]> CyberLeo.Net >> Repos - FreeBSD/releng/9.3.git/blob - crypto/openssl/ssl/d1_clnt.c
projects / FreeBSD / releng / 9.3.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix multiple OpenSSL vulnerabilities.
[FreeBSD/releng/9.3.git] / crypto / openssl / ssl / d1_clnt.c
1 /* ssl/d1_clnt.c */
2 /*
3  * DTLS implementation written by Nagendra Modadugu
4  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5  */
6 /* ====================================================================
7  * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  *
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  *
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in
18  *    the documentation and/or other materials provided with the
19  *    distribution.
20  *
21  * 3. All advertising materials mentioning features or use of this
22  *    software must display the following acknowledgment:
23  *    "This product includes software developed by the OpenSSL Project
24  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25  *
26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27  *    endorse or promote products derived from this software without
28  *    prior written permission. For written permission, please contact
29  *    openssl-core@OpenSSL.org.
30  *
31  * 5. Products derived from this software may not be called "OpenSSL"
32  *    nor may "OpenSSL" appear in their names without prior written
33  *    permission of the OpenSSL Project.
34  *
35  * 6. Redistributions of any form whatsoever must retain the following
36  *    acknowledgment:
37  *    "This product includes software developed by the OpenSSL Project
38  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51  * OF THE POSSIBILITY OF SUCH DAMAGE.
52  * ====================================================================
53  *
54  * This product includes cryptographic software written by Eric Young
55  * (eay@cryptsoft.com).  This product includes software written by Tim
56  * Hudson (tjh@cryptsoft.com).
57  *
58  */
59 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60  * All rights reserved.
61  *
62  * This package is an SSL implementation written
63  * by Eric Young (eay@cryptsoft.com).
64  * The implementation was written so as to conform with Netscapes SSL.
65  *
66  * This library is free for commercial and non-commercial use as long as
67  * the following conditions are aheared to.  The following conditions
68  * apply to all code found in this distribution, be it the RC4, RSA,
69  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
70  * included with this distribution is covered by the same copyright terms
71  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72  *
73  * Copyright remains Eric Young's, and as such any Copyright notices in
74  * the code are not to be removed.
75  * If this package is used in a product, Eric Young should be given attribution
76  * as the author of the parts of the library used.
77  * This can be in the form of a textual message at program startup or
78  * in documentation (online or textual) provided with the package.
79  *
80  * Redistribution and use in source and binary forms, with or without
81  * modification, are permitted provided that the following conditions
82  * are met:
83  * 1. Redistributions of source code must retain the copyright
84  *    notice, this list of conditions and the following disclaimer.
85  * 2. Redistributions in binary form must reproduce the above copyright
86  *    notice, this list of conditions and the following disclaimer in the
87  *    documentation and/or other materials provided with the distribution.
88  * 3. All advertising materials mentioning features or use of this software
89  *    must display the following acknowledgement:
90  *    "This product includes cryptographic software written by
91  *     Eric Young (eay@cryptsoft.com)"
92  *    The word 'cryptographic' can be left out if the rouines from the library
93  *    being used are not cryptographic related :-).
94  * 4. If you include any Windows specific code (or a derivative thereof) from
95  *    the apps directory (application code) you must include an acknowledgement:
96  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97  *
98  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108  * SUCH DAMAGE.
109  *
110  * The licence and distribution terms for any publically available version or
111  * derivative of this code cannot be changed.  i.e. this code cannot simply be
112  * copied and put under another distribution licence
113  * [including the GNU Public Licence.]
114  */
115
116 #include <stdio.h>
117 #include "ssl_locl.h"
118 #include "kssl_lcl.h"
119 #include <openssl/buffer.h>
120 #include <openssl/rand.h>
121 #include <openssl/objects.h>
122 #include <openssl/evp.h>
123 #include <openssl/md5.h>
124 #ifndef OPENSSL_NO_DH
125 # include <openssl/dh.h>
126 #endif
127
128 static SSL_METHOD *dtls1_get_client_method(int ver);
129 static int dtls1_get_hello_verify(SSL *s);
130
131 static SSL_METHOD *dtls1_get_client_method(int ver)
132 {
133     if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
134         return (DTLSv1_client_method());
135     else
136         return (NULL);
137 }
138
139 IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
140                           ssl_undefined_function,
141                           dtls1_connect, dtls1_get_client_method)
142
143 int dtls1_connect(SSL *s)
144 {
145     BUF_MEM *buf = NULL;
146     unsigned long Time = (unsigned long)time(NULL);
147     void (*cb) (const SSL *ssl, int type, int val) = NULL;
148     int ret = -1;
149     int new_state, state, skip = 0;;
150
151     RAND_add(&Time, sizeof(Time), 0);
152     ERR_clear_error();
153     clear_sys_error();
154
155     if (s->info_callback != NULL)
156         cb = s->info_callback;
157     else if (s->ctx->info_callback != NULL)
158         cb = s->ctx->info_callback;
159
160     s->in_handshake++;
161     if (!SSL_in_init(s) || SSL_in_before(s))
162         SSL_clear(s);
163
164     for (;;) {
165         state = s->state;
166
167         switch (s->state) {
168         case SSL_ST_RENEGOTIATE:
169             s->new_session = 1;
170             s->state = SSL_ST_CONNECT;
171             s->ctx->stats.sess_connect_renegotiate++;
172             /* break */
173         case SSL_ST_BEFORE:
174         case SSL_ST_CONNECT:
175         case SSL_ST_BEFORE | SSL_ST_CONNECT:
176         case SSL_ST_OK | SSL_ST_CONNECT:
177
178             s->server = 0;
179             if (cb != NULL)
180                 cb(s, SSL_CB_HANDSHAKE_START, 1);
181
182             if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
183                 (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
184                 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
185                 ret = -1;
186                 goto end;
187             }
188
189             /* s->version=SSL3_VERSION; */
190             s->type = SSL_ST_CONNECT;
191
192             if (s->init_buf == NULL) {
193                 if ((buf = BUF_MEM_new()) == NULL) {
194                     ret = -1;
195                     goto end;
196                 }
197                 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
198                     ret = -1;
199                     goto end;
200                 }
201                 s->init_buf = buf;
202                 buf = NULL;
203             }
204
205             if (!ssl3_setup_buffers(s)) {
206                 ret = -1;
207                 goto end;
208             }
209
210             /* setup buffing BIO */
211             if (!ssl_init_wbio_buffer(s, 0)) {
212                 ret = -1;
213                 goto end;
214             }
215
216             /* don't push the buffering BIO quite yet */
217
218             s->state = SSL3_ST_CW_CLNT_HELLO_A;
219             s->ctx->stats.sess_connect++;
220             s->init_num = 0;
221             /* mark client_random uninitialized */
222             memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
223             s->d1->send_cookie = 0;
224             s->hit = 0;
225             break;
226
227         case SSL3_ST_CW_CLNT_HELLO_A:
228         case SSL3_ST_CW_CLNT_HELLO_B:
229
230             s->shutdown = 0;
231
232             /* every DTLS ClientHello resets Finished MAC */
233             ssl3_init_finished_mac(s);
234
235             dtls1_start_timer(s);
236             ret = dtls1_client_hello(s);
237             if (ret <= 0)
238                 goto end;
239
240             if (s->d1->send_cookie) {
241                 s->state = SSL3_ST_CW_FLUSH;
242                 s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
243             } else
244                 s->state = SSL3_ST_CR_SRVR_HELLO_A;
245
246             s->init_num = 0;
247
248             /* turn on buffering for the next lot of output */
249             if (s->bbio != s->wbio)
250                 s->wbio = BIO_push(s->bbio, s->wbio);
251
252             break;
253
254         case SSL3_ST_CR_SRVR_HELLO_A:
255         case SSL3_ST_CR_SRVR_HELLO_B:
256             ret = ssl3_get_server_hello(s);
257             if (ret <= 0)
258                 goto end;
259             else {
260                 if (s->hit)
261                     s->state = SSL3_ST_CR_FINISHED_A;
262                 else
263                     s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
264             }
265             s->init_num = 0;
266             break;
267
268         case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
269         case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
270
271             ret = dtls1_get_hello_verify(s);
272             if (ret <= 0)
273                 goto end;
274             dtls1_stop_timer(s);
275             if (s->d1->send_cookie) /* start again, with a cookie */
276                 s->state = SSL3_ST_CW_CLNT_HELLO_A;
277             else
278                 s->state = SSL3_ST_CR_CERT_A;
279             s->init_num = 0;
280             break;
281
282         case SSL3_ST_CR_CERT_A:
283         case SSL3_ST_CR_CERT_B:
284 #ifndef OPENSSL_NO_TLSEXT
285             ret = ssl3_check_finished(s);
286             if (ret <= 0)
287                 goto end;
288             if (ret == 2) {
289                 s->hit = 1;
290                 if (s->tlsext_ticket_expected)
291                     s->state = SSL3_ST_CR_SESSION_TICKET_A;
292                 else
293                     s->state = SSL3_ST_CR_FINISHED_A;
294                 s->init_num = 0;
295                 break;
296             }
297 #endif
298             /* Check if it is anon DH */
299             if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) {
300                 ret = ssl3_get_server_certificate(s);
301                 if (ret <= 0)
302                     goto end;
303 #ifndef OPENSSL_NO_TLSEXT
304                 if (s->tlsext_status_expected)
305                     s->state = SSL3_ST_CR_CERT_STATUS_A;
306                 else
307                     s->state = SSL3_ST_CR_KEY_EXCH_A;
308             } else {
309                 skip = 1;
310                 s->state = SSL3_ST_CR_KEY_EXCH_A;
311             }
312 #else
313             } else
314                 skip = 1;
315
316             s->state = SSL3_ST_CR_KEY_EXCH_A;
317 #endif
318             s->init_num = 0;
319             break;
320
321         case SSL3_ST_CR_KEY_EXCH_A:
322         case SSL3_ST_CR_KEY_EXCH_B:
323             ret = ssl3_get_key_exchange(s);
324             if (ret <= 0)
325                 goto end;
326             s->state = SSL3_ST_CR_CERT_REQ_A;
327             s->init_num = 0;
328
329             /*
330              * at this point we check that we have the required stuff from
331              * the server
332              */
333             if (!ssl3_check_cert_and_algorithm(s)) {
334                 ret = -1;
335                 goto end;
336             }
337             break;
338
339         case SSL3_ST_CR_CERT_REQ_A:
340         case SSL3_ST_CR_CERT_REQ_B:
341             ret = ssl3_get_certificate_request(s);
342             if (ret <= 0)
343                 goto end;
344             s->state = SSL3_ST_CR_SRVR_DONE_A;
345             s->init_num = 0;
346             break;
347
348         case SSL3_ST_CR_SRVR_DONE_A:
349         case SSL3_ST_CR_SRVR_DONE_B:
350             ret = ssl3_get_server_done(s);
351             if (ret <= 0)
352                 goto end;
353             dtls1_stop_timer(s);
354             if (s->s3->tmp.cert_req)
355                 s->state = SSL3_ST_CW_CERT_A;
356             else
357                 s->state = SSL3_ST_CW_KEY_EXCH_A;
358             s->init_num = 0;
359
360             break;
361
362         case SSL3_ST_CW_CERT_A:
363         case SSL3_ST_CW_CERT_B:
364         case SSL3_ST_CW_CERT_C:
365         case SSL3_ST_CW_CERT_D:
366             dtls1_start_timer(s);
367             ret = dtls1_send_client_certificate(s);
368             if (ret <= 0)
369                 goto end;
370             s->state = SSL3_ST_CW_KEY_EXCH_A;
371             s->init_num = 0;
372             break;
373
374         case SSL3_ST_CW_KEY_EXCH_A:
375         case SSL3_ST_CW_KEY_EXCH_B:
376             dtls1_start_timer(s);
377             ret = dtls1_send_client_key_exchange(s);
378             if (ret <= 0)
379                 goto end;
380             /*
381              * EAY EAY EAY need to check for DH fix cert sent back
382              */
383             /*
384              * For TLS, cert_req is set to 2, so a cert chain of nothing is
385              * sent, but no verify packet is sent
386              */
387             if (s->s3->tmp.cert_req == 1) {
388                 s->state = SSL3_ST_CW_CERT_VRFY_A;
389             } else {
390                 s->state = SSL3_ST_CW_CHANGE_A;
391                 s->s3->change_cipher_spec = 0;
392             }
393
394             s->init_num = 0;
395             break;
396
397         case SSL3_ST_CW_CERT_VRFY_A:
398         case SSL3_ST_CW_CERT_VRFY_B:
399             dtls1_start_timer(s);
400             ret = dtls1_send_client_verify(s);
401             if (ret <= 0)
402                 goto end;
403             s->state = SSL3_ST_CW_CHANGE_A;
404             s->init_num = 0;
405             s->s3->change_cipher_spec = 0;
406             break;
407
408         case SSL3_ST_CW_CHANGE_A:
409         case SSL3_ST_CW_CHANGE_B:
410             if (!s->hit)
411                 dtls1_start_timer(s);
412             ret = dtls1_send_change_cipher_spec(s,
413                                                 SSL3_ST_CW_CHANGE_A,
414                                                 SSL3_ST_CW_CHANGE_B);
415             if (ret <= 0)
416                 goto end;
417             s->state = SSL3_ST_CW_FINISHED_A;
418             s->init_num = 0;
419
420             s->session->cipher = s->s3->tmp.new_cipher;
421 #ifdef OPENSSL_NO_COMP
422             s->session->compress_meth = 0;
423 #else
424             if (s->s3->tmp.new_compression == NULL)
425                 s->session->compress_meth = 0;
426             else
427                 s->session->compress_meth = s->s3->tmp.new_compression->id;
428 #endif
429             if (!s->method->ssl3_enc->setup_key_block(s)) {
430                 ret = -1;
431                 goto end;
432             }
433
434             if (!s->method->ssl3_enc->change_cipher_state(s,
435                                                           SSL3_CHANGE_CIPHER_CLIENT_WRITE))
436             {
437                 ret = -1;
438                 goto end;
439             }
440
441             dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
442             break;
443
444         case SSL3_ST_CW_FINISHED_A:
445         case SSL3_ST_CW_FINISHED_B:
446             if (!s->hit)
447                 dtls1_start_timer(s);
448             ret = dtls1_send_finished(s,
449                                       SSL3_ST_CW_FINISHED_A,
450                                       SSL3_ST_CW_FINISHED_B,
451                                       s->method->
452                                       ssl3_enc->client_finished_label,
453                                       s->method->
454                                       ssl3_enc->client_finished_label_len);
455             if (ret <= 0)
456                 goto end;
457             s->state = SSL3_ST_CW_FLUSH;
458
459             /* clear flags */
460             s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
461             if (s->hit) {
462                 s->s3->tmp.next_state = SSL_ST_OK;
463                 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
464                     s->state = SSL_ST_OK;
465                     s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
466                     s->s3->delay_buf_pop_ret = 0;
467                 }
468             } else {
469 #ifndef OPENSSL_NO_TLSEXT
470                 /*
471                  * Allow NewSessionTicket if ticket expected
472                  */
473                 if (s->tlsext_ticket_expected)
474                     s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
475                 else
476 #endif
477
478                     s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
479             }
480             s->init_num = 0;
481
482             break;
483
484 #ifndef OPENSSL_NO_TLSEXT
485         case SSL3_ST_CR_SESSION_TICKET_A:
486         case SSL3_ST_CR_SESSION_TICKET_B:
487             ret = ssl3_get_new_session_ticket(s);
488             if (ret <= 0)
489                 goto end;
490             s->state = SSL3_ST_CR_FINISHED_A;
491             s->init_num = 0;
492             break;
493
494         case SSL3_ST_CR_CERT_STATUS_A:
495         case SSL3_ST_CR_CERT_STATUS_B:
496             ret = ssl3_get_cert_status(s);
497             if (ret <= 0)
498                 goto end;
499             s->state = SSL3_ST_CR_KEY_EXCH_A;
500             s->init_num = 0;
501             break;
502 #endif
503
504         case SSL3_ST_CR_FINISHED_A:
505         case SSL3_ST_CR_FINISHED_B:
506             s->d1->change_cipher_spec_ok = 1;
507             ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
508                                     SSL3_ST_CR_FINISHED_B);
509             if (ret <= 0)
510                 goto end;
511             dtls1_stop_timer(s);
512
513             if (s->hit)
514                 s->state = SSL3_ST_CW_CHANGE_A;
515             else
516                 s->state = SSL_ST_OK;
517             s->init_num = 0;
518             break;
519
520         case SSL3_ST_CW_FLUSH:
521             s->rwstate = SSL_WRITING;
522             if (BIO_flush(s->wbio) <= 0) {
523                 ret = -1;
524                 goto end;
525             }
526             s->rwstate = SSL_NOTHING;
527             s->state = s->s3->tmp.next_state;
528             break;
529
530         case SSL_ST_OK:
531             /* clean a few things up */
532             ssl3_cleanup_key_block(s);
533
534 #if 0
535             if (s->init_buf != NULL) {
536                 BUF_MEM_free(s->init_buf);
537                 s->init_buf = NULL;
538             }
539 #endif
540
541             /*
542              * If we are not 'joining' the last two packets, remove the
543              * buffering now
544              */
545             if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
546                 ssl_free_wbio_buffer(s);
547             /* else do it later in ssl3_write */
548
549             s->init_num = 0;
550             s->new_session = 0;
551
552             ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
553             if (s->hit)
554                 s->ctx->stats.sess_hit++;
555
556             ret = 1;
557             /* s->server=0; */
558             s->handshake_func = dtls1_connect;
559             s->ctx->stats.sess_connect_good++;
560
561             if (cb != NULL)
562                 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
563
564             /* done with handshaking */
565             s->d1->handshake_read_seq = 0;
566             s->d1->next_handshake_write_seq = 0;
567             goto end;
568             /* break; */
569
570         default:
571             SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
572             ret = -1;
573             goto end;
574             /* break; */
575         }
576
577         /* did we do anything */
578         if (!s->s3->tmp.reuse_message && !skip) {
579             if (s->debug) {
580                 if ((ret = BIO_flush(s->wbio)) <= 0)
581                     goto end;
582             }
583
584             if ((cb != NULL) && (s->state != state)) {
585                 new_state = s->state;
586                 s->state = state;
587                 cb(s, SSL_CB_CONNECT_LOOP, 1);
588                 s->state = new_state;
589             }
590         }
591         skip = 0;
592     }
593  end:
594     s->in_handshake--;
595     if (buf != NULL)
596         BUF_MEM_free(buf);
597     if (cb != NULL)
598         cb(s, SSL_CB_CONNECT_EXIT, ret);
599     return (ret);
600 }
601
602 int dtls1_client_hello(SSL *s)
603 {
604     unsigned char *buf;
605     unsigned char *p, *d;
606     unsigned int i, j;
607     unsigned long Time, l;
608     SSL_COMP *comp;
609
610     buf = (unsigned char *)s->init_buf->data;
611     if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
612         SSL_SESSION *sess = s->session;
613         if ((s->session == NULL) || (s->session->ssl_version != s->version) ||
614 #ifdef OPENSSL_NO_TLSEXT
615             !sess->session_id_length ||
616 #else
617             (!sess->session_id_length && !sess->tlsext_tick) ||
618 #endif
619             (s->session->not_resumable)) {
620             if (!ssl_get_new_session(s, 0))
621                 goto err;
622         }
623         /* else use the pre-loaded session */
624
625         p = s->s3->client_random;
626         /*
627          * if client_random is initialized, reuse it, we are required to use
628          * same upon reply to HelloVerify
629          */
630         for (i = 0; p[i] == '\0' && i < sizeof(s->s3->client_random); i++) ;
631         if (i == sizeof(s->s3->client_random)) {
632             Time = (unsigned long)time(NULL); /* Time */
633             l2n(Time, p);
634             RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE - 4);
635         }
636
637         /* Do the message type and length last */
638         d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
639
640         *(p++) = s->version >> 8;
641         *(p++) = s->version & 0xff;
642         s->client_version = s->version;
643
644         /* Random stuff */
645         memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
646         p += SSL3_RANDOM_SIZE;
647
648         /* Session ID */
649         if (s->new_session)
650             i = 0;
651         else
652             i = s->session->session_id_length;
653         *(p++) = i;
654         if (i != 0) {
655             if (i > sizeof s->session->session_id) {
656                 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
657                 goto err;
658             }
659             memcpy(p, s->session->session_id, i);
660             p += i;
661         }
662
663         /* cookie stuff */
664         if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
665             SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
666             goto err;
667         }
668         *(p++) = s->d1->cookie_len;
669         memcpy(p, s->d1->cookie, s->d1->cookie_len);
670         p += s->d1->cookie_len;
671
672         /* Ciphers supported */
673         i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
674         if (i == 0) {
675             SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
676             goto err;
677         }
678         s2n(i, p);
679         p += i;
680
681         /* COMPRESSION */
682         if (s->ctx->comp_methods == NULL)
683             j = 0;
684         else
685             j = sk_SSL_COMP_num(s->ctx->comp_methods);
686         *(p++) = 1 + j;
687         for (i = 0; i < j; i++) {
688             comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
689             *(p++) = comp->id;
690         }
691         *(p++) = 0;             /* Add the NULL method */
692
693 #ifndef OPENSSL_NO_TLSEXT
694         if ((p =
695              ssl_add_clienthello_tlsext(s, p,
696                                         buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
697             NULL) {
698             SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
699             goto err;
700         }
701 #endif
702
703         l = (p - d);
704         d = buf;
705
706         d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
707
708         s->state = SSL3_ST_CW_CLNT_HELLO_B;
709         /* number of bytes to write */
710         s->init_num = p - buf;
711         s->init_off = 0;
712
713         /* buffer the message to handle re-xmits */
714         dtls1_buffer_message(s, 0);
715     }
716
717     /* SSL3_ST_CW_CLNT_HELLO_B */
718     return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
719  err:
720     return (-1);
721 }
722
723 static int dtls1_get_hello_verify(SSL *s)
724 {
725     int n, al, ok = 0;
726     unsigned char *data;
727     unsigned int cookie_len;
728
729     n = s->method->ssl_get_message(s,
730                                    DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
731                                    DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
732                                    -1, s->max_cert_list, &ok);
733
734     if (!ok)
735         return ((int)n);
736
737     if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
738         s->d1->send_cookie = 0;
739         s->s3->tmp.reuse_message = 1;
740         return (1);
741     }
742
743     data = (unsigned char *)s->init_msg;
744
745     if ((data[0] != (s->version >> 8)) || (data[1] != (s->version & 0xff))) {
746         SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
747         s->version = (s->version & 0xff00) | data[1];
748         al = SSL_AD_PROTOCOL_VERSION;
749         goto f_err;
750     }
751     data += 2;
752
753     cookie_len = *(data++);
754     if (cookie_len > sizeof(s->d1->cookie)) {
755         al = SSL_AD_ILLEGAL_PARAMETER;
756         goto f_err;
757     }
758
759     memcpy(s->d1->cookie, data, cookie_len);
760     s->d1->cookie_len = cookie_len;
761
762     s->d1->send_cookie = 1;
763     return 1;
764
765  f_err:
766     ssl3_send_alert(s, SSL3_AL_FATAL, al);
767     return -1;
768 }
769
770 int dtls1_send_client_key_exchange(SSL *s)
771 {
772     unsigned char *p, *d;
773     int n;
774     unsigned long l;
775 #ifndef OPENSSL_NO_RSA
776     unsigned char *q;
777     EVP_PKEY *pkey = NULL;
778 #endif
779 #ifndef OPENSSL_NO_KRB5
780     KSSL_ERR kssl_err;
781 #endif                          /* OPENSSL_NO_KRB5 */
782
783     if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
784         d = (unsigned char *)s->init_buf->data;
785         p = &(d[DTLS1_HM_HEADER_LENGTH]);
786
787         l = s->s3->tmp.new_cipher->algorithms;
788
789         /* Fool emacs indentation */
790         if (0) {
791         }
792 #ifndef OPENSSL_NO_RSA
793         else if (l & SSL_kRSA) {
794             RSA *rsa;
795             unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
796
797             if (s->session->sess_cert == NULL) {
798                 /*
799                  * We should always have a server certificate with SSL_kRSA.
800                  */
801                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
802                        ERR_R_INTERNAL_ERROR);
803                 goto err;
804             }
805
806             if (s->session->sess_cert->peer_rsa_tmp != NULL)
807                 rsa = s->session->sess_cert->peer_rsa_tmp;
808             else {
809                 pkey =
810                     X509_get_pubkey(s->session->
811                                     sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].
812                                     x509);
813                 if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
814                     || (pkey->pkey.rsa == NULL)) {
815                     SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
816                            ERR_R_INTERNAL_ERROR);
817                     goto err;
818                 }
819                 rsa = pkey->pkey.rsa;
820                 EVP_PKEY_free(pkey);
821             }
822
823             tmp_buf[0] = s->client_version >> 8;
824             tmp_buf[1] = s->client_version & 0xff;
825             if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
826                 goto err;
827
828             s->session->master_key_length = sizeof tmp_buf;
829
830             q = p;
831             /* Fix buf for TLS and [incidentally] DTLS */
832             if (s->version > SSL3_VERSION)
833                 p += 2;
834             n = RSA_public_encrypt(sizeof tmp_buf,
835                                    tmp_buf, p, rsa, RSA_PKCS1_PADDING);
836 # ifdef PKCS1_CHECK
837             if (s->options & SSL_OP_PKCS1_CHECK_1)
838                 p[1]++;
839             if (s->options & SSL_OP_PKCS1_CHECK_2)
840                 tmp_buf[0] = 0x70;
841 # endif
842             if (n <= 0) {
843                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
844                        SSL_R_BAD_RSA_ENCRYPT);
845                 goto err;
846             }
847
848             /* Fix buf for TLS and [incidentally] DTLS */
849             if (s->version > SSL3_VERSION) {
850                 s2n(n, q);
851                 n += 2;
852             }
853
854             s->session->master_key_length =
855                 s->method->ssl3_enc->generate_master_secret(s,
856                                                             s->
857                                                             session->master_key,
858                                                             tmp_buf,
859                                                             sizeof tmp_buf);
860             OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
861         }
862 #endif
863 #ifndef OPENSSL_NO_KRB5
864         else if (l & SSL_kKRB5) {
865             krb5_error_code krb5rc;
866             KSSL_CTX *kssl_ctx = s->kssl_ctx;
867             /*  krb5_data   krb5_ap_req;  */
868             krb5_data *enc_ticket;
869             krb5_data authenticator, *authp = NULL;
870             EVP_CIPHER_CTX ciph_ctx;
871             EVP_CIPHER *enc = NULL;
872             unsigned char iv[EVP_MAX_IV_LENGTH];
873             unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
874             unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH];
875             int padl, outl = sizeof(epms);
876
877             EVP_CIPHER_CTX_init(&ciph_ctx);
878
879 # ifdef KSSL_DEBUG
880             printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
881                    l, SSL_kKRB5);
882 # endif                         /* KSSL_DEBUG */
883
884             authp = NULL;
885 # ifdef KRB5SENDAUTH
886             if (KRB5SENDAUTH)
887                 authp = &authenticator;
888 # endif                         /* KRB5SENDAUTH */
889
890             krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err);
891             enc = kssl_map_enc(kssl_ctx->enctype);
892             if (enc == NULL)
893                 goto err;
894 # ifdef KSSL_DEBUG
895             {
896                 printf("kssl_cget_tkt rtn %d\n", krb5rc);
897                 if (krb5rc && kssl_err.text)
898                     printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
899             }
900 # endif                         /* KSSL_DEBUG */
901
902             if (krb5rc) {
903                 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
904                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason);
905                 goto err;
906             }
907
908             /*-
909              *   20010406 VRS - Earlier versions used KRB5 AP_REQ
910             **  in place of RFC 2712 KerberosWrapper, as in:
911             **
912             **  Send ticket (copy to *p, set n = length)
913             **  n = krb5_ap_req.length;
914             **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
915             **  if (krb5_ap_req.data)
916             **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
917             **
918             **  Now using real RFC 2712 KerberosWrapper
919             **  (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
920             **  Note: 2712 "opaque" types are here replaced
921             **  with a 2-byte length followed by the value.
922             **  Example:
923             **  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
924             **  Where "xx xx" = length bytes.  Shown here with
925             **  optional authenticator omitted.
926             */
927
928             /*  KerberosWrapper.Ticket              */
929             s2n(enc_ticket->length, p);
930             memcpy(p, enc_ticket->data, enc_ticket->length);
931             p += enc_ticket->length;
932             n = enc_ticket->length + 2;
933
934             /*  KerberosWrapper.Authenticator       */
935             if (authp && authp->length) {
936                 s2n(authp->length, p);
937                 memcpy(p, authp->data, authp->length);
938                 p += authp->length;
939                 n += authp->length + 2;
940
941                 free(authp->data);
942                 authp->data = NULL;
943                 authp->length = 0;
944             } else {
945                 s2n(0, p);      /* null authenticator length */
946                 n += 2;
947             }
948
949             if (RAND_bytes(tmp_buf, sizeof tmp_buf) <= 0)
950                 goto err;
951
952             /*-
953              *  20010420 VRS.  Tried it this way; failed.
954              *      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
955              *      EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
956              *                              kssl_ctx->length);
957              *      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
958              */
959
960             memset(iv, 0, sizeof iv); /* per RFC 1510 */
961             EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
962             EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
963                               sizeof tmp_buf);
964             EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
965             outl += padl;
966             if (outl > sizeof epms) {
967                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
968                        ERR_R_INTERNAL_ERROR);
969                 goto err;
970             }
971             EVP_CIPHER_CTX_cleanup(&ciph_ctx);
972
973             /*  KerberosWrapper.EncryptedPreMasterSecret    */
974             s2n(outl, p);
975             memcpy(p, epms, outl);
976             p += outl;
977             n += outl + 2;
978
979             s->session->master_key_length =
980                 s->method->ssl3_enc->generate_master_secret(s,
981                                                             s->
982                                                             session->master_key,
983                                                             tmp_buf,
984                                                             sizeof tmp_buf);
985
986             OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
987             OPENSSL_cleanse(epms, outl);
988         }
989 #endif
990 #ifndef OPENSSL_NO_DH
991         else if (l & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
992             DH *dh_srvr, *dh_clnt;
993
994             if (s->session->sess_cert == NULL) {
995                 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
996                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
997                        SSL_R_UNEXPECTED_MESSAGE);
998                 goto err;
999             }
1000
1001             if (s->session->sess_cert->peer_dh_tmp != NULL)
1002                 dh_srvr = s->session->sess_cert->peer_dh_tmp;
1003             else {
1004                 /* we get them from the cert */
1005                 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1006                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1007                        SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1008                 goto err;
1009             }
1010
1011             /* generate a new random key */
1012             if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
1013                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1014                 goto err;
1015             }
1016             if (!DH_generate_key(dh_clnt)) {
1017                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1018                 goto err;
1019             }
1020
1021             /*
1022              * use the 'p' output buffer for the DH key, but make sure to
1023              * clear it out afterwards
1024              */
1025
1026             n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
1027
1028             if (n <= 0) {
1029                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
1030                 goto err;
1031             }
1032
1033             /* generate master key from the result */
1034             s->session->master_key_length =
1035                 s->method->ssl3_enc->generate_master_secret(s,
1036                                                             s->
1037                                                             session->master_key,
1038                                                             p, n);
1039             /* clean up */
1040             memset(p, 0, n);
1041
1042             /* send off the data */
1043             n = BN_num_bytes(dh_clnt->pub_key);
1044             s2n(n, p);
1045             BN_bn2bin(dh_clnt->pub_key, p);
1046             n += 2;
1047
1048             DH_free(dh_clnt);
1049
1050             /* perhaps clean things up a bit EAY EAY EAY EAY */
1051         }
1052 #endif
1053         else {
1054             ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1055             SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1056                    ERR_R_INTERNAL_ERROR);
1057             goto err;
1058         }
1059
1060         d = dtls1_set_message_header(s, d,
1061                                      SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
1062         /*-
1063          *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1064          l2n3(n,d);
1065          l2n(s->d1->handshake_write_seq,d);
1066          s->d1->handshake_write_seq++;
1067         */
1068
1069         s->state = SSL3_ST_CW_KEY_EXCH_B;
1070         /* number of bytes to write */
1071         s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1072         s->init_off = 0;
1073
1074         /* buffer the message to handle re-xmits */
1075         dtls1_buffer_message(s, 0);
1076     }
1077
1078     /* SSL3_ST_CW_KEY_EXCH_B */
1079     return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1080  err:
1081     return (-1);
1082 }
1083
1084 int dtls1_send_client_verify(SSL *s)
1085 {
1086     unsigned char *p, *d;
1087     unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1088     EVP_PKEY *pkey;
1089 #ifndef OPENSSL_NO_RSA
1090     unsigned u = 0;
1091 #endif
1092     unsigned long n;
1093 #ifndef OPENSSL_NO_DSA
1094     int j;
1095 #endif
1096
1097     if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
1098         d = (unsigned char *)s->init_buf->data;
1099         p = &(d[DTLS1_HM_HEADER_LENGTH]);
1100         pkey = s->cert->key->privatekey;
1101
1102         s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst2),
1103                                              &(data[MD5_DIGEST_LENGTH]));
1104
1105 #ifndef OPENSSL_NO_RSA
1106         if (pkey->type == EVP_PKEY_RSA) {
1107             s->method->ssl3_enc->cert_verify_mac(s,
1108                                                  &(s->s3->finish_dgst1),
1109                                                  &(data[0]));
1110             if (RSA_sign
1111                 (NID_md5_sha1, data, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
1112                  &(p[2]), &u, pkey->pkey.rsa) <= 0) {
1113                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
1114                 goto err;
1115             }
1116             s2n(u, p);
1117             n = u + 2;
1118         } else
1119 #endif
1120 #ifndef OPENSSL_NO_DSA
1121         if (pkey->type == EVP_PKEY_DSA) {
1122             if (!DSA_sign(pkey->save_type,
1123                           &(data[MD5_DIGEST_LENGTH]),
1124                           SHA_DIGEST_LENGTH, &(p[2]),
1125                           (unsigned int *)&j, pkey->pkey.dsa)) {
1126                 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
1127                 goto err;
1128             }
1129             s2n(j, p);
1130             n = j + 2;
1131         } else
1132 #endif
1133         {
1134             SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
1135             goto err;
1136         }
1137
1138         d = dtls1_set_message_header(s, d,
1139                                      SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
1140
1141         s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
1142         s->init_off = 0;
1143
1144         /* buffer the message to handle re-xmits */
1145         dtls1_buffer_message(s, 0);
1146
1147         s->state = SSL3_ST_CW_CERT_VRFY_B;
1148     }
1149
1150     /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1151     return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1152  err:
1153     return (-1);
1154 }
1155
1156 int dtls1_send_client_certificate(SSL *s)
1157 {
1158     X509 *x509 = NULL;
1159     EVP_PKEY *pkey = NULL;
1160     int i;
1161     unsigned long l;
1162
1163     if (s->state == SSL3_ST_CW_CERT_A) {
1164         if ((s->cert == NULL) ||
1165             (s->cert->key->x509 == NULL) ||
1166             (s->cert->key->privatekey == NULL))
1167             s->state = SSL3_ST_CW_CERT_B;
1168         else
1169             s->state = SSL3_ST_CW_CERT_C;
1170     }
1171
1172     /* We need to get a client cert */
1173     if (s->state == SSL3_ST_CW_CERT_B) {
1174         /*
1175          * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
1176          * return(-1); We then get retied later
1177          */
1178         i = 0;
1179         i = ssl_do_client_cert_cb(s, &x509, &pkey);
1180         if (i < 0) {
1181             s->rwstate = SSL_X509_LOOKUP;
1182             return (-1);
1183         }
1184         s->rwstate = SSL_NOTHING;
1185         if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
1186             s->state = SSL3_ST_CW_CERT_B;
1187             if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
1188                 i = 0;
1189         } else if (i == 1) {
1190             i = 0;
1191             SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
1192                    SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1193         }
1194
1195         if (x509 != NULL)
1196             X509_free(x509);
1197         if (pkey != NULL)
1198             EVP_PKEY_free(pkey);
1199         if (i == 0) {
1200             if (s->version == SSL3_VERSION) {
1201                 s->s3->tmp.cert_req = 0;
1202                 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
1203                 return (1);
1204             } else {
1205                 s->s3->tmp.cert_req = 2;
1206             }
1207         }
1208
1209         /* Ok, we have a cert */
1210         s->state = SSL3_ST_CW_CERT_C;
1211     }
1212
1213     if (s->state == SSL3_ST_CW_CERT_C) {
1214         s->state = SSL3_ST_CW_CERT_D;
1215         l = dtls1_output_cert_chain(s,
1216                                     (s->s3->tmp.cert_req ==
1217                                      2) ? NULL : s->cert->key->x509);
1218         s->init_num = (int)l;
1219         s->init_off = 0;
1220
1221         /* set header called by dtls1_output_cert_chain() */
1222
1223         /* buffer the message to handle re-xmits */
1224         dtls1_buffer_message(s, 0);
1225     }
1226     /* SSL3_ST_CW_CERT_D */
1227     return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1228 }
9.3-RELEASE