Convert dtls1_get_message_header to CBS and change to int.

Changed return value from void to int.  It should never return an error
given that the input length is not checked yet.

ok miod@

6 files changed, 74 insertions, 32 deletions

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 534db59ee8..5c93af8bd9 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.32 2015/02/09 10:53:28 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.33 2015/07/18 23:00:23 doug Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -125,6 +125,7 @@
 #include <openssl/x509.h>
 
 #include "pqueue.h"
+#include "bytestring.h"
 
 #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
 
@@ -798,16 +799,15 @@ again:
                 return i;
         }
         /* Handshake fails if message header is incomplete */
-        if (i != DTLS1_HM_HEADER_LENGTH) {
+        if (i != DTLS1_HM_HEADER_LENGTH ||
+            /* parse the message fragment header */
+            dtls1_get_message_header(wire, &msg_hdr) == 0) {
                 al = SSL_AD_UNEXPECTED_MESSAGE;
                 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
                     SSL_R_UNEXPECTED_MESSAGE);
                 goto f_err;
         }
 
-        /* parse the message fragment header */
-        dtls1_get_message_header(wire, &msg_hdr);
-
         /*
          * if this is a future (or stale) message it gets buffered
          * (or dropped)--no further processing at this time
@@ -1372,16 +1372,36 @@ dtls1_guess_mtu(unsigned int curr_mtu)
         return curr_mtu;
 }
 
-void
+int
 dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
 {
-        memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-        msg_hdr->type = *(data++);
-        n2l3(data, msg_hdr->msg_len);
+        CBS header;
+        uint32_t msg_len, frag_off, frag_len;
+        uint16_t seq;
+        uint8_t type;
+
+        CBS_init(&header, data, sizeof(*msg_hdr));
+
+        memset(msg_hdr, 0, sizeof(*msg_hdr));
+
+        if (!CBS_get_u8(&header, &type))
+                return 0;
+        if (!CBS_get_u24(&header, &msg_len))
+                return 0;
+        if (!CBS_get_u16(&header, &seq))
+                return 0;
+        if (!CBS_get_u24(&header, &frag_off))
+                return 0;
+        if (!CBS_get_u24(&header, &frag_len))
+                return 0;
 
-        n2s(data, msg_hdr->seq);
-        n2l3(data, msg_hdr->frag_off);
-        n2l3(data, msg_hdr->frag_len);
+        msg_hdr->type = type;
+        msg_hdr->msg_len = msg_len;
+        msg_hdr->seq = seq;
+        msg_hdr->frag_off = frag_off;
+        msg_hdr->frag_len = frag_len;
+
+        return 1;
 }
 
 void
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 1ff664370b..b26ff2cec2 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.44 2015/07/18 22:36:55 doug Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.45 2015/07/18 23:00:23 doug Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1018,7 +1018,8 @@ start:
                 struct hm_header_st msg_hdr;
 
                 /* this may just be a stale retransmit */
-                dtls1_get_message_header(rr->data, &msg_hdr);
+                if (!dtls1_get_message_header(rr->data, &msg_hdr))
+                        return -1;
                 if (rr->epoch != s->d1->r_epoch) {
                         rr->length = 0;
                         goto start;
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index 534db59ee8..5c93af8bd9 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.32 2015/02/09 10:53:28 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.33 2015/07/18 23:00:23 doug Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -125,6 +125,7 @@
 #include <openssl/x509.h>
 
 #include "pqueue.h"
+#include "bytestring.h"
 
 #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
 
@@ -798,16 +799,15 @@ again:
                 return i;
         }
         /* Handshake fails if message header is incomplete */
-        if (i != DTLS1_HM_HEADER_LENGTH) {
+        if (i != DTLS1_HM_HEADER_LENGTH ||
+            /* parse the message fragment header */
+            dtls1_get_message_header(wire, &msg_hdr) == 0) {
                 al = SSL_AD_UNEXPECTED_MESSAGE;
                 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
                     SSL_R_UNEXPECTED_MESSAGE);
                 goto f_err;
         }
 
-        /* parse the message fragment header */
-        dtls1_get_message_header(wire, &msg_hdr);
-
         /*
          * if this is a future (or stale) message it gets buffered
          * (or dropped)--no further processing at this time
@@ -1372,16 +1372,36 @@ dtls1_guess_mtu(unsigned int curr_mtu)
         return curr_mtu;
 }
 
-void
+int
 dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
 {
-        memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-        msg_hdr->type = *(data++);
-        n2l3(data, msg_hdr->msg_len);
+        CBS header;
+        uint32_t msg_len, frag_off, frag_len;
+        uint16_t seq;
+        uint8_t type;
+
+        CBS_init(&header, data, sizeof(*msg_hdr));
+
+        memset(msg_hdr, 0, sizeof(*msg_hdr));
+
+        if (!CBS_get_u8(&header, &type))
+                return 0;
+        if (!CBS_get_u24(&header, &msg_len))
+                return 0;
+        if (!CBS_get_u16(&header, &seq))
+                return 0;
+        if (!CBS_get_u24(&header, &frag_off))
+                return 0;
+        if (!CBS_get_u24(&header, &frag_len))
+                return 0;
 
-        n2s(data, msg_hdr->seq);
-        n2l3(data, msg_hdr->frag_off);
-        n2l3(data, msg_hdr->frag_len);
+        msg_hdr->type = type;
+        msg_hdr->msg_len = msg_len;
+        msg_hdr->seq = seq;
+        msg_hdr->frag_off = frag_off;
+        msg_hdr->frag_len = frag_len;
+
+        return 1;
 }
 
 void
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index 1ff664370b..b26ff2cec2 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.44 2015/07/18 22:36:55 doug Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.45 2015/07/18 23:00:23 doug Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1018,7 +1018,8 @@ start:
                 struct hm_header_st msg_hdr;
 
                 /* this may just be a stale retransmit */
-                dtls1_get_message_header(rr->data, &msg_hdr);
+                if (!dtls1_get_message_header(rr->data, &msg_hdr))
+                        return -1;
                 if (rr->epoch != s->d1->r_epoch) {
                         rr->length = 0;
                         goto start;
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 3256354463..ba8fc79964 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.96 2015/07/17 17:36:24 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.97 2015/07/18 23:00:23 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -694,7 +694,7 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq,
 int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
 int dtls1_retransmit_buffered_messages(SSL *s);
 void dtls1_clear_record_buffer(SSL *s);
-void dtls1_get_message_header(unsigned char *data,
+int dtls1_get_message_header(unsigned char *data,
     struct hm_header_st *msg_hdr);
 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 3256354463..ba8fc79964 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.96 2015/07/17 17:36:24 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.97 2015/07/18 23:00:23 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -694,7 +694,7 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq,
 int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
 int dtls1_retransmit_buffered_messages(SSL *s);
 void dtls1_clear_record_buffer(SSL *s);
-void dtls1_get_message_header(unsigned char *data,
+int dtls1_get_message_header(unsigned char *data,
     struct hm_header_st *msg_hdr);
 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);