diff options
Diffstat (limited to 'crypto/openssl/ssl/d1_srvr.c')
-rw-r--r-- | crypto/openssl/ssl/d1_srvr.c | 76 |
1 files changed, 60 insertions, 16 deletions
diff --git a/crypto/openssl/ssl/d1_srvr.c b/crypto/openssl/ssl/d1_srvr.c index d1a11ad9edbd..da4c21e06a1c 100644 --- a/crypto/openssl/ssl/d1_srvr.c +++ b/crypto/openssl/ssl/d1_srvr.c @@ -233,6 +233,7 @@ int dtls1_accept(SSL *s) } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { + BUF_MEM_free(buf); ret= -1; goto end; } @@ -246,6 +247,9 @@ int dtls1_accept(SSL *s) } s->init_num=0; + s->d1->change_cipher_spec_ok = 0; + /* Should have been reset by ssl3_get_finished, too. */ + s->s3->change_cipher_spec = 0; if (s->state != SSL_ST_RENEGOTIATE) { @@ -276,10 +280,11 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; + dtls1_clear_record_buffer(s); dtls1_start_timer(s); ret=dtls1_send_hello_request(s); if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; + s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; s->state=SSL3_ST_SW_FLUSH; s->init_num=0; @@ -588,10 +593,11 @@ int dtls1_accept(SSL *s) s->state = SSL3_ST_SR_CLNT_HELLO_C; } else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } @@ -647,8 +653,14 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - - s->d1->change_cipher_spec_ok = 1; + /* + * This *should* be the first time we enable CCS, but be + * extra careful about surrounding code changes. We need + * to set this here because we don't know if we're + * expecting a CertificateVerify or not. + */ + if (!s->s3->change_cipher_spec) + s->d1->change_cipher_spec_ok = 1; /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -664,7 +676,18 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: - s->d1->change_cipher_spec_ok = 1; + /* + * Enable CCS for resumed handshakes. + * In a full handshake, we end up here through + * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was + * already set. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. + * s->s3->change_cipher_spec is set when a CCS is + * processed in d1_pkt.c, and remains set until + * the client's Finished message is read. + */ + if (!s->s3->change_cipher_spec) + s->d1->change_cipher_spec_ok = 1; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; @@ -712,10 +735,13 @@ int dtls1_accept(SSL *s) if (ret <= 0) goto end; #ifndef OPENSSL_NO_SCTP - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); + if (!s->hit) + { + /* Change to new shared key of SCTP-Auth, + * will be ignored if no SCTP used. + */ + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); + } #endif s->state=SSL3_ST_SW_FINISHED_A; @@ -740,7 +766,16 @@ int dtls1_accept(SSL *s) if (ret <= 0) goto end; s->state=SSL3_ST_SW_FLUSH; if (s->hit) + { s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; + +#ifndef OPENSSL_NO_SCTP + /* Change to new shared key of SCTP-Auth, + * will be ignored if no SCTP used. + */ + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); +#endif + } else { s->s3->tmp.next_state=SSL_ST_OK; @@ -903,15 +938,13 @@ int dtls1_send_server_hello(SSL *s) unsigned char *p,*d; int i; unsigned int sl; - unsigned long l,Time; + unsigned long l; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf=(unsigned char *)s->init_buf->data; p=s->s3->server_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); + ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE); /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); @@ -960,6 +993,11 @@ int dtls1_send_server_hello(SSL *s) #endif #ifndef OPENSSL_NO_TLSEXT + if (ssl_prepare_serverhello_tlsext(s) <= 0) + { + SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); + return -1; + } if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); @@ -1336,6 +1374,7 @@ int dtls1_send_server_key_exchange(SSL *s) (unsigned char *)encodedPoint, encodedlen); OPENSSL_free(encodedPoint); + encodedPoint = NULL; p += encodedlen; } #endif @@ -1577,6 +1616,11 @@ int dtls1_send_server_certificate(SSL *s) } l=dtls1_output_cert_chain(s,x); + if (!l) + { + SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); + return(0); + } s->state=SSL3_ST_SW_CERT_B; s->init_num=(int)l; s->init_off=0; |