⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 s3_clnt.c

📁 mediastreamer2是开源的网络传输媒体流的库
💻 C
📖 第 1 页 / 共 4 页
字号:
🔍
1234 
/* ssl/s3_clnt.c *//* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. *  * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to.  The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code.  The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). *  * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. *  * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright *    notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *    notice, this list of conditions and the following disclaimer in the *    documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software *    must display the following acknowledgement: *    "This product includes cryptographic software written by *     Eric Young (eay@cryptsoft.com)" *    The word 'cryptographic' can be left out if the rouines from the library *    being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from  *    the apps directory (application code) you must include an acknowledgement: *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" *  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. *  * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed.  i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] *//* ==================================================================== * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright *    notice, this list of conditions and the following disclaimer.  * * 2. Redistributions in binary form must reproduce the above copyright *    notice, this list of conditions and the following disclaimer in *    the documentation and/or other materials provided with the *    distribution. * * 3. All advertising materials mentioning features or use of this *    software must display the following acknowledgment: *    "This product includes software developed by the OpenSSL Project *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to *    endorse or promote products derived from this software without *    prior written permission. For written permission, please contact *    openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" *    nor may "OpenSSL" appear in their names without prior written *    permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following *    acknowledgment: *    "This product includes software developed by the OpenSSL Project *    for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com).  This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * *//* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * * Portions of the attached software ("Contribution") are developed by  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. * * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * */#include <stdio.h>#include "ssl_locl.h"#include "kssl_lcl.h"#include <openssl/buffer.h>#include <openssl/rand.h>#include <openssl/objects.h>#include <openssl/evp.h>#include <openssl/md5.h>#ifndef OPENSSL_NO_DH#include <openssl/dh.h>#endif#include <openssl/bn.h>static SSL_METHOD *ssl3_get_client_method(int ver);static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);#ifndef OPENSSL_NO_ECDHstatic int curve_id2nid(int curve_id);int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);#endifstatic SSL_METHOD *ssl3_get_client_method(int ver)	{	if (ver == SSL3_VERSION)		return(SSLv3_client_method());	else		return(NULL);	}IMPLEMENT_ssl3_meth_func(SSLv3_client_method,			ssl_undefined_function,			ssl3_connect,			ssl3_get_client_method)int ssl3_connect(SSL *s)	{	BUF_MEM *buf=NULL;	unsigned long Time=(unsigned long)time(NULL),l;	long num1;	void (*cb)(const SSL *ssl,int type,int val)=NULL;	int ret= -1;	int new_state,state,skip=0;;	RAND_add(&Time,sizeof(Time),0);	ERR_clear_error();	clear_sys_error();	if (s->info_callback != NULL)		cb=s->info_callback;	else if (s->ctx->info_callback != NULL)		cb=s->ctx->info_callback;		s->in_handshake++;	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 	for (;;)		{		state=s->state;		switch(s->state)			{		case SSL_ST_RENEGOTIATE:			s->new_session=1;			s->state=SSL_ST_CONNECT;			s->ctx->stats.sess_connect_renegotiate++;			/* break */		case SSL_ST_BEFORE:		case SSL_ST_CONNECT:		case SSL_ST_BEFORE|SSL_ST_CONNECT:		case SSL_ST_OK|SSL_ST_CONNECT:			s->server=0;			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);			if ((s->version & 0xff00 ) != 0x0300)				{				SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);				ret = -1;				goto end;				}							/* s->version=SSL3_VERSION; */			s->type=SSL_ST_CONNECT;			if (s->init_buf == NULL)				{				if ((buf=BUF_MEM_new()) == NULL)					{					ret= -1;					goto end;					}				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))					{					ret= -1;					goto end;					}				s->init_buf=buf;				buf=NULL;				}			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }			/* setup buffing BIO */			if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }			/* don't push the buffering BIO quite yet */			ssl3_init_finished_mac(s);			s->state=SSL3_ST_CW_CLNT_HELLO_A;			s->ctx->stats.sess_connect++;			s->init_num=0;			break;		case SSL3_ST_CW_CLNT_HELLO_A:		case SSL3_ST_CW_CLNT_HELLO_B:			s->shutdown=0;			ret=ssl3_client_hello(s);			if (ret <= 0) goto end;			s->state=SSL3_ST_CR_SRVR_HELLO_A;			s->init_num=0;			/* turn on buffering for the next lot of output */			if (s->bbio != s->wbio)				s->wbio=BIO_push(s->bbio,s->wbio);			break;		case SSL3_ST_CR_SRVR_HELLO_A:		case SSL3_ST_CR_SRVR_HELLO_B:			ret=ssl3_get_server_hello(s);			if (ret <= 0) goto end;			if (s->hit)				s->state=SSL3_ST_CR_FINISHED_A;			else				s->state=SSL3_ST_CR_CERT_A;			s->init_num=0;			break;		case SSL3_ST_CR_CERT_A:		case SSL3_ST_CR_CERT_B:			/* Check if it is anon DH/ECDH */			if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))				{				ret=ssl3_get_server_certificate(s);				if (ret <= 0) goto end;				}			else				skip=1;			s->state=SSL3_ST_CR_KEY_EXCH_A;			s->init_num=0;			break;		case SSL3_ST_CR_KEY_EXCH_A:		case SSL3_ST_CR_KEY_EXCH_B:			ret=ssl3_get_key_exchange(s);			if (ret <= 0) goto end;			s->state=SSL3_ST_CR_CERT_REQ_A;			s->init_num=0;			/* at this point we check that we have the			 * required stuff from the server */			if (!ssl3_check_cert_and_algorithm(s))				{				ret= -1;				goto end;				}			break;		case SSL3_ST_CR_CERT_REQ_A:		case SSL3_ST_CR_CERT_REQ_B:			ret=ssl3_get_certificate_request(s);			if (ret <= 0) goto end;			s->state=SSL3_ST_CR_SRVR_DONE_A;			s->init_num=0;			break;		case SSL3_ST_CR_SRVR_DONE_A:		case SSL3_ST_CR_SRVR_DONE_B:			ret=ssl3_get_server_done(s);			if (ret <= 0) goto end;			if (s->s3->tmp.cert_req)				s->state=SSL3_ST_CW_CERT_A;			else				s->state=SSL3_ST_CW_KEY_EXCH_A;			s->init_num=0;			break;		case SSL3_ST_CW_CERT_A:		case SSL3_ST_CW_CERT_B:		case SSL3_ST_CW_CERT_C:		case SSL3_ST_CW_CERT_D:			ret=ssl3_send_client_certificate(s);			if (ret <= 0) goto end;			s->state=SSL3_ST_CW_KEY_EXCH_A;			s->init_num=0;			break;		case SSL3_ST_CW_KEY_EXCH_A:		case SSL3_ST_CW_KEY_EXCH_B:			ret=ssl3_send_client_key_exchange(s);			if (ret <= 0) goto end;			l=s->s3->tmp.new_cipher->algorithms;			/* EAY EAY EAY need to check for DH fix cert			 * sent back */			/* For TLS, cert_req is set to 2, so a cert chain			 * of nothing is sent, but no verify packet is sent */			/* XXX: For now, we do not support client 			 * authentication in ECDH cipher suites with			 * ECDH (rather than ECDSA) certificates.			 * We need to skip the certificate verify 			 * message when client's ECDH public key is sent 			 * inside the client certificate.			 */			if (s->s3->tmp.cert_req == 1)				{				s->state=SSL3_ST_CW_CERT_VRFY_A;				}			else				{				s->state=SSL3_ST_CW_CHANGE_A;				s->s3->change_cipher_spec=0;				}			s->init_num=0;			break;		case SSL3_ST_CW_CERT_VRFY_A:		case SSL3_ST_CW_CERT_VRFY_B:			ret=ssl3_send_client_verify(s);			if (ret <= 0) goto end;			s->state=SSL3_ST_CW_CHANGE_A;			s->init_num=0;			s->s3->change_cipher_spec=0;			break;		case SSL3_ST_CW_CHANGE_A:		case SSL3_ST_CW_CHANGE_B:			ret=ssl3_send_change_cipher_spec(s,				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);			if (ret <= 0) goto end;			s->state=SSL3_ST_CW_FINISHED_A;			s->init_num=0;			s->session->cipher=s->s3->tmp.new_cipher;#ifdef OPENSSL_NO_COMP			s->session->compress_meth=0;#else			if (s->s3->tmp.new_compression == NULL)				s->session->compress_meth=0;			else				s->session->compress_meth=					s->s3->tmp.new_compression->id;#endif			if (!s->method->ssl3_enc->setup_key_block(s))				{				ret= -1;				goto end;				}			if (!s->method->ssl3_enc->change_cipher_state(s,				SSL3_CHANGE_CIPHER_CLIENT_WRITE))				{				ret= -1;				goto end;				}			break;		case SSL3_ST_CW_FINISHED_A:		case SSL3_ST_CW_FINISHED_B:			ret=ssl3_send_finished(s,				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,				s->method->ssl3_enc->client_finished_label,				s->method->ssl3_enc->client_finished_label_len);			if (ret <= 0) goto end;			s->state=SSL3_ST_CW_FLUSH;			/* clear flags */			s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;			if (s->hit)				{				s->s3->tmp.next_state=SSL_ST_OK;				if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)					{					s->state=SSL_ST_OK;					s->s3->flags|=SSL3_FLAGS_POP_BUFFER;					s->s3->delay_buf_pop_ret=0;					}				}			else				{				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;				}			s->init_num=0;			break;		case SSL3_ST_CR_FINISHED_A:		case SSL3_ST_CR_FINISHED_B:			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,				SSL3_ST_CR_FINISHED_B);			if (ret <= 0) goto end;			if (s->hit)				s->state=SSL3_ST_CW_CHANGE_A;			else				s->state=SSL_ST_OK;			s->init_num=0;			break;		case SSL3_ST_CW_FLUSH:			/* number of bytes to be flushed */			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);			if (num1 > 0)				{				s->rwstate=SSL_WRITING;				num1=BIO_flush(s->wbio);				if (num1 <= 0) { ret= -1; goto end; }				s->rwstate=SSL_NOTHING;				}			s->state=s->s3->tmp.next_state;			break;		case SSL_ST_OK:			/* clean a few things up */			ssl3_cleanup_key_block(s);			if (s->init_buf != NULL)				{				BUF_MEM_free(s->init_buf);				s->init_buf=NULL;				}			/* If we are not 'joining' the last two packets,			 * remove the buffering now */			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))				ssl_free_wbio_buffer(s);			/* else do it later in ssl3_write */			s->init_num=0;			s->new_session=0;			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);			if (s->hit) s->ctx->stats.sess_hit++;			ret=1;			/* s->server=0; */			s->handshake_func=ssl3_connect;			s->ctx->stats.sess_connect_good++;			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);			goto end;			/* break; */					default:			SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);			ret= -1;			goto end;			/* break; */			}		/* did we do anything */		if (!s->s3->tmp.reuse_message && !skip)			{			if (s->debug)				{				if ((ret=BIO_flush(s->wbio)) <= 0)					goto end;				}			if ((cb != NULL) && (s->state != state))				{				new_state=s->state;				s->state=state;				cb(s,SSL_CB_CONNECT_LOOP,1);				s->state=new_state;				}			}		skip=0;		}end:	s->in_handshake--;	if (buf != NULL)		BUF_MEM_free(buf);	if (cb != NULL)		cb(s,SSL_CB_CONNECT_EXIT,ret);	return(ret);	}int ssl3_client_hello(SSL *s)	{	unsigned char *buf;	unsigned char *p,*d;	int i;	unsigned long Time,l;#ifndef OPENSSL_NO_COMP	int j;	SSL_COMP *comp;#endif	buf=(unsigned char *)s->init_buf->data;	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)		{		if ((s->session == NULL) ||			(s->session->ssl_version != s->version) ||			(s->session->not_resumable))			{			if (!ssl_get_new_session(s,0))				goto err;			}		/* else use the pre-loaded session */		p=s->s3->client_random;		Time=(unsigned long)time(NULL);			/* Time */		l2n(Time,p);		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)			goto err;		/* Do the message type and length last */		d=p= &(buf[4]);		*(p++)=s->version>>8;		*(p++)=s->version&0xff;		s->client_version=s->version;		/* Random stuff */		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);		p+=SSL3_RANDOM_SIZE;		/* Session ID */		if (s->new_session)			i=0;		else			i=s->session->session_id_length;		*(p++)=i;		if (i != 0)			{			if (i > (int)sizeof(s->session->session_id))				{				SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);				goto err;				}			memcpy(p,s->session->session_id,i);			p+=i;			}				/* Ciphers supported */		i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);		if (i == 0)			{			SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);			goto err;			}		s2n(i,p);		p+=i;		/* COMPRESSION */#ifdef OPENSSL_NO_COMP		*(p++)=1;#else		if (s->ctx->comp_methods == NULL)			j=0;		else			j=sk_SSL_COMP_num(s->ctx->comp_methods);		*(p++)=1+j;		for (i=0; i<j; i++)			{			comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);			*(p++)=comp->id;			}#endif		*(p++)=0; /* Add the NULL method */				l=(p-d);		d=buf;		*(d++)=SSL3_MT_CLIENT_HELLO;		l2n3(l,d);		s->state=SSL3_ST_CW_CLNT_HELLO_B;		/* number of bytes to write */		s->init_num=p-buf;		s->init_off=0;		}	/* SSL3_ST_CW_CLNT_HELLO_B */	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));err:	return(-1);	}
1234

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -