diff options
Diffstat (limited to 'extra/yassl/src/ssl.cpp')
| -rw-r--r-- | extra/yassl/src/ssl.cpp | 123 |
1 files changed, 72 insertions, 51 deletions
diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 05c260e80ca..8401798534b 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -252,60 +252,73 @@ int SSL_connect(SSL* ssl) if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ)) ssl->SetError(no_error); + if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) { + + ssl->SetError(no_error); + ssl->SendWriteBuffered(); + if (!ssl->GetError()) + ssl->useStates().UseConnect() = + ConnectState(ssl->getStates().GetConnect() + 1); + } + ClientState neededState; switch (ssl->getStates().GetConnect()) { case CONNECT_BEGIN : - sendClientHello(*ssl); + sendClientHello(*ssl); if (!ssl->GetError()) ssl->useStates().UseConnect() = CLIENT_HELLO_SENT; case CLIENT_HELLO_SENT : neededState = ssl->getSecurity().get_resuming() ? - serverFinishedComplete : serverHelloDoneComplete; - while (ssl->getStates().getClient() < neededState) { - if (ssl->GetError()) break; - processReply(*ssl); - } + serverFinishedComplete : serverHelloDoneComplete; + while (ssl->getStates().getClient() < neededState) { + if (ssl->GetError()) break; + processReply(*ssl); + // if resumption failed, reset needed state + if (neededState == serverFinishedComplete) + if (!ssl->getSecurity().get_resuming()) + neededState = serverHelloDoneComplete; + } if (!ssl->GetError()) ssl->useStates().UseConnect() = FIRST_REPLY_DONE; case FIRST_REPLY_DONE : - if(ssl->getCrypto().get_certManager().sendVerify()) - sendCertificate(*ssl); + if(ssl->getCrypto().get_certManager().sendVerify()) + sendCertificate(*ssl); - if (!ssl->getSecurity().get_resuming()) - sendClientKeyExchange(*ssl); + if (!ssl->getSecurity().get_resuming()) + sendClientKeyExchange(*ssl); - if(ssl->getCrypto().get_certManager().sendVerify()) - sendCertificateVerify(*ssl); + if(ssl->getCrypto().get_certManager().sendVerify()) + sendCertificateVerify(*ssl); - sendChangeCipher(*ssl); - sendFinished(*ssl, client_end); - ssl->flushBuffer(); + sendChangeCipher(*ssl); + sendFinished(*ssl, client_end); + ssl->flushBuffer(); if (!ssl->GetError()) ssl->useStates().UseConnect() = FINISHED_DONE; case FINISHED_DONE : - if (!ssl->getSecurity().get_resuming()) - while (ssl->getStates().getClient() < serverFinishedComplete) { - if (ssl->GetError()) break; - processReply(*ssl); - } + if (!ssl->getSecurity().get_resuming()) + while (ssl->getStates().getClient() < serverFinishedComplete) { + if (ssl->GetError()) break; + processReply(*ssl); + } if (!ssl->GetError()) ssl->useStates().UseConnect() = SECOND_REPLY_DONE; case SECOND_REPLY_DONE : - ssl->verifyState(serverFinishedComplete); - ssl->useLog().ShowTCP(ssl->getSocket().get_fd()); + ssl->verifyState(serverFinishedComplete); + ssl->useLog().ShowTCP(ssl->getSocket().get_fd()); if (ssl->GetError()) { GetErrors().Add(ssl->GetError()); - return SSL_FATAL_ERROR; + return SSL_FATAL_ERROR; } - return SSL_SUCCESS; + return SSL_SUCCESS; default : return SSL_FATAL_ERROR; // unkown state @@ -331,27 +344,36 @@ int SSL_accept(SSL* ssl) if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ)) ssl->SetError(no_error); + if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) { + + ssl->SetError(no_error); + ssl->SendWriteBuffered(); + if (!ssl->GetError()) + ssl->useStates().UseAccept() = + AcceptState(ssl->getStates().GetAccept() + 1); + } + switch (ssl->getStates().GetAccept()) { case ACCEPT_BEGIN : - processReply(*ssl); + processReply(*ssl); if (!ssl->GetError()) ssl->useStates().UseAccept() = ACCEPT_FIRST_REPLY_DONE; case ACCEPT_FIRST_REPLY_DONE : - sendServerHello(*ssl); + sendServerHello(*ssl); - if (!ssl->getSecurity().get_resuming()) { - sendCertificate(*ssl); + if (!ssl->getSecurity().get_resuming()) { + sendCertificate(*ssl); - if (ssl->getSecurity().get_connection().send_server_key_) - sendServerKeyExchange(*ssl); + if (ssl->getSecurity().get_connection().send_server_key_) + sendServerKeyExchange(*ssl); - if(ssl->getCrypto().get_certManager().verifyPeer()) - sendCertificateRequest(*ssl); + if(ssl->getCrypto().get_certManager().verifyPeer()) + sendCertificateRequest(*ssl); - sendServerHelloDone(*ssl); - ssl->flushBuffer(); + sendServerHelloDone(*ssl); + ssl->flushBuffer(); } if (!ssl->GetError()) @@ -359,40 +381,40 @@ int SSL_accept(SSL* ssl) case SERVER_HELLO_DONE : if (!ssl->getSecurity().get_resuming()) { - while (ssl->getStates().getServer() < clientFinishedComplete) { - if (ssl->GetError()) break; - processReply(*ssl); + while (ssl->getStates().getServer() < clientFinishedComplete) { + if (ssl->GetError()) break; + processReply(*ssl); + } } - } if (!ssl->GetError()) ssl->useStates().UseAccept() = ACCEPT_SECOND_REPLY_DONE; case ACCEPT_SECOND_REPLY_DONE : - sendChangeCipher(*ssl); - sendFinished(*ssl, server_end); - ssl->flushBuffer(); + sendChangeCipher(*ssl); + sendFinished(*ssl, server_end); + ssl->flushBuffer(); if (!ssl->GetError()) ssl->useStates().UseAccept() = ACCEPT_FINISHED_DONE; case ACCEPT_FINISHED_DONE : - if (ssl->getSecurity().get_resuming()) { - while (ssl->getStates().getServer() < clientFinishedComplete) { - if (ssl->GetError()) break; - processReply(*ssl); - } - } + if (ssl->getSecurity().get_resuming()) { + while (ssl->getStates().getServer() < clientFinishedComplete) { + if (ssl->GetError()) break; + processReply(*ssl); + } + } if (!ssl->GetError()) ssl->useStates().UseAccept() = ACCEPT_THIRD_REPLY_DONE; case ACCEPT_THIRD_REPLY_DONE : - ssl->useLog().ShowTCP(ssl->getSocket().get_fd()); + ssl->useLog().ShowTCP(ssl->getSocket().get_fd()); if (ssl->GetError()) { GetErrors().Add(ssl->GetError()); - return SSL_FATAL_ERROR; + return SSL_FATAL_ERROR; } - return SSL_SUCCESS; + return SSL_SUCCESS; default: return SSL_FATAL_ERROR; // unknown state @@ -1097,7 +1119,6 @@ int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, const byte* salt, ivLeft -= store; } } - assert(keyOutput == (keyLen + ivLen)); return keyOutput; } |