summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_both.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 14:16:33 +0000
committerjsing <>2014-04-14 14:16:33 +0000
commit95692a60ee0169e369d59f82504e36ff376e13ba (patch)
treed3a4c41549109f6de6427907f10589c02eec0d25 /src/lib/libssl/d1_both.c
parent72c1bd17672378115dcd5254ed88828e45357e7f (diff)
downloadopenbsd-95692a60ee0169e369d59f82504e36ff376e13ba.tar.gz
openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.tar.bz2
openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/d1_both.c')
-rw-r--r--src/lib/libssl/d1_both.c1066
1 files changed, 501 insertions, 565 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index a265fed22f..c051e84874 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -152,102 +152,102 @@
152 printf("\n"); } 152 printf("\n"); }
153#endif 153#endif
154 154
155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; 155static unsigned char bitmask_start_values[] = {
156static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; 156 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80
157};
158static unsigned char bitmask_end_values[] = {
159 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f
160};
157 161
158/* XDTLS: figure out the right values */ 162/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; 163static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
160 164
161static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); 165static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
162static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 166static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
163 unsigned long frag_len); 167 unsigned long frag_len);
164static unsigned char *dtls1_write_message_header(SSL *s, 168static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
165 unsigned char *p);
166static void dtls1_set_message_header_int(SSL *s, unsigned char mt, 169static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
167 unsigned long len, unsigned short seq_num, unsigned long frag_off, 170 unsigned long len, unsigned short seq_num, unsigned long frag_off,
168 unsigned long frag_len); 171 unsigned long frag_len);
169static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 172static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
170 long max, int *ok); 173 int *ok);
171 174
172static hm_fragment * 175static hm_fragment *
173dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) 176dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
174 { 177{
175 hm_fragment *frag = NULL; 178 hm_fragment *frag = NULL;
176 unsigned char *buf = NULL; 179 unsigned char *buf = NULL;
177 unsigned char *bitmask = NULL; 180 unsigned char *bitmask = NULL;
178 181
179 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); 182 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
180 if ( frag == NULL) 183 if (frag == NULL)
181 return NULL; 184 return NULL;
182 185
183 if (frag_len) 186 if (frag_len) {
184 {
185 buf = (unsigned char *)OPENSSL_malloc(frag_len); 187 buf = (unsigned char *)OPENSSL_malloc(frag_len);
186 if ( buf == NULL) 188 if (buf == NULL) {
187 {
188 OPENSSL_free(frag); 189 OPENSSL_free(frag);
189 return NULL; 190 return NULL;
190 }
191 } 191 }
192 }
192 193
193 /* zero length fragment gets zero frag->fragment */ 194 /* zero length fragment gets zero frag->fragment */
194 frag->fragment = buf; 195 frag->fragment = buf;
195 196
196 /* Initialize reassembly bitmask if necessary */ 197 /* Initialize reassembly bitmask if necessary */
197 if (reassembly) 198 if (reassembly) {
198 {
199 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); 199 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
200 if (bitmask == NULL) 200 if (bitmask == NULL) {
201 { 201 if (buf != NULL)
202 if (buf != NULL) OPENSSL_free(buf); 202 OPENSSL_free(buf);
203 OPENSSL_free(frag); 203 OPENSSL_free(frag);
204 return NULL; 204 return NULL;
205 }
206 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
207 } 205 }
206 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
207 }
208 208
209 frag->reassembly = bitmask; 209 frag->reassembly = bitmask;
210 210
211 return frag; 211 return frag;
212 } 212}
213 213
214static void 214static void
215dtls1_hm_fragment_free(hm_fragment *frag) 215dtls1_hm_fragment_free(hm_fragment *frag)
216 { 216{
217 217
218 if (frag->msg_header.is_ccs) 218 if (frag->msg_header.is_ccs) {
219 {
220 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); 219 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
221 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); 220 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
222 }
223 if (frag->fragment) OPENSSL_free(frag->fragment);
224 if (frag->reassembly) OPENSSL_free(frag->reassembly);
225 OPENSSL_free(frag);
226 } 221 }
222 if (frag->fragment)
223 OPENSSL_free(frag->fragment);
224 if (frag->reassembly)
225 OPENSSL_free(frag->reassembly);
226 OPENSSL_free(frag);
227}
227 228
228/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ 229/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
229int dtls1_do_write(SSL *s, int type) 230int
230 { 231dtls1_do_write(SSL *s, int type)
232{
231 int ret; 233 int ret;
232 int curr_mtu; 234 int curr_mtu;
233 unsigned int len, frag_off, mac_size, blocksize; 235 unsigned int len, frag_off, mac_size, blocksize;
234 236
235 /* AHA! Figure out the MTU, and stick to the right size */ 237 /* AHA! Figure out the MTU, and stick to the right size */
236 if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) 238 if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
237 { 239 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
238 s->d1->mtu = 240 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
239 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
240 241
241 /* I've seen the kernel return bogus numbers when it doesn't know 242 /* I've seen the kernel return bogus numbers when it doesn't know
242 * (initial write), so just make sure we have a reasonable number */ 243 * (initial write), so just make sure we have a reasonable number */
243 if (s->d1->mtu < dtls1_min_mtu()) 244 if (s->d1->mtu < dtls1_min_mtu()) {
244 {
245 s->d1->mtu = 0; 245 s->d1->mtu = 0;
246 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); 246 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
247 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, 247 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
248 s->d1->mtu, NULL); 248 s->d1->mtu, NULL);
249 }
250 } 249 }
250 }
251#if 0 251#if 0
252 mtu = s->d1->mtu; 252 mtu = s->d1->mtu;
253 253
@@ -257,154 +257,144 @@ int dtls1_do_write(SSL *s, int type)
257 257
258 curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s)); 258 curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
259 259
260 if ( curr_mtu > 0) 260 if (curr_mtu > 0)
261 mtu = curr_mtu; 261 mtu = curr_mtu;
262 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0) 262 else if (( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
263 return ret; 263 return ret;
264 264
265 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) 265 if (BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) {
266 {
267 ret = BIO_flush(SSL_get_wbio(s)); 266 ret = BIO_flush(SSL_get_wbio(s));
268 if ( ret <= 0) 267 if (ret <= 0)
269 return ret; 268 return ret;
270 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); 269 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
271 } 270 }
272#endif 271#endif
273 272
274 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ 273 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
274 /* should have something reasonable now */
275 275
276 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) 276 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
277 OPENSSL_assert(s->init_num == 277 OPENSSL_assert(s->init_num ==
278 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 278 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
279 279
280 if (s->write_hash) 280 if (s->write_hash)
281 mac_size = EVP_MD_CTX_size(s->write_hash); 281 mac_size = EVP_MD_CTX_size(s->write_hash);
282 else 282 else
283 mac_size = 0; 283 mac_size = 0;
284 284
285 if (s->enc_write_ctx && 285 if (s->enc_write_ctx &&
286 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) 286 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
287 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); 287 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
288 else 288 else
289 blocksize = 0; 289 blocksize = 0;
290 290
291 frag_off = 0; 291 frag_off = 0;
292 while( s->init_num) 292 while (s->init_num) {
293 { 293 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
294 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 294 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
295 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
296 295
297 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) 296 if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
298 {
299 /* grr.. we could get an error if MTU picked was wrong */ 297 /* grr.. we could get an error if MTU picked was wrong */
300 ret = BIO_flush(SSL_get_wbio(s)); 298 ret = BIO_flush(SSL_get_wbio(s));
301 if ( ret <= 0) 299 if (ret <= 0)
302 return ret; 300 return ret;
303 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - 301 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
304 mac_size - blocksize; 302 mac_size - blocksize;
305 } 303 }
306 304
307 if ( s->init_num > curr_mtu) 305 if (s->init_num > curr_mtu)
308 len = curr_mtu; 306 len = curr_mtu;
309 else 307 else
310 len = s->init_num; 308 len = s->init_num;
311 309
312 310
313 /* XDTLS: this function is too long. split out the CCS part */ 311 /* XDTLS: this function is too long. split out the CCS part */
314 if ( type == SSL3_RT_HANDSHAKE) 312 if (type == SSL3_RT_HANDSHAKE) {
315 { 313 if (s->init_off != 0) {
316 if ( s->init_off != 0)
317 {
318 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH); 314 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
319 s->init_off -= DTLS1_HM_HEADER_LENGTH; 315 s->init_off -= DTLS1_HM_HEADER_LENGTH;
320 s->init_num += DTLS1_HM_HEADER_LENGTH; 316 s->init_num += DTLS1_HM_HEADER_LENGTH;
321 317
322 if ( s->init_num > curr_mtu) 318 if (s->init_num > curr_mtu)
323 len = curr_mtu; 319 len = curr_mtu;
324 else 320 else
325 len = s->init_num; 321 len = s->init_num;
326 } 322 }
327 323
328 dtls1_fix_message_header(s, frag_off, 324 dtls1_fix_message_header(s, frag_off,
329 len - DTLS1_HM_HEADER_LENGTH); 325 len - DTLS1_HM_HEADER_LENGTH);
330 326
331 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]); 327 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
332 328
333 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); 329 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
334 } 330 }
335 331
336 ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off], 332 ret = dtls1_write_bytes(s, type,
337 len); 333 &s->init_buf->data[s->init_off], len);
338 if (ret < 0) 334 if (ret < 0) {
339 {
340 /* might need to update MTU here, but we don't know 335 /* might need to update MTU here, but we don't know
341 * which previous packet caused the failure -- so can't 336 * which previous packet caused the failure -- so can't
342 * really retransmit anything. continue as if everything 337 * really retransmit anything. continue as if everything
343 * is fine and wait for an alert to handle the 338 * is fine and wait for an alert to handle the
344 * retransmit 339 * retransmit
345 */ 340 */
346 if ( BIO_ctrl(SSL_get_wbio(s), 341 if (BIO_ctrl(SSL_get_wbio(s),
347 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) 342 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
348 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), 343 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
349 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 344 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
350 else 345 else
351 return(-1); 346 return (-1);
352 } 347 } else {
353 else
354 {
355 348
356 /* bad if this assert fails, only part of the handshake 349 /* bad if this assert fails, only part of the handshake
357 * message got sent. but why would this happen? */ 350 * message got sent. but why would this happen? */
358 OPENSSL_assert(len == (unsigned int)ret); 351 OPENSSL_assert(len == (unsigned int)ret);
359 352
360 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) 353 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) {
361 {
362 /* should not be done for 'Hello Request's, but in that case 354 /* should not be done for 'Hello Request's, but in that case
363 * we'll ignore the result anyway */ 355 * we'll ignore the result anyway */
364 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; 356 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
365 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 357 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
366 int xlen; 358 int xlen;
367 359
368 if (frag_off == 0 && s->version != DTLS1_BAD_VER) 360 if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
369 {
370 /* reconstruct message header is if it 361 /* reconstruct message header is if it
371 * is being sent in single fragment */ 362 * is being sent in single fragment */
372 *p++ = msg_hdr->type; 363 *p++ = msg_hdr->type;
373 l2n3(msg_hdr->msg_len,p); 364 l2n3(msg_hdr->msg_len, p);
374 s2n (msg_hdr->seq,p); 365 s2n (msg_hdr->seq, p);
375 l2n3(0,p); 366 l2n3(0, p);
376 l2n3(msg_hdr->msg_len,p); 367 l2n3(msg_hdr->msg_len, p);
377 p -= DTLS1_HM_HEADER_LENGTH; 368 p -= DTLS1_HM_HEADER_LENGTH;
378 xlen = ret; 369 xlen = ret;
379 } 370 } else {
380 else 371 p += DTLS1_HM_HEADER_LENGTH;
381 {
382 p += DTLS1_HM_HEADER_LENGTH;
383 xlen = ret - DTLS1_HM_HEADER_LENGTH; 372 xlen = ret - DTLS1_HM_HEADER_LENGTH;
384 } 373 }
385 374
386 ssl3_finish_mac(s, p, xlen); 375 ssl3_finish_mac(s, p, xlen);
387 } 376 }
388 377
389 if (ret == s->init_num) 378 if (ret == s->init_num) {
390 {
391 if (s->msg_callback) 379 if (s->msg_callback)
392 s->msg_callback(1, s->version, type, s->init_buf->data, 380 s->msg_callback(1, s->version, type,
393 (size_t)(s->init_off + s->init_num), s, 381 s->init_buf->data,
394 s->msg_callback_arg); 382 (size_t)(s->init_off + s->init_num),
383 s, s->msg_callback_arg);
395 384
396 s->init_off = 0; /* done writing this message */ 385 s->init_off = 0;
386 /* done writing this message */
397 s->init_num = 0; 387 s->init_num = 0;
398 388
399 return(1); 389 return (1);
400 }
401 s->init_off+=ret;
402 s->init_num-=ret;
403 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
404 } 390 }
391 s->init_off += ret;
392 s->init_num -= ret;
393 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
405 } 394 }
406 return(0);
407 } 395 }
396 return (0);
397}
408 398
409 399
410/* Obtain handshake message of message type 'mt' (any if mt == -1), 400/* Obtain handshake message of message type 'mt' (any if mt == -1),
@@ -412,8 +402,9 @@ int dtls1_do_write(SSL *s, int type)
412 * Read an entire handshake message. Handshake messages arrive in 402 * Read an entire handshake message. Handshake messages arrive in
413 * fragments. 403 * fragments.
414 */ 404 */
415long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 405long
416 { 406dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
407{
417 int i, al; 408 int i, al;
418 struct hm_header_st *msg_hdr; 409 struct hm_header_st *msg_hdr;
419 unsigned char *p; 410 unsigned char *p;
@@ -421,30 +412,28 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
421 412
422 /* s3->tmp is used to store messages that are unexpected, caused 413 /* s3->tmp is used to store messages that are unexpected, caused
423 * by the absence of an optional handshake message */ 414 * by the absence of an optional handshake message */
424 if (s->s3->tmp.reuse_message) 415 if (s->s3->tmp.reuse_message) {
425 { 416 s->s3->tmp.reuse_message = 0;
426 s->s3->tmp.reuse_message=0; 417 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
427 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) 418 al = SSL_AD_UNEXPECTED_MESSAGE;
428 { 419 SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
429 al=SSL_AD_UNEXPECTED_MESSAGE;
430 SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
431 goto f_err; 420 goto f_err;
432 } 421 }
433 *ok=1; 422 *ok = 1;
434 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 423 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
435 s->init_num = (int)s->s3->tmp.message_size; 424 s->init_num = (int)s->s3->tmp.message_size;
436 return s->init_num; 425 return s->init_num;
437 } 426 }
438 427
439 msg_hdr = &s->d1->r_msg_hdr; 428 msg_hdr = &s->d1->r_msg_hdr;
440 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 429 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
441 430
442again: 431again:
443 i = dtls1_get_message_fragment(s, st1, stn, max, ok); 432 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
444 if ( i == DTLS1_HM_BAD_FRAGMENT || 433 if (i == DTLS1_HM_BAD_FRAGMENT ||
445 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ 434 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
446 goto again; 435 goto again;
447 else if ( i <= 0 && !*ok) 436 else if (i <= 0 && !*ok)
448 return i; 437 return i;
449 438
450 p = (unsigned char *)s->init_buf->data; 439 p = (unsigned char *)s->init_buf->data;
@@ -452,20 +441,19 @@ again:
452 441
453 /* reconstruct message header */ 442 /* reconstruct message header */
454 *(p++) = msg_hdr->type; 443 *(p++) = msg_hdr->type;
455 l2n3(msg_len,p); 444 l2n3(msg_len, p);
456 s2n (msg_hdr->seq,p); 445 s2n (msg_hdr->seq, p);
457 l2n3(0,p); 446 l2n3(0, p);
458 l2n3(msg_len,p); 447 l2n3(msg_len, p);
459 if (s->version != DTLS1_BAD_VER) { 448 if (s->version != DTLS1_BAD_VER) {
460 p -= DTLS1_HM_HEADER_LENGTH; 449 p -= DTLS1_HM_HEADER_LENGTH;
461 msg_len += DTLS1_HM_HEADER_LENGTH; 450 msg_len += DTLS1_HM_HEADER_LENGTH;
462 } 451 }
463 452
464 ssl3_finish_mac(s, p, msg_len); 453 ssl3_finish_mac(s, p, msg_len);
465 if (s->msg_callback) 454 if (s->msg_callback)
466 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 455 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len,
467 p, msg_len, 456 s, s->msg_callback_arg);
468 s, s->msg_callback_arg);
469 457
470 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 458 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
471 459
@@ -477,64 +465,59 @@ again:
477 return s->init_num; 465 return s->init_num;
478 466
479f_err: 467f_err:
480 ssl3_send_alert(s,SSL3_AL_FATAL,al); 468 ssl3_send_alert(s, SSL3_AL_FATAL, al);
481 *ok = 0; 469 *ok = 0;
482 return -1; 470 return -1;
483 } 471}
484 472
485 473
486static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max) 474static int
487 { 475dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
488 size_t frag_off,frag_len,msg_len; 476 size_t frag_off, frag_len, msg_len;
489 477
490 msg_len = msg_hdr->msg_len; 478 msg_len = msg_hdr->msg_len;
491 frag_off = msg_hdr->frag_off; 479 frag_off = msg_hdr->frag_off;
492 frag_len = msg_hdr->frag_len; 480 frag_len = msg_hdr->frag_len;
493 481
494 /* sanity checking */ 482 /* sanity checking */
495 if ( (frag_off+frag_len) > msg_len) 483 if ((frag_off + frag_len) > msg_len) {
496 { 484 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
497 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
498 return SSL_AD_ILLEGAL_PARAMETER; 485 return SSL_AD_ILLEGAL_PARAMETER;
499 } 486 }
500 487
501 if ( (frag_off+frag_len) > (unsigned long)max) 488 if ((frag_off + frag_len) > (unsigned long)max) {
502 { 489 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
503 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
504 return SSL_AD_ILLEGAL_PARAMETER; 490 return SSL_AD_ILLEGAL_PARAMETER;
505 } 491 }
506 492
507 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ 493 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
508 { 494 {
509 /* msg_len is limited to 2^24, but is effectively checked 495 /* msg_len is limited to 2^24, but is effectively checked
510 * against max above */ 496 * against max above */
511 if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH)) 497 if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
512 { 498 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
513 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
514 return SSL_AD_INTERNAL_ERROR; 499 return SSL_AD_INTERNAL_ERROR;
515 } 500 }
516 501
517 s->s3->tmp.message_size = msg_len; 502 s->s3->tmp.message_size = msg_len;
518 s->d1->r_msg_hdr.msg_len = msg_len; 503 s->d1->r_msg_hdr.msg_len = msg_len;
519 s->s3->tmp.message_type = msg_hdr->type; 504 s->s3->tmp.message_type = msg_hdr->type;
520 s->d1->r_msg_hdr.type = msg_hdr->type; 505 s->d1->r_msg_hdr.type = msg_hdr->type;
521 s->d1->r_msg_hdr.seq = msg_hdr->seq; 506 s->d1->r_msg_hdr.seq = msg_hdr->seq;
522 } 507 } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
523 else if (msg_len != s->d1->r_msg_hdr.msg_len)
524 {
525 /* They must be playing with us! BTW, failure to enforce 508 /* They must be playing with us! BTW, failure to enforce
526 * upper limit would open possibility for buffer overrun. */ 509 * upper limit would open possibility for buffer overrun. */
527 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); 510 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
528 return SSL_AD_ILLEGAL_PARAMETER; 511 return SSL_AD_ILLEGAL_PARAMETER;
529 } 512 }
530 513
531 return 0; /* no error */ 514 return 0; /* no error */
532 } 515}
533 516
534 517
535static int 518static int
536dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) 519dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
537 { 520{
538 /* (0) check whether the desired fragment is available 521 /* (0) check whether the desired fragment is available
539 * if so: 522 * if so:
540 * (1) copy over the fragment to s->init_buf->data[] 523 * (1) copy over the fragment to s->init_buf->data[]
@@ -546,58 +529,54 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
546 529
547 *ok = 0; 530 *ok = 0;
548 item = pqueue_peek(s->d1->buffered_messages); 531 item = pqueue_peek(s->d1->buffered_messages);
549 if ( item == NULL) 532 if (item == NULL)
550 return 0; 533 return 0;
551 534
552 frag = (hm_fragment *)item->data; 535 frag = (hm_fragment *)item->data;
553 536
554 /* Don't return if reassembly still in progress */ 537 /* Don't return if reassembly still in progress */
555 if (frag->reassembly != NULL) 538 if (frag->reassembly != NULL)
556 return 0; 539 return 0;
557 540
558 if ( s->d1->handshake_read_seq == frag->msg_header.seq) 541 if (s->d1->handshake_read_seq == frag->msg_header.seq) {
559 {
560 unsigned long frag_len = frag->msg_header.frag_len; 542 unsigned long frag_len = frag->msg_header.frag_len;
561 pqueue_pop(s->d1->buffered_messages); 543 pqueue_pop(s->d1->buffered_messages);
562 544
563 al=dtls1_preprocess_fragment(s,&frag->msg_header,max); 545 al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
564 546
565 if (al==0) /* no alert */ 547 if (al == 0) /* no alert */
566 { 548 {
567 unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH; 549 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
568 memcpy(&p[frag->msg_header.frag_off], 550 memcpy(&p[frag->msg_header.frag_off],
569 frag->fragment,frag->msg_header.frag_len); 551 frag->fragment, frag->msg_header.frag_len);
570 } 552 }
571 553
572 dtls1_hm_fragment_free(frag); 554 dtls1_hm_fragment_free(frag);
573 pitem_free(item); 555 pitem_free(item);
574 556
575 if (al==0) 557 if (al == 0) {
576 {
577 *ok = 1; 558 *ok = 1;
578 return frag_len; 559 return frag_len;
579 } 560 }
580 561
581 ssl3_send_alert(s,SSL3_AL_FATAL,al); 562 ssl3_send_alert(s, SSL3_AL_FATAL, al);
582 s->init_num = 0; 563 s->init_num = 0;
583 *ok = 0; 564 *ok = 0;
584 return -1; 565 return -1;
585 } 566 } else
586 else
587 return 0; 567 return 0;
588 } 568}
589 569
590 570
591static int 571static int
592dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) 572dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
593 {
594 hm_fragment *frag = NULL; 573 hm_fragment *frag = NULL;
595 pitem *item = NULL; 574 pitem *item = NULL;
596 int i = -1, is_complete; 575 int i = -1, is_complete;
597 unsigned char seq64be[8]; 576 unsigned char seq64be[8];
598 unsigned long frag_len = msg_hdr->frag_len, max_len; 577 unsigned long frag_len = msg_hdr->frag_len, max_len;
599 578
600 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 579 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
601 goto err; 580 goto err;
602 581
603 /* Determine maximum allowed message size. Depends on (user set) 582 /* Determine maximum allowed message size. Depends on (user set)
@@ -608,104 +587,99 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
608 else 587 else
609 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; 588 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
610 589
611 if ((msg_hdr->frag_off+frag_len) > max_len) 590 if ((msg_hdr->frag_off + frag_len) > max_len)
612 goto err; 591 goto err;
613 592
614 /* Try to find item in queue */ 593 /* Try to find item in queue */
615 memset(seq64be,0,sizeof(seq64be)); 594 memset(seq64be, 0, sizeof(seq64be));
616 seq64be[6] = (unsigned char) (msg_hdr->seq>>8); 595 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
617 seq64be[7] = (unsigned char) msg_hdr->seq; 596 seq64be[7] = (unsigned char)msg_hdr->seq;
618 item = pqueue_find(s->d1->buffered_messages, seq64be); 597 item = pqueue_find(s->d1->buffered_messages, seq64be);
619 598
620 if (item == NULL) 599 if (item == NULL) {
621 {
622 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); 600 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
623 if ( frag == NULL) 601 if (frag == NULL)
624 goto err; 602 goto err;
625 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 603 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
626 frag->msg_header.frag_len = frag->msg_header.msg_len; 604 frag->msg_header.frag_len = frag->msg_header.msg_len;
627 frag->msg_header.frag_off = 0; 605 frag->msg_header.frag_off = 0;
628 } 606 } else
629 else
630 frag = (hm_fragment*) item->data; 607 frag = (hm_fragment*) item->data;
631 608
632 /* If message is already reassembled, this must be a 609 /* If message is already reassembled, this must be a
633 * retransmit and can be dropped. 610 * retransmit and can be dropped.
634 */ 611 */
635 if (frag->reassembly == NULL) 612 if (frag->reassembly == NULL) {
636 {
637 unsigned char devnull [256]; 613 unsigned char devnull [256];
638 614
639 while (frag_len) 615 while (frag_len) {
640 { 616 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
641 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 617 devnull, frag_len > sizeof(devnull) ?
642 devnull, 618 sizeof(devnull) : frag_len, 0);
643 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); 619 if (i <= 0)
644 if (i<=0) goto err; 620 goto err;
645 frag_len -= i; 621 frag_len -= i;
646 }
647 return DTLS1_HM_FRAGMENT_RETRY;
648 } 622 }
623 return DTLS1_HM_FRAGMENT_RETRY;
624 }
649 625
650 /* read the body of the fragment (header has already been read */ 626 /* read the body of the fragment (header has already been read */
651 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 627 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
652 frag->fragment + msg_hdr->frag_off,frag_len,0); 628 frag->fragment + msg_hdr->frag_off, frag_len, 0);
653 if (i<=0 || (unsigned long)i!=frag_len) 629 if (i <= 0 || (unsigned long)i != frag_len)
654 goto err; 630 goto err;
655 631
656 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, 632 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
657 (long)(msg_hdr->frag_off + frag_len)); 633 (long)(msg_hdr->frag_off + frag_len));
658 634
659 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, 635 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
660 is_complete); 636 is_complete);
661 637
662 if (is_complete) 638 if (is_complete) {
663 {
664 OPENSSL_free(frag->reassembly); 639 OPENSSL_free(frag->reassembly);
665 frag->reassembly = NULL; 640 frag->reassembly = NULL;
666 } 641 }
667 642
668 if (item == NULL) 643 if (item == NULL) {
669 { 644 memset(seq64be, 0, sizeof(seq64be));
670 memset(seq64be,0,sizeof(seq64be)); 645 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
671 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
672 seq64be[7] = (unsigned char)(msg_hdr->seq); 646 seq64be[7] = (unsigned char)(msg_hdr->seq);
673 647
674 item = pitem_new(seq64be, frag); 648 item = pitem_new(seq64be, frag);
675 if (item == NULL) 649 if (item == NULL) {
676 {
677 goto err; 650 goto err;
678 i = -1; 651 i = -1;
679 } 652 }
680 653
681 pqueue_insert(s->d1->buffered_messages, item); 654 pqueue_insert(s->d1->buffered_messages, item);
682 } 655 }
683 656
684 return DTLS1_HM_FRAGMENT_RETRY; 657 return DTLS1_HM_FRAGMENT_RETRY;
685 658
686err: 659err:
687 if (frag != NULL) dtls1_hm_fragment_free(frag); 660 if (frag != NULL)
688 if (item != NULL) OPENSSL_free(item); 661 dtls1_hm_fragment_free(frag);
662 if (item != NULL)
663 OPENSSL_free(item);
689 *ok = 0; 664 *ok = 0;
690 return i; 665 return i;
691 } 666}
692 667
693 668
694static int 669static int
695dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) 670dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
696{ 671 int i = -1;
697 int i=-1;
698 hm_fragment *frag = NULL; 672 hm_fragment *frag = NULL;
699 pitem *item = NULL; 673 pitem *item = NULL;
700 unsigned char seq64be[8]; 674 unsigned char seq64be[8];
701 unsigned long frag_len = msg_hdr->frag_len; 675 unsigned long frag_len = msg_hdr->frag_len;
702 676
703 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 677 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
704 goto err; 678 goto err;
705 679
706 /* Try to find item in queue, to prevent duplicate entries */ 680 /* Try to find item in queue, to prevent duplicate entries */
707 memset(seq64be,0,sizeof(seq64be)); 681 memset(seq64be, 0, sizeof(seq64be));
708 seq64be[6] = (unsigned char) (msg_hdr->seq>>8); 682 seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
709 seq64be[7] = (unsigned char) msg_hdr->seq; 683 seq64be[7] = (unsigned char) msg_hdr->seq;
710 item = pqueue_find(s->d1->buffered_messages, seq64be); 684 item = pqueue_find(s->d1->buffered_messages, seq64be);
711 685
@@ -721,92 +695,89 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
721 * retransmit. 695 * retransmit.
722 */ 696 */
723 if (msg_hdr->seq <= s->d1->handshake_read_seq || 697 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
724 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || 698 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
725 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) 699 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
726 {
727 unsigned char devnull [256]; 700 unsigned char devnull [256];
728 701
729 while (frag_len) 702 while (frag_len) {
730 { 703 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
731 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 704 devnull, frag_len > sizeof(devnull) ?
732 devnull, 705 sizeof(devnull) : frag_len, 0);
733 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); 706 if (i <= 0)
734 if (i<=0) goto err; 707 goto err;
735 frag_len -= i; 708 frag_len -= i;
736 }
737 } 709 }
738 else 710 } else {
739 {
740 if (frag_len && frag_len < msg_hdr->msg_len) 711 if (frag_len && frag_len < msg_hdr->msg_len)
741 return dtls1_reassemble_fragment(s, msg_hdr, ok); 712 return dtls1_reassemble_fragment(s, msg_hdr, ok);
742 713
743 frag = dtls1_hm_fragment_new(frag_len, 0); 714 frag = dtls1_hm_fragment_new(frag_len, 0);
744 if ( frag == NULL) 715 if (frag == NULL)
745 goto err; 716 goto err;
746 717
747 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 718 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
748 719
749 if (frag_len) 720 if (frag_len) {
750 {
751 /* read the body of the fragment (header has already been read */ 721 /* read the body of the fragment (header has already been read */
752 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 722 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
753 frag->fragment,frag_len,0); 723 frag->fragment, frag_len, 0);
754 if (i<=0 || (unsigned long)i!=frag_len) 724 if (i <= 0 || (unsigned long)i != frag_len)
755 goto err; 725 goto err;
756 } 726 }
757 727
758 memset(seq64be,0,sizeof(seq64be)); 728 memset(seq64be, 0, sizeof(seq64be));
759 seq64be[6] = (unsigned char)(msg_hdr->seq>>8); 729 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
760 seq64be[7] = (unsigned char)(msg_hdr->seq); 730 seq64be[7] = (unsigned char)(msg_hdr->seq);
761 731
762 item = pitem_new(seq64be, frag); 732 item = pitem_new(seq64be, frag);
763 if ( item == NULL) 733 if (item == NULL)
764 goto err; 734 goto err;
765 735
766 pqueue_insert(s->d1->buffered_messages, item); 736 pqueue_insert(s->d1->buffered_messages, item);
767 } 737 }
768 738
769 return DTLS1_HM_FRAGMENT_RETRY; 739 return DTLS1_HM_FRAGMENT_RETRY;
770 740
771err: 741err:
772 if ( frag != NULL) dtls1_hm_fragment_free(frag); 742 if (frag != NULL)
773 if ( item != NULL) OPENSSL_free(item); 743 dtls1_hm_fragment_free(frag);
744 if (item != NULL)
745 OPENSSL_free(item);
774 *ok = 0; 746 *ok = 0;
775 return i; 747 return i;
776 } 748}
777 749
778 750
779static long 751static long
780dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) 752dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
781 { 753{
782 unsigned char wire[DTLS1_HM_HEADER_LENGTH]; 754 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
783 unsigned long len, frag_off, frag_len; 755 unsigned long len, frag_off, frag_len;
784 int i,al; 756 int i, al;
785 struct hm_header_st msg_hdr; 757 struct hm_header_st msg_hdr;
786 758
787 /* see if we have the required fragment already */ 759 /* see if we have the required fragment already */
788 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) 760 if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
789 { 761 if (*ok)
790 if (*ok) s->init_num = frag_len; 762 s->init_num = frag_len;
791 return frag_len; 763 return frag_len;
792 } 764 }
793 765
794 /* read handshake message header */ 766 /* read handshake message header */
795 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, 767 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
796 DTLS1_HM_HEADER_LENGTH, 0); 768 DTLS1_HM_HEADER_LENGTH, 0);
797 if (i <= 0) /* nbio, or an error */ 769 if (i <= 0) /* nbio, or an error */
798 { 770 {
799 s->rwstate=SSL_READING; 771 s->rwstate = SSL_READING;
800 *ok = 0; 772 *ok = 0;
801 return i; 773 return i;
802 } 774 }
803 /* Handshake fails if message header is incomplete */ 775 /* Handshake fails if message header is incomplete */
804 if (i != DTLS1_HM_HEADER_LENGTH) 776 if (i != DTLS1_HM_HEADER_LENGTH) {
805 { 777 al = SSL_AD_UNEXPECTED_MESSAGE;
806 al=SSL_AD_UNEXPECTED_MESSAGE; 778 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
807 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
808 goto f_err; 779 goto f_err;
809 } 780 }
810 781
811 /* parse the message fragment header */ 782 /* parse the message fragment header */
812 dtls1_get_message_header(wire, &msg_hdr); 783 dtls1_get_message_header(wire, &msg_hdr);
@@ -828,62 +799,56 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
828 return dtls1_reassemble_fragment(s, &msg_hdr, ok); 799 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
829 800
830 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && 801 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
831 wire[0] == SSL3_MT_HELLO_REQUEST) 802 wire[0] == SSL3_MT_HELLO_REQUEST) {
832 {
833 /* The server may always send 'Hello Request' messages -- 803 /* The server may always send 'Hello Request' messages --
834 * we are doing a handshake anyway now, so ignore them 804 * we are doing a handshake anyway now, so ignore them
835 * if their format is correct. Does not count for 805 * if their format is correct. Does not count for
836 * 'Finished' MAC. */ 806 * 'Finished' MAC. */
837 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) 807 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
838 {
839 if (s->msg_callback) 808 if (s->msg_callback)
840 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 809 s->msg_callback(0, s->version,
841 wire, DTLS1_HM_HEADER_LENGTH, s, 810 SSL3_RT_HANDSHAKE, wire,
842 s->msg_callback_arg); 811 DTLS1_HM_HEADER_LENGTH, s,
843 812 s->msg_callback_arg);
813
844 s->init_num = 0; 814 s->init_num = 0;
845 return dtls1_get_message_fragment(s, st1, stn, 815 return dtls1_get_message_fragment(s, st1, stn, max, ok);
846 max, ok); 816 }
847 }
848 else /* Incorrectly formated Hello request */ 817 else /* Incorrectly formated Hello request */
849 { 818 {
850 al=SSL_AD_UNEXPECTED_MESSAGE; 819 al = SSL_AD_UNEXPECTED_MESSAGE;
851 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); 820 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
852 goto f_err; 821 goto f_err;
853 }
854 } 822 }
823 }
855 824
856 if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max))) 825 if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
857 goto f_err; 826 goto f_err;
858 827
859 /* XDTLS: ressurect this when restart is in place */ 828 /* XDTLS: ressurect this when restart is in place */
860 s->state=stn; 829 s->state = stn;
861 830
862 if ( frag_len > 0) 831 if (frag_len > 0) {
863 { 832 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
864 unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
865 833
866 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 834 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
867 &p[frag_off],frag_len,0); 835 &p[frag_off], frag_len, 0);
868 /* XDTLS: fix this--message fragments cannot span multiple packets */ 836 /* XDTLS: fix this--message fragments cannot span multiple packets */
869 if (i <= 0) 837 if (i <= 0) {
870 { 838 s->rwstate = SSL_READING;
871 s->rwstate=SSL_READING;
872 *ok = 0; 839 *ok = 0;
873 return i; 840 return i;
874 }
875 } 841 }
876 else 842 } else
877 i = 0; 843 i = 0;
878 844
879 /* XDTLS: an incorrectly formatted fragment should cause the 845 /* XDTLS: an incorrectly formatted fragment should cause the
880 * handshake to fail */ 846 * handshake to fail */
881 if (i != (int)frag_len) 847 if (i != (int)frag_len) {
882 { 848 al = SSL3_AD_ILLEGAL_PARAMETER;
883 al=SSL3_AD_ILLEGAL_PARAMETER; 849 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER);
884 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
885 goto f_err; 850 goto f_err;
886 } 851 }
887 852
888 *ok = 1; 853 *ok = 1;
889 854
@@ -895,62 +860,59 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
895 return frag_len; 860 return frag_len;
896 861
897f_err: 862f_err:
898 ssl3_send_alert(s,SSL3_AL_FATAL,al); 863 ssl3_send_alert(s, SSL3_AL_FATAL, al);
899 s->init_num = 0; 864 s->init_num = 0;
900 865
901 *ok=0; 866 *ok = 0;
902 return(-1); 867 return (-1);
903 } 868}
904 869
905int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) 870int
906 { 871dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
907 unsigned char *p,*d; 872{
873 unsigned char *p, *d;
908 int i; 874 int i;
909 unsigned long l; 875 unsigned long l;
910 876
911 if (s->state == a) 877 if (s->state == a) {
912 { 878 d = (unsigned char *)s->init_buf->data;
913 d=(unsigned char *)s->init_buf->data; 879 p = &(d[DTLS1_HM_HEADER_LENGTH]);
914 p= &(d[DTLS1_HM_HEADER_LENGTH]);
915 880
916 i=s->method->ssl3_enc->final_finish_mac(s, 881 i = s->method->ssl3_enc->final_finish_mac(s,
917 sender,slen,s->s3->tmp.finish_md); 882 sender, slen, s->s3->tmp.finish_md);
918 s->s3->tmp.finish_md_len = i; 883 s->s3->tmp.finish_md_len = i;
919 memcpy(p, s->s3->tmp.finish_md, i); 884 memcpy(p, s->s3->tmp.finish_md, i);
920 p+=i; 885 p += i;
921 l=i; 886 l = i;
922 887
923 /* Copy the finished so we can use it for 888 /* Copy the finished so we can use it for
924 * renegotiation checks 889 * renegotiation checks
925 */ 890 */
926 if(s->type == SSL_ST_CONNECT) 891 if (s->type == SSL_ST_CONNECT) {
927 { 892 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
928 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 893 memcpy(s->s3->previous_client_finished,
929 memcpy(s->s3->previous_client_finished, 894 s->s3->tmp.finish_md, i);
930 s->s3->tmp.finish_md, i); 895 s->s3->previous_client_finished_len = i;
931 s->s3->previous_client_finished_len=i; 896 } else {
932 } 897 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
933 else 898 memcpy(s->s3->previous_server_finished,
934 { 899 s->s3->tmp.finish_md, i);
935 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 900 s->s3->previous_server_finished_len = i;
936 memcpy(s->s3->previous_server_finished,
937 s->s3->tmp.finish_md, i);
938 s->s3->previous_server_finished_len=i;
939 } 901 }
940 902
941 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l); 903 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
942 s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH; 904 s->init_num = (int)l + DTLS1_HM_HEADER_LENGTH;
943 s->init_off=0; 905 s->init_off = 0;
944 906
945 /* buffer the message to handle re-xmits */ 907 /* buffer the message to handle re-xmits */
946 dtls1_buffer_message(s, 0); 908 dtls1_buffer_message(s, 0);
947 909
948 s->state=b; 910 s->state = b;
949 } 911 }
950 912
951 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ 913 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
952 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 914 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
953 } 915}
954 916
955/* for these 2 messages, we need to 917/* for these 2 messages, we need to
956 * ssl->enc_read_ctx re-init 918 * ssl->enc_read_ctx re-init
@@ -960,161 +922,154 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
960 * ssl->session->read_compression assign 922 * ssl->session->read_compression assign
961 * ssl->session->read_hash assign 923 * ssl->session->read_hash assign
962 */ 924 */
963int dtls1_send_change_cipher_spec(SSL *s, int a, int b) 925int
964 { 926dtls1_send_change_cipher_spec(SSL *s, int a, int b)
927{
965 unsigned char *p; 928 unsigned char *p;
966 929
967 if (s->state == a) 930 if (s->state == a) {
968 { 931 p = (unsigned char *)s->init_buf->data;
969 p=(unsigned char *)s->init_buf->data;
970 *p++=SSL3_MT_CCS; 932 *p++=SSL3_MT_CCS;
971 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 933 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
972 s->init_num=DTLS1_CCS_HEADER_LENGTH; 934 s->init_num = DTLS1_CCS_HEADER_LENGTH;
973 935
974 if (s->version == DTLS1_BAD_VER) { 936 if (s->version == DTLS1_BAD_VER) {
975 s->d1->next_handshake_write_seq++; 937 s->d1->next_handshake_write_seq++;
976 s2n(s->d1->handshake_write_seq,p); 938 s2n(s->d1->handshake_write_seq, p);
977 s->init_num+=2; 939 s->init_num += 2;
978 } 940 }
979 941
980 s->init_off=0; 942 s->init_off = 0;
981 943
982 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 944 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
983 s->d1->handshake_write_seq, 0, 0); 945 s->d1->handshake_write_seq, 0, 0);
984 946
985 /* buffer the message to handle re-xmits */ 947 /* buffer the message to handle re-xmits */
986 dtls1_buffer_message(s, 1); 948 dtls1_buffer_message(s, 1);
987 949
988 s->state=b; 950 s->state = b;
989 } 951 }
990 952
991 /* SSL3_ST_CW_CHANGE_B */ 953 /* SSL3_ST_CW_CHANGE_B */
992 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); 954 return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
993 } 955}
994 956
995static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) 957static int
996 { 958dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
959{
997 int n; 960 int n;
998 unsigned char *p; 961 unsigned char *p;
999 962
1000 n=i2d_X509(x,NULL); 963 n = i2d_X509(x, NULL);
1001 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) 964 if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) {
1002 { 965 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
1003 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
1004 return 0; 966 return 0;
1005 } 967 }
1006 p=(unsigned char *)&(buf->data[*l]); 968 p = (unsigned char *)&(buf->data[*l]);
1007 l2n3(n,p); 969 l2n3(n, p);
1008 i2d_X509(x,&p); 970 i2d_X509(x, &p);
1009 *l+=n+3; 971 *l += n + 3;
1010 972
1011 return 1; 973 return 1;
1012 } 974}
1013unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) 975
1014 { 976unsigned long
977dtls1_output_cert_chain(SSL *s, X509 *x)
978{
1015 unsigned char *p; 979 unsigned char *p;
1016 int i; 980 int i;
1017 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; 981 unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
1018 BUF_MEM *buf; 982 BUF_MEM *buf;
1019 983
1020 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 984 /* TLSv1 sends a chain with nothing in it, instead of an alert */
1021 buf=s->init_buf; 985 buf = s->init_buf;
1022 if (!BUF_MEM_grow_clean(buf,10)) 986 if (!BUF_MEM_grow_clean(buf, 10)) {
1023 { 987 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
1024 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); 988 return (0);
1025 return(0); 989 }
1026 } 990 if (x != NULL) {
1027 if (x != NULL)
1028 {
1029 X509_STORE_CTX xs_ctx; 991 X509_STORE_CTX xs_ctx;
1030 992
1031 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) 993 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
1032 { 994 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
1033 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 995 return (0);
1034 return(0); 996 }
1035 } 997
1036
1037 X509_verify_cert(&xs_ctx); 998 X509_verify_cert(&xs_ctx);
1038 /* Don't leave errors in the queue */ 999 /* Don't leave errors in the queue */
1039 ERR_clear_error(); 1000 ERR_clear_error();
1040 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) 1001 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
1041 {
1042 x = sk_X509_value(xs_ctx.chain, i); 1002 x = sk_X509_value(xs_ctx.chain, i);
1043 1003
1044 if (!dtls1_add_cert_to_buf(buf, &l, x)) 1004 if (!dtls1_add_cert_to_buf(buf, &l, x)) {
1045 {
1046 X509_STORE_CTX_cleanup(&xs_ctx); 1005 X509_STORE_CTX_cleanup(&xs_ctx);
1047 return 0; 1006 return 0;
1048 } 1007 }
1049 } 1008 }
1050 X509_STORE_CTX_cleanup(&xs_ctx); 1009 X509_STORE_CTX_cleanup(&xs_ctx);
1051 } 1010 }
1052 /* Thawte special :-) */ 1011 /* Thawte special :-) */
1053 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) 1012 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
1054 { 1013 x = sk_X509_value(s->ctx->extra_certs, i);
1055 x=sk_X509_value(s->ctx->extra_certs,i);
1056 if (!dtls1_add_cert_to_buf(buf, &l, x)) 1014 if (!dtls1_add_cert_to_buf(buf, &l, x))
1057 return 0; 1015 return 0;
1058 } 1016 }
1059 1017
1060 l-= (3 + DTLS1_HM_HEADER_LENGTH); 1018 l -= (3 + DTLS1_HM_HEADER_LENGTH);
1061 1019
1062 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); 1020 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1063 l2n3(l,p); 1021 l2n3(l, p);
1064 l+=3; 1022 l += 3;
1065 p=(unsigned char *)&(buf->data[0]); 1023 p = (unsigned char *)&(buf->data[0]);
1066 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l); 1024 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
1067 1025
1068 l+=DTLS1_HM_HEADER_LENGTH; 1026 l += DTLS1_HM_HEADER_LENGTH;
1069 return(l); 1027 return (l);
1070 } 1028}
1071 1029
1072int dtls1_read_failed(SSL *s, int code) 1030int
1073 { 1031dtls1_read_failed(SSL *s, int code)
1074 if ( code > 0) 1032{
1075 { 1033 if (code > 0) {
1076 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); 1034 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
1077 return 1; 1035 return 1;
1078 } 1036 }
1079 1037
1080 if (!dtls1_is_timer_expired(s)) 1038 if (!dtls1_is_timer_expired(s)) {
1081 {
1082 /* not a timeout, none of our business, 1039 /* not a timeout, none of our business,
1083 let higher layers handle this. in fact it's probably an error */ 1040 let higher layers handle this. in fact it's probably an error */
1084 return code; 1041 return code;
1085 } 1042 }
1086 1043
1087#ifndef OPENSSL_NO_HEARTBEATS 1044#ifndef OPENSSL_NO_HEARTBEATS
1088 if (!SSL_in_init(s) && !s->tlsext_hb_pending) /* done, no need to send a retransmit */ 1045 if (!SSL_in_init(s) && !s->tlsext_hb_pending) /* done, no need to send a retransmit */
1089#else 1046#else
1090 if (!SSL_in_init(s)) /* done, no need to send a retransmit */ 1047 if (!SSL_in_init(s)) /* done, no need to send a retransmit */
1091#endif 1048#endif
1092 { 1049 {
1093 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); 1050 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
1094 return code; 1051 return code;
1095 } 1052 }
1096 1053
1097#if 0 /* for now, each alert contains only one record number */ 1054#if 0 /* for now, each alert contains only one record number */
1098 item = pqueue_peek(state->rcvd_records); 1055 item = pqueue_peek(state->rcvd_records);
1099 if ( item ) 1056 if (item ) {
1100 {
1101 /* send an alert immediately for all the missing records */ 1057 /* send an alert immediately for all the missing records */
1102 } 1058 } else
1103 else
1104#endif 1059#endif
1105 1060
1106#if 0 /* no more alert sending, just retransmit the last set of messages */ 1061#if 0 /* no more alert sending, just retransmit the last set of messages */
1107 if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) 1062 if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
1108 ssl3_send_alert(s,SSL3_AL_WARNING, 1063 ssl3_send_alert(s, SSL3_AL_WARNING,
1109 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1064 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1110#endif 1065#endif
1111 1066
1112 return dtls1_handle_timeout(s); 1067 return dtls1_handle_timeout(s);
1113 } 1068}
1114 1069
1115int 1070int
1116dtls1_get_queue_priority(unsigned short seq, int is_ccs) 1071dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1117 { 1072{
1118 /* The index of the retransmission queue actually is the message sequence number, 1073 /* The index of the retransmission queue actually is the message sequence number,
1119 * since the queue only contains messages of a single handshake. However, the 1074 * since the queue only contains messages of a single handshake. However, the
1120 * ChangeCipherSpec has no message sequence number and so using only the sequence 1075 * ChangeCipherSpec has no message sequence number and so using only the sequence
@@ -1124,11 +1079,11 @@ dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1124 * index (important for priority queues) and fits in the unsigned short variable. 1079 * index (important for priority queues) and fits in the unsigned short variable.
1125 */ 1080 */
1126 return seq * 2 - is_ccs; 1081 return seq * 2 - is_ccs;
1127 } 1082}
1128 1083
1129int 1084int
1130dtls1_retransmit_buffered_messages(SSL *s) 1085dtls1_retransmit_buffered_messages(SSL *s)
1131 { 1086{
1132 pqueue sent = s->d1->sent_messages; 1087 pqueue sent = s->d1->sent_messages;
1133 piterator iter; 1088 piterator iter;
1134 pitem *item; 1089 pitem *item;
@@ -1137,24 +1092,23 @@ dtls1_retransmit_buffered_messages(SSL *s)
1137 1092
1138 iter = pqueue_iterator(sent); 1093 iter = pqueue_iterator(sent);
1139 1094
1140 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) 1095 for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
1141 {
1142 frag = (hm_fragment *)item->data; 1096 frag = (hm_fragment *)item->data;
1143 if ( dtls1_retransmit_message(s, 1097 if (dtls1_retransmit_message(s,
1144 (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), 1098 (unsigned short)dtls1_get_queue_priority(
1145 0, &found) <= 0 && found) 1099 frag->msg_header.seq, frag->msg_header.is_ccs), 0,
1146 { 1100 &found) <= 0 && found) {
1147 fprintf(stderr, "dtls1_retransmit_message() failed\n"); 1101 fprintf(stderr, "dtls1_retransmit_message() failed\n");
1148 return -1; 1102 return -1;
1149 }
1150 } 1103 }
1104 }
1151 1105
1152 return 1; 1106 return 1;
1153 } 1107}
1154 1108
1155int 1109int
1156dtls1_buffer_message(SSL *s, int is_ccs) 1110dtls1_buffer_message(SSL *s, int is_ccs)
1157 { 1111{
1158 pitem *item; 1112 pitem *item;
1159 hm_fragment *frag; 1113 hm_fragment *frag;
1160 unsigned char seq64be[8]; 1114 unsigned char seq64be[8];
@@ -1167,16 +1121,13 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1167 1121
1168 memcpy(frag->fragment, s->init_buf->data, s->init_num); 1122 memcpy(frag->fragment, s->init_buf->data, s->init_num);
1169 1123
1170 if ( is_ccs) 1124 if (is_ccs) {
1171 { 1125 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1172 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1126 ((s->version == DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
1173 ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num); 1127 } else {
1174 } 1128 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1175 else 1129 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1176 { 1130 }
1177 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1178 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1179 }
1180 1131
1181 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; 1132 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
1182 frag->msg_header.seq = s->d1->w_msg_hdr.seq; 1133 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
@@ -1191,38 +1142,37 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1191 frag->msg_header.saved_retransmit_state.compress = s->compress; 1142 frag->msg_header.saved_retransmit_state.compress = s->compress;
1192 frag->msg_header.saved_retransmit_state.session = s->session; 1143 frag->msg_header.saved_retransmit_state.session = s->session;
1193 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; 1144 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1194 1145
1195 memset(seq64be,0,sizeof(seq64be)); 1146 memset(seq64be, 0, sizeof(seq64be));
1196 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, 1147 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1197 frag->msg_header.is_ccs)>>8); 1148 frag->msg_header.is_ccs) >> 8);
1198 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, 1149 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1199 frag->msg_header.is_ccs)); 1150 frag->msg_header.is_ccs));
1200 1151
1201 item = pitem_new(seq64be, frag); 1152 item = pitem_new(seq64be, frag);
1202 if ( item == NULL) 1153 if (item == NULL) {
1203 {
1204 dtls1_hm_fragment_free(frag); 1154 dtls1_hm_fragment_free(frag);
1205 return 0; 1155 return 0;
1206 } 1156 }
1207 1157
1208#if 0 1158#if 0
1209 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); 1159 fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
1210 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); 1160 fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
1211 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num); 1161 fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
1212#endif 1162#endif
1213 1163
1214 pqueue_insert(s->d1->sent_messages, item); 1164 pqueue_insert(s->d1->sent_messages, item);
1215 return 1; 1165 return 1;
1216 } 1166}
1217 1167
1218int 1168int
1219dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, 1169dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1220 int *found) 1170 int *found)
1221 { 1171{
1222 int ret; 1172 int ret;
1223 /* XDTLS: for now assuming that read/writes are blocking */ 1173 /* XDTLS: for now assuming that read/writes are blocking */
1224 pitem *item; 1174 pitem *item;
1225 hm_fragment *frag ; 1175 hm_fragment *frag;
1226 unsigned long header_length; 1176 unsigned long header_length;
1227 unsigned char seq64be[8]; 1177 unsigned char seq64be[8];
1228 struct dtls1_retransmit_state saved_state; 1178 struct dtls1_retransmit_state saved_state;
@@ -1234,33 +1184,32 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1234 */ 1184 */
1235 1185
1236 /* XDTLS: the requested message ought to be found, otherwise error */ 1186 /* XDTLS: the requested message ought to be found, otherwise error */
1237 memset(seq64be,0,sizeof(seq64be)); 1187 memset(seq64be, 0, sizeof(seq64be));
1238 seq64be[6] = (unsigned char)(seq>>8); 1188 seq64be[6] = (unsigned char)(seq >> 8);
1239 seq64be[7] = (unsigned char)seq; 1189 seq64be[7] = (unsigned char)seq;
1240 1190
1241 item = pqueue_find(s->d1->sent_messages, seq64be); 1191 item = pqueue_find(s->d1->sent_messages, seq64be);
1242 if ( item == NULL) 1192 if (item == NULL) {
1243 {
1244 fprintf(stderr, "retransmit: message %d non-existant\n", seq); 1193 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
1245 *found = 0; 1194 *found = 0;
1246 return 0; 1195 return 0;
1247 } 1196 }
1248 1197
1249 *found = 1; 1198 *found = 1;
1250 frag = (hm_fragment *)item->data; 1199 frag = (hm_fragment *)item->data;
1251 1200
1252 if ( frag->msg_header.is_ccs) 1201 if (frag->msg_header.is_ccs)
1253 header_length = DTLS1_CCS_HEADER_LENGTH; 1202 header_length = DTLS1_CCS_HEADER_LENGTH;
1254 else 1203 else
1255 header_length = DTLS1_HM_HEADER_LENGTH; 1204 header_length = DTLS1_HM_HEADER_LENGTH;
1256 1205
1257 memcpy(s->init_buf->data, frag->fragment, 1206 memcpy(s->init_buf->data, frag->fragment,
1258 frag->msg_header.msg_len + header_length); 1207 frag->msg_header.msg_len + header_length);
1259 s->init_num = frag->msg_header.msg_len + header_length; 1208 s->init_num = frag->msg_header.msg_len + header_length;
1260 1209
1261 dtls1_set_message_header_int(s, frag->msg_header.type, 1210 dtls1_set_message_header_int(s, frag->msg_header.type,
1262 frag->msg_header.msg_len, frag->msg_header.seq, 0, 1211 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1263 frag->msg_header.frag_len); 1212 frag->msg_header.frag_len);
1264 1213
1265 /* save current state */ 1214 /* save current state */
1266 saved_state.enc_write_ctx = s->enc_write_ctx; 1215 saved_state.enc_write_ctx = s->enc_write_ctx;
@@ -1269,34 +1218,32 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1269 saved_state.session = s->session; 1218 saved_state.session = s->session;
1270 saved_state.epoch = s->d1->w_epoch; 1219 saved_state.epoch = s->d1->w_epoch;
1271 saved_state.epoch = s->d1->w_epoch; 1220 saved_state.epoch = s->d1->w_epoch;
1272 1221
1273 s->d1->retransmitting = 1; 1222 s->d1->retransmitting = 1;
1274 1223
1275 /* restore state in which the message was originally sent */ 1224 /* restore state in which the message was originally sent */
1276 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; 1225 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1277 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; 1226 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1278 s->compress = frag->msg_header.saved_retransmit_state.compress; 1227 s->compress = frag->msg_header.saved_retransmit_state.compress;
1279 s->session = frag->msg_header.saved_retransmit_state.session; 1228 s->session = frag->msg_header.saved_retransmit_state.session;
1280 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; 1229 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1281 1230
1282 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) 1231 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
1283 {
1284 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); 1232 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1285 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); 1233 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
1286 } 1234 }
1287 1235
1288 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 1236 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1289 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); 1237 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1290 1238
1291 /* restore current state */ 1239 /* restore current state */
1292 s->enc_write_ctx = saved_state.enc_write_ctx; 1240 s->enc_write_ctx = saved_state.enc_write_ctx;
1293 s->write_hash = saved_state.write_hash; 1241 s->write_hash = saved_state.write_hash;
1294 s->compress = saved_state.compress; 1242 s->compress = saved_state.compress;
1295 s->session = saved_state.session; 1243 s->session = saved_state.session;
1296 s->d1->w_epoch = saved_state.epoch; 1244 s->d1->w_epoch = saved_state.epoch;
1297 1245
1298 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) 1246 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
1299 {
1300 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); 1247 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1301 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); 1248 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
1302 } 1249 }
@@ -1305,47 +1252,45 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1305 1252
1306 (void)BIO_flush(SSL_get_wbio(s)); 1253 (void)BIO_flush(SSL_get_wbio(s));
1307 return ret; 1254 return ret;
1308 } 1255}
1309 1256
1310/* call this function when the buffered messages are no longer needed */ 1257/* call this function when the buffered messages are no longer needed */
1311void 1258void
1312dtls1_clear_record_buffer(SSL *s) 1259dtls1_clear_record_buffer(SSL *s)
1313 { 1260{
1314 pitem *item; 1261 pitem *item;
1315 1262
1316 for(item = pqueue_pop(s->d1->sent_messages); 1263 for(item = pqueue_pop(s->d1->sent_messages); item != NULL;
1317 item != NULL; item = pqueue_pop(s->d1->sent_messages)) 1264 item = pqueue_pop(s->d1->sent_messages)) {
1318 {
1319 dtls1_hm_fragment_free((hm_fragment *)item->data); 1265 dtls1_hm_fragment_free((hm_fragment *)item->data);
1320 pitem_free(item); 1266 pitem_free(item);
1321 }
1322 } 1267 }
1268}
1323 1269
1324 1270
1325unsigned char * 1271unsigned char *
1326dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, 1272dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1327 unsigned long len, unsigned long frag_off, unsigned long frag_len) 1273 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1328 { 1274{
1329 /* Don't change sequence numbers while listening */ 1275 /* Don't change sequence numbers while listening */
1330 if (frag_off == 0 && !s->d1->listen) 1276 if (frag_off == 0 && !s->d1->listen) {
1331 {
1332 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 1277 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1333 s->d1->next_handshake_write_seq++; 1278 s->d1->next_handshake_write_seq++;
1334 } 1279 }
1335 1280
1336 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, 1281 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1337 frag_off, frag_len); 1282 frag_off, frag_len);
1338 1283
1339 return p += DTLS1_HM_HEADER_LENGTH; 1284 return p += DTLS1_HM_HEADER_LENGTH;
1340 } 1285}
1341 1286
1342 1287
1343/* don't actually do the writing, wait till the MTU has been retrieved */ 1288/* don't actually do the writing, wait till the MTU has been retrieved */
1344static void 1289static void
1345dtls1_set_message_header_int(SSL *s, unsigned char mt, 1290dtls1_set_message_header_int(SSL *s, unsigned char mt,
1346 unsigned long len, unsigned short seq_num, unsigned long frag_off, 1291 unsigned long len, unsigned short seq_num, unsigned long frag_off,
1347 unsigned long frag_len) 1292unsigned long frag_len)
1348 { 1293{
1349 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1294 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1350 1295
1351 msg_hdr->type = mt; 1296 msg_hdr->type = mt;
@@ -1353,21 +1298,21 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt,
1353 msg_hdr->seq = seq_num; 1298 msg_hdr->seq = seq_num;
1354 msg_hdr->frag_off = frag_off; 1299 msg_hdr->frag_off = frag_off;
1355 msg_hdr->frag_len = frag_len; 1300 msg_hdr->frag_len = frag_len;
1356 } 1301}
1357 1302
1358static void 1303static void
1359dtls1_fix_message_header(SSL *s, unsigned long frag_off, 1304dtls1_fix_message_header(SSL *s, unsigned long frag_off,
1360 unsigned long frag_len) 1305 unsigned long frag_len)
1361 { 1306{
1362 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1307 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1363 1308
1364 msg_hdr->frag_off = frag_off; 1309 msg_hdr->frag_off = frag_off;
1365 msg_hdr->frag_len = frag_len; 1310 msg_hdr->frag_len = frag_len;
1366 } 1311}
1367 1312
1368static unsigned char * 1313static unsigned char *
1369dtls1_write_message_header(SSL *s, unsigned char *p) 1314dtls1_write_message_header(SSL *s, unsigned char *p)
1370 { 1315{
1371 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1316 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1372 1317
1373 *p++ = msg_hdr->type; 1318 *p++ = msg_hdr->type;
@@ -1378,33 +1323,32 @@ dtls1_write_message_header(SSL *s, unsigned char *p)
1378 l2n3(msg_hdr->frag_len, p); 1323 l2n3(msg_hdr->frag_len, p);
1379 1324
1380 return p; 1325 return p;
1381 } 1326}
1382 1327
1383unsigned int 1328unsigned int
1384dtls1_min_mtu(void) 1329dtls1_min_mtu(void)
1385 { 1330{
1386 return (g_probable_mtu[(sizeof(g_probable_mtu) / 1331 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1387 sizeof(g_probable_mtu[0])) - 1]); 1332 sizeof(g_probable_mtu[0])) - 1]);
1388 } 1333}
1389 1334
1390static unsigned int 1335static unsigned int
1391dtls1_guess_mtu(unsigned int curr_mtu) 1336dtls1_guess_mtu(unsigned int curr_mtu)
1392 { 1337{
1393 unsigned int i; 1338 unsigned int i;
1394 1339
1395 if ( curr_mtu == 0 ) 1340 if (curr_mtu == 0)
1396 return g_probable_mtu[0] ; 1341 return g_probable_mtu[0];
1397 1342
1398 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++) 1343 for (i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
1399 if ( curr_mtu > g_probable_mtu[i]) 1344 if (curr_mtu > g_probable_mtu[i])
1400 return g_probable_mtu[i]; 1345 return g_probable_mtu[i];
1401 1346
1402 return curr_mtu; 1347 return curr_mtu;
1403 } 1348}
1404 1349
1405void 1350void
1406dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) 1351dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) {
1407 {
1408 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 1352 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
1409 msg_hdr->type = *(data++); 1353 msg_hdr->type = *(data++);
1410 n2l3(data, msg_hdr->msg_len); 1354 n2l3(data, msg_hdr->msg_len);
@@ -1412,41 +1356,41 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1412 n2s(data, msg_hdr->seq); 1356 n2s(data, msg_hdr->seq);
1413 n2l3(data, msg_hdr->frag_off); 1357 n2l3(data, msg_hdr->frag_off);
1414 n2l3(data, msg_hdr->frag_len); 1358 n2l3(data, msg_hdr->frag_len);
1415 } 1359}
1416 1360
1417void 1361void
1418dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) 1362dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) {
1419 {
1420 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); 1363 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1421 1364
1422 ccs_hdr->type = *(data++); 1365 ccs_hdr->type = *(data++);
1423 } 1366}
1424 1367
1425int dtls1_shutdown(SSL *s) 1368int
1426 { 1369dtls1_shutdown(SSL *s)
1370{
1427 int ret; 1371 int ret;
1428#ifndef OPENSSL_NO_SCTP 1372#ifndef OPENSSL_NO_SCTP
1429 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 1373 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1430 !(s->shutdown & SSL_SENT_SHUTDOWN)) 1374 !(s->shutdown & SSL_SENT_SHUTDOWN)) {
1431 {
1432 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); 1375 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
1433 if (ret < 0) return -1; 1376 if (ret < 0)
1377 return -1;
1434 1378
1435 if (ret == 0) 1379 if (ret == 0)
1436 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL); 1380 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
1437 } 1381 }
1438#endif 1382#endif
1439 ret = ssl3_shutdown(s); 1383 ret = ssl3_shutdown(s);
1440#ifndef OPENSSL_NO_SCTP 1384#ifndef OPENSSL_NO_SCTP
1441 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL); 1385 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
1442#endif 1386#endif
1443 return ret; 1387 return ret;
1444 } 1388}
1445 1389
1446#ifndef OPENSSL_NO_HEARTBEATS 1390#ifndef OPENSSL_NO_HEARTBEATS
1447int 1391int
1448dtls1_process_heartbeat(SSL *s) 1392dtls1_process_heartbeat(SSL *s)
1449 { 1393{
1450 unsigned char *p = &s->s3->rrec.data[0], *pl; 1394 unsigned char *p = &s->s3->rrec.data[0], *pl;
1451 unsigned short hbtype; 1395 unsigned short hbtype;
1452 unsigned int payload; 1396 unsigned int payload;
@@ -1454,8 +1398,8 @@ dtls1_process_heartbeat(SSL *s)
1454 1398
1455 if (s->msg_callback) 1399 if (s->msg_callback)
1456 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, 1400 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
1457 &s->s3->rrec.data[0], s->s3->rrec.length, 1401 &s->s3->rrec.data[0], s->s3->rrec.length,
1458 s, s->msg_callback_arg); 1402 s, s->msg_callback_arg);
1459 1403
1460 /* Read type and payload length first */ 1404 /* Read type and payload length first */
1461 if (1 + 2 + 16 > s->s3->rrec.length) 1405 if (1 + 2 + 16 > s->s3->rrec.length)
@@ -1466,12 +1410,11 @@ dtls1_process_heartbeat(SSL *s)
1466 return 0; /* silently discard per RFC 6520 sec. 4 */ 1410 return 0; /* silently discard per RFC 6520 sec. 4 */
1467 pl = p; 1411 pl = p;
1468 1412
1469 if (hbtype == TLS1_HB_REQUEST) 1413 if (hbtype == TLS1_HB_REQUEST) {
1470 {
1471 unsigned char *buffer, *bp; 1414 unsigned char *buffer, *bp;
1472 unsigned int write_length = 1 /* heartbeat type */ + 1415 unsigned int write_length = 1 /* heartbeat type */ +
1473 2 /* heartbeat length */ + 1416 2 /* heartbeat length */ +
1474 payload + padding; 1417 payload + padding;
1475 int r; 1418 int r;
1476 1419
1477 if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) 1420 if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
@@ -1496,16 +1439,14 @@ dtls1_process_heartbeat(SSL *s)
1496 1439
1497 if (r >= 0 && s->msg_callback) 1440 if (r >= 0 && s->msg_callback)
1498 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, 1441 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1499 buffer, write_length, 1442 buffer, write_length,
1500 s, s->msg_callback_arg); 1443 s, s->msg_callback_arg);
1501 1444
1502 OPENSSL_free(buffer); 1445 OPENSSL_free(buffer);
1503 1446
1504 if (r < 0) 1447 if (r < 0)
1505 return r; 1448 return r;
1506 } 1449 } else if (hbtype == TLS1_HB_RESPONSE) {
1507 else if (hbtype == TLS1_HB_RESPONSE)
1508 {
1509 unsigned int seq; 1450 unsigned int seq;
1510 1451
1511 /* We only send sequence numbers (2 bytes unsigned int), 1452 /* We only send sequence numbers (2 bytes unsigned int),
@@ -1513,20 +1454,19 @@ dtls1_process_heartbeat(SSL *s)
1513 * sequence number */ 1454 * sequence number */
1514 n2s(pl, seq); 1455 n2s(pl, seq);
1515 1456
1516 if (payload == 18 && seq == s->tlsext_hb_seq) 1457 if (payload == 18 && seq == s->tlsext_hb_seq) {
1517 {
1518 dtls1_stop_timer(s); 1458 dtls1_stop_timer(s);
1519 s->tlsext_hb_seq++; 1459 s->tlsext_hb_seq++;
1520 s->tlsext_hb_pending = 0; 1460 s->tlsext_hb_pending = 0;
1521 }
1522 } 1461 }
1462 }
1523 1463
1524 return 0; 1464 return 0;
1525 } 1465}
1526 1466
1527int 1467int
1528dtls1_heartbeat(SSL *s) 1468dtls1_heartbeat(SSL *s)
1529 { 1469{
1530 unsigned char *buf, *p; 1470 unsigned char *buf, *p;
1531 int ret; 1471 int ret;
1532 unsigned int payload = 18; /* Sequence number + random bytes */ 1472 unsigned int payload = 18; /* Sequence number + random bytes */
@@ -1534,25 +1474,22 @@ dtls1_heartbeat(SSL *s)
1534 1474
1535 /* Only send if peer supports and accepts HB requests... */ 1475 /* Only send if peer supports and accepts HB requests... */
1536 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) || 1476 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
1537 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) 1477 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
1538 { 1478 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
1539 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
1540 return -1; 1479 return -1;
1541 } 1480 }
1542 1481
1543 /* ...and there is none in flight yet... */ 1482 /* ...and there is none in flight yet... */
1544 if (s->tlsext_hb_pending) 1483 if (s->tlsext_hb_pending) {
1545 { 1484 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
1546 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING);
1547 return -1; 1485 return -1;
1548 } 1486 }
1549 1487
1550 /* ...and no handshake in progress. */ 1488 /* ...and no handshake in progress. */
1551 if (SSL_in_init(s) || s->in_handshake) 1489 if (SSL_in_init(s) || s->in_handshake) {
1552 { 1490 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
1553 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE);
1554 return -1; 1491 return -1;
1555 } 1492 }
1556 1493
1557 /* Check if padding is too long, payload and padding 1494 /* Check if padding is too long, payload and padding
1558 * must not exceed 2^14 - 3 = 16381 bytes in total. 1495 * must not exceed 2^14 - 3 = 16381 bytes in total.
@@ -1583,19 +1520,18 @@ dtls1_heartbeat(SSL *s)
1583 RAND_pseudo_bytes(p, padding); 1520 RAND_pseudo_bytes(p, padding);
1584 1521
1585 ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); 1522 ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
1586 if (ret >= 0) 1523 if (ret >= 0) {
1587 {
1588 if (s->msg_callback) 1524 if (s->msg_callback)
1589 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, 1525 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1590 buf, 3 + payload + padding, 1526 buf, 3 + payload + padding,
1591 s, s->msg_callback_arg); 1527 s, s->msg_callback_arg);
1592 1528
1593 dtls1_start_timer(s); 1529 dtls1_start_timer(s);
1594 s->tlsext_hb_pending = 1; 1530 s->tlsext_hb_pending = 1;
1595 } 1531 }
1596 1532
1597 OPENSSL_free(buf); 1533 OPENSSL_free(buf);
1598 1534
1599 return ret; 1535 return ret;
1600 } 1536}
1601#endif 1537#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 12:13:49 +0000