From 8ba708e5166b02ab61f2762d36b3e7b7455e9c06 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 11 Sep 2015 10:48:59 +0100 Subject: [PATCH] Reorganise state machine files Pull out the state machine into a separate sub directory. Also moved some functions which were nothing to do with the state machine but were in state machine files. Pulled all the SSL_METHOD definitions into one place...most of those files had very little left in them any more. Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte --- crypto/ct/Makefile | 3 +- ssl/Makefile | 477 ++++++++++-------------- ssl/d1_clnt.c | 191 ---------- ssl/d1_lib.c | 241 +++++++++++- ssl/d1_meth.c | 88 ----- ssl/d1_srvr.c | 210 ----------- ssl/methods.c | 347 +++++++++++++++++ ssl/ssl_locl.h | 104 +----- ssl/{ => statem}/statem.c | 18 +- ssl/statem/statem.h | 174 +++++++++ ssl/{s3_clnt.c => statem/statem_clnt.c} | 38 +- ssl/{d1_both.c => statem/statem_dtls.c} | 238 +----------- ssl/{s3_both.c => statem/statem_lib.c} | 8 +- ssl/{s3_srvr.c => statem/statem_srvr.c} | 55 ++- ssl/t1_clnt.c | 107 ------ ssl/t1_meth.c | 100 ----- ssl/t1_srvr.c | 109 ------ test/Makefile | 5 +- 18 files changed, 1066 insertions(+), 1447 deletions(-) delete mode 100644 ssl/d1_clnt.c delete mode 100644 ssl/d1_meth.c delete mode 100644 ssl/d1_srvr.c create mode 100644 ssl/methods.c rename ssl/{ => statem}/statem.c (99%) create mode 100644 ssl/statem/statem.h rename ssl/{s3_clnt.c => statem/statem_clnt.c} (98%) rename ssl/{d1_both.c => statem/statem_dtls.c} (86%) rename ssl/{s3_both.c => statem/statem_lib.c} (99%) rename ssl/{s3_srvr.c => statem/statem_srvr.c} (98%) delete mode 100644 ssl/t1_clnt.c delete mode 100644 ssl/t1_meth.c delete mode 100644 ssl/t1_srvr.c diff --git a/crypto/ct/Makefile b/crypto/ct/Makefile index 2f55a2d560..dfb0839c1e 100644 --- a/crypto/ct/Makefile +++ b/crypto/ct/Makefile @@ -90,4 +90,5 @@ ct_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ct_lib.o: ../../include/openssl/tls1.h ../../include/openssl/x509.h ct_lib.o: ../../include/openssl/x509_vfy.h ../../ssl/packet_locl.h ct_lib.o: ../../ssl/record/record.h ../../ssl/ssl_locl.h -ct_lib.o: ../include/internal/cryptlib.h ../include/internal/ct_int.h ct_lib.c +ct_lib.o: ../../ssl/statem/statem.h ../include/internal/cryptlib.h +ct_lib.o: ../include/internal/ct_int.h ct_lib.c diff --git a/ssl/Makefile b/ssl/Makefile index 536ddcc200..9f1fe8d8c2 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -17,33 +17,33 @@ GENERAL=Makefile README ssl-lib.com install.com LIB=$(TOP)/libssl.a SHARED_LIB= libssl$(SHLIB_EXT) LIBSRC= \ - s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \ - s3_both.c s3_cbc.c s3_msg.c \ - t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c t1_ext.c \ - d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c record/rec_layer_d1.c d1_msg.c \ - d1_both.c d1_srtp.c \ + statem/statem_srvr.c statem/statem_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \ + statem/statem_lib.c s3_cbc.c s3_msg.c \ + methods.c t1_lib.c t1_enc.c t1_ext.c \ + d1_lib.c record/rec_layer_d1.c d1_msg.c \ + statem/statem_dtls.c d1_srtp.c \ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \ bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \ - statem.c + statem/statem.c LIBOBJ= \ - s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o record/rec_layer_s3.o \ - s3_both.o s3_cbc.o s3_msg.o \ - t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o t1_ext.o \ - d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o record/rec_layer_d1.o d1_msg.o \ - d1_both.o d1_srtp.o\ + statem/statem_srvr.o statem/statem_clnt.o s3_lib.o s3_enc.o record/rec_layer_s3.o \ + statem/statem_lib.o s3_cbc.o s3_msg.o \ + methods.o t1_lib.o t1_enc.o t1_ext.o \ + d1_lib.o record/rec_layer_d1.o d1_msg.o \ + statem/statem_dtls.o d1_srtp.o\ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \ bio_ssl.o ssl_err.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \ record/ssl3_buffer.o record/ssl3_record.o record/dtls1_bitmap.o \ - statem.o + statem/statem.o SRC= $(LIBSRC) -HEADER= ssl_locl.h record/record_locl.h record/record.h +HEADER= ssl_locl.h record/record_locl.h record/record.h statem/statem.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -93,7 +93,9 @@ clean: rm -f $(LIBOBJ) *.obj lib tags core .pure .nfs* *.old *.bak fluff rm -f record/*.obj record/lib record/retags record/core \ record/.pure record/.nfs* record/*.old record/*.bak record/fluff - + rm -f statem/*.obj statem/lib statem/retags statem/core \ + statem/.pure statem/.nfs* statem/*.old statem/*.bak statem/fluff + # DO NOT DELETE THIS LINE -- make depend depends on it. bio_ssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h @@ -115,48 +117,7 @@ bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c packet_locl.h -bio_ssl.o: record/record.h ssl_locl.h -d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -d1_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h -d1_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h -d1_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -d1_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -d1_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -d1_both.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_both.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h -d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c -d1_both.o: packet_locl.h record/record.h ssl_locl.h -d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h -d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h -d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h -d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h -d1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -d1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h -d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c -d1_clnt.o: packet_locl.h record/record.h ssl_locl.h +bio_ssl.o: record/record.h ssl_locl.h statem/statem.h d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -169,34 +130,14 @@ d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h -d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c packet_locl.h record/record.h -d1_lib.o: ssl_locl.h -d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -d1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h -d1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h -d1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -d1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -d1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -d1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_meth.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h -d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c packet_locl.h -d1_meth.o: record/record.h ssl_locl.h +d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c +d1_lib.o: packet_locl.h record/record.h ssl_locl.h statem/statem.h d1_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_msg.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_msg.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -216,7 +157,7 @@ d1_msg.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h d1_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h d1_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h d1_msg.o: ../include/openssl/x509_vfy.h d1_msg.c packet_locl.h record/record.h -d1_msg.o: ssl_locl.h +d1_msg.o: ssl_locl.h statem/statem.h d1_srtp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_srtp.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_srtp.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -236,28 +177,27 @@ d1_srtp.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h d1_srtp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h d1_srtp.o: ../include/openssl/tls1.h ../include/openssl/x509.h d1_srtp.o: ../include/openssl/x509_vfy.h d1_srtp.c packet_locl.h -d1_srtp.o: record/record.h ssl_locl.h -d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h -d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h -d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h -d1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -d1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c -d1_srvr.o: packet_locl.h record/record.h ssl_locl.h +d1_srtp.o: record/record.h ssl_locl.h statem/statem.h +methods.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +methods.o: ../include/openssl/bn.h ../include/openssl/buffer.h +methods.o: ../include/openssl/comp.h ../include/openssl/crypto.h +methods.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +methods.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +methods.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +methods.o: ../include/openssl/err.h ../include/openssl/evp.h +methods.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +methods.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +methods.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +methods.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +methods.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +methods.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +methods.o: ../include/openssl/safestack.h ../include/openssl/sha.h +methods.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +methods.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +methods.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +methods.o: ../include/openssl/tls1.h ../include/openssl/x509.h +methods.o: ../include/openssl/x509_vfy.h methods.c packet_locl.h +methods.o: record/record.h ssl_locl.h statem/statem.h record/dtls1_bitmap.o: ../e_os.h ../include/openssl/asn1.h record/dtls1_bitmap.o: ../include/openssl/bio.h ../include/openssl/bn.h record/dtls1_bitmap.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -280,7 +220,8 @@ record/dtls1_bitmap.o: ../include/openssl/stack.h ../include/openssl/symhacks.h record/dtls1_bitmap.o: ../include/openssl/tls1.h ../include/openssl/x509.h record/dtls1_bitmap.o: ../include/openssl/x509_vfy.h record/../packet_locl.h record/dtls1_bitmap.o: record/../record/record.h record/../ssl_locl.h -record/dtls1_bitmap.o: record/dtls1_bitmap.c record/record_locl.h +record/dtls1_bitmap.o: record/../statem/statem.h record/dtls1_bitmap.c +record/dtls1_bitmap.o: record/record_locl.h record/rec_layer_d1.o: ../e_os.h ../include/openssl/asn1.h record/rec_layer_d1.o: ../include/openssl/bio.h ../include/openssl/bn.h record/rec_layer_d1.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -303,8 +244,8 @@ record/rec_layer_d1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h record/rec_layer_d1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h record/rec_layer_d1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h record/rec_layer_d1.o: record/../packet_locl.h record/../record/record.h -record/rec_layer_d1.o: record/../ssl_locl.h record/rec_layer_d1.c -record/rec_layer_d1.o: record/record_locl.h +record/rec_layer_d1.o: record/../ssl_locl.h record/../statem/statem.h +record/rec_layer_d1.o: record/rec_layer_d1.c record/record_locl.h record/rec_layer_s3.o: ../e_os.h ../include/openssl/asn1.h record/rec_layer_s3.o: ../include/openssl/bio.h ../include/openssl/bn.h record/rec_layer_s3.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -327,8 +268,8 @@ record/rec_layer_s3.o: ../include/openssl/ssl3.h ../include/openssl/stack.h record/rec_layer_s3.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h record/rec_layer_s3.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h record/rec_layer_s3.o: record/../packet_locl.h record/../record/record.h -record/rec_layer_s3.o: record/../ssl_locl.h record/rec_layer_s3.c -record/rec_layer_s3.o: record/record_locl.h +record/rec_layer_s3.o: record/../ssl_locl.h record/../statem/statem.h +record/rec_layer_s3.o: record/rec_layer_s3.c record/record_locl.h record/ssl3_buffer.o: ../e_os.h ../include/openssl/asn1.h record/ssl3_buffer.o: ../include/openssl/bio.h ../include/openssl/bn.h record/ssl3_buffer.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -351,7 +292,8 @@ record/ssl3_buffer.o: ../include/openssl/stack.h ../include/openssl/symhacks.h record/ssl3_buffer.o: ../include/openssl/tls1.h ../include/openssl/x509.h record/ssl3_buffer.o: ../include/openssl/x509_vfy.h record/../packet_locl.h record/ssl3_buffer.o: record/../record/record.h record/../ssl_locl.h -record/ssl3_buffer.o: record/record_locl.h record/ssl3_buffer.c +record/ssl3_buffer.o: record/../statem/statem.h record/record_locl.h +record/ssl3_buffer.o: record/ssl3_buffer.c record/ssl3_record.o: ../e_os.h ../include/internal/constant_time_locl.h record/ssl3_record.o: ../include/openssl/asn1.h ../include/openssl/bio.h record/ssl3_record.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -374,28 +316,8 @@ record/ssl3_record.o: ../include/openssl/ssl3.h ../include/openssl/stack.h record/ssl3_record.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h record/ssl3_record.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h record/ssl3_record.o: record/../packet_locl.h record/../record/record.h -record/ssl3_record.o: record/../ssl_locl.h record/record_locl.h -record/ssl3_record.o: record/ssl3_record.c -s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h -s3_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -s3_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s3_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_both.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_both.o: packet_locl.h record/record.h s3_both.c ssl_locl.h +record/ssl3_record.o: record/../ssl_locl.h record/../statem/statem.h +record/ssl3_record.o: record/record_locl.h record/ssl3_record.c s3_cbc.o: ../e_os.h ../include/internal/constant_time_locl.h s3_cbc.o: ../include/openssl/asn1.h ../include/openssl/bio.h s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -416,29 +338,7 @@ s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h -s3_cbc.o: record/record.h s3_cbc.c ssl_locl.h -s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h -s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -s3_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h -s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_clnt.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -s3_clnt.o: s3_clnt.c ssl_locl.h +s3_cbc.o: record/record.h s3_cbc.c ssl_locl.h statem/statem.h s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -458,7 +358,7 @@ s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h -s3_enc.o: record/record.h s3_enc.c ssl_locl.h +s3_enc.o: record/record.h s3_enc.c ssl_locl.h statem/statem.h s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -479,7 +379,7 @@ s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h -s3_lib.o: record/record.h s3_lib.c ssl_locl.h +s3_lib.o: record/record.h s3_lib.c ssl_locl.h statem/statem.h s3_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_msg.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_msg.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -499,29 +399,7 @@ s3_msg.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h s3_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s3_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h s3_msg.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h s3_msg.c -s3_msg.o: ssl_locl.h -s3_srvr.o: ../e_os.h ../include/internal/constant_time_locl.h -s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h -s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h -s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_srvr.o: packet_locl.h record/record.h s3_srvr.c ssl_locl.h +s3_msg.o: ssl_locl.h statem/statem.h ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -541,7 +419,7 @@ ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h ssl_algs.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -ssl_algs.o: ssl_algs.c ssl_locl.h +ssl_algs.o: ssl_algs.c ssl_locl.h statem/statem.h ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -561,7 +439,7 @@ ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_asn1.o: packet_locl.h record/record.h ssl_asn1.c ssl_locl.h +ssl_asn1.o: packet_locl.h record/record.h ssl_asn1.c ssl_locl.h statem/statem.h ssl_cert.o: ../e_os.h ../include/internal/o_dir.h ../include/openssl/asn1.h ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -583,7 +461,7 @@ ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_cert.o: ../include/openssl/x509v3.h packet_locl.h record/record.h -ssl_cert.o: ssl_cert.c ssl_locl.h +ssl_cert.o: ssl_cert.c ssl_locl.h statem/statem.h ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -603,7 +481,7 @@ ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_ciph.o: packet_locl.h record/record.h ssl_ciph.c ssl_locl.h +ssl_ciph.o: packet_locl.h record/record.h ssl_ciph.c ssl_locl.h statem/statem.h ssl_conf.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_conf.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_conf.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -624,7 +502,7 @@ ssl_conf.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h ssl_conf.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ssl_conf.o: ../include/openssl/tls1.h ../include/openssl/x509.h ssl_conf.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -ssl_conf.o: ssl_conf.c ssl_locl.h +ssl_conf.o: ssl_conf.c ssl_locl.h statem/statem.h ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_err.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h @@ -681,7 +559,7 @@ ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_lib.o: ../include/openssl/x509v3.h packet_locl.h record/record.h ssl_lib.c -ssl_lib.o: ssl_locl.h +ssl_lib.o: ssl_locl.h statem/statem.h ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -701,7 +579,7 @@ ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h ssl_rsa.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -ssl_rsa.o: ssl_locl.h ssl_rsa.c +ssl_rsa.o: ssl_locl.h ssl_rsa.c statem/statem.h ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -722,7 +600,7 @@ ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h ssl_sess.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -ssl_sess.o: ssl_locl.h ssl_sess.c +ssl_sess.o: ssl_locl.h ssl_sess.c statem/statem.h ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -742,7 +620,7 @@ ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h ssl_stat.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -ssl_stat.o: ssl_locl.h ssl_stat.c +ssl_stat.o: ssl_locl.h ssl_stat.c statem/statem.h ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -762,7 +640,7 @@ ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h ssl_txt.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -ssl_txt.o: ssl_locl.h ssl_txt.c +ssl_txt.o: ssl_locl.h ssl_txt.c statem/statem.h ssl_utst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_utst.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_utst.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -782,47 +660,126 @@ ssl_utst.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h ssl_utst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ssl_utst.o: ../include/openssl/tls1.h ../include/openssl/x509.h ssl_utst.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -ssl_utst.o: ssl_locl.h ssl_utst.c -statem.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -statem.o: ../include/openssl/bn.h ../include/openssl/buffer.h -statem.o: ../include/openssl/comp.h ../include/openssl/crypto.h -statem.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -statem.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -statem.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -statem.o: ../include/openssl/err.h ../include/openssl/evp.h -statem.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -statem.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -statem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -statem.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -statem.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -statem.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -statem.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -statem.o: ../include/openssl/sha.h ../include/openssl/srtp.h -statem.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -statem.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -statem.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -statem.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h -statem.o: record/record.h ssl_locl.h statem.c -t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h -t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h -t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -t1_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_clnt.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h -t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_clnt.o: packet_locl.h record/record.h ssl_locl.h t1_clnt.c +ssl_utst.o: ssl_locl.h ssl_utst.c statem/statem.h +statem/statem.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +statem/statem.o: ../include/openssl/bn.h ../include/openssl/buffer.h +statem/statem.o: ../include/openssl/comp.h ../include/openssl/crypto.h +statem/statem.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +statem/statem.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +statem/statem.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +statem/statem.o: ../include/openssl/err.h ../include/openssl/evp.h +statem/statem.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +statem/statem.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +statem/statem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +statem/statem.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +statem/statem.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +statem/statem.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +statem/statem.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +statem/statem.o: ../include/openssl/sha.h ../include/openssl/srtp.h +statem/statem.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +statem/statem.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +statem/statem.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +statem/statem.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +statem/statem.o: statem/../packet_locl.h statem/../record/record.h +statem/statem.o: statem/../ssl_locl.h statem/../statem/statem.h statem/statem.c +statem/statem_clnt.o: ../e_os.h ../include/openssl/asn1.h +statem/statem_clnt.o: ../include/openssl/bio.h ../include/openssl/bn.h +statem/statem_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h +statem/statem_clnt.o: ../include/openssl/crypto.h ../include/openssl/dh.h +statem/statem_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +statem/statem_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +statem/statem_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +statem/statem_clnt.o: ../include/openssl/engine.h ../include/openssl/err.h +statem/statem_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h +statem/statem_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h +statem/statem_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +statem/statem_clnt.o: ../include/openssl/opensslconf.h +statem/statem_clnt.o: ../include/openssl/opensslv.h +statem/statem_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +statem/statem_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +statem/statem_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +statem/statem_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +statem/statem_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h +statem/statem_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +statem/statem_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +statem/statem_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +statem/statem_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +statem/statem_clnt.o: statem/../packet_locl.h statem/../record/record.h +statem/statem_clnt.o: statem/../ssl_locl.h statem/../statem/statem.h +statem/statem_clnt.o: statem/statem_clnt.c +statem/statem_dtls.o: ../e_os.h ../include/openssl/asn1.h +statem/statem_dtls.o: ../include/openssl/bio.h ../include/openssl/bn.h +statem/statem_dtls.o: ../include/openssl/buffer.h ../include/openssl/comp.h +statem/statem_dtls.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +statem/statem_dtls.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +statem/statem_dtls.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +statem/statem_dtls.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +statem/statem_dtls.o: ../include/openssl/evp.h ../include/openssl/hmac.h +statem/statem_dtls.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +statem/statem_dtls.o: ../include/openssl/objects.h +statem/statem_dtls.o: ../include/openssl/opensslconf.h +statem/statem_dtls.o: ../include/openssl/opensslv.h +statem/statem_dtls.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +statem/statem_dtls.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +statem/statem_dtls.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +statem/statem_dtls.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +statem/statem_dtls.o: ../include/openssl/sha.h ../include/openssl/srtp.h +statem/statem_dtls.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +statem/statem_dtls.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +statem/statem_dtls.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +statem/statem_dtls.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +statem/statem_dtls.o: statem/../packet_locl.h statem/../record/record.h +statem/statem_dtls.o: statem/../ssl_locl.h statem/../statem/statem.h +statem/statem_dtls.o: statem/statem_dtls.c +statem/statem_lib.o: ../e_os.h ../include/openssl/asn1.h +statem/statem_lib.o: ../include/openssl/bio.h ../include/openssl/bn.h +statem/statem_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h +statem/statem_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +statem/statem_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +statem/statem_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +statem/statem_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +statem/statem_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h +statem/statem_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +statem/statem_lib.o: ../include/openssl/objects.h +statem/statem_lib.o: ../include/openssl/opensslconf.h +statem/statem_lib.o: ../include/openssl/opensslv.h +statem/statem_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +statem/statem_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +statem/statem_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +statem/statem_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +statem/statem_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h +statem/statem_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +statem/statem_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +statem/statem_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +statem/statem_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +statem/statem_lib.o: statem/../packet_locl.h statem/../record/record.h +statem/statem_lib.o: statem/../ssl_locl.h statem/../statem/statem.h +statem/statem_lib.o: statem/statem_lib.c +statem/statem_srvr.o: ../e_os.h ../include/internal/constant_time_locl.h +statem/statem_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h +statem/statem_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h +statem/statem_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h +statem/statem_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h +statem/statem_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +statem/statem_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +statem/statem_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +statem/statem_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h +statem/statem_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h +statem/statem_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +statem/statem_srvr.o: ../include/openssl/opensslconf.h +statem/statem_srvr.o: ../include/openssl/opensslv.h +statem/statem_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +statem/statem_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +statem/statem_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +statem/statem_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +statem/statem_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h +statem/statem_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +statem/statem_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +statem/statem_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +statem/statem_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +statem/statem_srvr.o: statem/../packet_locl.h statem/../record/record.h +statem/statem_srvr.o: statem/../ssl_locl.h statem/../statem/statem.h +statem/statem_srvr.o: statem/statem_srvr.c t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -843,7 +800,7 @@ t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h t1_enc.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -t1_enc.o: ssl_locl.h t1_enc.c +t1_enc.o: ssl_locl.h statem/statem.h t1_enc.c t1_ext.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_ext.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_ext.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -863,7 +820,7 @@ t1_ext.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h t1_ext.o: ../include/openssl/stack.h ../include/openssl/symhacks.h t1_ext.o: ../include/openssl/tls1.h ../include/openssl/x509.h t1_ext.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -t1_ext.o: ssl_locl.h t1_ext.c +t1_ext.o: ssl_locl.h statem/statem.h t1_ext.c t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -885,27 +842,7 @@ t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h -t1_lib.o: packet_locl.h record/record.h ssl_locl.h t1_lib.c -t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -t1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h -t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h -t1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -t1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_meth.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h -t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_meth.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -t1_meth.o: ssl_locl.h t1_meth.c +t1_lib.o: packet_locl.h record/record.h ssl_locl.h statem/statem.h t1_lib.c t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_reneg.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_reneg.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -925,27 +862,7 @@ t1_reneg.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h t1_reneg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h t1_reneg.o: ../include/openssl/tls1.h ../include/openssl/x509.h t1_reneg.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -t1_reneg.o: ssl_locl.h t1_reneg.c -t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h -t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -t1_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_srvr.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_srvr.o: packet_locl.h record/record.h ssl_locl.h t1_srvr.c +t1_reneg.o: ssl_locl.h statem/statem.h t1_reneg.c t1_trce.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_trce.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_trce.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -965,7 +882,7 @@ t1_trce.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h t1_trce.o: ../include/openssl/stack.h ../include/openssl/symhacks.h t1_trce.o: ../include/openssl/tls1.h ../include/openssl/x509.h t1_trce.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -t1_trce.o: ssl_locl.h t1_trce.c +t1_trce.o: ssl_locl.h statem/statem.h t1_trce.c tls_srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h tls_srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h tls_srp.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -986,4 +903,4 @@ tls_srp.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h tls_srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h tls_srp.o: ../include/openssl/tls1.h ../include/openssl/x509.h tls_srp.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h -tls_srp.o: ssl_locl.h tls_srp.c +tls_srp.o: ssl_locl.h statem/statem.h tls_srp.c diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c deleted file mode 100644 index d26e39cab5..0000000000 --- a/ssl/d1_clnt.c +++ /dev/null @@ -1,191 +0,0 @@ -/* ssl/d1_clnt.c */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "ssl_locl.h" -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_DH -# include -#endif - -static const SSL_METHOD *dtls1_get_client_method(int ver); - -static const SSL_METHOD *dtls1_get_client_method(int ver) -{ - if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) - return (DTLSv1_client_method()); - else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_client_method()); - else - return (NULL); -} - -IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, - DTLSv1_client_method, - ssl_undefined_function, - dtls1_connect, - dtls1_get_client_method, DTLSv1_enc_data) - - IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, - DTLSv1_2_client_method, - ssl_undefined_function, - dtls1_connect, - dtls1_get_client_method, DTLSv1_2_enc_data) - - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, - DTLS_client_method, - ssl_undefined_function, - dtls1_connect, - dtls1_get_client_method, DTLSv1_2_enc_data) - - -enum MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt) -{ - int al; - unsigned int cookie_len; - PACKET cookiepkt; - - if (!PACKET_forward(pkt, 2) - || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - - cookie_len = PACKET_remaining(&cookiepkt); - if (cookie_len > sizeof(s->d1->cookie)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_TOO_LONG); - goto f_err; - } - - if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - s->d1->cookie_len = cookie_len; - - return MSG_PROCESS_FINISHED_READING; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - statem_set_error(s); - return MSG_PROCESS_ERROR; -} diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 3bc9fe7362..2f9609affb 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -60,6 +60,7 @@ #include #define USE_SOCKETS #include +#include #include "ssl_locl.h" #if defined(OPENSSL_SYS_VMS) @@ -77,6 +78,9 @@ static int dtls1_set_handshake_header(SSL *s, int type, unsigned long len); static int dtls1_handshake_write(SSL *s); int dtls1_listen(SSL *s, struct sockaddr *client); +/* XDTLS: figure out the right values */ +static const unsigned int g_probable_mtu[] = { 1500, 512, 256 }; + const SSL3_ENC_METHOD DTLSv1_enc_data = { tls1_enc, tls1_mac, @@ -762,8 +766,8 @@ int dtls1_listen(SSL *s, struct sockaddr *client) } p = &buf[DTLS1_RT_HEADER_LENGTH]; - msglen = dtls1_raw_hello_verify_request(p + DTLS1_HM_HEADER_LENGTH, - cookie, cookielen); + msglen = dtls_raw_hello_verify_request(p + DTLS1_HM_HEADER_LENGTH, + cookie, cookielen); *p++ = DTLS1_MT_HELLO_VERIFY_REQUEST; @@ -905,3 +909,236 @@ static int dtls1_handshake_write(SSL *s) { return dtls1_do_write(s, SSL3_RT_HANDSHAKE); } + +#ifndef OPENSSL_NO_HEARTBEATS +int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) +{ + unsigned char *pl; + unsigned short hbtype; + unsigned int payload; + unsigned int padding = 16; /* Use minimum padding */ + + if (s->msg_callback) + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, + p, length, s, s->msg_callback_arg); + + /* Read type and payload length first */ + if (1 + 2 + 16 > length) + return 0; /* silently discard */ + if (length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; /* silently discard per RFC 6520 sec. 4 */ + + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + + if (hbtype == TLS1_HB_REQUEST) { + unsigned char *buffer, *bp; + unsigned int write_length = 1 /* heartbeat type */ + + 2 /* heartbeat length */ + + payload + padding; + int r; + + if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; + + /* + * Allocate memory for the response, size is 1 byte message type, + * plus 2 bytes payload length, plus payload, plus padding + */ + buffer = OPENSSL_malloc(write_length); + if (buffer == NULL) + return -1; + bp = buffer; + + /* Enter response type, length and copy payload */ + *bp++ = TLS1_HB_RESPONSE; + s2n(payload, bp); + memcpy(bp, pl, payload); + bp += payload; + /* Random padding */ + if (RAND_bytes(bp, padding) <= 0) { + OPENSSL_free(buffer); + return -1; + } + + r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); + + if (r >= 0 && s->msg_callback) + s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, + buffer, write_length, s, s->msg_callback_arg); + + OPENSSL_free(buffer); + + if (r < 0) + return r; + } else if (hbtype == TLS1_HB_RESPONSE) { + unsigned int seq; + + /* + * We only send sequence numbers (2 bytes unsigned int), and 16 + * random bytes, so we just try to read the sequence number + */ + n2s(pl, seq); + + if (payload == 18 && seq == s->tlsext_hb_seq) { + dtls1_stop_timer(s); + s->tlsext_hb_seq++; + s->tlsext_hb_pending = 0; + } + } + + return 0; +} + +int dtls1_heartbeat(SSL *s) +{ + unsigned char *buf, *p; + int ret = -1; + unsigned int payload = 18; /* Sequence number + random bytes */ + unsigned int padding = 16; /* Use minimum padding */ + + /* Only send if peer supports and accepts HB requests... */ + if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) || + s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) { + SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT); + return -1; + } + + /* ...and there is none in flight yet... */ + if (s->tlsext_hb_pending) { + SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING); + return -1; + } + + /* ...and no handshake in progress. */ + if (SSL_in_init(s) || s->in_handshake) { + SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE); + return -1; + } + + /* + * Check if padding is too long, payload and padding must not exceed 2^14 + * - 3 = 16381 bytes in total. + */ + OPENSSL_assert(payload + padding <= 16381); + + /*- + * Create HeartBeat message, we just use a sequence number + * as payload to distuingish different messages and add + * some random stuff. + * - Message Type, 1 byte + * - Payload Length, 2 bytes (unsigned int) + * - Payload, the sequence number (2 bytes uint) + * - Payload, random bytes (16 bytes uint) + * - Padding + */ + buf = OPENSSL_malloc(1 + 2 + payload + padding); + if (buf == NULL) { + SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_MALLOC_FAILURE); + return -1; + } + p = buf; + /* Message Type */ + *p++ = TLS1_HB_REQUEST; + /* Payload length (18 bytes here) */ + s2n(payload, p); + /* Sequence number */ + s2n(s->tlsext_hb_seq, p); + /* 16 random bytes */ + if (RAND_bytes(p, 16) <= 0) { + SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); + goto err; + } + p += 16; + /* Random padding */ + if (RAND_bytes(p, padding) <= 0) { + SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); + goto err; + } + + ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); + if (ret >= 0) { + if (s->msg_callback) + s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, + buf, 3 + payload + padding, + s, s->msg_callback_arg); + + dtls1_start_timer(s); + s->tlsext_hb_pending = 1; + } + + err: + OPENSSL_free(buf); + + return ret; +} +#endif + +int dtls1_shutdown(SSL *s) +{ + int ret; +#ifndef OPENSSL_NO_SCTP + BIO *wbio; + + wbio = SSL_get_wbio(s); + if (wbio != NULL && BIO_dgram_is_sctp(wbio) && + !(s->shutdown & SSL_SENT_SHUTDOWN)) { + ret = BIO_dgram_sctp_wait_for_dry(wbio); + if (ret < 0) + return -1; + + if (ret == 0) + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, + NULL); + } +#endif + ret = ssl3_shutdown(s); +#ifndef OPENSSL_NO_SCTP + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL); +#endif + return ret; +} + +int dtls1_query_mtu(SSL *s) +{ + if (s->d1->link_mtu) { + s->d1->mtu = + s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); + s->d1->link_mtu = 0; + } + + /* AHA! Figure out the MTU, and stick to the right size */ + if (s->d1->mtu < dtls1_min_mtu(s)) { + if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { + s->d1->mtu = + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); + + /* + * I've seen the kernel return bogus numbers when it doesn't know + * (initial write), so just make sure we have a reasonable number + */ + if (s->d1->mtu < dtls1_min_mtu(s)) { + /* Set to min mtu */ + s->d1->mtu = dtls1_min_mtu(s); + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, + s->d1->mtu, NULL); + } + } else + return 0; + } + return 1; +} + +unsigned int dtls1_link_min_mtu(void) +{ + return (g_probable_mtu[(sizeof(g_probable_mtu) / + sizeof(g_probable_mtu[0])) - 1]); +} + +unsigned int dtls1_min_mtu(SSL *s) +{ + return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); +} diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c deleted file mode 100644 index 734077493f..0000000000 --- a/ssl/d1_meth.c +++ /dev/null @@ -1,88 +0,0 @@ -/* ssl/d1_meth.h */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "ssl_locl.h" - -static const SSL_METHOD *dtls1_get_method(int ver); -static const SSL_METHOD *dtls1_get_method(int ver) -{ - if (ver == DTLS1_VERSION) - return (DTLSv1_method()); - else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_method()); - else - return (NULL); -} - -IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, - DTLSv1_method, - dtls1_accept, - dtls1_connect, dtls1_get_method, DTLSv1_enc_data) - - IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, - DTLSv1_2_method, - dtls1_accept, - dtls1_connect, dtls1_get_method, DTLSv1_2_enc_data) - - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, - DTLS_method, - dtls1_accept, - dtls1_connect, dtls1_get_method, DTLSv1_2_enc_data) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c deleted file mode 100644 index 47c6203799..0000000000 --- a/ssl/d1_srvr.c +++ /dev/null @@ -1,210 +0,0 @@ -/* ssl/d1_srvr.c */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "ssl_locl.h" -#include -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_DH -# include -#endif - -static const SSL_METHOD *dtls1_get_server_method(int ver); - -static const SSL_METHOD *dtls1_get_server_method(int ver) -{ - if (ver == DTLS1_VERSION) - return (DTLSv1_server_method()); - else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_server_method()); - else - return (NULL); -} - -IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, - DTLSv1_server_method, - dtls1_accept, - ssl_undefined_function, - dtls1_get_server_method, DTLSv1_enc_data) - -IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, - DTLSv1_2_server_method, - dtls1_accept, - ssl_undefined_function, - dtls1_get_server_method, DTLSv1_2_enc_data) - -IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, - DTLS_server_method, - dtls1_accept, - ssl_undefined_function, - dtls1_get_server_method, DTLSv1_2_enc_data) - - -unsigned int dtls1_raw_hello_verify_request(unsigned char *buf, - unsigned char *cookie, - unsigned char cookie_len) -{ - unsigned int msg_len; - unsigned char *p; - - p = buf; - /* Always use DTLS 1.0 version: see RFC 6347 */ - *(p++) = DTLS1_VERSION >> 8; - *(p++) = DTLS1_VERSION & 0xFF; - - *(p++) = (unsigned char)cookie_len; - memcpy(p, cookie, cookie_len); - p += cookie_len; - msg_len = p - buf; - - return msg_len; -} - - -int dtls_construct_hello_verify_request(SSL *s) -{ - unsigned int len; - unsigned char *buf; - - buf = (unsigned char *)s->init_buf->data; - - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0 || - s->d1->cookie_len > 255) { - SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, - SSL_R_COOKIE_GEN_CALLBACK_FAILURE); - statem_set_error(s); - return 0; - } - - len = dtls1_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH], - s->d1->cookie, s->d1->cookie_len); - - dtls1_set_message_header(s, buf, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0, - len); - len += DTLS1_HM_HEADER_LENGTH; - - /* number of bytes to write */ - s->init_num = len; - s->init_off = 0; - - return 1; -} diff --git a/ssl/methods.c b/ssl/methods.c new file mode 100644 index 0000000000..4e7093ed3c --- /dev/null +++ b/ssl/methods.c @@ -0,0 +1,347 @@ +/* ssl/t1_meth.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "ssl_locl.h" + +/* + * TLS/SSLv3 methods + */ + +static const SSL_METHOD *tls1_get_method(int ver) +{ + if (ver == TLS_ANY_VERSION) + return TLS_method(); + if (ver == TLS1_2_VERSION) + return TLSv1_2_method(); + if (ver == TLS1_1_VERSION) + return TLSv1_1_method(); + if (ver == TLS1_VERSION) + return TLSv1_method(); +#ifndef OPENSSL_NO_SSL3 + if (ver == SSL3_VERSION) + return (SSLv3_method()); + else +#endif + return NULL; +} + +IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_method, + statem_accept, + statem_connect, tls1_get_method, TLSv1_2_enc_data) + +IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method, + statem_accept, + statem_connect, tls1_get_method, TLSv1_2_enc_data) + +IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method, + statem_accept, + statem_connect, tls1_get_method, TLSv1_1_enc_data) + +IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method, + statem_accept, + statem_connect, tls1_get_method, TLSv1_enc_data) + +#ifndef OPENSSL_NO_SSL3_METHOD +IMPLEMENT_ssl3_meth_func(SSLv3_method, + statem_accept, statem_connect, tls1_get_method) +#endif + + +/* + * TLS/SSLv3 server methods + */ + +static const SSL_METHOD *tls1_get_server_method(int ver) +{ + if (ver == TLS_ANY_VERSION) + return TLS_server_method(); + if (ver == TLS1_2_VERSION) + return TLSv1_2_server_method(); + if (ver == TLS1_1_VERSION) + return TLSv1_1_server_method(); + if (ver == TLS1_VERSION) + return TLSv1_server_method(); +#ifndef OPENSSL_NO_SSL3 + if (ver == SSL3_VERSION) + return (SSLv3_server_method()); +#endif + return NULL; +} + +IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_server_method, + statem_accept, + ssl_undefined_function, + tls1_get_server_method, TLSv1_2_enc_data) + +IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method, + statem_accept, + ssl_undefined_function, + tls1_get_server_method, TLSv1_2_enc_data) + +IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method, + statem_accept, + ssl_undefined_function, + tls1_get_server_method, TLSv1_1_enc_data) + +IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method, + statem_accept, + ssl_undefined_function, + tls1_get_server_method, TLSv1_enc_data) + +#ifndef OPENSSL_NO_SSL3_METHOD +IMPLEMENT_ssl3_meth_func(SSLv3_server_method, + statem_accept, + ssl_undefined_function, tls1_get_server_method) +#endif + + +/* + * TLS/SSLv3 client methods + */ + +static const SSL_METHOD *tls1_get_client_method(int ver) +{ + if (ver == TLS_ANY_VERSION) + return TLS_client_method(); + if (ver == TLS1_2_VERSION) + return TLSv1_2_client_method(); + if (ver == TLS1_1_VERSION) + return TLSv1_1_client_method(); + if (ver == TLS1_VERSION) + return TLSv1_client_method(); +#ifndef OPENSSL_NO_SSL3 + if (ver == SSL3_VERSION) + return (SSLv3_client_method()); +#endif + return NULL; +} + +IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_client_method, + ssl_undefined_function, + statem_connect, + tls1_get_client_method, TLSv1_2_enc_data) + +IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method, + ssl_undefined_function, + statem_connect, + tls1_get_client_method, TLSv1_2_enc_data) + +IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method, + ssl_undefined_function, + statem_connect, + tls1_get_client_method, TLSv1_1_enc_data) + +IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method, + ssl_undefined_function, + statem_connect, tls1_get_client_method, TLSv1_enc_data) + +#ifndef OPENSSL_NO_SSL3_METHOD +IMPLEMENT_ssl3_meth_func(SSLv3_client_method, + ssl_undefined_function, + statem_connect, tls1_get_client_method) +#endif + + +/* + * DTLS methods + */ +static const SSL_METHOD *dtls1_get_method(int ver) +{ + if (ver == DTLS1_VERSION) + return (DTLSv1_method()); + else if (ver == DTLS1_2_VERSION) + return (DTLSv1_2_method()); + else + return (NULL); +} + +IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, + DTLSv1_method, + statem_accept, + statem_connect, dtls1_get_method, DTLSv1_enc_data) + +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, + DTLSv1_2_method, + statem_accept, + statem_connect, dtls1_get_method, DTLSv1_2_enc_data) + +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, + DTLS_method, + statem_accept, + statem_connect, dtls1_get_method, DTLSv1_2_enc_data) + + +/* + * DTLS server methods + */ + +static const SSL_METHOD *dtls1_get_server_method(int ver) +{ + if (ver == DTLS1_VERSION) + return (DTLSv1_server_method()); + else if (ver == DTLS1_2_VERSION) + return (DTLSv1_2_server_method()); + else + return (NULL); +} + +IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, + DTLSv1_server_method, + statem_accept, + ssl_undefined_function, + dtls1_get_server_method, DTLSv1_enc_data) + +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, + DTLSv1_2_server_method, + statem_accept, + ssl_undefined_function, + dtls1_get_server_method, DTLSv1_2_enc_data) + +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, + DTLS_server_method, + statem_accept, + ssl_undefined_function, + dtls1_get_server_method, DTLSv1_2_enc_data) + + +/* + * DTLS client methods + */ + +static const SSL_METHOD *dtls1_get_client_method(int ver) +{ + if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) + return (DTLSv1_client_method()); + else if (ver == DTLS1_2_VERSION) + return (DTLSv1_2_client_method()); + else + return (NULL); +} + +IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, + DTLSv1_client_method, + ssl_undefined_function, + statem_connect, + dtls1_get_client_method, DTLSv1_enc_data) + +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, + DTLSv1_2_client_method, + ssl_undefined_function, + statem_connect, + dtls1_get_client_method, DTLSv1_2_enc_data) + +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, + DTLS_client_method, + ssl_undefined_function, + statem_connect, + dtls1_get_client_method, DTLSv1_2_enc_data) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index ab095c8267..25afff8c9b 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -166,6 +166,7 @@ # include #include "record/record.h" +#include "statem/statem.h" #include "packet_locl.h" # ifdef OPENSSL_BUILD_SHLIBSSL @@ -715,88 +716,6 @@ struct ssl_comp_st { DECLARE_STACK_OF(SSL_COMP) DECLARE_LHASH_OF(SSL_SESSION); -/* - * Valid return codes used for functions performing work prior to or after - * sending or receiving a message - */ -enum WORK_STATE { - /* Something went wrong */ - WORK_ERROR, - /* We're done working and there shouldn't be anything else to do after */ - WORK_FINISHED_STOP, - /* We're done working move onto the next thing */ - WORK_FINISHED_CONTINUE, - /* We're working on phase A */ - WORK_MORE_A, - /* We're working on phase B */ - WORK_MORE_B -}; - -/* Write transition return codes */ -enum WRITE_TRAN { - /* Something went wrong */ - WRITE_TRAN_ERROR, - /* A transition was successfully completed and we should continue */ - WRITE_TRAN_CONTINUE, - /* There is no more write work to be done */ - WRITE_TRAN_FINISHED -}; - -/* Message processing return codes */ -enum MSG_PROCESS_RETURN { - MSG_PROCESS_ERROR, - MSG_PROCESS_FINISHED_READING, - MSG_PROCESS_CONTINUE_PROCESSING, - MSG_PROCESS_CONTINUE_READING -}; - -/* Message flow states */ -enum MSG_FLOW_STATE { - /* No handshake in progress */ - MSG_FLOW_UNINITED, - /* A permanent error with this connection */ - MSG_FLOW_ERROR, - /* We are about to renegotiate */ - MSG_FLOW_RENEGOTIATE, - /* We are reading messages */ - MSG_FLOW_READING, - /* We are writing messages */ - MSG_FLOW_WRITING, - /* Handshake has finished */ - MSG_FLOW_FINISHED -}; - -/* Read states */ -enum READ_STATE { - READ_STATE_HEADER, - READ_STATE_BODY, - READ_STATE_POST_PROCESS -}; - -/* Write states */ -enum WRITE_STATE { - WRITE_STATE_TRANSITION, - WRITE_STATE_PRE_WORK, - WRITE_STATE_SEND, - WRITE_STATE_POST_WORK -}; - -struct statem_st { - enum MSG_FLOW_STATE state; - enum WRITE_STATE write_state; - enum WORK_STATE write_state_work; - enum READ_STATE read_state; - enum WORK_STATE read_state_work; - enum HANDSHAKE_STATE hand_state; - int in_init; - int read_state_first_init; - int use_timer; -#ifndef OPENSSL_NO_SCTP - int in_sctp_read_sock; -#endif -}; -typedef struct statem_st STATEM; - struct ssl_ctx_st { const SSL_METHOD *method; @@ -2033,18 +1952,6 @@ __owur SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, __owur int ssl3_digest_cached_records(SSL *s, int keep); __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); -__owur int ssl3_accept(SSL *s); -__owur int ssl3_connect(SSL *s); -void statem_clear(SSL *s); -void statem_set_renegotiate(SSL *s); -void statem_set_error(SSL *s); -int statem_in_error(const SSL *s); -void statem_set_in_init(SSL *s, int init); -__owur int statem_app_data_allowed(SSL *s); -#ifndef OPENSSL_NO_SCTP -void statem_set_sctp_read_sock(SSL *s, int read_sock); -__owur int statem_in_sctp_read_sock(SSL *s); -#endif __owur int ssl3_read(SSL *s, void *buf, int len); __owur int ssl3_peek(SSL *s, void *buf, int len); __owur int ssl3_write(SSL *s, const void *buf, int len); @@ -2091,13 +1998,14 @@ void dtls1_start_timer(SSL *s); void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); void dtls1_double_timeout(SSL *s); -__owur unsigned int dtls1_raw_hello_verify_request(unsigned char *buf, - unsigned char *cookie, - unsigned char cookie_len); +__owur unsigned int dtls_raw_hello_verify_request(unsigned char *buf, + unsigned char *cookie, + unsigned char cookie_len); __owur int dtls1_send_newsession_ticket(SSL *s); __owur unsigned int dtls1_min_mtu(SSL *s); __owur unsigned int dtls1_link_min_mtu(void); void dtls1_hm_fragment_free(hm_fragment *frag); +__owur int dtls1_query_mtu(SSL *s); /* some client-only functions */ __owur int tls_construct_client_hello(SSL *s); @@ -2154,8 +2062,6 @@ long tls1_ctrl(SSL *s, int cmd, long larg, void *parg); long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); __owur int dtls1_new(SSL *s); -__owur int dtls1_accept(SSL *s); -__owur int dtls1_connect(SSL *s); void dtls1_free(SSL *s); void dtls1_clear(SSL *s); long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); diff --git a/ssl/statem.c b/ssl/statem/statem.c similarity index 99% rename from ssl/statem.c rename to ssl/statem/statem.c index 81af75c4d5..7e4f524ddc 100644 --- a/ssl/statem.c +++ b/ssl/statem/statem.c @@ -1,4 +1,4 @@ -/* ssl/statem.c */ +/* ssl/statem/statem.c */ /* * Written by Matt Caswell for the OpenSSL project. */ @@ -57,7 +57,7 @@ */ #include -#include "ssl_locl.h" +#include "../ssl_locl.h" /* * This file implements the SSL/TLS/DTLS state machines. @@ -215,21 +215,11 @@ void statem_set_in_init(SSL *s, int init) s->statem.in_init = init; } -int ssl3_connect(SSL *s) { +int statem_connect(SSL *s) { return state_machine(s, 0); } -int dtls1_connect(SSL *s) -{ - return state_machine(s, 0); -} - -int ssl3_accept(SSL *s) -{ - return state_machine(s, 1); -} - -int dtls1_accept(SSL *s) +int statem_accept(SSL *s) { return state_machine(s, 1); } diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h new file mode 100644 index 0000000000..b6256f9788 --- /dev/null +++ b/ssl/statem/statem.h @@ -0,0 +1,174 @@ +/* ssl/statem/statem.h */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/***************************************************************************** + * * + * These emums should be considered PRIVATE to the state machine. No * + * non-state machine code should need to use these * + * * + *****************************************************************************/ +/* + * Valid return codes used for functions performing work prior to or after + * sending or receiving a message + */ +enum WORK_STATE { + /* Something went wrong */ + WORK_ERROR, + /* We're done working and there shouldn't be anything else to do after */ + WORK_FINISHED_STOP, + /* We're done working move onto the next thing */ + WORK_FINISHED_CONTINUE, + /* We're working on phase A */ + WORK_MORE_A, + /* We're working on phase B */ + WORK_MORE_B +}; + +/* Write transition return codes */ +enum WRITE_TRAN { + /* Something went wrong */ + WRITE_TRAN_ERROR, + /* A transition was successfully completed and we should continue */ + WRITE_TRAN_CONTINUE, + /* There is no more write work to be done */ + WRITE_TRAN_FINISHED +}; + +/* Message processing return codes */ +enum MSG_PROCESS_RETURN { + MSG_PROCESS_ERROR, + MSG_PROCESS_FINISHED_READING, + MSG_PROCESS_CONTINUE_PROCESSING, + MSG_PROCESS_CONTINUE_READING +}; + +/* Message flow states */ +enum MSG_FLOW_STATE { + /* No handshake in progress */ + MSG_FLOW_UNINITED, + /* A permanent error with this connection */ + MSG_FLOW_ERROR, + /* We are about to renegotiate */ + MSG_FLOW_RENEGOTIATE, + /* We are reading messages */ + MSG_FLOW_READING, + /* We are writing messages */ + MSG_FLOW_WRITING, + /* Handshake has finished */ + MSG_FLOW_FINISHED +}; + +/* Read states */ +enum READ_STATE { + READ_STATE_HEADER, + READ_STATE_BODY, + READ_STATE_POST_PROCESS +}; + +/* Write states */ +enum WRITE_STATE { + WRITE_STATE_TRANSITION, + WRITE_STATE_PRE_WORK, + WRITE_STATE_SEND, + WRITE_STATE_POST_WORK +}; + + +/***************************************************************************** + * * + * This structure should be considered "opaque" to anything outside of the * + * state machine. No non-state machine code should be accessing the members * + * of this structure. * + * * + *****************************************************************************/ + +struct statem_st { + enum MSG_FLOW_STATE state; + enum WRITE_STATE write_state; + enum WORK_STATE write_state_work; + enum READ_STATE read_state; + enum WORK_STATE read_state_work; + enum HANDSHAKE_STATE hand_state; + int in_init; + int read_state_first_init; + int use_timer; +#ifndef OPENSSL_NO_SCTP + int in_sctp_read_sock; +#endif +}; +typedef struct statem_st STATEM; + + +/***************************************************************************** + * * + * The following macros/functions represent the libssl internal API to the * + * state machine. Any libssl code may call these functions/macros * + * * + *****************************************************************************/ + +__owur int statem_accept(SSL *s); +__owur int statem_connect(SSL *s); +void statem_clear(SSL *s); +void statem_set_renegotiate(SSL *s); +void statem_set_error(SSL *s); +int statem_in_error(const SSL *s); +void statem_set_in_init(SSL *s, int init); +__owur int statem_app_data_allowed(SSL *s); +#ifndef OPENSSL_NO_SCTP +void statem_set_sctp_read_sock(SSL *s, int read_sock); +__owur int statem_in_sctp_read_sock(SSL *s); +#endif + + diff --git a/ssl/s3_clnt.c b/ssl/statem/statem_clnt.c similarity index 98% rename from ssl/s3_clnt.c rename to ssl/statem/statem_clnt.c index 49a9f60259..3ff427650b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1,4 +1,4 @@ -/* ssl/s3_clnt.c */ +/* ssl/statem/statem_clnt.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -149,7 +149,7 @@ */ #include -#include "ssl_locl.h" +#include "../ssl_locl.h" #include #include #include @@ -448,6 +448,40 @@ int tls_construct_client_hello(SSL *s) return 0; } +enum MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt) +{ + int al; + unsigned int cookie_len; + PACKET cookiepkt; + + if (!PACKET_forward(pkt, 2) + || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + + cookie_len = PACKET_remaining(&cookiepkt); + if (cookie_len > sizeof(s->d1->cookie)) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_TOO_LONG); + goto f_err; + } + + if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + s->d1->cookie_len = cookie_len; + + return MSG_PROCESS_FINISHED_READING; + f_err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + statem_set_error(s); + return MSG_PROCESS_ERROR; +} + enum MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) { STACK_OF(SSL_CIPHER) *sk; diff --git a/ssl/d1_both.c b/ssl/statem/statem_dtls.c similarity index 86% rename from ssl/d1_both.c rename to ssl/statem/statem_dtls.c index e20278b1ce..e13ed8d247 100644 --- a/ssl/d1_both.c +++ b/ssl/statem/statem_dtls.c @@ -1,4 +1,4 @@ -/* ssl/d1_both.c */ +/* ssl/statem/statem_dtls.c */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -116,7 +116,7 @@ #include #include #include -#include "ssl_locl.h" +#include "../ssl_locl.h" #include #include #include @@ -149,9 +149,6 @@ static unsigned char bitmask_start_values[] = static unsigned char bitmask_end_values[] = { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; -/* XDTLS: figure out the right values */ -static const unsigned int g_probable_mtu[] = { 1500, 512, 256 }; - static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len); static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); @@ -214,36 +211,6 @@ void dtls1_hm_fragment_free(hm_fragment *frag) OPENSSL_free(frag); } -static int dtls1_query_mtu(SSL *s) -{ - if (s->d1->link_mtu) { - s->d1->mtu = - s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); - s->d1->link_mtu = 0; - } - - /* AHA! Figure out the MTU, and stick to the right size */ - if (s->d1->mtu < dtls1_min_mtu(s)) { - if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - s->d1->mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); - - /* - * I've seen the kernel return bogus numbers when it doesn't know - * (initial write), so just make sure we have a reasonable number - */ - if (s->d1->mtu < dtls1_min_mtu(s)) { - /* Set to min mtu */ - s->d1->mtu = dtls1_min_mtu(s); - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - s->d1->mtu, NULL); - } - } else - return 0; - } - return 1; -} - /* * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or * SSL3_RT_CHANGE_CIPHER_SPEC) @@ -1301,17 +1268,6 @@ static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p) return p; } -unsigned int dtls1_link_min_mtu(void) -{ - return (g_probable_mtu[(sizeof(g_probable_mtu) / - sizeof(g_probable_mtu[0])) - 1]); -} - -unsigned int dtls1_min_mtu(SSL *s) -{ - return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); -} - void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) { @@ -1324,194 +1280,4 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) n2l3(data, msg_hdr->frag_len); } -int dtls1_shutdown(SSL *s) -{ - int ret; -#ifndef OPENSSL_NO_SCTP - BIO *wbio; - - wbio = SSL_get_wbio(s); - if (wbio != NULL && BIO_dgram_is_sctp(wbio) && - !(s->shutdown & SSL_SENT_SHUTDOWN)) { - ret = BIO_dgram_sctp_wait_for_dry(wbio); - if (ret < 0) - return -1; - - if (ret == 0) - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, - NULL); - } -#endif - ret = ssl3_shutdown(s); -#ifndef OPENSSL_NO_SCTP - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL); -#endif - return ret; -} - -#ifndef OPENSSL_NO_HEARTBEATS -int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) -{ - unsigned char *pl; - unsigned short hbtype; - unsigned int payload; - unsigned int padding = 16; /* Use minimum padding */ - - if (s->msg_callback) - s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - p, length, s, s->msg_callback_arg); - - /* Read type and payload length first */ - if (1 + 2 + 16 > length) - return 0; /* silently discard */ - if (length > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; /* silently discard per RFC 6520 sec. 4 */ - - hbtype = *p++; - n2s(p, payload); - if (1 + 2 + payload + 16 > length) - return 0; /* silently discard per RFC 6520 sec. 4 */ - pl = p; - - if (hbtype == TLS1_HB_REQUEST) { - unsigned char *buffer, *bp; - unsigned int write_length = 1 /* heartbeat type */ + - 2 /* heartbeat length */ + - payload + padding; - int r; - - if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; - - /* - * Allocate memory for the response, size is 1 byte message type, - * plus 2 bytes payload length, plus payload, plus padding - */ - buffer = OPENSSL_malloc(write_length); - if (buffer == NULL) - return -1; - bp = buffer; - - /* Enter response type, length and copy payload */ - *bp++ = TLS1_HB_RESPONSE; - s2n(payload, bp); - memcpy(bp, pl, payload); - bp += payload; - /* Random padding */ - if (RAND_bytes(bp, padding) <= 0) { - OPENSSL_free(buffer); - return -1; - } - - r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); - - if (r >= 0 && s->msg_callback) - s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buffer, write_length, s, s->msg_callback_arg); - - OPENSSL_free(buffer); - - if (r < 0) - return r; - } else if (hbtype == TLS1_HB_RESPONSE) { - unsigned int seq; - - /* - * We only send sequence numbers (2 bytes unsigned int), and 16 - * random bytes, so we just try to read the sequence number - */ - n2s(pl, seq); - - if (payload == 18 && seq == s->tlsext_hb_seq) { - dtls1_stop_timer(s); - s->tlsext_hb_seq++; - s->tlsext_hb_pending = 0; - } - } - - return 0; -} - -int dtls1_heartbeat(SSL *s) -{ - unsigned char *buf, *p; - int ret = -1; - unsigned int payload = 18; /* Sequence number + random bytes */ - unsigned int padding = 16; /* Use minimum padding */ - - /* Only send if peer supports and accepts HB requests... */ - if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) || - s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT); - return -1; - } - /* ...and there is none in flight yet... */ - if (s->tlsext_hb_pending) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING); - return -1; - } - - /* ...and no handshake in progress. */ - if (SSL_in_init(s) || s->in_handshake) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE); - return -1; - } - - /* - * Check if padding is too long, payload and padding must not exceed 2^14 - * - 3 = 16381 bytes in total. - */ - OPENSSL_assert(payload + padding <= 16381); - - /*- - * Create HeartBeat message, we just use a sequence number - * as payload to distuingish different messages and add - * some random stuff. - * - Message Type, 1 byte - * - Payload Length, 2 bytes (unsigned int) - * - Payload, the sequence number (2 bytes uint) - * - Payload, random bytes (16 bytes uint) - * - Padding - */ - buf = OPENSSL_malloc(1 + 2 + payload + padding); - if (buf == NULL) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_MALLOC_FAILURE); - return -1; - } - p = buf; - /* Message Type */ - *p++ = TLS1_HB_REQUEST; - /* Payload length (18 bytes here) */ - s2n(payload, p); - /* Sequence number */ - s2n(s->tlsext_hb_seq, p); - /* 16 random bytes */ - if (RAND_bytes(p, 16) <= 0) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); - goto err; - } - p += 16; - /* Random padding */ - if (RAND_bytes(p, padding) <= 0) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); - goto err; - } - - ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); - if (ret >= 0) { - if (s->msg_callback) - s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buf, 3 + payload + padding, - s, s->msg_callback_arg); - - dtls1_start_timer(s); - s->tlsext_hb_pending = 1; - } - - err: - OPENSSL_free(buf); - - return ret; -} -#endif diff --git a/ssl/s3_both.c b/ssl/statem/statem_lib.c similarity index 99% rename from ssl/s3_both.c rename to ssl/statem/statem_lib.c index 47f02dbf3a..75d151e5e0 100644 --- a/ssl/s3_both.c +++ b/ssl/statem/statem_lib.c @@ -1,4 +1,4 @@ -/* ssl/s3_both.c */ +/* ssl/statem/statem_lib.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -117,7 +117,7 @@ #include #include #include -#include "ssl_locl.h" +#include "../ssl_locl.h" #include #include #include @@ -410,13 +410,13 @@ enum WORK_STATE tls_finish_handshake(SSL *s, enum WORK_STATE wst) ssl_update_cache(s, SSL_SESS_CACHE_SERVER); s->ctx->stats.sess_accept_good++; - s->handshake_func = ssl3_accept; + s->handshake_func = statem_accept; } else { ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); if (s->hit) s->ctx->stats.sess_hit++; - s->handshake_func = ssl3_connect; + s->handshake_func = statem_connect; s->ctx->stats.sess_connect_good++; } diff --git a/ssl/s3_srvr.c b/ssl/statem/statem_srvr.c similarity index 98% rename from ssl/s3_srvr.c rename to ssl/statem/statem_srvr.c index 4442223282..5f85a8c500 100644 --- a/ssl/s3_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1,4 +1,4 @@ -/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */ +/* ssl/statem/statem_srvr.c -*- mode:C; c-file-style: "eay" -*- */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -150,7 +150,7 @@ #include -#include "ssl_locl.h" +#include "../ssl_locl.h" #include "internal/constant_time_locl.h" #include #include @@ -204,6 +204,57 @@ int tls_construct_hello_request(SSL *s) return 1; } +unsigned int dtls_raw_hello_verify_request(unsigned char *buf, + unsigned char *cookie, + unsigned char cookie_len) +{ + unsigned int msg_len; + unsigned char *p; + + p = buf; + /* Always use DTLS 1.0 version: see RFC 6347 */ + *(p++) = DTLS1_VERSION >> 8; + *(p++) = DTLS1_VERSION & 0xFF; + + *(p++) = (unsigned char)cookie_len; + memcpy(p, cookie, cookie_len); + p += cookie_len; + msg_len = p - buf; + + return msg_len; +} + +int dtls_construct_hello_verify_request(SSL *s) +{ + unsigned int len; + unsigned char *buf; + + buf = (unsigned char *)s->init_buf->data; + + if (s->ctx->app_gen_cookie_cb == NULL || + s->ctx->app_gen_cookie_cb(s, s->d1->cookie, + &(s->d1->cookie_len)) == 0 || + s->d1->cookie_len > 255) { + SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, + SSL_R_COOKIE_GEN_CALLBACK_FAILURE); + statem_set_error(s); + return 0; + } + + len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH], + s->d1->cookie, s->d1->cookie_len); + + dtls1_set_message_header(s, buf, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0, + len); + len += DTLS1_HM_HEADER_LENGTH; + + /* number of bytes to write */ + s->init_num = len; + s->init_off = 0; + + return 1; +} + enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) { int i, al = SSL_AD_INTERNAL_ERROR; diff --git a/ssl/t1_clnt.c b/ssl/t1_clnt.c deleted file mode 100644 index 9e117e9a69..0000000000 --- a/ssl/t1_clnt.c +++ /dev/null @@ -1,107 +0,0 @@ -/* ssl/t1_clnt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "ssl_locl.h" -#include -#include -#include -#include - -static const SSL_METHOD *tls1_get_client_method(int ver); -static const SSL_METHOD *tls1_get_client_method(int ver) -{ - if (ver == TLS_ANY_VERSION) - return TLS_client_method(); - if (ver == TLS1_2_VERSION) - return TLSv1_2_client_method(); - if (ver == TLS1_1_VERSION) - return TLSv1_1_client_method(); - if (ver == TLS1_VERSION) - return TLSv1_client_method(); -#ifndef OPENSSL_NO_SSL3 - if (ver == SSL3_VERSION) - return (SSLv3_client_method()); -#endif - return NULL; -} - -IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_client_method, - ssl_undefined_function, - ssl3_connect, - tls1_get_client_method, TLSv1_2_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method, - ssl_undefined_function, - ssl3_connect, - tls1_get_client_method, TLSv1_2_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method, - ssl_undefined_function, - ssl3_connect, - tls1_get_client_method, TLSv1_1_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method, - ssl_undefined_function, - ssl3_connect, tls1_get_client_method, TLSv1_enc_data) - -#ifndef OPENSSL_NO_SSL3_METHOD -IMPLEMENT_ssl3_meth_func(SSLv3_client_method, - ssl_undefined_function, - ssl3_connect, tls1_get_client_method) -#endif diff --git a/ssl/t1_meth.c b/ssl/t1_meth.c deleted file mode 100644 index aa16d3f2a8..0000000000 --- a/ssl/t1_meth.c +++ /dev/null @@ -1,100 +0,0 @@ -/* ssl/t1_meth.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "ssl_locl.h" - -static const SSL_METHOD *tls1_get_method(int ver) -{ - if (ver == TLS_ANY_VERSION) - return TLS_method(); - if (ver == TLS1_2_VERSION) - return TLSv1_2_method(); - if (ver == TLS1_1_VERSION) - return TLSv1_1_method(); - if (ver == TLS1_VERSION) - return TLSv1_method(); -#ifndef OPENSSL_NO_SSL3 - if (ver == SSL3_VERSION) - return (SSLv3_method()); - else -#endif - return NULL; -} - -IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_method, - ssl3_accept, - ssl3_connect, tls1_get_method, TLSv1_2_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method, - ssl3_accept, - ssl3_connect, tls1_get_method, TLSv1_2_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method, - ssl3_accept, - ssl3_connect, tls1_get_method, TLSv1_1_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method, - ssl3_accept, - ssl3_connect, tls1_get_method, TLSv1_enc_data) - -#ifndef OPENSSL_NO_SSL3_METHOD -IMPLEMENT_ssl3_meth_func(SSLv3_method, - ssl3_accept, ssl3_connect, tls1_get_method) -#endif diff --git a/ssl/t1_srvr.c b/ssl/t1_srvr.c deleted file mode 100644 index 6e54b5169c..0000000000 --- a/ssl/t1_srvr.c +++ /dev/null @@ -1,109 +0,0 @@ -/* ssl/t1_srvr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "ssl_locl.h" -#include -#include -#include -#include -#include - -static const SSL_METHOD *tls1_get_server_method(int ver); -static const SSL_METHOD *tls1_get_server_method(int ver) -{ - if (ver == TLS_ANY_VERSION) - return TLS_server_method(); - if (ver == TLS1_2_VERSION) - return TLSv1_2_server_method(); - if (ver == TLS1_1_VERSION) - return TLSv1_1_server_method(); - if (ver == TLS1_VERSION) - return TLSv1_server_method(); -#ifndef OPENSSL_NO_SSL3 - if (ver == SSL3_VERSION) - return (SSLv3_server_method()); -#endif - return NULL; -} - -IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_server_method, - ssl3_accept, - ssl_undefined_function, - tls1_get_server_method, TLSv1_2_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method, - ssl3_accept, - ssl_undefined_function, - tls1_get_server_method, TLSv1_2_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method, - ssl3_accept, - ssl_undefined_function, - tls1_get_server_method, TLSv1_1_enc_data) - -IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method, - ssl3_accept, - ssl_undefined_function, - tls1_get_server_method, TLSv1_enc_data) - -#ifndef OPENSSL_NO_SSL3_METHOD -IMPLEMENT_ssl3_meth_func(SSLv3_server_method, - ssl3_accept, - ssl_undefined_function, tls1_get_server_method) -#endif diff --git a/test/Makefile b/test/Makefile index 6f32758074..ffeba40fb6 100644 --- a/test/Makefile +++ b/test/Makefile @@ -559,7 +559,7 @@ heartbeat_test.o: ../include/openssl/ssl3.h ../include/openssl/stack.h heartbeat_test.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h heartbeat_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h heartbeat_test.o: ../ssl/packet_locl.h ../ssl/record/record.h ../ssl/ssl_locl.h -heartbeat_test.o: heartbeat_test.c testutil.h +heartbeat_test.o: ../ssl/statem/statem.h heartbeat_test.c testutil.h hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h @@ -681,7 +681,8 @@ ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.o: ../include/openssl/x509v3.h ../ssl/packet_locl.h -ssltest.o: ../ssl/record/record.h ../ssl/ssl_locl.h ssltest.c +ssltest.o: ../ssl/record/record.h ../ssl/ssl_locl.h ../ssl/statem/statem.h +ssltest.o: ssltest.c testutil.o: ../e_os.h ../include/openssl/e_os2.h testutil.o: ../include/openssl/opensslconf.h testutil.c testutil.h v3nametest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -- 2.40.0