Lines Matching refs:ssl
61 * This package is an SSL implementation written
63 * The implementation was written so as to conform with Netscapes SSL.
68 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
115 #include <openssl/ssl.h>
134 static int dtls1_get_hello_verify(SSL *ssl);
136 int dtls1_connect(SSL *ssl) {
138 void (*cb)(const SSL *ssl, int type, int value) = NULL;
142 assert(ssl->handshake_func == dtls1_connect);
143 assert(!ssl->server);
144 assert(SSL_IS_DTLS(ssl));
149 if (ssl->info_callback != NULL) {
150 cb = ssl->info_callback;
151 } else if (ssl->ctx->info_callback != NULL) {
152 cb = ssl->ctx->info_callback;
155 ssl->in_handshake++;
158 state = ssl->state;
160 switch (ssl->state) {
163 cb(ssl, SSL_CB_HANDSHAKE_START, 1);
166 if (ssl->init_buf == NULL) {
173 ssl->init_buf = buf;
177 if (!ssl_init_wbio_buffer(ssl, 0)) {
184 ssl->state = SSL3_ST_CW_CLNT_HELLO_A;
185 ssl->init_num = 0;
186 ssl->d1->send_cookie = 0;
187 ssl->hit = 0;
192 ssl->shutdown = 0;
193 dtls1_start_timer(ssl);
194 ret = ssl3_send_client_hello(ssl);
199 if (ssl->d1->send_cookie) {
200 ssl->state = SSL3_ST_CW_FLUSH;
201 ssl->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
203 ssl->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
206 ssl->init_num = 0;
208 if (ssl->bbio != ssl->wbio) {
209 ssl->wbio = BIO_push(ssl->bbio, ssl->wbio);
216 ret = dtls1_get_hello_verify(ssl);
220 if (ssl->d1->send_cookie) {
222 dtls1_stop_timer(ssl);
223 ssl->state = SSL3_ST_CW_CLNT_HELLO_A;
225 ssl->state = SSL3_ST_CR_SRVR_HELLO_A;
227 ssl->init_num = 0;
232 ret = ssl3_get_server_hello(ssl);
237 if (ssl->hit) {
238 ssl->state = SSL3_ST_CR_CHANGE;
239 if (ssl->tlsext_ticket_expected) {
241 ssl->state = SSL3_ST_CR_SESSION_TICKET_A;
244 ssl->state = SSL3_ST_CR_CERT_A;
246 ssl->init_num = 0;
251 if (ssl_cipher_has_server_public_key(ssl->s3->tmp.new_cipher)) {
252 ret = ssl3_get_server_certificate(ssl);
256 if (ssl->s3->tmp.certificate_status_expected) {
257 ssl->state = SSL3_ST_CR_CERT_STATUS_A;
259 ssl->state = SSL3_ST_VERIFY_SERVER_CERT;
263 ssl->state = SSL3_ST_CR_KEY_EXCH_A;
265 ssl->init_num = 0;
269 ret = ssl3_verify_server_cert(ssl);
274 ssl->state = SSL3_ST_CR_KEY_EXCH_A;
275 ssl->init_num = 0;
280 ret = ssl3_get_server_key_exchange(ssl);
284 ssl->state = SSL3_ST_CR_CERT_REQ_A;
285 ssl->init_num = 0;
290 ret = ssl3_get_certificate_request(ssl);
294 ssl->state = SSL3_ST_CR_SRVR_DONE_A;
295 ssl->init_num = 0;
300 ret = ssl3_get_server_done(ssl);
304 dtls1_stop_timer(ssl);
305 if (ssl->s3->tmp.cert_req) {
306 ssl->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
308 ssl->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
310 ssl->init_num = 0;
311 ssl->state = ssl->s3->tmp.next_state;
318 dtls1_start_timer(ssl);
319 ret = ssl3_send_client_certificate(ssl);
323 ssl->state = SSL3_ST_CW_KEY_EXCH_A;
324 ssl->init_num = 0;
329 dtls1_start_timer(ssl);
330 ret = ssl3_send_client_key_exchange(ssl);
336 if (ssl->s3->tmp.cert_req == 1) {
337 ssl->state = SSL3_ST_CW_CERT_VRFY_A;
339 ssl->state = SSL3_ST_CW_CHANGE_A;
342 ssl->init_num = 0;
348 dtls1_start_timer(ssl);
349 ret = ssl3_send_cert_verify(ssl);
353 ssl->state = SSL3_ST_CW_CHANGE_A;
354 ssl->init_num = 0;
359 if (!ssl->hit) {
360 dtls1_start_timer(ssl);
362 ret = dtls1_send_change_cipher_spec(ssl, SSL3_ST_CW_CHANGE_A,
368 ssl->state = SSL3_ST_CW_FINISHED_A;
369 ssl->init_num = 0;
371 ssl->session->cipher = ssl->s3->tmp.new_cipher;
372 if (!ssl->enc_method->setup_key_block(ssl) ||
373 !ssl->enc_method->change_cipher_state(
374 ssl, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
382 if (!ssl->hit) {
383 dtls1_start_timer(ssl);
387 ssl3_send_finished(ssl, SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
388 ssl->enc_method->client_finished_label,
389 ssl->enc_method->client_finished_label_len);
393 ssl->state = SSL3_ST_CW_FLUSH;
395 if (ssl->hit) {
396 ssl->s3->tmp.next_state = SSL_ST_OK;
399 if (ssl->tlsext_ticket_expected) {
400 ssl->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
402 ssl->s3->tmp.next_state = SSL3_ST_CR_CHANGE;
405 ssl->init_num = 0;
410 ret = ssl3_get_new_session_ticket(ssl);
414 ssl->state = SSL3_ST_CR_CHANGE;
415 ssl->init_num = 0;
420 ret = ssl3_get_cert_status(ssl);
424 ssl->state = SSL3_ST_VERIFY_SERVER_CERT;
425 ssl->init_num = 0;
429 ret = ssl->method->ssl_read_change_cipher_spec(ssl);
434 if (!ssl3_do_change_cipher_spec(ssl)) {
438 ssl->state = SSL3_ST_CR_FINISHED_A;
444 ssl3_get_finished(ssl, SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B);
448 dtls1_stop_timer(ssl);
450 if (ssl->hit) {
451 ssl->state = SSL3_ST_CW_CHANGE_A;
453 ssl->state = SSL_ST_OK;
456 ssl->init_num = 0;
460 ssl->rwstate = SSL_WRITING;
461 if (BIO_flush(ssl->wbio) <= 0) {
465 ssl->rwstate = SSL_NOTHING;
466 ssl->state = ssl->s3->tmp.next_state;
471 ssl3_cleanup_key_block(ssl);
474 ssl_free_wbio_buffer(ssl);
476 ssl->init_num = 0;
477 ssl->s3->initial_handshake_complete = 1;
479 ssl_update_cache(ssl, SSL_SESS_CACHE_CLIENT);
484 cb(ssl, SSL_CB_HANDSHAKE_DONE, 1);
488 ssl->d1->handshake_read_seq = 0;
489 ssl->d1->next_handshake_write_seq = 0;
493 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_STATE);
499 if (!ssl->s3->tmp.reuse_message && !skip) {
500 if ((cb != NULL) && (ssl->state != state)) {
501 new_state = ssl->state;
502 ssl->state = state;
503 cb(ssl, SSL_CB_CONNECT_LOOP, 1);
504 ssl->state = new_state;
511 ssl->in_handshake--;
515 cb(ssl, SSL_CB_CONNECT_EXIT, ret);
520 static int dtls1_get_hello_verify(SSL *ssl) {
526 n = ssl->method->ssl_get_message(
527 ssl, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
536 if (ssl->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
537 ssl->d1->send_cookie = 0;
538 ssl->s3->tmp.reuse_message = 1;
542 CBS_init(&hello_verify_request, ssl->init_msg, n);
548 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
552 if (CBS_len(&cookie) > sizeof(ssl->d1->cookie)) {
557 memcpy(ssl->d1->cookie, CBS_data(&cookie), CBS_len(&cookie));
558 ssl->d1->cookie_len = CBS_len(&cookie);
560 ssl->d1->send_cookie = 1;
564 ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
