Reorganise state machine files

ct_lib.o: ../../include/openssl/tls1.h ../../include/openssl/x509.h

ct_lib.o: ../../include/openssl/x509_vfy.h ../../ssl/packet_locl.h

ct_lib.o: ../../ssl/record/record.h ../../ssl/ssl_locl.h

ct_lib.o: ../include/internal/cryptlib.h ../include/internal/ct_int.h ct_lib.c

ct_lib.o: ../../ssl/statem/statem.h ../include/internal/cryptlib.h

ct_lib.o: ../include/internal/ct_int.h ct_lib.c

/* ssl/d1_clnt.c */

/*

 * DTLS implementation written by Nagendra Modadugu

 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

 */

/* ====================================================================

 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this

 *    software must display the following acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

 *

 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    openssl-core@OpenSSL.org.

 *

 * 5. Products derived from this software may not be called "OpenSSL"

 *    nor may "OpenSSL" appear in their names without prior written

 *    permission of the OpenSSL Project.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

 *

 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 * ====================================================================

 *

 * This product includes cryptographic software written by Eric Young

 * (eay@cryptsoft.com).  This product includes software written by Tim

 * Hudson (tjh@cryptsoft.com).

 *

 */

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

 * All rights reserved.

 *

 * This package is an SSL implementation written

 * by Eric Young (eay@cryptsoft.com).

 * The implementation was written so as to conform with Netscapes SSL.

 *

 * This library is free for commercial and non-commercial use as long as

 * the following conditions are aheared to.  The following conditions

 * apply to all code found in this distribution, be it the RC4, RSA,

 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

 * included with this distribution is covered by the same copyright terms

 * except that the holder is Tim Hudson (tjh@cryptsoft.com).

 *

 * Copyright remains Eric Young's, and as such any Copyright notices in

 * the code are not to be removed.

 * If this package is used in a product, Eric Young should be given attribution

 * as the author of the parts of the library used.

 * This can be in the form of a textual message at program startup or

 * in documentation (online or textual) provided with the package.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 * 3. All advertising materials mentioning features or use of this software

 *    must display the following acknowledgement:

 *    "This product includes cryptographic software written by

 *     Eric Young (eay@cryptsoft.com)"

 *    The word 'cryptographic' can be left out if the rouines from the library

 *    being used are not cryptographic related :-).

 * 4. If you include any Windows specific code (or a derivative thereof) from

 *    the apps directory (application code) you must include an acknowledgement:

 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

 *

 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * The licence and distribution terms for any publically available version or

 * derivative of this code cannot be changed.  i.e. this code cannot simply be

 * copied and put under another distribution licence

 * [including the GNU Public Licence.]

 */

#include <stdio.h>

#include "ssl_locl.h"

#include <openssl/buffer.h>

#include <openssl/rand.h>

#include <openssl/objects.h>

#include <openssl/evp.h>

#include <openssl/md5.h>

#include <openssl/bn.h>

#ifndef OPENSSL_NO_DH

# include <openssl/dh.h>

#endif

static const SSL_METHOD *dtls1_get_client_method(int ver);

static const SSL_METHOD *dtls1_get_client_method(int ver)

{

    if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)

        return (DTLSv1_client_method());

    else if (ver == DTLS1_2_VERSION)

        return (DTLSv1_2_client_method());

    else

        return (NULL);

}

IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,

                          DTLSv1_client_method,

                          ssl_undefined_function,

                          dtls1_connect,

                          dtls1_get_client_method, DTLSv1_enc_data)

    IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,

                          DTLSv1_2_client_method,

                          ssl_undefined_function,

                          dtls1_connect,

                          dtls1_get_client_method, DTLSv1_2_enc_data)

    IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,

                          DTLS_client_method,

                          ssl_undefined_function,

                          dtls1_connect,

                          dtls1_get_client_method, DTLSv1_2_enc_data)

enum MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)

{

    int al;

    unsigned int cookie_len;

    PACKET cookiepkt;

    if (!PACKET_forward(pkt, 2)

            || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {

        al = SSL_AD_DECODE_ERROR;

        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH);

        goto f_err;

    }

    cookie_len = PACKET_remaining(&cookiepkt);

    if (cookie_len > sizeof(s->d1->cookie)) {

        al = SSL_AD_ILLEGAL_PARAMETER;

        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_TOO_LONG);

        goto f_err;

    }

    if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) {

        al = SSL_AD_DECODE_ERROR;

        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH);

        goto f_err;

    }

    s->d1->cookie_len = cookie_len;

    return MSG_PROCESS_FINISHED_READING;

 f_err:

    ssl3_send_alert(s, SSL3_AL_FATAL, al);

    statem_set_error(s);

    return MSG_PROCESS_ERROR;

}

#include <stdio.h>

#define USE_SOCKETS

#include <openssl/objects.h>

#include <openssl/rand.h>

#include "ssl_locl.h"

#if defined(OPENSSL_SYS_VMS)

static int dtls1_handshake_write(SSL *s);

int dtls1_listen(SSL *s, struct sockaddr *client);

/* XDTLS:  figure out the right values */

static const unsigned int g_probable_mtu[] = { 1500, 512, 256 };

const SSL3_ENC_METHOD DTLSv1_enc_data = {

    tls1_enc,

    tls1_mac,

            }

            p = &buf[DTLS1_RT_HEADER_LENGTH];

            msglen = dtls1_raw_hello_verify_request(p + DTLS1_HM_HEADER_LENGTH,

            msglen = dtls_raw_hello_verify_request(p + DTLS1_HM_HEADER_LENGTH,

                                                   cookie, cookielen);

            *p++ = DTLS1_MT_HELLO_VERIFY_REQUEST;

{

    return dtls1_do_write(s, SSL3_RT_HANDSHAKE);

}

#ifndef OPENSSL_NO_HEARTBEATS

int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)

{

    unsigned char *pl;

    unsigned short hbtype;

    unsigned int payload;

    unsigned int padding = 16;  /* Use minimum padding */

    if (s->msg_callback)

        s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,

                        p, length, s, s->msg_callback_arg);

    /* Read type and payload length first */

    if (1 + 2 + 16 > length)

        return 0;               /* silently discard */

    if (length > SSL3_RT_MAX_PLAIN_LENGTH)

        return 0;               /* silently discard per RFC 6520 sec. 4 */

    hbtype = *p++;

    n2s(p, payload);

    if (1 + 2 + payload + 16 > length)

        return 0;               /* silently discard per RFC 6520 sec. 4 */

    pl = p;

    if (hbtype == TLS1_HB_REQUEST) {

        unsigned char *buffer, *bp;

        unsigned int write_length = 1 /* heartbeat type */  +

            2 /* heartbeat length */  +

            payload + padding;

        int r;

        if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)

            return 0;

        /*

         * Allocate memory for the response, size is 1 byte message type,

         * plus 2 bytes payload length, plus payload, plus padding

         */

        buffer = OPENSSL_malloc(write_length);

        if (buffer == NULL)

            return -1;

        bp = buffer;

        /* Enter response type, length and copy payload */

        *bp++ = TLS1_HB_RESPONSE;

        s2n(payload, bp);

        memcpy(bp, pl, payload);

        bp += payload;

        /* Random padding */

        if (RAND_bytes(bp, padding) <= 0) {

            OPENSSL_free(buffer);

            return -1;

        }

        r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);

        if (r >= 0 && s->msg_callback)

            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,

                            buffer, write_length, s, s->msg_callback_arg);

        OPENSSL_free(buffer);

        if (r < 0)

            return r;

    } else if (hbtype == TLS1_HB_RESPONSE) {

        unsigned int seq;

        /*

         * We only send sequence numbers (2 bytes unsigned int), and 16

         * random bytes, so we just try to read the sequence number

         */

        n2s(pl, seq);

        if (payload == 18 && seq == s->tlsext_hb_seq) {

            dtls1_stop_timer(s);

            s->tlsext_hb_seq++;

            s->tlsext_hb_pending = 0;

        }

    }

    return 0;

}

int dtls1_heartbeat(SSL *s)

{

    unsigned char *buf, *p;

    int ret = -1;

    unsigned int payload = 18;  /* Sequence number + random bytes */

    unsigned int padding = 16;  /* Use minimum padding */

    /* Only send if peer supports and accepts HB requests... */

    if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||

        s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {

        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);

        return -1;

    }

    /* ...and there is none in flight yet... */

    if (s->tlsext_hb_pending) {

        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);

        return -1;

    }

    /* ...and no handshake in progress. */

    if (SSL_in_init(s) || s->in_handshake) {

        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);

        return -1;

    }

    /*

     * Check if padding is too long, payload and padding must not exceed 2^14

     * - 3 = 16381 bytes in total.

     */

    OPENSSL_assert(payload + padding <= 16381);

    /*-

     * Create HeartBeat message, we just use a sequence number

     * as payload to distuingish different messages and add

     * some random stuff.

     *  - Message Type, 1 byte

     *  - Payload Length, 2 bytes (unsigned int)

     *  - Payload, the sequence number (2 bytes uint)

     *  - Payload, random bytes (16 bytes uint)

     *  - Padding

     */

    buf = OPENSSL_malloc(1 + 2 + payload + padding);

    if (buf == NULL) {

        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_MALLOC_FAILURE);

        return -1;

    }

    p = buf;

    /* Message Type */

    *p++ = TLS1_HB_REQUEST;

    /* Payload length (18 bytes here) */

    s2n(payload, p);

    /* Sequence number */

    s2n(s->tlsext_hb_seq, p);

    /* 16 random bytes */

    if (RAND_bytes(p, 16) <= 0) {

        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    p += 16;

    /* Random padding */

    if (RAND_bytes(p, padding) <= 0) {

        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);

    if (ret >= 0) {

        if (s->msg_callback)

            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,

                            buf, 3 + payload + padding,

                            s, s->msg_callback_arg);

        dtls1_start_timer(s);

        s->tlsext_hb_pending = 1;

    }

 err:

    OPENSSL_free(buf);

    return ret;

}

#endif

int dtls1_shutdown(SSL *s)

{

    int ret;

#ifndef OPENSSL_NO_SCTP

    BIO *wbio;

    wbio = SSL_get_wbio(s);

    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&

        !(s->shutdown & SSL_SENT_SHUTDOWN)) {

        ret = BIO_dgram_sctp_wait_for_dry(wbio);

        if (ret < 0)

            return -1;

        if (ret == 0)

            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,

                     NULL);

    }

#endif

    ret = ssl3_shutdown(s);

#ifndef OPENSSL_NO_SCTP

    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);

#endif

    return ret;

}

int dtls1_query_mtu(SSL *s)

{

    if (s->d1->link_mtu) {

        s->d1->mtu =

            s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));

        s->d1->link_mtu = 0;

    }

    /* AHA!  Figure out the MTU, and stick to the right size */

    if (s->d1->mtu < dtls1_min_mtu(s)) {

        if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {

            s->d1->mtu =

                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);

            /*

             * I've seen the kernel return bogus numbers when it doesn't know

             * (initial write), so just make sure we have a reasonable number

             */

            if (s->d1->mtu < dtls1_min_mtu(s)) {

                /* Set to min mtu */

                s->d1->mtu = dtls1_min_mtu(s);

                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,

                         s->d1->mtu, NULL);

            }

        } else

            return 0;

    }

    return 1;

}

unsigned int dtls1_link_min_mtu(void)

{

    return (g_probable_mtu[(sizeof(g_probable_mtu) /

                            sizeof(g_probable_mtu[0])) - 1]);

}

unsigned int dtls1_min_mtu(SSL *s)

{

    return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));

}