Move server side DTLS to new state machine (c130dd8e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

include/openssl/ssl.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -1929,6 +1929,7 @@ void ERR_load_SSL_strings(void);
		# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
		# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
		# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371
		# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385
		# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
		# define SSL_F_READ_STATE_MACHINE 352
		# define SSL_F_SSL3_ACCEPT 128

+23 −26

Original line number	Diff line number	Diff line
		@@ -127,7 +127,6 @@
		#endif

		static const SSL_METHOD *dtls1_get_server_method(int ver);
		static int dtls1_send_hello_verify_request(SSL *s);

		static const SSL_METHOD *dtls1_get_server_method(int ver)
		{
		@@ -157,6 +156,7 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
		ssl_undefined_function,
		dtls1_get_server_method, DTLSv1_2_enc_data)

		#if 0
		int dtls1_accept(SSL *s)
		{
		BUF_MEM *buf;
		@@ -857,6 +857,7 @@ int dtls1_accept(SSL *s)
		cb(s, SSL_CB_ACCEPT_EXIT, ret);
		return (ret);
		}
		#endif

		unsigned int dtls1_raw_hello_verify_request(unsigned char *buf,
		unsigned char *cookie,
		@@ -879,12 +880,11 @@ unsigned int dtls1_raw_hello_verify_request(unsigned char *buf,
		}


		int dtls1_send_hello_verify_request(SSL *s)
		int dtls_construct_hello_verify_request(SSL *s)
		{
		unsigned int len;
		unsigned char *buf;

		if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
		buf = (unsigned char *)s->init_buf->data;

		if (s->ctx->app_gen_cookie_cb == NULL \|\|
		@@ -893,7 +893,7 @@ int dtls1_send_hello_verify_request(SSL *s)
		s->d1->cookie_len > 255) {
		SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
		SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
		s->state = SSL_ST_ERR;
		statem_set_error(s);
		return 0;
		}

		@@ -904,12 +904,9 @@ int dtls1_send_hello_verify_request(SSL *s)
		len);
		len += DTLS1_HM_HEADER_LENGTH;

		s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
		/* number of bytes to write */
		s->init_num = len;
		s->init_off = 0;
		}

		/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
		return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
		return 1;
		}

+38 −18

Original line number	Diff line number	Diff line
		@@ -2876,8 +2876,8 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, long n)
		enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
		enum WORK_STATE wst)
		{

		#ifndef OPENSSL_NO_SCTP
		if (wst == WORK_MORE_A) {
		if (SSL_IS_DTLS(s)) {
		unsigned char sctpauthkey[64];
		char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
		@@ -2898,6 +2898,26 @@ enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
		BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
		sizeof(sctpauthkey), sctpauthkey);
		}
		wst = WORK_MORE_B;
		}

		if ((wst == WORK_MORE_B)
		/* Is this SCTP? */
		&& BIO_dgram_is_sctp(SSL_get_wbio(s))
		/* Are we renegotiating? */
		&& s->renegotiate
		/* Are we going to skip the CertificateVerify? */
		&& (s->session->peer == NULL \|\| s->no_cert_verify)
		&& BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
		s->s3->in_read_app_data = 2;
		s->rwstate = SSL_READING;
		BIO_clear_retry_flags(SSL_get_rbio(s));
		BIO_set_retry_read(SSL_get_rbio(s));
		statem_set_sctp_read_sock(s, 1);
		return WORK_MORE_B;
		} else {
		statem_set_sctp_read_sock(s, 0);
		}
		#endif

		if (s->no_cert_verify) {
		@@ -3169,7 +3189,7 @@ enum MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, long n)
		goto f_err;
		}

		ret = MSG_PROCESS_CONTINUE_READING;
		ret = MSG_PROCESS_CONTINUE_PROCESSING;
		if (0) {
		f_err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);

+2 −0

Original line number	Diff line number	Diff line
		@@ -114,6 +114,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
		{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"},
		{ERR_FUNC(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC),
		"dtls_construct_change_cipher_spec"},
		{ERR_FUNC(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST),
		"dtls_construct_hello_verify_request"},
		{ERR_FUNC(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE),
		"DTLS_GET_REASSEMBLED_MESSAGE"},
		{ERR_FUNC(SSL_F_READ_STATE_MACHINE), "READ_STATE_MACHINE"},

+1 −0

Original line number	Diff line number	Diff line
		@@ -2201,6 +2201,7 @@ __owur int tls_construct_server_hello(SSL *s);
		__owur int ssl3_send_hello_request(SSL *s);
		__owur int tls_construct_hello_request(SSL *s);
		__owur int ssl3_send_server_key_exchange(SSL *s);
		__owur int dtls_construct_hello_verify_request(SSL *s);
		__owur int tls_construct_server_key_exchange(SSL *s);
		__owur int ssl3_send_certificate_request(SSL *s);
		__owur int tls_construct_certificate_request(SSL *s);