summaryrefslogtreecommitdiff
path: root/extra/yassl/src/ssl.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'extra/yassl/src/ssl.cpp')
-rw-r--r--extra/yassl/src/ssl.cpp123
1 files changed, 72 insertions, 51 deletions
diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp
index 67d2d428e51..00a3b885f88 100644
--- a/extra/yassl/src/ssl.cpp
+++ b/extra/yassl/src/ssl.cpp
@@ -252,60 +252,73 @@ int SSL_connect(SSL* ssl)
if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
ssl->SetError(no_error);
+ if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+
+ ssl->SetError(no_error);
+ ssl->SendWriteBuffered();
+ if (!ssl->GetError())
+ ssl->useStates().UseConnect() =
+ ConnectState(ssl->getStates().GetConnect() + 1);
+ }
+
ClientState neededState;
switch (ssl->getStates().GetConnect()) {
case CONNECT_BEGIN :
- sendClientHello(*ssl);
+ sendClientHello(*ssl);
if (!ssl->GetError())
ssl->useStates().UseConnect() = CLIENT_HELLO_SENT;
case CLIENT_HELLO_SENT :
neededState = ssl->getSecurity().get_resuming() ?
- serverFinishedComplete : serverHelloDoneComplete;
- while (ssl->getStates().getClient() < neededState) {
- if (ssl->GetError()) break;
- processReply(*ssl);
- }
+ serverFinishedComplete : serverHelloDoneComplete;
+ while (ssl->getStates().getClient() < neededState) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ // if resumption failed, reset needed state
+ if (neededState == serverFinishedComplete)
+ if (!ssl->getSecurity().get_resuming())
+ neededState = serverHelloDoneComplete;
+ }
if (!ssl->GetError())
ssl->useStates().UseConnect() = FIRST_REPLY_DONE;
case FIRST_REPLY_DONE :
- if(ssl->getCrypto().get_certManager().sendVerify())
- sendCertificate(*ssl);
+ if(ssl->getCrypto().get_certManager().sendVerify())
+ sendCertificate(*ssl);
- if (!ssl->getSecurity().get_resuming())
- sendClientKeyExchange(*ssl);
+ if (!ssl->getSecurity().get_resuming())
+ sendClientKeyExchange(*ssl);
- if(ssl->getCrypto().get_certManager().sendVerify())
- sendCertificateVerify(*ssl);
+ if(ssl->getCrypto().get_certManager().sendVerify())
+ sendCertificateVerify(*ssl);
- sendChangeCipher(*ssl);
- sendFinished(*ssl, client_end);
- ssl->flushBuffer();
+ sendChangeCipher(*ssl);
+ sendFinished(*ssl, client_end);
+ ssl->flushBuffer();
if (!ssl->GetError())
ssl->useStates().UseConnect() = FINISHED_DONE;
case FINISHED_DONE :
- if (!ssl->getSecurity().get_resuming())
- while (ssl->getStates().getClient() < serverFinishedComplete) {
- if (ssl->GetError()) break;
- processReply(*ssl);
- }
+ if (!ssl->getSecurity().get_resuming())
+ while (ssl->getStates().getClient() < serverFinishedComplete) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ }
if (!ssl->GetError())
ssl->useStates().UseConnect() = SECOND_REPLY_DONE;
case SECOND_REPLY_DONE :
- ssl->verifyState(serverFinishedComplete);
- ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
+ ssl->verifyState(serverFinishedComplete);
+ ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
if (ssl->GetError()) {
GetErrors().Add(ssl->GetError());
- return SSL_FATAL_ERROR;
+ return SSL_FATAL_ERROR;
}
- return SSL_SUCCESS;
+ return SSL_SUCCESS;
default :
return SSL_FATAL_ERROR; // unkown state
@@ -331,27 +344,36 @@ int SSL_accept(SSL* ssl)
if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
ssl->SetError(no_error);
+ if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+
+ ssl->SetError(no_error);
+ ssl->SendWriteBuffered();
+ if (!ssl->GetError())
+ ssl->useStates().UseAccept() =
+ AcceptState(ssl->getStates().GetAccept() + 1);
+ }
+
switch (ssl->getStates().GetAccept()) {
case ACCEPT_BEGIN :
- processReply(*ssl);
+ processReply(*ssl);
if (!ssl->GetError())
ssl->useStates().UseAccept() = ACCEPT_FIRST_REPLY_DONE;
case ACCEPT_FIRST_REPLY_DONE :
- sendServerHello(*ssl);
+ sendServerHello(*ssl);
- if (!ssl->getSecurity().get_resuming()) {
- sendCertificate(*ssl);
+ if (!ssl->getSecurity().get_resuming()) {
+ sendCertificate(*ssl);
- if (ssl->getSecurity().get_connection().send_server_key_)
- sendServerKeyExchange(*ssl);
+ if (ssl->getSecurity().get_connection().send_server_key_)
+ sendServerKeyExchange(*ssl);
- if(ssl->getCrypto().get_certManager().verifyPeer())
- sendCertificateRequest(*ssl);
+ if(ssl->getCrypto().get_certManager().verifyPeer())
+ sendCertificateRequest(*ssl);
- sendServerHelloDone(*ssl);
- ssl->flushBuffer();
+ sendServerHelloDone(*ssl);
+ ssl->flushBuffer();
}
if (!ssl->GetError())
@@ -359,40 +381,40 @@ int SSL_accept(SSL* ssl)
case SERVER_HELLO_DONE :
if (!ssl->getSecurity().get_resuming()) {
- while (ssl->getStates().getServer() < clientFinishedComplete) {
- if (ssl->GetError()) break;
- processReply(*ssl);
+ while (ssl->getStates().getServer() < clientFinishedComplete) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ }
}
- }
if (!ssl->GetError())
ssl->useStates().UseAccept() = ACCEPT_SECOND_REPLY_DONE;
case ACCEPT_SECOND_REPLY_DONE :
- sendChangeCipher(*ssl);
- sendFinished(*ssl, server_end);
- ssl->flushBuffer();
+ sendChangeCipher(*ssl);
+ sendFinished(*ssl, server_end);
+ ssl->flushBuffer();
if (!ssl->GetError())
ssl->useStates().UseAccept() = ACCEPT_FINISHED_DONE;
case ACCEPT_FINISHED_DONE :
- if (ssl->getSecurity().get_resuming()) {
- while (ssl->getStates().getServer() < clientFinishedComplete) {
- if (ssl->GetError()) break;
- processReply(*ssl);
- }
- }
+ if (ssl->getSecurity().get_resuming()) {
+ while (ssl->getStates().getServer() < clientFinishedComplete) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ }
+ }
if (!ssl->GetError())
ssl->useStates().UseAccept() = ACCEPT_THIRD_REPLY_DONE;
case ACCEPT_THIRD_REPLY_DONE :
- ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
+ ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
if (ssl->GetError()) {
GetErrors().Add(ssl->GetError());
- return SSL_FATAL_ERROR;
+ return SSL_FATAL_ERROR;
}
- return SSL_SUCCESS;
+ return SSL_SUCCESS;
default:
return SSL_FATAL_ERROR; // unknown state
@@ -1097,7 +1119,6 @@ int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, const byte* salt,
ivLeft -= store;
}
}
- assert(keyOutput == (keyLen + ivLen));
return keyOutput;
}
View Lorry Controller Status