d1_clnt.c revision 9dc0df1bac950d6e491f9a7c7e4888f2b301cb15
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
#ifndef OPENSSL_NO_DH
#endif
static int dtls1_get_hello_verify(SSL *s);
{
if (ver == DTLS1_VERSION)
return(DTLSv1_client_method());
else
return(NULL);
}
int dtls1_connect(SSL *s)
{
long num1;
int ret= -1;
if (s->info_callback != NULL)
cb=s->info_callback;
s->in_handshake++;
for (;;)
{
switch(s->state)
{
case SSL_ST_RENEGOTIATE:
s->new_session=1;
s->state=SSL_ST_CONNECT;
/* break */
case SSL_ST_BEFORE:
case SSL_ST_CONNECT:
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
s->server=0;
{
ret = -1;
goto end;
}
/* s->version=SSL3_VERSION; */
s->type=SSL_ST_CONNECT;
{
{
ret= -1;
goto end;
}
{
ret= -1;
goto end;
}
}
/* setup buffing BIO */
/* don't push the buffering BIO quite yet */
s->init_num=0;
break;
case SSL3_ST_CW_CLNT_HELLO_A:
case SSL3_ST_CW_CLNT_HELLO_B:
s->shutdown=0;
if ( s->d1->send_cookie)
{
}
else
s->init_num=0;
/* turn on buffering for the next lot of output */
break;
case SSL3_ST_CR_SRVR_HELLO_A:
case SSL3_ST_CR_SRVR_HELLO_B:
else
{
if (s->hit)
else
}
s->init_num=0;
break;
ret = dtls1_get_hello_verify(s);
if ( ret <= 0)
goto end;
else
s->state = SSL3_ST_CR_CERT_A;
s->init_num = 0;
break;
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
/* Check if it is anon DH */
{
}
else
skip=1;
s->init_num=0;
break;
case SSL3_ST_CR_KEY_EXCH_A:
case SSL3_ST_CR_KEY_EXCH_B:
s->init_num=0;
/* at this point we check that we have the
* required stuff from the server */
if (!ssl3_check_cert_and_algorithm(s))
{
ret= -1;
goto end;
}
break;
case SSL3_ST_CR_CERT_REQ_A:
case SSL3_ST_CR_CERT_REQ_B:
s->init_num=0;
break;
case SSL3_ST_CR_SRVR_DONE_A:
case SSL3_ST_CR_SRVR_DONE_B:
else
s->init_num=0;
break;
case SSL3_ST_CW_CERT_A:
case SSL3_ST_CW_CERT_B:
case SSL3_ST_CW_CERT_C:
case SSL3_ST_CW_CERT_D:
s->init_num=0;
break;
case SSL3_ST_CW_KEY_EXCH_A:
case SSL3_ST_CW_KEY_EXCH_B:
/* EAY EAY EAY need to check for DH fix cert
* sent back */
/* For TLS, cert_req is set to 2, so a cert chain
* of nothing is sent, but no verify packet is sent */
{
}
else
{
s->s3->change_cipher_spec=0;
}
s->init_num=0;
break;
case SSL3_ST_CW_CERT_VRFY_A:
case SSL3_ST_CW_CERT_VRFY_B:
s->init_num=0;
s->s3->change_cipher_spec=0;
break;
case SSL3_ST_CW_CHANGE_A:
case SSL3_ST_CW_CHANGE_B:
s->init_num=0;
#ifdef OPENSSL_NO_COMP
s->session->compress_meth=0;
#else
s->session->compress_meth=0;
else
s->session->compress_meth=
#endif
{
ret= -1;
goto end;
}
{
ret= -1;
goto end;
}
break;
case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_CW_FINISHED_B:
/* clear flags */
if (s->hit)
{
{
s->s3->delay_buf_pop_ret=0;
}
}
else
{
}
s->init_num=0;
break;
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
if (s->hit)
else
s->init_num=0;
break;
case SSL3_ST_CW_FLUSH:
/* number of bytes to be flushed */
if (num1 > 0)
{
s->rwstate=SSL_WRITING;
s->rwstate=SSL_NOTHING;
}
break;
case SSL_ST_OK:
/* clean a few things up */
#if 0
{
BUF_MEM_free(s->init_buf);
}
#endif
/* If we are not 'joining' the last two packets,
* remove the buffering now */
/* else do it later in ssl3_write */
s->init_num=0;
s->new_session=0;
ret=1;
/* s->server=0; */
/* done with handshaking */
s->d1->handshake_read_seq = 0;
goto end;
/* break; */
default:
ret= -1;
goto end;
/* break; */
}
/* did we do anything */
{
if (s->debug)
{
goto end;
}
{
}
}
skip=0;
}
end:
s->in_handshake--;
return(ret);
}
int dtls1_client_hello(SSL *s)
{
unsigned char *buf;
unsigned char *p,*d;
unsigned int i,j;
unsigned long Time,l;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
{
(s->session->not_resumable))
{
if (!ssl_get_new_session(s,0))
goto err;
}
/* else use the pre-loaded session */
p=s->s3->client_random;
/* Do the message type and length last */
d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
*(p++)=s->version>>8;
*(p++)=s->version&0xff;
s->client_version=s->version;
/* Random stuff */
p+=SSL3_RANDOM_SIZE;
/* Session ID */
if (s->new_session)
i=0;
else
i=s->session->session_id_length;
*(p++)=i;
if (i != 0)
{
if (i > sizeof s->session->session_id)
{
goto err;
}
p+=i;
}
/* cookie stuff */
{
goto err;
}
*(p++) = s->d1->cookie_len;
p += s->d1->cookie_len;
/* Ciphers supported */
if (i == 0)
{
goto err;
}
s2n(i,p);
p+=i;
/* COMPRESSION */
j=0;
else
*(p++)=1+j;
for (i=0; i<j; i++)
{
}
*(p++)=0; /* Add the NULL method */
l=(p-d);
d=buf;
d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
/* number of bytes to write */
s->init_off=0;
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
}
/* SSL3_ST_CW_CLNT_HELLO_B */
return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
err:
return(-1);
}
static int dtls1_get_hello_verify(SSL *s)
{
unsigned char *data;
unsigned int cookie_len;
n=s->method->ssl_get_message(s,
-1,
s->max_cert_list,
&ok);
if (!ok) return((int)n);
{
s->d1->send_cookie = 0;
return(1);
}
{
goto f_err;
}
data+=2;
cookie_len = *(data++);
{
goto f_err;
}
return 1;
return -1;
}
int dtls1_send_client_key_exchange(SSL *s)
{
unsigned char *p,*d;
int n;
unsigned long l;
#ifndef OPENSSL_NO_RSA
unsigned char *q;
#endif
#ifndef OPENSSL_NO_KRB5
#endif /* OPENSSL_NO_KRB5 */
if (s->state == SSL3_ST_CW_KEY_EXCH_A)
{
p= &(d[DTLS1_HM_HEADER_LENGTH]);
/* Fool emacs indentation */
if (0) {}
#ifndef OPENSSL_NO_RSA
else if (l & SSL_kRSA)
{
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
else
{
{
goto err;
}
}
goto err;
q=p;
/* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION)
p+=2;
n=RSA_public_encrypt(sizeof tmp_buf,
#ifdef PKCS1_CHECK
#endif
if (n <= 0)
{
goto err;
}
/* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION)
{
s2n(n,q);
n+=2;
}
s->session->master_key_length=
s->session->master_key,
}
#endif
#ifndef OPENSSL_NO_KRB5
else if (l & SSL_kKRB5)
{
/* krb5_data krb5_ap_req; */
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
#ifdef KSSL_DEBUG
printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
l, SSL_kKRB5);
#endif /* KSSL_DEBUG */
#ifdef KRB5SENDAUTH
#endif /* KRB5SENDAUTH */
&kssl_err);
goto err;
#ifdef KSSL_DEBUG
{
}
#endif /* KSSL_DEBUG */
if (krb5rc)
{
goto err;
}
/* 20010406 VRS - Earlier versions used KRB5 AP_REQ
** in place of RFC 2712 KerberosWrapper, as in:
**
** Send ticket (copy to *p, set n = length)
** n = krb5_ap_req.length;
** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
** if (krb5_ap_req.data)
** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
**
** Now using real RFC 2712 KerberosWrapper
** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
** Note: 2712 "opaque" types are here replaced
** with a 2-byte length followed by the value.
** Example:
** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
** Where "xx xx" = length bytes. Shown here with
** optional authenticator omitted.
*/
/* KerberosWrapper.Ticket */
p+= enc_ticket->length;
/* KerberosWrapper.Authenticator */
{
}
else
{
s2n(0,p);/* null authenticator length */
n+=2;
}
goto err;
/* 20010420 VRS. Tried it this way; failed.
** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
** kssl_ctx->length);
** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
*/
sizeof tmp_buf);
{
goto err;
}
/* KerberosWrapper.EncryptedPreMasterSecret */
p+=outl;
n+=outl + 2;
s->session->master_key_length=
s->session->master_key,
}
#endif
#ifndef OPENSSL_NO_DH
{
else
{
/* we get them from the cert */
goto err;
}
/* generate a new random key */
{
goto err;
}
if (!DH_generate_key(dh_clnt))
{
goto err;
}
/* use the 'p' output buffer for the DH key, but
* make sure to clear it out afterwards */
if (n <= 0)
{
goto err;
}
/* generate master key from the result */
s->session->master_key_length=
s->session->master_key,p,n);
/* clean up */
memset(p,0,n);
/* send off the data */
s2n(n,p);
n+=2;
/* perhaps clean things up a bit EAY EAY EAY EAY*/
}
#endif
else
{
goto err;
}
d = dtls1_set_message_header(s, d,
SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
/*
*(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
l2n3(n,d);
l2n(s->d1->handshake_write_seq,d);
s->d1->handshake_write_seq++;
*/
/* number of bytes to write */
s->init_off=0;
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
}
/* SSL3_ST_CW_KEY_EXCH_B */
return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
err:
return(-1);
}
int dtls1_send_client_verify(SSL *s)
{
unsigned char *p,*d;
#ifndef OPENSSL_NO_RSA
unsigned u=0;
#endif
unsigned long n;
#ifndef OPENSSL_NO_DSA
int j;
#endif
if (s->state == SSL3_ST_CW_CERT_VRFY_A)
{
p= &(d[DTLS1_HM_HEADER_LENGTH]);
&(data[MD5_DIGEST_LENGTH]));
#ifndef OPENSSL_NO_RSA
{
{
goto err;
}
s2n(u,p);
n=u+2;
}
else
#endif
#ifndef OPENSSL_NO_DSA
{
&(data[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH,&(p[2]),
{
goto err;
}
s2n(j,p);
n=j+2;
}
else
#endif
{
goto err;
}
d = dtls1_set_message_header(s, d,
SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ;
s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH;
s->init_off=0;
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
s->state = SSL3_ST_CW_CERT_VRFY_B;
}
/* s->state = SSL3_ST_CW_CERT_VRFY_B */
return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
err:
return(-1);
}
int dtls1_send_client_certificate(SSL *s)
{
int i;
unsigned long l;
if (s->state == SSL3_ST_CW_CERT_A)
{
else
}
/* We need to get a client cert */
if (s->state == SSL3_ST_CW_CERT_B)
{
/* If we get an error, we need to
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
* We then get retied later */
i=0;
if (i < 0)
{
return(-1);
}
s->rwstate=SSL_NOTHING;
{
if ( !SSL_use_certificate(s,x509) ||
!SSL_use_PrivateKey(s,pkey))
i=0;
}
else if (i == 1)
{
i=0;
}
if (i == 0)
{
if (s->version == SSL3_VERSION)
{
return(1);
}
else
{
}
}
/* Ok, we have a cert */
}
if (s->state == SSL3_ST_CW_CERT_C)
{
s->init_num=(int)l;
s->init_off=0;
/* set header called by dtls1_output_cert_chain() */
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 0);
}
/* SSL3_ST_CW_CERT_D */
return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
}