summaryrefslogtreecommitdiffstats
path: root/src/ssl/d1_clnt.c
diff options
context:
space:
mode:
authorAdam Langley <agl@google.com>2015-09-24 10:57:52 -0700
committerAdam Langley <agl@google.com>2015-09-24 11:04:03 -0700
commit1e4884f615b20946411a74e41eb9c6aa65e2d5f3 (patch)
treedd743d9d64af3145fe96b8d5fc2f3427544794bd /src/ssl/d1_clnt.c
parent08656b61d075740bfb24ddcce65223146259fc02 (diff)
downloadexternal_boringssl-1e4884f615b20946411a74e41eb9c6aa65e2d5f3.zip
external_boringssl-1e4884f615b20946411a74e41eb9c6aa65e2d5f3.tar.gz
external_boringssl-1e4884f615b20946411a74e41eb9c6aa65e2d5f3.tar.bz2
external/boringssl: sync with upstream.
This change imports the current version of BoringSSL. The only local change now is that |BORINGSSL_201509| is defined in base.h. This allows this change to be made without (hopefully) breaking the build. This change will need https://android-review.googlesource.com/172744 to be landed afterwards to update a test. Change-Id: I6d1f463f7785a2423bd846305af91c973c326104
Diffstat (limited to 'src/ssl/d1_clnt.c')
-rw-r--r--src/ssl/d1_clnt.c33
1 files changed, 19 insertions, 14 deletions
diff --git a/src/ssl/d1_clnt.c b/src/ssl/d1_clnt.c
index 92fb8f6..73a3f8a 100644
--- a/src/ssl/d1_clnt.c
+++ b/src/ssl/d1_clnt.c
@@ -112,6 +112,8 @@
* [including the GNU Public Licence.]
*/
+#include <openssl/ssl.h>
+
#include <assert.h>
#include <stdio.h>
#include <string.h>
@@ -128,6 +130,7 @@
#include "internal.h"
+
static int dtls1_get_hello_verify(SSL *s);
int dtls1_connect(SSL *s) {
@@ -188,9 +191,8 @@ int dtls1_connect(SSL *s) {
case SSL3_ST_CW_CLNT_HELLO_B:
s->shutdown = 0;
- /* every DTLS ClientHello resets Finished MAC */
- if (!ssl3_init_finished_mac(s)) {
- OPENSSL_PUT_ERROR(SSL, dtls1_connect, ERR_R_INTERNAL_ERROR);
+ if (!ssl3_init_handshake_buffer(s)) {
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
ret = -1;
goto end;
}
@@ -261,7 +263,7 @@ int dtls1_connect(SSL *s) {
if (s->s3->tmp.certificate_status_expected) {
s->state = SSL3_ST_CR_CERT_STATUS_A;
} else {
- s->state = SSL3_ST_CR_KEY_EXCH_A;
+ s->state = SSL3_ST_VERIFY_SERVER_CERT;
}
} else {
skip = 1;
@@ -270,6 +272,16 @@ int dtls1_connect(SSL *s) {
s->init_num = 0;
break;
+ case SSL3_ST_VERIFY_SERVER_CERT:
+ ret = ssl3_verify_server_cert(s);
+ if (ret <= 0) {
+ goto end;
+ }
+
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
+ s->init_num = 0;
+ break;
+
case SSL3_ST_CR_KEY_EXCH_A:
case SSL3_ST_CR_KEY_EXCH_B:
ret = ssl3_get_server_key_exchange(s);
@@ -278,13 +290,6 @@ int dtls1_connect(SSL *s) {
}
s->state = SSL3_ST_CR_CERT_REQ_A;
s->init_num = 0;
-
- /* at this point we check that we have the
- * required stuff from the server */
- if (!ssl3_check_cert_and_algorithm(s)) {
- ret = -1;
- goto end;
- }
break;
case SSL3_ST_CR_CERT_REQ_A:
@@ -426,7 +431,7 @@ int dtls1_connect(SSL *s) {
if (ret <= 0) {
goto end;
}
- s->state = SSL3_ST_CR_KEY_EXCH_A;
+ s->state = SSL3_ST_VERIFY_SERVER_CERT;
s->init_num = 0;
break;
@@ -483,7 +488,7 @@ int dtls1_connect(SSL *s) {
goto end;
default:
- OPENSSL_PUT_ERROR(SSL, dtls1_connect, SSL_R_UNKNOWN_STATE);
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_STATE);
ret = -1;
goto end;
}
@@ -538,7 +543,7 @@ static int dtls1_get_hello_verify(SSL *s) {
!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) ||
CBS_len(&hello_verify_request) != 0) {
al = SSL_AD_DECODE_ERROR;
- OPENSSL_PUT_ERROR(SSL, dtls1_get_hello_verify, SSL_R_DECODE_ERROR);
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
goto f_err;
}