int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
{
DTLS1_RECORD_DATA *rdata;
pitem *item;
/* Limit the size of the queue to prevent DOS attacks */
if (pqueue_size(queue->q) >= 100)
return 0;
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL) {
if (rdata != NULL)
OPENSSL_free(rdata);
if (item != NULL)
pitem_free(item);
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
return -1;
}
rdata->packet = s->rlayer.packet;
rdata->packet_length = s->rlayer.packet_length;
memcpy(&(rdata->rbuf), &s->rlayer.rbuf, sizeof(SSL3_BUFFER));
memcpy(&(rdata->rrec), &s->rlayer.rrec, sizeof(SSL3_RECORD));
item->data = rdata;
#ifndef OPENSSL_NO_SCTP
/* Store bio_dgram_sctp_rcvinfo struct */
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
(s->state == SSL3_ST_SR_FINISHED_A
|| s->state == SSL3_ST_CR_FINISHED_A)) {
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
sizeof(rdata->recordinfo), &rdata->recordinfo);
}
#endif
s->rlayer.packet = NULL;
s->rlayer.packet_length = 0;
memset(&s->rlayer.rbuf, 0, sizeof(SSL3_BUFFER));
memset(&s->rlayer.rrec, 0, sizeof(SSL3_RECORD));
if (!ssl3_setup_buffers(s)) {
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
if (rdata->rbuf.buf != NULL)
OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
return (-1);
}
/* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL) {
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
if (rdata->rbuf.buf != NULL)
OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
return (-1);
}
return (1);
}
int vc_create_dtls_connection(struct vContext *C)
{
struct VC_CTX *vc_ctx = CTX_client_ctx(C);
struct VSession *vsession = CTX_current_session(C);
struct VDgramConn *dgram_conn = CTX_current_dgram_conn(C);
struct timeval timeout;
int ret = 0;
v_print_log(VRS_PRINT_DEBUG_MSG, "Try to do DTLS handshake at UDP socket: %d\n",
dgram_conn->io_ctx.sockfd);
/* Create ssl for new connection */
if( (dgram_conn->io_ctx.ssl = SSL_new(vc_ctx->dtls_ctx)) == NULL) {
v_print_log(VRS_PRINT_ERROR, "SSL_new(%p)\n", (void*)vc_ctx->dtls_ctx);
return 0;
}
/* Set state of bio as connected */
if(dgram_conn->io_ctx.peer_addr.ip_ver == IPV4) {
ret = BIO_ctrl(dgram_conn->io_ctx.bio, BIO_CTRL_DGRAM_SET_CONNECTED, 0, &dgram_conn->io_ctx.peer_addr.addr.ipv6);
} else if(dgram_conn->io_ctx.peer_addr.ip_ver == IPV6) {
ret = BIO_ctrl(dgram_conn->io_ctx.bio, BIO_CTRL_DGRAM_SET_CONNECTED, 0, &dgram_conn->io_ctx.peer_addr.addr.ipv4);
}
/* When BIO_ctrl was called with bad arguments, then it returns 0 */
if(ret==0) {
v_print_log(VRS_PRINT_ERROR, "BIO_ctrl()\n");
SSL_free(dgram_conn->io_ctx.ssl);
return 0;
}
/* Set and activate timeouts */
timeout.tv_sec = 1;
timeout.tv_usec = 0;
BIO_ctrl(dgram_conn->io_ctx.bio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
BIO_ctrl(dgram_conn->io_ctx.bio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
/* Bind ssl and bio */
SSL_set_bio(dgram_conn->io_ctx.ssl, dgram_conn->io_ctx.bio, dgram_conn->io_ctx.bio);
/* Try to do DTLS handshake */
again:
if ((ret = SSL_connect(dgram_conn->io_ctx.ssl)) <= 0) {
int err = SSL_get_error(dgram_conn->io_ctx.ssl, ret);
if(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) {
gettimeofday(&timeout, NULL);
if((timeout.tv_sec - vsession->peer_token.tv.tv_sec) > VRS_TIMEOUT) {
v_print_log(VRS_PRINT_ERROR, "Token timed out\n");
return 0;
}
usleep(1000);
goto again;
}
ERR_print_errors_fp(stderr);
v_print_log(VRS_PRINT_ERROR, "SSL_connect() failed: %d -> %d\n", ret, err);
SSL_free(dgram_conn->io_ctx.ssl);
dgram_conn->io_ctx.ssl = NULL;
dgram_conn->io_ctx.bio = NULL;
return 0;
} else {
v_print_log(VRS_PRINT_DEBUG_MSG, "DTLS handshake finished\n");
v_print_log(VRS_PRINT_DEBUG_MSG, "Current cipher: %s\n",
SSL_CIPHER_get_name(SSL_get_current_cipher(dgram_conn->io_ctx.ssl)));
}
return 1;
}
long BIO_get_mem_data(BIO *bio, char **contents) {
return BIO_ctrl(bio, BIO_CTRL_INFO, 0, (char *) contents);
}
static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
{
BIO *dbio;
BIO_ENC_CTX *ctx,*dctx;
long ret=1;
int i;
EVP_CIPHER_CTX **c_ctx;
ctx=(BIO_ENC_CTX *)b->ptr;
switch (cmd)
{
case BIO_CTRL_RESET:
ctx->ok=1;
ctx->finished=0;
EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
ctx->cipher.encrypt);
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_EOF: /* More to read */
if (ctx->cont <= 0)
ret=1;
else
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_WPENDING:
ret=ctx->buf_len-ctx->buf_off;
if (ret <= 0)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_PENDING: /* More to read in buffer */
ret=ctx->buf_len-ctx->buf_off;
if (ret <= 0)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_FLUSH:
/* do a final write */
again:
while (ctx->buf_len != ctx->buf_off)
{
i=enc_write(b,NULL,0);
if (i < 0)
return i;
}
if (!ctx->finished)
{
ctx->finished=1;
ctx->buf_off=0;
ret=EVP_CipherFinal_ex(&(ctx->cipher),
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok=(int)ret;
if (ret <= 0) break;
/* push out the bytes */
goto again;
}
/* Finally flush the underlying BIO */
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_C_GET_CIPHER_STATUS:
ret=(long)ctx->ok;
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
BIO_copy_next_retry(b);
break;
case BIO_C_GET_CIPHER_CTX:
c_ctx=(EVP_CIPHER_CTX **)ptr;
(*c_ctx)= &(ctx->cipher);
b->init=1;
break;
case BIO_CTRL_DUP:
dbio=(BIO *)ptr;
dctx=(BIO_ENC_CTX *)dbio->ptr;
memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
dbio->init=1;
break;
default:
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
}
return(ret);
}
size_t BIO_ctrl_wpending(BIO *bio)
{
return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
}
static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
{
EVP_MD_CTX *ctx, *dctx, **pctx;
const EVP_MD **ppmd;
EVP_MD *md;
long ret = 1;
BIO *dbio, *next;
ctx = BIO_get_data(b);
next = BIO_next(b);
switch (cmd) {
case BIO_CTRL_RESET:
if (BIO_get_init(b))
ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL);
else
ret = 0;
if (ret > 0)
ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_C_GET_MD:
if (BIO_get_init(b)) {
ppmd = ptr;
*ppmd = ctx->digest;
} else
ret = 0;
break;
case BIO_C_GET_MD_CTX:
pctx = ptr;
*pctx = ctx;
BIO_set_init(b, 1);
break;
case BIO_C_SET_MD_CTX:
if (BIO_get_init(b))
BIO_set_data(b, ptr);
else
ret = 0;
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
ret = BIO_ctrl(next, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
case BIO_C_SET_MD:
md = ptr;
ret = EVP_DigestInit_ex(ctx, md, NULL);
if (ret > 0)
BIO_set_init(b, 1);
break;
case BIO_CTRL_DUP:
dbio = ptr;
dctx = BIO_get_data(dbio);
if (!EVP_MD_CTX_copy_ex(dctx, ctx))
return 0;
BIO_set_init(b, 1);
break;
default:
ret = BIO_ctrl(next, cmd, num, ptr);
break;
}
return ret;
}
/*-
* Return up to 'len' payload bytes received in 'type' records.
* 'type' is one of the following:
*
* - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
* - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
* - 0 (during a shutdown, no data has to be returned)
*
* If we don't have stored data to work from, read a SSL/TLS record first
* (possibly multiple records if we still don't have anything to return).
*
* This function must handle any surprises the peer may have for us, such as
* Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
* messages are treated as if they were handshake messages *if* the |recd_type|
* argument is non NULL.
* Also if record payloads contain fragments too small to process, we store
* them until there is enough for the respective protocol (the record protocol
* may use arbitrary fragmentation and even interleaving):
* Change cipher spec protocol
* just 1 byte needed, no need for keeping anything stored
* Alert protocol
* 2 bytes needed (AlertLevel, AlertDescription)
* Handshake protocol
* 4 bytes needed (HandshakeType, uint24 length) -- we just have
* to detect unexpected Client Hello and Hello Request messages
* here, anything else is handled by higher layers
* Application data protocol
* none of our business
*/
int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
int len, int peek)
{
int al, i, j, ret;
unsigned int n;
SSL3_RECORD *rr;
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) {
/* Not initialized yet */
if (!ssl3_setup_buffers(s))
return (-1);
}
if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
(type != SSL3_RT_HANDSHAKE)) ||
(peek && (type != SSL3_RT_APPLICATION_DATA))) {
SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
return -1;
}
/*
* check whether there's a handshake message (client hello?) waiting
*/
if ((ret = have_handshake_fragment(s, type, buf, len))) {
*recvd_type = SSL3_RT_HANDSHAKE;
return ret;
}
/*
* Now s->rlayer.d->handshake_fragment_len == 0 if
* type == SSL3_RT_HANDSHAKE.
*/
if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s))
{
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
if (i < 0)
return (i);
if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
}
}
start:
s->rwstate = SSL_NOTHING;
/*-
* s->s3->rrec.type - is the type of record
* s->s3->rrec.data, - data
* s->s3->rrec.off, - offset into 'data' for next read
* s->s3->rrec.length, - number of bytes.
*/
rr = s->rlayer.rrec;
/*
* We are not handshaking and have no data yet, so process data buffered
* during the last handshake in advance, if any.
*/
if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) {
pitem *item;
item = pqueue_pop(s->rlayer.d->buffered_app_data.q);
if (item) {
#ifndef OPENSSL_NO_SCTP
/* Restore bio_dgram_sctp_rcvinfo struct */
if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
sizeof(rdata->recordinfo), &rdata->recordinfo);
}
#endif
dtls1_copy_record(s, item);
OPENSSL_free(item->data);
pitem_free(item);
}
}
/* Check for timeout */
if (dtls1_handle_timeout(s) > 0)
goto start;
/* get new packet if necessary */
if ((SSL3_RECORD_get_length(rr) == 0)
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) {
ret = dtls1_get_record(s);
if (ret <= 0) {
ret = dtls1_read_failed(s, ret);
/* anything other than a timeout is an error */
if (ret <= 0)
return (ret);
else
goto start;
}
}
/*
* Reset the count of consecutive warning alerts if we've got a non-empty
* record that isn't an alert.
*/
if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
&& SSL3_RECORD_get_length(rr) != 0)
s->rlayer.alert_count = 0;
/* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
&& (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
/*
* We now have application data between CCS and Finished. Most likely
* the packets were reordered on their way, so buffer the application
* data for later processing rather than dropping the connection.
*/
if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data),
SSL3_RECORD_get_seq_num(rr)) < 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
return -1;
}
SSL3_RECORD_set_length(rr, 0);
goto start;
}
/*
* If the other end has shut down, throw anything we read away (even in
* 'peek' mode)
*/
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
SSL3_RECORD_set_length(rr, 0);
s->rwstate = SSL_NOTHING;
return (0);
}
if (type == SSL3_RECORD_get_type(rr)
|| (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
/*
* SSL3_RT_APPLICATION_DATA or
* SSL3_RT_HANDSHAKE or
* SSL3_RT_CHANGE_CIPHER_SPEC
*/
/*
* make sure that we are not getting application data when we are
* doing a handshake for the first time
*/
if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
(s->enc_read_ctx == NULL)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
goto f_err;
}
if (recvd_type != NULL)
*recvd_type = SSL3_RECORD_get_type(rr);
if (len <= 0)
return (len);
if ((unsigned int)len > SSL3_RECORD_get_length(rr))
n = SSL3_RECORD_get_length(rr);
else
n = (unsigned int)len;
memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
if (!peek) {
SSL3_RECORD_sub_length(rr, n);
SSL3_RECORD_add_off(rr, n);
if (SSL3_RECORD_get_length(rr) == 0) {
s->rlayer.rstate = SSL_ST_READ_HEADER;
SSL3_RECORD_set_off(rr, 0);
}
}
#ifndef OPENSSL_NO_SCTP
/*
* We might had to delay a close_notify alert because of reordered
* app data. If there was an alert and there is no message to read
* anymore, finally set shutdown.
*/
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
s->d1->shutdown_received
&& !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
}
#endif
return (n);
}
/*
* If we get here, then type != rr->type; if we have a handshake message,
* then it was unexpected (Hello Request or Client Hello).
*/
/*
* In case of record types for which we have 'fragment' storage, fill
* that so that we can process the data at a fixed place.
*/
{
unsigned int k, dest_maxlen = 0;
unsigned char *dest = NULL;
unsigned int *dest_len = NULL;
if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
dest_maxlen = sizeof s->rlayer.d->handshake_fragment;
dest = s->rlayer.d->handshake_fragment;
dest_len = &s->rlayer.d->handshake_fragment_len;
} else if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
dest_maxlen = sizeof(s->rlayer.d->alert_fragment);
dest = s->rlayer.d->alert_fragment;
dest_len = &s->rlayer.d->alert_fragment_len;
}
#ifndef OPENSSL_NO_HEARTBEATS
else if (SSL3_RECORD_get_type(rr) == DTLS1_RT_HEARTBEAT) {
/* We allow a 0 return */
if (dtls1_process_heartbeat(s, SSL3_RECORD_get_data(rr),
SSL3_RECORD_get_length(rr)) < 0) {
return -1;
}
/* Exit and notify application to read again */
SSL3_RECORD_set_length(rr, 0);
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
return (-1);
}
#endif
/* else it's a CCS message, or application data or wrong */
else if (SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC) {
/*
* Application data while renegotiating is allowed. Try again
* reading.
*/
if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) {
BIO *bio;
s->s3->in_read_app_data = 2;
bio = SSL_get_rbio(s);
s->rwstate = SSL_READING;
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
return (-1);
}
/* Not certain if this is the right error handling */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
goto f_err;
}
if (dest_maxlen > 0) {
/*
* XDTLS: In a pathological case, the Client Hello may be
* fragmented--don't always expect dest_maxlen bytes
*/
if (SSL3_RECORD_get_length(rr) < dest_maxlen) {
#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
/*
* for normal alerts rr->length is 2, while
* dest_maxlen is 7 if we were to handle this
* non-existing alert...
*/
FIX ME;
#endif
s->rlayer.rstate = SSL_ST_READ_HEADER;
SSL3_RECORD_set_length(rr, 0);
goto start;
}
/* now move 'n' bytes: */
for (k = 0; k < dest_maxlen; k++) {
dest[k] = SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)];
SSL3_RECORD_add_off(rr, 1);
SSL3_RECORD_add_length(rr, -1);
}
*dest_len = dest_maxlen;
}
}
/*-
* s->rlayer.d->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
* s->rlayer.d->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
* (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
*/
/* If we are a client, check for an incoming 'Hello Request': */
if ((!s->server) &&
(s->rlayer.d->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
(s->rlayer.d->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
(s->session != NULL) && (s->session->cipher != NULL)) {
s->rlayer.d->handshake_fragment_len = 0;
if ((s->rlayer.d->handshake_fragment[1] != 0) ||
(s->rlayer.d->handshake_fragment[2] != 0) ||
(s->rlayer.d->handshake_fragment[3] != 0)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
goto f_err;
}
/*
* no need to check sequence number on HELLO REQUEST messages
*/
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
s->rlayer.d->handshake_fragment, 4, s,
s->msg_callback_arg);
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate) {
s->d1->handshake_read_seq++;
s->new_session = 1;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s)) {
i = s->handshake_func(s);
if (i < 0)
return (i);
if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
/* no read-ahead left? */
BIO *bio;
/*
* In the case where we try to read application data,
* but we trigger an SSL handshake, we return -1 with
* the retry option set. Otherwise renegotiation may
* cause nasty problems in the blocking world
*/
s->rwstate = SSL_READING;
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
return (-1);
}
}
}
}
/*
* we either finished a handshake or ignored the request, now try
* again to obtain the (application) data we were asked for
*/
goto start;
}
if (s->rlayer.d->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
int alert_level = s->rlayer.d->alert_fragment[0];
int alert_descr = s->rlayer.d->alert_fragment[1];
s->rlayer.d->alert_fragment_len = 0;
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_ALERT,
s->rlayer.d->alert_fragment, 2, s,
s->msg_callback_arg);
if (s->info_callback != NULL)
cb = s->info_callback;
else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback;
if (cb != NULL) {
j = (alert_level << 8) | alert_descr;
cb(s, SSL_CB_READ_ALERT, j);
}
if (alert_level == SSL3_AL_WARNING) {
s->s3->warn_alert = alert_descr;
s->rlayer.alert_count++;
if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
goto f_err;
}
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
#ifndef OPENSSL_NO_SCTP
/*
* With SCTP and streams the socket may deliver app data
* after a close_notify alert. We have to check this first so
* that nothing gets discarded.
*/
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
s->d1->shutdown_received = 1;
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
return -1;
}
#endif
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
}
#if 0
/* XXX: this is a possible improvement in the future */
/* now check if it's a missing record */
if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
unsigned short seq;
unsigned int frag_off;
unsigned char *p = &(s->rlayer.d->alert_fragment[2]);
n2s(p, seq);
n2l3(p, frag_off);
dtls1_retransmit_message(s,
dtls1_get_queue_priority
(frag->msg_header.seq, 0), frag_off,
&found);
if (!found && SSL_in_init(s)) {
/*
* fprintf( stderr,"in init = %d\n", SSL_in_init(s));
*/
/*
* requested a message not yet sent, send an alert
* ourselves
*/
ssl3_send_alert(s, SSL3_AL_WARNING,
DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
}
}
#endif
} else if (alert_level == SSL3_AL_FATAL) {
char tmp[16];
s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
return (0);
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
goto f_err;
}
goto start;
}
if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
* shutdown */
s->rwstate = SSL_NOTHING;
SSL3_RECORD_set_length(rr, 0);
return (0);
}
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
/*
* We can't process a CCS now, because previous handshake messages
* are still missing, so just drop it.
*/
SSL3_RECORD_set_length(rr, 0);
goto start;
}
/*
* Unexpected handshake message (Client Hello, or protocol violation)
*/
if ((s->rlayer.d->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
!ossl_statem_get_in_handshake(s)) {
struct hm_header_st msg_hdr;
/* this may just be a stale retransmit */
dtls1_get_message_header(rr->data, &msg_hdr);
if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch) {
SSL3_RECORD_set_length(rr, 0);
goto start;
}
/*
* If we are server, we may have a repeated FINISHED of the client
* here, then retransmit our CCS and FINISHED.
*/
if (msg_hdr.type == SSL3_MT_FINISHED) {
if (dtls1_check_timeout_num(s) < 0)
return -1;
dtls1_retransmit_buffered_messages(s);
SSL3_RECORD_set_length(rr, 0);
goto start;
}
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
ossl_statem_set_in_init(s, 1);
s->renegotiate = 1;
s->new_session = 1;
}
i = s->handshake_func(s);
if (i < 0)
return (i);
if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
/* no read-ahead left? */
BIO *bio;
/*
* In the case where we try to read application data, but we
* trigger an SSL handshake, we return -1 with the retry
* option set. Otherwise renegotiation may cause nasty
* problems in the blocking world
*/
s->rwstate = SSL_READING;
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
return (-1);
}
}
goto start;
}
switch (SSL3_RECORD_get_type(rr)) {
default:
/* TLS just ignores unknown message types */
if (s->version == TLS1_VERSION) {
SSL3_RECORD_set_length(rr, 0);
goto start;
}
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
goto f_err;
case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT:
case SSL3_RT_HANDSHAKE:
/*
* we already handled all of these, with the possible exception of
* SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
* that should not happen when type != rr->type
*/
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
goto f_err;
case SSL3_RT_APPLICATION_DATA:
/*
* At this point, we were expecting handshake data, but have
* application data. If the library was running inside ssl3_read()
* (i.e. in_read_app_data is set) and it makes sense to read
* application data at this point (session renegotiation not yet
* started), we will indulge it.
*/
if (s->s3->in_read_app_data &&
(s->s3->total_renegotiations != 0) &&
ossl_statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2;
return (-1);
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
goto f_err;
}
}
/* not reached */
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (-1);
}
MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
{
int al;
long remain;
remain = PACKET_remaining(pkt);
/*
* 'Change Cipher Spec' is just a single byte, which should already have
* been consumed by ssl_get_message() so there should be no bytes left,
* unless we're using DTLS1_BAD_VER, which has an extra 2 bytes
*/
if (SSL_IS_DTLS(s)) {
if ((s->version == DTLS1_BAD_VER
&& remain != DTLS1_CCS_HEADER_LENGTH + 1)
|| (s->version != DTLS1_BAD_VER
&& remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
SSL_R_BAD_CHANGE_CIPHER_SPEC);
goto f_err;
}
} else {
if (remain != 0) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
SSL_R_BAD_CHANGE_CIPHER_SPEC);
goto f_err;
}
}
/* Check we have a cipher to change to */
if (s->s3->tmp.new_cipher == NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
goto f_err;
}
s->s3->change_cipher_spec = 1;
if (!ssl3_do_change_cipher_spec(s)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
goto f_err;
}
if (SSL_IS_DTLS(s)) {
dtls1_reset_seq_numbers(s, SSL3_CC_READ);
if (s->version == DTLS1_BAD_VER)
s->d1->handshake_read_seq++;
#ifndef OPENSSL_NO_SCTP
/*
* Remember that a CCS has been received, so that an old key of
* SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
* SCTP is used
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
#endif
}
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
int dtls1_accept(SSL *s)
{
BUF_MEM *buf;
unsigned long Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
unsigned long alg_k;
int ret= -1;
int new_state,state,skip=0;
int listen;
#ifndef OPENSSL_NO_SCTP
unsigned char sctpauthkey[64];
char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
#endif
RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
if (s->info_callback != NULL)
cb=s->info_callback;
else if (s->ctx->info_callback != NULL)
cb=s->ctx->info_callback;
listen = s->d1->listen;
/* init things to blank */
s->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->d1->listen = listen;
#ifndef OPENSSL_NO_SCTP
/* Notify SCTP BIO socket to enter handshake
* mode and prevent stream identifier other
* than 0. Will be ignored if no SCTP is used.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
#endif
if (s->cert == NULL)
{
SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
return(-1);
}
#ifndef OPENSSL_NO_HEARTBEATS
/* If we're awaiting a HeartbeatResponse, pretend we
* already got and don't await it anymore, because
* Heartbeats don't make sense during handshakes anyway.
*/
if (s->tlsext_hb_pending)
{
dtls1_stop_timer(s);
s->tlsext_hb_pending = 0;
s->tlsext_hb_seq++;
}
#endif
for (;;)
{
state=s->state;
switch (s->state)
{
case SSL_ST_RENEGOTIATE:
s->renegotiate=1;
/* s->state=SSL_ST_ACCEPT; */
case SSL_ST_BEFORE:
case SSL_ST_ACCEPT:
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
s->server=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
{
SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
return -1;
}
s->type=SSL_ST_ACCEPT;
if (s->init_buf == NULL)
{
if ((buf=BUF_MEM_new()) == NULL)
{
ret= -1;
goto end;
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
ret= -1;
goto end;
}
s->init_buf=buf;
}
if (!ssl3_setup_buffers(s))
{
ret= -1;
goto end;
}
s->init_num=0;
if (s->state != SSL_ST_RENEGOTIATE)
{
/* Ok, we now need to push on a buffering BIO so that
* the output is sent in a way that TCP likes :-)
* ...but not with SCTP :-)
*/
#ifndef OPENSSL_NO_SCTP
if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
#endif
if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
ssl3_init_finished_mac(s);
s->state=SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->stats.sess_accept++;
}
else
{
/* s->state == SSL_ST_RENEGOTIATE,
* we will just send a HelloRequest */
s->ctx->stats.sess_accept_renegotiate++;
s->state=SSL3_ST_SW_HELLO_REQ_A;
}
break;
case SSL3_ST_SW_HELLO_REQ_A:
case SSL3_ST_SW_HELLO_REQ_B:
s->shutdown=0;
dtls1_start_timer(s);
ret=dtls1_send_hello_request(s);
if (ret <= 0) goto end;
s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
s->state=SSL3_ST_SW_FLUSH;
s->init_num=0;
ssl3_init_finished_mac(s);
break;
case SSL3_ST_SW_HELLO_REQ_C:
s->state=SSL_ST_OK;
break;
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
s->shutdown=0;
ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end;
dtls1_stop_timer(s);
if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
else
s->state = SSL3_ST_SW_SRVR_HELLO_A;
s->init_num=0;
/* Reflect ClientHello sequence to remain stateless while listening */
if (listen)
{
memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
}
/* If we're just listening, stop here */
if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
{
ret = 2;
s->d1->listen = 0;
/* Set expected sequence numbers
* to continue the handshake.
*/
s->d1->handshake_read_seq = 2;
s->d1->handshake_write_seq = 1;
s->d1->next_handshake_write_seq = 1;
goto end;
}
break;
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
ret = dtls1_send_hello_verify_request(s);
if ( ret <= 0) goto end;
s->state=SSL3_ST_SW_FLUSH;
s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
/* HelloVerifyRequest resets Finished MAC */
if (s->version != DTLS1_BAD_VER)
ssl3_init_finished_mac(s);
break;
#ifndef OPENSSL_NO_SCTP
case DTLS1_SCTP_ST_SR_READ_SOCK:
if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
{
s->s3->in_read_app_data=2;
s->rwstate=SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
ret = -1;
goto end;
}
s->state=SSL3_ST_SR_FINISHED_A;
break;
case DTLS1_SCTP_ST_SW_WRITE_SOCK:
ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
if (ret < 0) goto end;
if (ret == 0)
{
if (s->d1->next_state != SSL_ST_OK)
{
s->s3->in_read_app_data=2;
s->rwstate=SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
ret = -1;
goto end;
}
}
s->state=s->d1->next_state;
break;
#endif
case SSL3_ST_SW_SRVR_HELLO_A:
case SSL3_ST_SW_SRVR_HELLO_B:
s->renegotiate = 2;
dtls1_start_timer(s);
ret=dtls1_send_server_hello(s);
if (ret <= 0) goto end;
if (s->hit)
{
#ifndef OPENSSL_NO_SCTP
/* Add new shared key for SCTP-Auth,
* will be ignored if no SCTP used.
*/
snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
#endif
#ifndef OPENSSL_NO_TLSEXT
if (s->tlsext_ticket_expected)
s->state=SSL3_ST_SW_SESSION_TICKET_A;
else
s->state=SSL3_ST_SW_CHANGE_A;
#else
s->state=SSL3_ST_SW_CHANGE_A;
#endif
}
else
s->state=SSL3_ST_SW_CERT_A;
s->init_num=0;
break;
case SSL3_ST_SW_CERT_A:
case SSL3_ST_SW_CERT_B:
/* Check if it is anon DH or normal PSK */
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
dtls1_start_timer(s);
ret=dtls1_send_server_certificate(s);
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_TLSEXT
if (s->tlsext_status_expected)
s->state=SSL3_ST_SW_CERT_STATUS_A;
else
s->state=SSL3_ST_SW_KEY_EXCH_A;
}
else
{
skip = 1;
s->state=SSL3_ST_SW_KEY_EXCH_A;
}
#else
}
else
skip=1;
s->state=SSL3_ST_SW_KEY_EXCH_A;
#endif
s->init_num=0;
break;
case SSL3_ST_SW_KEY_EXCH_A:
case SSL3_ST_SW_KEY_EXCH_B:
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
/* clear this, it may get reset by
* send_server_key_exchange */
if ((s->options & SSL_OP_EPHEMERAL_RSA)
#ifndef OPENSSL_NO_KRB5
&& !(alg_k & SSL_kKRB5)
#endif /* OPENSSL_NO_KRB5 */
)
/* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
* even when forbidden by protocol specs
* (handshake may fail as clients are not required to
* be able to handle this) */
s->s3->tmp.use_rsa_tmp=1;
else
s->s3->tmp.use_rsa_tmp=0;
/* only send if a DH key exchange or
* RSA but we have a sign only certificate */
if (s->s3->tmp.use_rsa_tmp
/* PSK: send ServerKeyExchange if PSK identity
* hint if provided */
#ifndef OPENSSL_NO_PSK
|| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
#endif
|| (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
|| (alg_k & SSL_kEECDH)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
)
)
)
)
{
dtls1_start_timer(s);
ret=dtls1_send_server_key_exchange(s);
if (ret <= 0) goto end;
}
else
skip=1;
s->state=SSL3_ST_SW_CERT_REQ_A;
s->init_num=0;
break;
case SSL3_ST_SW_CERT_REQ_A:
case SSL3_ST_SW_CERT_REQ_B:
if (/* don't request cert unless asked for it: */
!(s->verify_mode & SSL_VERIFY_PEER) ||
/* if SSL_VERIFY_CLIENT_ONCE is set,
* don't request cert during re-negotiation: */
((s->session->peer != NULL) &&
(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
/* never request cert in anonymous ciphersuites
* (see section "Certificate request" in SSL 3 drafts
* and in RFC 2246): */
((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
/* ... except when the application insists on verification
* (against the specs, but s3_clnt.c accepts this for SSL 3) */
!(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
/* never request cert in Kerberos ciphersuites */
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
/* With normal PSK Certificates and
* Certificate Requests are omitted */
|| (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
/* no cert request */
skip=1;
s->s3->tmp.cert_request=0;
s->state=SSL3_ST_SW_SRVR_DONE_A;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
{
s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
}
#endif
}
else
{
s->s3->tmp.cert_request=1;
dtls1_start_timer(s);
ret=dtls1_send_certificate_request(s);
if (ret <= 0) goto end;
#ifndef NETSCAPE_HANG_BUG
s->state=SSL3_ST_SW_SRVR_DONE_A;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
{
s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
}
#endif
#else
s->state=SSL3_ST_SW_FLUSH;
s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
{
s->d1->next_state = s->s3->tmp.next_state;
s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
}
#endif
#endif
s->init_num=0;
}
break;
case SSL3_ST_SW_SRVR_DONE_A:
case SSL3_ST_SW_SRVR_DONE_B:
dtls1_start_timer(s);
ret=dtls1_send_server_done(s);
if (ret <= 0) goto end;
s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
s->state=SSL3_ST_SW_FLUSH;
s->init_num=0;
break;
case SSL3_ST_SW_FLUSH:
s->rwstate=SSL_WRITING;
if (BIO_flush(s->wbio) <= 0)
{
/* If the write error was fatal, stop trying */
if (!BIO_should_retry(s->wbio))
{
s->rwstate=SSL_NOTHING;
s->state=s->s3->tmp.next_state;
}
ret= -1;
goto end;
}
s->rwstate=SSL_NOTHING;
s->state=s->s3->tmp.next_state;
break;
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
/* Check for second client hello (MS SGC) */
ret = ssl3_check_client_hello(s);
if (ret <= 0)
goto end;
if (ret == 2)
{
dtls1_stop_timer(s);
s->state = SSL3_ST_SR_CLNT_HELLO_C;
}
else {
/* could be sent for a DH cert, even if we
* have not asked for it :-) */
ret=ssl3_get_client_certificate(s);
if (ret <= 0) goto end;
s->init_num=0;
s->state=SSL3_ST_SR_KEY_EXCH_A;
}
break;
case SSL3_ST_SR_KEY_EXCH_A:
case SSL3_ST_SR_KEY_EXCH_B:
ret=ssl3_get_client_key_exchange(s);
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_SCTP
/* Add new shared key for SCTP-Auth,
* will be ignored if no SCTP used.
*/
snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
#endif
s->state=SSL3_ST_SR_CERT_VRFY_A;
s->init_num=0;
if (ret == 2)
{
/* For the ECDH ciphersuites when
* the client sends its ECDH pub key in
* a certificate, the CertificateVerify
* message is not sent.
*/
s->state=SSL3_ST_SR_FINISHED_A;
s->init_num = 0;
}
else
{
s->state=SSL3_ST_SR_CERT_VRFY_A;
s->init_num=0;
/* We need to get hashes here so if there is
* a client cert, it can be verified */
s->method->ssl3_enc->cert_verify_mac(s,
NID_md5,
&(s->s3->tmp.cert_verify_md[0]));
s->method->ssl3_enc->cert_verify_mac(s,
NID_sha1,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
}
break;
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
s->d1->change_cipher_spec_ok = 1;
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
state == SSL_ST_RENEGOTIATE)
s->state=DTLS1_SCTP_ST_SR_READ_SOCK;
else
#endif
s->state=SSL3_ST_SR_FINISHED_A;
s->init_num=0;
break;
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
s->d1->change_cipher_spec_ok = 1;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
dtls1_stop_timer(s);
if (s->hit)
s->state=SSL_ST_OK;
#ifndef OPENSSL_NO_TLSEXT
else if (s->tlsext_ticket_expected)
s->state=SSL3_ST_SW_SESSION_TICKET_A;
#endif
else
s->state=SSL3_ST_SW_CHANGE_A;
s->init_num=0;
break;
#ifndef OPENSSL_NO_TLSEXT
case SSL3_ST_SW_SESSION_TICKET_A:
case SSL3_ST_SW_SESSION_TICKET_B:
ret=dtls1_send_newsession_ticket(s);
if (ret <= 0) goto end;
s->state=SSL3_ST_SW_CHANGE_A;
s->init_num=0;
break;
case SSL3_ST_SW_CERT_STATUS_A:
case SSL3_ST_SW_CERT_STATUS_B:
ret=ssl3_send_cert_status(s);
if (ret <= 0) goto end;
s->state=SSL3_ST_SW_KEY_EXCH_A;
s->init_num=0;
break;
#endif
case SSL3_ST_SW_CHANGE_A:
case SSL3_ST_SW_CHANGE_B:
s->session->cipher=s->s3->tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s))
{ ret= -1; goto end; }
ret=dtls1_send_change_cipher_spec(s,
SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_SCTP
/* Change to new shared key of SCTP-Auth,
* will be ignored if no SCTP used.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
#endif
s->state=SSL3_ST_SW_FINISHED_A;
s->init_num=0;
if (!s->method->ssl3_enc->change_cipher_state(s,
SSL3_CHANGE_CIPHER_SERVER_WRITE))
{
ret= -1;
goto end;
}
dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
break;
case SSL3_ST_SW_FINISHED_A:
case SSL3_ST_SW_FINISHED_B:
ret=dtls1_send_finished(s,
SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
s->method->ssl3_enc->server_finished_label,
s->method->ssl3_enc->server_finished_label_len);
if (ret <= 0) goto end;
s->state=SSL3_ST_SW_FLUSH;
if (s->hit)
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
else
{
s->s3->tmp.next_state=SSL_ST_OK;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
{
s->d1->next_state = s->s3->tmp.next_state;
s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
}
#endif
}
s->init_num=0;
break;
case SSL_ST_OK:
/* clean a few things up */
ssl3_cleanup_key_block(s);
#if 0
BUF_MEM_free(s->init_buf);
s->init_buf=NULL;
#endif
/* remove buffering on output */
ssl_free_wbio_buffer(s);
s->init_num=0;
if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
{
s->renegotiate=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
s->ctx->stats.sess_accept_good++;
/* s->server=1; */
s->handshake_func=dtls1_accept;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
}
ret = 1;
/* done handshaking, next message is client hello */
s->d1->handshake_read_seq = 0;
/* next message is server hello */
s->d1->handshake_write_seq = 0;
s->d1->next_handshake_write_seq = 0;
goto end;
/* break; */
default:
SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
ret= -1;
goto end;
/* break; */
}
int eHttpStream::openUrl(const std::string &url, std::string &newurl)
{
int port;
std::string hostname;
std::string uri = url;
std::string request;
size_t buflen = 1024;
char *linebuf = NULL;
int result;
char proto[100];
int statuscode = 0;
char statusmsg[100];
bool playlist = false;
bool contenttypeparsed = false;
close();
std::string user_agent = "Enigma2 HbbTV/1.1.1 (+PVR+RTSP+DL;openNFR;;;)";
std::string extra_headers = "";
size_t pos = uri.find('#');
if (pos != std::string::npos)
{
extra_headers = uri.substr(pos + 1);
uri = uri.substr(0, pos);
pos = extra_headers.find("User-Agent=");
if (pos != std::string::npos)
{
size_t hpos_start = pos + 11;
size_t hpos_end = extra_headers.find('&', hpos_start);
if (hpos_end != std::string::npos)
user_agent = extra_headers.substr(hpos_start, hpos_end - hpos_start);
else
user_agent = extra_headers.substr(hpos_start);
}
}
int pathindex = uri.find("/", 7);
if (pathindex > 0)
{
hostname = uri.substr(7, pathindex - 7);
uri = uri.substr(pathindex, uri.length() - pathindex);
}
else
{
hostname = uri.substr(7, uri.length() - 7);
uri = "/";
}
int authenticationindex = hostname.find("@");
if (authenticationindex > 0)
{
BIO *mbio, *b64bio, *bio;
char *p = (char*)NULL;
int length = 0;
authorizationData = hostname.substr(0, authenticationindex);
hostname = hostname.substr(authenticationindex + 1);
mbio = BIO_new(BIO_s_mem());
b64bio = BIO_new(BIO_f_base64());
bio = BIO_push(b64bio, mbio);
BIO_write(bio, authorizationData.c_str(), authorizationData.length());
BIO_flush(bio);
length = BIO_ctrl(mbio, BIO_CTRL_INFO, 0, (char*)&p);
authorizationData = "";
if (p && length > 0)
{
/* base64 output contains a linefeed, which we ignore */
authorizationData.append(p, length - 1);
}
BIO_free_all(bio);
}
int customportindex = hostname.find(":");
if (customportindex > 0)
{
port = atoi(hostname.substr(customportindex + 1, hostname.length() - customportindex - 1).c_str());
hostname = hostname.substr(0, customportindex);
}
else if (customportindex == 0)
{
port = atoi(hostname.substr(1, hostname.length() - 1).c_str());
hostname = "localhost";
}
else
{
port = 80;
}
streamSocket = Connect(hostname.c_str(), port, 10);
if (streamSocket < 0)
goto error;
request = "GET ";
request.append(uri).append(" HTTP/1.1\r\n");
request.append("Host: ").append(hostname).append("\r\n");
request.append("User-Agent: ").append(user_agent).append("\r\n");
if (authorizationData != "")
{
request.append("Authorization: Basic ").append(authorizationData).append("\r\n");
}
pos = 0;
while (pos != std::string::npos && !extra_headers.empty())
{
std::string name, value;
size_t start = pos;
size_t len = std::string::npos;
pos = extra_headers.find('=', pos);
if (pos != std::string::npos)
{
len = pos - start;
pos++;
name = extra_headers.substr(start, len);
start = pos;
len = std::string::npos;
pos = extra_headers.find('&', pos);
if (pos != std::string::npos)
{
len = pos - start;
pos++;
}
value = extra_headers.substr(start, len);
}
if (!name.empty() && !value.empty())
{
if (name.compare("User-Agent") == 0)
continue;
eDebug("[eHttpStream] setting extra-header '%s:%s'", name.c_str(), value.c_str());
request.append(name).append(": ").append(value).append("\r\n");
}
else
{
eDebug("[eHttpStream] Invalid header format %s", extra_headers.c_str());
break;
}
}
request.append("Accept: */*\r\n");
request.append("Connection: close\r\n");
request.append("\r\n");
writeAll(streamSocket, request.c_str(), request.length());
linebuf = (char*)malloc(buflen);
result = readLine(streamSocket, &linebuf, &buflen);
if (result <= 0)
goto error;
result = sscanf(linebuf, "%99s %d %99s", proto, &statuscode, statusmsg);
if (result != 3 || (statuscode != 200 && statuscode != 206 && statuscode != 302))
{
eDebug("%s: wrong http response code: %d", __FUNCTION__, statuscode);
goto error;
}
while (1)
{
result = readLine(streamSocket, &linebuf, &buflen);
if (!contenttypeparsed)
{
char contenttype[33];
if (sscanf(linebuf, "Content-Type: %32s", contenttype) == 1)
{
contenttypeparsed = true;
if (!strcasecmp(contenttype, "application/text")
|| !strcasecmp(contenttype, "audio/x-mpegurl")
|| !strcasecmp(contenttype, "audio/mpegurl")
|| !strcasecmp(contenttype, "application/m3u"))
{
/* assume we'll get a playlist, some text file containing a stream url */
playlist = true;
}
continue;
}
}
if (playlist && !strncasecmp(linebuf, "http://", 7))
{
newurl = linebuf;
eDebug("%s: playlist entry: %s", __FUNCTION__, newurl.c_str());
break;
}
if (((statuscode == 301) || (statuscode == 302) || (statuscode == 303) || (statuscode == 307) || (statuscode == 308)) &&
strncasecmp(linebuf, "location: ", 10) == 0)
{
newurl = &linebuf[10];
if (!extra_headers.empty())
newurl.append("#").append(extra_headers);
eDebug("%s: redirecting to: %s", __FUNCTION__, newurl.c_str());
break;
}
if (((statuscode == 200) || (statuscode == 206)) && !strncasecmp(linebuf, "transfer-encoding: chunked", strlen("transfer-encoding: chunked")))
{
isChunked = true;
}
if (!playlist && result == 0)
break;
if (result < 0)
break;
}
free(linebuf);
return 0;
error:
eDebug("%s failed", __FUNCTION__);
free(linebuf);
close();
return -1;
}
static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
{
BIO_ASN1_BUF_CTX *ctx;
BIO_ASN1_EX_FUNCS *ex_func;
long ret = 1;
BIO *next;
ctx = BIO_get_data(b);
if (ctx == NULL)
return 0;
next = BIO_next(b);
switch (cmd) {
case BIO_C_SET_PREFIX:
ex_func = arg2;
ctx->prefix = ex_func->ex_func;
ctx->prefix_free = ex_func->ex_free_func;
break;
case BIO_C_GET_PREFIX:
ex_func = arg2;
ex_func->ex_func = ctx->prefix;
ex_func->ex_free_func = ctx->prefix_free;
break;
case BIO_C_SET_SUFFIX:
ex_func = arg2;
ctx->suffix = ex_func->ex_func;
ctx->suffix_free = ex_func->ex_free_func;
break;
case BIO_C_GET_SUFFIX:
ex_func = arg2;
ex_func->ex_func = ctx->suffix;
ex_func->ex_free_func = ctx->suffix_free;
break;
case BIO_C_SET_EX_ARG:
ctx->ex_arg = arg2;
break;
case BIO_C_GET_EX_ARG:
*(void **)arg2 = ctx->ex_arg;
break;
case BIO_CTRL_FLUSH:
if (next == NULL)
return 0;
/* Call post function if possible */
if (ctx->state == ASN1_STATE_HEADER) {
if (!asn1_bio_setup_ex(b, ctx, ctx->suffix,
ASN1_STATE_POST_COPY, ASN1_STATE_DONE))
return 0;
}
if (ctx->state == ASN1_STATE_POST_COPY) {
ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free,
ASN1_STATE_DONE);
if (ret <= 0)
return ret;
}
if (ctx->state == ASN1_STATE_DONE)
return BIO_ctrl(next, cmd, arg1, arg2);
else {
BIO_clear_retry_flags(b);
return 0;
}
default:
if (next == NULL)
return 0;
return BIO_ctrl(next, cmd, arg1, arg2);
}
return ret;
}
int MAIN(int argc, char **argv)
{
int off=0, clr = 0;
SSL *con=NULL,*con2=NULL;
X509_STORE *store = NULL;
int s,k,width,state=0;
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
int cutthrough=0;
int crlf=0;
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
int starttls_proto = PROTO_OFF;
int prexit = 0, vflags = 0;
SSL_METHOD *meth=NULL;
#ifdef sock_type
#undef sock_type
#endif
int sock_type=SOCK_STREAM;
BIO *sbio;
char *inrand=NULL;
int mbuf_len=0;
struct timeval timeout, *timeoutp;
#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
char *ssl_client_engine_id=NULL;
ENGINE *ssl_client_engine=NULL;
#endif
ENGINE *e=NULL;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
#endif
#ifndef OPENSSL_NO_TLSEXT
char *servername = NULL;
tlsextctx tlsextcbp =
{NULL,0};
#endif
char *sess_in = NULL;
char *sess_out = NULL;
struct sockaddr peer;
int peerlen = sizeof(peer);
int enable_timeouts = 0 ;
long socket_mtu = 0;
#ifndef OPENSSL_NO_JPAKE
char *jpake_secret = NULL;
#endif
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_client_method();
#elif !defined(OPENSSL_NO_SSL3)
meth=SSLv3_client_method();
#elif !defined(OPENSSL_NO_SSL2)
meth=SSLv2_client_method();
#endif
apps_startup();
c_Pause=0;
c_quiet=0;
c_ign_eof=0;
c_debug=0;
c_msg=0;
c_showcerts=0;
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
}
verify_depth=0;
verify_error=X509_V_OK;
#ifdef FIONBIO
c_nbio=0;
#endif
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-host") == 0)
{
if (--argc < 1) goto bad;
host= *(++argv);
}
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
port=atoi(*(++argv));
if (port == 0) goto bad;
}
else if (strcmp(*argv,"-connect") == 0)
{
if (--argc < 1) goto bad;
if (!extract_host_port(*(++argv),&host,NULL,&port))
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
{
verify=SSL_VERIFY_PEER;
if (--argc < 1) goto bad;
verify_depth=atoi(*(++argv));
BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
}
else if (strcmp(*argv,"-cert") == 0)
{
if (--argc < 1) goto bad;
cert_file= *(++argv);
}
else if (strcmp(*argv,"-sess_out") == 0)
{
if (--argc < 1) goto bad;
sess_out = *(++argv);
}
else if (strcmp(*argv,"-sess_in") == 0)
{
if (--argc < 1) goto bad;
sess_in = *(++argv);
}
else if (strcmp(*argv,"-certform") == 0)
{
if (--argc < 1) goto bad;
cert_format = str2fmt(*(++argv));
}
else if (strcmp(*argv,"-crl_check") == 0)
vflags |= X509_V_FLAG_CRL_CHECK;
else if (strcmp(*argv,"-crl_check_all") == 0)
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (strcmp(*argv,"-prexit") == 0)
prexit=1;
else if (strcmp(*argv,"-crlf") == 0)
crlf=1;
else if (strcmp(*argv,"-quiet") == 0)
{
c_quiet=1;
c_ign_eof=1;
}
else if (strcmp(*argv,"-ign_eof") == 0)
c_ign_eof=1;
else if (strcmp(*argv,"-no_ign_eof") == 0)
c_ign_eof=0;
else if (strcmp(*argv,"-pause") == 0)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)
c_debug=1;
#ifndef OPENSSL_NO_TLSEXT
else if (strcmp(*argv,"-tlsextdebug") == 0)
c_tlsextdebug=1;
else if (strcmp(*argv,"-status") == 0)
c_status_req=1;
#endif
#ifdef WATT32
else if (strcmp(*argv,"-wdebug") == 0)
dbug_init();
#endif
else if (strcmp(*argv,"-msg") == 0)
c_msg=1;
else if (strcmp(*argv,"-showcerts") == 0)
c_showcerts=1;
else if (strcmp(*argv,"-nbio_test") == 0)
nbio_test=1;
else if (strcmp(*argv,"-state") == 0)
state=1;
#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
#ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
#ifndef OPENSSL_NO_DTLS1
else if (strcmp(*argv,"-dtls1") == 0)
{
meth=DTLSv1_client_method();
sock_type=SOCK_DGRAM;
}
else if (strcmp(*argv,"-timeout") == 0)
enable_timeouts=1;
else if (strcmp(*argv,"-mtu") == 0)
{
if (--argc < 1) goto bad;
socket_mtu = atol(*(++argv));
}
#endif
else if (strcmp(*argv,"-bugs") == 0)
bugs=1;
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) goto bad;
key_format = str2fmt(*(++argv));
}
else if (strcmp(*argv,"-pass") == 0)
{
if (--argc < 1) goto bad;
passarg = *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
key_file= *(++argv);
}
else if (strcmp(*argv,"-reconnect") == 0)
{
reconnect=5;
}
else if (strcmp(*argv,"-CApath") == 0)
{
if (--argc < 1) goto bad;
CApath= *(++argv);
}
else if (strcmp(*argv,"-CAfile") == 0)
{
if (--argc < 1) goto bad;
CAfile= *(++argv);
}
else if (strcmp(*argv,"-no_tls1") == 0)
off|=SSL_OP_NO_TLSv1;
else if (strcmp(*argv,"-no_ssl3") == 0)
off|=SSL_OP_NO_SSLv3;
else if (strcmp(*argv,"-no_ssl2") == 0)
off|=SSL_OP_NO_SSLv2;
#ifndef OPENSSL_NO_TLSEXT
else if (strcmp(*argv,"-no_ticket") == 0)
{ off|=SSL_OP_NO_TICKET; }
#endif
else if (strcmp(*argv,"-cutthrough") == 0)
cutthrough=1;
else if (strcmp(*argv,"-serverpref") == 0)
off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
else if (strcmp(*argv,"-legacy_renegotiation") == 0)
off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
else if (strcmp(*argv,"-legacy_server_connect") == 0)
{ off|=SSL_OP_LEGACY_SERVER_CONNECT; }
else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
{ clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
cipher= *(++argv);
}
#ifdef FIONBIO
else if (strcmp(*argv,"-nbio") == 0)
{ c_nbio=1; }
#endif
else if (strcmp(*argv,"-starttls") == 0)
{
if (--argc < 1) goto bad;
++argv;
if (strcmp(*argv,"smtp") == 0)
starttls_proto = PROTO_SMTP;
else if (strcmp(*argv,"pop3") == 0)
starttls_proto = PROTO_POP3;
else if (strcmp(*argv,"imap") == 0)
starttls_proto = PROTO_IMAP;
else if (strcmp(*argv,"ftp") == 0)
starttls_proto = PROTO_FTP;
else if (strcmp(*argv, "xmpp") == 0)
starttls_proto = PROTO_XMPP;
else
goto bad;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id = *(++argv);
}
else if (strcmp(*argv,"-ssl_client_engine") == 0)
{
if (--argc < 1) goto bad;
ssl_client_engine_id = *(++argv);
}
#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
#ifndef OPENSSL_NO_TLSEXT
else if (strcmp(*argv,"-servername") == 0)
{
if (--argc < 1) goto bad;
servername= *(++argv);
/* meth=TLSv1_client_method(); */
}
#endif
#ifndef OPENSSL_NO_JPAKE
else if (strcmp(*argv,"-jpake") == 0)
{
if (--argc < 1) goto bad;
jpake_secret = *++argv;
}
#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badop=1;
break;
}
argc--;
argv++;
}
if (badop)
{
bad:
sc_usage();
goto end;
}
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
if (ssl_client_engine_id)
{
ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
if (!ssl_client_engine)
{
BIO_printf(bio_err,
"Error getting client auth engine\n");
goto end;
}
}
#endif
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
{
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if (key_file == NULL)
key_file = cert_file;
if (key_file)
{
key = load_key(bio_err, key_file, key_format, 0, pass, e,
"client certificate private key file");
if (!key)
{
ERR_print_errors(bio_err);
goto end;
}
}
if (cert_file)
{
cert = load_cert(bio_err,cert_file,cert_format,
NULL, e, "client certificate file");
if (!cert)
{
ERR_print_errors(bio_err);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
if (bio_c_out == NULL)
{
if (c_quiet && !c_debug && !c_msg)
{
bio_c_out=BIO_new(BIO_s_null());
}
else
{
if (bio_c_out == NULL)
bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
}
}
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
#ifndef OPENSSL_NO_ENGINE
if (ssl_client_engine)
{
if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
{
BIO_puts(bio_err, "Error setting client auth engine\n");
ERR_print_errors(bio_err);
ENGINE_free(ssl_client_engine);
goto end;
}
ENGINE_free(ssl_client_engine);
}
#endif
if (bugs)
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else
SSL_CTX_set_options(ctx,off);
if (clr)
SSL_CTX_clear_options(ctx, clr);
/* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
/* Enable handshake cutthrough for client connections using
* strong ciphers. */
if (cutthrough)
{
int ssl_mode = SSL_CTX_get_mode(ctx);
ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH;
SSL_CTX_set_mode(ctx, ssl_mode);
}
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
if (cipher != NULL)
if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
BIO_printf(bio_err,"error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
}
#if 0
else
SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
#endif
SSL_CTX_set_verify(ctx,verify,verify_callback);
if (!set_cert_key_stuff(ctx,cert,key))
goto end;
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx)))
{
/* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
/* goto end; */
}
store = SSL_CTX_get_cert_store(ctx);
X509_STORE_set_flags(store, vflags);
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL)
{
tlsextcbp.biodebug = bio_err;
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
}
#endif
con=SSL_new(ctx);
if (sess_in)
{
SSL_SESSION *sess;
BIO *stmp = BIO_new_file(sess_in, "r");
if (!stmp)
{
BIO_printf(bio_err, "Can't open session file %s\n",
sess_in);
ERR_print_errors(bio_err);
goto end;
}
sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
BIO_free(stmp);
if (!sess)
{
BIO_printf(bio_err, "Can't open session file %s\n",
sess_in);
ERR_print_errors(bio_err);
goto end;
}
SSL_set_session(con, sess);
SSL_SESSION_free(sess);
}
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL)
{
if (!SSL_set_tlsext_host_name(con,servername))
{
BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
ERR_print_errors(bio_err);
goto end;
}
}
#endif
#ifndef OPENSSL_NO_KRB5
if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
{
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
}
#endif /* OPENSSL_NO_KRB5 */
/* SSL_set_cipher_list(con,"RC4-MD5"); */
re_start:
if (init_client(&s,host,port,sock_type) == 0)
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
goto end;
}
BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
#ifdef FIONBIO
if (c_nbio)
{
unsigned long l=1;
BIO_printf(bio_c_out,"turning on non blocking io\n");
if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
{
ERR_print_errors(bio_err);
goto end;
}
}
#endif
if (c_Pause & 0x01) con->debug=1;
if ( SSL_version(con) == DTLS1_VERSION)
{
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
if (getsockname(s, &peer, (void *)&peerlen) < 0)
{
BIO_printf(bio_err, "getsockname:errno=%d\n",
get_last_socket_error());
SHUTDOWN(s);
goto end;
}
(void)BIO_ctrl_set_connected(sbio, 1, &peer);
if ( enable_timeouts)
{
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_RCV_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_SND_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
if (socket_mtu > 28)
{
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu(con, socket_mtu - 28);
}
else
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
}
else
sbio=BIO_new_socket(s,BIO_NOCLOSE);
if (nbio_test)
{
BIO *test;
test=BIO_new(BIO_f_nbio_test());
sbio=BIO_push(test,sbio);
}
if (c_debug)
{
con->debug=1;
BIO_set_callback(sbio,bio_dump_callback);
BIO_set_callback_arg(sbio,(char *)bio_c_out);
}
if (c_msg)
{
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_c_out);
}
#ifndef OPENSSL_NO_TLSEXT
if (c_tlsextdebug)
{
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_c_out);
}
if (c_status_req)
{
SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
#if 0
{
STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
OCSP_RESPID *id = OCSP_RESPID_new();
id->value.byKey = ASN1_OCTET_STRING_new();
id->type = V_OCSP_RESPID_KEY;
ASN1_STRING_set(id->value.byKey, "Hello World", -1);
sk_OCSP_RESPID_push(ids, id);
SSL_set_tlsext_status_ids(con, ids);
}
#endif
}
#endif
#ifndef OPENSSL_NO_JPAKE
if (jpake_secret)
jpake_client_auth(bio_c_out, sbio, jpake_secret);
#endif
SSL_set_bio(con,sbio,sbio);
SSL_set_connect_state(con);
/* ok, lets connect */
width=SSL_get_fd(con)+1;
read_tty=1;
write_tty=0;
tty_on=0;
read_ssl=1;
write_ssl=1;
cbuf_len=0;
cbuf_off=0;
sbuf_len=0;
sbuf_off=0;
/* This is an ugly hack that does a lot of assumptions */
/* We do have to handle multi-line responses which may come
in a single packet or not. We therefore have to use
BIO_gets() which does need a buffering BIO. So during
the initial chitchat we do push a buffering BIO into the
chain that is removed again later on to not disturb the
rest of the s_client operation. */
if (starttls_proto == PROTO_SMTP)
{
int foundit=0;
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
/* wait for multi-line response to end from SMTP */
do
{
mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
}
while (mbuf_len>3 && mbuf[3]=='-');
/* STARTTLS command requires EHLO... */
BIO_printf(fbio,"EHLO openssl.client.net\r\n");
(void)BIO_flush(fbio);
/* wait for multi-line response to end EHLO SMTP response */
do
{
mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
if (strstr(mbuf,"STARTTLS"))
foundit=1;
}
while (mbuf_len>3 && mbuf[3]=='-');
(void)BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);
if (!foundit)
BIO_printf(bio_err,
"didn't found starttls in server response,"
" try anyway...\n");
BIO_printf(sbio,"STARTTLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
else if (starttls_proto == PROTO_POP3)
{
BIO_read(sbio,mbuf,BUFSIZZ);
BIO_printf(sbio,"STLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
else if (starttls_proto == PROTO_IMAP)
{
int foundit=0;
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
BIO_gets(fbio,mbuf,BUFSIZZ);
/* STARTTLS command requires CAPABILITY... */
BIO_printf(fbio,". CAPABILITY\r\n");
(void)BIO_flush(fbio);
/* wait for multi-line CAPABILITY response */
do
{
mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
if (strstr(mbuf,"STARTTLS"))
foundit=1;
}
while (mbuf_len>3 && mbuf[0]!='.');
(void)BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);
if (!foundit)
BIO_printf(bio_err,
"didn't found STARTTLS in server response,"
" try anyway...\n");
BIO_printf(sbio,". STARTTLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
else if (starttls_proto == PROTO_FTP)
{
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
/* wait for multi-line response to end from FTP */
do
{
mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
}
while (mbuf_len>3 && mbuf[3]=='-');
(void)BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);
BIO_printf(sbio,"AUTH TLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
if (starttls_proto == PROTO_XMPP)
{
int seen = 0;
BIO_printf(sbio,"<stream:stream "
"xmlns:stream='http://etherx.jabber.org/streams' "
"xmlns='jabber:client' to='%s' version='1.0'>", host);
seen = BIO_read(sbio,mbuf,BUFSIZZ);
mbuf[seen] = 0;
while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
{
if (strstr(mbuf, "/stream:features>"))
goto shut;
seen = BIO_read(sbio,mbuf,BUFSIZZ);
mbuf[seen] = 0;
}
BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
seen = BIO_read(sbio,sbuf,BUFSIZZ);
sbuf[seen] = 0;
if (!strstr(sbuf, "<proceed"))
goto shut;
mbuf[0] = 0;
}
for (;;)
{
FD_ZERO(&readfds);
FD_ZERO(&writefds);
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
if (SSL_in_init(con) && !SSL_total_renegotiations(con))
{
in_init=1;
tty_on=0;
}
else
{
tty_on=1;
if (in_init)
{
in_init=0;
if (sess_out)
{
BIO *stmp = BIO_new_file(sess_out, "w");
if (stmp)
{
PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
BIO_free(stmp);
}
else
BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
}
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
if (starttls_proto)
{
BIO_printf(bio_err,"%s",mbuf);
/* We don't need to know any more */
starttls_proto = PROTO_OFF;
}
if (reconnect)
{
reconnect--;
BIO_printf(bio_c_out,"drop connection and then reconnect\n");
SSL_shutdown(con);
SSL_set_connect_state(con);
SHUTDOWN(SSL_get_fd(con));
goto re_start;
}
}
}
ssl_pending = read_ssl && SSL_pending(con);
if (!ssl_pending)
{
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
if (tty_on)
{
if (read_tty) FD_SET(fileno(stdin),&readfds);
if (write_tty) FD_SET(fileno(stdout),&writefds);
}
if (read_ssl)
FD_SET(SSL_get_fd(con),&readfds);
if (write_ssl)
FD_SET(SSL_get_fd(con),&writefds);
#else
if(!tty_on || !write_tty) {
if (read_ssl)
FD_SET(SSL_get_fd(con),&readfds);
if (write_ssl)
FD_SET(SSL_get_fd(con),&writefds);
}
#endif
/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
/* Note: under VMS with SOCKETSHR the second parameter
* is currently of type (int *) whereas under other
* systems it is (void *) if you don't have a cast it
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
/* Under Windows/DOS we make the assumption that we can
* always write to the tty: therefore if we need to
* write to the tty we just fall through. Otherwise
* we timeout the select every second and see if there
* are any keypresses. Note: this is a hack, in a proper
* Windows application we wouldn't do this.
*/
i=0;
if(!write_tty) {
if(read_tty) {
tv.tv_sec = 1;
tv.tv_usec = 0;
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
if(!i && (!_kbhit() || !read_tty) ) continue;
#else
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
#endif
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,timeoutp);
}
#elif defined(OPENSSL_SYS_NETWARE)
if(!write_tty) {
if(read_tty) {
tv.tv_sec = 1;
tv.tv_usec = 0;
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,timeoutp);
}
#else
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,timeoutp);
#endif
if ( i < 0)
{
BIO_printf(bio_err,"bad select %d\n",
get_last_socket_error());
goto shut;
/* goto end; */
}
}
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
{
BIO_printf(bio_err,"TIMEOUT occured\n");
}
if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
{
k=SSL_write(con,&(cbuf[cbuf_off]),
(unsigned int)cbuf_len);
switch (SSL_get_error(con,k))
{
case SSL_ERROR_NONE:
cbuf_off+=k;
cbuf_len-=k;
if (k <= 0) goto end;
/* we have done a write(con,NULL,0); */
if (cbuf_len <= 0)
{
read_tty=1;
write_ssl=0;
}
else /* if (cbuf_len > 0) */
{
read_tty=0;
write_ssl=1;
}
break;
case SSL_ERROR_WANT_WRITE:
BIO_printf(bio_c_out,"write W BLOCK\n");
write_ssl=1;
read_tty=0;
break;
case SSL_ERROR_WANT_READ:
BIO_printf(bio_c_out,"write R BLOCK\n");
write_tty=0;
read_ssl=1;
write_ssl=0;
break;
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_printf(bio_c_out,"write X BLOCK\n");
break;
case SSL_ERROR_ZERO_RETURN:
if (cbuf_len != 0)
{
BIO_printf(bio_c_out,"shutdown\n");
goto shut;
}
else
{
read_tty=1;
write_ssl=0;
break;
}
case SSL_ERROR_SYSCALL:
if ((k != 0) || (cbuf_len != 0))
{
BIO_printf(bio_err,"write:errno=%d\n",
get_last_socket_error());
goto shut;
}
else
{
read_tty=1;
write_ssl=0;
}
break;
case SSL_ERROR_SSL:
ERR_print_errors(bio_err);
goto shut;
}
}
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
/* Assume Windows/DOS can always write */
else if (!ssl_pending && write_tty)
#else
else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
#endif
{
#ifdef CHARSET_EBCDIC
ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
#endif
i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
if (i <= 0)
{
BIO_printf(bio_c_out,"DONE\n");
goto shut;
/* goto end; */
}
sbuf_len-=i;;
sbuf_off+=i;
if (sbuf_len <= 0)
{
read_ssl=1;
write_tty=0;
}
}
else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
{
#ifdef RENEG
{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
#endif
#if 1
k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
#else
/* Demo for pending and peek :-) */
k=SSL_read(con,sbuf,16);
{ char zbuf[10240];
printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
}
#endif
switch (SSL_get_error(con,k))
{
case SSL_ERROR_NONE:
if (k <= 0)
goto end;
sbuf_off=0;
sbuf_len=k;
read_ssl=0;
write_tty=1;
break;
case SSL_ERROR_WANT_WRITE:
BIO_printf(bio_c_out,"read W BLOCK\n");
write_ssl=1;
read_tty=0;
break;
case SSL_ERROR_WANT_READ:
BIO_printf(bio_c_out,"read R BLOCK\n");
write_tty=0;
read_ssl=1;
if ((read_tty == 0) && (write_ssl == 0))
write_ssl=1;
break;
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_printf(bio_c_out,"read X BLOCK\n");
break;
case SSL_ERROR_SYSCALL:
BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
goto shut;
case SSL_ERROR_ZERO_RETURN:
BIO_printf(bio_c_out,"closed\n");
goto shut;
case SSL_ERROR_SSL:
ERR_print_errors(bio_err);
goto shut;
/* break; */
}
}
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
else if (_kbhit())
#else
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
#endif
#elif defined (OPENSSL_SYS_NETWARE)
else if (_kbhit())
#else
else if (FD_ISSET(fileno(stdin),&readfds))
#endif
{
if (crlf)
{
int j, lf_num;
i=read(fileno(stdin),cbuf,BUFSIZZ/2);
lf_num = 0;
/* both loops are skipped when i <= 0 */
for (j = 0; j < i; j++)
if (cbuf[j] == '\n')
lf_num++;
for (j = i-1; j >= 0; j--)
{
cbuf[j+lf_num] = cbuf[j];
if (cbuf[j] == '\n')
{
lf_num--;
i++;
cbuf[j+lf_num] = '\r';
}
}
assert(lf_num == 0);
}
else
i=read(fileno(stdin),cbuf,BUFSIZZ);
if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
{
BIO_printf(bio_err,"DONE\n");
goto shut;
}
if ((!c_ign_eof) && (cbuf[0] == 'R'))
{
BIO_printf(bio_err,"RENEGOTIATING\n");
SSL_renegotiate(con);
cbuf_len=0;
}
else
{
cbuf_len=i;
cbuf_off=0;
#ifdef CHARSET_EBCDIC
ebcdic2ascii(cbuf, cbuf, i);
#endif
}
write_ssl=1;
read_tty=0;
}
}
shut:
SSL_shutdown(con);
SHUTDOWN(SSL_get_fd(con));
ret=0;
end:
if(prexit) print_stuff(bio_c_out,con,1);
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
if (cert)
X509_free(cert);
if (key)
EVP_PKEY_free(key);
if (pass)
OPENSSL_free(pass);
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
bio_c_out=NULL;
}
apps_shutdown();
OPENSSL_EXIT(ret);
}
static long
linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
{
BIO *dbio;
BIO_LINEBUFFER_CTX *ctx;
long ret = 1;
char *p;
int r;
int obs;
ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
switch (cmd) {
case BIO_CTRL_RESET:
ctx->obuf_len = 0;
if (b->next_bio == NULL)
return (0);
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
case BIO_CTRL_INFO:
ret = (long)ctx->obuf_len;
break;
case BIO_CTRL_WPENDING:
ret = (long)ctx->obuf_len;
if (ret == 0) {
if (b->next_bio == NULL)
return (0);
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
}
break;
case BIO_C_SET_BUFF_SIZE:
obs = (int)num;
p = ctx->obuf;
if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) {
p = malloc(num);
if (p == NULL)
goto malloc_error;
}
if (ctx->obuf != p) {
if (ctx->obuf_len > obs) {
ctx->obuf_len = obs;
}
memcpy(p, ctx->obuf, ctx->obuf_len);
free(ctx->obuf);
ctx->obuf = p;
ctx->obuf_size = obs;
}
break;
case BIO_C_DO_STATE_MACHINE:
if (b->next_bio == NULL)
return (0);
BIO_clear_retry_flags(b);
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
case BIO_CTRL_FLUSH:
if (b->next_bio == NULL)
return (0);
if (ctx->obuf_len <= 0) {
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
}
for (;;) {
BIO_clear_retry_flags(b);
if (ctx->obuf_len > 0) {
r = BIO_write(b->next_bio,
ctx->obuf, ctx->obuf_len);
BIO_copy_next_retry(b);
if (r <= 0)
return ((long)r);
if (r < ctx->obuf_len)
memmove(ctx->obuf, ctx->obuf + r,
ctx->obuf_len - r);
ctx->obuf_len -= r;
} else {
ctx->obuf_len = 0;
ret = 1;
break;
}
}
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
case BIO_CTRL_DUP:
dbio = (BIO *)ptr;
if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size))
ret = 0;
break;
default:
if (b->next_bio == NULL)
return (0);
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
}
return (ret);
malloc_error:
BIOerror(ERR_R_MALLOC_FAILURE);
return (0);
}
/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
int dtls1_do_write(SSL *s, int type)
{
int ret;
int curr_mtu;
unsigned int len, frag_off;
/* AHA! Figure out the MTU, and stick to the right size */
if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
{
s->d1->mtu =
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
/* I've seen the kernel return bogus numbers when it doesn't know
* (initial write), so just make sure we have a reasonable number */
if ( s->d1->mtu < dtls1_min_mtu())
{
s->d1->mtu = 0;
s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
s->d1->mtu, NULL);
}
}
#if 0
mtu = s->d1->mtu;
fprintf(stderr, "using MTU = %d\n", mtu);
mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
if ( curr_mtu > 0)
mtu = curr_mtu;
else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
return ret;
if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
{
ret = BIO_flush(SSL_get_wbio(s));
if ( ret <= 0)
return ret;
mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
}
OPENSSL_assert(mtu > 0); /* should have something reasonable now */
#endif
if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
frag_off = 0;
while( s->init_num)
{
curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
DTLS1_RT_HEADER_LENGTH;
if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
{
/* grr.. we could get an error if MTU picked was wrong */
ret = BIO_flush(SSL_get_wbio(s));
if ( ret <= 0)
return ret;
curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH;
}
if ( s->init_num > curr_mtu)
len = curr_mtu;
else
len = s->init_num;
/* XDTLS: this function is too long. split out the CCS part */
if ( type == SSL3_RT_HANDSHAKE)
{
if ( s->init_off != 0)
{
OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
s->init_off -= DTLS1_HM_HEADER_LENGTH;
s->init_num += DTLS1_HM_HEADER_LENGTH;
/* write atleast DTLS1_HM_HEADER_LENGTH bytes */
if ( len <= DTLS1_HM_HEADER_LENGTH)
len += DTLS1_HM_HEADER_LENGTH;
}
dtls1_fix_message_header(s, frag_off,
len - DTLS1_HM_HEADER_LENGTH);
dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
}
ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
len);
if (ret < 0)
{
/* might need to update MTU here, but we don't know
* which previous packet caused the failure -- so can't
* really retransmit anything. continue as if everything
* is fine and wait for an alert to handle the
* retransmit
*/
if ( BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL))
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
else
return(-1);
}
else
{
/* bad if this assert fails, only part of the handshake
* message got sent. but why would this happen? */
OPENSSL_assert(len == (unsigned int)ret);
if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
{
/* should not be done for 'Hello Request's, but in that case
* we'll ignore the result anyway */
unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
int xlen;
if (frag_off == 0 && s->client_version != DTLS1_BAD_VER)
{
/* reconstruct message header is if it
* is being sent in single fragment */
*p++ = msg_hdr->type;
l2n3(msg_hdr->msg_len,p);
s2n (msg_hdr->seq,p);
l2n3(0,p);
l2n3(msg_hdr->msg_len,p);
p -= DTLS1_HM_HEADER_LENGTH;
xlen = ret;
}
else
{
p += DTLS1_HM_HEADER_LENGTH;
xlen = ret - DTLS1_HM_HEADER_LENGTH;
}
ssl3_finish_mac(s, p, xlen);
}
if (ret == s->init_num)
{
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
(size_t)(s->init_off + s->init_num), s,
s->msg_callback_arg);
s->init_off = 0; /* done writing this message */
s->init_num = 0;
return(1);
}
s->init_off+=ret;
s->init_num-=ret;
frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
}
}
return(0);
}
static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
{
BIO_ZLIB_CTX *ctx;
int ret, *ip;
int ibs, obs;
BIO *next = BIO_next(b);
if (next == NULL)
return 0;
ctx = BIO_get_data(b);
switch (cmd) {
case BIO_CTRL_RESET:
ctx->ocount = 0;
ctx->odone = 0;
ret = 1;
break;
case BIO_CTRL_FLUSH:
ret = bio_zlib_flush(b);
if (ret > 0)
ret = BIO_flush(next);
break;
case BIO_C_SET_BUFF_SIZE:
ibs = -1;
obs = -1;
if (ptr != NULL) {
ip = ptr;
if (*ip == 0)
ibs = (int)num;
else
obs = (int)num;
} else {
ibs = (int)num;
obs = ibs;
}
if (ibs != -1) {
OPENSSL_free(ctx->ibuf);
ctx->ibuf = NULL;
ctx->ibufsize = ibs;
}
if (obs != -1) {
OPENSSL_free(ctx->obuf);
ctx->obuf = NULL;
ctx->obufsize = obs;
}
ret = 1;
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
ret = BIO_ctrl(next, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
default:
ret = BIO_ctrl(next, cmd, num, ptr);
break;
}
return ret;
}
int dtls1_connect(SSL *s)
{
BUF_MEM *buf=NULL;
unsigned long Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
int new_state,state,skip=0;
#ifndef OPENSSL_NO_SCTP
unsigned char sctpauthkey[64];
char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
#endif
RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
if (s->info_callback != NULL)
cb=s->info_callback;
else if (s->ctx->info_callback != NULL)
cb=s->ctx->info_callback;
s->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
#ifndef OPENSSL_NO_SCTP
/* Notify SCTP BIO socket to enter handshake
* mode and prevent stream identifier other
* than 0. Will be ignored if no SCTP is used.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
#endif
#ifndef OPENSSL_NO_HEARTBEATS
/* If we're awaiting a HeartbeatResponse, pretend we
* already got and don't await it anymore, because
* Heartbeats don't make sense during handshakes anyway.
*/
if (s->tlsext_hb_pending)
{
dtls1_stop_timer(s);
s->tlsext_hb_pending = 0;
s->tlsext_hb_seq++;
}
#endif
for (;;)
{
state=s->state;
switch(s->state)
{
case SSL_ST_RENEGOTIATE:
s->renegotiate=1;
s->state=SSL_ST_CONNECT;
s->ctx->stats.sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
case SSL_ST_CONNECT:
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
(s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
{
SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
ret = -1;
goto end;
}
/* s->version=SSL3_VERSION; */
s->type=SSL_ST_CONNECT;
if (s->init_buf == NULL)
{
if ((buf=BUF_MEM_new()) == NULL)
{
ret= -1;
goto end;
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
ret= -1;
goto end;
}
s->init_buf=buf;
buf=NULL;
}
if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
/* setup buffing BIO */
if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
/* don't push the buffering BIO quite yet */
s->state=SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->stats.sess_connect++;
s->init_num=0;
/* mark client_random uninitialized */
memset(s->s3->client_random,0,sizeof(s->s3->client_random));
s->d1->send_cookie = 0;
s->hit = 0;
break;
#ifndef OPENSSL_NO_SCTP
case DTLS1_SCTP_ST_CR_READ_SOCK:
if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
{
s->s3->in_read_app_data=2;
s->rwstate=SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
ret = -1;
goto end;
}
s->state=s->s3->tmp.next_state;
break;
case DTLS1_SCTP_ST_CW_WRITE_SOCK:
/* read app data until dry event */
ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
if (ret < 0) goto end;
if (ret == 0)
{
s->s3->in_read_app_data=2;
s->rwstate=SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
ret = -1;
goto end;
}
s->state=s->d1->next_state;
break;
#endif
case SSL3_ST_CW_CLNT_HELLO_A:
case SSL3_ST_CW_CLNT_HELLO_B:
s->shutdown=0;
/* every DTLS ClientHello resets Finished MAC */
ssl3_init_finished_mac(s);
dtls1_start_timer(s);
ret=ssl3_client_hello(s);
if (ret <= 0) goto end;
if ( s->d1->send_cookie)
{
s->state=SSL3_ST_CW_FLUSH;
s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;
}
else
s->state=SSL3_ST_CR_SRVR_HELLO_A;
s->init_num=0;
#ifndef OPENSSL_NO_SCTP
/* Disable buffering for SCTP */
if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
{
#endif
/* turn on buffering for the next lot of output */
if (s->bbio != s->wbio)
s->wbio=BIO_push(s->bbio,s->wbio);
#ifndef OPENSSL_NO_SCTP
}
#endif
break;
case SSL3_ST_CR_SRVR_HELLO_A:
case SSL3_ST_CR_SRVR_HELLO_B:
ret=ssl3_get_server_hello(s);
if (ret <= 0) goto end;
else
{
if (s->hit)
{
#ifndef OPENSSL_NO_SCTP
/* Add new shared key for SCTP-Auth,
* will be ignored if no SCTP used.
*/
snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
#endif
s->state=SSL3_ST_CR_FINISHED_A;
}
else
s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
}
s->init_num=0;
break;
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
ret = dtls1_get_hello_verify(s);
if ( ret <= 0)
goto end;
dtls1_stop_timer(s);
if ( s->d1->send_cookie) /* start again, with a cookie */
s->state=SSL3_ST_CW_CLNT_HELLO_A;
else
s->state = SSL3_ST_CR_CERT_A;
s->init_num = 0;
break;
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
#ifndef OPENSSL_NO_TLSEXT
ret=ssl3_check_finished(s);
if (ret <= 0) goto end;
if (ret == 2)
{
s->hit = 1;
if (s->tlsext_ticket_expected)
s->state=SSL3_ST_CR_SESSION_TICKET_A;
else
s->state=SSL3_ST_CR_FINISHED_A;
s->init_num=0;
break;
}
#endif
/* Check if it is anon DH or PSK */
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
!(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
ret=ssl3_get_server_certificate(s);
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_TLSEXT
if (s->tlsext_status_expected)
s->state=SSL3_ST_CR_CERT_STATUS_A;
else
s->state=SSL3_ST_CR_KEY_EXCH_A;
}
else
{
skip = 1;
s->state=SSL3_ST_CR_KEY_EXCH_A;
}
#else
}
else
skip=1;
s->state=SSL3_ST_CR_KEY_EXCH_A;
#endif
s->init_num=0;
break;
case SSL3_ST_CR_KEY_EXCH_A:
case SSL3_ST_CR_KEY_EXCH_B:
ret=ssl3_get_key_exchange(s);
if (ret <= 0) goto end;
s->state=SSL3_ST_CR_CERT_REQ_A;
s->init_num=0;
/* at this point we check that we have the
* required stuff from the server */
if (!ssl3_check_cert_and_algorithm(s))
{
ret= -1;
goto end;
}
break;
case SSL3_ST_CR_CERT_REQ_A:
case SSL3_ST_CR_CERT_REQ_B:
ret=ssl3_get_certificate_request(s);
if (ret <= 0) goto end;
s->state=SSL3_ST_CR_SRVR_DONE_A;
s->init_num=0;
break;
case SSL3_ST_CR_SRVR_DONE_A:
case SSL3_ST_CR_SRVR_DONE_B:
ret=ssl3_get_server_done(s);
if (ret <= 0) goto end;
dtls1_stop_timer(s);
if (s->s3->tmp.cert_req)
s->s3->tmp.next_state=SSL3_ST_CW_CERT_A;
else
s->s3->tmp.next_state=SSL3_ST_CW_KEY_EXCH_A;
s->init_num=0;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
state == SSL_ST_RENEGOTIATE)
s->state=DTLS1_SCTP_ST_CR_READ_SOCK;
else
#endif
s->state=s->s3->tmp.next_state;
break;
case SSL3_ST_CW_CERT_A:
case SSL3_ST_CW_CERT_B:
case SSL3_ST_CW_CERT_C:
case SSL3_ST_CW_CERT_D:
dtls1_start_timer(s);
ret=ssl3_send_client_certificate(s);
if (ret <= 0) goto end;
s->state=SSL3_ST_CW_KEY_EXCH_A;
s->init_num=0;
break;
case SSL3_ST_CW_KEY_EXCH_A:
case SSL3_ST_CW_KEY_EXCH_B:
dtls1_start_timer(s);
ret=ssl3_send_client_key_exchange(s);
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_SCTP
/* Add new shared key for SCTP-Auth,
* will be ignored if no SCTP used.
*/
snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
#endif
/* EAY EAY EAY need to check for DH fix cert
* sent back */
/* For TLS, cert_req is set to 2, so a cert chain
* of nothing is sent, but no verify packet is sent */
if (s->s3->tmp.cert_req == 1)
{
s->state=SSL3_ST_CW_CERT_VRFY_A;
}
else
{
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
{
s->d1->next_state=SSL3_ST_CW_CHANGE_A;
s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
}
else
#endif
s->state=SSL3_ST_CW_CHANGE_A;
s->s3->change_cipher_spec=0;
}
s->init_num=0;
break;
case SSL3_ST_CW_CERT_VRFY_A:
case SSL3_ST_CW_CERT_VRFY_B:
dtls1_start_timer(s);
ret=ssl3_send_client_verify(s);
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
{
s->d1->next_state=SSL3_ST_CW_CHANGE_A;
s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
}
else
#endif
s->state=SSL3_ST_CW_CHANGE_A;
s->init_num=0;
s->s3->change_cipher_spec=0;
break;
case SSL3_ST_CW_CHANGE_A:
case SSL3_ST_CW_CHANGE_B:
if (!s->hit)
dtls1_start_timer(s);
ret=dtls1_send_change_cipher_spec(s,
SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_SCTP
/* Change to new shared key of SCTP-Auth,
* will be ignored if no SCTP used.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
#endif
s->state=SSL3_ST_CW_FINISHED_A;
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
#ifdef OPENSSL_NO_COMP
s->session->compress_meth=0;
#else
if (s->s3->tmp.new_compression == NULL)
s->session->compress_meth=0;
else
s->session->compress_meth=
s->s3->tmp.new_compression->id;
#endif
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
goto end;
}
if (!s->method->ssl3_enc->change_cipher_state(s,
SSL3_CHANGE_CIPHER_CLIENT_WRITE))
{
ret= -1;
goto end;
}
dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
break;
case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_CW_FINISHED_B:
if (!s->hit)
dtls1_start_timer(s);
ret=ssl3_send_finished(s,
SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
s->method->ssl3_enc->client_finished_label,
s->method->ssl3_enc->client_finished_label_len);
if (ret <= 0) goto end;
s->state=SSL3_ST_CW_FLUSH;
/* clear flags */
s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
if (s->hit)
{
s->s3->tmp.next_state=SSL_ST_OK;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
{
s->d1->next_state = s->s3->tmp.next_state;
s->s3->tmp.next_state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
}
#endif
if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
{
s->state=SSL_ST_OK;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
{
s->d1->next_state = SSL_ST_OK;
s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
}
#endif
s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
s->s3->delay_buf_pop_ret=0;
}
}
else
{
#ifndef OPENSSL_NO_TLSEXT
/* Allow NewSessionTicket if ticket expected */
if (s->tlsext_ticket_expected)
s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
else
#endif
s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
}
s->init_num=0;
break;
#ifndef OPENSSL_NO_TLSEXT
case SSL3_ST_CR_SESSION_TICKET_A:
case SSL3_ST_CR_SESSION_TICKET_B:
ret=ssl3_get_new_session_ticket(s);
if (ret <= 0) goto end;
s->state=SSL3_ST_CR_FINISHED_A;
s->init_num=0;
break;
case SSL3_ST_CR_CERT_STATUS_A:
case SSL3_ST_CR_CERT_STATUS_B:
ret=ssl3_get_cert_status(s);
if (ret <= 0) goto end;
s->state=SSL3_ST_CR_KEY_EXCH_A;
s->init_num=0;
break;
#endif
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
s->d1->change_cipher_spec_ok = 1;
ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
if (ret <= 0) goto end;
dtls1_stop_timer(s);
if (s->hit)
s->state=SSL3_ST_CW_CHANGE_A;
else
s->state=SSL_ST_OK;
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
state == SSL_ST_RENEGOTIATE)
{
s->d1->next_state=s->state;
s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
}
#endif
s->init_num=0;
break;
case SSL3_ST_CW_FLUSH:
s->rwstate=SSL_WRITING;
if (BIO_flush(s->wbio) <= 0)
{
/* If the write error was fatal, stop trying */
if (!BIO_should_retry(s->wbio))
{
s->rwstate=SSL_NOTHING;
s->state=s->s3->tmp.next_state;
}
ret= -1;
goto end;
}
s->rwstate=SSL_NOTHING;
s->state=s->s3->tmp.next_state;
break;
case SSL_ST_OK:
/* clean a few things up */
ssl3_cleanup_key_block(s);
#if 0
if (s->init_buf != NULL)
{
BUF_MEM_free(s->init_buf);
s->init_buf=NULL;
}
#endif
/* If we are not 'joining' the last two packets,
* remove the buffering now */
if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
ssl_free_wbio_buffer(s);
/* else do it later in ssl3_write */
s->init_num=0;
s->renegotiate=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
if (s->hit) s->ctx->stats.sess_hit++;
ret=1;
/* s->server=0; */
s->handshake_func=dtls1_connect;
s->ctx->stats.sess_connect_good++;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
/* done with handshaking */
s->d1->handshake_read_seq = 0;
s->d1->next_handshake_write_seq = 0;
goto end;
/* break; */
default:
SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
ret= -1;
goto end;
/* break; */
}
static long rdg_bio_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
{
int status = -1;
rdpRdg* rdg = (rdpRdg*) BIO_get_data(bio);
rdpTls* tlsOut = rdg->tlsOut;
rdpTls* tlsIn = rdg->tlsIn;
if (cmd == BIO_CTRL_FLUSH)
{
(void)BIO_flush(tlsOut->bio);
(void)BIO_flush(tlsIn->bio);
status = 1;
}
else if (cmd == BIO_C_SET_NONBLOCK)
{
status = 1;
}
else if (cmd == BIO_C_READ_BLOCKED)
{
BIO* bio = tlsOut->bio;
status = BIO_read_blocked(bio);
}
else if (cmd == BIO_C_WRITE_BLOCKED)
{
BIO* bio = tlsIn->bio;
status = BIO_write_blocked(bio);
}
else if (cmd == BIO_C_WAIT_READ)
{
int timeout = (int) arg1;
BIO* bio = tlsOut->bio;
if (BIO_read_blocked(bio))
return BIO_wait_read(bio, timeout);
else if (BIO_write_blocked(bio))
return BIO_wait_write(bio, timeout);
else
status = 1;
}
else if (cmd == BIO_C_WAIT_WRITE)
{
int timeout = (int) arg1;
BIO* bio = tlsIn->bio;
if (BIO_write_blocked(bio))
status = BIO_wait_write(bio, timeout);
else if (BIO_read_blocked(bio))
status = BIO_wait_read(bio, timeout);
else
status = 1;
}
else if (cmd == BIO_C_GET_EVENT || cmd == BIO_C_GET_FD)
{
/*
* A note about BIO_C_GET_FD:
* Even if two FDs are part of RDG, only one FD can be returned here.
*
* In FreeRDP, BIO FDs are only used for polling, so it is safe to use the outgoing FD only
*
* See issue #3602
*/
status = BIO_ctrl(tlsOut->bio, cmd, arg1, arg2);
}
return status;
}
int BIO_set_conn_hostname(BIO *bio, const char *name) {
return BIO_ctrl(bio, BIO_C_SET_CONNECT, 0, (void*) name);
}
static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
{
BIO_OK_CTX *ctx;
EVP_MD *md;
const EVP_MD **ppmd;
long ret = 1;
int i;
BIO *next;
ctx = BIO_get_data(b);
next = BIO_next(b);
switch (cmd) {
case BIO_CTRL_RESET:
ctx->buf_len = 0;
ctx->buf_off = 0;
ctx->buf_len_save = 0;
ctx->buf_off_save = 0;
ctx->cont = 1;
ctx->finished = 0;
ctx->blockout = 0;
ctx->sigio = 1;
ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_EOF: /* More to read */
if (ctx->cont <= 0)
ret = 1;
else
ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_PENDING: /* More to read in buffer */
case BIO_CTRL_WPENDING: /* More to read in buffer */
ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
if (ret <= 0)
ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_CTRL_FLUSH:
/* do a final write */
if (ctx->blockout == 0)
if (!block_out(b))
return 0;
while (ctx->blockout) {
i = ok_write(b, NULL, 0);
if (i < 0) {
ret = i;
break;
}
}
ctx->finished = 1;
ctx->buf_off = ctx->buf_len = 0;
ctx->cont = (int)ret;
/* Finally flush the underlying BIO */
ret = BIO_ctrl(next, cmd, num, ptr);
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
ret = BIO_ctrl(next, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
case BIO_CTRL_INFO:
ret = (long)ctx->cont;
break;
case BIO_C_SET_MD:
md = ptr;
if (!EVP_DigestInit_ex(ctx->md, md, NULL))
return 0;
BIO_set_init(b, 1);
break;
case BIO_C_GET_MD:
if (BIO_get_init(b)) {
ppmd = ptr;
*ppmd = EVP_MD_CTX_md(ctx->md);
} else
ret = 0;
break;
default:
ret = BIO_ctrl(next, cmd, num, ptr);
break;
}
return ret;
}
int BIO_set_conn_port(BIO *bio, const char *port_str) {
return BIO_ctrl(bio, BIO_C_SET_CONNECT, 1, (void*) port_str);
}
static long bsegs_ctrl(BIO *b, int cmd, long arg1, void *arg2)
{
return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
}
int BIO_set_nbio(BIO *bio, int on) {
return BIO_ctrl(bio, BIO_C_SET_NBIO, on, NULL);
}
int DTLSv1_listen(SSL *s, BIO_ADDR *client)
{
int next, n, ret = 0, clearpkt = 0;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char seq[SEQ_NUM_SIZE];
const unsigned char *data;
unsigned char *p, *buf;
unsigned long reclen, fragoff, fraglen, msglen;
unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
BIO *rbio, *wbio;
BUF_MEM *bufm;
BIO_ADDR *tmpclient = NULL;
PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
/* Ensure there is no state left over from a previous invocation */
if (!SSL_clear(s))
return -1;
ERR_clear_error();
rbio = SSL_get_rbio(s);
wbio = SSL_get_wbio(s);
if (!rbio || !wbio) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET);
return -1;
}
/*
* We only peek at incoming ClientHello's until we're sure we are going to
* to respond with a HelloVerifyRequest. If its a ClientHello with a valid
* cookie then we leave it in the BIO for accept to handle.
*/
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
/*
* Note: This check deliberately excludes DTLS1_BAD_VER because that version
* requires the MAC to be calculated *including* the first ClientHello
* (without the cookie). Since DTLSv1_listen is stateless that cannot be
* supported. DTLS1_BAD_VER must use cookies in a stateful manner (e.g. via
* SSL_accept)
*/
if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNSUPPORTED_SSL_VERSION);
return -1;
}
if (s->init_buf == NULL) {
if ((bufm = BUF_MEM_new()) == NULL) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
return -1;
}
if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
BUF_MEM_free(bufm);
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
return -1;
}
s->init_buf = bufm;
}
buf = (unsigned char *)s->init_buf->data;
do {
/* Get a packet */
clear_sys_error();
/*
* Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
* + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store
* the record header as well, but we do here. We've set up init_buf to
* be the standard size for simplicity. In practice we shouldn't ever
* receive a ClientHello as long as this. If we do it will get dropped
* in the record length check below.
*/
n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
if (n <= 0) {
if (BIO_should_retry(rbio)) {
/* Non-blocking IO */
goto end;
}
return -1;
}
/* If we hit any problems we need to clear this packet from the BIO */
clearpkt = 1;
if (!PACKET_buf_init(&pkt, buf, n)) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
return -1;
}
/*
* Parse the received record. If there are any problems with it we just
* dump it - with no alert. RFC6347 says this "Unlike TLS, DTLS is
* resilient in the face of invalid records (e.g., invalid formatting,
* length, MAC, etc.). In general, invalid records SHOULD be silently
* discarded, thus preserving the association; however, an error MAY be
* logged for diagnostic purposes."
*/
/* this packet contained a partial record, dump it */
if (n < DTLS1_RT_HEADER_LENGTH) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_RECORD_TOO_SMALL);
goto end;
}
if (s->msg_callback)
s->msg_callback(0, 0, SSL3_RT_HEADER, buf,
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
/* Get the record header */
if (!PACKET_get_1(&pkt, &rectype)
|| !PACKET_get_1(&pkt, &versmajor)) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
goto end;
}
if (rectype != SSL3_RT_HANDSHAKE) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
goto end;
}
/*
* Check record version number. We only check that the major version is
* the same.
*/
if (versmajor != DTLS1_VERSION_MAJOR) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
goto end;
}
if (!PACKET_forward(&pkt, 1)
/* Save the sequence number: 64 bits, with top 2 bytes = epoch */
|| !PACKET_copy_bytes(&pkt, seq, SEQ_NUM_SIZE)
|| !PACKET_get_length_prefixed_2(&pkt, &msgpkt)) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
goto end;
}
/*
* We allow data remaining at the end of the packet because there could
* be a second record (but we ignore it)
*/
/* This is an initial ClientHello so the epoch has to be 0 */
if (seq[0] != 0 || seq[1] != 0) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
goto end;
}
/* Get a pointer to the raw message for the later callback */
data = PACKET_data(&msgpkt);
/* Finished processing the record header, now process the message */
if (!PACKET_get_1(&msgpkt, &msgtype)
|| !PACKET_get_net_3(&msgpkt, &msglen)
|| !PACKET_get_net_2(&msgpkt, &msgseq)
|| !PACKET_get_net_3(&msgpkt, &fragoff)
|| !PACKET_get_net_3(&msgpkt, &fraglen)
|| !PACKET_get_sub_packet(&msgpkt, &msgpayload, fraglen)
|| PACKET_remaining(&msgpkt) != 0) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
goto end;
}
if (msgtype != SSL3_MT_CLIENT_HELLO) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
goto end;
}
/* Message sequence number can only be 0 or 1 */
if (msgseq > 2) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_INVALID_SEQUENCE_NUMBER);
goto end;
}
/*
* We don't support fragment reassembly for ClientHellos whilst
* listening because that would require server side state (which is
* against the whole point of the ClientHello/HelloVerifyRequest
* mechanism). Instead we only look at the first ClientHello fragment
* and require that the cookie must be contained within it.
*/
if (fragoff != 0 || fraglen > msglen) {
/* Non initial ClientHello fragment (or bad fragment) */
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_FRAGMENTED_CLIENT_HELLO);
goto end;
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data,
fraglen + DTLS1_HM_HEADER_LENGTH, s,
s->msg_callback_arg);
if (!PACKET_get_net_2(&msgpayload, &clientvers)) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
goto end;
}
/*
* Verify client version is supported
*/
if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) &&
s->method->version != DTLS_ANY_VERSION) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_WRONG_VERSION_NUMBER);
goto end;
}
if (!PACKET_forward(&msgpayload, SSL3_RANDOM_SIZE)
|| !PACKET_get_length_prefixed_1(&msgpayload, &session)
|| !PACKET_get_length_prefixed_1(&msgpayload, &cookiepkt)) {
/*
* Could be malformed or the cookie does not fit within the initial
* ClientHello fragment. Either way we can't handle it.
*/
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
goto end;
}
/*
* Check if we have a cookie or not. If not we need to send a
* HelloVerifyRequest.
*/
if (PACKET_remaining(&cookiepkt) == 0) {
next = LISTEN_SEND_VERIFY_REQUEST;
} else {
/*
* We have a cookie, so lets check it.
*/
if (s->ctx->app_verify_cookie_cb == NULL) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_NO_VERIFY_COOKIE_CALLBACK);
/* This is fatal */
return -1;
}
if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt),
PACKET_remaining(&cookiepkt)) ==
0) {
/*
* We treat invalid cookies in the same was as no cookie as
* per RFC6347
*/
next = LISTEN_SEND_VERIFY_REQUEST;
} else {
/* Cookie verification succeeded */
next = LISTEN_SUCCESS;
}
}
if (next == LISTEN_SEND_VERIFY_REQUEST) {
/*
* There was no cookie in the ClientHello so we need to send a
* HelloVerifyRequest. If this fails we do not worry about trying
* to resend, we just drop it.
*/
/*
* Dump the read packet, we don't need it any more. Ignore return
* value
*/
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
/* Generate the cookie */
if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
cookielen > 255) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
/* This is fatal */
return -1;
}
p = &buf[DTLS1_RT_HEADER_LENGTH];
msglen = dtls_raw_hello_verify_request(p + DTLS1_HM_HEADER_LENGTH,
cookie, cookielen);
*p++ = DTLS1_MT_HELLO_VERIFY_REQUEST;
/* Message length */
l2n3(msglen, p);
/* Message sequence number is always 0 for a HelloVerifyRequest */
s2n(0, p);
/*
* We never fragment a HelloVerifyRequest, so fragment offset is 0
* and fragment length is message length
*/
l2n3(0, p);
l2n3(msglen, p);
/* Set reclen equal to length of whole handshake message */
reclen = msglen + DTLS1_HM_HEADER_LENGTH;
/* Add the record header */
p = buf;
*(p++) = SSL3_RT_HANDSHAKE;
/*
* Special case: for hello verify request, client version 1.0 and we
* haven't decided which version to use yet send back using version
* 1.0 header: otherwise some clients will ignore it.
*/
if (s->method->version == DTLS_ANY_VERSION) {
*(p++) = DTLS1_VERSION >> 8;
*(p++) = DTLS1_VERSION & 0xff;
} else {
*(p++) = s->version >> 8;
*(p++) = s->version & 0xff;
}
/*
* Record sequence number is always the same as in the received
* ClientHello
*/
memcpy(p, seq, SEQ_NUM_SIZE);
p += SEQ_NUM_SIZE;
/* Length */
s2n(reclen, p);
/*
* Set reclen equal to length of whole record including record
* header
*/
reclen += DTLS1_RT_HEADER_LENGTH;
if (s->msg_callback)
s->msg_callback(1, 0, SSL3_RT_HEADER, buf,
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
if ((tmpclient = BIO_ADDR_new()) == NULL) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
goto end;
}
/*
* This is unnecessary if rbio and wbio are one and the same - but
* maybe they're not. We ignore errors here - some BIOs do not
* support this.
*/
if (BIO_dgram_get_peer(rbio, tmpclient) > 0) {
(void)BIO_dgram_set_peer(wbio, tmpclient);
}
BIO_ADDR_free(tmpclient);
tmpclient = NULL;
if (BIO_write(wbio, buf, reclen) < (int)reclen) {
if (BIO_should_retry(wbio)) {
/*
* Non-blocking IO...but we're stateless, so we're just
* going to drop this packet.
*/
goto end;
}
return -1;
}
if (BIO_flush(wbio) <= 0) {
if (BIO_should_retry(wbio)) {
/*
* Non-blocking IO...but we're stateless, so we're just
* going to drop this packet.
*/
goto end;
}
return -1;
}
}
int BIO_do_connect(BIO *bio) {
return BIO_ctrl(bio, BIO_C_DO_STATE_MACHINE, 0, NULL);
}
static long
buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
{
BIO *dbio;
BIO_F_BUFFER_CTX *ctx;
long ret = 1;
char *p1, *p2;
int r, i, *ip;
int ibs, obs;
ctx = (BIO_F_BUFFER_CTX *)b->ptr;
switch (cmd) {
case BIO_CTRL_RESET:
ctx->ibuf_off = 0;
ctx->ibuf_len = 0;
ctx->obuf_off = 0;
ctx->obuf_len = 0;
if (b->next_bio == NULL)
return (0);
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
case BIO_CTRL_INFO:
ret = (long)ctx->obuf_len;
break;
case BIO_C_GET_BUFF_NUM_LINES:
ret = 0;
p1 = ctx->ibuf;
for (i = 0; i < ctx->ibuf_len; i++) {
if (p1[ctx->ibuf_off + i] == '\n')
ret++;
}
break;
case BIO_CTRL_WPENDING:
ret = (long)ctx->obuf_len;
if (ret == 0) {
if (b->next_bio == NULL)
return (0);
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
}
break;
case BIO_CTRL_PENDING:
ret = (long)ctx->ibuf_len;
if (ret == 0) {
if (b->next_bio == NULL)
return (0);
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
}
break;
case BIO_C_SET_BUFF_READ_DATA:
if (num > ctx->ibuf_size) {
p1 = malloc(num);
if (p1 == NULL)
goto malloc_error;
free(ctx->ibuf);
ctx->ibuf = p1;
}
ctx->ibuf_off = 0;
ctx->ibuf_len = (int)num;
memcpy(ctx->ibuf, ptr, num);
ret = 1;
break;
case BIO_C_SET_BUFF_SIZE:
if (ptr != NULL) {
ip = (int *)ptr;
if (*ip == 0) {
ibs = (int)num;
obs = ctx->obuf_size;
}
else /* if (*ip == 1) */
{
ibs = ctx->ibuf_size;
obs = (int)num;
}
} else {
ibs = (int)num;
obs = (int)num;
}
p1 = ctx->ibuf;
p2 = ctx->obuf;
if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) {
p1 = malloc(num);
if (p1 == NULL)
goto malloc_error;
}
if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) {
p2 = malloc(num);
if (p2 == NULL) {
if (p1 != ctx->ibuf)
free(p1);
goto malloc_error;
}
}
if (ctx->ibuf != p1) {
free(ctx->ibuf);
ctx->ibuf = p1;
ctx->ibuf_off = 0;
ctx->ibuf_len = 0;
ctx->ibuf_size = ibs;
}
if (ctx->obuf != p2) {
free(ctx->obuf);
ctx->obuf = p2;
ctx->obuf_off = 0;
ctx->obuf_len = 0;
ctx->obuf_size = obs;
}
break;
case BIO_C_DO_STATE_MACHINE:
if (b->next_bio == NULL)
return (0);
BIO_clear_retry_flags(b);
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
case BIO_CTRL_FLUSH:
if (b->next_bio == NULL)
return (0);
if (ctx->obuf_len <= 0) {
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
}
for (;;) {
BIO_clear_retry_flags(b);
if (ctx->obuf_len > 0) {
r = BIO_write(b->next_bio,
&(ctx->obuf[ctx->obuf_off]),
ctx->obuf_len);
BIO_copy_next_retry(b);
if (r <= 0)
return ((long)r);
ctx->obuf_off += r;
ctx->obuf_len -= r;
} else {
ctx->obuf_len = 0;
ctx->obuf_off = 0;
break;
}
}
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
case BIO_CTRL_DUP:
dbio = (BIO *)ptr;
if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) ||
!BIO_set_write_buffer_size(dbio, ctx->obuf_size))
ret = 0;
break;
default:
if (b->next_bio == NULL)
return (0);
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
}
return (ret);
malloc_error:
BIOerror(ERR_R_MALLOC_FAILURE);
return (0);
}
static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
{
EVP_MD_CTX *ctx,*dctx,**pctx;
const EVP_MD **ppmd;
EVP_MD *md;
long ret=1;
BIO *dbio;
ctx=b->ptr;
switch (cmd)
{
case BIO_CTRL_RESET:
if (b->init)
ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL);
else
ret=0;
if (ret > 0)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_C_GET_MD:
if (b->init)
{
ppmd=ptr;
*ppmd=ctx->digest;
}
else
ret=0;
break;
case BIO_C_GET_MD_CTX:
pctx=ptr;
*pctx=ctx;
break;
case BIO_C_SET_MD_CTX:
if (b->init)
b->ptr=ptr;
else
ret=0;
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
BIO_copy_next_retry(b);
break;
case BIO_C_SET_MD:
md=ptr;
ret = EVP_DigestInit_ex(ctx,md, NULL);
if (ret > 0)
b->init=1;
break;
case BIO_CTRL_DUP:
dbio=ptr;
dctx=dbio->ptr;
EVP_MD_CTX_copy_ex(dctx,ctx);
b->init=1;
break;
default:
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
}
return(ret);
}
/* Create new UDP connection to the server */
struct VDgramConn *vc_create_client_dgram_conn(struct vContext *C)
{
struct VSession *vsession = CTX_current_session(C);
struct VDgramConn *dgram_conn = NULL;
struct addrinfo hints, *result, *rp;
int sockfd = -1;
int flag, ret;
struct VURL url;
/* Seed random number generator, */
#ifdef __APPLE__
sranddev();
/* Other BSD based systems probably support this or similar function too. */
#else
/* Other systems have to use this evil trick */
struct timeval tv;
gettimeofday(&tv, NULL);
srand(tv.tv_sec - tv.tv_usec);
#endif
if (v_url_parse(vsession->host_url, &url) != 1) {
goto end;
} else {
/* v_print_url(VRS_PRINT_DEBUG_MSG, &url); */
}
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */
hints.ai_socktype = SOCK_DGRAM; /* Allow datagram protocol */
hints.ai_flags = 0; /* No flags required */
hints.ai_protocol = IPPROTO_UDP; /* Allow UDP protocol only */
if(is_log_level(VRS_PRINT_DEBUG_MSG)) {
if(url.ip_ver==IPV6) {
v_print_log(VRS_PRINT_DEBUG_MSG,
"Try to connect to: [%s]:%s\n",
url.node, url.service);
} else {
v_print_log(VRS_PRINT_DEBUG_MSG,
"Try to connect to: %s:%s\n",
url.node, url.service);
}
}
if( (ret = getaddrinfo(url.node, url.service, &hints, &result)) !=0 ) {
v_print_log(VRS_PRINT_ERROR,
"getaddrinfo(): %s\n", gai_strerror(ret));
goto end;
}
/* Try to use addrinfo from getaddrinfo() */
for(rp=result; rp!=NULL; rp=rp->ai_next) {
if( (sockfd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol)) == -1) {
v_print_log(VRS_PRINT_ERROR, "socket(): %s\n", strerror(errno));
continue;
}
else {
/* Try to "connect" to this address ... the client will be able to send and
* receive packets only from this address. */
if(connect(sockfd, rp->ai_addr, rp->ai_addrlen) != -1)
break;
close(sockfd);
sockfd = -1;
}
}
if(rp == NULL) {
if(is_log_level(VRS_PRINT_ERROR)) {
if(url.ip_ver==IPV6) {
v_print_log(VRS_PRINT_ERROR,
"Could not connect to the [%s]:%s\n",
url.node, url.service);
} else {
v_print_log(VRS_PRINT_ERROR,
"Could not connect to the %s:%s\n",
url.node, url.service);
}
}
freeaddrinfo(result);
goto end;
}
if( (dgram_conn = (struct VDgramConn*)calloc(1, sizeof(struct VDgramConn))) == NULL) {
v_print_log(VRS_PRINT_ERROR, "calloc(): %s\n", strerror(errno));
freeaddrinfo(result);
if(sockfd != -1) {
close(sockfd);
}
goto end;
}
/* Initialize datagram connection */
v_conn_dgram_init(dgram_conn);
/* Use first successfully assigned socket */
dgram_conn->io_ctx.sockfd = sockfd;
/* Set socket non-blocking */
flag = fcntl(dgram_conn->io_ctx.sockfd, F_GETFL, 0);
if( (fcntl(dgram_conn->io_ctx.sockfd, F_SETFL, flag | O_NONBLOCK)) == -1) {
v_print_log(VRS_PRINT_ERROR, "fcntl(): %s\n", strerror(errno));
free(dgram_conn);
dgram_conn = NULL;
if(sockfd != -1) {
close(sockfd);
}
freeaddrinfo(result);
goto end;
}
/* Set socket to reuse address */
flag = 1;
if( setsockopt(dgram_conn->io_ctx.sockfd, SOL_SOCKET, SO_REUSEADDR, &flag, sizeof(flag)) == -1) {
v_print_log(VRS_PRINT_ERROR, "setsockopt(): %s\n", strerror(errno));
free(dgram_conn);
if(sockfd != -1) {
close(sockfd);
}
dgram_conn = NULL;
goto end;
}
/* Set address of peer and host */
if(rp->ai_family==AF_INET) {
/* Address type of client */
dgram_conn->io_ctx.host_addr.ip_ver = IPV4;
dgram_conn->io_ctx.host_addr.protocol = UDP;
/* Address of peer */
dgram_conn->io_ctx.peer_addr.ip_ver = IPV4;
dgram_conn->io_ctx.peer_addr.protocol = UDP;
dgram_conn->io_ctx.peer_addr.port = ntohs(((struct sockaddr_in*)rp->ai_addr)->sin_port);
memcpy(&dgram_conn->io_ctx.peer_addr.addr.ipv4, rp->ai_addr, rp->ai_addrlen);
/* Address of peer (reference in connection) */
dgram_conn->peer_address.ip_ver = IPV4;
dgram_conn->peer_address.protocol = UDP;
dgram_conn->peer_address.port = ntohs(((struct sockaddr_in*)rp->ai_addr)->sin_port);
memcpy(&dgram_conn->peer_address.addr.ipv4, rp->ai_addr, rp->ai_addrlen);
}
else if(rp->ai_family==AF_INET6) {
/* Address type of client */
dgram_conn->io_ctx.host_addr.ip_ver = IPV6;
dgram_conn->io_ctx.host_addr.protocol = UDP;
/* Address of peer */
dgram_conn->io_ctx.peer_addr.ip_ver = IPV6;
dgram_conn->io_ctx.peer_addr.protocol = UDP;
dgram_conn->io_ctx.peer_addr.port = ntohs(((struct sockaddr_in6*)rp->ai_addr)->sin6_port);
memcpy(&dgram_conn->io_ctx.peer_addr.addr.ipv6, rp->ai_addr, rp->ai_addrlen);
/* Address of peer (reference in connection) */
dgram_conn->peer_address.ip_ver = IPV6;
dgram_conn->peer_address.protocol = UDP;
dgram_conn->peer_address.port = ntohs(((struct sockaddr_in6*)rp->ai_addr)->sin6_port);
memcpy(&dgram_conn->peer_address.addr.ipv6, rp->ai_addr, rp->ai_addrlen);
}
freeaddrinfo(result);
/* When DTLS was negotiated, then set flag */
if(url.security_protocol == VRS_SEC_DATA_TLS) {
#if (defined WITH_OPENSSL) && OPENSSL_VERSION_NUMBER>=0x10000000
dgram_conn->io_ctx.flags |= SOCKET_SECURED;
#else
v_print_log(VRS_PRINT_ERROR,
"Server tries to force client to use secured connection, but it is not supported\n");
goto end;
#endif
}
#ifdef WITH_OPENSSL
/* Create BIO, connect and set to already connected */
if( (dgram_conn->io_ctx.bio = BIO_new_dgram(dgram_conn->io_ctx.sockfd, BIO_CLOSE)) == NULL) {
v_print_log(VRS_PRINT_ERROR, "BIO_new_dgram()\n");
goto end;
}
/* Try to do PMTU discovery */
if( BIO_ctrl(dgram_conn->io_ctx.bio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL) < 0) {
v_print_log(VRS_PRINT_ERROR, "BIO_ctrl()\n");
goto end;
}
/* Try to get MTU from the bio */
ret = BIO_ctrl(dgram_conn->io_ctx.bio, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
if(ret > 0) {
dgram_conn->io_ctx.mtu = ret;
v_print_log(VRS_PRINT_DEBUG_MSG, "PMTU: %d\n", dgram_conn->io_ctx.mtu);
} else {
dgram_conn->io_ctx.mtu = DEFAULT_MTU;
v_print_log(VRS_PRINT_DEBUG_MSG, "Default MTU: %d\n", dgram_conn->io_ctx.mtu);
}
#else
dgram_conn->io_ctx.mtu = DEFAULT_MTU;
#endif
/* Set up necessary flag for V_CTX (client will be able to send and receive packets only to/from server) */
dgram_conn->io_ctx.flags |= SOCKET_CONNECTED;
dgram_conn->host_id = (unsigned int)rand();
end:
v_url_clear(&url);
return dgram_conn;
}
static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
{
SSL **sslp,*ssl;
BIO_SSL *bs;
BIO *dbio,*bio;
long ret=1;
bs=(BIO_SSL *)b->ptr;
ssl=bs->ssl;
if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
return(0);
switch (cmd)
{
case BIO_CTRL_RESET:
SSL_shutdown(ssl);
if (ssl->handshake_func == ssl->method->ssl_connect)
SSL_set_connect_state(ssl);
else if (ssl->handshake_func == ssl->method->ssl_accept)
SSL_set_accept_state(ssl);
SSL_clear(ssl);
if (b->next_bio != NULL)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
else if (ssl->rbio != NULL)
ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
else
ret=1;
break;
case BIO_CTRL_INFO:
ret=0;
break;
case BIO_C_SSL_MODE:
if (num) /* client mode */
SSL_set_connect_state(ssl);
else
SSL_set_accept_state(ssl);
break;
case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
ret=bs->renegotiate_timeout;
if (num < 60) num=5;
bs->renegotiate_timeout=(unsigned long)num;
bs->last_time=(unsigned long)time(NULL);
break;
case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
ret=bs->renegotiate_count;
if ((long)num >=512)
bs->renegotiate_count=(unsigned long)num;
break;
case BIO_C_GET_SSL_NUM_RENEGOTIATES:
ret=bs->num_renegotiates;
break;
case BIO_C_SET_SSL:
if (ssl != NULL)
{
ssl_free(b);
if (!ssl_new(b))
return 0;
}
b->shutdown=(int)num;
ssl=(SSL *)ptr;
((BIO_SSL *)b->ptr)->ssl=ssl;
bio=SSL_get_rbio(ssl);
if (bio != NULL)
{
if (b->next_bio != NULL)
BIO_push(bio,b->next_bio);
b->next_bio=bio;
CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
}
b->init=1;
break;
case BIO_C_GET_SSL:
if (ptr != NULL)
{
sslp=(SSL **)ptr;
*sslp=ssl;
}
else
ret=0;
break;
case BIO_CTRL_GET_CLOSE:
ret=b->shutdown;
break;
case BIO_CTRL_SET_CLOSE:
b->shutdown=(int)num;
break;
case BIO_CTRL_WPENDING:
ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
break;
case BIO_CTRL_PENDING:
ret=SSL_pending(ssl);
if (ret == 0)
ret=BIO_pending(ssl->rbio);
break;
case BIO_CTRL_FLUSH:
BIO_clear_retry_flags(b);
ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
BIO_copy_next_retry(b);
break;
case BIO_CTRL_PUSH:
if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
{
SSL_set_bio(ssl,b->next_bio,b->next_bio);
CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
}
break;
case BIO_CTRL_POP:
/* Only detach if we are the BIO explicitly being popped */
if (b == ptr)
{
/* Shouldn't happen in practice because the
* rbio and wbio are the same when pushed.
*/
if (ssl->rbio != ssl->wbio)
BIO_free_all(ssl->wbio);
if (b->next_bio != NULL)
CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO);
ssl->wbio=NULL;
ssl->rbio=NULL;
}
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
b->retry_reason=0;
ret=(int)SSL_do_handshake(ssl);
switch (SSL_get_error(ssl,(int)ret))
{
case SSL_ERROR_WANT_READ:
BIO_set_flags(b,
BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
break;
case SSL_ERROR_WANT_WRITE:
BIO_set_flags(b,
BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
break;
case SSL_ERROR_WANT_CONNECT:
BIO_set_flags(b,
BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
b->retry_reason=b->next_bio->retry_reason;
break;
default:
break;
}
break;
case BIO_CTRL_DUP:
dbio=(BIO *)ptr;
if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
((BIO_SSL *)dbio->ptr)->renegotiate_count=
((BIO_SSL *)b->ptr)->renegotiate_count;
((BIO_SSL *)dbio->ptr)->byte_count=
((BIO_SSL *)b->ptr)->byte_count;
((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
((BIO_SSL *)b->ptr)->renegotiate_timeout;
((BIO_SSL *)dbio->ptr)->last_time=
((BIO_SSL *)b->ptr)->last_time;
ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
break;
case BIO_C_GET_FD:
ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
break;
case BIO_CTRL_SET_CALLBACK:
{
#if 0 /* FIXME: Should this be used? -- Richard Levitte */
SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ret = -1;
#else
ret=0;
#endif
}
break;
case BIO_CTRL_GET_CALLBACK:
{
void (**fptr)(const SSL *xssl,int type,int val);
fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
*fptr=SSL_get_info_callback(ssl);
}
break;
default:
ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
break;
}
return(ret);
}
int BIO_get_mem_ptr(BIO *bio, BUF_MEM **out) {
return BIO_ctrl(bio, BIO_C_GET_BUF_MEM_PTR, 0, (char *) out);
}
int BIO_ctrl_reset_read_request(BIO *bio)
{
return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
}