summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_pkt.c
diff options
context:
space:
mode:
authordjm <>2012-10-13 21:25:14 +0000
committerdjm <>2012-10-13 21:25:14 +0000
commit942650cdef05a877200cb7aff3a075935a5fd0cd (patch)
tree281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libssl/d1_pkt.c
parent37f091539f73e1650c83acd0c78677ef48c209a6 (diff)
downloadopenbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.tar.gz
openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.tar.bz2
openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.zip
resolve conflicts
Diffstat (limited to 'src/lib/libssl/d1_pkt.c')
-rw-r--r--src/lib/libssl/d1_pkt.c167
1 files changed, 133 insertions, 34 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index e0c0f0cc9a..987af60835 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -179,7 +179,6 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
179static int dtls1_buffer_record(SSL *s, record_pqueue *q, 179static int dtls1_buffer_record(SSL *s, record_pqueue *q,
180 unsigned char *priority); 180 unsigned char *priority);
181static int dtls1_process_record(SSL *s); 181static int dtls1_process_record(SSL *s);
182static void dtls1_clear_timeouts(SSL *s);
183 182
184/* copy buffered record into SSL structure */ 183/* copy buffered record into SSL structure */
185static int 184static int
@@ -232,6 +231,14 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
232 231
233 item->data = rdata; 232 item->data = rdata;
234 233
234#ifndef OPENSSL_NO_SCTP
235 /* Store bio_dgram_sctp_rcvinfo struct */
236 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
237 (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
238 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
239 }
240#endif
241
235 /* insert should not fail, since duplicates are dropped */ 242 /* insert should not fail, since duplicates are dropped */
236 if (pqueue_insert(queue->q, item) == NULL) 243 if (pqueue_insert(queue->q, item) == NULL)
237 { 244 {
@@ -376,6 +383,7 @@ dtls1_process_record(SSL *s)
376 unsigned int mac_size; 383 unsigned int mac_size;
377 unsigned char md[EVP_MAX_MD_SIZE]; 384 unsigned char md[EVP_MAX_MD_SIZE];
378 int decryption_failed_or_bad_record_mac = 0; 385 int decryption_failed_or_bad_record_mac = 0;
386 unsigned char *mac = NULL;
379 387
380 388
381 rr= &(s->s3->rrec); 389 rr= &(s->s3->rrec);
@@ -447,19 +455,15 @@ printf("\n");
447#endif 455#endif
448 } 456 }
449 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 457 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
450 if (rr->length < mac_size) 458 if (rr->length >= mac_size)
451 { 459 {
452#if 0 /* OK only for stream ciphers */ 460 rr->length -= mac_size;
453 al=SSL_AD_DECODE_ERROR; 461 mac = &rr->data[rr->length];
454 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
455 goto f_err;
456#else
457 decryption_failed_or_bad_record_mac = 1;
458#endif
459 } 462 }
460 rr->length-=mac_size; 463 else
464 rr->length = 0;
461 i=s->method->ssl3_enc->mac(s,md,0); 465 i=s->method->ssl3_enc->mac(s,md,0);
462 if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) 466 if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
463 { 467 {
464 decryption_failed_or_bad_record_mac = 1; 468 decryption_failed_or_bad_record_mac = 1;
465 } 469 }
@@ -644,20 +648,28 @@ again:
644 goto again; /* get another record */ 648 goto again; /* get another record */
645 } 649 }
646 650
647 /* Check whether this is a repeat, or aged record. 651#ifndef OPENSSL_NO_SCTP
648 * Don't check if we're listening and this message is 652 /* Only do replay check if no SCTP bio */
649 * a ClientHello. They can look as if they're replayed, 653 if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
650 * since they arrive from different connections and 654 {
651 * would be dropped unnecessarily. 655#endif
652 */ 656 /* Check whether this is a repeat, or aged record.
653 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && 657 * Don't check if we're listening and this message is
654 *p == SSL3_MT_CLIENT_HELLO) && 658 * a ClientHello. They can look as if they're replayed,
655 !dtls1_record_replay_check(s, bitmap)) 659 * since they arrive from different connections and
656 { 660 * would be dropped unnecessarily.
657 rr->length = 0; 661 */
658 s->packet_length=0; /* dump this record */ 662 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
659 goto again; /* get another record */ 663 *p == SSL3_MT_CLIENT_HELLO) &&
660 } 664 !dtls1_record_replay_check(s, bitmap))
665 {
666 rr->length = 0;
667 s->packet_length=0; /* dump this record */
668 goto again; /* get another record */
669 }
670#ifndef OPENSSL_NO_SCTP
671 }
672#endif
661 673
662 /* just read a 0 length packet */ 674 /* just read a 0 length packet */
663 if (rr->length == 0) goto again; 675 if (rr->length == 0) goto again;
@@ -685,7 +697,6 @@ again:
685 goto again; /* get another record */ 697 goto again; /* get another record */
686 } 698 }
687 699
688 dtls1_clear_timeouts(s); /* done waiting */
689 return(1); 700 return(1);
690 701
691 } 702 }
@@ -743,7 +754,17 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
743 754
744 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ 755 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
745 756
757#ifndef OPENSSL_NO_SCTP
758 /* Continue handshake if it had to be interrupted to read
759 * app data with SCTP.
760 */
761 if ((!s->in_handshake && SSL_in_init(s)) ||
762 (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
763 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
764 s->s3->in_read_app_data != 2))
765#else
746 if (!s->in_handshake && SSL_in_init(s)) 766 if (!s->in_handshake && SSL_in_init(s))
767#endif
747 { 768 {
748 /* type == SSL3_RT_APPLICATION_DATA */ 769 /* type == SSL3_RT_APPLICATION_DATA */
749 i=s->handshake_func(s); 770 i=s->handshake_func(s);
@@ -774,6 +795,15 @@ start:
774 item = pqueue_pop(s->d1->buffered_app_data.q); 795 item = pqueue_pop(s->d1->buffered_app_data.q);
775 if (item) 796 if (item)
776 { 797 {
798#ifndef OPENSSL_NO_SCTP
799 /* Restore bio_dgram_sctp_rcvinfo struct */
800 if (BIO_dgram_is_sctp(SSL_get_rbio(s)))
801 {
802 DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
803 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
804 }
805#endif
806
777 dtls1_copy_record(s, item); 807 dtls1_copy_record(s, item);
778 808
779 OPENSSL_free(item->data); 809 OPENSSL_free(item->data);
@@ -856,6 +886,31 @@ start:
856 rr->off=0; 886 rr->off=0;
857 } 887 }
858 } 888 }
889
890#ifndef OPENSSL_NO_SCTP
891 /* We were about to renegotiate but had to read
892 * belated application data first, so retry.
893 */
894 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
895 rr->type == SSL3_RT_APPLICATION_DATA &&
896 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK))
897 {
898 s->rwstate=SSL_READING;
899 BIO_clear_retry_flags(SSL_get_rbio(s));
900 BIO_set_retry_read(SSL_get_rbio(s));
901 }
902
903 /* We might had to delay a close_notify alert because
904 * of reordered app data. If there was an alert and there
905 * is no message to read anymore, finally set shutdown.
906 */
907 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
908 s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
909 {
910 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
911 return(0);
912 }
913#endif
859 return(n); 914 return(n);
860 } 915 }
861 916
@@ -883,6 +938,19 @@ start:
883 dest = s->d1->alert_fragment; 938 dest = s->d1->alert_fragment;
884 dest_len = &s->d1->alert_fragment_len; 939 dest_len = &s->d1->alert_fragment_len;
885 } 940 }
941#ifndef OPENSSL_NO_HEARTBEATS
942 else if (rr->type == TLS1_RT_HEARTBEAT)
943 {
944 dtls1_process_heartbeat(s);
945
946 /* Exit and notify application to read again */
947 rr->length = 0;
948 s->rwstate=SSL_READING;
949 BIO_clear_retry_flags(SSL_get_rbio(s));
950 BIO_set_retry_read(SSL_get_rbio(s));
951 return(-1);
952 }
953#endif
886 /* else it's a CCS message, or application data or wrong */ 954 /* else it's a CCS message, or application data or wrong */
887 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) 955 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
888 { 956 {
@@ -966,6 +1034,7 @@ start:
966 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 1034 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
967 !s->s3->renegotiate) 1035 !s->s3->renegotiate)
968 { 1036 {
1037 s->new_session = 1;
969 ssl3_renegotiate(s); 1038 ssl3_renegotiate(s);
970 if (ssl3_renegotiate_check(s)) 1039 if (ssl3_renegotiate_check(s))
971 { 1040 {
@@ -1027,6 +1096,21 @@ start:
1027 s->s3->warn_alert = alert_descr; 1096 s->s3->warn_alert = alert_descr;
1028 if (alert_descr == SSL_AD_CLOSE_NOTIFY) 1097 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
1029 { 1098 {
1099#ifndef OPENSSL_NO_SCTP
1100 /* With SCTP and streams the socket may deliver app data
1101 * after a close_notify alert. We have to check this
1102 * first so that nothing gets discarded.
1103 */
1104 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
1105 BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
1106 {
1107 s->d1->shutdown_received = 1;
1108 s->rwstate=SSL_READING;
1109 BIO_clear_retry_flags(SSL_get_rbio(s));
1110 BIO_set_retry_read(SSL_get_rbio(s));
1111 return -1;
1112 }
1113#endif
1030 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1114 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1031 return(0); 1115 return(0);
1032 } 1116 }
@@ -1133,6 +1217,15 @@ start:
1133 if (s->version == DTLS1_BAD_VER) 1217 if (s->version == DTLS1_BAD_VER)
1134 s->d1->handshake_read_seq++; 1218 s->d1->handshake_read_seq++;
1135 1219
1220#ifndef OPENSSL_NO_SCTP
1221 /* Remember that a CCS has been received,
1222 * so that an old key of SCTP-Auth can be
1223 * deleted when a CCS is sent. Will be ignored
1224 * if no SCTP is used
1225 */
1226 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
1227#endif
1228
1136 goto start; 1229 goto start;
1137 } 1230 }
1138 1231
@@ -1155,6 +1248,9 @@ start:
1155 */ 1248 */
1156 if (msg_hdr.type == SSL3_MT_FINISHED) 1249 if (msg_hdr.type == SSL3_MT_FINISHED)
1157 { 1250 {
1251 if (dtls1_check_timeout_num(s) < 0)
1252 return -1;
1253
1158 dtls1_retransmit_buffered_messages(s); 1254 dtls1_retransmit_buffered_messages(s);
1159 rr->length = 0; 1255 rr->length = 0;
1160 goto start; 1256 goto start;
@@ -1172,6 +1268,7 @@ start:
1172#else 1268#else
1173 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1269 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1174#endif 1270#endif
1271 s->renegotiate=1;
1175 s->new_session=1; 1272 s->new_session=1;
1176 } 1273 }
1177 i=s->handshake_func(s); 1274 i=s->handshake_func(s);
@@ -1268,7 +1365,16 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1268 { 1365 {
1269 int i; 1366 int i;
1270 1367
1271 if (SSL_in_init(s) && !s->in_handshake) 1368#ifndef OPENSSL_NO_SCTP
1369 /* Check if we have to continue an interrupted handshake
1370 * for reading belated app data with SCTP.
1371 */
1372 if ((SSL_in_init(s) && !s->in_handshake) ||
1373 (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1374 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
1375#else
1376 if (SSL_in_init(s) && !s->in_handshake)
1377#endif
1272 { 1378 {
1273 i=s->handshake_func(s); 1379 i=s->handshake_func(s);
1274 if (i < 0) return(i); 1380 if (i < 0) return(i);
@@ -1768,10 +1874,3 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
1768 1874
1769 memset(seq, 0x00, seq_bytes); 1875 memset(seq, 0x00, seq_bytes);
1770 } 1876 }
1771
1772
1773static void
1774dtls1_clear_timeouts(SSL *s)
1775 {
1776 memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
1777 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 22:05:25 +0000