summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_pkt.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 14:16:33 +0000
committerjsing <>2014-04-14 14:16:33 +0000
commit95692a60ee0169e369d59f82504e36ff376e13ba (patch)
treed3a4c41549109f6de6427907f10589c02eec0d25 /src/lib/libssl/d1_pkt.c
parent72c1bd17672378115dcd5254ed88828e45357e7f (diff)
downloadopenbsd-95692a60ee0169e369d59f82504e36ff376e13ba.tar.gz
openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.tar.bz2
openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/d1_pkt.c')
-rw-r--r--src/lib/libssl/d1_pkt.c1461
1 files changed, 687 insertions, 774 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 52f7fc022f..30fe8460fb 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -122,107 +122,120 @@
122#include <openssl/rand.h> 122#include <openssl/rand.h>
123 123
124/* mod 128 saturating subtract of two 64-bit values in big-endian order */ 124/* mod 128 saturating subtract of two 64-bit values in big-endian order */
125static int satsub64be(const unsigned char *v1,const unsigned char *v2) 125static int
126{ int ret,sat,brw,i; 126satsub64be(const unsigned char *v1, const unsigned char *v2)
127 127{
128 if (sizeof(long) == 8) do 128 int ret, sat, brw, i;
129 { const union { long one; char little; } is_endian = {1}; 129
130 long l; 130 if (sizeof(long) == 8)
131 131 do {
132 if (is_endian.little) break; 132 const union {
133 /* not reached on little-endians */ 133 long one;
134 /* following test is redundant, because input is 134 char little;
135 * always aligned, but I take no chances... */ 135 } is_endian = {1};
136 if (((size_t)v1|(size_t)v2)&0x7) break; 136 long l;
137 137
138 l = *((long *)v1); 138 if (is_endian.little)
139 l -= *((long *)v2); 139 break;
140 if (l>128) return 128; 140 /* not reached on little-endians */
141 else if (l<-128) return -128; 141 /* following test is redundant, because input is
142 else return (int)l; 142 * always aligned, but I take no chances... */
143 } while (0); 143 if (((size_t)v1 | (size_t)v2) & 0x7)
144 144 break;
145 ret = (int)v1[7]-(int)v2[7]; 145
146 l = *((long *)v1);
147 l -= *((long *)v2);
148 if (l > 128)
149 return 128;
150 else if (l<-128)
151 return -128;
152 else
153 return (int)l;
154 } while (0);
155
156 ret = (int)v1[7] - (int)v2[7];
146 sat = 0; 157 sat = 0;
147 brw = ret>>8; /* brw is either 0 or -1 */ 158 brw = ret >> 8; /* brw is either 0 or -1 */
148 if (ret & 0x80) 159 if (ret & 0x80) {
149 { for (i=6;i>=0;i--) 160 for (i = 6; i >= 0; i--) {
150 { brw += (int)v1[i]-(int)v2[i]; 161 brw += (int)v1[i]-(int)v2[i];
151 sat |= ~brw; 162 sat |= ~brw;
152 brw >>= 8; 163 brw >>= 8;
153 } 164 }
154 } 165 } else {
155 else 166 for (i = 6; i >= 0; i--) {
156 { for (i=6;i>=0;i--) 167 brw += (int)v1[i]-(int)v2[i];
157 { brw += (int)v1[i]-(int)v2[i];
158 sat |= brw; 168 sat |= brw;
159 brw >>= 8; 169 brw >>= 8;
160 } 170 }
161 } 171 }
162 brw <<= 8; /* brw is either 0 or -256 */ 172 brw <<= 8; /* brw is either 0 or -256 */
163 173
164 if (sat&0xff) return brw | 0x80; 174 if (sat & 0xff)
165 else return brw + (ret&0xFF); 175 return brw | 0x80;
176 else
177 return brw + (ret & 0xFF);
166} 178}
167 179
168static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 180static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
169 int len, int peek); 181 int len, int peek);
170static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); 182static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
171static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); 183static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
172static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, 184static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
173 unsigned int *is_next_epoch); 185 unsigned int *is_next_epoch);
174#if 0 186#if 0
175static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, 187static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
176 unsigned short *priority, unsigned long *offset); 188 unsigned short *priority, unsigned long *offset);
177#endif 189#endif
178static int dtls1_buffer_record(SSL *s, record_pqueue *q, 190static int dtls1_buffer_record(SSL *s, record_pqueue *q,
179 unsigned char *priority); 191 unsigned char *priority);
180static int dtls1_process_record(SSL *s); 192static int dtls1_process_record(SSL *s);
181 193
182/* copy buffered record into SSL structure */ 194/* copy buffered record into SSL structure */
183static int 195static int
184dtls1_copy_record(SSL *s, pitem *item) 196dtls1_copy_record(SSL *s, pitem *item)
185 { 197{
186 DTLS1_RECORD_DATA *rdata; 198 DTLS1_RECORD_DATA *rdata;
187 199
188 rdata = (DTLS1_RECORD_DATA *)item->data; 200 rdata = (DTLS1_RECORD_DATA *)item->data;
189 201
190 if (s->s3->rbuf.buf != NULL) 202 if (s->s3->rbuf.buf != NULL)
191 OPENSSL_free(s->s3->rbuf.buf); 203 OPENSSL_free(s->s3->rbuf.buf);
192 204
193 s->packet = rdata->packet; 205 s->packet = rdata->packet;
194 s->packet_length = rdata->packet_length; 206 s->packet_length = rdata->packet_length;
195 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 207 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
196 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 208 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
197 209
198 /* Set proper sequence number for mac calculation */ 210 /* Set proper sequence number for mac calculation */
199 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); 211 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
200 212
201 return(1); 213 return (1);
202 } 214}
203 215
204 216
205static int 217static int
206dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) 218dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
207 { 219{
208 DTLS1_RECORD_DATA *rdata; 220 DTLS1_RECORD_DATA *rdata;
209 pitem *item; 221 pitem *item;
210 222
211 /* Limit the size of the queue to prevent DOS attacks */ 223 /* Limit the size of the queue to prevent DOS attacks */
212 if (pqueue_size(queue->q) >= 100) 224 if (pqueue_size(queue->q) >= 100)
213 return 0; 225 return 0;
214 226
215 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); 227 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
216 item = pitem_new(priority, rdata); 228 item = pitem_new(priority, rdata);
217 if (rdata == NULL || item == NULL) 229 if (rdata == NULL || item == NULL) {
218 { 230 if (rdata != NULL)
219 if (rdata != NULL) OPENSSL_free(rdata); 231 OPENSSL_free(rdata);
220 if (item != NULL) pitem_free(item); 232 if (item != NULL)
221 233 pitem_free(item);
234
222 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); 235 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
223 return(0); 236 return (0);
224 } 237 }
225 238
226 rdata->packet = s->packet; 239 rdata->packet = s->packet;
227 rdata->packet_length = s->packet_length; 240 rdata->packet_length = s->packet_length;
228 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); 241 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
@@ -233,54 +246,51 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
233#ifndef OPENSSL_NO_SCTP 246#ifndef OPENSSL_NO_SCTP
234 /* Store bio_dgram_sctp_rcvinfo struct */ 247 /* Store bio_dgram_sctp_rcvinfo struct */
235 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 248 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
236 (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) { 249 (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
237 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); 250 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
238 } 251 }
239#endif 252#endif
240 253
241 /* insert should not fail, since duplicates are dropped */ 254 /* insert should not fail, since duplicates are dropped */
242 if (pqueue_insert(queue->q, item) == NULL) 255 if (pqueue_insert(queue->q, item) == NULL) {
243 {
244 OPENSSL_free(rdata); 256 OPENSSL_free(rdata);
245 pitem_free(item); 257 pitem_free(item);
246 return(0); 258 return (0);
247 } 259 }
248 260
249 s->packet = NULL; 261 s->packet = NULL;
250 s->packet_length = 0; 262 s->packet_length = 0;
251 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); 263 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
252 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); 264 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
253 265
254 if (!ssl3_setup_buffers(s)) 266 if (!ssl3_setup_buffers(s)) {
255 {
256 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); 267 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
257 OPENSSL_free(rdata); 268 OPENSSL_free(rdata);
258 pitem_free(item); 269 pitem_free(item);
259 return(0); 270 return (0);
260 }
261
262 return(1);
263 } 271 }
264 272
273 return (1);
274}
275
265 276
266static int 277static int
267dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) 278dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
268 { 279{
269 pitem *item; 280 pitem *item;
270 281
271 item = pqueue_pop(queue->q); 282 item = pqueue_pop(queue->q);
272 if (item) 283 if (item) {
273 { 284 dtls1_copy_record(s, item);
274 dtls1_copy_record(s, item);
275 285
276 OPENSSL_free(item->data); 286 OPENSSL_free(item->data);
277 pitem_free(item); 287 pitem_free(item);
278 288
279 return(1); 289 return (1);
280 } 290 }
281 291
282 return(0); 292 return (0);
283 } 293}
284 294
285 295
286/* retrieve a buffered record that belongs to the new epoch, i.e., not processed 296/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
@@ -296,98 +306,96 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
296 306
297static int 307static int
298dtls1_process_buffered_records(SSL *s) 308dtls1_process_buffered_records(SSL *s)
299 { 309{
300 pitem *item; 310 pitem *item;
301 311
302 item = pqueue_peek(s->d1->unprocessed_rcds.q); 312 item = pqueue_peek(s->d1->unprocessed_rcds.q);
303 if (item) 313 if (item) {
304 { 314 /* Check if epoch is current. */
305 /* Check if epoch is current. */ 315 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
306 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) 316 return (1);
307 return(1); /* Nothing to do. */ 317 /* Nothing to do. */
308 318
309 /* Process all the records. */ 319 /* Process all the records. */
310 while (pqueue_peek(s->d1->unprocessed_rcds.q)) 320 while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
311 { 321 dtls1_get_unprocessed_record(s);
312 dtls1_get_unprocessed_record(s); 322 if (! dtls1_process_record(s))
313 if ( ! dtls1_process_record(s)) 323 return (0);
314 return(0); 324 dtls1_buffer_record(s, &(s->d1->processed_rcds),
315 dtls1_buffer_record(s, &(s->d1->processed_rcds), 325 s->s3->rrec.seq_num);
316 s->s3->rrec.seq_num); 326 }
317 } 327 }
318 }
319 328
320 /* sync epoch numbers once all the unprocessed records 329 /* sync epoch numbers once all the unprocessed records
321 * have been processed */ 330 * have been processed */
322 s->d1->processed_rcds.epoch = s->d1->r_epoch; 331 s->d1->processed_rcds.epoch = s->d1->r_epoch;
323 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; 332 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
324 333
325 return(1); 334 return (1);
326 } 335}
327 336
328 337
329#if 0 338#if 0
330 339
331static int 340static int
332dtls1_get_buffered_record(SSL *s) 341dtls1_get_buffered_record(SSL *s)
333 { 342{
334 pitem *item; 343 pitem *item;
335 PQ_64BIT priority = 344 PQ_64BIT priority =
336 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | 345 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) |
337 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off); 346 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
338 347
339 if ( ! SSL_in_init(s)) /* if we're not (re)negotiating, 348 if (!SSL_in_init(s)) /* if we're not (re)negotiating,
340 nothing buffered */ 349 nothing buffered */
341 return 0; 350 return 0;
342 351
343 352
344 item = pqueue_peek(s->d1->rcvd_records); 353 item = pqueue_peek(s->d1->rcvd_records);
345 if (item && item->priority == priority) 354 if (item && item->priority == priority) {
346 {
347 /* Check if we've received the record of interest. It must be 355 /* Check if we've received the record of interest. It must be
348 * a handshake record, since data records as passed up without 356 * a handshake record, since data records as passed up without
349 * buffering */ 357 * buffering */
350 DTLS1_RECORD_DATA *rdata; 358 DTLS1_RECORD_DATA *rdata;
351 item = pqueue_pop(s->d1->rcvd_records); 359 item = pqueue_pop(s->d1->rcvd_records);
352 rdata = (DTLS1_RECORD_DATA *)item->data; 360 rdata = (DTLS1_RECORD_DATA *)item->data;
353 361
354 if (s->s3->rbuf.buf != NULL) 362 if (s->s3->rbuf.buf != NULL)
355 OPENSSL_free(s->s3->rbuf.buf); 363 OPENSSL_free(s->s3->rbuf.buf);
356 364
357 s->packet = rdata->packet; 365 s->packet = rdata->packet;
358 s->packet_length = rdata->packet_length; 366 s->packet_length = rdata->packet_length;
359 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 367 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
360 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 368 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
361 369
362 OPENSSL_free(item->data); 370 OPENSSL_free(item->data);
363 pitem_free(item); 371 pitem_free(item);
364 372
365 /* s->d1->next_expected_seq_num++; */ 373 /* s->d1->next_expected_seq_num++; */
366 return(1); 374 return (1);
367 }
368
369 return 0;
370 } 375 }
371 376
377 return 0;
378}
379
372#endif 380#endif
373 381
374static int 382static int
375dtls1_process_record(SSL *s) 383dtls1_process_record(SSL *s)
376{ 384{
377 int i,al; 385 int i, al;
378 int enc_err; 386 int enc_err;
379 SSL_SESSION *sess; 387 SSL_SESSION *sess;
380 SSL3_RECORD *rr; 388 SSL3_RECORD *rr;
381 unsigned int mac_size, orig_len; 389 unsigned int mac_size, orig_len;
382 unsigned char md[EVP_MAX_MD_SIZE]; 390 unsigned char md[EVP_MAX_MD_SIZE];
383 391
384 rr= &(s->s3->rrec); 392 rr = &(s->s3->rrec);
385 sess = s->session; 393 sess = s->session;
386 394
387 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 395 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
388 * and we have that many bytes in s->packet 396 * and we have that many bytes in s->packet
389 */ 397 */
390 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]); 398 rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);
391 399
392 /* ok, we can now read from 's->packet' data into 'rr' 400 /* ok, we can now read from 's->packet' data into 'rr'
393 * rr->input points at rr->length bytes, which 401 * rr->input points at rr->length bytes, which
@@ -400,48 +408,44 @@ dtls1_process_record(SSL *s)
400 * rr->length bytes of encrypted compressed stuff. */ 408 * rr->length bytes of encrypted compressed stuff. */
401 409
402 /* check is not needed I believe */ 410 /* check is not needed I believe */
403 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 411 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
404 { 412 al = SSL_AD_RECORD_OVERFLOW;
405 al=SSL_AD_RECORD_OVERFLOW; 413 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
406 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
407 goto f_err; 414 goto f_err;
408 } 415 }
409 416
410 /* decrypt in place in 'rr->input' */ 417 /* decrypt in place in 'rr->input' */
411 rr->data=rr->input; 418 rr->data = rr->input;
412 419
413 enc_err = s->method->ssl3_enc->enc(s,0); 420 enc_err = s->method->ssl3_enc->enc(s, 0);
414 /* enc_err is: 421 /* enc_err is:
415 * 0: (in non-constant time) if the record is publically invalid. 422 * 0: (in non-constant time) if the record is publically invalid.
416 * 1: if the padding is valid 423 * 1: if the padding is valid
417 * -1: if the padding is invalid */ 424 * -1: if the padding is invalid */
418 if (enc_err == 0) 425 if (enc_err == 0) {
419 {
420 /* For DTLS we simply ignore bad packets. */ 426 /* For DTLS we simply ignore bad packets. */
421 rr->length = 0; 427 rr->length = 0;
422 s->packet_length = 0; 428 s->packet_length = 0;
423 goto err; 429 goto err;
424 } 430 }
425 431
426#ifdef TLS_DEBUG 432#ifdef TLS_DEBUG
427printf("dec %d\n",rr->length); 433 printf("dec %d\n", rr->length);
428{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 434 { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
429printf("\n"); 435 printf("\n");
430#endif 436#endif
431 437
432 /* r->length is now the compressed data plus mac */ 438 /* r->length is now the compressed data plus mac */
433 if ((sess != NULL) && 439 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
434 (s->enc_read_ctx != NULL) && 440 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
435 (EVP_MD_CTX_md(s->read_hash) != NULL))
436 {
437 /* s->read_hash != NULL => mac_size != -1 */ 441 /* s->read_hash != NULL => mac_size != -1 */
438 unsigned char *mac = NULL; 442 unsigned char *mac = NULL;
439 unsigned char mac_tmp[EVP_MAX_MD_SIZE]; 443 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
440 mac_size=EVP_MD_CTX_size(s->read_hash); 444 mac_size = EVP_MD_CTX_size(s->read_hash);
441 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); 445 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
442 446
443 /* kludge: *_cbc_remove_padding passes padding length in rr->type */ 447 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
444 orig_len = rr->length+((unsigned int)rr->type>>8); 448 orig_len = rr->length + ((unsigned int)rr->type >> 8);
445 449
446 /* orig_len is the length of the record before any padding was 450 /* orig_len is the length of the record before any padding was
447 * removed. This is public information, as is the MAC in use, 451 * removed. This is public information, as is the MAC in use,
@@ -449,17 +453,15 @@ printf("\n");
449 * amount of time if it's too short to possibly contain a MAC. 453 * amount of time if it's too short to possibly contain a MAC.
450 */ 454 */
451 if (orig_len < mac_size || 455 if (orig_len < mac_size ||
452 /* CBC records must have a padding length byte too. */ 456 /* CBC records must have a padding length byte too. */
453 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && 457 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
454 orig_len < mac_size+1)) 458 orig_len < mac_size + 1)) {
455 { 459 al = SSL_AD_DECODE_ERROR;
456 al=SSL_AD_DECODE_ERROR; 460 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
457 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
458 goto f_err; 461 goto f_err;
459 } 462 }
460 463
461 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) 464 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
462 {
463 /* We update the length so that the TLS header bytes 465 /* We update the length so that the TLS header bytes
464 * can be constructed correctly but we need to extract 466 * can be constructed correctly but we need to extract
465 * the MAC in constant time from within the record, 467 * the MAC in constant time from within the record,
@@ -468,56 +470,49 @@ printf("\n");
468 mac = mac_tmp; 470 mac = mac_tmp;
469 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); 471 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
470 rr->length -= mac_size; 472 rr->length -= mac_size;
471 } 473 } else {
472 else
473 {
474 /* In this case there's no padding, so |orig_len| 474 /* In this case there's no padding, so |orig_len|
475 * equals |rec->length| and we checked that there's 475 * equals |rec->length| and we checked that there's
476 * enough bytes for |mac_size| above. */ 476 * enough bytes for |mac_size| above. */
477 rr->length -= mac_size; 477 rr->length -= mac_size;
478 mac = &rr->data[rr->length]; 478 mac = &rr->data[rr->length];
479 } 479 }
480 480
481 i=s->method->ssl3_enc->mac(s,md,0 /* not send */); 481 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
482 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) 482 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
483 enc_err = -1; 483 enc_err = -1;
484 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 484 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
485 enc_err = -1; 485 enc_err = -1;
486 } 486 }
487 487
488 if (enc_err < 0) 488 if (enc_err < 0) {
489 {
490 /* decryption failed, silently discard message */ 489 /* decryption failed, silently discard message */
491 rr->length = 0; 490 rr->length = 0;
492 s->packet_length = 0; 491 s->packet_length = 0;
493 goto err; 492 goto err;
494 } 493 }
495 494
496 /* r->length is now just compressed */ 495 /* r->length is now just compressed */
497 if (s->expand != NULL) 496 if (s->expand != NULL) {
498 { 497 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
499 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) 498 al = SSL_AD_RECORD_OVERFLOW;
500 { 499 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
501 al=SSL_AD_RECORD_OVERFLOW;
502 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
503 goto f_err; 500 goto f_err;
504 } 501 }
505 if (!ssl3_do_uncompress(s)) 502 if (!ssl3_do_uncompress(s)) {
506 { 503 al = SSL_AD_DECOMPRESSION_FAILURE;
507 al=SSL_AD_DECOMPRESSION_FAILURE; 504 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
508 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
509 goto f_err; 505 goto f_err;
510 }
511 } 506 }
507 }
512 508
513 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) 509 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
514 { 510 al = SSL_AD_RECORD_OVERFLOW;
515 al=SSL_AD_RECORD_OVERFLOW; 511 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
516 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
517 goto f_err; 512 goto f_err;
518 } 513 }
519 514
520 rr->off=0; 515 rr->off = 0;
521 /* So at this point the following is true 516 /* So at this point the following is true
522 * ssl->s3->rrec.type is the type of record 517 * ssl->s3->rrec.type is the type of record
523 * ssl->s3->rrec.length == number of bytes in record 518 * ssl->s3->rrec.length == number of bytes in record
@@ -527,14 +522,14 @@ printf("\n");
527 */ 522 */
528 523
529 /* we have pulled in a full packet so zero things */ 524 /* we have pulled in a full packet so zero things */
530 s->packet_length=0; 525 s->packet_length = 0;
531 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ 526 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
532 return(1); 527 return (1);
533 528
534f_err: 529f_err:
535 ssl3_send_alert(s,SSL3_AL_FATAL,al); 530 ssl3_send_alert(s, SSL3_AL_FATAL, al);
536err: 531err:
537 return(0); 532 return (0);
538} 533}
539 534
540 535
@@ -547,17 +542,18 @@ err:
547 * ssl->s3->rrec.length, - number of bytes 542 * ssl->s3->rrec.length, - number of bytes
548 */ 543 */
549/* used only by dtls1_read_bytes */ 544/* used only by dtls1_read_bytes */
550int dtls1_get_record(SSL *s) 545int
551 { 546dtls1_get_record(SSL *s)
552 int ssl_major,ssl_minor; 547{
553 int i,n; 548 int ssl_major, ssl_minor;
549 int i, n;
554 SSL3_RECORD *rr; 550 SSL3_RECORD *rr;
555 unsigned char *p = NULL; 551 unsigned char *p = NULL;
556 unsigned short version; 552 unsigned short version;
557 DTLS1_BITMAP *bitmap; 553 DTLS1_BITMAP *bitmap;
558 unsigned int is_next_epoch; 554 unsigned int is_next_epoch;
559 555
560 rr= &(s->s3->rrec); 556 rr = &(s->s3->rrec);
561 557
562 /* The epoch may have changed. If so, process all the 558 /* The epoch may have changed. If so, process all the
563 * pending records. This is a non-blocking operation. */ 559 * pending records. This is a non-blocking operation. */
@@ -570,104 +566,98 @@ int dtls1_get_record(SSL *s)
570 /* get something from the wire */ 566 /* get something from the wire */
571again: 567again:
572 /* check if we have the header */ 568 /* check if we have the header */
573 if ( (s->rstate != SSL_ST_READ_BODY) || 569 if ((s->rstate != SSL_ST_READ_BODY) ||
574 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) 570 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
575 { 571 n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
576 n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
577 /* read timeout is handled by dtls1_read_bytes */ 572 /* read timeout is handled by dtls1_read_bytes */
578 if (n <= 0) return(n); /* error or non-blocking */ 573 if (n <= 0)
574 return(n); /* error or non-blocking */
579 575
580 /* this packet contained a partial record, dump it */ 576 /* this packet contained a partial record, dump it */
581 if (s->packet_length != DTLS1_RT_HEADER_LENGTH) 577 if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {
582 {
583 s->packet_length = 0; 578 s->packet_length = 0;
584 goto again; 579 goto again;
585 } 580 }
586 581
587 s->rstate=SSL_ST_READ_BODY; 582 s->rstate = SSL_ST_READ_BODY;
588 583
589 p=s->packet; 584 p = s->packet;
590 585
591 /* Pull apart the header into the DTLS1_RECORD */ 586 /* Pull apart the header into the DTLS1_RECORD */
592 rr->type= *(p++); 587 rr->type= *(p++);
593 ssl_major= *(p++); 588 ssl_major= *(p++);
594 ssl_minor= *(p++); 589 ssl_minor= *(p++);
595 version=(ssl_major<<8)|ssl_minor; 590 version = (ssl_major << 8)|ssl_minor;
596 591
597 /* sequence number is 64 bits, with top 2 bytes = epoch */ 592 /* sequence number is 64 bits, with top 2 bytes = epoch */
598 n2s(p,rr->epoch); 593 n2s(p, rr->epoch);
599 594
600 memcpy(&(s->s3->read_sequence[2]), p, 6); 595 memcpy(&(s->s3->read_sequence[2]), p, 6);
601 p+=6; 596 p += 6;
602 597
603 n2s(p,rr->length); 598 n2s(p, rr->length);
604 599
605 /* Lets check version */ 600 /* Lets check version */
606 if (!s->first_packet) 601 if (!s->first_packet) {
607 { 602 if (version != s->version) {
608 if (version != s->version)
609 {
610 /* unexpected version, silently discard */ 603 /* unexpected version, silently discard */
611 rr->length = 0; 604 rr->length = 0;
612 s->packet_length = 0; 605 s->packet_length = 0;
613 goto again; 606 goto again;
614 }
615 } 607 }
608 }
616 609
617 if ((version & 0xff00) != (s->version & 0xff00)) 610 if ((version & 0xff00) != (s->version & 0xff00)) {
618 {
619 /* wrong version, silently discard record */ 611 /* wrong version, silently discard record */
620 rr->length = 0; 612 rr->length = 0;
621 s->packet_length = 0; 613 s->packet_length = 0;
622 goto again; 614 goto again;
623 } 615 }
624 616
625 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 617 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
626 {
627 /* record too long, silently discard it */ 618 /* record too long, silently discard it */
628 rr->length = 0; 619 rr->length = 0;
629 s->packet_length = 0; 620 s->packet_length = 0;
630 goto again; 621 goto again;
631 } 622 }
632 623
633 /* now s->rstate == SSL_ST_READ_BODY */ 624 /* now s->rstate == SSL_ST_READ_BODY */
634 } 625 }
635 626
636 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 627 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
637 628
638 if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH) 629 if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
639 {
640 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ 630 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
641 i=rr->length; 631 i = rr->length;
642 n=ssl3_read_n(s,i,i,1); 632 n = ssl3_read_n(s, i, i, 1);
643 if (n <= 0) return(n); /* error or non-blocking io */ 633 if (n <= 0)
634 return(n); /* error or non-blocking io */
644 635
645 /* this packet contained a partial record, dump it */ 636 /* this packet contained a partial record, dump it */
646 if ( n != i) 637 if (n != i) {
647 {
648 rr->length = 0; 638 rr->length = 0;
649 s->packet_length = 0; 639 s->packet_length = 0;
650 goto again; 640 goto again;
651 } 641 }
652 642
653 /* now n == rr->length, 643 /* now n == rr->length,
654 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ 644 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
655 } 645 }
656 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ 646 s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
657 647
658 /* match epochs. NULL means the packet is dropped on the floor */ 648 /* match epochs. NULL means the packet is dropped on the floor */
659 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); 649 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
660 if ( bitmap == NULL) 650 if (bitmap == NULL) {
661 {
662 rr->length = 0; 651 rr->length = 0;
663 s->packet_length = 0; /* dump this record */ 652 s->packet_length = 0;
664 goto again; /* get another record */ 653 /* dump this record */
665 } 654 goto again;
655 /* get another record */
656 }
666 657
667#ifndef OPENSSL_NO_SCTP 658#ifndef OPENSSL_NO_SCTP
668 /* Only do replay check if no SCTP bio */ 659 /* Only do replay check if no SCTP bio */
669 if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) 660 if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
670 {
671#endif 661#endif
672 /* Check whether this is a repeat, or aged record. 662 /* Check whether this is a repeat, or aged record.
673 * Don't check if we're listening and this message is 663 * Don't check if we're listening and this message is
@@ -677,45 +667,45 @@ again:
677 */ 667 */
678 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && 668 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
679 *p == SSL3_MT_CLIENT_HELLO) && 669 *p == SSL3_MT_CLIENT_HELLO) &&
680 !dtls1_record_replay_check(s, bitmap)) 670 !dtls1_record_replay_check(s, bitmap)) {
681 {
682 rr->length = 0; 671 rr->length = 0;
683 s->packet_length=0; /* dump this record */ 672 s->packet_length=0; /* dump this record */
684 goto again; /* get another record */ 673 goto again;
685 } 674 /* get another record */
675 }
686#ifndef OPENSSL_NO_SCTP 676#ifndef OPENSSL_NO_SCTP
687 } 677 }
688#endif 678#endif
689 679
690 /* just read a 0 length packet */ 680 /* just read a 0 length packet */
691 if (rr->length == 0) goto again; 681 if (rr->length == 0)
682 goto again;
692 683
693 /* If this record is from the next epoch (either HM or ALERT), 684 /* If this record is from the next epoch (either HM or ALERT),
694 * and a handshake is currently in progress, buffer it since it 685 * and a handshake is currently in progress, buffer it since it
695 * cannot be processed at this time. However, do not buffer 686 * cannot be processed at this time. However, do not buffer
696 * anything while listening. 687 * anything while listening.
697 */ 688 */
698 if (is_next_epoch) 689 if (is_next_epoch) {
699 { 690 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
700 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
701 {
702 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); 691 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
703 } 692 }
704 rr->length = 0; 693 rr->length = 0;
705 s->packet_length = 0; 694 s->packet_length = 0;
706 goto again; 695 goto again;
707 } 696 }
708 697
709 if (!dtls1_process_record(s)) 698 if (!dtls1_process_record(s)) {
710 {
711 rr->length = 0; 699 rr->length = 0;
712 s->packet_length = 0; /* dump this record */ 700 s->packet_length = 0;
713 goto again; /* get another record */ 701 /* dump this record */
714 } 702 goto again;
703 /* get another record */
704 }
715 705
716 return(1); 706 return (1);
717 707
718 } 708}
719 709
720/* Return up to 'len' payload bytes received in 'type' records. 710/* Return up to 'len' payload bytes received in 'type' records.
721 * 'type' is one of the following: 711 * 'type' is one of the following:
@@ -744,28 +734,28 @@ again:
744 * Application data protocol 734 * Application data protocol
745 * none of our business 735 * none of our business
746 */ 736 */
747int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 737int
748 { 738dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
749 int al,i,j,ret; 739{
740 int al, i, j, ret;
750 unsigned int n; 741 unsigned int n;
751 SSL3_RECORD *rr; 742 SSL3_RECORD *rr;
752 void (*cb)(const SSL *ssl,int type2,int val)=NULL; 743 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
753 744
754 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 745 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
755 if (!ssl3_setup_buffers(s)) 746 if (!ssl3_setup_buffers(s))
756 return(-1); 747 return (-1);
757 748
758 /* XXX: check what the second '&& type' is about */ 749 /* XXX: check what the second '&& type' is about */
759 if ((type && (type != SSL3_RT_APPLICATION_DATA) && 750 if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
760 (type != SSL3_RT_HANDSHAKE) && type) || 751 (type != SSL3_RT_HANDSHAKE) && type) ||
761 (peek && (type != SSL3_RT_APPLICATION_DATA))) 752 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
762 {
763 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); 753 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
764 return -1; 754 return -1;
765 } 755 }
766 756
767 /* check whether there's a handshake message (client hello?) waiting */ 757 /* check whether there's a handshake message (client hello?) waiting */
768 if ( (ret = have_handshake_fragment(s, type, buf, len, peek))) 758 if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
769 return ret; 759 return ret;
770 760
771 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ 761 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
@@ -776,24 +766,25 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
776 */ 766 */
777 if ((!s->in_handshake && SSL_in_init(s)) || 767 if ((!s->in_handshake && SSL_in_init(s)) ||
778 (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 768 (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
779 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) && 769 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
780 s->s3->in_read_app_data != 2)) 770 s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
771 s->s3->in_read_app_data != 2))
781#else 772#else
782 if (!s->in_handshake && SSL_in_init(s)) 773 if (!s->in_handshake && SSL_in_init(s))
783#endif 774#endif
784 { 775 {
785 /* type == SSL3_RT_APPLICATION_DATA */ 776 /* type == SSL3_RT_APPLICATION_DATA */
786 i=s->handshake_func(s); 777 i = s->handshake_func(s);
787 if (i < 0) return(i); 778 if (i < 0)
788 if (i == 0) 779 return (i);
789 { 780 if (i == 0) {
790 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 781 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
791 return(-1); 782 return (-1);
792 }
793 } 783 }
784 }
794 785
795start: 786start:
796 s->rwstate=SSL_NOTHING; 787 s->rwstate = SSL_NOTHING;
797 788
798 /* s->s3->rrec.type - is the type of record 789 /* s->s3->rrec.type - is the type of record
799 * s->s3->rrec.data, - data 790 * s->s3->rrec.data, - data
@@ -805,59 +796,52 @@ start:
805 * so process data buffered during the last handshake 796 * so process data buffered during the last handshake
806 * in advance, if any. 797 * in advance, if any.
807 */ 798 */
808 if (s->state == SSL_ST_OK && rr->length == 0) 799 if (s->state == SSL_ST_OK && rr->length == 0) {
809 {
810 pitem *item; 800 pitem *item;
811 item = pqueue_pop(s->d1->buffered_app_data.q); 801 item = pqueue_pop(s->d1->buffered_app_data.q);
812 if (item) 802 if (item) {
813 {
814#ifndef OPENSSL_NO_SCTP 803#ifndef OPENSSL_NO_SCTP
815 /* Restore bio_dgram_sctp_rcvinfo struct */ 804 /* Restore bio_dgram_sctp_rcvinfo struct */
816 if (BIO_dgram_is_sctp(SSL_get_rbio(s))) 805 if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
817 {
818 DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data; 806 DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
819 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); 807 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
820 } 808 }
821#endif 809#endif
822 810
823 dtls1_copy_record(s, item); 811 dtls1_copy_record(s, item);
824 812
825 OPENSSL_free(item->data); 813 OPENSSL_free(item->data);
826 pitem_free(item); 814 pitem_free(item);
827 }
828 } 815 }
816 }
829 817
830 /* Check for timeout */ 818 /* Check for timeout */
831 if (dtls1_handle_timeout(s) > 0) 819 if (dtls1_handle_timeout(s) > 0)
832 goto start; 820 goto start;
833 821
834 /* get new packet if necessary */ 822 /* get new packet if necessary */
835 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) 823 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
836 { 824 ret = dtls1_get_record(s);
837 ret=dtls1_get_record(s); 825 if (ret <= 0) {
838 if (ret <= 0)
839 {
840 ret = dtls1_read_failed(s, ret); 826 ret = dtls1_read_failed(s, ret);
841 /* anything other than a timeout is an error */ 827 /* anything other than a timeout is an error */
842 if (ret <= 0) 828 if (ret <= 0)
843 return(ret); 829 return (ret);
844 else 830 else
845 goto start; 831 goto start;
846 }
847 } 832 }
833 }
848 834
849 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) 835 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
850 {
851 rr->length = 0; 836 rr->length = 0;
852 goto start; 837 goto start;
853 } 838 }
854 839
855 /* we now have a packet which can be read and processed */ 840 /* we now have a packet which can be read and processed */
856 841
857 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 842 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
858 * reset by ssl3_get_finished */ 843 * reset by ssl3_get_finished */
859 && (rr->type != SSL3_RT_HANDSHAKE)) 844 && (rr->type != SSL3_RT_HANDSHAKE)) {
860 {
861 /* We now have application data between CCS and Finished. 845 /* We now have application data between CCS and Finished.
862 * Most likely the packets were reordered on their way, so 846 * Most likely the packets were reordered on their way, so
863 * buffer the application data for later processing rather 847 * buffer the application data for later processing rather
@@ -866,75 +850,71 @@ start:
866 dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); 850 dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
867 rr->length = 0; 851 rr->length = 0;
868 goto start; 852 goto start;
869 } 853 }
870 854
871 /* If the other end has shut down, throw anything we read away 855 /* If the other end has shut down, throw anything we read away
872 * (even in 'peek' mode) */ 856 * (even in 'peek' mode) */
873 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 857 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
874 { 858 rr->length = 0;
875 rr->length=0; 859 s->rwstate = SSL_NOTHING;
876 s->rwstate=SSL_NOTHING; 860 return (0);
877 return(0); 861 }
878 }
879 862
880 863
881 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ 864 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
882 { 865 {
883 /* make sure that we are not getting application data when we 866 /* make sure that we are not getting application data when we
884 * are doing a handshake for the first time */ 867 * are doing a handshake for the first time */
885 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && 868 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
886 (s->enc_read_ctx == NULL)) 869 (s->enc_read_ctx == NULL)) {
887 { 870 al = SSL_AD_UNEXPECTED_MESSAGE;
888 al=SSL_AD_UNEXPECTED_MESSAGE; 871 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
889 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
890 goto f_err; 872 goto f_err;
891 } 873 }
892 874
893 if (len <= 0) return(len); 875 if (len <= 0)
876 return (len);
894 877
895 if ((unsigned int)len > rr->length) 878 if ((unsigned int)len > rr->length)
896 n = rr->length; 879 n = rr->length;
897 else 880 else
898 n = (unsigned int)len; 881 n = (unsigned int)len;
899 882
900 memcpy(buf,&(rr->data[rr->off]),n); 883 memcpy(buf, &(rr->data[rr->off]), n);
901 if (!peek) 884 if (!peek) {
902 { 885 rr->length -= n;
903 rr->length-=n; 886 rr->off += n;
904 rr->off+=n; 887 if (rr->length == 0) {
905 if (rr->length == 0) 888 s->rstate = SSL_ST_READ_HEADER;
906 { 889 rr->off = 0;
907 s->rstate=SSL_ST_READ_HEADER;
908 rr->off=0;
909 }
910 } 890 }
891 }
911 892
912#ifndef OPENSSL_NO_SCTP 893#ifndef OPENSSL_NO_SCTP
913 /* We were about to renegotiate but had to read 894 /* We were about to renegotiate but had to read
914 * belated application data first, so retry. 895 * belated application data first, so retry.
915 */ 896 */
916 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 897 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
917 rr->type == SSL3_RT_APPLICATION_DATA && 898 rr->type == SSL3_RT_APPLICATION_DATA &&
918 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) 899 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
919 { 900 s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) {
920 s->rwstate=SSL_READING; 901 s->rwstate = SSL_READING;
921 BIO_clear_retry_flags(SSL_get_rbio(s)); 902 BIO_clear_retry_flags(SSL_get_rbio(s));
922 BIO_set_retry_read(SSL_get_rbio(s)); 903 BIO_set_retry_read(SSL_get_rbio(s));
923 } 904 }
924 905
925 /* We might had to delay a close_notify alert because 906 /* We might had to delay a close_notify alert because
926 * of reordered app data. If there was an alert and there 907 * of reordered app data. If there was an alert and there
927 * is no message to read anymore, finally set shutdown. 908 * is no message to read anymore, finally set shutdown.
928 */ 909 */
929 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 910 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
930 s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 911 s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
931 { 912 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
932 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 913 return (0);
933 return(0);
934 }
935#endif
936 return(n);
937 } 914 }
915#endif
916 return (n);
917 }
938 918
939 919
940 /* If we get here, then type != rr->type; if we have a handshake 920 /* If we get here, then type != rr->type; if we have a handshake
@@ -943,65 +923,57 @@ start:
943 /* In case of record types for which we have 'fragment' storage, 923 /* In case of record types for which we have 'fragment' storage,
944 * fill that so that we can process the data at a fixed place. 924 * fill that so that we can process the data at a fixed place.
945 */ 925 */
946 { 926 {
947 unsigned int k, dest_maxlen = 0; 927 unsigned int k, dest_maxlen = 0;
948 unsigned char *dest = NULL; 928 unsigned char *dest = NULL;
949 unsigned int *dest_len = NULL; 929 unsigned int *dest_len = NULL;
950 930
951 if (rr->type == SSL3_RT_HANDSHAKE) 931 if (rr->type == SSL3_RT_HANDSHAKE) {
952 {
953 dest_maxlen = sizeof s->d1->handshake_fragment; 932 dest_maxlen = sizeof s->d1->handshake_fragment;
954 dest = s->d1->handshake_fragment; 933 dest = s->d1->handshake_fragment;
955 dest_len = &s->d1->handshake_fragment_len; 934 dest_len = &s->d1->handshake_fragment_len;
956 } 935 } else if (rr->type == SSL3_RT_ALERT) {
957 else if (rr->type == SSL3_RT_ALERT)
958 {
959 dest_maxlen = sizeof(s->d1->alert_fragment); 936 dest_maxlen = sizeof(s->d1->alert_fragment);
960 dest = s->d1->alert_fragment; 937 dest = s->d1->alert_fragment;
961 dest_len = &s->d1->alert_fragment_len; 938 dest_len = &s->d1->alert_fragment_len;
962 } 939 }
963#ifndef OPENSSL_NO_HEARTBEATS 940#ifndef OPENSSL_NO_HEARTBEATS
964 else if (rr->type == TLS1_RT_HEARTBEAT) 941 else if (rr->type == TLS1_RT_HEARTBEAT) {
965 {
966 dtls1_process_heartbeat(s); 942 dtls1_process_heartbeat(s);
967 943
968 /* Exit and notify application to read again */ 944 /* Exit and notify application to read again */
969 rr->length = 0; 945 rr->length = 0;
970 s->rwstate=SSL_READING; 946 s->rwstate = SSL_READING;
971 BIO_clear_retry_flags(SSL_get_rbio(s)); 947 BIO_clear_retry_flags(SSL_get_rbio(s));
972 BIO_set_retry_read(SSL_get_rbio(s)); 948 BIO_set_retry_read(SSL_get_rbio(s));
973 return(-1); 949 return (-1);
974 } 950 }
975#endif 951#endif
976 /* else it's a CCS message, or application data or wrong */ 952 /* else it's a CCS message, or application data or wrong */
977 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) 953 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
978 {
979 /* Application data while renegotiating 954 /* Application data while renegotiating
980 * is allowed. Try again reading. 955 * is allowed. Try again reading.
981 */ 956 */
982 if (rr->type == SSL3_RT_APPLICATION_DATA) 957 if (rr->type == SSL3_RT_APPLICATION_DATA) {
983 {
984 BIO *bio; 958 BIO *bio;
985 s->s3->in_read_app_data=2; 959 s->s3->in_read_app_data = 2;
986 bio=SSL_get_rbio(s); 960 bio = SSL_get_rbio(s);
987 s->rwstate=SSL_READING; 961 s->rwstate = SSL_READING;
988 BIO_clear_retry_flags(bio); 962 BIO_clear_retry_flags(bio);
989 BIO_set_retry_read(bio); 963 BIO_set_retry_read(bio);
990 return(-1); 964 return (-1);
991 } 965 }
992 966
993 /* Not certain if this is the right error handling */ 967 /* Not certain if this is the right error handling */
994 al=SSL_AD_UNEXPECTED_MESSAGE; 968 al = SSL_AD_UNEXPECTED_MESSAGE;
995 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 969 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
996 goto f_err; 970 goto f_err;
997 } 971 }
998 972
999 if (dest_maxlen > 0) 973 if (dest_maxlen > 0) {
1000 {
1001 /* XDTLS: In a pathalogical case, the Client Hello 974 /* XDTLS: In a pathalogical case, the Client Hello
1002 * may be fragmented--don't always expect dest_maxlen bytes */ 975 * may be fragmented--don't always expect dest_maxlen bytes */
1003 if ( rr->length < dest_maxlen) 976 if (rr->length < dest_maxlen) {
1004 {
1005#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 977#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1006 /* 978 /*
1007 * for normal alerts rr->length is 2, while 979 * for normal alerts rr->length is 2, while
@@ -1010,20 +982,19 @@ start:
1010 */ 982 */
1011 FIX ME 983 FIX ME
1012#endif 984#endif
1013 s->rstate=SSL_ST_READ_HEADER; 985 s->rstate = SSL_ST_READ_HEADER;
1014 rr->length = 0; 986 rr->length = 0;
1015 goto start; 987 goto start;
1016 } 988 }
1017 989
1018 /* now move 'n' bytes: */ 990 /* now move 'n' bytes: */
1019 for ( k = 0; k < dest_maxlen; k++) 991 for ( k = 0; k < dest_maxlen; k++) {
1020 {
1021 dest[k] = rr->data[rr->off++]; 992 dest[k] = rr->data[rr->off++];
1022 rr->length--; 993 rr->length--;
1023 }
1024 *dest_len = dest_maxlen;
1025 } 994 }
995 *dest_len = dest_maxlen;
1026 } 996 }
997 }
1027 998
1028 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; 999 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
1029 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. 1000 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
@@ -1031,117 +1002,107 @@ start:
1031 1002
1032 /* If we are a client, check for an incoming 'Hello Request': */ 1003 /* If we are a client, check for an incoming 'Hello Request': */
1033 if ((!s->server) && 1004 if ((!s->server) &&
1034 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 1005 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1035 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && 1006 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1036 (s->session != NULL) && (s->session->cipher != NULL)) 1007 (s->session != NULL) && (s->session->cipher != NULL)) {
1037 {
1038 s->d1->handshake_fragment_len = 0; 1008 s->d1->handshake_fragment_len = 0;
1039 1009
1040 if ((s->d1->handshake_fragment[1] != 0) || 1010 if ((s->d1->handshake_fragment[1] != 0) ||
1041 (s->d1->handshake_fragment[2] != 0) || 1011 (s->d1->handshake_fragment[2] != 0) ||
1042 (s->d1->handshake_fragment[3] != 0)) 1012 (s->d1->handshake_fragment[3] != 0)) {
1043 { 1013 al = SSL_AD_DECODE_ERROR;
1044 al=SSL_AD_DECODE_ERROR; 1014 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
1045 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
1046 goto err; 1015 goto err;
1047 } 1016 }
1048 1017
1049 /* no need to check sequence number on HELLO REQUEST messages */ 1018 /* no need to check sequence number on HELLO REQUEST messages */
1050 1019
1051 if (s->msg_callback) 1020 if (s->msg_callback)
1052 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 1021 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
1053 s->d1->handshake_fragment, 4, s, s->msg_callback_arg); 1022 s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
1054 1023
1055 if (SSL_is_init_finished(s) && 1024 if (SSL_is_init_finished(s) &&
1056 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 1025 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1057 !s->s3->renegotiate) 1026 !s->s3->renegotiate) {
1058 {
1059 s->d1->handshake_read_seq++; 1027 s->d1->handshake_read_seq++;
1060 s->new_session = 1; 1028 s->new_session = 1;
1061 ssl3_renegotiate(s); 1029 ssl3_renegotiate(s);
1062 if (ssl3_renegotiate_check(s)) 1030 if (ssl3_renegotiate_check(s)) {
1063 { 1031 i = s->handshake_func(s);
1064 i=s->handshake_func(s); 1032 if (i < 0)
1065 if (i < 0) return(i); 1033 return (i);
1066 if (i == 0) 1034 if (i == 0) {
1067 { 1035 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1068 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1036 return (-1);
1069 return(-1); 1037 }
1070 }
1071 1038
1072 if (!(s->mode & SSL_MODE_AUTO_RETRY)) 1039 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1073 {
1074 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1040 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1075 { 1041 {
1076 BIO *bio; 1042 BIO *bio;
1077 /* In the case where we try to read application data, 1043 /* In the case where we try to read application data,
1078 * but we trigger an SSL handshake, we return -1 with 1044 * but we trigger an SSL handshake, we return -1 with
1079 * the retry option set. Otherwise renegotiation may 1045 * the retry option set. Otherwise renegotiation may
1080 * cause nasty problems in the blocking world */ 1046 * cause nasty problems in the blocking world */
1081 s->rwstate=SSL_READING; 1047 s->rwstate = SSL_READING;
1082 bio=SSL_get_rbio(s); 1048 bio = SSL_get_rbio(s);
1083 BIO_clear_retry_flags(bio); 1049 BIO_clear_retry_flags(bio);
1084 BIO_set_retry_read(bio); 1050 BIO_set_retry_read(bio);
1085 return(-1); 1051 return (-1);
1086 }
1087 } 1052 }
1088 } 1053 }
1089 } 1054 }
1055 }
1090 /* we either finished a handshake or ignored the request, 1056 /* we either finished a handshake or ignored the request,
1091 * now try again to obtain the (application) data we were asked for */ 1057 * now try again to obtain the (application) data we were asked for */
1092 goto start; 1058 goto start;
1093 } 1059 }
1094 1060
1095 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) 1061 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
1096 {
1097 int alert_level = s->d1->alert_fragment[0]; 1062 int alert_level = s->d1->alert_fragment[0];
1098 int alert_descr = s->d1->alert_fragment[1]; 1063 int alert_descr = s->d1->alert_fragment[1];
1099 1064
1100 s->d1->alert_fragment_len = 0; 1065 s->d1->alert_fragment_len = 0;
1101 1066
1102 if (s->msg_callback) 1067 if (s->msg_callback)
1103 s->msg_callback(0, s->version, SSL3_RT_ALERT, 1068 s->msg_callback(0, s->version, SSL3_RT_ALERT,
1104 s->d1->alert_fragment, 2, s, s->msg_callback_arg); 1069 s->d1->alert_fragment, 2, s, s->msg_callback_arg);
1105 1070
1106 if (s->info_callback != NULL) 1071 if (s->info_callback != NULL)
1107 cb=s->info_callback; 1072 cb = s->info_callback;
1108 else if (s->ctx->info_callback != NULL) 1073 else if (s->ctx->info_callback != NULL)
1109 cb=s->ctx->info_callback; 1074 cb = s->ctx->info_callback;
1110 1075
1111 if (cb != NULL) 1076 if (cb != NULL) {
1112 {
1113 j = (alert_level << 8) | alert_descr; 1077 j = (alert_level << 8) | alert_descr;
1114 cb(s, SSL_CB_READ_ALERT, j); 1078 cb(s, SSL_CB_READ_ALERT, j);
1115 } 1079 }
1116 1080
1117 if (alert_level == 1) /* warning */ 1081 if (alert_level == 1) /* warning */
1118 { 1082 {
1119 s->s3->warn_alert = alert_descr; 1083 s->s3->warn_alert = alert_descr;
1120 if (alert_descr == SSL_AD_CLOSE_NOTIFY) 1084 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
1121 {
1122#ifndef OPENSSL_NO_SCTP 1085#ifndef OPENSSL_NO_SCTP
1123 /* With SCTP and streams the socket may deliver app data 1086 /* With SCTP and streams the socket may deliver app data
1124 * after a close_notify alert. We have to check this 1087 * after a close_notify alert. We have to check this
1125 * first so that nothing gets discarded. 1088 * first so that nothing gets discarded.
1126 */ 1089 */
1127 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 1090 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
1128 BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 1091 BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
1129 {
1130 s->d1->shutdown_received = 1; 1092 s->d1->shutdown_received = 1;
1131 s->rwstate=SSL_READING; 1093 s->rwstate = SSL_READING;
1132 BIO_clear_retry_flags(SSL_get_rbio(s)); 1094 BIO_clear_retry_flags(SSL_get_rbio(s));
1133 BIO_set_retry_read(SSL_get_rbio(s)); 1095 BIO_set_retry_read(SSL_get_rbio(s));
1134 return -1; 1096 return -1;
1135 } 1097 }
1136#endif 1098#endif
1137 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1099 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1138 return(0); 1100 return (0);
1139 } 1101 }
1140#if 0 1102#if 0
1141 /* XXX: this is a possible improvement in the future */ 1103 /* XXX: this is a possible improvement in the future */
1142 /* now check if it's a missing record */ 1104 /* now check if it's a missing record */
1143 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) 1105 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
1144 {
1145 unsigned short seq; 1106 unsigned short seq;
1146 unsigned int frag_off; 1107 unsigned int frag_off;
1147 unsigned char *p = &(s->d1->alert_fragment[2]); 1108 unsigned char *p = &(s->d1->alert_fragment[2]);
@@ -1150,51 +1111,46 @@ start:
1150 n2l3(p, frag_off); 1111 n2l3(p, frag_off);
1151 1112
1152 dtls1_retransmit_message(s, 1113 dtls1_retransmit_message(s,
1153 dtls1_get_queue_priority(frag->msg_header.seq, 0), 1114 dtls1_get_queue_priority(frag->msg_header.seq, 0),
1154 frag_off, &found); 1115 frag_off, &found);
1155 if ( ! found && SSL_in_init(s)) 1116 if (!found && SSL_in_init(s)) {
1156 {
1157 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */ 1117 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
1158 /* requested a message not yet sent, 1118 /* requested a message not yet sent,
1159 send an alert ourselves */ 1119 send an alert ourselves */
1160 ssl3_send_alert(s,SSL3_AL_WARNING, 1120 ssl3_send_alert(s, SSL3_AL_WARNING,
1161 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1121 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1162 }
1163 } 1122 }
1164#endif
1165 } 1123 }
1166 else if (alert_level == 2) /* fatal */ 1124#endif
1167 { 1125 } else if (alert_level == 2) /* fatal */
1126 {
1168 char tmp[16]; 1127 char tmp[16];
1169 1128
1170 s->rwstate=SSL_NOTHING; 1129 s->rwstate = SSL_NOTHING;
1171 s->s3->fatal_alert = alert_descr; 1130 s->s3->fatal_alert = alert_descr;
1172 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); 1131 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1173 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); 1132 BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
1174 ERR_add_error_data(2,"SSL alert number ",tmp); 1133 ERR_add_error_data(2, "SSL alert number ", tmp);
1175 s->shutdown|=SSL_RECEIVED_SHUTDOWN; 1134 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1176 SSL_CTX_remove_session(s->ctx,s->session); 1135 SSL_CTX_remove_session(s->ctx, s->session);
1177 return(0); 1136 return (0);
1178 } 1137 } else {
1179 else 1138 al = SSL_AD_ILLEGAL_PARAMETER;
1180 { 1139 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
1181 al=SSL_AD_ILLEGAL_PARAMETER;
1182 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1183 goto f_err; 1140 goto f_err;
1184 } 1141 }
1185 1142
1186 goto start; 1143 goto start;
1187 } 1144 }
1188 1145
1189 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ 1146 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1190 { 1147 {
1191 s->rwstate=SSL_NOTHING; 1148 s->rwstate = SSL_NOTHING;
1192 rr->length=0; 1149 rr->length = 0;
1193 return(0); 1150 return (0);
1194 } 1151 }
1195 1152
1196 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) 1153 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1197 {
1198 struct ccs_header_st ccs_hdr; 1154 struct ccs_header_st ccs_hdr;
1199 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; 1155 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
1200 1156
@@ -1206,31 +1162,29 @@ start:
1206 /* 'Change Cipher Spec' is just a single byte, so we know 1162 /* 'Change Cipher Spec' is just a single byte, so we know
1207 * exactly what the record payload has to look like */ 1163 * exactly what the record payload has to look like */
1208 /* XDTLS: check that epoch is consistent */ 1164 /* XDTLS: check that epoch is consistent */
1209 if ( (rr->length != ccs_hdr_len) || 1165 if ((rr->length != ccs_hdr_len) ||
1210 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) 1166 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
1211 { 1167 i = SSL_AD_ILLEGAL_PARAMETER;
1212 i=SSL_AD_ILLEGAL_PARAMETER; 1168 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
1213 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1214 goto err; 1169 goto err;
1215 } 1170 }
1216 1171
1217 rr->length=0; 1172 rr->length = 0;
1218 1173
1219 if (s->msg_callback) 1174 if (s->msg_callback)
1220 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, 1175 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
1221 rr->data, 1, s, s->msg_callback_arg); 1176 rr->data, 1, s, s->msg_callback_arg);
1222 1177
1223 /* We can't process a CCS now, because previous handshake 1178 /* We can't process a CCS now, because previous handshake
1224 * messages are still missing, so just drop it. 1179 * messages are still missing, so just drop it.
1225 */ 1180 */
1226 if (!s->d1->change_cipher_spec_ok) 1181 if (!s->d1->change_cipher_spec_ok) {
1227 {
1228 goto start; 1182 goto start;
1229 } 1183 }
1230 1184
1231 s->d1->change_cipher_spec_ok = 0; 1185 s->d1->change_cipher_spec_ok = 0;
1232 1186
1233 s->s3->change_cipher_spec=1; 1187 s->s3->change_cipher_spec = 1;
1234 if (!ssl3_do_change_cipher_spec(s)) 1188 if (!ssl3_do_change_cipher_spec(s))
1235 goto err; 1189 goto err;
1236 1190
@@ -1250,90 +1204,82 @@ start:
1250#endif 1204#endif
1251 1205
1252 goto start; 1206 goto start;
1253 } 1207 }
1254 1208
1255 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1209 /* Unexpected handshake message (Client Hello, or protocol violation) */
1256 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 1210 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1257 !s->in_handshake) 1211 !s->in_handshake) {
1258 {
1259 struct hm_header_st msg_hdr; 1212 struct hm_header_st msg_hdr;
1260 1213
1261 /* this may just be a stale retransmit */ 1214 /* this may just be a stale retransmit */
1262 dtls1_get_message_header(rr->data, &msg_hdr); 1215 dtls1_get_message_header(rr->data, &msg_hdr);
1263 if( rr->epoch != s->d1->r_epoch) 1216 if (rr->epoch != s->d1->r_epoch) {
1264 {
1265 rr->length = 0; 1217 rr->length = 0;
1266 goto start; 1218 goto start;
1267 } 1219 }
1268 1220
1269 /* If we are server, we may have a repeated FINISHED of the 1221 /* If we are server, we may have a repeated FINISHED of the
1270 * client here, then retransmit our CCS and FINISHED. 1222 * client here, then retransmit our CCS and FINISHED.
1271 */ 1223 */
1272 if (msg_hdr.type == SSL3_MT_FINISHED) 1224 if (msg_hdr.type == SSL3_MT_FINISHED) {
1273 {
1274 if (dtls1_check_timeout_num(s) < 0) 1225 if (dtls1_check_timeout_num(s) < 0)
1275 return -1; 1226 return -1;
1276 1227
1277 dtls1_retransmit_buffered_messages(s); 1228 dtls1_retransmit_buffered_messages(s);
1278 rr->length = 0; 1229 rr->length = 0;
1279 goto start; 1230 goto start;
1280 } 1231 }
1281 1232
1282 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1233 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1283 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1234 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1284 {
1285#if 0 /* worked only because C operator preferences are not as expected (and 1235#if 0 /* worked only because C operator preferences are not as expected (and
1286 * because this is not really needed for clients except for detecting 1236 * because this is not really needed for clients except for detecting
1287 * protocol violations): */ 1237 * protocol violations): */
1288 s->state=SSL_ST_BEFORE|(s->server) 1238 s->state = SSL_ST_BEFORE |
1289 ?SSL_ST_ACCEPT 1239 (s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1290 :SSL_ST_CONNECT;
1291#else 1240#else
1292 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1241 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1293#endif 1242#endif
1294 s->renegotiate=1; 1243 s->renegotiate = 1;
1295 s->new_session=1; 1244 s->new_session = 1;
1296 } 1245 }
1297 i=s->handshake_func(s); 1246 i = s->handshake_func(s);
1298 if (i < 0) return(i); 1247 if (i < 0)
1299 if (i == 0) 1248 return (i);
1300 { 1249 if (i == 0) {
1301 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1250 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1302 return(-1); 1251 return (-1);
1303 } 1252 }
1304 1253
1305 if (!(s->mode & SSL_MODE_AUTO_RETRY)) 1254 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1306 {
1307 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1255 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1308 { 1256 {
1309 BIO *bio; 1257 BIO *bio;
1310 /* In the case where we try to read application data, 1258 /* In the case where we try to read application data,
1311 * but we trigger an SSL handshake, we return -1 with 1259 * but we trigger an SSL handshake, we return -1 with
1312 * the retry option set. Otherwise renegotiation may 1260 * the retry option set. Otherwise renegotiation may
1313 * cause nasty problems in the blocking world */ 1261 * cause nasty problems in the blocking world */
1314 s->rwstate=SSL_READING; 1262 s->rwstate = SSL_READING;
1315 bio=SSL_get_rbio(s); 1263 bio = SSL_get_rbio(s);
1316 BIO_clear_retry_flags(bio); 1264 BIO_clear_retry_flags(bio);
1317 BIO_set_retry_read(bio); 1265 BIO_set_retry_read(bio);
1318 return(-1); 1266 return (-1);
1319 }
1320 } 1267 }
1321 goto start;
1322 } 1268 }
1269 goto start;
1270 }
1323 1271
1324 switch (rr->type) 1272 switch (rr->type) {
1325 {
1326 default: 1273 default:
1327#ifndef OPENSSL_NO_TLS 1274#ifndef OPENSSL_NO_TLS
1328 /* TLS just ignores unknown message types */ 1275 /* TLS just ignores unknown message types */
1329 if (s->version == TLS1_VERSION) 1276 if (s->version == TLS1_VERSION) {
1330 {
1331 rr->length = 0; 1277 rr->length = 0;
1332 goto start; 1278 goto start;
1333 } 1279 }
1334#endif 1280#endif
1335 al=SSL_AD_UNEXPECTED_MESSAGE; 1281 al = SSL_AD_UNEXPECTED_MESSAGE;
1336 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1282 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1337 goto f_err; 1283 goto f_err;
1338 case SSL3_RT_CHANGE_CIPHER_SPEC: 1284 case SSL3_RT_CHANGE_CIPHER_SPEC:
1339 case SSL3_RT_ALERT: 1285 case SSL3_RT_ALERT:
@@ -1341,8 +1287,8 @@ start:
1341 /* we already handled all of these, with the possible exception 1287 /* we already handled all of these, with the possible exception
1342 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that 1288 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1343 * should not happen when type != rr->type */ 1289 * should not happen when type != rr->type */
1344 al=SSL_AD_UNEXPECTED_MESSAGE; 1290 al = SSL_AD_UNEXPECTED_MESSAGE;
1345 SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR); 1291 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
1346 goto f_err; 1292 goto f_err;
1347 case SSL3_RT_APPLICATION_DATA: 1293 case SSL3_RT_APPLICATION_DATA:
1348 /* At this point, we were expecting handshake data, 1294 /* At this point, we were expecting handshake data,
@@ -1353,123 +1299,116 @@ start:
1353 * we will indulge it. 1299 * we will indulge it.
1354 */ 1300 */
1355 if (s->s3->in_read_app_data && 1301 if (s->s3->in_read_app_data &&
1356 (s->s3->total_renegotiations != 0) && 1302 (s->s3->total_renegotiations != 0) &&
1357 (( 1303 (((s->state & SSL_ST_CONNECT) &&
1358 (s->state & SSL_ST_CONNECT) && 1304 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1359 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && 1305 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
1360 (s->state <= SSL3_ST_CR_SRVR_HELLO_A) 1306 (s->state & SSL_ST_ACCEPT) &&
1361 ) || ( 1307 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1362 (s->state & SSL_ST_ACCEPT) && 1308 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1363 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1309 s->s3->in_read_app_data = 2;
1364 (s->state >= SSL3_ST_SR_CLNT_HELLO_A) 1310 return (-1);
1365 ) 1311 } else {
1366 )) 1312 al = SSL_AD_UNEXPECTED_MESSAGE;
1367 { 1313 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1368 s->s3->in_read_app_data=2;
1369 return(-1);
1370 }
1371 else
1372 {
1373 al=SSL_AD_UNEXPECTED_MESSAGE;
1374 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1375 goto f_err; 1314 goto f_err;
1376 }
1377 } 1315 }
1316 }
1378 /* not reached */ 1317 /* not reached */
1379 1318
1380f_err: 1319f_err:
1381 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1320 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1382err: 1321err:
1383 return(-1); 1322 return (-1);
1384 } 1323}
1385 1324
1386int 1325int
1387dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) 1326dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1388 { 1327{
1389 int i; 1328 int i;
1390 1329
1391#ifndef OPENSSL_NO_SCTP 1330#ifndef OPENSSL_NO_SCTP
1392 /* Check if we have to continue an interrupted handshake 1331 /* Check if we have to continue an interrupted handshake
1393 * for reading belated app data with SCTP. 1332 * for reading belated app data with SCTP.
1394 */ 1333 */
1395 if ((SSL_in_init(s) && !s->in_handshake) || 1334 if ((SSL_in_init(s) && !s->in_handshake) ||
1396 (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 1335 (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1397 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK))) 1336 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
1337 s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
1398#else 1338#else
1399 if (SSL_in_init(s) && !s->in_handshake) 1339 if (SSL_in_init(s) && !s->in_handshake)
1400#endif 1340#endif
1401 { 1341 {
1402 i=s->handshake_func(s); 1342 i = s->handshake_func(s);
1403 if (i < 0) return(i); 1343 if (i < 0)
1404 if (i == 0) 1344 return (i);
1405 { 1345 if (i == 0) {
1406 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1346 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1407 return -1; 1347 return -1;
1408 }
1409 } 1348 }
1349 }
1410 1350
1411 if (len > SSL3_RT_MAX_PLAIN_LENGTH) 1351 if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
1412 { 1352 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
1413 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG); 1353 return -1;
1414 return -1; 1354 }
1415 }
1416 1355
1417 i = dtls1_write_bytes(s, type, buf_, len); 1356 i = dtls1_write_bytes(s, type, buf_, len);
1418 return i; 1357 return i;
1419 } 1358}
1420 1359
1421 1360
1422 /* this only happens when a client hello is received and a handshake 1361 /* this only happens when a client hello is received and a handshake
1423 * is started. */ 1362 * is started. */
1424static int 1363static int
1425have_handshake_fragment(SSL *s, int type, unsigned char *buf, 1364have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1426 int len, int peek) 1365 int len, int peek)
1427 { 1366{
1428 1367
1429 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0)) 1368 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
1430 /* (partially) satisfy request from storage */ 1369 /* (partially) satisfy request from storage */
1431 { 1370 {
1432 unsigned char *src = s->d1->handshake_fragment; 1371 unsigned char *src = s->d1->handshake_fragment;
1433 unsigned char *dst = buf; 1372 unsigned char *dst = buf;
1434 unsigned int k,n; 1373 unsigned int k, n;
1435 1374
1436 /* peek == 0 */ 1375 /* peek == 0 */
1437 n = 0; 1376 n = 0;
1438 while ((len > 0) && (s->d1->handshake_fragment_len > 0)) 1377 while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
1439 {
1440 *dst++ = *src++; 1378 *dst++ = *src++;
1441 len--; s->d1->handshake_fragment_len--; 1379 len--;
1380 s->d1->handshake_fragment_len--;
1442 n++; 1381 n++;
1443 } 1382 }
1444 /* move any remaining fragment bytes: */ 1383 /* move any remaining fragment bytes: */
1445 for (k = 0; k < s->d1->handshake_fragment_len; k++) 1384 for (k = 0; k < s->d1->handshake_fragment_len; k++)
1446 s->d1->handshake_fragment[k] = *src++; 1385 s->d1->handshake_fragment[k] = *src++;
1447 return n; 1386 return n;
1448 }
1449
1450 return 0;
1451 } 1387 }
1452 1388
1453 1389 return 0;
1390}
1454 1391
1455 1392
1456/* Call this to write data in records of type 'type' 1393/* Call this to write data in records of type 'type'
1457 * It will return <= 0 if not all data has been sent or non-blocking IO. 1394 * It will return <= 0 if not all data has been sent or non-blocking IO.
1458 */ 1395 */
1459int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) 1396int
1460 { 1397dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1398{
1461 int i; 1399 int i;
1462 1400
1463 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); 1401 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1464 s->rwstate=SSL_NOTHING; 1402 s->rwstate = SSL_NOTHING;
1465 i=do_dtls1_write(s, type, buf, len, 0); 1403 i = do_dtls1_write(s, type, buf, len, 0);
1466 return i; 1404 return i;
1467 } 1405}
1468 1406
1469int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) 1407int
1470 { 1408do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
1471 unsigned char *p,*pseq; 1409{
1472 int i,mac_size,clear=0; 1410 unsigned char *p, *pseq;
1411 int i, mac_size, clear = 0;
1473 int prefix_len = 0; 1412 int prefix_len = 0;
1474 SSL3_RECORD *wr; 1413 SSL3_RECORD *wr;
1475 SSL3_BUFFER *wb; 1414 SSL3_BUFFER *wb;
@@ -1478,54 +1417,49 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
1478 1417
1479 /* first check if there is a SSL3_BUFFER still being written 1418 /* first check if there is a SSL3_BUFFER still being written
1480 * out. This will happen with non blocking IO */ 1419 * out. This will happen with non blocking IO */
1481 if (s->s3->wbuf.left != 0) 1420 if (s->s3->wbuf.left != 0) {
1482 {
1483 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ 1421 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1484 return(ssl3_write_pending(s,type,buf,len)); 1422 return (ssl3_write_pending(s, type, buf, len));
1485 } 1423 }
1486 1424
1487 /* If we have an alert to send, lets send it */ 1425 /* If we have an alert to send, lets send it */
1488 if (s->s3->alert_dispatch) 1426 if (s->s3->alert_dispatch) {
1489 { 1427 i = s->method->ssl_dispatch_alert(s);
1490 i=s->method->ssl_dispatch_alert(s);
1491 if (i <= 0) 1428 if (i <= 0)
1492 return(i); 1429 return (i);
1493 /* if it went, fall through and send more stuff */ 1430 /* if it went, fall through and send more stuff */
1494 } 1431 }
1495 1432
1496 if (len == 0 && !create_empty_fragment) 1433 if (len == 0 && !create_empty_fragment)
1497 return 0; 1434 return 0;
1498 1435
1499 wr= &(s->s3->wrec); 1436 wr = &(s->s3->wrec);
1500 wb= &(s->s3->wbuf); 1437 wb = &(s->s3->wbuf);
1501 sess=s->session; 1438 sess = s->session;
1502 1439
1503 if ( (sess == NULL) || 1440 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
1504 (s->enc_write_ctx == NULL) || 1441 (EVP_MD_CTX_md(s->write_hash) == NULL))
1505 (EVP_MD_CTX_md(s->write_hash) == NULL)) 1442 clear = 1;
1506 clear=1;
1507 1443
1508 if (clear) 1444 if (clear)
1509 mac_size=0; 1445 mac_size = 0;
1510 else 1446 else {
1511 { 1447 mac_size = EVP_MD_CTX_size(s->write_hash);
1512 mac_size=EVP_MD_CTX_size(s->write_hash);
1513 if (mac_size < 0) 1448 if (mac_size < 0)
1514 goto err; 1449 goto err;
1515 } 1450 }
1516 1451
1517 /* DTLS implements explicit IV, so no need for empty fragments */ 1452 /* DTLS implements explicit IV, so no need for empty fragments */
1518#if 0 1453#if 0
1519 /* 'create_empty_fragment' is true only when this function calls itself */ 1454 /* 'create_empty_fragment' is true only when this function calls itself */
1520 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done 1455 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done &&
1521 && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) 1456 SSL_version(s) != DTLS1_VERSION &&
1522 { 1457 SSL_version(s) != DTLS1_BAD_VER) {
1523 /* countermeasure against known-IV weakness in CBC ciphersuites 1458 /* countermeasure against known-IV weakness in CBC ciphersuites
1524 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 1459 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1525 */ 1460 */
1526 1461
1527 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) 1462 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
1528 {
1529 /* recursive function call with 'create_empty_fragment' set; 1463 /* recursive function call with 'create_empty_fragment' set;
1530 * this prepares and buffers the data for an empty fragment 1464 * this prepares and buffers the data for an empty fragment
1531 * (these 'prefix_len' bytes are sent out later 1465 * (these 'prefix_len' bytes are sent out later
@@ -1534,211 +1468,206 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
1534 if (prefix_len <= 0) 1468 if (prefix_len <= 0)
1535 goto err; 1469 goto err;
1536 1470
1537 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) 1471 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
1538 {
1539 /* insufficient space */ 1472 /* insufficient space */
1540 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR); 1473 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
1541 goto err; 1474 goto err;
1542 }
1543 } 1475 }
1544
1545 s->s3->empty_fragment_done = 1;
1546 } 1476 }
1477
1478 s->s3->empty_fragment_done = 1;
1479 }
1547#endif 1480#endif
1548 p = wb->buf + prefix_len; 1481 p = wb->buf + prefix_len;
1549 1482
1550 /* write the header */ 1483 /* write the header */
1551 1484
1552 *(p++)=type&0xff; 1485 *(p++) = type&0xff;
1553 wr->type=type; 1486 wr->type = type;
1554 1487
1555 *(p++)=(s->version>>8); 1488 *(p++) = (s->version >> 8);
1556 *(p++)=s->version&0xff; 1489 *(p++) = s->version&0xff;
1557 1490
1558 /* field where we are to write out packet epoch, seq num and len */ 1491 /* field where we are to write out packet epoch, seq num and len */
1559 pseq=p; 1492 pseq = p;
1560 p+=10; 1493
1494 p += 10;
1561 1495
1562 /* lets setup the record stuff. */ 1496 /* lets setup the record stuff. */
1563 1497
1564 /* Make space for the explicit IV in case of CBC. 1498 /* Make space for the explicit IV in case of CBC.
1565 * (this is a bit of a boundary violation, but what the heck). 1499 * (this is a bit of a boundary violation, but what the heck).
1566 */ 1500 */
1567 if ( s->enc_write_ctx && 1501 if (s->enc_write_ctx &&
1568 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE)) 1502 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
1569 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher); 1503 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
1570 else 1504 else
1571 bs = 0; 1505 bs = 0;
1572 1506
1573 wr->data=p + bs; /* make room for IV in case of CBC */ 1507 wr->data = p + bs;
1574 wr->length=(int)len; 1508 /* make room for IV in case of CBC */
1575 wr->input=(unsigned char *)buf; 1509 wr->length = (int)len;
1510 wr->input = (unsigned char *)buf;
1576 1511
1577 /* we now 'read' from wr->input, wr->length bytes into 1512 /* we now 'read' from wr->input, wr->length bytes into
1578 * wr->data */ 1513 * wr->data */
1579 1514
1580 /* first we compress */ 1515 /* first we compress */
1581 if (s->compress != NULL) 1516 if (s->compress != NULL) {
1582 { 1517 if (!ssl3_do_compress(s)) {
1583 if (!ssl3_do_compress(s)) 1518 SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
1584 {
1585 SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
1586 goto err; 1519 goto err;
1587 }
1588 }
1589 else
1590 {
1591 memcpy(wr->data,wr->input,wr->length);
1592 wr->input=wr->data;
1593 } 1520 }
1521 } else {
1522 memcpy(wr->data, wr->input, wr->length);
1523 wr->input = wr->data;
1524 }
1594 1525
1595 /* we should still have the output to wr->data and the input 1526 /* we should still have the output to wr->data and the input
1596 * from wr->input. Length should be wr->length. 1527 * from wr->input. Length should be wr->length.
1597 * wr->data still points in the wb->buf */ 1528 * wr->data still points in the wb->buf */
1598 1529
1599 if (mac_size != 0) 1530 if (mac_size != 0) {
1600 { 1531 if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0)
1601 if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0)
1602 goto err; 1532 goto err;
1603 wr->length+=mac_size; 1533 wr->length += mac_size;
1604 } 1534 }
1605 1535
1606 /* this is true regardless of mac size */ 1536 /* this is true regardless of mac size */
1607 wr->input=p; 1537 wr->input = p;
1608 wr->data=p; 1538 wr->data = p;
1609 1539
1610 1540
1611 /* ssl3_enc can only have an error on read */ 1541 /* ssl3_enc can only have an error on read */
1612 if (bs) /* bs != 0 in case of CBC */ 1542 if (bs) /* bs != 0 in case of CBC */
1613 { 1543 {
1614 RAND_pseudo_bytes(p,bs); 1544 RAND_pseudo_bytes(p, bs);
1615 /* master IV and last CBC residue stand for 1545 /* master IV and last CBC residue stand for
1616 * the rest of randomness */ 1546 * the rest of randomness */
1617 wr->length += bs; 1547 wr->length += bs;
1618 } 1548 }
1619 1549
1620 s->method->ssl3_enc->enc(s,1); 1550 s->method->ssl3_enc->enc(s, 1);
1621 1551
1622 /* record length after mac and block padding */ 1552 /* record length after mac and block padding */
1623/* if (type == SSL3_RT_APPLICATION_DATA || 1553/* if (type == SSL3_RT_APPLICATION_DATA ||
1624 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */ 1554 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
1625 1555
1626 /* there's only one epoch between handshake and app data */ 1556 /* there's only one epoch between handshake and app data */
1627 1557
1628 s2n(s->d1->w_epoch, pseq); 1558 s2n(s->d1->w_epoch, pseq);
1629 1559
1630 /* XDTLS: ?? */ 1560 /* XDTLS: ?? */
1631/* else 1561/* else
1632 s2n(s->d1->handshake_epoch, pseq); */ 1562 s2n(s->d1->handshake_epoch, pseq);
1563*/
1633 1564
1634 memcpy(pseq, &(s->s3->write_sequence[2]), 6); 1565 memcpy(pseq, &(s->s3->write_sequence[2]), 6);
1635 pseq+=6; 1566 pseq += 6;
1636 s2n(wr->length,pseq); 1567 s2n(wr->length, pseq);
1637 1568
1638 /* we should now have 1569 /* we should now have
1639 * wr->data pointing to the encrypted data, which is 1570 * wr->data pointing to the encrypted data, which is
1640 * wr->length long */ 1571 * wr->length long */
1641 wr->type=type; /* not needed but helps for debugging */ 1572 wr->type=type; /* not needed but helps for debugging */
1642 wr->length+=DTLS1_RT_HEADER_LENGTH; 1573 wr->length += DTLS1_RT_HEADER_LENGTH;
1643 1574
1644#if 0 /* this is now done at the message layer */ 1575#if 0 /* this is now done at the message layer */
1645 /* buffer the record, making it easy to handle retransmits */ 1576 /* buffer the record, making it easy to handle retransmits */
1646 if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC) 1577 if (type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
1647 dtls1_buffer_record(s, wr->data, wr->length, 1578 dtls1_buffer_record(s, wr->data, wr->length,
1648 *((PQ_64BIT *)&(s->s3->write_sequence[0]))); 1579 *((PQ_64BIT *)&(s->s3->write_sequence[0])));
1649#endif 1580#endif
1650 1581
1651 ssl3_record_sequence_update(&(s->s3->write_sequence[0])); 1582 ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
1652 1583
1653 if (create_empty_fragment) 1584 if (create_empty_fragment) {
1654 {
1655 /* we are in a recursive call; 1585 /* we are in a recursive call;
1656 * just return the length, don't write out anything here 1586 * just return the length, don't write out anything here
1657 */ 1587 */
1658 return wr->length; 1588 return wr->length;
1659 } 1589 }
1660 1590
1661 /* now let's set up wb */ 1591 /* now let's set up wb */
1662 wb->left = prefix_len + wr->length; 1592 wb->left = prefix_len + wr->length;
1663 wb->offset = 0; 1593 wb->offset = 0;
1664 1594
1665 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ 1595 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1666 s->s3->wpend_tot=len; 1596 s->s3->wpend_tot = len;
1667 s->s3->wpend_buf=buf; 1597 s->s3->wpend_buf = buf;
1668 s->s3->wpend_type=type; 1598 s->s3->wpend_type = type;
1669 s->s3->wpend_ret=len; 1599 s->s3->wpend_ret = len;
1670 1600
1671 /* we now just need to write the buffer */ 1601 /* we now just need to write the buffer */
1672 return ssl3_write_pending(s,type,buf,len); 1602 return ssl3_write_pending(s, type, buf, len);
1673err: 1603err:
1674 return -1; 1604 return -1;
1675 } 1605}
1676 1606
1677 1607
1678 1608
1679static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) 1609static int
1680 { 1610dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1611{
1681 int cmp; 1612 int cmp;
1682 unsigned int shift; 1613 unsigned int shift;
1683 const unsigned char *seq = s->s3->read_sequence; 1614 const unsigned char *seq = s->s3->read_sequence;
1684 1615
1685 cmp = satsub64be(seq,bitmap->max_seq_num); 1616 cmp = satsub64be(seq, bitmap->max_seq_num);
1686 if (cmp > 0) 1617 if (cmp > 0) {
1687 { 1618 memcpy (s->s3->rrec.seq_num, seq, 8);
1688 memcpy (s->s3->rrec.seq_num,seq,8);
1689 return 1; /* this record in new */ 1619 return 1; /* this record in new */
1690 } 1620 }
1691 shift = -cmp; 1621 shift = -cmp;
1692 if (shift >= sizeof(bitmap->map)*8) 1622 if (shift >= sizeof(bitmap->map)*8)
1693 return 0; /* stale, outside the window */ 1623 return 0; /* stale, outside the window */
1694 else if (bitmap->map & (1UL<<shift)) 1624 else if (bitmap->map & (1UL << shift))
1695 return 0; /* record previously received */ 1625 return 0; /* record previously received */
1696 1626
1697 memcpy (s->s3->rrec.seq_num,seq,8); 1627 memcpy(s->s3->rrec.seq_num, seq, 8);
1698 return 1; 1628 return 1;
1699 } 1629}
1700 1630
1701 1631
1702static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) 1632static void
1703 { 1633dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1634{
1704 int cmp; 1635 int cmp;
1705 unsigned int shift; 1636 unsigned int shift;
1706 const unsigned char *seq = s->s3->read_sequence; 1637 const unsigned char *seq = s->s3->read_sequence;
1707 1638
1708 cmp = satsub64be(seq,bitmap->max_seq_num); 1639 cmp = satsub64be(seq, bitmap->max_seq_num);
1709 if (cmp > 0) 1640 if (cmp > 0) {
1710 {
1711 shift = cmp; 1641 shift = cmp;
1712 if (shift < sizeof(bitmap->map)*8) 1642 if (shift < sizeof(bitmap->map)*8)
1713 bitmap->map <<= shift, bitmap->map |= 1UL; 1643 bitmap->map <<= shift, bitmap->map |= 1UL;
1714 else 1644 else
1715 bitmap->map = 1UL; 1645 bitmap->map = 1UL;
1716 memcpy(bitmap->max_seq_num,seq,8); 1646 memcpy(bitmap->max_seq_num, seq, 8);
1717 } 1647 } else {
1718 else {
1719 shift = -cmp; 1648 shift = -cmp;
1720 if (shift < sizeof(bitmap->map)*8) 1649 if (shift < sizeof(bitmap->map) * 8)
1721 bitmap->map |= 1UL<<shift; 1650 bitmap->map |= 1UL << shift;
1722 }
1723 } 1651 }
1652}
1724 1653
1725 1654
1726int dtls1_dispatch_alert(SSL *s) 1655int
1727 { 1656dtls1_dispatch_alert(SSL *s)
1728 int i,j; 1657{
1729 void (*cb)(const SSL *ssl,int type,int val)=NULL; 1658 int i, j;
1659 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1730 unsigned char buf[DTLS1_AL_HEADER_LENGTH]; 1660 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1731 unsigned char *ptr = &buf[0]; 1661 unsigned char *ptr = &buf[0];
1732 1662
1733 s->s3->alert_dispatch=0; 1663 s->s3->alert_dispatch = 0;
1734 1664
1735 memset(buf, 0x00, sizeof(buf)); 1665 memset(buf, 0x00, sizeof(buf));
1736 *ptr++ = s->s3->send_alert[0]; 1666 *ptr++ = s->s3->send_alert[0];
1737 *ptr++ = s->s3->send_alert[1]; 1667 *ptr++ = s->s3->send_alert[1];
1738 1668
1739#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1669#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1740 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) 1670 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
1741 {
1742 s2n(s->d1->handshake_read_seq, ptr); 1671 s2n(s->d1->handshake_read_seq, ptr);
1743#if 0 1672#if 0
1744 if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */ 1673 if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */
@@ -1748,152 +1677,136 @@ int dtls1_dispatch_alert(SSL *s)
1748#endif 1677#endif
1749 1678
1750#if 0 1679#if 0
1751 fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq); 1680 fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n", s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq);
1752#endif 1681#endif
1753 l2n3(s->d1->r_msg_hdr.frag_off, ptr); 1682 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
1754 } 1683 }
1755#endif 1684#endif
1756 1685
1757 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); 1686 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
1758 if (i <= 0) 1687 if (i <= 0) {
1759 { 1688 s->s3->alert_dispatch = 1;
1760 s->s3->alert_dispatch=1;
1761 /* fprintf( stderr, "not done with alert\n" ); */ 1689 /* fprintf( stderr, "not done with alert\n" ); */
1762 } 1690 } else {
1763 else
1764 {
1765 if (s->s3->send_alert[0] == SSL3_AL_FATAL 1691 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1766#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1692#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1767 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1693 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1768#endif 1694#endif
1769 ) 1695 )
1770 (void)BIO_flush(s->wbio); 1696 (void)BIO_flush(s->wbio);
1771 1697
1772 if (s->msg_callback) 1698 if (s->msg_callback)
1773 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 1699 s->msg_callback(1, s->version, SSL3_RT_ALERT,
1774 2, s, s->msg_callback_arg); 1700 s->s3->send_alert, 2, s, s->msg_callback_arg);
1775 1701
1776 if (s->info_callback != NULL) 1702 if (s->info_callback != NULL)
1777 cb=s->info_callback; 1703 cb = s->info_callback;
1778 else if (s->ctx->info_callback != NULL) 1704 else if (s->ctx->info_callback != NULL)
1779 cb=s->ctx->info_callback; 1705 cb = s->ctx->info_callback;
1780 1706
1781 if (cb != NULL) 1707 if (cb != NULL) {
1782 { 1708 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1783 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1709 cb(s, SSL_CB_WRITE_ALERT, j);
1784 cb(s,SSL_CB_WRITE_ALERT,j);
1785 }
1786 } 1710 }
1787 return(i);
1788 } 1711 }
1712 return (i);
1713}
1789 1714
1790 1715
1791static DTLS1_BITMAP * 1716static DTLS1_BITMAP *
1792dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) 1717dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
1793 { 1718{
1794 1719
1795 *is_next_epoch = 0; 1720 *is_next_epoch = 0;
1796 1721
1797 /* In current epoch, accept HM, CCS, DATA, & ALERT */ 1722 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1798 if (rr->epoch == s->d1->r_epoch) 1723 if (rr->epoch == s->d1->r_epoch)
1799 return &s->d1->bitmap; 1724 return &s->d1->bitmap;
1800 1725
1801 /* Only HM and ALERT messages can be from the next epoch */ 1726 /* Only HM and ALERT messages can be from the next epoch */
1802 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && 1727 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
1803 (rr->type == SSL3_RT_HANDSHAKE || 1728 (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
1804 rr->type == SSL3_RT_ALERT)) 1729 *is_next_epoch = 1;
1805 { 1730 return &s->d1->next_bitmap;
1806 *is_next_epoch = 1; 1731 }
1807 return &s->d1->next_bitmap; 1732
1808 } 1733 return NULL;
1809 1734}
1810 return NULL;
1811 }
1812 1735
1813#if 0 1736#if 0
1814static int 1737static int
1815dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority, 1738dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
1816 unsigned long *offset) 1739 unsigned long *offset)
1817 { 1740{
1818 1741
1819 /* alerts are passed up immediately */ 1742 /* alerts are passed up immediately */
1820 if ( rr->type == SSL3_RT_APPLICATION_DATA || 1743 if (rr->type == SSL3_RT_APPLICATION_DATA || rr->type == SSL3_RT_ALERT)
1821 rr->type == SSL3_RT_ALERT)
1822 return 0; 1744 return 0;
1823 1745
1824 /* Only need to buffer if a handshake is underway. 1746 /* Only need to buffer if a handshake is underway.
1825 * (this implies that Hello Request and Client Hello are passed up 1747 * (this implies that Hello Request and Client Hello are passed up
1826 * immediately) */ 1748 * immediately) */
1827 if ( SSL_in_init(s)) 1749 if (SSL_in_init(s)) {
1828 {
1829 unsigned char *data = rr->data; 1750 unsigned char *data = rr->data;
1830 /* need to extract the HM/CCS sequence number here */ 1751 /* need to extract the HM/CCS sequence number here */
1831 if ( rr->type == SSL3_RT_HANDSHAKE || 1752 if (rr->type == SSL3_RT_HANDSHAKE ||
1832 rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) 1753 rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1833 {
1834 unsigned short seq_num; 1754 unsigned short seq_num;
1835 struct hm_header_st msg_hdr; 1755 struct hm_header_st msg_hdr;
1836 struct ccs_header_st ccs_hdr; 1756 struct ccs_header_st ccs_hdr;
1837 1757
1838 if ( rr->type == SSL3_RT_HANDSHAKE) 1758 if (rr->type == SSL3_RT_HANDSHAKE) {
1839 {
1840 dtls1_get_message_header(data, &msg_hdr); 1759 dtls1_get_message_header(data, &msg_hdr);
1841 seq_num = msg_hdr.seq; 1760 seq_num = msg_hdr.seq;
1842 *offset = msg_hdr.frag_off; 1761 *offset = msg_hdr.frag_off;
1843 } 1762 } else {
1844 else
1845 {
1846 dtls1_get_ccs_header(data, &ccs_hdr); 1763 dtls1_get_ccs_header(data, &ccs_hdr);
1847 seq_num = ccs_hdr.seq; 1764 seq_num = ccs_hdr.seq;
1848 *offset = 0; 1765 *offset = 0;
1849 } 1766 }
1850 1767
1851 /* this is either a record we're waiting for, or a 1768 /* this is either a record we're waiting for, or a
1852 * retransmit of something we happened to previously 1769 * retransmit of something we happened to previously
1853 * receive (higher layers will drop the repeat silently */ 1770 * receive (higher layers will drop the repeat silently */
1854 if ( seq_num < s->d1->handshake_read_seq) 1771 if (seq_num < s->d1->handshake_read_seq)
1855 return 0; 1772 return 0;
1856 if (rr->type == SSL3_RT_HANDSHAKE && 1773 if (rr->type == SSL3_RT_HANDSHAKE &&
1857 seq_num == s->d1->handshake_read_seq && 1774 seq_num == s->d1->handshake_read_seq &&
1858 msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off) 1775 msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
1859 return 0; 1776 return 0;
1860 else if ( seq_num == s->d1->handshake_read_seq && 1777 else if (seq_num == s->d1->handshake_read_seq &&
1861 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC || 1778 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
1862 msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off)) 1779 msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
1863 return 0; 1780 return 0;
1864 else 1781 else {
1865 {
1866 *priority = seq_num; 1782 *priority = seq_num;
1867 return 1; 1783 return 1;
1868 }
1869 } 1784 }
1785 }
1870 else /* unknown record type */ 1786 else /* unknown record type */
1871 return 0; 1787 return 0;
1872 } 1788 }
1873 1789
1874 return 0; 1790 return 0;
1875 } 1791}
1876#endif 1792#endif
1877 1793
1878void 1794void
1879dtls1_reset_seq_numbers(SSL *s, int rw) 1795dtls1_reset_seq_numbers(SSL *s, int rw)
1880 { 1796{
1881 unsigned char *seq; 1797 unsigned char *seq;
1882 unsigned int seq_bytes = sizeof(s->s3->read_sequence); 1798 unsigned int seq_bytes = sizeof(s->s3->read_sequence);
1883 1799
1884 if ( rw & SSL3_CC_READ) 1800 if (rw & SSL3_CC_READ) {
1885 {
1886 seq = s->s3->read_sequence; 1801 seq = s->s3->read_sequence;
1887 s->d1->r_epoch++; 1802 s->d1->r_epoch++;
1888 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); 1803 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1889 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); 1804 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1890 } 1805 } else {
1891 else
1892 {
1893 seq = s->s3->write_sequence; 1806 seq = s->s3->write_sequence;
1894 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); 1807 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
1895 s->d1->w_epoch++; 1808 s->d1->w_epoch++;
1896 } 1809 }
1897 1810
1898 memset(seq, 0x00, seq_bytes); 1811 memset(seq, 0x00, seq_bytes);
1899 } 1812}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 08:28:19 +0000