_get_cipher,

	.get_cipher_by_char = ssl3_get_cipher_by_char,

	.put_cipher_by_char = ssl3_put_cipher_by_char,

	.internal = &DTLSv1_server_method_internal_data,

};

const SSL_METHOD *

DTLSv1_server_method(void)

{

}

const SSL_METHOD *

dtls1_get_server_method(int ver)

{

int

dtls1_accept(SSL *s)

{

	void (*cb)(const SSL *ssl, int type, int val) = NULL;

	unsigned long alg_k;

	int ret = -1;

	int new_state, state, skip = 0;

	int listen;

	/* init things to blank */

		ret = -1;

	}

		case SSL_ST_RENEGOTIATE:

			/* S3I(s)->hs.state=SSL_ST_ACCEPT; */

		case SSL_ST_BEFORE:

		case SSL_ST_ACCEPT:

		case SSL_ST_BEFORE|SSL_ST_ACCEPT:

		case SSL_ST_OK|SSL_ST_ACCEPT:

				ret = -1;

			}

				ret = -1;

			}

				ret = -1;

			}

				/* Ok, we now need to push on a buffering BIO so that

				 * the output is sent in a way that TCP likes :-)

				 * ...but not with SCTP :-)

				 */

					ret = -1;

				}

					ret = -1;

				}

				/* S3I(s)->hs.state == SSL_ST_RENEGOTIATE,

				 * we will just send a HelloRequest */

			}

			break;

		case SSL3_ST_SW_HELLO_REQ_A:

		case SSL3_ST_SW_HELLO_REQ_B:

				goto end;

				ret = -1;

			}

			break;

		case SSL3_ST_SW_HELLO_REQ_C:

		case SSL3_ST_SR_CLNT_HELLO_A:

		case SSL3_ST_SR_CLNT_HELLO_B:

		case SSL3_ST_SR_CLNT_HELLO_C:

				goto end;

			else

				S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;

			/* Reflect ClientHello sequence to remain stateless while listening */

			}

			/* If we're just listening, stop here */

				ret = 2;

				/* Set expected sequence numbers

				 * to continue the handshake.

				 */

			}

			break;

		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:

		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:

				goto end;

			/* HelloVerifyRequest resets Finished MAC */

				ret = -1;

			}

			break;

		case SSL3_ST_SW_SRVR_HELLO_A:

		case SSL3_ST_SW_SRVR_HELLO_B:

				goto end;

					S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;

				else

					S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;

		case SSL3_ST_SW_CERT_A:

		case SSL3_ST_SW_CERT_B:

			/* Check if it is anon DH. */

			    SSL_aNULL)) {

					goto end;

					S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A;

				else

					S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;

				skip = 1;

			}

		case SSL3_ST_SW_KEY_EXCH_A:

		case SSL3_ST_SW_KEY_EXCH_B:

			/* Only send if using a DH key exchange. */

					goto end;

			} else

				skip = 1;

		case SSL3_ST_SW_CERT_REQ_A:

		case SSL3_ST_SW_CERT_REQ_B:

			/*

			 * Determine whether or not we need to request a

			 * certificate.

			 *

			 * Do not request a certificate if:

			 *

			 * - We did not ask for it (SSL_VERIFY_PEER is unset).

			 *

			 * - SSL_VERIFY_CLIENT_ONCE is set and we are

			 *   renegotiating.

			 *

			 * - We are using an anonymous ciphersuites

			 *   (see section "Certificate request" in SSL 3 drafts

			 *   and in RFC 2246) ... except when the application

			 *   insists on verification (against the specs, but

			 *   s3_clnt.c accepts this for SSL 3).

			 */

			     SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {

				/* no cert request */

				skip = 1;

					goto end;

			}

			break;

		case SSL3_ST_SW_SRVR_DONE_A:

		case SSL3_ST_SW_SRVR_DONE_B:

				goto end;

		case SSL3_ST_SW_FLUSH:

				/* If the write error was fatal, stop trying */

				}

				ret = -1;

			}

		case SSL3_ST_SR_CERT_A:

		case SSL3_ST_SR_CERT_B:

					goto end;

			}

		case SSL3_ST_SR_KEY_EXCH_A:

		case SSL3_ST_SR_KEY_EXCH_B:

				goto end;

				/* For the ECDH ciphersuites when

				 * the client sends its ECDH pub key in

				 * a certificate, the CertificateVerify

				 * message is not sent.

				 */

				S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;

				s->internal->init_num = 0;

					break;

				/*

				 * For sigalgs freeze the handshake buffer

				 * at this point and digest cached records.

				 */

					ret = -1;

				}

					ret = -1;

				}

			} else {

				S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;

				s->internal->init_num = 0;

				/*

				 * We need to get hashes here so if there is

				 * a client cert, it can be verified.

				 */

						ret = -1;

					}

				}

				    sizeof(S3I(s)->tmp.cert_verify_md),

				    NULL)) {

					ret = -1;

				}

			}

			break;

		case SSL3_ST_SR_CERT_VRFY_A:

		case SSL3_ST_SR_CERT_VRFY_B:

			/* we should decide if we expected this one */

				goto end;

		case SSL3_ST_SR_FINISHED_A:

		case SSL3_ST_SR_FINISHED_B:

			SSL3_ST_SR_FINISHED_B);

				goto end;

				S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;

			else

				S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;

		case SSL3_ST_SW_SESSION_TICKET_A:

		case SSL3_ST_SW_SESSION_TICKET_B:

				goto end;

		case SSL3_ST_SW_CERT_STATUS_A:

		case SSL3_ST_SW_CERT_STATUS_B:

				goto end;

		case SSL3_ST_SW_CHANGE_A:

		case SSL3_ST_SW_CHANGE_B:

				ret = -1;

			}

			SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);

				goto end;

				SSL3_CHANGE_CIPHER_SERVER_WRITE)) {

				ret = -1;

			}

		case SSL3_ST_SW_FINISHED_A:

		case SSL3_ST_SW_FINISHED_B:

			    SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,

			    TLS_MD_SERVER_FINISH_CONST,

			    TLS_MD_SERVER_FINISH_CONST_SIZE);

				goto end;

				S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;

			} else {

				S3I(s)->hs.next_state = SSL_ST_OK;

			}

		case SSL_ST_OK:

			/* clean a few things up */

			/* remove buffering on output */

			{

				/* s->server=1; */

			}

			ret = 1;

			/* done handshaking, next message is client hello */

			/* next message is server hello */

			/* break; */

		default:

			ret = -1;

			/* break; */

		}

					goto end;

			}

				new_state = S3I(s)->hs.state;

			}

		}

		skip = 0;

	}

end:

	/* BIO_flush(s->wbio); */

}

int

dtls1_send_hello_verify_request(SSL *s)

{

		}

		    DTLS1_MT_HELLO_VERIFY_REQUEST))

			goto err;

			goto err;

			goto err;

			goto err;

			goto err;

	}

	/* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */

 err:

}