diff options
| author | miod <> | 2014-04-13 15:16:40 +0000 |
|---|---|---|
| committer | miod <> | 2014-04-13 15:16:40 +0000 |
| commit | 52628ee3f51f011b463aaedb1a28aa0524b43cb3 (patch) | |
| tree | 4bd2adeac981051908ec5756401424bbb4e57d6a /src/lib/libssl/d1_both.c | |
| parent | 40c22d3625a3818690c889ed6216fedf2be522c9 (diff) | |
| download | openbsd-52628ee3f51f011b463aaedb1a28aa0524b43cb3.tar.gz openbsd-52628ee3f51f011b463aaedb1a28aa0524b43cb3.tar.bz2 openbsd-52628ee3f51f011b463aaedb1a28aa0524b43cb3.zip | |
Import OpenSSL 1.0.1g
Diffstat (limited to 'src/lib/libssl/d1_both.c')
| -rw-r--r-- | src/lib/libssl/d1_both.c | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index de8bab873f..2e8cf681ed 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) | |||
| 214 | static void | 214 | static void |
| 215 | dtls1_hm_fragment_free(hm_fragment *frag) | 215 | dtls1_hm_fragment_free(hm_fragment *frag) |
| 216 | { | 216 | { |
| 217 | |||
| 218 | if (frag->msg_header.is_ccs) | ||
| 219 | { | ||
| 220 | EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); | ||
| 221 | EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); | ||
| 222 | } | ||
| 217 | if (frag->fragment) OPENSSL_free(frag->fragment); | 223 | if (frag->fragment) OPENSSL_free(frag->fragment); |
| 218 | if (frag->reassembly) OPENSSL_free(frag->reassembly); | 224 | if (frag->reassembly) OPENSSL_free(frag->reassembly); |
| 219 | OPENSSL_free(frag); | 225 | OPENSSL_free(frag); |
| @@ -313,9 +319,10 @@ int dtls1_do_write(SSL *s, int type) | |||
| 313 | s->init_off -= DTLS1_HM_HEADER_LENGTH; | 319 | s->init_off -= DTLS1_HM_HEADER_LENGTH; |
| 314 | s->init_num += DTLS1_HM_HEADER_LENGTH; | 320 | s->init_num += DTLS1_HM_HEADER_LENGTH; |
| 315 | 321 | ||
| 316 | /* write atleast DTLS1_HM_HEADER_LENGTH bytes */ | 322 | if ( s->init_num > curr_mtu) |
| 317 | if ( len <= DTLS1_HM_HEADER_LENGTH) | 323 | len = curr_mtu; |
| 318 | len += DTLS1_HM_HEADER_LENGTH; | 324 | else |
| 325 | len = s->init_num; | ||
| 319 | } | 326 | } |
| 320 | 327 | ||
| 321 | dtls1_fix_message_header(s, frag_off, | 328 | dtls1_fix_message_header(s, frag_off, |
| @@ -1452,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s) | |||
| 1452 | unsigned int payload; | 1459 | unsigned int payload; |
| 1453 | unsigned int padding = 16; /* Use minimum padding */ | 1460 | unsigned int padding = 16; /* Use minimum padding */ |
| 1454 | 1461 | ||
| 1455 | /* Read type and payload length first */ | ||
| 1456 | hbtype = *p++; | ||
| 1457 | n2s(p, payload); | ||
| 1458 | pl = p; | ||
| 1459 | |||
| 1460 | if (s->msg_callback) | 1462 | if (s->msg_callback) |
| 1461 | s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, | 1463 | s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, |
| 1462 | &s->s3->rrec.data[0], s->s3->rrec.length, | 1464 | &s->s3->rrec.data[0], s->s3->rrec.length, |
| 1463 | s, s->msg_callback_arg); | 1465 | s, s->msg_callback_arg); |
| 1464 | 1466 | ||
| 1467 | /* Read type and payload length first */ | ||
| 1468 | if (1 + 2 + 16 > s->s3->rrec.length) | ||
| 1469 | return 0; /* silently discard */ | ||
| 1470 | hbtype = *p++; | ||
| 1471 | n2s(p, payload); | ||
| 1472 | if (1 + 2 + payload + 16 > s->s3->rrec.length) | ||
| 1473 | return 0; /* silently discard per RFC 6520 sec. 4 */ | ||
| 1474 | pl = p; | ||
| 1475 | |||
| 1465 | if (hbtype == TLS1_HB_REQUEST) | 1476 | if (hbtype == TLS1_HB_REQUEST) |
| 1466 | { | 1477 | { |
| 1467 | unsigned char *buffer, *bp; | 1478 | unsigned char *buffer, *bp; |
| 1479 | unsigned int write_length = 1 /* heartbeat type */ + | ||
| 1480 | 2 /* heartbeat length */ + | ||
| 1481 | payload + padding; | ||
| 1468 | int r; | 1482 | int r; |
| 1469 | 1483 | ||
| 1484 | if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) | ||
| 1485 | return 0; | ||
| 1486 | |||
| 1470 | /* Allocate memory for the response, size is 1 byte | 1487 | /* Allocate memory for the response, size is 1 byte |
| 1471 | * message type, plus 2 bytes payload length, plus | 1488 | * message type, plus 2 bytes payload length, plus |
| 1472 | * payload, plus padding | 1489 | * payload, plus padding |
| 1473 | */ | 1490 | */ |
| 1474 | buffer = OPENSSL_malloc(1 + 2 + payload + padding); | 1491 | buffer = OPENSSL_malloc(write_length); |
| 1475 | bp = buffer; | 1492 | bp = buffer; |
| 1476 | 1493 | ||
| 1477 | /* Enter response type, length and copy payload */ | 1494 | /* Enter response type, length and copy payload */ |
| @@ -1482,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s) | |||
| 1482 | /* Random padding */ | 1499 | /* Random padding */ |
| 1483 | RAND_pseudo_bytes(bp, padding); | 1500 | RAND_pseudo_bytes(bp, padding); |
| 1484 | 1501 | ||
| 1485 | r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); | 1502 | r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); |
| 1486 | 1503 | ||
| 1487 | if (r >= 0 && s->msg_callback) | 1504 | if (r >= 0 && s->msg_callback) |
| 1488 | s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, | 1505 | s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, |
| 1489 | buffer, 3 + payload + padding, | 1506 | buffer, write_length, |
| 1490 | s, s->msg_callback_arg); | 1507 | s, s->msg_callback_arg); |
| 1491 | 1508 | ||
| 1492 | OPENSSL_free(buffer); | 1509 | OPENSSL_free(buffer); |