Fold the DTLS client handshake into the TLS one.
Change-Id: Ib8b1c646cf1652ee1481fe73589830be8263fc20
Reviewed-on: https://boringssl-review.googlesource.com/8182
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt
index c82cb9b..ca35261 100644
--- a/ssl/CMakeLists.txt
+++ b/ssl/CMakeLists.txt
@@ -7,7 +7,6 @@
custom_extensions.c
d1_both.c
- d1_clnt.c
d1_lib.c
d1_meth.c
d1_pkt.c
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
deleted file mode 100644
index 2732ff1..0000000
--- a/ssl/d1_clnt.c
+++ /dev/null
@@ -1,496 +0,0 @@
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/ssl.h>
-
-#include <assert.h>
-#include <string.h>
-
-#include <openssl/bn.h>
-#include <openssl/buf.h>
-#include <openssl/dh.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/mem.h>
-#include <openssl/rand.h>
-
-#include "internal.h"
-
-
-static int dtls1_get_hello_verify(SSL *ssl);
-
-int dtls1_connect(SSL *ssl) {
- BUF_MEM *buf = NULL;
- int ret = -1;
- int state, skip = 0;
-
- assert(ssl->handshake_func == dtls1_connect);
- assert(!ssl->server);
- assert(SSL_IS_DTLS(ssl));
-
- for (;;) {
- state = ssl->state;
-
- switch (ssl->state) {
- case SSL_ST_CONNECT:
- ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_START, 1);
-
- if (ssl->init_buf == NULL) {
- buf = BUF_MEM_new();
- if (buf == NULL ||
- !BUF_MEM_reserve(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
- ret = -1;
- goto end;
- }
- ssl->init_buf = buf;
- buf = NULL;
- }
- ssl->init_num = 0;
-
- if (!ssl_init_wbio_buffer(ssl)) {
- ret = -1;
- goto end;
- }
-
- ssl->state = SSL3_ST_CW_CLNT_HELLO_A;
- ssl->d1->send_cookie = 0;
- ssl->hit = 0;
- break;
-
- case SSL3_ST_CW_CLNT_HELLO_A:
- case SSL3_ST_CW_CLNT_HELLO_B:
- ret = ssl3_send_client_hello(ssl);
- if (ret <= 0) {
- goto end;
- }
-
- if (ssl->d1->send_cookie) {
- ssl->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
- } else {
- ssl->s3->tmp.next_state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
- }
- ssl->state = SSL3_ST_CW_FLUSH;
- break;
-
- case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
- ret = dtls1_get_hello_verify(ssl);
- if (ret <= 0) {
- goto end;
- }
- if (ssl->d1->send_cookie) {
- /* start again, with a cookie */
- dtls1_stop_timer(ssl);
- ssl->state = SSL3_ST_CW_CLNT_HELLO_A;
- } else {
- ssl->state = SSL3_ST_CR_SRVR_HELLO_A;
- }
- break;
-
- case SSL3_ST_CR_SRVR_HELLO_A:
- ret = ssl3_get_server_hello(ssl);
- if (ret <= 0) {
- goto end;
- }
-
- if (ssl->hit) {
- ssl->state = SSL3_ST_CR_CHANGE;
- if (ssl->tlsext_ticket_expected) {
- /* receive renewed session ticket */
- ssl->state = SSL3_ST_CR_SESSION_TICKET_A;
- }
- } else {
- ssl->state = SSL3_ST_CR_CERT_A;
- }
- break;
-
- case SSL3_ST_CR_CERT_A:
- if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
- ret = ssl3_get_server_certificate(ssl);
- if (ret <= 0) {
- goto end;
- }
- if (ssl->s3->tmp.certificate_status_expected) {
- ssl->state = SSL3_ST_CR_CERT_STATUS_A;
- } else {
- ssl->state = SSL3_ST_VERIFY_SERVER_CERT;
- }
- } else {
- skip = 1;
- ssl->state = SSL3_ST_CR_KEY_EXCH_A;
- }
- break;
-
- case SSL3_ST_VERIFY_SERVER_CERT:
- ret = ssl3_verify_server_cert(ssl);
- if (ret <= 0) {
- goto end;
- }
-
- ssl->state = SSL3_ST_CR_KEY_EXCH_A;
- break;
-
- case SSL3_ST_CR_KEY_EXCH_A:
- ret = ssl3_get_server_key_exchange(ssl);
- if (ret <= 0) {
- goto end;
- }
- if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
- ssl->state = SSL3_ST_CR_CERT_REQ_A;
- } else {
- ssl->state = SSL3_ST_CR_SRVR_DONE_A;
- }
- break;
-
- case SSL3_ST_CR_CERT_REQ_A:
- ret = ssl3_get_certificate_request(ssl);
- if (ret <= 0) {
- goto end;
- }
- ssl->state = SSL3_ST_CR_SRVR_DONE_A;
- break;
-
- case SSL3_ST_CR_SRVR_DONE_A:
- ret = ssl3_get_server_done(ssl);
- if (ret <= 0) {
- goto end;
- }
- dtls1_stop_timer(ssl);
- if (ssl->s3->tmp.cert_req) {
- ssl->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
- } else {
- ssl->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
- }
- ssl->state = ssl->s3->tmp.next_state;
- break;
-
- case SSL3_ST_CW_CERT_A:
- case SSL3_ST_CW_CERT_B:
- case SSL3_ST_CW_CERT_C:
- case SSL3_ST_CW_CERT_D:
- ret = ssl3_send_client_certificate(ssl);
- if (ret <= 0) {
- goto end;
- }
- ssl->state = SSL3_ST_CW_KEY_EXCH_A;
- break;
-
- case SSL3_ST_CW_KEY_EXCH_A:
- case SSL3_ST_CW_KEY_EXCH_B:
- ret = ssl3_send_client_key_exchange(ssl);
- if (ret <= 0) {
- goto end;
- }
- /* For TLS, cert_req is set to 2, so a cert chain
- * of nothing is sent, but no verify packet is sent */
- if (ssl->s3->tmp.cert_req == 1) {
- ssl->state = SSL3_ST_CW_CERT_VRFY_A;
- } else {
- ssl->state = SSL3_ST_CW_CHANGE_A;
- }
- break;
-
- case SSL3_ST_CW_CERT_VRFY_A:
- case SSL3_ST_CW_CERT_VRFY_B:
- case SSL3_ST_CW_CERT_VRFY_C:
- ret = ssl3_send_cert_verify(ssl);
- if (ret <= 0) {
- goto end;
- }
- ssl->state = SSL3_ST_CW_CHANGE_A;
- break;
-
- case SSL3_ST_CW_CHANGE_A:
- case SSL3_ST_CW_CHANGE_B:
- ret = dtls1_send_change_cipher_spec(ssl, SSL3_ST_CW_CHANGE_A,
- SSL3_ST_CW_CHANGE_B);
- if (ret <= 0) {
- goto end;
- }
-
- ssl->state = SSL3_ST_CW_FINISHED_A;
-
- if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
- ret = -1;
- goto end;
- }
- break;
-
- case SSL3_ST_CW_FINISHED_A:
- case SSL3_ST_CW_FINISHED_B:
- ret = ssl3_send_finished(ssl, SSL3_ST_CW_FINISHED_A,
- SSL3_ST_CW_FINISHED_B);
- if (ret <= 0) {
- goto end;
- }
- ssl->state = SSL3_ST_CW_FLUSH;
-
- if (ssl->hit) {
- ssl->s3->tmp.next_state = SSL_ST_OK;
- } else {
- /* Allow NewSessionTicket if ticket expected */
- if (ssl->tlsext_ticket_expected) {
- ssl->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
- } else {
- ssl->s3->tmp.next_state = SSL3_ST_CR_CHANGE;
- }
- }
- break;
-
- case SSL3_ST_CR_SESSION_TICKET_A:
- ret = ssl3_get_new_session_ticket(ssl);
- if (ret <= 0) {
- goto end;
- }
- ssl->state = SSL3_ST_CR_CHANGE;
- break;
-
- case SSL3_ST_CR_CERT_STATUS_A:
- ret = ssl3_get_cert_status(ssl);
- if (ret <= 0) {
- goto end;
- }
- ssl->state = SSL3_ST_VERIFY_SERVER_CERT;
- break;
-
- case SSL3_ST_CR_CHANGE:
- ret = ssl->method->ssl_read_change_cipher_spec(ssl);
- if (ret <= 0) {
- goto end;
- }
-
- if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_CLIENT_READ)) {
- ret = -1;
- goto end;
- }
- ssl->state = SSL3_ST_CR_FINISHED_A;
- break;
-
- case SSL3_ST_CR_FINISHED_A:
- ret = ssl3_get_finished(ssl);
- if (ret <= 0) {
- goto end;
- }
- dtls1_stop_timer(ssl);
-
- if (ssl->hit) {
- ssl->state = SSL3_ST_CW_CHANGE_A;
- } else {
- ssl->state = SSL_ST_OK;
- }
-
- break;
-
- case SSL3_ST_CW_FLUSH:
- if (BIO_flush(ssl->wbio) <= 0) {
- ssl->rwstate = SSL_WRITING;
- ret = -1;
- goto end;
- }
- ssl->state = ssl->s3->tmp.next_state;
- if (ssl->state != SSL_ST_OK) {
- dtls1_start_timer(ssl);
- }
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(ssl);
-
- /* Remove write buffering now. */
- ssl_free_wbio_buffer(ssl);
-
- /* |init_buf| cannot be released because post-handshake retransmit
- * relies on that buffer being available as scratch space.
- *
- * TODO(davidben): Fix this. */
- ssl->init_num = 0;
- ssl->s3->initial_handshake_complete = 1;
-
- ssl_update_cache(ssl, SSL_SESS_CACHE_CLIENT);
-
- ret = 1;
-
- ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_DONE, 1);
-
- /* done with handshaking */
- ssl->d1->handshake_read_seq = 0;
- ssl->d1->next_handshake_write_seq = 0;
- goto end;
-
- default:
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_STATE);
- ret = -1;
- goto end;
- }
-
- /* did we do anything? */
- if (!ssl->s3->tmp.reuse_message && !skip && ssl->state != state) {
- int new_state = ssl->state;
- ssl->state = state;
- ssl_do_info_callback(ssl, SSL_CB_CONNECT_LOOP, 1);
- ssl->state = new_state;
- }
- skip = 0;
- }
-
-end:
- BUF_MEM_free(buf);
- ssl_do_info_callback(ssl, SSL_CB_CONNECT_EXIT, ret);
- return ret;
-}
-
-static int dtls1_get_hello_verify(SSL *ssl) {
- long n;
- int al, ok = 0;
- CBS hello_verify_request, cookie;
- uint16_t server_version;
-
- n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
-
- if (!ok) {
- return n;
- }
-
- if (ssl->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
- ssl->d1->send_cookie = 0;
- ssl->s3->tmp.reuse_message = 1;
- return 1;
- }
-
- CBS_init(&hello_verify_request, ssl->init_msg, n);
-
- if (!CBS_get_u16(&hello_verify_request, &server_version) ||
- !CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) ||
- CBS_len(&hello_verify_request) != 0) {
- al = SSL_AD_DECODE_ERROR;
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- goto f_err;
- }
-
- if (CBS_len(&cookie) > sizeof(ssl->d1->cookie)) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
- }
-
- memcpy(ssl->d1->cookie, CBS_data(&cookie), CBS_len(&cookie));
- ssl->d1->cookie_len = CBS_len(&cookie);
-
- ssl->d1->send_cookie = 1;
- return 1;
-
-f_err:
- ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
- return -1;
-}
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index c1c9f91..73ae4cf 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -350,3 +350,11 @@
int dtls1_handshake_write(SSL *ssl) {
return dtls1_do_handshake_write(ssl, dtls1_use_current_epoch);
}
+
+void dtls1_expect_flight(SSL *ssl) {
+ dtls1_start_timer(ssl);
+}
+
+void dtls1_received_flight(SSL *ssl) {
+ dtls1_stop_timer(ssl);
+}
diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c
index 49a2595..0399f8b 100644
--- a/ssl/d1_meth.c
+++ b/ssl/d1_meth.c
@@ -64,7 +64,7 @@
dtls1_new,
dtls1_free,
dtls1_accept,
- dtls1_connect,
+ ssl3_connect,
dtls1_get_message,
dtls1_read_app_data,
dtls1_read_change_cipher_spec,
@@ -75,6 +75,9 @@
DTLS1_HM_HEADER_LENGTH,
dtls1_set_handshake_header,
dtls1_handshake_write,
+ dtls1_send_change_cipher_spec,
+ dtls1_expect_flight,
+ dtls1_received_flight,
};
const SSL_METHOD *DTLS_method(void) {
diff --git a/ssl/internal.h b/ssl/internal.h
index a1722e7..caca37f 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -824,6 +824,14 @@
int (*set_handshake_header)(SSL *ssl, int type, unsigned long len);
/* Write out handshake message */
int (*do_write)(SSL *ssl);
+ /* send_change_cipher_spec sends a ChangeCipherSpec message. */
+ int (*send_change_cipher_spec)(SSL *ssl, int a, int b);
+ /* expect_flight is called when the handshake expects a flight of messages from
+ * the peer. */
+ void (*expect_flight)(SSL *ssl);
+ /* received_flight is called when the handshake has received a flight of
+ * messages from the peer. */
+ void (*received_flight)(SSL *ssl);
};
/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
@@ -1041,6 +1049,8 @@
int ssl3_set_handshake_header(SSL *ssl, int htype, unsigned long len);
int ssl3_handshake_write(SSL *ssl);
+void ssl3_expect_flight(SSL *ssl);
+void ssl3_received_flight(SSL *ssl);
int dtls1_do_handshake_write(SSL *ssl, enum dtls1_use_epoch_t use_epoch);
@@ -1070,6 +1080,8 @@
int dtls1_check_timeout_num(SSL *ssl);
int dtls1_set_handshake_header(SSL *ssl, int type, unsigned long len);
int dtls1_handshake_write(SSL *ssl);
+void dtls1_expect_flight(SSL *ssl);
+void dtls1_received_flight(SSL *ssl);
int dtls1_supports_cipher(const SSL_CIPHER *cipher);
void dtls1_start_timer(SSL *ssl);
@@ -1079,23 +1091,6 @@
unsigned int dtls1_min_mtu(void);
void dtls1_hm_fragment_free(hm_fragment *frag);
-/* some client-only functions */
-int ssl3_send_client_hello(SSL *ssl);
-int ssl3_get_server_hello(SSL *ssl);
-int ssl3_get_certificate_request(SSL *ssl);
-int ssl3_get_new_session_ticket(SSL *ssl);
-int ssl3_get_cert_status(SSL *ssl);
-int ssl3_get_server_done(SSL *ssl);
-int ssl3_send_cert_verify(SSL *ssl);
-int ssl3_send_client_certificate(SSL *ssl);
-int ssl_do_client_cert_cb(SSL *ssl, X509 **px509, EVP_PKEY **ppkey);
-int ssl3_send_client_key_exchange(SSL *ssl);
-int ssl3_get_server_key_exchange(SSL *ssl);
-int ssl3_get_server_certificate(SSL *ssl);
-int ssl3_send_next_proto(SSL *ssl);
-int ssl3_send_channel_id(SSL *ssl);
-int ssl3_verify_server_cert(SSL *ssl);
-
/* some server-only functions */
int ssl3_get_initial_bytes(SSL *ssl);
int ssl3_get_v2_client_hello(SSL *ssl);
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 84322a9..831d557 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -170,6 +170,24 @@
#include "../crypto/dh/internal.h"
+static int ssl3_send_client_hello(SSL *ssl);
+static int dtls1_get_hello_verify(SSL *ssl);
+static int ssl3_get_server_hello(SSL *ssl);
+static int ssl3_get_certificate_request(SSL *ssl);
+static int ssl3_get_new_session_ticket(SSL *ssl);
+static int ssl3_get_cert_status(SSL *ssl);
+static int ssl3_get_server_done(SSL *ssl);
+static int ssl3_send_cert_verify(SSL *ssl);
+static int ssl3_send_client_certificate(SSL *ssl);
+static int ssl_do_client_cert_cb(SSL *ssl, X509 **out_x509,
+ EVP_PKEY **out_pkey);
+static int ssl3_send_client_key_exchange(SSL *ssl);
+static int ssl3_get_server_key_exchange(SSL *ssl);
+static int ssl3_get_server_certificate(SSL *ssl);
+static int ssl3_send_next_proto(SSL *ssl);
+static int ssl3_send_channel_id(SSL *ssl);
+static int ssl3_verify_server_cert(SSL *ssl);
+
int ssl3_connect(SSL *ssl) {
BUF_MEM *buf = NULL;
int ret = -1;
@@ -177,7 +195,6 @@
assert(ssl->handshake_func == ssl3_connect);
assert(!ssl->server);
- assert(!SSL_IS_DTLS(ssl));
for (;;) {
state = ssl->state;
@@ -204,12 +221,6 @@
goto end;
}
- if (!ssl3_init_handshake_buffer(ssl)) {
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- ret = -1;
- goto end;
- }
-
ssl->state = SSL3_ST_CW_CLNT_HELLO_A;
break;
@@ -219,10 +230,29 @@
if (ret <= 0) {
goto end;
}
- ssl->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
+
+ if (!SSL_IS_DTLS(ssl) || ssl->d1->send_cookie) {
+ ssl->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
+ } else {
+ ssl->s3->tmp.next_state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
+ }
ssl->state = SSL3_ST_CW_FLUSH;
break;
+ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
+ assert(SSL_IS_DTLS(ssl));
+ ret = dtls1_get_hello_verify(ssl);
+ if (ret <= 0) {
+ goto end;
+ }
+ if (ssl->d1->send_cookie) {
+ ssl->method->received_flight(ssl);
+ ssl->state = SSL3_ST_CW_CLNT_HELLO_A;
+ } else {
+ ssl->state = SSL3_ST_CR_SRVR_HELLO_A;
+ }
+ break;
+
case SSL3_ST_CR_SRVR_HELLO_A:
ret = ssl3_get_server_hello(ssl);
if (ret <= 0) {
@@ -291,12 +321,12 @@
if (ret <= 0) {
goto end;
}
+ ssl->method->received_flight(ssl);
if (ssl->s3->tmp.cert_req) {
ssl->state = SSL3_ST_CW_CERT_A;
} else {
ssl->state = SSL3_ST_CW_KEY_EXCH_A;
}
-
break;
case SSL3_ST_CW_CERT_A:
@@ -337,8 +367,8 @@
case SSL3_ST_CW_CHANGE_A:
case SSL3_ST_CW_CHANGE_B:
- ret = ssl3_send_change_cipher_spec(ssl, SSL3_ST_CW_CHANGE_A,
- SSL3_ST_CW_CHANGE_B);
+ ret = ssl->method->send_change_cipher_spec(ssl, SSL3_ST_CW_CHANGE_A,
+ SSL3_ST_CW_CHANGE_B);
if (ret <= 0) {
goto end;
}
@@ -452,6 +482,7 @@
if (ret <= 0) {
goto end;
}
+ ssl->method->received_flight(ssl);
if (ssl->hit) {
ssl->state = SSL3_ST_CW_CHANGE_A;
@@ -467,6 +498,9 @@
goto end;
}
ssl->state = ssl->s3->tmp.next_state;
+ if (ssl->state != SSL_ST_OK) {
+ ssl->method->expect_flight(ssl);
+ }
break;
case SSL3_ST_FALSE_START:
@@ -486,9 +520,15 @@
/* clean a few things up */
ssl3_cleanup_key_block(ssl);
- BUF_MEM_free(ssl->init_buf);
- ssl->init_buf = NULL;
- ssl->init_num = 0;
+ /* |init_buf| cannot be released in DTLS because post-handshake
+ * retransmit relies on that buffer being available as scratch space.
+ *
+ * TODO(davidben): Fix this. */
+ if (!SSL_IS_DTLS(ssl)) {
+ BUF_MEM_free(ssl->init_buf);
+ ssl->init_buf = NULL;
+ ssl->init_num = 0;
+ }
/* Remove write buffering now. */
ssl_free_wbio_buffer(ssl);
@@ -503,10 +543,13 @@
ssl_update_cache(ssl, SSL_SESS_CACHE_CLIENT);
}
+ if (SSL_IS_DTLS(ssl)) {
+ ssl->d1->handshake_read_seq = 0;
+ ssl->d1->next_handshake_write_seq = 0;
+ }
+
ret = 1;
-
ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_DONE, 1);
-
goto end;
default:
@@ -585,14 +628,14 @@
return CBB_flush(out);
}
-int ssl3_send_client_hello(SSL *ssl) {
+static int ssl3_send_client_hello(SSL *ssl) {
if (ssl->state == SSL3_ST_CW_CLNT_HELLO_B) {
return ssl_do_write(ssl);
}
- /* In DTLS, reset the handshake buffer each time a new ClientHello is
- * assembled. We may send multiple if we receive HelloVerifyRequest. */
- if (SSL_IS_DTLS(ssl) && !ssl3_init_handshake_buffer(ssl)) {
+ /* The handshake buffer is reset on every ClientHello. Notably, in DTLS, we
+ * may send multiple ClientHellos if we receive HelloVerifyRequest. */
+ if (!ssl3_init_handshake_buffer(ssl)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -676,7 +719,51 @@
return -1;
}
-int ssl3_get_server_hello(SSL *ssl) {
+static int dtls1_get_hello_verify(SSL *ssl) {
+ long n;
+ int al, ok = 0;
+ CBS hello_verify_request, cookie;
+ uint16_t server_version;
+
+ n = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message, &ok);
+
+ if (!ok) {
+ return n;
+ }
+
+ if (ssl->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ ssl->d1->send_cookie = 0;
+ ssl->s3->tmp.reuse_message = 1;
+ return 1;
+ }
+
+ CBS_init(&hello_verify_request, ssl->init_msg, n);
+
+ if (!CBS_get_u16(&hello_verify_request, &server_version) ||
+ !CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) ||
+ CBS_len(&hello_verify_request) != 0) {
+ al = SSL_AD_DECODE_ERROR;
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
+ goto f_err;
+ }
+
+ if (CBS_len(&cookie) > sizeof(ssl->d1->cookie)) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ goto f_err;
+ }
+
+ memcpy(ssl->d1->cookie, CBS_data(&cookie), CBS_len(&cookie));
+ ssl->d1->cookie_len = CBS_len(&cookie);
+
+ ssl->d1->send_cookie = 1;
+ return 1;
+
+f_err:
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
+ return -1;
+}
+
+static int ssl3_get_server_hello(SSL *ssl) {
STACK_OF(SSL_CIPHER) *sk;
const SSL_CIPHER *c;
CERT *ct = ssl->cert;
@@ -906,7 +993,7 @@
return ret;
}
-int ssl3_get_server_certificate(SSL *ssl) {
+static int ssl3_get_server_certificate(SSL *ssl) {
int al, ok, ret = -1;
unsigned long n;
X509 *x = NULL;
@@ -996,7 +1083,7 @@
return ret;
}
-int ssl3_get_server_key_exchange(SSL *ssl) {
+static int ssl3_get_server_key_exchange(SSL *ssl) {
EVP_MD_CTX md_ctx;
int al, ok;
EVP_PKEY *pkey = NULL;
@@ -1265,7 +1352,7 @@
return X509_NAME_cmp(*a, *b);
}
-int ssl3_get_certificate_request(SSL *ssl) {
+static int ssl3_get_certificate_request(SSL *ssl) {
int ok, ret = 0;
X509_NAME *xn = NULL;
STACK_OF(X509_NAME) *ca_sk = NULL;
@@ -1373,7 +1460,7 @@
return ret;
}
-int ssl3_get_new_session_ticket(SSL *ssl) {
+static int ssl3_get_new_session_ticket(SSL *ssl) {
int ok, al;
long n = ssl->method->ssl_get_message(ssl, SSL3_MT_NEW_SESSION_TICKET,
ssl_hash_message, &ok);
@@ -1446,7 +1533,7 @@
return -1;
}
-int ssl3_get_cert_status(SSL *ssl) {
+static int ssl3_get_cert_status(SSL *ssl) {
int ok, al;
long n;
CBS certificate_status, ocsp_response;
@@ -1489,7 +1576,7 @@
return -1;
}
-int ssl3_get_server_done(SSL *ssl) {
+static int ssl3_get_server_done(SSL *ssl) {
int ok;
long n;
@@ -1513,7 +1600,7 @@
OPENSSL_COMPILE_ASSERT(sizeof(size_t) >= sizeof(unsigned),
SIZE_T_IS_SMALLER_THAN_UNSIGNED);
-int ssl3_send_client_key_exchange(SSL *ssl) {
+static int ssl3_send_client_key_exchange(SSL *ssl) {
if (ssl->state == SSL3_ST_CW_KEY_EXCH_B) {
return ssl_do_write(ssl);
}
@@ -1711,7 +1798,7 @@
return -1;
}
-int ssl3_send_cert_verify(SSL *ssl) {
+static int ssl3_send_cert_verify(SSL *ssl) {
if (ssl->state == SSL3_ST_CW_CERT_VRFY_C) {
return ssl_do_write(ssl);
}
@@ -1806,7 +1893,7 @@
return ssl->cert && ssl->cert->x509 && ssl_has_private_key(ssl);
}
-int ssl3_send_client_certificate(SSL *ssl) {
+static int ssl3_send_client_certificate(SSL *ssl) {
if (ssl->state == SSL3_ST_CW_CERT_A) {
/* Call cert_cb to update the certificate. */
if (ssl->cert->cert_cb) {
@@ -1879,7 +1966,7 @@
return ssl_do_write(ssl);
}
-int ssl3_send_next_proto(SSL *ssl) {
+static int ssl3_send_next_proto(SSL *ssl) {
if (ssl->state == SSL3_ST_CW_NEXT_PROTO_B) {
return ssl_do_write(ssl);
}
@@ -1910,7 +1997,7 @@
return ssl_do_write(ssl);
}
-int ssl3_send_channel_id(SSL *ssl) {
+static int ssl3_send_channel_id(SSL *ssl) {
if (ssl->state == SSL3_ST_CW_CHANNEL_ID_B) {
return ssl_do_write(ssl);
}
@@ -1991,7 +2078,8 @@
return ret;
}
-int ssl_do_client_cert_cb(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey) {
+static int ssl_do_client_cert_cb(SSL *ssl, X509 **out_x509,
+ EVP_PKEY **out_pkey) {
if (ssl->ctx->client_cert_cb == NULL) {
return 0;
}
@@ -2006,7 +2094,7 @@
return 1;
}
-int ssl3_verify_server_cert(SSL *ssl) {
+static int ssl3_verify_server_cert(SSL *ssl) {
int ret = ssl_verify_cert_chain(ssl, ssl->session->cert_chain);
if (ssl->verify_mode != SSL_VERIFY_NONE && ret <= 0) {
int al = ssl_verify_alarm_type(ssl->verify_result);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a86478b..91648f2 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -181,6 +181,10 @@
return ssl3_do_write(ssl, SSL3_RT_HANDSHAKE);
}
+void ssl3_expect_flight(SSL *ssl) {}
+
+void ssl3_received_flight(SSL *ssl) {}
+
int ssl3_new(SSL *ssl) {
SSL3_STATE *s3;
diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c
index b60b5f2..2241b23 100644
--- a/ssl/s3_meth.c
+++ b/ssl/s3_meth.c
@@ -75,6 +75,9 @@
SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
ssl3_handshake_write,
+ ssl3_send_change_cipher_spec,
+ ssl3_expect_flight,
+ ssl3_received_flight,
};
const SSL_METHOD *TLS_method(void) {
