summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-04-14 14:16:33 +0000
committerjsing <>2014-04-14 14:16:33 +0000
commit95692a60ee0169e369d59f82504e36ff376e13ba (patch)
treed3a4c41549109f6de6427907f10589c02eec0d25 /src
parent72c1bd17672378115dcd5254ed88828e45357e7f (diff)
downloadopenbsd-95692a60ee0169e369d59f82504e36ff376e13ba.tar.gz
openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.tar.bz2
openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_both.c1066
-rw-r--r--src/lib/libssl/d1_enc.c143
-rw-r--r--src/lib/libssl/d1_lib.c364
-rw-r--r--src/lib/libssl/d1_meth.c16
-rw-r--r--src/lib/libssl/d1_pkt.c1461
-rw-r--r--src/lib/libssl/d1_srtp.c497
-rw-r--r--src/lib/libssl/src/ssl/d1_both.c1066
-rw-r--r--src/lib/libssl/src/ssl/d1_enc.c143
-rw-r--r--src/lib/libssl/src/ssl/d1_lib.c364
-rw-r--r--src/lib/libssl/src/ssl/d1_meth.c16
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c1461
-rw-r--r--src/lib/libssl/src/ssl/d1_srtp.c497
12 files changed, 3354 insertions, 3740 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index a265fed22f..c051e84874 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -152,102 +152,102 @@
152 printf("\n"); } 152 printf("\n"); }
153#endif 153#endif
154 154
155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; 155static unsigned char bitmask_start_values[] = {
156static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; 156 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80
157};
158static unsigned char bitmask_end_values[] = {
159 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f
160};
157 161
158/* XDTLS: figure out the right values */ 162/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; 163static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
160 164
161static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); 165static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
162static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 166static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
163 unsigned long frag_len); 167 unsigned long frag_len);
164static unsigned char *dtls1_write_message_header(SSL *s, 168static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
165 unsigned char *p);
166static void dtls1_set_message_header_int(SSL *s, unsigned char mt, 169static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
167 unsigned long len, unsigned short seq_num, unsigned long frag_off, 170 unsigned long len, unsigned short seq_num, unsigned long frag_off,
168 unsigned long frag_len); 171 unsigned long frag_len);
169static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 172static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
170 long max, int *ok); 173 int *ok);
171 174
172static hm_fragment * 175static hm_fragment *
173dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) 176dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
174 { 177{
175 hm_fragment *frag = NULL; 178 hm_fragment *frag = NULL;
176 unsigned char *buf = NULL; 179 unsigned char *buf = NULL;
177 unsigned char *bitmask = NULL; 180 unsigned char *bitmask = NULL;
178 181
179 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); 182 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
180 if ( frag == NULL) 183 if (frag == NULL)
181 return NULL; 184 return NULL;
182 185
183 if (frag_len) 186 if (frag_len) {
184 {
185 buf = (unsigned char *)OPENSSL_malloc(frag_len); 187 buf = (unsigned char *)OPENSSL_malloc(frag_len);
186 if ( buf == NULL) 188 if (buf == NULL) {
187 {
188 OPENSSL_free(frag); 189 OPENSSL_free(frag);
189 return NULL; 190 return NULL;
190 }
191 } 191 }
192 }
192 193
193 /* zero length fragment gets zero frag->fragment */ 194 /* zero length fragment gets zero frag->fragment */
194 frag->fragment = buf; 195 frag->fragment = buf;
195 196
196 /* Initialize reassembly bitmask if necessary */ 197 /* Initialize reassembly bitmask if necessary */
197 if (reassembly) 198 if (reassembly) {
198 {
199 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); 199 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
200 if (bitmask == NULL) 200 if (bitmask == NULL) {
201 { 201 if (buf != NULL)
202 if (buf != NULL) OPENSSL_free(buf); 202 OPENSSL_free(buf);
203 OPENSSL_free(frag); 203 OPENSSL_free(frag);
204 return NULL; 204 return NULL;
205 }
206 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
207 } 205 }
206 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
207 }
208 208
209 frag->reassembly = bitmask; 209 frag->reassembly = bitmask;
210 210
211 return frag; 211 return frag;
212 } 212}
213 213
214static void 214static void
215dtls1_hm_fragment_free(hm_fragment *frag) 215dtls1_hm_fragment_free(hm_fragment *frag)
216 { 216{
217 217
218 if (frag->msg_header.is_ccs) 218 if (frag->msg_header.is_ccs) {
219 {
220 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); 219 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
221 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); 220 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
222 }
223 if (frag->fragment) OPENSSL_free(frag->fragment);
224 if (frag->reassembly) OPENSSL_free(frag->reassembly);
225 OPENSSL_free(frag);
226 } 221 }
222 if (frag->fragment)
223 OPENSSL_free(frag->fragment);
224 if (frag->reassembly)
225 OPENSSL_free(frag->reassembly);
226 OPENSSL_free(frag);
227}
227 228
228/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ 229/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
229int dtls1_do_write(SSL *s, int type) 230int
230 { 231dtls1_do_write(SSL *s, int type)
232{
231 int ret; 233 int ret;
232 int curr_mtu; 234 int curr_mtu;
233 unsigned int len, frag_off, mac_size, blocksize; 235 unsigned int len, frag_off, mac_size, blocksize;
234 236
235 /* AHA! Figure out the MTU, and stick to the right size */ 237 /* AHA! Figure out the MTU, and stick to the right size */
236 if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) 238 if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
237 { 239 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
238 s->d1->mtu = 240 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
239 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
240 241
241 /* I've seen the kernel return bogus numbers when it doesn't know 242 /* I've seen the kernel return bogus numbers when it doesn't know
242 * (initial write), so just make sure we have a reasonable number */ 243 * (initial write), so just make sure we have a reasonable number */
243 if (s->d1->mtu < dtls1_min_mtu()) 244 if (s->d1->mtu < dtls1_min_mtu()) {
244 {
245 s->d1->mtu = 0; 245 s->d1->mtu = 0;
246 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); 246 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
247 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, 247 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
248 s->d1->mtu, NULL); 248 s->d1->mtu, NULL);
249 }
250 } 249 }
250 }
251#if 0 251#if 0
252 mtu = s->d1->mtu; 252 mtu = s->d1->mtu;
253 253
@@ -257,154 +257,144 @@ int dtls1_do_write(SSL *s, int type)
257 257
258 curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s)); 258 curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
259 259
260 if ( curr_mtu > 0) 260 if (curr_mtu > 0)
261 mtu = curr_mtu; 261 mtu = curr_mtu;
262 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0) 262 else if (( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
263 return ret; 263 return ret;
264 264
265 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) 265 if (BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) {
266 {
267 ret = BIO_flush(SSL_get_wbio(s)); 266 ret = BIO_flush(SSL_get_wbio(s));
268 if ( ret <= 0) 267 if (ret <= 0)
269 return ret; 268 return ret;
270 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); 269 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
271 } 270 }
272#endif 271#endif
273 272
274 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ 273 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
274 /* should have something reasonable now */
275 275
276 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) 276 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
277 OPENSSL_assert(s->init_num == 277 OPENSSL_assert(s->init_num ==
278 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 278 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
279 279
280 if (s->write_hash) 280 if (s->write_hash)
281 mac_size = EVP_MD_CTX_size(s->write_hash); 281 mac_size = EVP_MD_CTX_size(s->write_hash);
282 else 282 else
283 mac_size = 0; 283 mac_size = 0;
284 284
285 if (s->enc_write_ctx && 285 if (s->enc_write_ctx &&
286 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) 286 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
287 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); 287 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
288 else 288 else
289 blocksize = 0; 289 blocksize = 0;
290 290
291 frag_off = 0; 291 frag_off = 0;
292 while( s->init_num) 292 while (s->init_num) {
293 { 293 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
294 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 294 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
295 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
296 295
297 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) 296 if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
298 {
299 /* grr.. we could get an error if MTU picked was wrong */ 297 /* grr.. we could get an error if MTU picked was wrong */
300 ret = BIO_flush(SSL_get_wbio(s)); 298 ret = BIO_flush(SSL_get_wbio(s));
301 if ( ret <= 0) 299 if (ret <= 0)
302 return ret; 300 return ret;
303 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - 301 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
304 mac_size - blocksize; 302 mac_size - blocksize;
305 } 303 }
306 304
307 if ( s->init_num > curr_mtu) 305 if (s->init_num > curr_mtu)
308 len = curr_mtu; 306 len = curr_mtu;
309 else 307 else
310 len = s->init_num; 308 len = s->init_num;
311 309
312 310
313 /* XDTLS: this function is too long. split out the CCS part */ 311 /* XDTLS: this function is too long. split out the CCS part */
314 if ( type == SSL3_RT_HANDSHAKE) 312 if (type == SSL3_RT_HANDSHAKE) {
315 { 313 if (s->init_off != 0) {
316 if ( s->init_off != 0)
317 {
318 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH); 314 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
319 s->init_off -= DTLS1_HM_HEADER_LENGTH; 315 s->init_off -= DTLS1_HM_HEADER_LENGTH;
320 s->init_num += DTLS1_HM_HEADER_LENGTH; 316 s->init_num += DTLS1_HM_HEADER_LENGTH;
321 317
322 if ( s->init_num > curr_mtu) 318 if (s->init_num > curr_mtu)
323 len = curr_mtu; 319 len = curr_mtu;
324 else 320 else
325 len = s->init_num; 321 len = s->init_num;
326 } 322 }
327 323
328 dtls1_fix_message_header(s, frag_off, 324 dtls1_fix_message_header(s, frag_off,
329 len - DTLS1_HM_HEADER_LENGTH); 325 len - DTLS1_HM_HEADER_LENGTH);
330 326
331 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]); 327 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
332 328
333 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); 329 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
334 } 330 }
335 331
336 ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off], 332 ret = dtls1_write_bytes(s, type,
337 len); 333 &s->init_buf->data[s->init_off], len);
338 if (ret < 0) 334 if (ret < 0) {
339 {
340 /* might need to update MTU here, but we don't know 335 /* might need to update MTU here, but we don't know
341 * which previous packet caused the failure -- so can't 336 * which previous packet caused the failure -- so can't
342 * really retransmit anything. continue as if everything 337 * really retransmit anything. continue as if everything
343 * is fine and wait for an alert to handle the 338 * is fine and wait for an alert to handle the
344 * retransmit 339 * retransmit
345 */ 340 */
346 if ( BIO_ctrl(SSL_get_wbio(s), 341 if (BIO_ctrl(SSL_get_wbio(s),
347 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) 342 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
348 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), 343 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
349 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 344 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
350 else 345 else
351 return(-1); 346 return (-1);
352 } 347 } else {
353 else
354 {
355 348
356 /* bad if this assert fails, only part of the handshake 349 /* bad if this assert fails, only part of the handshake
357 * message got sent. but why would this happen? */ 350 * message got sent. but why would this happen? */
358 OPENSSL_assert(len == (unsigned int)ret); 351 OPENSSL_assert(len == (unsigned int)ret);
359 352
360 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) 353 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) {
361 {
362 /* should not be done for 'Hello Request's, but in that case 354 /* should not be done for 'Hello Request's, but in that case
363 * we'll ignore the result anyway */ 355 * we'll ignore the result anyway */
364 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; 356 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
365 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 357 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
366 int xlen; 358 int xlen;
367 359
368 if (frag_off == 0 && s->version != DTLS1_BAD_VER) 360 if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
369 {
370 /* reconstruct message header is if it 361 /* reconstruct message header is if it
371 * is being sent in single fragment */ 362 * is being sent in single fragment */
372 *p++ = msg_hdr->type; 363 *p++ = msg_hdr->type;
373 l2n3(msg_hdr->msg_len,p); 364 l2n3(msg_hdr->msg_len, p);
374 s2n (msg_hdr->seq,p); 365 s2n (msg_hdr->seq, p);
375 l2n3(0,p); 366 l2n3(0, p);
376 l2n3(msg_hdr->msg_len,p); 367 l2n3(msg_hdr->msg_len, p);
377 p -= DTLS1_HM_HEADER_LENGTH; 368 p -= DTLS1_HM_HEADER_LENGTH;
378 xlen = ret; 369 xlen = ret;
379 } 370 } else {
380 else 371 p += DTLS1_HM_HEADER_LENGTH;
381 {
382 p += DTLS1_HM_HEADER_LENGTH;
383 xlen = ret - DTLS1_HM_HEADER_LENGTH; 372 xlen = ret - DTLS1_HM_HEADER_LENGTH;
384 } 373 }
385 374
386 ssl3_finish_mac(s, p, xlen); 375 ssl3_finish_mac(s, p, xlen);
387 } 376 }
388 377
389 if (ret == s->init_num) 378 if (ret == s->init_num) {
390 {
391 if (s->msg_callback) 379 if (s->msg_callback)
392 s->msg_callback(1, s->version, type, s->init_buf->data, 380 s->msg_callback(1, s->version, type,
393 (size_t)(s->init_off + s->init_num), s, 381 s->init_buf->data,
394 s->msg_callback_arg); 382 (size_t)(s->init_off + s->init_num),
383 s, s->msg_callback_arg);
395 384
396 s->init_off = 0; /* done writing this message */ 385 s->init_off = 0;
386 /* done writing this message */
397 s->init_num = 0; 387 s->init_num = 0;
398 388
399 return(1); 389 return (1);
400 }
401 s->init_off+=ret;
402 s->init_num-=ret;
403 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
404 } 390 }
391 s->init_off += ret;
392 s->init_num -= ret;
393 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
405 } 394 }
406 return(0);
407 } 395 }
396 return (0);
397}
408 398
409 399
410/* Obtain handshake message of message type 'mt' (any if mt == -1), 400/* Obtain handshake message of message type 'mt' (any if mt == -1),
@@ -412,8 +402,9 @@ int dtls1_do_write(SSL *s, int type)
412 * Read an entire handshake message. Handshake messages arrive in 402 * Read an entire handshake message. Handshake messages arrive in
413 * fragments. 403 * fragments.
414 */ 404 */
415long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 405long
416 { 406dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
407{
417 int i, al; 408 int i, al;
418 struct hm_header_st *msg_hdr; 409 struct hm_header_st *msg_hdr;
419 unsigned char *p; 410 unsigned char *p;
@@ -421,30 +412,28 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
421 412
422 /* s3->tmp is used to store messages that are unexpected, caused 413 /* s3->tmp is used to store messages that are unexpected, caused
423 * by the absence of an optional handshake message */ 414 * by the absence of an optional handshake message */
424 if (s->s3->tmp.reuse_message) 415 if (s->s3->tmp.reuse_message) {
425 { 416 s->s3->tmp.reuse_message = 0;
426 s->s3->tmp.reuse_message=0; 417 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
427 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) 418 al = SSL_AD_UNEXPECTED_MESSAGE;
428 { 419 SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
429 al=SSL_AD_UNEXPECTED_MESSAGE;
430 SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
431 goto f_err; 420 goto f_err;
432 } 421 }
433 *ok=1; 422 *ok = 1;
434 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 423 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
435 s->init_num = (int)s->s3->tmp.message_size; 424 s->init_num = (int)s->s3->tmp.message_size;
436 return s->init_num; 425 return s->init_num;
437 } 426 }
438 427
439 msg_hdr = &s->d1->r_msg_hdr; 428 msg_hdr = &s->d1->r_msg_hdr;
440 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 429 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
441 430
442again: 431again:
443 i = dtls1_get_message_fragment(s, st1, stn, max, ok); 432 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
444 if ( i == DTLS1_HM_BAD_FRAGMENT || 433 if (i == DTLS1_HM_BAD_FRAGMENT ||
445 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ 434 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
446 goto again; 435 goto again;
447 else if ( i <= 0 && !*ok) 436 else if (i <= 0 && !*ok)
448 return i; 437 return i;
449 438
450 p = (unsigned char *)s->init_buf->data; 439 p = (unsigned char *)s->init_buf->data;
@@ -452,20 +441,19 @@ again:
452 441
453 /* reconstruct message header */ 442 /* reconstruct message header */
454 *(p++) = msg_hdr->type; 443 *(p++) = msg_hdr->type;
455 l2n3(msg_len,p); 444 l2n3(msg_len, p);
456 s2n (msg_hdr->seq,p); 445 s2n (msg_hdr->seq, p);
457 l2n3(0,p); 446 l2n3(0, p);
458 l2n3(msg_len,p); 447 l2n3(msg_len, p);
459 if (s->version != DTLS1_BAD_VER) { 448 if (s->version != DTLS1_BAD_VER) {
460 p -= DTLS1_HM_HEADER_LENGTH; 449 p -= DTLS1_HM_HEADER_LENGTH;
461 msg_len += DTLS1_HM_HEADER_LENGTH; 450 msg_len += DTLS1_HM_HEADER_LENGTH;
462 } 451 }
463 452
464 ssl3_finish_mac(s, p, msg_len); 453 ssl3_finish_mac(s, p, msg_len);
465 if (s->msg_callback) 454 if (s->msg_callback)
466 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 455 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len,
467 p, msg_len, 456 s, s->msg_callback_arg);
468 s, s->msg_callback_arg);
469 457
470 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 458 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
471 459
@@ -477,64 +465,59 @@ again:
477 return s->init_num; 465 return s->init_num;
478 466
479f_err: 467f_err:
480 ssl3_send_alert(s,SSL3_AL_FATAL,al); 468 ssl3_send_alert(s, SSL3_AL_FATAL, al);
481 *ok = 0; 469 *ok = 0;
482 return -1; 470 return -1;
483 } 471}
484 472
485 473
486static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max) 474static int
487 { 475dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
488 size_t frag_off,frag_len,msg_len; 476 size_t frag_off, frag_len, msg_len;
489 477
490 msg_len = msg_hdr->msg_len; 478 msg_len = msg_hdr->msg_len;
491 frag_off = msg_hdr->frag_off; 479 frag_off = msg_hdr->frag_off;
492 frag_len = msg_hdr->frag_len; 480 frag_len = msg_hdr->frag_len;
493 481
494 /* sanity checking */ 482 /* sanity checking */
495 if ( (frag_off+frag_len) > msg_len) 483 if ((frag_off + frag_len) > msg_len) {
496 { 484 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
497 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
498 return SSL_AD_ILLEGAL_PARAMETER; 485 return SSL_AD_ILLEGAL_PARAMETER;
499 } 486 }
500 487
501 if ( (frag_off+frag_len) > (unsigned long)max) 488 if ((frag_off + frag_len) > (unsigned long)max) {
502 { 489 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
503 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
504 return SSL_AD_ILLEGAL_PARAMETER; 490 return SSL_AD_ILLEGAL_PARAMETER;
505 } 491 }
506 492
507 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ 493 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
508 { 494 {
509 /* msg_len is limited to 2^24, but is effectively checked 495 /* msg_len is limited to 2^24, but is effectively checked
510 * against max above */ 496 * against max above */
511 if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH)) 497 if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
512 { 498 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
513 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
514 return SSL_AD_INTERNAL_ERROR; 499 return SSL_AD_INTERNAL_ERROR;
515 } 500 }
516 501
517 s->s3->tmp.message_size = msg_len; 502 s->s3->tmp.message_size = msg_len;
518 s->d1->r_msg_hdr.msg_len = msg_len; 503 s->d1->r_msg_hdr.msg_len = msg_len;
519 s->s3->tmp.message_type = msg_hdr->type; 504 s->s3->tmp.message_type = msg_hdr->type;
520 s->d1->r_msg_hdr.type = msg_hdr->type; 505 s->d1->r_msg_hdr.type = msg_hdr->type;
521 s->d1->r_msg_hdr.seq = msg_hdr->seq; 506 s->d1->r_msg_hdr.seq = msg_hdr->seq;
522 } 507 } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
523 else if (msg_len != s->d1->r_msg_hdr.msg_len)
524 {
525 /* They must be playing with us! BTW, failure to enforce 508 /* They must be playing with us! BTW, failure to enforce
526 * upper limit would open possibility for buffer overrun. */ 509 * upper limit would open possibility for buffer overrun. */
527 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); 510 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
528 return SSL_AD_ILLEGAL_PARAMETER; 511 return SSL_AD_ILLEGAL_PARAMETER;
529 } 512 }
530 513
531 return 0; /* no error */ 514 return 0; /* no error */
532 } 515}
533 516
534 517
535static int 518static int
536dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) 519dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
537 { 520{
538 /* (0) check whether the desired fragment is available 521 /* (0) check whether the desired fragment is available
539 * if so: 522 * if so:
540 * (1) copy over the fragment to s->init_buf->data[] 523 * (1) copy over the fragment to s->init_buf->data[]
@@ -546,58 +529,54 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
546 529
547 *ok = 0; 530 *ok = 0;
548 item = pqueue_peek(s->d1->buffered_messages); 531 item = pqueue_peek(s->d1->buffered_messages);
549 if ( item == NULL) 532 if (item == NULL)
550 return 0; 533 return 0;
551 534
552 frag = (hm_fragment *)item->data; 535 frag = (hm_fragment *)item->data;
553 536
554 /* Don't return if reassembly still in progress */ 537 /* Don't return if reassembly still in progress */
555 if (frag->reassembly != NULL) 538 if (frag->reassembly != NULL)
556 return 0; 539 return 0;
557 540
558 if ( s->d1->handshake_read_seq == frag->msg_header.seq) 541 if (s->d1->handshake_read_seq == frag->msg_header.seq) {
559 {
560 unsigned long frag_len = frag->msg_header.frag_len; 542 unsigned long frag_len = frag->msg_header.frag_len;
561 pqueue_pop(s->d1->buffered_messages); 543 pqueue_pop(s->d1->buffered_messages);
562 544
563 al=dtls1_preprocess_fragment(s,&frag->msg_header,max); 545 al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
564 546
565 if (al==0) /* no alert */ 547 if (al == 0) /* no alert */
566 { 548 {
567 unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH; 549 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
568 memcpy(&p[frag->msg_header.frag_off], 550 memcpy(&p[frag->msg_header.frag_off],
569 frag->fragment,frag->msg_header.frag_len); 551 frag->fragment, frag->msg_header.frag_len);
570 } 552 }
571 553
572 dtls1_hm_fragment_free(frag); 554 dtls1_hm_fragment_free(frag);
573 pitem_free(item); 555 pitem_free(item);
574 556
575 if (al==0) 557 if (al == 0) {
576 {
577 *ok = 1; 558 *ok = 1;
578 return frag_len; 559 return frag_len;
579 } 560 }
580 561
581 ssl3_send_alert(s,SSL3_AL_FATAL,al); 562 ssl3_send_alert(s, SSL3_AL_FATAL, al);
582 s->init_num = 0; 563 s->init_num = 0;
583 *ok = 0; 564 *ok = 0;
584 return -1; 565 return -1;
585 } 566 } else
586 else
587 return 0; 567 return 0;
588 } 568}
589 569
590 570
591static int 571static int
592dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) 572dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
593 {
594 hm_fragment *frag = NULL; 573 hm_fragment *frag = NULL;
595 pitem *item = NULL; 574 pitem *item = NULL;
596 int i = -1, is_complete; 575 int i = -1, is_complete;
597 unsigned char seq64be[8]; 576 unsigned char seq64be[8];
598 unsigned long frag_len = msg_hdr->frag_len, max_len; 577 unsigned long frag_len = msg_hdr->frag_len, max_len;
599 578
600 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 579 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
601 goto err; 580 goto err;
602 581
603 /* Determine maximum allowed message size. Depends on (user set) 582 /* Determine maximum allowed message size. Depends on (user set)
@@ -608,104 +587,99 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
608 else 587 else
609 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; 588 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
610 589
611 if ((msg_hdr->frag_off+frag_len) > max_len) 590 if ((msg_hdr->frag_off + frag_len) > max_len)
612 goto err; 591 goto err;
613 592
614 /* Try to find item in queue */ 593 /* Try to find item in queue */
615 memset(seq64be,0,sizeof(seq64be)); 594 memset(seq64be, 0, sizeof(seq64be));
616 seq64be[6] = (unsigned char) (msg_hdr->seq>>8); 595 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
617 seq64be[7] = (unsigned char) msg_hdr->seq; 596 seq64be[7] = (unsigned char)msg_hdr->seq;
618 item = pqueue_find(s->d1->buffered_messages, seq64be); 597 item = pqueue_find(s->d1->buffered_messages, seq64be);
619 598
620 if (item == NULL) 599 if (item == NULL) {
621 {
622 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); 600 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
623 if ( frag == NULL) 601 if (frag == NULL)
624 goto err; 602 goto err;
625 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 603 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
626 frag->msg_header.frag_len = frag->msg_header.msg_len; 604 frag->msg_header.frag_len = frag->msg_header.msg_len;
627 frag->msg_header.frag_off = 0; 605 frag->msg_header.frag_off = 0;
628 } 606 } else
629 else
630 frag = (hm_fragment*) item->data; 607 frag = (hm_fragment*) item->data;
631 608
632 /* If message is already reassembled, this must be a 609 /* If message is already reassembled, this must be a
633 * retransmit and can be dropped. 610 * retransmit and can be dropped.
634 */ 611 */
635 if (frag->reassembly == NULL) 612 if (frag->reassembly == NULL) {
636 {
637 unsigned char devnull [256]; 613 unsigned char devnull [256];
638 614
639 while (frag_len) 615 while (frag_len) {
640 { 616 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
641 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 617 devnull, frag_len > sizeof(devnull) ?
642 devnull, 618 sizeof(devnull) : frag_len, 0);
643 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); 619 if (i <= 0)
644 if (i<=0) goto err; 620 goto err;
645 frag_len -= i; 621 frag_len -= i;
646 }
647 return DTLS1_HM_FRAGMENT_RETRY;
648 } 622 }
623 return DTLS1_HM_FRAGMENT_RETRY;
624 }
649 625
650 /* read the body of the fragment (header has already been read */ 626 /* read the body of the fragment (header has already been read */
651 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 627 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
652 frag->fragment + msg_hdr->frag_off,frag_len,0); 628 frag->fragment + msg_hdr->frag_off, frag_len, 0);
653 if (i<=0 || (unsigned long)i!=frag_len) 629 if (i <= 0 || (unsigned long)i != frag_len)
654 goto err; 630 goto err;
655 631
656 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, 632 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
657 (long)(msg_hdr->frag_off + frag_len)); 633 (long)(msg_hdr->frag_off + frag_len));
658 634
659 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, 635 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
660 is_complete); 636 is_complete);
661 637
662 if (is_complete) 638 if (is_complete) {
663 {
664 OPENSSL_free(frag->reassembly); 639 OPENSSL_free(frag->reassembly);
665 frag->reassembly = NULL; 640 frag->reassembly = NULL;
666 } 641 }
667 642
668 if (item == NULL) 643 if (item == NULL) {
669 { 644 memset(seq64be, 0, sizeof(seq64be));
670 memset(seq64be,0,sizeof(seq64be)); 645 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
671 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
672 seq64be[7] = (unsigned char)(msg_hdr->seq); 646 seq64be[7] = (unsigned char)(msg_hdr->seq);
673 647
674 item = pitem_new(seq64be, frag); 648 item = pitem_new(seq64be, frag);
675 if (item == NULL) 649 if (item == NULL) {
676 {
677 goto err; 650 goto err;
678 i = -1; 651 i = -1;
679 } 652 }
680 653
681 pqueue_insert(s->d1->buffered_messages, item); 654 pqueue_insert(s->d1->buffered_messages, item);
682 } 655 }
683 656
684 return DTLS1_HM_FRAGMENT_RETRY; 657 return DTLS1_HM_FRAGMENT_RETRY;
685 658
686err: 659err:
687 if (frag != NULL) dtls1_hm_fragment_free(frag); 660 if (frag != NULL)
688 if (item != NULL) OPENSSL_free(item); 661 dtls1_hm_fragment_free(frag);
662 if (item != NULL)
663 OPENSSL_free(item);
689 *ok = 0; 664 *ok = 0;
690 return i; 665 return i;
691 } 666}
692 667
693 668
694static int 669static int
695dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) 670dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
696{ 671 int i = -1;
697 int i=-1;
698 hm_fragment *frag = NULL; 672 hm_fragment *frag = NULL;
699 pitem *item = NULL; 673 pitem *item = NULL;
700 unsigned char seq64be[8]; 674 unsigned char seq64be[8];
701 unsigned long frag_len = msg_hdr->frag_len; 675 unsigned long frag_len = msg_hdr->frag_len;
702 676
703 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 677 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
704 goto err; 678 goto err;
705 679
706 /* Try to find item in queue, to prevent duplicate entries */ 680 /* Try to find item in queue, to prevent duplicate entries */
707 memset(seq64be,0,sizeof(seq64be)); 681 memset(seq64be, 0, sizeof(seq64be));
708 seq64be[6] = (unsigned char) (msg_hdr->seq>>8); 682 seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
709 seq64be[7] = (unsigned char) msg_hdr->seq; 683 seq64be[7] = (unsigned char) msg_hdr->seq;
710 item = pqueue_find(s->d1->buffered_messages, seq64be); 684 item = pqueue_find(s->d1->buffered_messages, seq64be);
711 685
@@ -721,92 +695,89 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
721 * retransmit. 695 * retransmit.
722 */ 696 */
723 if (msg_hdr->seq <= s->d1->handshake_read_seq || 697 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
724 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || 698 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
725 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) 699 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
726 {
727 unsigned char devnull [256]; 700 unsigned char devnull [256];
728 701
729 while (frag_len) 702 while (frag_len) {
730 { 703 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
731 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 704 devnull, frag_len > sizeof(devnull) ?
732 devnull, 705 sizeof(devnull) : frag_len, 0);
733 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); 706 if (i <= 0)
734 if (i<=0) goto err; 707 goto err;
735 frag_len -= i; 708 frag_len -= i;
736 }
737 } 709 }
738 else 710 } else {
739 {
740 if (frag_len && frag_len < msg_hdr->msg_len) 711 if (frag_len && frag_len < msg_hdr->msg_len)
741 return dtls1_reassemble_fragment(s, msg_hdr, ok); 712 return dtls1_reassemble_fragment(s, msg_hdr, ok);
742 713
743 frag = dtls1_hm_fragment_new(frag_len, 0); 714 frag = dtls1_hm_fragment_new(frag_len, 0);
744 if ( frag == NULL) 715 if (frag == NULL)
745 goto err; 716 goto err;
746 717
747 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 718 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
748 719
749 if (frag_len) 720 if (frag_len) {
750 {
751 /* read the body of the fragment (header has already been read */ 721 /* read the body of the fragment (header has already been read */
752 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 722 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
753 frag->fragment,frag_len,0); 723 frag->fragment, frag_len, 0);
754 if (i<=0 || (unsigned long)i!=frag_len) 724 if (i <= 0 || (unsigned long)i != frag_len)
755 goto err; 725 goto err;
756 } 726 }
757 727
758 memset(seq64be,0,sizeof(seq64be)); 728 memset(seq64be, 0, sizeof(seq64be));
759 seq64be[6] = (unsigned char)(msg_hdr->seq>>8); 729 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
760 seq64be[7] = (unsigned char)(msg_hdr->seq); 730 seq64be[7] = (unsigned char)(msg_hdr->seq);
761 731
762 item = pitem_new(seq64be, frag); 732 item = pitem_new(seq64be, frag);
763 if ( item == NULL) 733 if (item == NULL)
764 goto err; 734 goto err;
765 735
766 pqueue_insert(s->d1->buffered_messages, item); 736 pqueue_insert(s->d1->buffered_messages, item);
767 } 737 }
768 738
769 return DTLS1_HM_FRAGMENT_RETRY; 739 return DTLS1_HM_FRAGMENT_RETRY;
770 740
771err: 741err:
772 if ( frag != NULL) dtls1_hm_fragment_free(frag); 742 if (frag != NULL)
773 if ( item != NULL) OPENSSL_free(item); 743 dtls1_hm_fragment_free(frag);
744 if (item != NULL)
745 OPENSSL_free(item);
774 *ok = 0; 746 *ok = 0;
775 return i; 747 return i;
776 } 748}
777 749
778 750
779static long 751static long
780dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) 752dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
781 { 753{
782 unsigned char wire[DTLS1_HM_HEADER_LENGTH]; 754 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
783 unsigned long len, frag_off, frag_len; 755 unsigned long len, frag_off, frag_len;
784 int i,al; 756 int i, al;
785 struct hm_header_st msg_hdr; 757 struct hm_header_st msg_hdr;
786 758
787 /* see if we have the required fragment already */ 759 /* see if we have the required fragment already */
788 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) 760 if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
789 { 761 if (*ok)
790 if (*ok) s->init_num = frag_len; 762 s->init_num = frag_len;
791 return frag_len; 763 return frag_len;
792 } 764 }
793 765
794 /* read handshake message header */ 766 /* read handshake message header */
795 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, 767 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
796 DTLS1_HM_HEADER_LENGTH, 0); 768 DTLS1_HM_HEADER_LENGTH, 0);
797 if (i <= 0) /* nbio, or an error */ 769 if (i <= 0) /* nbio, or an error */
798 { 770 {
799 s->rwstate=SSL_READING; 771 s->rwstate = SSL_READING;
800 *ok = 0; 772 *ok = 0;
801 return i; 773 return i;
802 } 774 }
803 /* Handshake fails if message header is incomplete */ 775 /* Handshake fails if message header is incomplete */
804 if (i != DTLS1_HM_HEADER_LENGTH) 776 if (i != DTLS1_HM_HEADER_LENGTH) {
805 { 777 al = SSL_AD_UNEXPECTED_MESSAGE;
806 al=SSL_AD_UNEXPECTED_MESSAGE; 778 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
807 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
808 goto f_err; 779 goto f_err;
809 } 780 }
810 781
811 /* parse the message fragment header */ 782 /* parse the message fragment header */
812 dtls1_get_message_header(wire, &msg_hdr); 783 dtls1_get_message_header(wire, &msg_hdr);
@@ -828,62 +799,56 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
828 return dtls1_reassemble_fragment(s, &msg_hdr, ok); 799 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
829 800
830 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && 801 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
831 wire[0] == SSL3_MT_HELLO_REQUEST) 802 wire[0] == SSL3_MT_HELLO_REQUEST) {
832 {
833 /* The server may always send 'Hello Request' messages -- 803 /* The server may always send 'Hello Request' messages --
834 * we are doing a handshake anyway now, so ignore them 804 * we are doing a handshake anyway now, so ignore them
835 * if their format is correct. Does not count for 805 * if their format is correct. Does not count for
836 * 'Finished' MAC. */ 806 * 'Finished' MAC. */
837 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) 807 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
838 {
839 if (s->msg_callback) 808 if (s->msg_callback)
840 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 809 s->msg_callback(0, s->version,
841 wire, DTLS1_HM_HEADER_LENGTH, s, 810 SSL3_RT_HANDSHAKE, wire,
842 s->msg_callback_arg); 811 DTLS1_HM_HEADER_LENGTH, s,
843 812 s->msg_callback_arg);
813
844 s->init_num = 0; 814 s->init_num = 0;
845 return dtls1_get_message_fragment(s, st1, stn, 815 return dtls1_get_message_fragment(s, st1, stn, max, ok);
846 max, ok); 816 }
847 }
848 else /* Incorrectly formated Hello request */ 817 else /* Incorrectly formated Hello request */
849 { 818 {
850 al=SSL_AD_UNEXPECTED_MESSAGE; 819 al = SSL_AD_UNEXPECTED_MESSAGE;
851 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); 820 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
852 goto f_err; 821 goto f_err;
853 }
854 } 822 }
823 }
855 824
856 if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max))) 825 if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
857 goto f_err; 826 goto f_err;
858 827
859 /* XDTLS: ressurect this when restart is in place */ 828 /* XDTLS: ressurect this when restart is in place */
860 s->state=stn; 829 s->state = stn;
861 830
862 if ( frag_len > 0) 831 if (frag_len > 0) {
863 { 832 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
864 unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
865 833
866 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 834 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
867 &p[frag_off],frag_len,0); 835 &p[frag_off], frag_len, 0);
868 /* XDTLS: fix this--message fragments cannot span multiple packets */ 836 /* XDTLS: fix this--message fragments cannot span multiple packets */
869 if (i <= 0) 837 if (i <= 0) {
870 { 838 s->rwstate = SSL_READING;
871 s->rwstate=SSL_READING;
872 *ok = 0; 839 *ok = 0;
873 return i; 840 return i;
874 }
875 } 841 }
876 else 842 } else
877 i = 0; 843 i = 0;
878 844
879 /* XDTLS: an incorrectly formatted fragment should cause the 845 /* XDTLS: an incorrectly formatted fragment should cause the
880 * handshake to fail */ 846 * handshake to fail */
881 if (i != (int)frag_len) 847 if (i != (int)frag_len) {
882 { 848 al = SSL3_AD_ILLEGAL_PARAMETER;
883 al=SSL3_AD_ILLEGAL_PARAMETER; 849 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER);
884 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
885 goto f_err; 850 goto f_err;
886 } 851 }
887 852
888 *ok = 1; 853 *ok = 1;
889 854
@@ -895,62 +860,59 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
895 return frag_len; 860 return frag_len;
896 861
897f_err: 862f_err:
898 ssl3_send_alert(s,SSL3_AL_FATAL,al); 863 ssl3_send_alert(s, SSL3_AL_FATAL, al);
899 s->init_num = 0; 864 s->init_num = 0;
900 865
901 *ok=0; 866 *ok = 0;
902 return(-1); 867 return (-1);
903 } 868}
904 869
905int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) 870int
906 { 871dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
907 unsigned char *p,*d; 872{
873 unsigned char *p, *d;
908 int i; 874 int i;
909 unsigned long l; 875 unsigned long l;
910 876
911 if (s->state == a) 877 if (s->state == a) {
912 { 878 d = (unsigned char *)s->init_buf->data;
913 d=(unsigned char *)s->init_buf->data; 879 p = &(d[DTLS1_HM_HEADER_LENGTH]);
914 p= &(d[DTLS1_HM_HEADER_LENGTH]);
915 880
916 i=s->method->ssl3_enc->final_finish_mac(s, 881 i = s->method->ssl3_enc->final_finish_mac(s,
917 sender,slen,s->s3->tmp.finish_md); 882 sender, slen, s->s3->tmp.finish_md);
918 s->s3->tmp.finish_md_len = i; 883 s->s3->tmp.finish_md_len = i;
919 memcpy(p, s->s3->tmp.finish_md, i); 884 memcpy(p, s->s3->tmp.finish_md, i);
920 p+=i; 885 p += i;
921 l=i; 886 l = i;
922 887
923 /* Copy the finished so we can use it for 888 /* Copy the finished so we can use it for
924 * renegotiation checks 889 * renegotiation checks
925 */ 890 */
926 if(s->type == SSL_ST_CONNECT) 891 if (s->type == SSL_ST_CONNECT) {
927 { 892 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
928 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 893 memcpy(s->s3->previous_client_finished,
929 memcpy(s->s3->previous_client_finished, 894 s->s3->tmp.finish_md, i);
930 s->s3->tmp.finish_md, i); 895 s->s3->previous_client_finished_len = i;
931 s->s3->previous_client_finished_len=i; 896 } else {
932 } 897 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
933 else 898 memcpy(s->s3->previous_server_finished,
934 { 899 s->s3->tmp.finish_md, i);
935 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 900 s->s3->previous_server_finished_len = i;
936 memcpy(s->s3->previous_server_finished,
937 s->s3->tmp.finish_md, i);
938 s->s3->previous_server_finished_len=i;
939 } 901 }
940 902
941 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l); 903 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
942 s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH; 904 s->init_num = (int)l + DTLS1_HM_HEADER_LENGTH;
943 s->init_off=0; 905 s->init_off = 0;
944 906
945 /* buffer the message to handle re-xmits */ 907 /* buffer the message to handle re-xmits */
946 dtls1_buffer_message(s, 0); 908 dtls1_buffer_message(s, 0);
947 909
948 s->state=b; 910 s->state = b;
949 } 911 }
950 912
951 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ 913 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
952 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 914 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
953 } 915}
954 916
955/* for these 2 messages, we need to 917/* for these 2 messages, we need to
956 * ssl->enc_read_ctx re-init 918 * ssl->enc_read_ctx re-init
@@ -960,161 +922,154 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
960 * ssl->session->read_compression assign 922 * ssl->session->read_compression assign
961 * ssl->session->read_hash assign 923 * ssl->session->read_hash assign
962 */ 924 */
963int dtls1_send_change_cipher_spec(SSL *s, int a, int b) 925int
964 { 926dtls1_send_change_cipher_spec(SSL *s, int a, int b)
927{
965 unsigned char *p; 928 unsigned char *p;
966 929
967 if (s->state == a) 930 if (s->state == a) {
968 { 931 p = (unsigned char *)s->init_buf->data;
969 p=(unsigned char *)s->init_buf->data;
970 *p++=SSL3_MT_CCS; 932 *p++=SSL3_MT_CCS;
971 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 933 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
972 s->init_num=DTLS1_CCS_HEADER_LENGTH; 934 s->init_num = DTLS1_CCS_HEADER_LENGTH;
973 935
974 if (s->version == DTLS1_BAD_VER) { 936 if (s->version == DTLS1_BAD_VER) {
975 s->d1->next_handshake_write_seq++; 937 s->d1->next_handshake_write_seq++;
976 s2n(s->d1->handshake_write_seq,p); 938 s2n(s->d1->handshake_write_seq, p);
977 s->init_num+=2; 939 s->init_num += 2;
978 } 940 }
979 941
980 s->init_off=0; 942 s->init_off = 0;
981 943
982 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 944 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
983 s->d1->handshake_write_seq, 0, 0); 945 s->d1->handshake_write_seq, 0, 0);
984 946
985 /* buffer the message to handle re-xmits */ 947 /* buffer the message to handle re-xmits */
986 dtls1_buffer_message(s, 1); 948 dtls1_buffer_message(s, 1);
987 949
988 s->state=b; 950 s->state = b;
989 } 951 }
990 952
991 /* SSL3_ST_CW_CHANGE_B */ 953 /* SSL3_ST_CW_CHANGE_B */
992 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); 954 return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
993 } 955}
994 956
995static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) 957static int
996 { 958dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
959{
997 int n; 960 int n;
998 unsigned char *p; 961 unsigned char *p;
999 962
1000 n=i2d_X509(x,NULL); 963 n = i2d_X509(x, NULL);
1001 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) 964 if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) {
1002 { 965 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
1003 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
1004 return 0; 966 return 0;
1005 } 967 }
1006 p=(unsigned char *)&(buf->data[*l]); 968 p = (unsigned char *)&(buf->data[*l]);
1007 l2n3(n,p); 969 l2n3(n, p);
1008 i2d_X509(x,&p); 970 i2d_X509(x, &p);
1009 *l+=n+3; 971 *l += n + 3;
1010 972
1011 return 1; 973 return 1;
1012 } 974}
1013unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) 975
1014 { 976unsigned long
977dtls1_output_cert_chain(SSL *s, X509 *x)
978{
1015 unsigned char *p; 979 unsigned char *p;
1016 int i; 980 int i;
1017 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; 981 unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
1018 BUF_MEM *buf; 982 BUF_MEM *buf;
1019 983
1020 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 984 /* TLSv1 sends a chain with nothing in it, instead of an alert */
1021 buf=s->init_buf; 985 buf = s->init_buf;
1022 if (!BUF_MEM_grow_clean(buf,10)) 986 if (!BUF_MEM_grow_clean(buf, 10)) {
1023 { 987 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
1024 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); 988 return (0);
1025 return(0); 989 }
1026 } 990 if (x != NULL) {
1027 if (x != NULL)
1028 {
1029 X509_STORE_CTX xs_ctx; 991 X509_STORE_CTX xs_ctx;
1030 992
1031 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) 993 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
1032 { 994 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
1033 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 995 return (0);
1034 return(0); 996 }
1035 } 997
1036
1037 X509_verify_cert(&xs_ctx); 998 X509_verify_cert(&xs_ctx);
1038 /* Don't leave errors in the queue */ 999 /* Don't leave errors in the queue */
1039 ERR_clear_error(); 1000 ERR_clear_error();
1040 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) 1001 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
1041 {
1042 x = sk_X509_value(xs_ctx.chain, i); 1002 x = sk_X509_value(xs_ctx.chain, i);
1043 1003
1044 if (!dtls1_add_cert_to_buf(buf, &l, x)) 1004 if (!dtls1_add_cert_to_buf(buf, &l, x)) {
1045 {
1046 X509_STORE_CTX_cleanup(&xs_ctx); 1005 X509_STORE_CTX_cleanup(&xs_ctx);
1047 return 0; 1006 return 0;
1048 } 1007 }
1049 } 1008 }
1050 X509_STORE_CTX_cleanup(&xs_ctx); 1009 X509_STORE_CTX_cleanup(&xs_ctx);
1051 } 1010 }
1052 /* Thawte special :-) */ 1011 /* Thawte special :-) */
1053 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) 1012 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
1054 { 1013 x = sk_X509_value(s->ctx->extra_certs, i);
1055 x=sk_X509_value(s->ctx->extra_certs,i);
1056 if (!dtls1_add_cert_to_buf(buf, &l, x)) 1014 if (!dtls1_add_cert_to_buf(buf, &l, x))
1057 return 0; 1015 return 0;
1058 } 1016 }
1059 1017
1060 l-= (3 + DTLS1_HM_HEADER_LENGTH); 1018 l -= (3 + DTLS1_HM_HEADER_LENGTH);
1061 1019
1062 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); 1020 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1063 l2n3(l,p); 1021 l2n3(l, p);
1064 l+=3; 1022 l += 3;
1065 p=(unsigned char *)&(buf->data[0]); 1023 p = (unsigned char *)&(buf->data[0]);
1066 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l); 1024 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
1067 1025
1068 l+=DTLS1_HM_HEADER_LENGTH; 1026 l += DTLS1_HM_HEADER_LENGTH;
1069 return(l); 1027 return (l);
1070 } 1028}
1071 1029
1072int dtls1_read_failed(SSL *s, int code) 1030int
1073 { 1031dtls1_read_failed(SSL *s, int code)
1074 if ( code > 0) 1032{
1075 { 1033 if (code > 0) {
1076 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); 1034 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
1077 return 1; 1035 return 1;
1078 } 1036 }
1079 1037
1080 if (!dtls1_is_timer_expired(s)) 1038 if (!dtls1_is_timer_expired(s)) {
1081 {
1082 /* not a timeout, none of our business, 1039 /* not a timeout, none of our business,
1083 let higher layers handle this. in fact it's probably an error */ 1040 let higher layers handle this. in fact it's probably an error */
1084 return code; 1041 return code;
1085 } 1042 }
1086 1043
1087#ifndef OPENSSL_NO_HEARTBEATS 1044#ifndef OPENSSL_NO_HEARTBEATS
1088 if (!SSL_in_init(s) && !s->tlsext_hb_pending) /* done, no need to send a retransmit */ 1045 if (!SSL_in_init(s) && !s->tlsext_hb_pending) /* done, no need to send a retransmit */
1089#else 1046#else
1090 if (!SSL_in_init(s)) /* done, no need to send a retransmit */ 1047 if (!SSL_in_init(s)) /* done, no need to send a retransmit */
1091#endif 1048#endif
1092 { 1049 {
1093 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); 1050 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
1094 return code; 1051 return code;
1095 } 1052 }
1096 1053
1097#if 0 /* for now, each alert contains only one record number */ 1054#if 0 /* for now, each alert contains only one record number */
1098 item = pqueue_peek(state->rcvd_records); 1055 item = pqueue_peek(state->rcvd_records);
1099 if ( item ) 1056 if (item ) {
1100 {
1101 /* send an alert immediately for all the missing records */ 1057 /* send an alert immediately for all the missing records */
1102 } 1058 } else
1103 else
1104#endif 1059#endif
1105 1060
1106#if 0 /* no more alert sending, just retransmit the last set of messages */ 1061#if 0 /* no more alert sending, just retransmit the last set of messages */
1107 if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) 1062 if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
1108 ssl3_send_alert(s,SSL3_AL_WARNING, 1063 ssl3_send_alert(s, SSL3_AL_WARNING,
1109 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1064 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1110#endif 1065#endif
1111 1066
1112 return dtls1_handle_timeout(s); 1067 return dtls1_handle_timeout(s);
1113 } 1068}
1114 1069
1115int 1070int
1116dtls1_get_queue_priority(unsigned short seq, int is_ccs) 1071dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1117 { 1072{
1118 /* The index of the retransmission queue actually is the message sequence number, 1073 /* The index of the retransmission queue actually is the message sequence number,
1119 * since the queue only contains messages of a single handshake. However, the 1074 * since the queue only contains messages of a single handshake. However, the
1120 * ChangeCipherSpec has no message sequence number and so using only the sequence 1075 * ChangeCipherSpec has no message sequence number and so using only the sequence
@@ -1124,11 +1079,11 @@ dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1124 * index (important for priority queues) and fits in the unsigned short variable. 1079 * index (important for priority queues) and fits in the unsigned short variable.
1125 */ 1080 */
1126 return seq * 2 - is_ccs; 1081 return seq * 2 - is_ccs;
1127 } 1082}
1128 1083
1129int 1084int
1130dtls1_retransmit_buffered_messages(SSL *s) 1085dtls1_retransmit_buffered_messages(SSL *s)
1131 { 1086{
1132 pqueue sent = s->d1->sent_messages; 1087 pqueue sent = s->d1->sent_messages;
1133 piterator iter; 1088 piterator iter;
1134 pitem *item; 1089 pitem *item;
@@ -1137,24 +1092,23 @@ dtls1_retransmit_buffered_messages(SSL *s)
1137 1092
1138 iter = pqueue_iterator(sent); 1093 iter = pqueue_iterator(sent);
1139 1094
1140 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) 1095 for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
1141 {
1142 frag = (hm_fragment *)item->data; 1096 frag = (hm_fragment *)item->data;
1143 if ( dtls1_retransmit_message(s, 1097 if (dtls1_retransmit_message(s,
1144 (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), 1098 (unsigned short)dtls1_get_queue_priority(
1145 0, &found) <= 0 && found) 1099 frag->msg_header.seq, frag->msg_header.is_ccs), 0,
1146 { 1100 &found) <= 0 && found) {
1147 fprintf(stderr, "dtls1_retransmit_message() failed\n"); 1101 fprintf(stderr, "dtls1_retransmit_message() failed\n");
1148 return -1; 1102 return -1;
1149 }
1150 } 1103 }
1104 }
1151 1105
1152 return 1; 1106 return 1;
1153 } 1107}
1154 1108
1155int 1109int
1156dtls1_buffer_message(SSL *s, int is_ccs) 1110dtls1_buffer_message(SSL *s, int is_ccs)
1157 { 1111{
1158 pitem *item; 1112 pitem *item;
1159 hm_fragment *frag; 1113 hm_fragment *frag;
1160 unsigned char seq64be[8]; 1114 unsigned char seq64be[8];
@@ -1167,16 +1121,13 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1167 1121
1168 memcpy(frag->fragment, s->init_buf->data, s->init_num); 1122 memcpy(frag->fragment, s->init_buf->data, s->init_num);
1169 1123
1170 if ( is_ccs) 1124 if (is_ccs) {
1171 { 1125 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1172 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1126 ((s->version == DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
1173 ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num); 1127 } else {
1174 } 1128 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1175 else 1129 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1176 { 1130 }
1177 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1178 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1179 }
1180 1131
1181 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; 1132 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
1182 frag->msg_header.seq = s->d1->w_msg_hdr.seq; 1133 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
@@ -1191,38 +1142,37 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1191 frag->msg_header.saved_retransmit_state.compress = s->compress; 1142 frag->msg_header.saved_retransmit_state.compress = s->compress;
1192 frag->msg_header.saved_retransmit_state.session = s->session; 1143 frag->msg_header.saved_retransmit_state.session = s->session;
1193 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; 1144 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1194 1145
1195 memset(seq64be,0,sizeof(seq64be)); 1146 memset(seq64be, 0, sizeof(seq64be));
1196 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, 1147 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1197 frag->msg_header.is_ccs)>>8); 1148 frag->msg_header.is_ccs) >> 8);
1198 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, 1149 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1199 frag->msg_header.is_ccs)); 1150 frag->msg_header.is_ccs));
1200 1151
1201 item = pitem_new(seq64be, frag); 1152 item = pitem_new(seq64be, frag);
1202 if ( item == NULL) 1153 if (item == NULL) {
1203 {
1204 dtls1_hm_fragment_free(frag); 1154 dtls1_hm_fragment_free(frag);
1205 return 0; 1155 return 0;
1206 } 1156 }
1207 1157
1208#if 0 1158#if 0
1209 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); 1159 fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
1210 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); 1160 fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
1211 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num); 1161 fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
1212#endif 1162#endif
1213 1163
1214 pqueue_insert(s->d1->sent_messages, item); 1164 pqueue_insert(s->d1->sent_messages, item);
1215 return 1; 1165 return 1;
1216 } 1166}
1217 1167
1218int 1168int
1219dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, 1169dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1220 int *found) 1170 int *found)
1221 { 1171{
1222 int ret; 1172 int ret;
1223 /* XDTLS: for now assuming that read/writes are blocking */ 1173 /* XDTLS: for now assuming that read/writes are blocking */
1224 pitem *item; 1174 pitem *item;
1225 hm_fragment *frag ; 1175 hm_fragment *frag;
1226 unsigned long header_length; 1176 unsigned long header_length;
1227 unsigned char seq64be[8]; 1177 unsigned char seq64be[8];
1228 struct dtls1_retransmit_state saved_state; 1178 struct dtls1_retransmit_state saved_state;
@@ -1234,33 +1184,32 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1234 */ 1184 */
1235 1185
1236 /* XDTLS: the requested message ought to be found, otherwise error */ 1186 /* XDTLS: the requested message ought to be found, otherwise error */
1237 memset(seq64be,0,sizeof(seq64be)); 1187 memset(seq64be, 0, sizeof(seq64be));
1238 seq64be[6] = (unsigned char)(seq>>8); 1188 seq64be[6] = (unsigned char)(seq >> 8);
1239 seq64be[7] = (unsigned char)seq; 1189 seq64be[7] = (unsigned char)seq;
1240 1190
1241 item = pqueue_find(s->d1->sent_messages, seq64be); 1191 item = pqueue_find(s->d1->sent_messages, seq64be);
1242 if ( item == NULL) 1192 if (item == NULL) {
1243 {
1244 fprintf(stderr, "retransmit: message %d non-existant\n", seq); 1193 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
1245 *found = 0; 1194 *found = 0;
1246 return 0; 1195 return 0;
1247 } 1196 }
1248 1197
1249 *found = 1; 1198 *found = 1;
1250 frag = (hm_fragment *)item->data; 1199 frag = (hm_fragment *)item->data;
1251 1200
1252 if ( frag->msg_header.is_ccs) 1201 if (frag->msg_header.is_ccs)
1253 header_length = DTLS1_CCS_HEADER_LENGTH; 1202 header_length = DTLS1_CCS_HEADER_LENGTH;
1254 else 1203 else
1255 header_length = DTLS1_HM_HEADER_LENGTH; 1204 header_length = DTLS1_HM_HEADER_LENGTH;
1256 1205
1257 memcpy(s->init_buf->data, frag->fragment, 1206 memcpy(s->init_buf->data, frag->fragment,
1258 frag->msg_header.msg_len + header_length); 1207 frag->msg_header.msg_len + header_length);
1259 s->init_num = frag->msg_header.msg_len + header_length; 1208 s->init_num = frag->msg_header.msg_len + header_length;
1260 1209
1261 dtls1_set_message_header_int(s, frag->msg_header.type, 1210 dtls1_set_message_header_int(s, frag->msg_header.type,
1262 frag->msg_header.msg_len, frag->msg_header.seq, 0, 1211 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1263 frag->msg_header.frag_len); 1212 frag->msg_header.frag_len);
1264 1213
1265 /* save current state */ 1214 /* save current state */
1266 saved_state.enc_write_ctx = s->enc_write_ctx; 1215 saved_state.enc_write_ctx = s->enc_write_ctx;
@@ -1269,34 +1218,32 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1269 saved_state.session = s->session; 1218 saved_state.session = s->session;
1270 saved_state.epoch = s->d1->w_epoch; 1219 saved_state.epoch = s->d1->w_epoch;
1271 saved_state.epoch = s->d1->w_epoch; 1220 saved_state.epoch = s->d1->w_epoch;
1272 1221
1273 s->d1->retransmitting = 1; 1222 s->d1->retransmitting = 1;
1274 1223
1275 /* restore state in which the message was originally sent */ 1224 /* restore state in which the message was originally sent */
1276 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; 1225 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1277 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; 1226 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1278 s->compress = frag->msg_header.saved_retransmit_state.compress; 1227 s->compress = frag->msg_header.saved_retransmit_state.compress;
1279 s->session = frag->msg_header.saved_retransmit_state.session; 1228 s->session = frag->msg_header.saved_retransmit_state.session;
1280 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; 1229 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1281 1230
1282 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) 1231 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
1283 {
1284 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); 1232 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1285 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); 1233 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
1286 } 1234 }
1287 1235
1288 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 1236 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1289 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); 1237 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1290 1238
1291 /* restore current state */ 1239 /* restore current state */
1292 s->enc_write_ctx = saved_state.enc_write_ctx; 1240 s->enc_write_ctx = saved_state.enc_write_ctx;
1293 s->write_hash = saved_state.write_hash; 1241 s->write_hash = saved_state.write_hash;
1294 s->compress = saved_state.compress; 1242 s->compress = saved_state.compress;
1295 s->session = saved_state.session; 1243 s->session = saved_state.session;
1296 s->d1->w_epoch = saved_state.epoch; 1244 s->d1->w_epoch = saved_state.epoch;
1297 1245
1298 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) 1246 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
1299 {
1300 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); 1247 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1301 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); 1248 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
1302 } 1249 }
@@ -1305,47 +1252,45 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1305 1252
1306 (void)BIO_flush(SSL_get_wbio(s)); 1253 (void)BIO_flush(SSL_get_wbio(s));
1307 return ret; 1254 return ret;
1308 } 1255}
1309 1256
1310/* call this function when the buffered messages are no longer needed */ 1257/* call this function when the buffered messages are no longer needed */
1311void 1258void
1312dtls1_clear_record_buffer(SSL *s) 1259dtls1_clear_record_buffer(SSL *s)
1313 { 1260{
1314 pitem *item; 1261 pitem *item;
1315 1262
1316 for(item = pqueue_pop(s->d1->sent_messages); 1263 for(item = pqueue_pop(s->d1->sent_messages); item != NULL;
1317 item != NULL; item = pqueue_pop(s->d1->sent_messages)) 1264 item = pqueue_pop(s->d1->sent_messages)) {
1318 {
1319 dtls1_hm_fragment_free((hm_fragment *)item->data); 1265 dtls1_hm_fragment_free((hm_fragment *)item->data);
1320 pitem_free(item); 1266 pitem_free(item);
1321 }
1322 } 1267 }
1268}
1323 1269
1324 1270
1325unsigned char * 1271unsigned char *
1326dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, 1272dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1327 unsigned long len, unsigned long frag_off, unsigned long frag_len) 1273 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1328 { 1274{
1329 /* Don't change sequence numbers while listening */ 1275 /* Don't change sequence numbers while listening */
1330 if (frag_off == 0 && !s->d1->listen) 1276 if (frag_off == 0 && !s->d1->listen) {
1331 {
1332 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 1277 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1333 s->d1->next_handshake_write_seq++; 1278 s->d1->next_handshake_write_seq++;
1334 } 1279 }
1335 1280
1336 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, 1281 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1337 frag_off, frag_len); 1282 frag_off, frag_len);
1338 1283
1339 return p += DTLS1_HM_HEADER_LENGTH; 1284 return p += DTLS1_HM_HEADER_LENGTH;
1340 } 1285}
1341 1286
1342 1287
1343/* don't actually do the writing, wait till the MTU has been retrieved */ 1288/* don't actually do the writing, wait till the MTU has been retrieved */
1344static void 1289static void
1345dtls1_set_message_header_int(SSL *s, unsigned char mt, 1290dtls1_set_message_header_int(SSL *s, unsigned char mt,
1346 unsigned long len, unsigned short seq_num, unsigned long frag_off, 1291 unsigned long len, unsigned short seq_num, unsigned long frag_off,
1347 unsigned long frag_len) 1292unsigned long frag_len)
1348 { 1293{
1349 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1294 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1350 1295
1351 msg_hdr->type = mt; 1296 msg_hdr->type = mt;
@@ -1353,21 +1298,21 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt,
1353 msg_hdr->seq = seq_num; 1298 msg_hdr->seq = seq_num;
1354 msg_hdr->frag_off = frag_off; 1299 msg_hdr->frag_off = frag_off;
1355 msg_hdr->frag_len = frag_len; 1300 msg_hdr->frag_len = frag_len;
1356 } 1301}
1357 1302
1358static void 1303static void
1359dtls1_fix_message_header(SSL *s, unsigned long frag_off, 1304dtls1_fix_message_header(SSL *s, unsigned long frag_off,
1360 unsigned long frag_len) 1305 unsigned long frag_len)
1361 { 1306{
1362 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1307 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1363 1308
1364 msg_hdr->frag_off = frag_off; 1309 msg_hdr->frag_off = frag_off;
1365 msg_hdr->frag_len = frag_len; 1310 msg_hdr->frag_len = frag_len;
1366 } 1311}
1367 1312
1368static unsigned char * 1313static unsigned char *
1369dtls1_write_message_header(SSL *s, unsigned char *p) 1314dtls1_write_message_header(SSL *s, unsigned char *p)
1370 { 1315{
1371 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1316 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1372 1317
1373 *p++ = msg_hdr->type; 1318 *p++ = msg_hdr->type;
@@ -1378,33 +1323,32 @@ dtls1_write_message_header(SSL *s, unsigned char *p)
1378 l2n3(msg_hdr->frag_len, p); 1323 l2n3(msg_hdr->frag_len, p);
1379 1324
1380 return p; 1325 return p;
1381 } 1326}
1382 1327
1383unsigned int 1328unsigned int
1384dtls1_min_mtu(void) 1329dtls1_min_mtu(void)
1385 { 1330{
1386 return (g_probable_mtu[(sizeof(g_probable_mtu) / 1331 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1387 sizeof(g_probable_mtu[0])) - 1]); 1332 sizeof(g_probable_mtu[0])) - 1]);
1388 } 1333}
1389 1334
1390static unsigned int 1335static unsigned int
1391dtls1_guess_mtu(unsigned int curr_mtu) 1336dtls1_guess_mtu(unsigned int curr_mtu)
1392 { 1337{
1393 unsigned int i; 1338 unsigned int i;
1394 1339
1395 if ( curr_mtu == 0 ) 1340 if (curr_mtu == 0)
1396 return g_probable_mtu[0] ; 1341 return g_probable_mtu[0];
1397 1342
1398 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++) 1343 for (i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
1399 if ( curr_mtu > g_probable_mtu[i]) 1344 if (curr_mtu > g_probable_mtu[i])
1400 return g_probable_mtu[i]; 1345 return g_probable_mtu[i];
1401 1346
1402 return curr_mtu; 1347 return curr_mtu;
1403 } 1348}
1404 1349
1405void 1350void
1406dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) 1351dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) {
1407 {
1408 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 1352 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
1409 msg_hdr->type = *(data++); 1353 msg_hdr->type = *(data++);
1410 n2l3(data, msg_hdr->msg_len); 1354 n2l3(data, msg_hdr->msg_len);
@@ -1412,41 +1356,41 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1412 n2s(data, msg_hdr->seq); 1356 n2s(data, msg_hdr->seq);
1413 n2l3(data, msg_hdr->frag_off); 1357 n2l3(data, msg_hdr->frag_off);
1414 n2l3(data, msg_hdr->frag_len); 1358 n2l3(data, msg_hdr->frag_len);
1415 } 1359}
1416 1360
1417void 1361void
1418dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) 1362dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) {
1419 {
1420 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); 1363 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1421 1364
1422 ccs_hdr->type = *(data++); 1365 ccs_hdr->type = *(data++);
1423 } 1366}
1424 1367
1425int dtls1_shutdown(SSL *s) 1368int
1426 { 1369dtls1_shutdown(SSL *s)
1370{
1427 int ret; 1371 int ret;
1428#ifndef OPENSSL_NO_SCTP 1372#ifndef OPENSSL_NO_SCTP
1429 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 1373 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1430 !(s->shutdown & SSL_SENT_SHUTDOWN)) 1374 !(s->shutdown & SSL_SENT_SHUTDOWN)) {
1431 {
1432 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); 1375 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
1433 if (ret < 0) return -1; 1376 if (ret < 0)
1377 return -1;
1434 1378
1435 if (ret == 0) 1379 if (ret == 0)
1436 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL); 1380 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
1437 } 1381 }
1438#endif 1382#endif
1439 ret = ssl3_shutdown(s); 1383 ret = ssl3_shutdown(s);
1440#ifndef OPENSSL_NO_SCTP 1384#ifndef OPENSSL_NO_SCTP
1441 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL); 1385 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
1442#endif 1386#endif
1443 return ret; 1387 return ret;
1444 } 1388}
1445 1389
1446#ifndef OPENSSL_NO_HEARTBEATS 1390#ifndef OPENSSL_NO_HEARTBEATS
1447int 1391int
1448dtls1_process_heartbeat(SSL *s) 1392dtls1_process_heartbeat(SSL *s)
1449 { 1393{
1450 unsigned char *p = &s->s3->rrec.data[0], *pl; 1394 unsigned char *p = &s->s3->rrec.data[0], *pl;
1451 unsigned short hbtype; 1395 unsigned short hbtype;
1452 unsigned int payload; 1396 unsigned int payload;
@@ -1454,8 +1398,8 @@ dtls1_process_heartbeat(SSL *s)
1454 1398
1455 if (s->msg_callback) 1399 if (s->msg_callback)
1456 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, 1400 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
1457 &s->s3->rrec.data[0], s->s3->rrec.length, 1401 &s->s3->rrec.data[0], s->s3->rrec.length,
1458 s, s->msg_callback_arg); 1402 s, s->msg_callback_arg);
1459 1403
1460 /* Read type and payload length first */ 1404 /* Read type and payload length first */
1461 if (1 + 2 + 16 > s->s3->rrec.length) 1405 if (1 + 2 + 16 > s->s3->rrec.length)
@@ -1466,12 +1410,11 @@ dtls1_process_heartbeat(SSL *s)
1466 return 0; /* silently discard per RFC 6520 sec. 4 */ 1410 return 0; /* silently discard per RFC 6520 sec. 4 */
1467 pl = p; 1411 pl = p;
1468 1412
1469 if (hbtype == TLS1_HB_REQUEST) 1413 if (hbtype == TLS1_HB_REQUEST) {
1470 {
1471 unsigned char *buffer, *bp; 1414 unsigned char *buffer, *bp;
1472 unsigned int write_length = 1 /* heartbeat type */ + 1415 unsigned int write_length = 1 /* heartbeat type */ +
1473 2 /* heartbeat length */ + 1416 2 /* heartbeat length */ +
1474 payload + padding; 1417 payload + padding;
1475 int r; 1418 int r;
1476 1419
1477 if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) 1420 if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
@@ -1496,16 +1439,14 @@ dtls1_process_heartbeat(SSL *s)
1496 1439
1497 if (r >= 0 && s->msg_callback) 1440 if (r >= 0 && s->msg_callback)
1498 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, 1441 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1499 buffer, write_length, 1442 buffer, write_length,
1500 s, s->msg_callback_arg); 1443 s, s->msg_callback_arg);
1501 1444
1502 OPENSSL_free(buffer); 1445 OPENSSL_free(buffer);
1503 1446
1504 if (r < 0) 1447 if (r < 0)
1505 return r; 1448 return r;
1506 } 1449 } else if (hbtype == TLS1_HB_RESPONSE) {
1507 else if (hbtype == TLS1_HB_RESPONSE)
1508 {
1509 unsigned int seq; 1450 unsigned int seq;
1510 1451
1511 /* We only send sequence numbers (2 bytes unsigned int), 1452 /* We only send sequence numbers (2 bytes unsigned int),
@@ -1513,20 +1454,19 @@ dtls1_process_heartbeat(SSL *s)
1513 * sequence number */ 1454 * sequence number */
1514 n2s(pl, seq); 1455 n2s(pl, seq);
1515 1456
1516 if (payload == 18 && seq == s->tlsext_hb_seq) 1457 if (payload == 18 && seq == s->tlsext_hb_seq) {
1517 {
1518 dtls1_stop_timer(s); 1458 dtls1_stop_timer(s);
1519 s->tlsext_hb_seq++; 1459 s->tlsext_hb_seq++;
1520 s->tlsext_hb_pending = 0; 1460 s->tlsext_hb_pending = 0;
1521 }
1522 } 1461 }
1462 }
1523 1463
1524 return 0; 1464 return 0;
1525 } 1465}
1526 1466
1527int 1467int
1528dtls1_heartbeat(SSL *s) 1468dtls1_heartbeat(SSL *s)
1529 { 1469{
1530 unsigned char *buf, *p; 1470 unsigned char *buf, *p;
1531 int ret; 1471 int ret;
1532 unsigned int payload = 18; /* Sequence number + random bytes */ 1472 unsigned int payload = 18; /* Sequence number + random bytes */
@@ -1534,25 +1474,22 @@ dtls1_heartbeat(SSL *s)
1534 1474
1535 /* Only send if peer supports and accepts HB requests... */ 1475 /* Only send if peer supports and accepts HB requests... */
1536 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) || 1476 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
1537 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) 1477 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
1538 { 1478 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
1539 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
1540 return -1; 1479 return -1;
1541 } 1480 }
1542 1481
1543 /* ...and there is none in flight yet... */ 1482 /* ...and there is none in flight yet... */
1544 if (s->tlsext_hb_pending) 1483 if (s->tlsext_hb_pending) {
1545 { 1484 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
1546 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING);
1547 return -1; 1485 return -1;
1548 } 1486 }
1549 1487
1550 /* ...and no handshake in progress. */ 1488 /* ...and no handshake in progress. */
1551 if (SSL_in_init(s) || s->in_handshake) 1489 if (SSL_in_init(s) || s->in_handshake) {
1552 { 1490 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
1553 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE);
1554 return -1; 1491 return -1;
1555 } 1492 }
1556 1493
1557 /* Check if padding is too long, payload and padding 1494 /* Check if padding is too long, payload and padding
1558 * must not exceed 2^14 - 3 = 16381 bytes in total. 1495 * must not exceed 2^14 - 3 = 16381 bytes in total.
@@ -1583,19 +1520,18 @@ dtls1_heartbeat(SSL *s)
1583 RAND_pseudo_bytes(p, padding); 1520 RAND_pseudo_bytes(p, padding);
1584 1521
1585 ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); 1522 ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
1586 if (ret >= 0) 1523 if (ret >= 0) {
1587 {
1588 if (s->msg_callback) 1524 if (s->msg_callback)
1589 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, 1525 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1590 buf, 3 + payload + padding, 1526 buf, 3 + payload + padding,
1591 s, s->msg_callback_arg); 1527 s, s->msg_callback_arg);
1592 1528
1593 dtls1_start_timer(s); 1529 dtls1_start_timer(s);
1594 s->tlsext_hb_pending = 1; 1530 s->tlsext_hb_pending = 1;
1595 } 1531 }
1596 1532
1597 OPENSSL_free(buf); 1533 OPENSSL_free(buf);
1598 1534
1599 return ret; 1535 return ret;
1600 } 1536}
1601#endif 1537#endif
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index 712c4647f2..1967e7a95e 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -134,127 +134,114 @@
134 * 1: if the record's padding is valid / the encryption was successful. 134 * 1: if the record's padding is valid / the encryption was successful.
135 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, 135 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
136 * an internal error occured. */ 136 * an internal error occured. */
137int dtls1_enc(SSL *s, int send) 137int
138 { 138dtls1_enc(SSL *s, int send)
139{
139 SSL3_RECORD *rec; 140 SSL3_RECORD *rec;
140 EVP_CIPHER_CTX *ds; 141 EVP_CIPHER_CTX *ds;
141 unsigned long l; 142 unsigned long l;
142 int bs,i,j,k,mac_size=0; 143 int bs, i, j, k, mac_size = 0;
143 const EVP_CIPHER *enc; 144 const EVP_CIPHER *enc;
144 145
145 if (send) 146 if (send) {
146 { 147 if (EVP_MD_CTX_md(s->write_hash)) {
147 if (EVP_MD_CTX_md(s->write_hash)) 148 mac_size = EVP_MD_CTX_size(s->write_hash);
148 {
149 mac_size=EVP_MD_CTX_size(s->write_hash);
150 if (mac_size < 0) 149 if (mac_size < 0)
151 return -1; 150 return -1;
152 } 151 }
153 ds=s->enc_write_ctx; 152 ds = s->enc_write_ctx;
154 rec= &(s->s3->wrec); 153 rec = &(s->s3->wrec);
155 if (s->enc_write_ctx == NULL) 154 if (s->enc_write_ctx == NULL)
156 enc=NULL; 155 enc = NULL;
157 else 156 else {
158 { 157 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
159 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 158 if (rec->data != rec->input)
160 if ( rec->data != rec->input)
161 /* we can't write into the input stream */ 159 /* we can't write into the input stream */
162 fprintf(stderr, "%s:%d: rec->data != rec->input\n", 160 fprintf(stderr, "%s:%d: rec->data != rec->input\n",
163 __FILE__, __LINE__); 161 __FILE__, __LINE__);
164 else if ( EVP_CIPHER_block_size(ds->cipher) > 1) 162 else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
165 {
166 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0) 163 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
167 return -1; 164 return -1;
168 }
169 } 165 }
170 } 166 }
171 else 167 } else {
172 { 168 if (EVP_MD_CTX_md(s->read_hash)) {
173 if (EVP_MD_CTX_md(s->read_hash)) 169 mac_size = EVP_MD_CTX_size(s->read_hash);
174 {
175 mac_size=EVP_MD_CTX_size(s->read_hash);
176 OPENSSL_assert(mac_size >= 0); 170 OPENSSL_assert(mac_size >= 0);
177 } 171 }
178 ds=s->enc_read_ctx; 172 ds = s->enc_read_ctx;
179 rec= &(s->s3->rrec); 173 rec = &(s->s3->rrec);
180 if (s->enc_read_ctx == NULL) 174 if (s->enc_read_ctx == NULL)
181 enc=NULL; 175 enc = NULL;
182 else 176 else
183 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 177 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
184 } 178 }
185 179
186#ifdef KSSL_DEBUG 180#ifdef KSSL_DEBUG
187 printf("dtls1_enc(%d)\n", send); 181 printf("dtls1_enc(%d)\n", send);
188#endif /* KSSL_DEBUG */ 182#endif /* KSSL_DEBUG */
189 183
190 if ((s->session == NULL) || (ds == NULL) || 184 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
191 (enc == NULL)) 185 memmove(rec->data, rec->input, rec->length);
192 { 186 rec->input = rec->data;
193 memmove(rec->data,rec->input,rec->length); 187 } else {
194 rec->input=rec->data; 188 l = rec->length;
195 } 189 bs = EVP_CIPHER_block_size(ds->cipher);
196 else
197 {
198 l=rec->length;
199 bs=EVP_CIPHER_block_size(ds->cipher);
200 190
201 if ((bs != 1) && send) 191 if ((bs != 1) && send) {
202 { 192 i = bs - ((int)l % bs);
203 i=bs-((int)l%bs);
204 193
205 /* Add weird padding of upto 256 bytes */ 194 /* Add weird padding of upto 256 bytes */
206 195
207 /* we need to add 'i' padding bytes of value j */ 196 /* we need to add 'i' padding bytes of value j */
208 j=i-1; 197 j = i - 1;
209 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) 198 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) {
210 {
211 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 199 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
212 j++; 200 j++;
213 }
214 for (k=(int)l; k<(int)(l+i); k++)
215 rec->input[k]=j;
216 l+=i;
217 rec->length+=i;
218 } 201 }
202 for (k = (int)l; k < (int)(l + i); k++)
203 rec->input[k] = j;
204 l += i;
205 rec->length += i;
206 }
219 207
220#ifdef KSSL_DEBUG 208#ifdef KSSL_DEBUG
221 { 209 {
222 unsigned long ui; 210 unsigned long ui;
223 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", 211 printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
224 ds,rec->data,rec->input,l); 212 ds, rec->data, rec->input, l);
225 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", 213 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
226 ds->buf_len, ds->cipher->key_len, 214 ds->buf_len, ds->cipher->key_len,
227 DES_KEY_SZ, DES_SCHEDULE_SZ, 215 DES_KEY_SZ, DES_SCHEDULE_SZ,
228 ds->cipher->iv_len); 216 ds->cipher->iv_len);
229 printf("\t\tIV: "); 217 printf("\t\tIV: ");
230 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); 218 for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
231 printf("\n"); 219 printf("\n");
232 printf("\trec->input="); 220 printf("\trec->input=");
233 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); 221 for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
234 printf("\n"); 222 printf("\n");
235 } 223 }
236#endif /* KSSL_DEBUG */ 224#endif /* KSSL_DEBUG */
237 225
238 if (!send) 226 if (!send) {
239 { 227 if (l == 0 || l % bs != 0)
240 if (l == 0 || l%bs != 0)
241 return 0; 228 return 0;
242 } 229 }
243 230
244 EVP_Cipher(ds,rec->data,rec->input,l); 231 EVP_Cipher(ds, rec->data, rec->input, l);
245 232
246#ifdef KSSL_DEBUG 233#ifdef KSSL_DEBUG
247 { 234 {
248 unsigned long i; 235 unsigned long i;
249 printf("\trec->data="); 236 printf("\trec->data=");
250 for (i=0; i<l; i++) 237 for (i = 0; i < l; i++)
251 printf(" %02x", rec->data[i]); printf("\n"); 238 printf(" %02x", rec->data[i]); printf("\n");
252 } 239 }
253#endif /* KSSL_DEBUG */ 240#endif /* KSSL_DEBUG */
254 241
255 if ((bs != 1) && !send) 242 if ((bs != 1) && !send)
256 return tls1_cbc_remove_padding(s, rec, bs, mac_size); 243 return tls1_cbc_remove_padding(s, rec, bs, mac_size);
257 }
258 return(1);
259 } 244 }
245 return (1);
246}
260 247
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 750f83e04a..3da7c36545 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -70,8 +70,8 @@ static void get_current_time(struct timeval *t);
70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; 70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
71int dtls1_listen(SSL *s, struct sockaddr *client); 71int dtls1_listen(SSL *s, struct sockaddr *client);
72 72
73SSL3_ENC_METHOD DTLSv1_enc_data={ 73SSL3_ENC_METHOD DTLSv1_enc_data = {
74 dtls1_enc, 74 dtls1_enc,
75 tls1_mac, 75 tls1_mac,
76 tls1_setup_key_block, 76 tls1_setup_key_block,
77 tls1_generate_master_secret, 77 tls1_generate_master_secret,
@@ -79,137 +79,139 @@ SSL3_ENC_METHOD DTLSv1_enc_data={
79 tls1_final_finish_mac, 79 tls1_final_finish_mac,
80 TLS1_FINISH_MAC_LENGTH, 80 TLS1_FINISH_MAC_LENGTH,
81 tls1_cert_verify_mac, 81 tls1_cert_verify_mac,
82 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, 82 TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
83 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, 83 TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
84 tls1_alert_code, 84 tls1_alert_code,
85 tls1_export_keying_material, 85 tls1_export_keying_material,
86 }; 86};
87 87
88long dtls1_default_timeout(void) 88long
89 { 89dtls1_default_timeout(void)
90{
90 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec 91 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
91 * is way too long for http, the cache would over fill */ 92 * is way too long for http, the cache would over fill */
92 return(60*60*2); 93 return (60*60*2);
93 } 94}
94 95
95int dtls1_new(SSL *s) 96int
96 { 97dtls1_new(SSL *s)
98{
97 DTLS1_STATE *d1; 99 DTLS1_STATE *d1;
98 100
99 if (!ssl3_new(s)) return(0); 101 if (!ssl3_new(s))
100 if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0); 102 return (0);
101 memset(d1,0, sizeof *d1); 103 if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
104 memset(d1, 0, sizeof *d1);
102 105
103 /* d1->handshake_epoch=0; */ 106 /* d1->handshake_epoch=0; */
104 107
105 d1->unprocessed_rcds.q=pqueue_new(); 108 d1->unprocessed_rcds.q = pqueue_new();
106 d1->processed_rcds.q=pqueue_new(); 109 d1->processed_rcds.q = pqueue_new();
107 d1->buffered_messages = pqueue_new(); 110 d1->buffered_messages = pqueue_new();
108 d1->sent_messages=pqueue_new(); 111 d1->sent_messages = pqueue_new();
109 d1->buffered_app_data.q=pqueue_new(); 112 d1->buffered_app_data.q = pqueue_new();
110 113
111 if ( s->server) 114 if (s->server) {
112 {
113 d1->cookie_len = sizeof(s->d1->cookie); 115 d1->cookie_len = sizeof(s->d1->cookie);
114 } 116 }
115 117
116 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q 118 if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q ||
117 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) 119 !d1->buffered_messages || !d1->sent_messages ||
118 { 120 !d1->buffered_app_data.q) {
119 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); 121 if (d1->unprocessed_rcds.q)
120 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); 122 pqueue_free(d1->unprocessed_rcds.q);
121 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); 123 if (d1->processed_rcds.q)
122 if ( d1->sent_messages) pqueue_free(d1->sent_messages); 124 pqueue_free(d1->processed_rcds.q);
123 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); 125 if (d1->buffered_messages)
126 pqueue_free(d1->buffered_messages);
127 if (d1->sent_messages)
128 pqueue_free(d1->sent_messages);
129 if (d1->buffered_app_data.q)
130 pqueue_free(d1->buffered_app_data.q);
124 OPENSSL_free(d1); 131 OPENSSL_free(d1);
125 return (0); 132 return (0);
126 } 133 }
127 134
128 s->d1=d1; 135 s->d1 = d1;
129 s->method->ssl_clear(s); 136 s->method->ssl_clear(s);
130 return(1); 137 return (1);
131 } 138}
132 139
133static void dtls1_clear_queues(SSL *s) 140static void
134 { 141dtls1_clear_queues(SSL *s)
135 pitem *item = NULL; 142{
136 hm_fragment *frag = NULL; 143 pitem *item = NULL;
144 hm_fragment *frag = NULL;
137 DTLS1_RECORD_DATA *rdata; 145 DTLS1_RECORD_DATA *rdata;
138 146
139 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) 147 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
140 {
141 rdata = (DTLS1_RECORD_DATA *) item->data; 148 rdata = (DTLS1_RECORD_DATA *) item->data;
142 if (rdata->rbuf.buf) 149 if (rdata->rbuf.buf) {
143 {
144 OPENSSL_free(rdata->rbuf.buf); 150 OPENSSL_free(rdata->rbuf.buf);
145 } 151 }
146 OPENSSL_free(item->data); 152 OPENSSL_free(item->data);
147 pitem_free(item); 153 pitem_free(item);
148 } 154 }
149 155
150 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) 156 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
151 {
152 rdata = (DTLS1_RECORD_DATA *) item->data; 157 rdata = (DTLS1_RECORD_DATA *) item->data;
153 if (rdata->rbuf.buf) 158 if (rdata->rbuf.buf) {
154 {
155 OPENSSL_free(rdata->rbuf.buf); 159 OPENSSL_free(rdata->rbuf.buf);
156 } 160 }
157 OPENSSL_free(item->data); 161 OPENSSL_free(item->data);
158 pitem_free(item); 162 pitem_free(item);
159 } 163 }
160 164
161 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) 165 while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
162 {
163 frag = (hm_fragment *)item->data;
164 OPENSSL_free(frag->fragment);
165 OPENSSL_free(frag);
166 pitem_free(item);
167 }
168
169 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
170 {
171 frag = (hm_fragment *)item->data;
172 OPENSSL_free(frag->fragment);
173 OPENSSL_free(frag);
174 pitem_free(item);
175 }
176
177 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
178 {
179 frag = (hm_fragment *)item->data; 166 frag = (hm_fragment *)item->data;
180 OPENSSL_free(frag->fragment); 167 OPENSSL_free(frag->fragment);
181 OPENSSL_free(frag); 168 OPENSSL_free(frag);
182 pitem_free(item); 169 pitem_free(item);
183 }
184 } 170 }
185 171
186void dtls1_free(SSL *s) 172 while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
187 { 173 frag = (hm_fragment *)item->data;
174 OPENSSL_free(frag->fragment);
175 OPENSSL_free(frag);
176 pitem_free(item);
177 }
178
179 while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
180 frag = (hm_fragment *)item->data;
181 OPENSSL_free(frag->fragment);
182 OPENSSL_free(frag);
183 pitem_free(item);
184 }
185}
186
187void
188dtls1_free(SSL *s)
189{
188 ssl3_free(s); 190 ssl3_free(s);
189 191
190 dtls1_clear_queues(s); 192 dtls1_clear_queues(s);
191 193
192 pqueue_free(s->d1->unprocessed_rcds.q); 194 pqueue_free(s->d1->unprocessed_rcds.q);
193 pqueue_free(s->d1->processed_rcds.q); 195 pqueue_free(s->d1->processed_rcds.q);
194 pqueue_free(s->d1->buffered_messages); 196 pqueue_free(s->d1->buffered_messages);
195 pqueue_free(s->d1->sent_messages); 197 pqueue_free(s->d1->sent_messages);
196 pqueue_free(s->d1->buffered_app_data.q); 198 pqueue_free(s->d1->buffered_app_data.q);
197 199
198 OPENSSL_free(s->d1); 200 OPENSSL_free(s->d1);
199 s->d1 = NULL; 201 s->d1 = NULL;
200 } 202}
201 203
202void dtls1_clear(SSL *s) 204void
203 { 205dtls1_clear(SSL *s)
204 pqueue unprocessed_rcds; 206{
205 pqueue processed_rcds; 207 pqueue unprocessed_rcds;
206 pqueue buffered_messages; 208 pqueue processed_rcds;
209 pqueue buffered_messages;
207 pqueue sent_messages; 210 pqueue sent_messages;
208 pqueue buffered_app_data; 211 pqueue buffered_app_data;
209 unsigned int mtu; 212 unsigned int mtu;
210 213
211 if (s->d1) 214 if (s->d1) {
212 {
213 unprocessed_rcds = s->d1->unprocessed_rcds.q; 215 unprocessed_rcds = s->d1->unprocessed_rcds.q;
214 processed_rcds = s->d1->processed_rcds.q; 216 processed_rcds = s->d1->processed_rcds.q;
215 buffered_messages = s->d1->buffered_messages; 217 buffered_messages = s->d1->buffered_messages;
@@ -221,41 +223,38 @@ void dtls1_clear(SSL *s)
221 223
222 memset(s->d1, 0, sizeof(*(s->d1))); 224 memset(s->d1, 0, sizeof(*(s->d1)));
223 225
224 if (s->server) 226 if (s->server) {
225 {
226 s->d1->cookie_len = sizeof(s->d1->cookie); 227 s->d1->cookie_len = sizeof(s->d1->cookie);
227 } 228 }
228 229
229 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) 230 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
230 {
231 s->d1->mtu = mtu; 231 s->d1->mtu = mtu;
232 } 232 }
233 233
234 s->d1->unprocessed_rcds.q = unprocessed_rcds; 234 s->d1->unprocessed_rcds.q = unprocessed_rcds;
235 s->d1->processed_rcds.q = processed_rcds; 235 s->d1->processed_rcds.q = processed_rcds;
236 s->d1->buffered_messages = buffered_messages; 236 s->d1->buffered_messages = buffered_messages;
237 s->d1->sent_messages = sent_messages; 237 s->d1->sent_messages = sent_messages;
238 s->d1->buffered_app_data.q = buffered_app_data; 238 s->d1->buffered_app_data.q = buffered_app_data;
239 } 239 }
240 240
241 ssl3_clear(s); 241 ssl3_clear(s);
242 if (s->options & SSL_OP_CISCO_ANYCONNECT) 242 if (s->options & SSL_OP_CISCO_ANYCONNECT)
243 s->version=DTLS1_BAD_VER; 243 s->version = DTLS1_BAD_VER;
244 else 244 else
245 s->version=DTLS1_VERSION; 245 s->version = DTLS1_VERSION;
246 } 246}
247 247
248long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) 248long
249 { 249dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
250 int ret=0; 250{
251 int ret = 0;
251 252
252 switch (cmd) 253 switch (cmd) {
253 {
254 case DTLS_CTRL_GET_TIMEOUT: 254 case DTLS_CTRL_GET_TIMEOUT:
255 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) 255 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) {
256 {
257 ret = 1; 256 ret = 1;
258 } 257 }
259 break; 258 break;
260 case DTLS_CTRL_HANDLE_TIMEOUT: 259 case DTLS_CTRL_HANDLE_TIMEOUT:
261 ret = dtls1_handle_timeout(s); 260 ret = dtls1_handle_timeout(s);
@@ -267,9 +266,9 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
267 default: 266 default:
268 ret = ssl3_ctrl(s, cmd, larg, parg); 267 ret = ssl3_ctrl(s, cmd, larg, parg);
269 break; 268 break;
270 }
271 return(ret);
272 } 269 }
270 return (ret);
271}
273 272
274/* 273/*
275 * As it's impossible to use stream ciphers in "datagram" mode, this 274 * As it's impossible to use stream ciphers in "datagram" mode, this
@@ -278,53 +277,51 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
278 * to explicitly list their SSL_* codes. Currently RC4 is the only one 277 * to explicitly list their SSL_* codes. Currently RC4 is the only one
279 * available, but if new ones emerge, they will have to be added... 278 * available, but if new ones emerge, they will have to be added...
280 */ 279 */
281const SSL_CIPHER *dtls1_get_cipher(unsigned int u) 280const SSL_CIPHER
282 { 281*dtls1_get_cipher(unsigned int u)
282{
283 const SSL_CIPHER *ciph = ssl3_get_cipher(u); 283 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
284 284
285 if (ciph != NULL) 285 if (ciph != NULL) {
286 {
287 if (ciph->algorithm_enc == SSL_RC4) 286 if (ciph->algorithm_enc == SSL_RC4)
288 return NULL; 287 return NULL;
289 } 288 }
290 289
291 return ciph; 290 return ciph;
292 } 291}
293 292
294void dtls1_start_timer(SSL *s) 293void
295 { 294dtls1_start_timer(SSL *s)
295{
296#ifndef OPENSSL_NO_SCTP 296#ifndef OPENSSL_NO_SCTP
297 /* Disable timer for SCTP */ 297 /* Disable timer for SCTP */
298 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 298 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
299 {
300 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 299 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
301 return; 300 return;
302 } 301 }
303#endif 302#endif
304 303
305 /* If timer is not set, initialize duration with 1 second */ 304 /* If timer is not set, initialize duration with 1 second */
306 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) 305 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
307 {
308 s->d1->timeout_duration = 1; 306 s->d1->timeout_duration = 1;
309 } 307 }
310 308
311 /* Set timeout to current time */ 309 /* Set timeout to current time */
312 get_current_time(&(s->d1->next_timeout)); 310 get_current_time(&(s->d1->next_timeout));
313 311
314 /* Add duration to current time */ 312 /* Add duration to current time */
315 s->d1->next_timeout.tv_sec += s->d1->timeout_duration; 313 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
316 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); 314 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
317 } 315}
318 316
319struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) 317struct timeval*
320 { 318dtls1_get_timeout(SSL *s, struct timeval* timeleft) {
321 struct timeval timenow; 319 struct timeval timenow;
322 320
323 /* If no timeout is set, just return NULL */ 321 /* If no timeout is set, just return NULL */
324 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) 322 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
325 {
326 return NULL; 323 return NULL;
327 } 324 }
328 325
329 /* Get current time */ 326 /* Get current time */
330 get_current_time(&timenow); 327 get_current_time(&timenow);
@@ -332,65 +329,63 @@ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
332 /* If timer already expired, set remaining time to 0 */ 329 /* If timer already expired, set remaining time to 0 */
333 if (s->d1->next_timeout.tv_sec < timenow.tv_sec || 330 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
334 (s->d1->next_timeout.tv_sec == timenow.tv_sec && 331 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
335 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) 332 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
336 {
337 memset(timeleft, 0, sizeof(struct timeval)); 333 memset(timeleft, 0, sizeof(struct timeval));
338 return timeleft; 334 return timeleft;
339 } 335 }
340 336
341 /* Calculate time left until timer expires */ 337 /* Calculate time left until timer expires */
342 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); 338 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
343 timeleft->tv_sec -= timenow.tv_sec; 339 timeleft->tv_sec -= timenow.tv_sec;
344 timeleft->tv_usec -= timenow.tv_usec; 340 timeleft->tv_usec -= timenow.tv_usec;
345 if (timeleft->tv_usec < 0) 341 if (timeleft->tv_usec < 0) {
346 {
347 timeleft->tv_sec--; 342 timeleft->tv_sec--;
348 timeleft->tv_usec += 1000000; 343 timeleft->tv_usec += 1000000;
349 } 344 }
350 345
351 /* If remaining time is less than 15 ms, set it to 0 346 /* If remaining time is less than 15 ms, set it to 0
352 * to prevent issues because of small devergences with 347 * to prevent issues because of small devergences with
353 * socket timeouts. 348 * socket timeouts.
354 */ 349 */
355 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) 350 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
356 {
357 memset(timeleft, 0, sizeof(struct timeval)); 351 memset(timeleft, 0, sizeof(struct timeval));
358 } 352 }
359 353
360 354
361 return timeleft; 355 return timeleft;
362 } 356}
363 357
364int dtls1_is_timer_expired(SSL *s) 358int
365 { 359dtls1_is_timer_expired(SSL *s)
360{
366 struct timeval timeleft; 361 struct timeval timeleft;
367 362
368 /* Get time left until timeout, return false if no timer running */ 363 /* Get time left until timeout, return false if no timer running */
369 if (dtls1_get_timeout(s, &timeleft) == NULL) 364 if (dtls1_get_timeout(s, &timeleft) == NULL) {
370 {
371 return 0; 365 return 0;
372 } 366 }
373 367
374 /* Return false if timer is not expired yet */ 368 /* Return false if timer is not expired yet */
375 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) 369 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
376 {
377 return 0; 370 return 0;
378 } 371 }
379 372
380 /* Timer expired, so return true */ 373 /* Timer expired, so return true */
381 return 1; 374 return 1;
382 } 375}
383 376
384void dtls1_double_timeout(SSL *s) 377void
385 { 378dtls1_double_timeout(SSL *s)
379{
386 s->d1->timeout_duration *= 2; 380 s->d1->timeout_duration *= 2;
387 if (s->d1->timeout_duration > 60) 381 if (s->d1->timeout_duration > 60)
388 s->d1->timeout_duration = 60; 382 s->d1->timeout_duration = 60;
389 dtls1_start_timer(s); 383 dtls1_start_timer(s);
390 } 384}
391 385
392void dtls1_stop_timer(SSL *s) 386void
393 { 387dtls1_stop_timer(SSL *s)
388{
394 /* Reset everything */ 389 /* Reset everything */
395 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); 390 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
396 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 391 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
@@ -398,35 +393,35 @@ void dtls1_stop_timer(SSL *s)
398 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); 393 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
399 /* Clear retransmission buffer */ 394 /* Clear retransmission buffer */
400 dtls1_clear_record_buffer(s); 395 dtls1_clear_record_buffer(s);
401 } 396}
402 397
403int dtls1_check_timeout_num(SSL *s) 398int
404 { 399dtls1_check_timeout_num(SSL *s)
400{
405 s->d1->timeout.num_alerts++; 401 s->d1->timeout.num_alerts++;
406 402
407 /* Reduce MTU after 2 unsuccessful retransmissions */ 403 /* Reduce MTU after 2 unsuccessful retransmissions */
408 if (s->d1->timeout.num_alerts > 2) 404 if (s->d1->timeout.num_alerts > 2) {
409 { 405 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
410 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
411 }
412 406
413 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) 407 }
414 { 408
409 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
415 /* fail the connection, enough alerts have been sent */ 410 /* fail the connection, enough alerts have been sent */
416 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED); 411 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
417 return -1; 412 return -1;
418 } 413 }
419 414
420 return 0; 415 return 0;
421 } 416}
422 417
423int dtls1_handle_timeout(SSL *s) 418int
424 { 419dtls1_handle_timeout(SSL *s)
420{
425 /* if no timer is expired, don't do anything */ 421 /* if no timer is expired, don't do anything */
426 if (!dtls1_is_timer_expired(s)) 422 if (!dtls1_is_timer_expired(s)) {
427 {
428 return 0; 423 return 0;
429 } 424 }
430 425
431 dtls1_double_timeout(s); 426 dtls1_double_timeout(s);
432 427
@@ -434,38 +429,39 @@ int dtls1_handle_timeout(SSL *s)
434 return -1; 429 return -1;
435 430
436 s->d1->timeout.read_timeouts++; 431 s->d1->timeout.read_timeouts++;
437 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) 432 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
438 {
439 s->d1->timeout.read_timeouts = 1; 433 s->d1->timeout.read_timeouts = 1;
440 } 434 }
441 435
442#ifndef OPENSSL_NO_HEARTBEATS 436#ifndef OPENSSL_NO_HEARTBEATS
443 if (s->tlsext_hb_pending) 437 if (s->tlsext_hb_pending) {
444 {
445 s->tlsext_hb_pending = 0; 438 s->tlsext_hb_pending = 0;
446 return dtls1_heartbeat(s); 439 return dtls1_heartbeat(s);
447 } 440 }
448#endif 441#endif
449 442
450 dtls1_start_timer(s); 443 dtls1_start_timer(s);
451 return dtls1_retransmit_buffered_messages(s); 444 return dtls1_retransmit_buffered_messages(s);
452 } 445}
453 446
454static void get_current_time(struct timeval *t) 447static void
448get_current_time(struct timeval *t)
455{ 449{
456 gettimeofday(t, NULL); 450 gettimeofday(t, NULL);
457} 451}
458 452
459int dtls1_listen(SSL *s, struct sockaddr *client) 453int
460 { 454dtls1_listen(SSL *s, struct sockaddr *client)
455{
461 int ret; 456 int ret;
462 457
463 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); 458 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
464 s->d1->listen = 1; 459 s->d1->listen = 1;
465 460
466 ret = SSL_accept(s); 461 ret = SSL_accept(s);
467 if (ret <= 0) return ret; 462 if (ret <= 0)
468 463 return ret;
469 (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); 464
465 (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
470 return 1; 466 return 1;
471 } 467}
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
index 5c4004bfe3..2d3f3920ec 100644
--- a/src/lib/libssl/d1_meth.c
+++ b/src/lib/libssl/d1_meth.c
@@ -62,16 +62,14 @@
62#include "ssl_locl.h" 62#include "ssl_locl.h"
63 63
64static const SSL_METHOD *dtls1_get_method(int ver); 64static const SSL_METHOD *dtls1_get_method(int ver);
65static const SSL_METHOD *dtls1_get_method(int ver) 65static const SSL_METHOD
66 { 66*dtls1_get_method(int ver)
67{
67 if (ver == DTLS1_VERSION) 68 if (ver == DTLS1_VERSION)
68 return(DTLSv1_method()); 69 return (DTLSv1_method());
69 else 70 else
70 return(NULL); 71 return (NULL);
71 } 72}
72 73
73IMPLEMENT_dtls1_meth_func(DTLSv1_method, 74IMPLEMENT_dtls1_meth_func(DTLSv1_method,
74 dtls1_accept, 75 dtls1_accept, dtls1_connect, dtls1_get_method)
75 dtls1_connect,
76 dtls1_get_method)
77
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 52f7fc022f..30fe8460fb 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -122,107 +122,120 @@
122#include <openssl/rand.h> 122#include <openssl/rand.h>
123 123
124/* mod 128 saturating subtract of two 64-bit values in big-endian order */ 124/* mod 128 saturating subtract of two 64-bit values in big-endian order */
125static int satsub64be(const unsigned char *v1,const unsigned char *v2) 125static int
126{ int ret,sat,brw,i; 126satsub64be(const unsigned char *v1, const unsigned char *v2)
127 127{
128 if (sizeof(long) == 8) do 128 int ret, sat, brw, i;
129 { const union { long one; char little; } is_endian = {1}; 129
130 long l; 130 if (sizeof(long) == 8)
131 131 do {
132 if (is_endian.little) break; 132 const union {
133 /* not reached on little-endians */ 133 long one;
134 /* following test is redundant, because input is 134 char little;
135 * always aligned, but I take no chances... */ 135 } is_endian = {1};
136 if (((size_t)v1|(size_t)v2)&0x7) break; 136 long l;
137 137
138 l = *((long *)v1); 138 if (is_endian.little)
139 l -= *((long *)v2); 139 break;
140 if (l>128) return 128; 140 /* not reached on little-endians */
141 else if (l<-128) return -128; 141 /* following test is redundant, because input is
142 else return (int)l; 142 * always aligned, but I take no chances... */
143 } while (0); 143 if (((size_t)v1 | (size_t)v2) & 0x7)
144 144 break;
145 ret = (int)v1[7]-(int)v2[7]; 145
146 l = *((long *)v1);
147 l -= *((long *)v2);
148 if (l > 128)
149 return 128;
150 else if (l<-128)
151 return -128;
152 else
153 return (int)l;
154 } while (0);
155
156 ret = (int)v1[7] - (int)v2[7];
146 sat = 0; 157 sat = 0;
147 brw = ret>>8; /* brw is either 0 or -1 */ 158 brw = ret >> 8; /* brw is either 0 or -1 */
148 if (ret & 0x80) 159 if (ret & 0x80) {
149 { for (i=6;i>=0;i--) 160 for (i = 6; i >= 0; i--) {
150 { brw += (int)v1[i]-(int)v2[i]; 161 brw += (int)v1[i]-(int)v2[i];
151 sat |= ~brw; 162 sat |= ~brw;
152 brw >>= 8; 163 brw >>= 8;
153 } 164 }
154 } 165 } else {
155 else 166 for (i = 6; i >= 0; i--) {
156 { for (i=6;i>=0;i--) 167 brw += (int)v1[i]-(int)v2[i];
157 { brw += (int)v1[i]-(int)v2[i];
158 sat |= brw; 168 sat |= brw;
159 brw >>= 8; 169 brw >>= 8;
160 } 170 }
161 } 171 }
162 brw <<= 8; /* brw is either 0 or -256 */ 172 brw <<= 8; /* brw is either 0 or -256 */
163 173
164 if (sat&0xff) return brw | 0x80; 174 if (sat & 0xff)
165 else return brw + (ret&0xFF); 175 return brw | 0x80;
176 else
177 return brw + (ret & 0xFF);
166} 178}
167 179
168static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 180static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
169 int len, int peek); 181 int len, int peek);
170static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); 182static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
171static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); 183static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
172static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, 184static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
173 unsigned int *is_next_epoch); 185 unsigned int *is_next_epoch);
174#if 0 186#if 0
175static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, 187static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
176 unsigned short *priority, unsigned long *offset); 188 unsigned short *priority, unsigned long *offset);
177#endif 189#endif
178static int dtls1_buffer_record(SSL *s, record_pqueue *q, 190static int dtls1_buffer_record(SSL *s, record_pqueue *q,
179 unsigned char *priority); 191 unsigned char *priority);
180static int dtls1_process_record(SSL *s); 192static int dtls1_process_record(SSL *s);
181 193
182/* copy buffered record into SSL structure */ 194/* copy buffered record into SSL structure */
183static int 195static int
184dtls1_copy_record(SSL *s, pitem *item) 196dtls1_copy_record(SSL *s, pitem *item)
185 { 197{
186 DTLS1_RECORD_DATA *rdata; 198 DTLS1_RECORD_DATA *rdata;
187 199
188 rdata = (DTLS1_RECORD_DATA *)item->data; 200 rdata = (DTLS1_RECORD_DATA *)item->data;
189 201
190 if (s->s3->rbuf.buf != NULL) 202 if (s->s3->rbuf.buf != NULL)
191 OPENSSL_free(s->s3->rbuf.buf); 203 OPENSSL_free(s->s3->rbuf.buf);
192 204
193 s->packet = rdata->packet; 205 s->packet = rdata->packet;
194 s->packet_length = rdata->packet_length; 206 s->packet_length = rdata->packet_length;
195 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 207 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
196 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 208 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
197 209
198 /* Set proper sequence number for mac calculation */ 210 /* Set proper sequence number for mac calculation */
199 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); 211 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
200 212
201 return(1); 213 return (1);
202 } 214}
203 215
204 216
205static int 217static int
206dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) 218dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
207 { 219{
208 DTLS1_RECORD_DATA *rdata; 220 DTLS1_RECORD_DATA *rdata;
209 pitem *item; 221 pitem *item;
210 222
211 /* Limit the size of the queue to prevent DOS attacks */ 223 /* Limit the size of the queue to prevent DOS attacks */
212 if (pqueue_size(queue->q) >= 100) 224 if (pqueue_size(queue->q) >= 100)
213 return 0; 225 return 0;
214 226
215 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); 227 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
216 item = pitem_new(priority, rdata); 228 item = pitem_new(priority, rdata);
217 if (rdata == NULL || item == NULL) 229 if (rdata == NULL || item == NULL) {
218 { 230 if (rdata != NULL)
219 if (rdata != NULL) OPENSSL_free(rdata); 231 OPENSSL_free(rdata);
220 if (item != NULL) pitem_free(item); 232 if (item != NULL)
221 233 pitem_free(item);
234
222 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); 235 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
223 return(0); 236 return (0);
224 } 237 }
225 238
226 rdata->packet = s->packet; 239 rdata->packet = s->packet;
227 rdata->packet_length = s->packet_length; 240 rdata->packet_length = s->packet_length;
228 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); 241 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
@@ -233,54 +246,51 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
233#ifndef OPENSSL_NO_SCTP 246#ifndef OPENSSL_NO_SCTP
234 /* Store bio_dgram_sctp_rcvinfo struct */ 247 /* Store bio_dgram_sctp_rcvinfo struct */
235 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 248 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
236 (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) { 249 (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
237 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); 250 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
238 } 251 }
239#endif 252#endif
240 253
241 /* insert should not fail, since duplicates are dropped */ 254 /* insert should not fail, since duplicates are dropped */
242 if (pqueue_insert(queue->q, item) == NULL) 255 if (pqueue_insert(queue->q, item) == NULL) {
243 {
244 OPENSSL_free(rdata); 256 OPENSSL_free(rdata);
245 pitem_free(item); 257 pitem_free(item);
246 return(0); 258 return (0);
247 } 259 }
248 260
249 s->packet = NULL; 261 s->packet = NULL;
250 s->packet_length = 0; 262 s->packet_length = 0;
251 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); 263 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
252 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); 264 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
253 265
254 if (!ssl3_setup_buffers(s)) 266 if (!ssl3_setup_buffers(s)) {
255 {
256 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); 267 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
257 OPENSSL_free(rdata); 268 OPENSSL_free(rdata);
258 pitem_free(item); 269 pitem_free(item);
259 return(0); 270 return (0);
260 }
261
262 return(1);
263 } 271 }
264 272
273 return (1);
274}
275
265 276
266static int 277static int
267dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) 278dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
268 { 279{
269 pitem *item; 280 pitem *item;
270 281
271 item = pqueue_pop(queue->q); 282 item = pqueue_pop(queue->q);
272 if (item) 283 if (item) {
273 { 284 dtls1_copy_record(s, item);
274 dtls1_copy_record(s, item);
275 285
276 OPENSSL_free(item->data); 286 OPENSSL_free(item->data);
277 pitem_free(item); 287 pitem_free(item);
278 288
279 return(1); 289 return (1);
280 } 290 }
281 291
282 return(0); 292 return (0);
283 } 293}
284 294
285 295
286/* retrieve a buffered record that belongs to the new epoch, i.e., not processed 296/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
@@ -296,98 +306,96 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
296 306
297static int 307static int
298dtls1_process_buffered_records(SSL *s) 308dtls1_process_buffered_records(SSL *s)
299 { 309{
300 pitem *item; 310 pitem *item;
301 311
302 item = pqueue_peek(s->d1->unprocessed_rcds.q); 312 item = pqueue_peek(s->d1->unprocessed_rcds.q);
303 if (item) 313 if (item) {
304 { 314 /* Check if epoch is current. */
305 /* Check if epoch is current. */ 315 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
306 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) 316 return (1);
307 return(1); /* Nothing to do. */ 317 /* Nothing to do. */
308 318
309 /* Process all the records. */ 319 /* Process all the records. */
310 while (pqueue_peek(s->d1->unprocessed_rcds.q)) 320 while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
311 { 321 dtls1_get_unprocessed_record(s);
312 dtls1_get_unprocessed_record(s); 322 if (! dtls1_process_record(s))
313 if ( ! dtls1_process_record(s)) 323 return (0);
314 return(0); 324 dtls1_buffer_record(s, &(s->d1->processed_rcds),
315 dtls1_buffer_record(s, &(s->d1->processed_rcds), 325 s->s3->rrec.seq_num);
316 s->s3->rrec.seq_num); 326 }
317 } 327 }
318 }
319 328
320 /* sync epoch numbers once all the unprocessed records 329 /* sync epoch numbers once all the unprocessed records
321 * have been processed */ 330 * have been processed */
322 s->d1->processed_rcds.epoch = s->d1->r_epoch; 331 s->d1->processed_rcds.epoch = s->d1->r_epoch;
323 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; 332 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
324 333
325 return(1); 334 return (1);
326 } 335}
327 336
328 337
329#if 0 338#if 0
330 339
331static int 340static int
332dtls1_get_buffered_record(SSL *s) 341dtls1_get_buffered_record(SSL *s)
333 { 342{
334 pitem *item; 343 pitem *item;
335 PQ_64BIT priority = 344 PQ_64BIT priority =
336 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | 345 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) |
337 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off); 346 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
338 347
339 if ( ! SSL_in_init(s)) /* if we're not (re)negotiating, 348 if (!SSL_in_init(s)) /* if we're not (re)negotiating,
340 nothing buffered */ 349 nothing buffered */
341 return 0; 350 return 0;
342 351
343 352
344 item = pqueue_peek(s->d1->rcvd_records); 353 item = pqueue_peek(s->d1->rcvd_records);
345 if (item && item->priority == priority) 354 if (item && item->priority == priority) {
346 {
347 /* Check if we've received the record of interest. It must be 355 /* Check if we've received the record of interest. It must be
348 * a handshake record, since data records as passed up without 356 * a handshake record, since data records as passed up without
349 * buffering */ 357 * buffering */
350 DTLS1_RECORD_DATA *rdata; 358 DTLS1_RECORD_DATA *rdata;
351 item = pqueue_pop(s->d1->rcvd_records); 359 item = pqueue_pop(s->d1->rcvd_records);
352 rdata = (DTLS1_RECORD_DATA *)item->data; 360 rdata = (DTLS1_RECORD_DATA *)item->data;
353 361
354 if (s->s3->rbuf.buf != NULL) 362 if (s->s3->rbuf.buf != NULL)
355 OPENSSL_free(s->s3->rbuf.buf); 363 OPENSSL_free(s->s3->rbuf.buf);
356 364
357 s->packet = rdata->packet; 365 s->packet = rdata->packet;
358 s->packet_length = rdata->packet_length; 366 s->packet_length = rdata->packet_length;
359 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 367 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
360 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 368 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
361 369
362 OPENSSL_free(item->data); 370 OPENSSL_free(item->data);
363 pitem_free(item); 371 pitem_free(item);
364 372
365 /* s->d1->next_expected_seq_num++; */ 373 /* s->d1->next_expected_seq_num++; */
366 return(1); 374 return (1);
367 }
368
369 return 0;
370 } 375 }
371 376
377 return 0;
378}
379
372#endif 380#endif
373 381
374static int 382static int
375dtls1_process_record(SSL *s) 383dtls1_process_record(SSL *s)
376{ 384{
377 int i,al; 385 int i, al;
378 int enc_err; 386 int enc_err;
379 SSL_SESSION *sess; 387 SSL_SESSION *sess;
380 SSL3_RECORD *rr; 388 SSL3_RECORD *rr;
381 unsigned int mac_size, orig_len; 389 unsigned int mac_size, orig_len;
382 unsigned char md[EVP_MAX_MD_SIZE]; 390 unsigned char md[EVP_MAX_MD_SIZE];
383 391
384 rr= &(s->s3->rrec); 392 rr = &(s->s3->rrec);
385 sess = s->session; 393 sess = s->session;
386 394
387 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 395 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
388 * and we have that many bytes in s->packet 396 * and we have that many bytes in s->packet
389 */ 397 */
390 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]); 398 rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);
391 399
392 /* ok, we can now read from 's->packet' data into 'rr' 400 /* ok, we can now read from 's->packet' data into 'rr'
393 * rr->input points at rr->length bytes, which 401 * rr->input points at rr->length bytes, which
@@ -400,48 +408,44 @@ dtls1_process_record(SSL *s)
400 * rr->length bytes of encrypted compressed stuff. */ 408 * rr->length bytes of encrypted compressed stuff. */
401 409
402 /* check is not needed I believe */ 410 /* check is not needed I believe */
403 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 411 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
404 { 412 al = SSL_AD_RECORD_OVERFLOW;
405 al=SSL_AD_RECORD_OVERFLOW; 413 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
406 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
407 goto f_err; 414 goto f_err;
408 } 415 }
409 416
410 /* decrypt in place in 'rr->input' */ 417 /* decrypt in place in 'rr->input' */
411 rr->data=rr->input; 418 rr->data = rr->input;
412 419
413 enc_err = s->method->ssl3_enc->enc(s,0); 420 enc_err = s->method->ssl3_enc->enc(s, 0);
414 /* enc_err is: 421 /* enc_err is:
415 * 0: (in non-constant time) if the record is publically invalid. 422 * 0: (in non-constant time) if the record is publically invalid.
416 * 1: if the padding is valid 423 * 1: if the padding is valid
417 * -1: if the padding is invalid */ 424 * -1: if the padding is invalid */
418 if (enc_err == 0) 425 if (enc_err == 0) {
419 {
420 /* For DTLS we simply ignore bad packets. */ 426 /* For DTLS we simply ignore bad packets. */
421 rr->length = 0; 427 rr->length = 0;
422 s->packet_length = 0; 428 s->packet_length = 0;
423 goto err; 429 goto err;
424 } 430 }
425 431
426#ifdef TLS_DEBUG 432#ifdef TLS_DEBUG
427printf("dec %d\n",rr->length); 433 printf("dec %d\n", rr->length);
428{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 434 { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
429printf("\n"); 435 printf("\n");
430#endif 436#endif
431 437
432 /* r->length is now the compressed data plus mac */ 438 /* r->length is now the compressed data plus mac */
433 if ((sess != NULL) && 439 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
434 (s->enc_read_ctx != NULL) && 440 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
435 (EVP_MD_CTX_md(s->read_hash) != NULL))
436 {
437 /* s->read_hash != NULL => mac_size != -1 */ 441 /* s->read_hash != NULL => mac_size != -1 */
438 unsigned char *mac = NULL; 442 unsigned char *mac = NULL;
439 unsigned char mac_tmp[EVP_MAX_MD_SIZE]; 443 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
440 mac_size=EVP_MD_CTX_size(s->read_hash); 444 mac_size = EVP_MD_CTX_size(s->read_hash);
441 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); 445 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
442 446
443 /* kludge: *_cbc_remove_padding passes padding length in rr->type */ 447 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
444 orig_len = rr->length+((unsigned int)rr->type>>8); 448 orig_len = rr->length + ((unsigned int)rr->type >> 8);
445 449
446 /* orig_len is the length of the record before any padding was 450 /* orig_len is the length of the record before any padding was
447 * removed. This is public information, as is the MAC in use, 451 * removed. This is public information, as is the MAC in use,
@@ -449,17 +453,15 @@ printf("\n");
449 * amount of time if it's too short to possibly contain a MAC. 453 * amount of time if it's too short to possibly contain a MAC.
450 */ 454 */
451 if (orig_len < mac_size || 455 if (orig_len < mac_size ||
452 /* CBC records must have a padding length byte too. */ 456 /* CBC records must have a padding length byte too. */
453 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && 457 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
454 orig_len < mac_size+1)) 458 orig_len < mac_size + 1)) {
455 { 459 al = SSL_AD_DECODE_ERROR;
456 al=SSL_AD_DECODE_ERROR; 460 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
457 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
458 goto f_err; 461 goto f_err;
459 } 462 }
460 463
461 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) 464 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
462 {
463 /* We update the length so that the TLS header bytes 465 /* We update the length so that the TLS header bytes
464 * can be constructed correctly but we need to extract 466 * can be constructed correctly but we need to extract
465 * the MAC in constant time from within the record, 467 * the MAC in constant time from within the record,
@@ -468,56 +470,49 @@ printf("\n");
468 mac = mac_tmp; 470 mac = mac_tmp;
469 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); 471 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
470 rr->length -= mac_size; 472 rr->length -= mac_size;
471 } 473 } else {
472 else
473 {
474 /* In this case there's no padding, so |orig_len| 474 /* In this case there's no padding, so |orig_len|
475 * equals |rec->length| and we checked that there's 475 * equals |rec->length| and we checked that there's
476 * enough bytes for |mac_size| above. */ 476 * enough bytes for |mac_size| above. */
477 rr->length -= mac_size; 477 rr->length -= mac_size;
478 mac = &rr->data[rr->length]; 478 mac = &rr->data[rr->length];
479 } 479 }
480 480
481 i=s->method->ssl3_enc->mac(s,md,0 /* not send */); 481 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
482 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) 482 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
483 enc_err = -1; 483 enc_err = -1;
484 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 484 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
485 enc_err = -1; 485 enc_err = -1;
486 } 486 }
487 487
488 if (enc_err < 0) 488 if (enc_err < 0) {
489 {
490 /* decryption failed, silently discard message */ 489 /* decryption failed, silently discard message */
491 rr->length = 0; 490 rr->length = 0;
492 s->packet_length = 0; 491 s->packet_length = 0;
493 goto err; 492 goto err;
494 } 493 }
495 494
496 /* r->length is now just compressed */ 495 /* r->length is now just compressed */
497 if (s->expand != NULL) 496 if (s->expand != NULL) {
498 { 497 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
499 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) 498 al = SSL_AD_RECORD_OVERFLOW;
500 { 499 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
501 al=SSL_AD_RECORD_OVERFLOW;
502 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
503 goto f_err; 500 goto f_err;
504 } 501 }
505 if (!ssl3_do_uncompress(s)) 502 if (!ssl3_do_uncompress(s)) {
506 { 503 al = SSL_AD_DECOMPRESSION_FAILURE;
507 al=SSL_AD_DECOMPRESSION_FAILURE; 504 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
508 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
509 goto f_err; 505 goto f_err;
510 }
511 } 506 }
507 }
512 508
513 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) 509 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
514 { 510 al = SSL_AD_RECORD_OVERFLOW;
515 al=SSL_AD_RECORD_OVERFLOW; 511 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
516 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
517 goto f_err; 512 goto f_err;
518 } 513 }
519 514
520 rr->off=0; 515 rr->off = 0;
521 /* So at this point the following is true 516 /* So at this point the following is true
522 * ssl->s3->rrec.type is the type of record 517 * ssl->s3->rrec.type is the type of record
523 * ssl->s3->rrec.length == number of bytes in record 518 * ssl->s3->rrec.length == number of bytes in record
@@ -527,14 +522,14 @@ printf("\n");
527 */ 522 */
528 523
529 /* we have pulled in a full packet so zero things */ 524 /* we have pulled in a full packet so zero things */
530 s->packet_length=0; 525 s->packet_length = 0;
531 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ 526 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
532 return(1); 527 return (1);
533 528
534f_err: 529f_err:
535 ssl3_send_alert(s,SSL3_AL_FATAL,al); 530 ssl3_send_alert(s, SSL3_AL_FATAL, al);
536err: 531err:
537 return(0); 532 return (0);
538} 533}
539 534
540 535
@@ -547,17 +542,18 @@ err:
547 * ssl->s3->rrec.length, - number of bytes 542 * ssl->s3->rrec.length, - number of bytes
548 */ 543 */
549/* used only by dtls1_read_bytes */ 544/* used only by dtls1_read_bytes */
550int dtls1_get_record(SSL *s) 545int
551 { 546dtls1_get_record(SSL *s)
552 int ssl_major,ssl_minor; 547{
553 int i,n; 548 int ssl_major, ssl_minor;
549 int i, n;
554 SSL3_RECORD *rr; 550 SSL3_RECORD *rr;
555 unsigned char *p = NULL; 551 unsigned char *p = NULL;
556 unsigned short version; 552 unsigned short version;
557 DTLS1_BITMAP *bitmap; 553 DTLS1_BITMAP *bitmap;
558 unsigned int is_next_epoch; 554 unsigned int is_next_epoch;
559 555
560 rr= &(s->s3->rrec); 556 rr = &(s->s3->rrec);
561 557
562 /* The epoch may have changed. If so, process all the 558 /* The epoch may have changed. If so, process all the
563 * pending records. This is a non-blocking operation. */ 559 * pending records. This is a non-blocking operation. */
@@ -570,104 +566,98 @@ int dtls1_get_record(SSL *s)
570 /* get something from the wire */ 566 /* get something from the wire */
571again: 567again:
572 /* check if we have the header */ 568 /* check if we have the header */
573 if ( (s->rstate != SSL_ST_READ_BODY) || 569 if ((s->rstate != SSL_ST_READ_BODY) ||
574 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) 570 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
575 { 571 n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
576 n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
577 /* read timeout is handled by dtls1_read_bytes */ 572 /* read timeout is handled by dtls1_read_bytes */
578 if (n <= 0) return(n); /* error or non-blocking */ 573 if (n <= 0)
574 return(n); /* error or non-blocking */
579 575
580 /* this packet contained a partial record, dump it */ 576 /* this packet contained a partial record, dump it */
581 if (s->packet_length != DTLS1_RT_HEADER_LENGTH) 577 if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {
582 {
583 s->packet_length = 0; 578 s->packet_length = 0;
584 goto again; 579 goto again;
585 } 580 }
586 581
587 s->rstate=SSL_ST_READ_BODY; 582 s->rstate = SSL_ST_READ_BODY;
588 583
589 p=s->packet; 584 p = s->packet;
590 585
591 /* Pull apart the header into the DTLS1_RECORD */ 586 /* Pull apart the header into the DTLS1_RECORD */
592 rr->type= *(p++); 587 rr->type= *(p++);
593 ssl_major= *(p++); 588 ssl_major= *(p++);
594 ssl_minor= *(p++); 589 ssl_minor= *(p++);
595 version=(ssl_major<<8)|ssl_minor; 590 version = (ssl_major << 8)|ssl_minor;
596 591
597 /* sequence number is 64 bits, with top 2 bytes = epoch */ 592 /* sequence number is 64 bits, with top 2 bytes = epoch */
598 n2s(p,rr->epoch); 593 n2s(p, rr->epoch);
599 594
600 memcpy(&(s->s3->read_sequence[2]), p, 6); 595 memcpy(&(s->s3->read_sequence[2]), p, 6);
601 p+=6; 596 p += 6;
602 597
603 n2s(p,rr->length); 598 n2s(p, rr->length);
604 599
605 /* Lets check version */ 600 /* Lets check version */
606 if (!s->first_packet) 601 if (!s->first_packet) {
607 { 602 if (version != s->version) {
608 if (version != s->version)
609 {
610 /* unexpected version, silently discard */ 603 /* unexpected version, silently discard */
611 rr->length = 0; 604 rr->length = 0;
612 s->packet_length = 0; 605 s->packet_length = 0;
613 goto again; 606 goto again;
614 }
615 } 607 }
608 }
616 609
617 if ((version & 0xff00) != (s->version & 0xff00)) 610 if ((version & 0xff00) != (s->version & 0xff00)) {
618 {
619 /* wrong version, silently discard record */ 611 /* wrong version, silently discard record */
620 rr->length = 0; 612 rr->length = 0;
621 s->packet_length = 0; 613 s->packet_length = 0;
622 goto again; 614 goto again;
623 } 615 }
624 616
625 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 617 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
626 {
627 /* record too long, silently discard it */ 618 /* record too long, silently discard it */
628 rr->length = 0; 619 rr->length = 0;
629 s->packet_length = 0; 620 s->packet_length = 0;
630 goto again; 621 goto again;
631 } 622 }
632 623
633 /* now s->rstate == SSL_ST_READ_BODY */ 624 /* now s->rstate == SSL_ST_READ_BODY */
634 } 625 }
635 626
636 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 627 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
637 628
638 if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH) 629 if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
639 {
640 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ 630 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
641 i=rr->length; 631 i = rr->length;
642 n=ssl3_read_n(s,i,i,1); 632 n = ssl3_read_n(s, i, i, 1);
643 if (n <= 0) return(n); /* error or non-blocking io */ 633 if (n <= 0)
634 return(n); /* error or non-blocking io */
644 635
645 /* this packet contained a partial record, dump it */ 636 /* this packet contained a partial record, dump it */
646 if ( n != i) 637 if (n != i) {
647 {
648 rr->length = 0; 638 rr->length = 0;
649 s->packet_length = 0; 639 s->packet_length = 0;
650 goto again; 640 goto again;
651 } 641 }
652 642
653 /* now n == rr->length, 643 /* now n == rr->length,
654 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ 644 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
655 } 645 }
656 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ 646 s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
657 647
658 /* match epochs. NULL means the packet is dropped on the floor */ 648 /* match epochs. NULL means the packet is dropped on the floor */
659 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); 649 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
660 if ( bitmap == NULL) 650 if (bitmap == NULL) {
661 {
662 rr->length = 0; 651 rr->length = 0;
663 s->packet_length = 0; /* dump this record */ 652 s->packet_length = 0;
664 goto again; /* get another record */ 653 /* dump this record */
665 } 654 goto again;
655 /* get another record */
656 }
666 657
667#ifndef OPENSSL_NO_SCTP 658#ifndef OPENSSL_NO_SCTP
668 /* Only do replay check if no SCTP bio */ 659 /* Only do replay check if no SCTP bio */
669 if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) 660 if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
670 {
671#endif 661#endif
672 /* Check whether this is a repeat, or aged record. 662 /* Check whether this is a repeat, or aged record.
673 * Don't check if we're listening and this message is 663 * Don't check if we're listening and this message is
@@ -677,45 +667,45 @@ again:
677 */ 667 */
678 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && 668 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
679 *p == SSL3_MT_CLIENT_HELLO) && 669 *p == SSL3_MT_CLIENT_HELLO) &&
680 !dtls1_record_replay_check(s, bitmap)) 670 !dtls1_record_replay_check(s, bitmap)) {
681 {
682 rr->length = 0; 671 rr->length = 0;
683 s->packet_length=0; /* dump this record */ 672 s->packet_length=0; /* dump this record */
684 goto again; /* get another record */ 673 goto again;
685 } 674 /* get another record */
675 }
686#ifndef OPENSSL_NO_SCTP 676#ifndef OPENSSL_NO_SCTP
687 } 677 }
688#endif 678#endif
689 679
690 /* just read a 0 length packet */ 680 /* just read a 0 length packet */
691 if (rr->length == 0) goto again; 681 if (rr->length == 0)
682 goto again;
692 683
693 /* If this record is from the next epoch (either HM or ALERT), 684 /* If this record is from the next epoch (either HM or ALERT),
694 * and a handshake is currently in progress, buffer it since it 685 * and a handshake is currently in progress, buffer it since it
695 * cannot be processed at this time. However, do not buffer 686 * cannot be processed at this time. However, do not buffer
696 * anything while listening. 687 * anything while listening.
697 */ 688 */
698 if (is_next_epoch) 689 if (is_next_epoch) {
699 { 690 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
700 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
701 {
702 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); 691 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
703 } 692 }
704 rr->length = 0; 693 rr->length = 0;
705 s->packet_length = 0; 694 s->packet_length = 0;
706 goto again; 695 goto again;
707 } 696 }
708 697
709 if (!dtls1_process_record(s)) 698 if (!dtls1_process_record(s)) {
710 {
711 rr->length = 0; 699 rr->length = 0;
712 s->packet_length = 0; /* dump this record */ 700 s->packet_length = 0;
713 goto again; /* get another record */ 701 /* dump this record */
714 } 702 goto again;
703 /* get another record */
704 }
715 705
716 return(1); 706 return (1);
717 707
718 } 708}
719 709
720/* Return up to 'len' payload bytes received in 'type' records. 710/* Return up to 'len' payload bytes received in 'type' records.
721 * 'type' is one of the following: 711 * 'type' is one of the following:
@@ -744,28 +734,28 @@ again:
744 * Application data protocol 734 * Application data protocol
745 * none of our business 735 * none of our business
746 */ 736 */
747int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 737int
748 { 738dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
749 int al,i,j,ret; 739{
740 int al, i, j, ret;
750 unsigned int n; 741 unsigned int n;
751 SSL3_RECORD *rr; 742 SSL3_RECORD *rr;
752 void (*cb)(const SSL *ssl,int type2,int val)=NULL; 743 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
753 744
754 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 745 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
755 if (!ssl3_setup_buffers(s)) 746 if (!ssl3_setup_buffers(s))
756 return(-1); 747 return (-1);
757 748
758 /* XXX: check what the second '&& type' is about */ 749 /* XXX: check what the second '&& type' is about */
759 if ((type && (type != SSL3_RT_APPLICATION_DATA) && 750 if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
760 (type != SSL3_RT_HANDSHAKE) && type) || 751 (type != SSL3_RT_HANDSHAKE) && type) ||
761 (peek && (type != SSL3_RT_APPLICATION_DATA))) 752 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
762 {
763 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); 753 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
764 return -1; 754 return -1;
765 } 755 }
766 756
767 /* check whether there's a handshake message (client hello?) waiting */ 757 /* check whether there's a handshake message (client hello?) waiting */
768 if ( (ret = have_handshake_fragment(s, type, buf, len, peek))) 758 if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
769 return ret; 759 return ret;
770 760
771 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ 761 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
@@ -776,24 +766,25 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
776 */ 766 */
777 if ((!s->in_handshake && SSL_in_init(s)) || 767 if ((!s->in_handshake && SSL_in_init(s)) ||
778 (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 768 (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
779 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) && 769 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
780 s->s3->in_read_app_data != 2)) 770 s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
771 s->s3->in_read_app_data != 2))
781#else 772#else
782 if (!s->in_handshake && SSL_in_init(s)) 773 if (!s->in_handshake && SSL_in_init(s))
783#endif 774#endif
784 { 775 {
785 /* type == SSL3_RT_APPLICATION_DATA */ 776 /* type == SSL3_RT_APPLICATION_DATA */
786 i=s->handshake_func(s); 777 i = s->handshake_func(s);
787 if (i < 0) return(i); 778 if (i < 0)
788 if (i == 0) 779 return (i);
789 { 780 if (i == 0) {
790 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 781 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
791 return(-1); 782 return (-1);
792 }
793 } 783 }
784 }
794 785
795start: 786start:
796 s->rwstate=SSL_NOTHING; 787 s->rwstate = SSL_NOTHING;
797 788
798 /* s->s3->rrec.type - is the type of record 789 /* s->s3->rrec.type - is the type of record
799 * s->s3->rrec.data, - data 790 * s->s3->rrec.data, - data
@@ -805,59 +796,52 @@ start:
805 * so process data buffered during the last handshake 796 * so process data buffered during the last handshake
806 * in advance, if any. 797 * in advance, if any.
807 */ 798 */
808 if (s->state == SSL_ST_OK && rr->length == 0) 799 if (s->state == SSL_ST_OK && rr->length == 0) {
809 {
810 pitem *item; 800 pitem *item;
811 item = pqueue_pop(s->d1->buffered_app_data.q); 801 item = pqueue_pop(s->d1->buffered_app_data.q);
812 if (item) 802 if (item) {
813 {
814#ifndef OPENSSL_NO_SCTP 803#ifndef OPENSSL_NO_SCTP
815 /* Restore bio_dgram_sctp_rcvinfo struct */ 804 /* Restore bio_dgram_sctp_rcvinfo struct */
816 if (BIO_dgram_is_sctp(SSL_get_rbio(s))) 805 if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
817 {
818 DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data; 806 DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
819 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); 807 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
820 } 808 }
821#endif 809#endif
822 810
823 dtls1_copy_record(s, item); 811 dtls1_copy_record(s, item);
824 812
825 OPENSSL_free(item->data); 813 OPENSSL_free(item->data);
826 pitem_free(item); 814 pitem_free(item);
827 }
828 } 815 }
816 }
829 817
830 /* Check for timeout */ 818 /* Check for timeout */
831 if (dtls1_handle_timeout(s) > 0) 819 if (dtls1_handle_timeout(s) > 0)
832 goto start; 820 goto start;
833 821
834 /* get new packet if necessary */ 822 /* get new packet if necessary */
835 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) 823 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
836 { 824 ret = dtls1_get_record(s);
837 ret=dtls1_get_record(s); 825 if (ret <= 0) {
838 if (ret <= 0)
839 {
840 ret = dtls1_read_failed(s, ret); 826 ret = dtls1_read_failed(s, ret);
841 /* anything other than a timeout is an error */ 827 /* anything other than a timeout is an error */
842 if (ret <= 0) 828 if (ret <= 0)
843 return(ret); 829 return (ret);
844 else 830 else
845 goto start; 831 goto start;
846 }
847 } 832 }
833 }
848 834
849 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) 835 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
850 {
851 rr->length = 0; 836 rr->length = 0;
852 goto start; 837 goto start;
853 } 838 }
854 839
855 /* we now have a packet which can be read and processed */ 840 /* we now have a packet which can be read and processed */
856 841
857 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 842 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
858 * reset by ssl3_get_finished */ 843 * reset by ssl3_get_finished */
859 && (rr->type != SSL3_RT_HANDSHAKE)) 844 && (rr->type != SSL3_RT_HANDSHAKE)) {
860 {
861 /* We now have application data between CCS and Finished. 845 /* We now have application data between CCS and Finished.
862 * Most likely the packets were reordered on their way, so 846 * Most likely the packets were reordered on their way, so
863 * buffer the application data for later processing rather 847 * buffer the application data for later processing rather
@@ -866,75 +850,71 @@ start:
866 dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); 850 dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
867 rr->length = 0; 851 rr->length = 0;
868 goto start; 852 goto start;
869 } 853 }
870 854
871 /* If the other end has shut down, throw anything we read away 855 /* If the other end has shut down, throw anything we read away
872 * (even in 'peek' mode) */ 856 * (even in 'peek' mode) */
873 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 857 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
874 { 858 rr->length = 0;
875 rr->length=0; 859 s->rwstate = SSL_NOTHING;
876 s->rwstate=SSL_NOTHING; 860 return (0);
877 return(0); 861 }
878 }
879 862
880 863
881 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ 864 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
882 { 865 {
883 /* make sure that we are not getting application data when we 866 /* make sure that we are not getting application data when we
884 * are doing a handshake for the first time */ 867 * are doing a handshake for the first time */
885 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && 868 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
886 (s->enc_read_ctx == NULL)) 869 (s->enc_read_ctx == NULL)) {
887 { 870 al = SSL_AD_UNEXPECTED_MESSAGE;
888 al=SSL_AD_UNEXPECTED_MESSAGE; 871 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
889 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
890 goto f_err; 872 goto f_err;
891 } 873 }
892 874
893 if (len <= 0) return(len); 875 if (len <= 0)
876 return (len);
894 877
895 if ((unsigned int)len > rr->length) 878 if ((unsigned int)len > rr->length)
896 n = rr->length; 879 n = rr->length;
897 else 880 else
898 n = (unsigned int)len; 881 n = (unsigned int)len;
899 882
900 memcpy(buf,&(rr->data[rr->off]),n); 883 memcpy(buf, &(rr->data[rr->off]), n);
901 if (!peek) 884 if (!peek) {
902 { 885 rr->length -= n;
903 rr->length-=n; 886 rr->off += n;
904 rr->off+=n; 887 if (rr->length == 0) {
905 if (rr->length == 0) 888 s->rstate = SSL_ST_READ_HEADER;
906 { 889 rr->off = 0;
907 s->rstate=SSL_ST_READ_HEADER;
908 rr->off=0;
909 }
910 } 890 }
891 }
911 892
912#ifndef OPENSSL_NO_SCTP 893#ifndef OPENSSL_NO_SCTP
913 /* We were about to renegotiate but had to read 894 /* We were about to renegotiate but had to read
914 * belated application data first, so retry. 895 * belated application data first, so retry.
915 */ 896 */
916 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 897 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
917 rr->type == SSL3_RT_APPLICATION_DATA && 898 rr->type == SSL3_RT_APPLICATION_DATA &&
918 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) 899 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
919 { 900 s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) {
920 s->rwstate=SSL_READING; 901 s->rwstate = SSL_READING;
921 BIO_clear_retry_flags(SSL_get_rbio(s)); 902 BIO_clear_retry_flags(SSL_get_rbio(s));
922 BIO_set_retry_read(SSL_get_rbio(s)); 903 BIO_set_retry_read(SSL_get_rbio(s));
923 } 904 }
924 905
925 /* We might had to delay a close_notify alert because 906 /* We might had to delay a close_notify alert because
926 * of reordered app data. If there was an alert and there 907 * of reordered app data. If there was an alert and there
927 * is no message to read anymore, finally set shutdown. 908 * is no message to read anymore, finally set shutdown.
928 */ 909 */
929 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 910 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
930 s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 911 s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
931 { 912 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
932 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 913 return (0);
933 return(0);
934 }
935#endif
936 return(n);
937 } 914 }
915#endif
916 return (n);
917 }
938 918
939 919
940 /* If we get here, then type != rr->type; if we have a handshake 920 /* If we get here, then type != rr->type; if we have a handshake
@@ -943,65 +923,57 @@ start:
943 /* In case of record types for which we have 'fragment' storage, 923 /* In case of record types for which we have 'fragment' storage,
944 * fill that so that we can process the data at a fixed place. 924 * fill that so that we can process the data at a fixed place.
945 */ 925 */
946 { 926 {
947 unsigned int k, dest_maxlen = 0; 927 unsigned int k, dest_maxlen = 0;
948 unsigned char *dest = NULL; 928 unsigned char *dest = NULL;
949 unsigned int *dest_len = NULL; 929 unsigned int *dest_len = NULL;
950 930
951 if (rr->type == SSL3_RT_HANDSHAKE) 931 if (rr->type == SSL3_RT_HANDSHAKE) {
952 {
953 dest_maxlen = sizeof s->d1->handshake_fragment; 932 dest_maxlen = sizeof s->d1->handshake_fragment;
954 dest = s->d1->handshake_fragment; 933 dest = s->d1->handshake_fragment;
955 dest_len = &s->d1->handshake_fragment_len; 934 dest_len = &s->d1->handshake_fragment_len;
956 } 935 } else if (rr->type == SSL3_RT_ALERT) {
957 else if (rr->type == SSL3_RT_ALERT)
958 {
959 dest_maxlen = sizeof(s->d1->alert_fragment); 936 dest_maxlen = sizeof(s->d1->alert_fragment);
960 dest = s->d1->alert_fragment; 937 dest = s->d1->alert_fragment;
961 dest_len = &s->d1->alert_fragment_len; 938 dest_len = &s->d1->alert_fragment_len;
962 } 939 }
963#ifndef OPENSSL_NO_HEARTBEATS 940#ifndef OPENSSL_NO_HEARTBEATS
964 else if (rr->type == TLS1_RT_HEARTBEAT) 941 else if (rr->type == TLS1_RT_HEARTBEAT) {
965 {
966 dtls1_process_heartbeat(s); 942 dtls1_process_heartbeat(s);
967 943
968 /* Exit and notify application to read again */ 944 /* Exit and notify application to read again */
969 rr->length = 0; 945 rr->length = 0;
970 s->rwstate=SSL_READING; 946 s->rwstate = SSL_READING;
971 BIO_clear_retry_flags(SSL_get_rbio(s)); 947 BIO_clear_retry_flags(SSL_get_rbio(s));
972 BIO_set_retry_read(SSL_get_rbio(s)); 948 BIO_set_retry_read(SSL_get_rbio(s));
973 return(-1); 949 return (-1);
974 } 950 }
975#endif 951#endif
976 /* else it's a CCS message, or application data or wrong */ 952 /* else it's a CCS message, or application data or wrong */
977 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) 953 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
978 {
979 /* Application data while renegotiating 954 /* Application data while renegotiating
980 * is allowed. Try again reading. 955 * is allowed. Try again reading.
981 */ 956 */
982 if (rr->type == SSL3_RT_APPLICATION_DATA) 957 if (rr->type == SSL3_RT_APPLICATION_DATA) {
983 {
984 BIO *bio; 958 BIO *bio;
985 s->s3->in_read_app_data=2; 959 s->s3->in_read_app_data = 2;
986 bio=SSL_get_rbio(s); 960 bio = SSL_get_rbio(s);
987 s->rwstate=SSL_READING; 961 s->rwstate = SSL_READING;
988 BIO_clear_retry_flags(bio); 962 BIO_clear_retry_flags(bio);
989 BIO_set_retry_read(bio); 963 BIO_set_retry_read(bio);
990 return(-1); 964 return (-1);
991 } 965 }
992 966
993 /* Not certain if this is the right error handling */ 967 /* Not certain if this is the right error handling */
994 al=SSL_AD_UNEXPECTED_MESSAGE; 968 al = SSL_AD_UNEXPECTED_MESSAGE;
995 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 969 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
996 goto f_err; 970 goto f_err;
997 } 971 }
998 972
999 if (dest_maxlen > 0) 973 if (dest_maxlen > 0) {
1000 {
1001 /* XDTLS: In a pathalogical case, the Client Hello 974 /* XDTLS: In a pathalogical case, the Client Hello
1002 * may be fragmented--don't always expect dest_maxlen bytes */ 975 * may be fragmented--don't always expect dest_maxlen bytes */
1003 if ( rr->length < dest_maxlen) 976 if (rr->length < dest_maxlen) {
1004 {
1005#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 977#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1006 /* 978 /*
1007 * for normal alerts rr->length is 2, while 979 * for normal alerts rr->length is 2, while
@@ -1010,20 +982,19 @@ start:
1010 */ 982 */
1011 FIX ME 983 FIX ME
1012#endif 984#endif
1013 s->rstate=SSL_ST_READ_HEADER; 985 s->rstate = SSL_ST_READ_HEADER;
1014 rr->length = 0; 986 rr->length = 0;
1015 goto start; 987 goto start;
1016 } 988 }
1017 989
1018 /* now move 'n' bytes: */ 990 /* now move 'n' bytes: */
1019 for ( k = 0; k < dest_maxlen; k++) 991 for ( k = 0; k < dest_maxlen; k++) {
1020 {
1021 dest[k] = rr->data[rr->off++]; 992 dest[k] = rr->data[rr->off++];
1022 rr->length--; 993 rr->length--;
1023 }
1024 *dest_len = dest_maxlen;
1025 } 994 }
995 *dest_len = dest_maxlen;
1026 } 996 }
997 }
1027 998
1028 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; 999 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
1029 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. 1000 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
@@ -1031,117 +1002,107 @@ start:
1031 1002
1032 /* If we are a client, check for an incoming 'Hello Request': */ 1003 /* If we are a client, check for an incoming 'Hello Request': */
1033 if ((!s->server) && 1004 if ((!s->server) &&
1034 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 1005 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1035 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && 1006 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1036 (s->session != NULL) && (s->session->cipher != NULL)) 1007 (s->session != NULL) && (s->session->cipher != NULL)) {
1037 {
1038 s->d1->handshake_fragment_len = 0; 1008 s->d1->handshake_fragment_len = 0;
1039 1009
1040 if ((s->d1->handshake_fragment[1] != 0) || 1010 if ((s->d1->handshake_fragment[1] != 0) ||
1041 (s->d1->handshake_fragment[2] != 0) || 1011 (s->d1->handshake_fragment[2] != 0) ||
1042 (s->d1->handshake_fragment[3] != 0)) 1012 (s->d1->handshake_fragment[3] != 0)) {
1043 { 1013 al = SSL_AD_DECODE_ERROR;
1044 al=SSL_AD_DECODE_ERROR; 1014 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
1045 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
1046 goto err; 1015 goto err;
1047 } 1016 }
1048 1017
1049 /* no need to check sequence number on HELLO REQUEST messages */ 1018 /* no need to check sequence number on HELLO REQUEST messages */
1050 1019
1051 if (s->msg_callback) 1020 if (s->msg_callback)
1052 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 1021 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
1053 s->d1->handshake_fragment, 4, s, s->msg_callback_arg); 1022 s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
1054 1023
1055 if (SSL_is_init_finished(s) && 1024 if (SSL_is_init_finished(s) &&
1056 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 1025 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1057 !s->s3->renegotiate) 1026 !s->s3->renegotiate) {
1058 {
1059 s->d1->handshake_read_seq++; 1027 s->d1->handshake_read_seq++;
1060 s->new_session = 1; 1028 s->new_session = 1;
1061 ssl3_renegotiate(s); 1029 ssl3_renegotiate(s);
1062 if (ssl3_renegotiate_check(s)) 1030 if (ssl3_renegotiate_check(s)) {
1063 { 1031 i = s->handshake_func(s);
1064 i=s->handshake_func(s); 1032 if (i < 0)
1065 if (i < 0) return(i); 1033 return (i);
1066 if (i == 0) 1034 if (i == 0) {
1067 { 1035 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1068 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1036 return (-1);
1069 return(-1); 1037 }
1070 }
1071 1038
1072 if (!(s->mode & SSL_MODE_AUTO_RETRY)) 1039 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1073 {
1074 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1040 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1075 { 1041 {
1076 BIO *bio; 1042 BIO *bio;
1077 /* In the case where we try to read application data, 1043 /* In the case where we try to read application data,
1078 * but we trigger an SSL handshake, we return -1 with 1044 * but we trigger an SSL handshake, we return -1 with
1079 * the retry option set. Otherwise renegotiation may 1045 * the retry option set. Otherwise renegotiation may
1080 * cause nasty problems in the blocking world */ 1046 * cause nasty problems in the blocking world */
1081 s->rwstate=SSL_READING; 1047 s->rwstate = SSL_READING;
1082 bio=SSL_get_rbio(s); 1048 bio = SSL_get_rbio(s);
1083 BIO_clear_retry_flags(bio); 1049 BIO_clear_retry_flags(bio);
1084 BIO_set_retry_read(bio); 1050 BIO_set_retry_read(bio);
1085 return(-1); 1051 return (-1);
1086 }
1087 } 1052 }
1088 } 1053 }
1089 } 1054 }
1055 }
1090 /* we either finished a handshake or ignored the request, 1056 /* we either finished a handshake or ignored the request,
1091 * now try again to obtain the (application) data we were asked for */ 1057 * now try again to obtain the (application) data we were asked for */
1092 goto start; 1058 goto start;
1093 } 1059 }
1094 1060
1095 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) 1061 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
1096 {
1097 int alert_level = s->d1->alert_fragment[0]; 1062 int alert_level = s->d1->alert_fragment[0];
1098 int alert_descr = s->d1->alert_fragment[1]; 1063 int alert_descr = s->d1->alert_fragment[1];
1099 1064
1100 s->d1->alert_fragment_len = 0; 1065 s->d1->alert_fragment_len = 0;
1101 1066
1102 if (s->msg_callback) 1067 if (s->msg_callback)
1103 s->msg_callback(0, s->version, SSL3_RT_ALERT, 1068 s->msg_callback(0, s->version, SSL3_RT_ALERT,
1104 s->d1->alert_fragment, 2, s, s->msg_callback_arg); 1069 s->d1->alert_fragment, 2, s, s->msg_callback_arg);
1105 1070
1106 if (s->info_callback != NULL) 1071 if (s->info_callback != NULL)
1107 cb=s->info_callback; 1072 cb = s->info_callback;
1108 else if (s->ctx->info_callback != NULL) 1073 else if (s->ctx->info_callback != NULL)
1109 cb=s->ctx->info_callback; 1074 cb = s->ctx->info_callback;
1110 1075
1111 if (cb != NULL) 1076 if (cb != NULL) {
1112 {
1113 j = (alert_level << 8) | alert_descr; 1077 j = (alert_level << 8) | alert_descr;
1114 cb(s, SSL_CB_READ_ALERT, j); 1078 cb(s, SSL_CB_READ_ALERT, j);
1115 } 1079 }
1116 1080
1117 if (alert_level == 1) /* warning */ 1081 if (alert_level == 1) /* warning */
1118 { 1082 {
1119 s->s3->warn_alert = alert_descr; 1083 s->s3->warn_alert = alert_descr;
1120 if (alert_descr == SSL_AD_CLOSE_NOTIFY) 1084 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
1121 {
1122#ifndef OPENSSL_NO_SCTP 1085#ifndef OPENSSL_NO_SCTP
1123 /* With SCTP and streams the socket may deliver app data 1086 /* With SCTP and streams the socket may deliver app data
1124 * after a close_notify alert. We have to check this 1087 * after a close_notify alert. We have to check this
1125 * first so that nothing gets discarded. 1088 * first so that nothing gets discarded.
1126 */ 1089 */
1127 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 1090 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
1128 BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 1091 BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
1129 {
1130 s->d1->shutdown_received = 1; 1092 s->d1->shutdown_received = 1;
1131 s->rwstate=SSL_READING; 1093 s->rwstate = SSL_READING;
1132 BIO_clear_retry_flags(SSL_get_rbio(s)); 1094 BIO_clear_retry_flags(SSL_get_rbio(s));
1133 BIO_set_retry_read(SSL_get_rbio(s)); 1095 BIO_set_retry_read(SSL_get_rbio(s));
1134 return -1; 1096 return -1;
1135 } 1097 }
1136#endif 1098#endif
1137 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1099 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1138 return(0); 1100 return (0);
1139 } 1101 }
1140#if 0 1102#if 0
1141 /* XXX: this is a possible improvement in the future */ 1103 /* XXX: this is a possible improvement in the future */
1142 /* now check if it's a missing record */ 1104 /* now check if it's a missing record */
1143 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) 1105 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
1144 {
1145 unsigned short seq; 1106 unsigned short seq;
1146 unsigned int frag_off; 1107 unsigned int frag_off;
1147 unsigned char *p = &(s->d1->alert_fragment[2]); 1108 unsigned char *p = &(s->d1->alert_fragment[2]);
@@ -1150,51 +1111,46 @@ start:
1150 n2l3(p, frag_off); 1111 n2l3(p, frag_off);
1151 1112
1152 dtls1_retransmit_message(s, 1113 dtls1_retransmit_message(s,
1153 dtls1_get_queue_priority(frag->msg_header.seq, 0), 1114 dtls1_get_queue_priority(frag->msg_header.seq, 0),
1154 frag_off, &found); 1115 frag_off, &found);
1155 if ( ! found && SSL_in_init(s)) 1116 if (!found && SSL_in_init(s)) {
1156 {
1157 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */ 1117 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
1158 /* requested a message not yet sent, 1118 /* requested a message not yet sent,
1159 send an alert ourselves */ 1119 send an alert ourselves */
1160 ssl3_send_alert(s,SSL3_AL_WARNING, 1120 ssl3_send_alert(s, SSL3_AL_WARNING,
1161 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1121 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1162 }
1163 } 1122 }
1164#endif
1165 } 1123 }
1166 else if (alert_level == 2) /* fatal */ 1124#endif
1167 { 1125 } else if (alert_level == 2) /* fatal */
1126 {
1168 char tmp[16]; 1127 char tmp[16];
1169 1128
1170 s->rwstate=SSL_NOTHING; 1129 s->rwstate = SSL_NOTHING;
1171 s->s3->fatal_alert = alert_descr; 1130 s->s3->fatal_alert = alert_descr;
1172 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); 1131 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1173 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); 1132 BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
1174 ERR_add_error_data(2,"SSL alert number ",tmp); 1133 ERR_add_error_data(2, "SSL alert number ", tmp);
1175 s->shutdown|=SSL_RECEIVED_SHUTDOWN; 1134 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1176 SSL_CTX_remove_session(s->ctx,s->session); 1135 SSL_CTX_remove_session(s->ctx, s->session);
1177 return(0); 1136 return (0);
1178 } 1137 } else {
1179 else 1138 al = SSL_AD_ILLEGAL_PARAMETER;
1180 { 1139 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
1181 al=SSL_AD_ILLEGAL_PARAMETER;
1182 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1183 goto f_err; 1140 goto f_err;
1184 } 1141 }
1185 1142
1186 goto start; 1143 goto start;
1187 } 1144 }
1188 1145
1189 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ 1146 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1190 { 1147 {
1191 s->rwstate=SSL_NOTHING; 1148 s->rwstate = SSL_NOTHING;
1192 rr->length=0; 1149 rr->length = 0;
1193 return(0); 1150 return (0);
1194 } 1151 }
1195 1152
1196 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) 1153 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1197 {
1198 struct ccs_header_st ccs_hdr; 1154 struct ccs_header_st ccs_hdr;
1199 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; 1155 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
1200 1156
@@ -1206,31 +1162,29 @@ start:
1206 /* 'Change Cipher Spec' is just a single byte, so we know 1162 /* 'Change Cipher Spec' is just a single byte, so we know
1207 * exactly what the record payload has to look like */ 1163 * exactly what the record payload has to look like */
1208 /* XDTLS: check that epoch is consistent */ 1164 /* XDTLS: check that epoch is consistent */
1209 if ( (rr->length != ccs_hdr_len) || 1165 if ((rr->length != ccs_hdr_len) ||
1210 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) 1166 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
1211 { 1167 i = SSL_AD_ILLEGAL_PARAMETER;
1212 i=SSL_AD_ILLEGAL_PARAMETER; 1168 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
1213 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1214 goto err; 1169 goto err;
1215 } 1170 }
1216 1171
1217 rr->length=0; 1172 rr->length = 0;
1218 1173
1219 if (s->msg_callback) 1174 if (s->msg_callback)
1220 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, 1175 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
1221 rr->data, 1, s, s->msg_callback_arg); 1176 rr->data, 1, s, s->msg_callback_arg);
1222 1177
1223 /* We can't process a CCS now, because previous handshake 1178 /* We can't process a CCS now, because previous handshake
1224 * messages are still missing, so just drop it. 1179 * messages are still missing, so just drop it.
1225 */ 1180 */
1226 if (!s->d1->change_cipher_spec_ok) 1181 if (!s->d1->change_cipher_spec_ok) {
1227 {
1228 goto start; 1182 goto start;
1229 } 1183 }
1230 1184
1231 s->d1->change_cipher_spec_ok = 0; 1185 s->d1->change_cipher_spec_ok = 0;
1232 1186
1233 s->s3->change_cipher_spec=1; 1187 s->s3->change_cipher_spec = 1;
1234 if (!ssl3_do_change_cipher_spec(s)) 1188 if (!ssl3_do_change_cipher_spec(s))
1235 goto err; 1189 goto err;
1236 1190
@@ -1250,90 +1204,82 @@ start:
1250#endif 1204#endif
1251 1205
1252 goto start; 1206 goto start;
1253 } 1207 }
1254 1208
1255 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1209 /* Unexpected handshake message (Client Hello, or protocol violation) */
1256 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 1210 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1257 !s->in_handshake) 1211 !s->in_handshake) {
1258 {
1259 struct hm_header_st msg_hdr; 1212 struct hm_header_st msg_hdr;
1260 1213
1261 /* this may just be a stale retransmit */ 1214 /* this may just be a stale retransmit */
1262 dtls1_get_message_header(rr->data, &msg_hdr); 1215 dtls1_get_message_header(rr->data, &msg_hdr);
1263 if( rr->epoch != s->d1->r_epoch) 1216 if (rr->epoch != s->d1->r_epoch) {
1264 {
1265 rr->length = 0; 1217 rr->length = 0;
1266 goto start; 1218 goto start;
1267 } 1219 }
1268 1220
1269 /* If we are server, we may have a repeated FINISHED of the 1221 /* If we are server, we may have a repeated FINISHED of the
1270 * client here, then retransmit our CCS and FINISHED. 1222 * client here, then retransmit our CCS and FINISHED.
1271 */ 1223 */
1272 if (msg_hdr.type == SSL3_MT_FINISHED) 1224 if (msg_hdr.type == SSL3_MT_FINISHED) {
1273 {
1274 if (dtls1_check_timeout_num(s) < 0) 1225 if (dtls1_check_timeout_num(s) < 0)
1275 return -1; 1226 return -1;
1276 1227
1277 dtls1_retransmit_buffered_messages(s); 1228 dtls1_retransmit_buffered_messages(s);
1278 rr->length = 0; 1229 rr->length = 0;
1279 goto start; 1230 goto start;
1280 } 1231 }
1281 1232
1282 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1233 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1283 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1234 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1284 {
1285#if 0 /* worked only because C operator preferences are not as expected (and 1235#if 0 /* worked only because C operator preferences are not as expected (and
1286 * because this is not really needed for clients except for detecting 1236 * because this is not really needed for clients except for detecting
1287 * protocol violations): */ 1237 * protocol violations): */
1288 s->state=SSL_ST_BEFORE|(s->server) 1238 s->state = SSL_ST_BEFORE |
1289 ?SSL_ST_ACCEPT 1239 (s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1290 :SSL_ST_CONNECT;
1291#else 1240#else
1292 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1241 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1293#endif 1242#endif
1294 s->renegotiate=1; 1243 s->renegotiate = 1;
1295 s->new_session=1; 1244 s->new_session = 1;
1296 } 1245 }
1297 i=s->handshake_func(s); 1246 i = s->handshake_func(s);
1298 if (i < 0) return(i); 1247 if (i < 0)
1299 if (i == 0) 1248 return (i);
1300 { 1249 if (i == 0) {
1301 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1250 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1302 return(-1); 1251 return (-1);
1303 } 1252 }
1304 1253
1305 if (!(s->mode & SSL_MODE_AUTO_RETRY)) 1254 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1306 {
1307 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1255 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1308 { 1256 {
1309 BIO *bio; 1257 BIO *bio;
1310 /* In the case where we try to read application data, 1258 /* In the case where we try to read application data,
1311 * but we trigger an SSL handshake, we return -1 with 1259 * but we trigger an SSL handshake, we return -1 with
1312 * the retry option set. Otherwise renegotiation may 1260 * the retry option set. Otherwise renegotiation may
1313 * cause nasty problems in the blocking world */ 1261 * cause nasty problems in the blocking world */
1314 s->rwstate=SSL_READING; 1262 s->rwstate = SSL_READING;
1315 bio=SSL_get_rbio(s); 1263 bio = SSL_get_rbio(s);
1316 BIO_clear_retry_flags(bio); 1264 BIO_clear_retry_flags(bio);
1317 BIO_set_retry_read(bio); 1265 BIO_set_retry_read(bio);
1318 return(-1); 1266 return (-1);
1319 }
1320 } 1267 }
1321 goto start;
1322 } 1268 }
1269 goto start;
1270 }
1323 1271
1324 switch (rr->type) 1272 switch (rr->type) {
1325 {
1326 default: 1273 default:
1327#ifndef OPENSSL_NO_TLS 1274#ifndef OPENSSL_NO_TLS
1328 /* TLS just ignores unknown message types */ 1275 /* TLS just ignores unknown message types */
1329 if (s->version == TLS1_VERSION) 1276 if (s->version == TLS1_VERSION) {
1330 {
1331 rr->length = 0; 1277 rr->length = 0;
1332 goto start; 1278 goto start;
1333 } 1279 }
1334#endif 1280#endif
1335 al=SSL_AD_UNEXPECTED_MESSAGE; 1281 al = SSL_AD_UNEXPECTED_MESSAGE;
1336 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1282 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1337 goto f_err; 1283 goto f_err;
1338 case SSL3_RT_CHANGE_CIPHER_SPEC: 1284 case SSL3_RT_CHANGE_CIPHER_SPEC:
1339 case SSL3_RT_ALERT: 1285 case SSL3_RT_ALERT:
@@ -1341,8 +1287,8 @@ start:
1341 /* we already handled all of these, with the possible exception 1287 /* we already handled all of these, with the possible exception
1342 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that 1288 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1343 * should not happen when type != rr->type */ 1289 * should not happen when type != rr->type */
1344 al=SSL_AD_UNEXPECTED_MESSAGE; 1290 al = SSL_AD_UNEXPECTED_MESSAGE;
1345 SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR); 1291 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
1346 goto f_err; 1292 goto f_err;
1347 case SSL3_RT_APPLICATION_DATA: 1293 case SSL3_RT_APPLICATION_DATA:
1348 /* At this point, we were expecting handshake data, 1294 /* At this point, we were expecting handshake data,
@@ -1353,123 +1299,116 @@ start:
1353 * we will indulge it. 1299 * we will indulge it.
1354 */ 1300 */
1355 if (s->s3->in_read_app_data && 1301 if (s->s3->in_read_app_data &&
1356 (s->s3->total_renegotiations != 0) && 1302 (s->s3->total_renegotiations != 0) &&
1357 (( 1303 (((s->state & SSL_ST_CONNECT) &&
1358 (s->state & SSL_ST_CONNECT) && 1304 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1359 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && 1305 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
1360 (s->state <= SSL3_ST_CR_SRVR_HELLO_A) 1306 (s->state & SSL_ST_ACCEPT) &&
1361 ) || ( 1307 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1362 (s->state & SSL_ST_ACCEPT) && 1308 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1363 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1309 s->s3->in_read_app_data = 2;
1364 (s->state >= SSL3_ST_SR_CLNT_HELLO_A) 1310 return (-1);
1365 ) 1311 } else {
1366 )) 1312 al = SSL_AD_UNEXPECTED_MESSAGE;
1367 { 1313 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1368 s->s3->in_read_app_data=2;
1369 return(-1);
1370 }
1371 else
1372 {
1373 al=SSL_AD_UNEXPECTED_MESSAGE;
1374 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1375 goto f_err; 1314 goto f_err;
1376 }
1377 } 1315 }
1316 }
1378 /* not reached */ 1317 /* not reached */
1379 1318
1380f_err: 1319f_err:
1381 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1320 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1382err: 1321err:
1383 return(-1); 1322 return (-1);
1384 } 1323}
1385 1324
1386int 1325int
1387dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) 1326dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1388 { 1327{
1389 int i; 1328 int i;
1390 1329
1391#ifndef OPENSSL_NO_SCTP 1330#ifndef OPENSSL_NO_SCTP
1392 /* Check if we have to continue an interrupted handshake 1331 /* Check if we have to continue an interrupted handshake
1393 * for reading belated app data with SCTP. 1332 * for reading belated app data with SCTP.
1394 */ 1333 */
1395 if ((SSL_in_init(s) && !s->in_handshake) || 1334 if ((SSL_in_init(s) && !s->in_handshake) ||
1396 (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 1335 (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1397 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK))) 1336 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
1337 s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
1398#else 1338#else
1399 if (SSL_in_init(s) && !s->in_handshake) 1339 if (SSL_in_init(s) && !s->in_handshake)
1400#endif 1340#endif
1401 { 1341 {
1402 i=s->handshake_func(s); 1342 i = s->handshake_func(s);
1403 if (i < 0) return(i); 1343 if (i < 0)
1404 if (i == 0) 1344 return (i);
1405 { 1345 if (i == 0) {
1406 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1346 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1407 return -1; 1347 return -1;
1408 }
1409 } 1348 }
1349 }
1410 1350
1411 if (len > SSL3_RT_MAX_PLAIN_LENGTH) 1351 if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
1412 { 1352 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
1413 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG); 1353 return -1;
1414 return -1; 1354 }
1415 }
1416 1355
1417 i = dtls1_write_bytes(s, type, buf_, len); 1356 i = dtls1_write_bytes(s, type, buf_, len);
1418 return i; 1357 return i;
1419 } 1358}
1420 1359
1421 1360
1422 /* this only happens when a client hello is received and a handshake 1361 /* this only happens when a client hello is received and a handshake
1423 * is started. */ 1362 * is started. */
1424static int 1363static int
1425have_handshake_fragment(SSL *s, int type, unsigned char *buf, 1364have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1426 int len, int peek) 1365 int len, int peek)
1427 { 1366{
1428 1367
1429 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0)) 1368 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
1430 /* (partially) satisfy request from storage */ 1369 /* (partially) satisfy request from storage */
1431 { 1370 {
1432 unsigned char *src = s->d1->handshake_fragment; 1371 unsigned char *src = s->d1->handshake_fragment;
1433 unsigned char *dst = buf; 1372 unsigned char *dst = buf;
1434 unsigned int k,n; 1373 unsigned int k, n;
1435 1374
1436 /* peek == 0 */ 1375 /* peek == 0 */
1437 n = 0; 1376 n = 0;
1438 while ((len > 0) && (s->d1->handshake_fragment_len > 0)) 1377 while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
1439 {
1440 *dst++ = *src++; 1378 *dst++ = *src++;
1441 len--; s->d1->handshake_fragment_len--; 1379 len--;
1380 s->d1->handshake_fragment_len--;
1442 n++; 1381 n++;
1443 } 1382 }
1444 /* move any remaining fragment bytes: */ 1383 /* move any remaining fragment bytes: */
1445 for (k = 0; k < s->d1->handshake_fragment_len; k++) 1384 for (k = 0; k < s->d1->handshake_fragment_len; k++)
1446 s->d1->handshake_fragment[k] = *src++; 1385 s->d1->handshake_fragment[k] = *src++;
1447 return n; 1386 return n;
1448 }
1449
1450 return 0;
1451 } 1387 }
1452 1388
1453 1389 return 0;
1390}
1454 1391
1455 1392
1456/* Call this to write data in records of type 'type' 1393/* Call this to write data in records of type 'type'
1457 * It will return <= 0 if not all data has been sent or non-blocking IO. 1394 * It will return <= 0 if not all data has been sent or non-blocking IO.
1458 */ 1395 */
1459int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) 1396int
1460 { 1397dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1398{
1461 int i; 1399 int i;
1462 1400
1463 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); 1401 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1464 s->rwstate=SSL_NOTHING; 1402 s->rwstate = SSL_NOTHING;
1465 i=do_dtls1_write(s, type, buf, len, 0); 1403 i = do_dtls1_write(s, type, buf, len, 0);
1466 return i; 1404 return i;
1467 } 1405}
1468 1406
1469int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) 1407int
1470 { 1408do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
1471 unsigned char *p,*pseq; 1409{
1472 int i,mac_size,clear=0; 1410 unsigned char *p, *pseq;
1411 int i, mac_size, clear = 0;
1473 int prefix_len = 0; 1412 int prefix_len = 0;
1474 SSL3_RECORD *wr; 1413 SSL3_RECORD *wr;
1475 SSL3_BUFFER *wb; 1414 SSL3_BUFFER *wb;
@@ -1478,54 +1417,49 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
1478 1417
1479 /* first check if there is a SSL3_BUFFER still being written 1418 /* first check if there is a SSL3_BUFFER still being written
1480 * out. This will happen with non blocking IO */ 1419 * out. This will happen with non blocking IO */
1481 if (s->s3->wbuf.left != 0) 1420 if (s->s3->wbuf.left != 0) {
1482 {
1483 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ 1421 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1484 return(ssl3_write_pending(s,type,buf,len)); 1422 return (ssl3_write_pending(s, type, buf, len));
1485 } 1423 }
1486 1424
1487 /* If we have an alert to send, lets send it */ 1425 /* If we have an alert to send, lets send it */
1488 if (s->s3->alert_dispatch) 1426 if (s->s3->alert_dispatch) {
1489 { 1427 i = s->method->ssl_dispatch_alert(s);
1490 i=s->method->ssl_dispatch_alert(s);
1491 if (i <= 0) 1428 if (i <= 0)
1492 return(i); 1429 return (i);
1493 /* if it went, fall through and send more stuff */ 1430 /* if it went, fall through and send more stuff */
1494 } 1431 }
1495 1432
1496 if (len == 0 && !create_empty_fragment) 1433 if (len == 0 && !create_empty_fragment)
1497 return 0; 1434 return 0;
1498 1435
1499 wr= &(s->s3->wrec); 1436 wr = &(s->s3->wrec);
1500 wb= &(s->s3->wbuf); 1437 wb = &(s->s3->wbuf);
1501 sess=s->session; 1438 sess = s->session;
1502 1439
1503 if ( (sess == NULL) || 1440 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
1504 (s->enc_write_ctx == NULL) || 1441 (EVP_MD_CTX_md(s->write_hash) == NULL))
1505 (EVP_MD_CTX_md(s->write_hash) == NULL)) 1442 clear = 1;
1506 clear=1;
1507 1443
1508 if (clear) 1444 if (clear)
1509 mac_size=0; 1445 mac_size = 0;
1510 else 1446 else {
1511 { 1447 mac_size = EVP_MD_CTX_size(s->write_hash);
1512 mac_size=EVP_MD_CTX_size(s->write_hash);
1513 if (mac_size < 0) 1448 if (mac_size < 0)
1514 goto err; 1449 goto err;
1515 } 1450 }
1516 1451
1517 /* DTLS implements explicit IV, so no need for empty fragments */ 1452 /* DTLS implements explicit IV, so no need for empty fragments */
1518#if 0 1453#if 0
1519 /* 'create_empty_fragment' is true only when this function calls itself */ 1454 /* 'create_empty_fragment' is true only when this function calls itself */
1520 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done 1455 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done &&
1521 && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) 1456 SSL_version(s) != DTLS1_VERSION &&
1522 { 1457 SSL_version(s) != DTLS1_BAD_VER) {
1523 /* countermeasure against known-IV weakness in CBC ciphersuites 1458 /* countermeasure against known-IV weakness in CBC ciphersuites
1524 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 1459 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1525 */ 1460 */
1526 1461
1527 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) 1462 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
1528 {
1529 /* recursive function call with 'create_empty_fragment' set; 1463 /* recursive function call with 'create_empty_fragment' set;
1530 * this prepares and buffers the data for an empty fragment 1464 * this prepares and buffers the data for an empty fragment
1531 * (these 'prefix_len' bytes are sent out later 1465 * (these 'prefix_len' bytes are sent out later
@@ -1534,211 +1468,206 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
1534 if (prefix_len <= 0) 1468 if (prefix_len <= 0)
1535 goto err; 1469 goto err;
1536 1470
1537 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) 1471 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
1538 {
1539 /* insufficient space */ 1472 /* insufficient space */
1540 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR); 1473 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
1541 goto err; 1474 goto err;
1542 }
1543 } 1475 }
1544
1545 s->s3->empty_fragment_done = 1;
1546 } 1476 }
1477
1478 s->s3->empty_fragment_done = 1;
1479 }
1547#endif 1480#endif
1548 p = wb->buf + prefix_len; 1481 p = wb->buf + prefix_len;
1549 1482
1550 /* write the header */ 1483 /* write the header */
1551 1484
1552 *(p++)=type&0xff; 1485 *(p++) = type&0xff;
1553 wr->type=type; 1486 wr->type = type;
1554 1487
1555 *(p++)=(s->version>>8); 1488 *(p++) = (s->version >> 8);
1556 *(p++)=s->version&0xff; 1489 *(p++) = s->version&0xff;
1557 1490
1558 /* field where we are to write out packet epoch, seq num and len */ 1491 /* field where we are to write out packet epoch, seq num and len */
1559 pseq=p; 1492 pseq = p;
1560 p+=10; 1493
1494 p += 10;
1561 1495
1562 /* lets setup the record stuff. */ 1496 /* lets setup the record stuff. */
1563 1497
1564 /* Make space for the explicit IV in case of CBC. 1498 /* Make space for the explicit IV in case of CBC.
1565 * (this is a bit of a boundary violation, but what the heck). 1499 * (this is a bit of a boundary violation, but what the heck).
1566 */ 1500 */
1567 if ( s->enc_write_ctx && 1501 if (s->enc_write_ctx &&
1568 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE)) 1502 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
1569 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher); 1503 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
1570 else 1504 else
1571 bs = 0; 1505 bs = 0;
1572 1506
1573 wr->data=p + bs; /* make room for IV in case of CBC */ 1507 wr->data = p + bs;
1574 wr->length=(int)len; 1508 /* make room for IV in case of CBC */
1575 wr->input=(unsigned char *)buf; 1509 wr->length = (int)len;
1510 wr->input = (unsigned char *)buf;
1576 1511
1577 /* we now 'read' from wr->input, wr->length bytes into 1512 /* we now 'read' from wr->input, wr->length bytes into
1578 * wr->data */ 1513 * wr->data */
1579 1514
1580 /* first we compress */ 1515 /* first we compress */
1581 if (s->compress != NULL) 1516 if (s->compress != NULL) {
1582 { 1517 if (!ssl3_do_compress(s)) {
1583 if (!ssl3_do_compress(s)) 1518 SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
1584 {
1585 SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
1586 goto err; 1519 goto err;
1587 }
1588 }
1589 else
1590 {
1591 memcpy(wr->data,wr->input,wr->length);
1592 wr->input=wr->data;
1593 } 1520 }
1521 } else {
1522 memcpy(wr->data, wr->input, wr->length);
1523 wr->input = wr->data;
1524 }
1594 1525
1595 /* we should still have the output to wr->data and the input 1526 /* we should still have the output to wr->data and the input
1596 * from wr->input. Length should be wr->length. 1527 * from wr->input. Length should be wr->length.
1597 * wr->data still points in the wb->buf */ 1528 * wr->data still points in the wb->buf */
1598 1529
1599 if (mac_size != 0) 1530 if (mac_size != 0) {
1600 { 1531 if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0)
1601 if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0)
1602 goto err; 1532 goto err;
1603 wr->length+=mac_size; 1533 wr->length += mac_size;
1604 } 1534 }
1605 1535
1606 /* this is true regardless of mac size */ 1536 /* this is true regardless of mac size */
1607 wr->input=p; 1537 wr->input = p;
1608 wr->data=p; 1538 wr->data = p;
1609 1539
1610 1540
1611 /* ssl3_enc can only have an error on read */ 1541 /* ssl3_enc can only have an error on read */
1612 if (bs) /* bs != 0 in case of CBC */ 1542 if (bs) /* bs != 0 in case of CBC */
1613 { 1543 {
1614 RAND_pseudo_bytes(p,bs); 1544 RAND_pseudo_bytes(p, bs);
1615 /* master IV and last CBC residue stand for 1545 /* master IV and last CBC residue stand for
1616 * the rest of randomness */ 1546 * the rest of randomness */
1617 wr->length += bs; 1547 wr->length += bs;
1618 } 1548 }
1619 1549
1620 s->method->ssl3_enc->enc(s,1); 1550 s->method->ssl3_enc->enc(s, 1);
1621 1551
1622 /* record length after mac and block padding */ 1552 /* record length after mac and block padding */
1623/* if (type == SSL3_RT_APPLICATION_DATA || 1553/* if (type == SSL3_RT_APPLICATION_DATA ||
1624 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */ 1554 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
1625 1555
1626 /* there's only one epoch between handshake and app data */ 1556 /* there's only one epoch between handshake and app data */
1627 1557
1628 s2n(s->d1->w_epoch, pseq); 1558 s2n(s->d1->w_epoch, pseq);
1629 1559
1630 /* XDTLS: ?? */ 1560 /* XDTLS: ?? */
1631/* else 1561/* else
1632 s2n(s->d1->handshake_epoch, pseq); */ 1562 s2n(s->d1->handshake_epoch, pseq);
1563*/
1633 1564
1634 memcpy(pseq, &(s->s3->write_sequence[2]), 6); 1565 memcpy(pseq, &(s->s3->write_sequence[2]), 6);
1635 pseq+=6; 1566 pseq += 6;
1636 s2n(wr->length,pseq); 1567 s2n(wr->length, pseq);
1637 1568
1638 /* we should now have 1569 /* we should now have
1639 * wr->data pointing to the encrypted data, which is 1570 * wr->data pointing to the encrypted data, which is
1640 * wr->length long */ 1571 * wr->length long */
1641 wr->type=type; /* not needed but helps for debugging */ 1572 wr->type=type; /* not needed but helps for debugging */
1642 wr->length+=DTLS1_RT_HEADER_LENGTH; 1573 wr->length += DTLS1_RT_HEADER_LENGTH;
1643 1574
1644#if 0 /* this is now done at the message layer */ 1575#if 0 /* this is now done at the message layer */
1645 /* buffer the record, making it easy to handle retransmits */ 1576 /* buffer the record, making it easy to handle retransmits */
1646 if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC) 1577 if (type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
1647 dtls1_buffer_record(s, wr->data, wr->length, 1578 dtls1_buffer_record(s, wr->data, wr->length,
1648 *((PQ_64BIT *)&(s->s3->write_sequence[0]))); 1579 *((PQ_64BIT *)&(s->s3->write_sequence[0])));
1649#endif 1580#endif
1650 1581
1651 ssl3_record_sequence_update(&(s->s3->write_sequence[0])); 1582 ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
1652 1583
1653 if (create_empty_fragment) 1584 if (create_empty_fragment) {
1654 {
1655 /* we are in a recursive call; 1585 /* we are in a recursive call;
1656 * just return the length, don't write out anything here 1586 * just return the length, don't write out anything here
1657 */ 1587 */
1658 return wr->length; 1588 return wr->length;
1659 } 1589 }
1660 1590
1661 /* now let's set up wb */ 1591 /* now let's set up wb */
1662 wb->left = prefix_len + wr->length; 1592 wb->left = prefix_len + wr->length;
1663 wb->offset = 0; 1593 wb->offset = 0;
1664 1594
1665 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ 1595 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1666 s->s3->wpend_tot=len; 1596 s->s3->wpend_tot = len;
1667 s->s3->wpend_buf=buf; 1597 s->s3->wpend_buf = buf;
1668 s->s3->wpend_type=type; 1598 s->s3->wpend_type = type;
1669 s->s3->wpend_ret=len; 1599 s->s3->wpend_ret = len;
1670 1600
1671 /* we now just need to write the buffer */ 1601 /* we now just need to write the buffer */
1672 return ssl3_write_pending(s,type,buf,len); 1602 return ssl3_write_pending(s, type, buf, len);
1673err: 1603err:
1674 return -1; 1604 return -1;
1675 } 1605}
1676 1606
1677 1607
1678 1608
1679static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) 1609static int
1680 { 1610dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1611{
1681 int cmp; 1612 int cmp;
1682 unsigned int shift; 1613 unsigned int shift;
1683 const unsigned char *seq = s->s3->read_sequence; 1614 const unsigned char *seq = s->s3->read_sequence;
1684 1615
1685 cmp = satsub64be(seq,bitmap->max_seq_num); 1616 cmp = satsub64be(seq, bitmap->max_seq_num);
1686 if (cmp > 0) 1617 if (cmp > 0) {
1687 { 1618 memcpy (s->s3->rrec.seq_num, seq, 8);
1688 memcpy (s->s3->rrec.seq_num,seq,8);
1689 return 1; /* this record in new */ 1619 return 1; /* this record in new */
1690 } 1620 }
1691 shift = -cmp; 1621 shift = -cmp;
1692 if (shift >= sizeof(bitmap->map)*8) 1622 if (shift >= sizeof(bitmap->map)*8)
1693 return 0; /* stale, outside the window */ 1623 return 0; /* stale, outside the window */
1694 else if (bitmap->map & (1UL<<shift)) 1624 else if (bitmap->map & (1UL << shift))
1695 return 0; /* record previously received */ 1625 return 0; /* record previously received */
1696 1626
1697 memcpy (s->s3->rrec.seq_num,seq,8); 1627 memcpy(s->s3->rrec.seq_num, seq, 8);
1698 return 1; 1628 return 1;
1699 } 1629}
1700 1630
1701 1631
1702static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) 1632static void
1703 { 1633dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1634{
1704 int cmp; 1635 int cmp;
1705 unsigned int shift; 1636 unsigned int shift;
1706 const unsigned char *seq = s->s3->read_sequence; 1637 const unsigned char *seq = s->s3->read_sequence;
1707 1638
1708 cmp = satsub64be(seq,bitmap->max_seq_num); 1639 cmp = satsub64be(seq, bitmap->max_seq_num);
1709 if (cmp > 0) 1640 if (cmp > 0) {
1710 {
1711 shift = cmp; 1641 shift = cmp;
1712 if (shift < sizeof(bitmap->map)*8) 1642 if (shift < sizeof(bitmap->map)*8)
1713 bitmap->map <<= shift, bitmap->map |= 1UL; 1643 bitmap->map <<= shift, bitmap->map |= 1UL;
1714 else 1644 else
1715 bitmap->map = 1UL; 1645 bitmap->map = 1UL;
1716 memcpy(bitmap->max_seq_num,seq,8); 1646 memcpy(bitmap->max_seq_num, seq, 8);
1717 } 1647 } else {
1718 else {
1719 shift = -cmp; 1648 shift = -cmp;
1720 if (shift < sizeof(bitmap->map)*8) 1649 if (shift < sizeof(bitmap->map) * 8)
1721 bitmap->map |= 1UL<<shift; 1650 bitmap->map |= 1UL << shift;
1722 }
1723 } 1651 }
1652}
1724 1653
1725 1654
1726int dtls1_dispatch_alert(SSL *s) 1655int
1727 { 1656dtls1_dispatch_alert(SSL *s)
1728 int i,j; 1657{
1729 void (*cb)(const SSL *ssl,int type,int val)=NULL; 1658 int i, j;
1659 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1730 unsigned char buf[DTLS1_AL_HEADER_LENGTH]; 1660 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1731 unsigned char *ptr = &buf[0]; 1661 unsigned char *ptr = &buf[0];
1732 1662
1733 s->s3->alert_dispatch=0; 1663 s->s3->alert_dispatch = 0;
1734 1664
1735 memset(buf, 0x00, sizeof(buf)); 1665 memset(buf, 0x00, sizeof(buf));
1736 *ptr++ = s->s3->send_alert[0]; 1666 *ptr++ = s->s3->send_alert[0];
1737 *ptr++ = s->s3->send_alert[1]; 1667 *ptr++ = s->s3->send_alert[1];
1738 1668
1739#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1669#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1740 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) 1670 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
1741 {
1742 s2n(s->d1->handshake_read_seq, ptr); 1671 s2n(s->d1->handshake_read_seq, ptr);
1743#if 0 1672#if 0
1744 if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */ 1673 if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */
@@ -1748,152 +1677,136 @@ int dtls1_dispatch_alert(SSL *s)
1748#endif 1677#endif
1749 1678
1750#if 0 1679#if 0
1751 fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq); 1680 fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n", s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq);
1752#endif 1681#endif
1753 l2n3(s->d1->r_msg_hdr.frag_off, ptr); 1682 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
1754 } 1683 }
1755#endif 1684#endif
1756 1685
1757 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); 1686 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
1758 if (i <= 0) 1687 if (i <= 0) {
1759 { 1688 s->s3->alert_dispatch = 1;
1760 s->s3->alert_dispatch=1;
1761 /* fprintf( stderr, "not done with alert\n" ); */ 1689 /* fprintf( stderr, "not done with alert\n" ); */
1762 } 1690 } else {
1763 else
1764 {
1765 if (s->s3->send_alert[0] == SSL3_AL_FATAL 1691 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1766#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1692#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1767 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1693 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1768#endif 1694#endif
1769 ) 1695 )
1770 (void)BIO_flush(s->wbio); 1696 (void)BIO_flush(s->wbio);
1771 1697
1772 if (s->msg_callback) 1698 if (s->msg_callback)
1773 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 1699 s->msg_callback(1, s->version, SSL3_RT_ALERT,
1774 2, s, s->msg_callback_arg); 1700 s->s3->send_alert, 2, s, s->msg_callback_arg);
1775 1701
1776 if (s->info_callback != NULL) 1702 if (s->info_callback != NULL)
1777 cb=s->info_callback; 1703 cb = s->info_callback;
1778 else if (s->ctx->info_callback != NULL) 1704 else if (s->ctx->info_callback != NULL)
1779 cb=s->ctx->info_callback; 1705 cb = s->ctx->info_callback;
1780 1706
1781 if (cb != NULL) 1707 if (cb != NULL) {
1782 { 1708 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1783 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1709 cb(s, SSL_CB_WRITE_ALERT, j);
1784 cb(s,SSL_CB_WRITE_ALERT,j);
1785 }
1786 } 1710 }
1787 return(i);
1788 } 1711 }
1712 return (i);
1713}
1789 1714
1790 1715
1791static DTLS1_BITMAP * 1716static DTLS1_BITMAP *
1792dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) 1717dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
1793 { 1718{
1794 1719
1795 *is_next_epoch = 0; 1720 *is_next_epoch = 0;
1796 1721
1797 /* In current epoch, accept HM, CCS, DATA, & ALERT */ 1722 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1798 if (rr->epoch == s->d1->r_epoch) 1723 if (rr->epoch == s->d1->r_epoch)
1799 return &s->d1->bitmap; 1724 return &s->d1->bitmap;
1800 1725
1801 /* Only HM and ALERT messages can be from the next epoch */ 1726 /* Only HM and ALERT messages can be from the next epoch */
1802 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && 1727 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
1803 (rr->type == SSL3_RT_HANDSHAKE || 1728 (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
1804 rr->type == SSL3_RT_ALERT)) 1729 *is_next_epoch = 1;
1805 { 1730 return &s->d1->next_bitmap;
1806 *is_next_epoch = 1; 1731 }
1807 return &s->d1->next_bitmap; 1732
1808 } 1733 return NULL;
1809 1734}
1810 return NULL;
1811 }
1812 1735
1813#if 0 1736#if 0
1814static int 1737static int
1815dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority, 1738dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
1816 unsigned long *offset) 1739 unsigned long *offset)
1817 { 1740{
1818 1741
1819 /* alerts are passed up immediately */ 1742 /* alerts are passed up immediately */
1820 if ( rr->type == SSL3_RT_APPLICATION_DATA || 1743 if (rr->type == SSL3_RT_APPLICATION_DATA || rr->type == SSL3_RT_ALERT)
1821 rr->type == SSL3_RT_ALERT)
1822 return 0; 1744 return 0;
1823 1745
1824 /* Only need to buffer if a handshake is underway. 1746 /* Only need to buffer if a handshake is underway.
1825 * (this implies that Hello Request and Client Hello are passed up 1747 * (this implies that Hello Request and Client Hello are passed up
1826 * immediately) */ 1748 * immediately) */
1827 if ( SSL_in_init(s)) 1749 if (SSL_in_init(s)) {
1828 {
1829 unsigned char *data = rr->data; 1750 unsigned char *data = rr->data;
1830 /* need to extract the HM/CCS sequence number here */ 1751 /* need to extract the HM/CCS sequence number here */
1831 if ( rr->type == SSL3_RT_HANDSHAKE || 1752 if (rr->type == SSL3_RT_HANDSHAKE ||
1832 rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) 1753 rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1833 {
1834 unsigned short seq_num; 1754 unsigned short seq_num;
1835 struct hm_header_st msg_hdr; 1755 struct hm_header_st msg_hdr;
1836 struct ccs_header_st ccs_hdr; 1756 struct ccs_header_st ccs_hdr;
1837 1757
1838 if ( rr->type == SSL3_RT_HANDSHAKE) 1758 if (rr->type == SSL3_RT_HANDSHAKE) {
1839 {
1840 dtls1_get_message_header(data, &msg_hdr); 1759 dtls1_get_message_header(data, &msg_hdr);
1841 seq_num = msg_hdr.seq; 1760 seq_num = msg_hdr.seq;
1842 *offset = msg_hdr.frag_off; 1761 *offset = msg_hdr.frag_off;
1843 } 1762 } else {
1844 else
1845 {
1846 dtls1_get_ccs_header(data, &ccs_hdr); 1763 dtls1_get_ccs_header(data, &ccs_hdr);
1847 seq_num = ccs_hdr.seq; 1764 seq_num = ccs_hdr.seq;
1848 *offset = 0; 1765 *offset = 0;
1849 } 1766 }
1850 1767
1851 /* this is either a record we're waiting for, or a 1768 /* this is either a record we're waiting for, or a
1852 * retransmit of something we happened to previously 1769 * retransmit of something we happened to previously
1853 * receive (higher layers will drop the repeat silently */ 1770 * receive (higher layers will drop the repeat silently */
1854 if ( seq_num < s->d1->handshake_read_seq) 1771 if (seq_num < s->d1->handshake_read_seq)
1855 return 0; 1772 return 0;
1856 if (rr->type == SSL3_RT_HANDSHAKE && 1773 if (rr->type == SSL3_RT_HANDSHAKE &&
1857 seq_num == s->d1->handshake_read_seq && 1774 seq_num == s->d1->handshake_read_seq &&
1858 msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off) 1775 msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
1859 return 0; 1776 return 0;
1860 else if ( seq_num == s->d1->handshake_read_seq && 1777 else if (seq_num == s->d1->handshake_read_seq &&
1861 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC || 1778 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
1862 msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off)) 1779 msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
1863 return 0; 1780 return 0;
1864 else 1781 else {
1865 {
1866 *priority = seq_num; 1782 *priority = seq_num;
1867 return 1; 1783 return 1;
1868 }
1869 } 1784 }
1785 }
1870 else /* unknown record type */ 1786 else /* unknown record type */
1871 return 0; 1787 return 0;
1872 } 1788 }
1873 1789
1874 return 0; 1790 return 0;
1875 } 1791}
1876#endif 1792#endif
1877 1793
1878void 1794void
1879dtls1_reset_seq_numbers(SSL *s, int rw) 1795dtls1_reset_seq_numbers(SSL *s, int rw)
1880 { 1796{
1881 unsigned char *seq; 1797 unsigned char *seq;
1882 unsigned int seq_bytes = sizeof(s->s3->read_sequence); 1798 unsigned int seq_bytes = sizeof(s->s3->read_sequence);
1883 1799
1884 if ( rw & SSL3_CC_READ) 1800 if (rw & SSL3_CC_READ) {
1885 {
1886 seq = s->s3->read_sequence; 1801 seq = s->s3->read_sequence;
1887 s->d1->r_epoch++; 1802 s->d1->r_epoch++;
1888 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); 1803 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1889 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); 1804 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1890 } 1805 } else {
1891 else
1892 {
1893 seq = s->s3->write_sequence; 1806 seq = s->s3->write_sequence;
1894 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); 1807 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
1895 s->d1->w_epoch++; 1808 s->d1->w_epoch++;
1896 } 1809 }
1897 1810
1898 memset(seq, 0x00, seq_bytes); 1811 memset(seq, 0x00, seq_bytes);
1899 } 1812}
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index ab9c41922c..fadd9f381f 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -124,371 +124,348 @@
124#include "srtp.h" 124#include "srtp.h"
125 125
126 126
127static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= 127static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= {
128 { 128 {
129 { 129 "SRTP_AES128_CM_SHA1_80",
130 "SRTP_AES128_CM_SHA1_80", 130 SRTP_AES128_CM_SHA1_80,
131 SRTP_AES128_CM_SHA1_80, 131 },
132 }, 132 {
133 { 133 "SRTP_AES128_CM_SHA1_32",
134 "SRTP_AES128_CM_SHA1_32", 134 SRTP_AES128_CM_SHA1_32,
135 SRTP_AES128_CM_SHA1_32, 135 },
136 },
137#if 0 136#if 0
138 { 137 {
139 "SRTP_NULL_SHA1_80", 138 "SRTP_NULL_SHA1_80",
140 SRTP_NULL_SHA1_80, 139 SRTP_NULL_SHA1_80,
141 }, 140 },
142 { 141 {
143 "SRTP_NULL_SHA1_32", 142 "SRTP_NULL_SHA1_32",
144 SRTP_NULL_SHA1_32, 143 SRTP_NULL_SHA1_32,
145 }, 144 },
146#endif 145#endif
147 {0} 146 {0}
148 }; 147};
149 148
150static int find_profile_by_name(char *profile_name, 149static int
151 SRTP_PROTECTION_PROFILE **pptr,unsigned len) 150find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr,
152 { 151 unsigned len)
152{
153 SRTP_PROTECTION_PROFILE *p; 153 SRTP_PROTECTION_PROFILE *p;
154 154
155 p=srtp_known_profiles; 155 p = srtp_known_profiles;
156 while(p->name) 156 while (p->name) {
157 { 157 if ((len == strlen(p->name)) &&
158 if((len == strlen(p->name)) && !strncmp(p->name,profile_name, 158 !strncmp(p->name, profile_name, len)) {
159 len)) 159 *pptr = p;
160 {
161 *pptr=p;
162 return 0; 160 return 0;
163 } 161 }
164 162
165 p++; 163 p++;
166 } 164 }
167 165
168 return 1; 166 return 1;
169 } 167}
170 168
171static int find_profile_by_num(unsigned profile_num, 169static int
172 SRTP_PROTECTION_PROFILE **pptr) 170find_profile_by_num(unsigned profile_num, SRTP_PROTECTION_PROFILE **pptr)
173 { 171{
174 SRTP_PROTECTION_PROFILE *p; 172 SRTP_PROTECTION_PROFILE *p;
175 173
176 p=srtp_known_profiles; 174 p = srtp_known_profiles;
177 while(p->name) 175 while (p->name) {
178 { 176 if (p->id == profile_num) {
179 if(p->id == profile_num) 177 *pptr = p;
180 {
181 *pptr=p;
182 return 0; 178 return 0;
183 }
184 p++;
185 } 179 }
180 p++;
181 }
186 182
187 return 1; 183 return 1;
188 } 184}
189 185
190static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out) 186static int
191 { 187ssl_ctx_make_profiles(const char *profiles_string,
188 STACK_OF(SRTP_PROTECTION_PROFILE) **out)
189{
192 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; 190 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
193 191
194 char *col; 192 char *col;
195 char *ptr=(char *)profiles_string; 193 char *ptr = (char *)profiles_string;
196 194
197 SRTP_PROTECTION_PROFILE *p; 195 SRTP_PROTECTION_PROFILE *p;
198 196
199 if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null())) 197 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
200 {
201 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); 198 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
202 return 1; 199 return 1;
203 } 200 }
204
205 do
206 {
207 col=strchr(ptr,':');
208
209 if(!find_profile_by_name(ptr,&p,
210 col ? col-ptr : (int)strlen(ptr)))
211 {
212 sk_SRTP_PROTECTION_PROFILE_push(profiles,p);
213 }
214 else
215 {
216 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
217 return 1;
218 }
219 201
220 if(col) ptr=col+1; 202 do {
221 } while (col); 203 col = strchr(ptr, ':');
222 204
223 *out=profiles; 205 if (!find_profile_by_name(ptr, &p,
224 206 col ? col - ptr : (int)strlen(ptr))) {
225 return 0; 207 sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
226 } 208 } else {
227 209 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
228int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles) 210 return 1;
229 { 211 }
230 return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles);
231 }
232 212
233int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles) 213 if (col)
234 { 214 ptr = col + 1;
235 return ssl_ctx_make_profiles(profiles,&s->srtp_profiles); 215 } while (col);
236 }
237 216
217 *out = profiles;
238 218
239STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) 219 return 0;
240 { 220}
241 if(s != NULL) 221
242 { 222int
243 if(s->srtp_profiles != NULL) 223SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
244 { 224{
225 return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
226}
227
228int
229SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
230{
231 return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
232}
233
234
235STACK_OF(SRTP_PROTECTION_PROFILE)
236*SSL_get_srtp_profiles(SSL *s)
237{
238 if (s != NULL) {
239 if (s->srtp_profiles != NULL) {
245 return s->srtp_profiles; 240 return s->srtp_profiles;
246 } 241 } else if ((s->ctx != NULL) &&
247 else if((s->ctx != NULL) && 242 (s->ctx->srtp_profiles != NULL)) {
248 (s->ctx->srtp_profiles != NULL))
249 {
250 return s->ctx->srtp_profiles; 243 return s->ctx->srtp_profiles;
251 }
252 } 244 }
245 }
253 246
254 return NULL; 247 return NULL;
255 } 248}
256 249
257SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) 250SRTP_PROTECTION_PROFILE
258 { 251*SSL_get_selected_srtp_profile(SSL *s)
252{
259 return s->srtp_profile; 253 return s->srtp_profile;
260 } 254}
261 255
262/* Note: this function returns 0 length if there are no 256/* Note: this function returns 0 length if there are no
263 profiles specified */ 257 profiles specified */
264int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) 258int
265 { 259ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
266 int ct=0; 260{
261 int ct = 0;
267 int i; 262 int i;
268 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0; 263 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
269 SRTP_PROTECTION_PROFILE *prof; 264 SRTP_PROTECTION_PROFILE *prof;
270
271 clnt=SSL_get_srtp_profiles(s);
272 ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
273
274 if(p)
275 {
276 if(ct==0)
277 {
278 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
279 return 1;
280 }
281 265
282 if((2 + ct*2 + 1) > maxlen) 266 clnt = SSL_get_srtp_profiles(s);
283 { 267
284 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 268 ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
269
270 if (p) {
271 if (ct == 0) {
272 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
285 return 1; 273 return 1;
286 } 274 }
287 275
288 /* Add the length */ 276 if ((2 + ct * 2 + 1) > maxlen) {
289 s2n(ct * 2, p); 277 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
290 for(i=0;i<ct;i++) 278 return 1;
291 { 279 }
292 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
293 s2n(prof->id,p);
294 }
295 280
296 /* Add an empty use_mki value */ 281 /* Add the length */
297 *p++ = 0; 282 s2n(ct * 2, p);
283 for (i = 0; i < ct; i++) {
284 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
285 s2n(prof->id, p);
298 } 286 }
299 287
300 *len=2 + ct*2 + 1; 288 /* Add an empty use_mki value */
301 289 *p++ = 0;
302 return 0;
303 } 290 }
304 291
292 *len = 2 + ct*2 + 1;
305 293
306int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) 294 return 0;
307 { 295}
308 SRTP_PROTECTION_PROFILE *cprof,*sprof; 296
309 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr; 297
310 int ct; 298int
311 int mki_len; 299ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
312 int i,j; 300{
301 SRTP_PROTECTION_PROFILE *cprof, *sprof;
302 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr;
303 int ct;
304 int mki_len;
305 int i, j;
313 int id; 306 int id;
314 int ret; 307 int ret;
315 308
316 /* Length value + the MKI length */ 309 /* Length value + the MKI length */
317 if(len < 3) 310 if (len < 3) {
318 { 311 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
319 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 312 *al = SSL_AD_DECODE_ERROR;
320 *al=SSL_AD_DECODE_ERROR;
321 return 1; 313 return 1;
322 } 314 }
323 315
324 /* Pull off the length of the cipher suite list */ 316 /* Pull off the length of the cipher suite list */
325 n2s(d, ct); 317 n2s(d, ct);
326 len -= 2; 318 len -= 2;
327 319
328 /* Check that it is even */ 320 /* Check that it is even */
329 if(ct%2) 321 if (ct % 2) {
330 { 322 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
331 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 323 *al = SSL_AD_DECODE_ERROR;
332 *al=SSL_AD_DECODE_ERROR;
333 return 1; 324 return 1;
334 } 325 }
335 326
336 /* Check that lengths are consistent */ 327 /* Check that lengths are consistent */
337 if(len < (ct + 1)) 328 if (len < (ct + 1)) {
338 { 329 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
339 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 330 *al = SSL_AD_DECODE_ERROR;
340 *al=SSL_AD_DECODE_ERROR;
341 return 1; 331 return 1;
342 } 332 }
343 333
344
345 clnt=sk_SRTP_PROTECTION_PROFILE_new_null();
346 334
347 while(ct) 335 clnt = sk_SRTP_PROTECTION_PROFILE_new_null();
348 {
349 n2s(d,id);
350 ct-=2;
351 len-=2;
352 336
353 if(!find_profile_by_num(id,&cprof)) 337 while (ct) {
354 { 338 n2s(d, id);
355 sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof); 339 ct -= 2;
356 } 340 len -= 2;
357 else 341
358 { 342 if (!find_profile_by_num(id, &cprof)) {
343 sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
344 } else {
359 ; /* Ignore */ 345 ; /* Ignore */
360 }
361 } 346 }
347 }
362 348
363 /* Now extract the MKI value as a sanity check, but discard it for now */ 349 /* Now extract the MKI value as a sanity check, but discard it for now */
364 mki_len = *d; 350 mki_len = *d;
365 d++; len--; 351 d++;
352 len--;
366 353
367 if (mki_len != len) 354 if (mki_len != len) {
368 { 355 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE);
369 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); 356 *al = SSL_AD_DECODE_ERROR;
370 *al=SSL_AD_DECODE_ERROR;
371 return 1; 357 return 1;
372 } 358 }
373 359
374 srvr=SSL_get_srtp_profiles(s); 360 srvr = SSL_get_srtp_profiles(s);
375 361
376 /* Pick our most preferred profile. If no profiles have been 362 /* Pick our most preferred profile. If no profiles have been
377 configured then the outer loop doesn't run 363 configured then the outer loop doesn't run
378 (sk_SRTP_PROTECTION_PROFILE_num() = -1) 364 (sk_SRTP_PROTECTION_PROFILE_num() = -1)
379 and so we just return without doing anything */ 365 and so we just return without doing anything */
380 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++) 366 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {
381 { 367 sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
382 sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i); 368
383 369 for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) {
384 for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++) 370 cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j);
385 { 371
386 cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j); 372 if (cprof->id == sprof->id) {
387 373 s->srtp_profile = sprof;
388 if(cprof->id==sprof->id) 374 *al = 0;
389 { 375 ret = 0;
390 s->srtp_profile=sprof;
391 *al=0;
392 ret=0;
393 goto done; 376 goto done;
394 }
395 } 377 }
396 } 378 }
379 }
380
381 ret = 0;
397 382
398 ret=0;
399
400done: 383done:
401 if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt); 384 if (clnt)
385 sk_SRTP_PROTECTION_PROFILE_free(clnt);
402 386
403 return ret; 387 return ret;
404 } 388}
405 389
406int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) 390int
407 { 391ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
408 if(p) 392{
409 { 393 if (p) {
410 if(maxlen < 5) 394 if (maxlen < 5) {
411 { 395 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
412 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
413 return 1; 396 return 1;
414 } 397 }
415 398
416 if(s->srtp_profile==0) 399 if (s->srtp_profile == 0) {
417 { 400 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_USE_SRTP_NOT_NEGOTIATED);
418 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED);
419 return 1; 401 return 1;
420 }
421 s2n(2, p);
422 s2n(s->srtp_profile->id,p);
423 *p++ = 0;
424 } 402 }
425 *len=5; 403 s2n(2, p);
426 404 s2n(s->srtp_profile->id, p);
427 return 0; 405 *p++ = 0;
428 } 406 }
429 407 *len = 5;
430 408
431int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) 409 return 0;
432 { 410}
411
412
413int
414ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
415{
433 unsigned id; 416 unsigned id;
434 int i; 417 int i;
435 int ct; 418 int ct;
436 419
437 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; 420 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
438 SRTP_PROTECTION_PROFILE *prof; 421 SRTP_PROTECTION_PROFILE *prof;
439 422
440 if(len!=5) 423 if (len != 5) {
441 { 424 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
442 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 425 *al = SSL_AD_DECODE_ERROR;
443 *al=SSL_AD_DECODE_ERROR;
444 return 1; 426 return 1;
445 } 427 }
446 428
447 n2s(d, ct); 429 n2s(d, ct);
448 if(ct!=2) 430 if (ct != 2) {
449 { 431 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
450 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 432 *al = SSL_AD_DECODE_ERROR;
451 *al=SSL_AD_DECODE_ERROR;
452 return 1; 433 return 1;
453 } 434 }
454 435
455 n2s(d,id); 436 n2s(d, id);
456 if (*d) /* Must be no MKI, since we never offer one */ 437 if (*d) /* Must be no MKI, since we never offer one */
457 { 438 {
458 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); 439 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE);
459 *al=SSL_AD_ILLEGAL_PARAMETER; 440 *al = SSL_AD_ILLEGAL_PARAMETER;
460 return 1; 441 return 1;
461 } 442 }
462 443
463 clnt=SSL_get_srtp_profiles(s); 444 clnt = SSL_get_srtp_profiles(s);
464 445
465 /* Throw an error if the server gave us an unsolicited extension */ 446 /* Throw an error if the server gave us an unsolicited extension */
466 if (clnt == NULL) 447 if (clnt == NULL) {
467 { 448 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_NO_SRTP_PROFILES);
468 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PROFILES); 449 *al = SSL_AD_DECODE_ERROR;
469 *al=SSL_AD_DECODE_ERROR;
470 return 1; 450 return 1;
471 } 451 }
472 452
473 /* Check to see if the server gave us something we support 453 /* Check to see if the server gave us something we support
474 (and presumably offered) 454 (and presumably offered)
475 */ 455 */
476 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++) 456 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
477 { 457 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
478 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); 458
479 459 if (prof->id == id) {
480 if(prof->id == id) 460 s->srtp_profile = prof;
481 { 461 *al = 0;
482 s->srtp_profile=prof;
483 *al=0;
484 return 0; 462 return 0;
485 }
486 } 463 }
487
488 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
489 *al=SSL_AD_DECODE_ERROR;
490 return 1;
491 } 464 }
492 465
466 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
467 *al = SSL_AD_DECODE_ERROR;
468 return 1;
469}
493 470
494#endif 471#endif
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index a265fed22f..c051e84874 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -152,102 +152,102 @@
152 printf("\n"); } 152 printf("\n"); }
153#endif 153#endif
154 154
155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; 155static unsigned char bitmask_start_values[] = {
156static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; 156 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80
157};
158static unsigned char bitmask_end_values[] = {
159 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f
160};
157 161
158/* XDTLS: figure out the right values */ 162/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; 163static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
160 164
161static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); 165static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
162static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 166static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
163 unsigned long frag_len); 167 unsigned long frag_len);
164static unsigned char *dtls1_write_message_header(SSL *s, 168static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
165 unsigned char *p);
166static void dtls1_set_message_header_int(SSL *s, unsigned char mt, 169static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
167 unsigned long len, unsigned short seq_num, unsigned long frag_off, 170 unsigned long len, unsigned short seq_num, unsigned long frag_off,
168 unsigned long frag_len); 171 unsigned long frag_len);
169static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 172static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
170 long max, int *ok); 173 int *ok);
171 174
172static hm_fragment * 175static hm_fragment *
173dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) 176dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
174 { 177{
175 hm_fragment *frag = NULL; 178 hm_fragment *frag = NULL;
176 unsigned char *buf = NULL; 179 unsigned char *buf = NULL;
177 unsigned char *bitmask = NULL; 180 unsigned char *bitmask = NULL;
178 181
179 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); 182 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
180 if ( frag == NULL) 183 if (frag == NULL)
181 return NULL; 184 return NULL;
182 185
183 if (frag_len) 186 if (frag_len) {
184 {
185 buf = (unsigned char *)OPENSSL_malloc(frag_len); 187 buf = (unsigned char *)OPENSSL_malloc(frag_len);
186 if ( buf == NULL) 188 if (buf == NULL) {
187 {
188 OPENSSL_free(frag); 189 OPENSSL_free(frag);
189 return NULL; 190 return NULL;
190 }
191 } 191 }
192 }
192 193
193 /* zero length fragment gets zero frag->fragment */ 194 /* zero length fragment gets zero frag->fragment */
194 frag->fragment = buf; 195 frag->fragment = buf;
195 196
196 /* Initialize reassembly bitmask if necessary */ 197 /* Initialize reassembly bitmask if necessary */
197 if (reassembly) 198 if (reassembly) {
198 {
199 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); 199 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
200 if (bitmask == NULL) 200 if (bitmask == NULL) {
201 { 201 if (buf != NULL)
202 if (buf != NULL) OPENSSL_free(buf); 202 OPENSSL_free(buf);
203 OPENSSL_free(frag); 203 OPENSSL_free(frag);
204 return NULL; 204 return NULL;
205 }
206 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
207 } 205 }
206 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
207 }
208 208
209 frag->reassembly = bitmask; 209 frag->reassembly = bitmask;
210 210
211 return frag; 211 return frag;
212 } 212}
213 213
214static void 214static void
215dtls1_hm_fragment_free(hm_fragment *frag) 215dtls1_hm_fragment_free(hm_fragment *frag)
216 { 216{
217 217
218 if (frag->msg_header.is_ccs) 218 if (frag->msg_header.is_ccs) {
219 {
220 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); 219 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
221 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); 220 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
222 }
223 if (frag->fragment) OPENSSL_free(frag->fragment);
224 if (frag->reassembly) OPENSSL_free(frag->reassembly);
225 OPENSSL_free(frag);
226 } 221 }
222 if (frag->fragment)
223 OPENSSL_free(frag->fragment);
224 if (frag->reassembly)
225 OPENSSL_free(frag->reassembly);
226 OPENSSL_free(frag);
227}
227 228
228/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ 229/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
229int dtls1_do_write(SSL *s, int type) 230int
230 { 231dtls1_do_write(SSL *s, int type)
232{
231 int ret; 233 int ret;
232 int curr_mtu; 234 int curr_mtu;
233 unsigned int len, frag_off, mac_size, blocksize; 235 unsigned int len, frag_off, mac_size, blocksize;
234 236
235 /* AHA! Figure out the MTU, and stick to the right size */ 237 /* AHA! Figure out the MTU, and stick to the right size */
236 if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) 238 if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
237 { 239 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
238 s->d1->mtu = 240 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
239 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
240 241
241 /* I've seen the kernel return bogus numbers when it doesn't know 242 /* I've seen the kernel return bogus numbers when it doesn't know
242 * (initial write), so just make sure we have a reasonable number */ 243 * (initial write), so just make sure we have a reasonable number */
243 if (s->d1->mtu < dtls1_min_mtu()) 244 if (s->d1->mtu < dtls1_min_mtu()) {
244 {
245 s->d1->mtu = 0; 245 s->d1->mtu = 0;
246 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); 246 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
247 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, 247 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
248 s->d1->mtu, NULL); 248 s->d1->mtu, NULL);
249 }
250 } 249 }
250 }
251#if 0 251#if 0
252 mtu = s->d1->mtu; 252 mtu = s->d1->mtu;
253 253
@@ -257,154 +257,144 @@ int dtls1_do_write(SSL *s, int type)
257 257
258 curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s)); 258 curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
259 259
260 if ( curr_mtu > 0) 260 if (curr_mtu > 0)
261 mtu = curr_mtu; 261 mtu = curr_mtu;
262 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0) 262 else if (( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
263 return ret; 263 return ret;
264 264
265 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) 265 if (BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) {
266 {
267 ret = BIO_flush(SSL_get_wbio(s)); 266 ret = BIO_flush(SSL_get_wbio(s));
268 if ( ret <= 0) 267 if (ret <= 0)
269 return ret; 268 return ret;
270 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); 269 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
271 } 270 }
272#endif 271#endif
273 272
274 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ 273 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
274 /* should have something reasonable now */
275 275
276 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) 276 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
277 OPENSSL_assert(s->init_num == 277 OPENSSL_assert(s->init_num ==
278 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 278 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
279 279
280 if (s->write_hash) 280 if (s->write_hash)
281 mac_size = EVP_MD_CTX_size(s->write_hash); 281 mac_size = EVP_MD_CTX_size(s->write_hash);
282 else 282 else
283 mac_size = 0; 283 mac_size = 0;
284 284
285 if (s->enc_write_ctx && 285 if (s->enc_write_ctx &&
286 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) 286 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
287 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); 287 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
288 else 288 else
289 blocksize = 0; 289 blocksize = 0;
290 290
291 frag_off = 0; 291 frag_off = 0;
292 while( s->init_num) 292 while (s->init_num) {
293 { 293 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
294 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 294 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
295 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
296 295
297 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) 296 if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
298 {
299 /* grr.. we could get an error if MTU picked was wrong */ 297 /* grr.. we could get an error if MTU picked was wrong */
300 ret = BIO_flush(SSL_get_wbio(s)); 298 ret = BIO_flush(SSL_get_wbio(s));
301 if ( ret <= 0) 299 if (ret <= 0)
302 return ret; 300 return ret;
303 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - 301 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
304 mac_size - blocksize; 302 mac_size - blocksize;
305 } 303 }
306 304
307 if ( s->init_num > curr_mtu) 305 if (s->init_num > curr_mtu)
308 len = curr_mtu; 306 len = curr_mtu;
309 else 307 else
310 len = s->init_num; 308 len = s->init_num;
311 309
312 310
313 /* XDTLS: this function is too long. split out the CCS part */ 311 /* XDTLS: this function is too long. split out the CCS part */
314 if ( type == SSL3_RT_HANDSHAKE) 312 if (type == SSL3_RT_HANDSHAKE) {
315 { 313 if (s->init_off != 0) {
316 if ( s->init_off != 0)
317 {
318 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH); 314 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
319 s->init_off -= DTLS1_HM_HEADER_LENGTH; 315 s->init_off -= DTLS1_HM_HEADER_LENGTH;
320 s->init_num += DTLS1_HM_HEADER_LENGTH; 316 s->init_num += DTLS1_HM_HEADER_LENGTH;
321 317
322 if ( s->init_num > curr_mtu) 318 if (s->init_num > curr_mtu)
323 len = curr_mtu; 319 len = curr_mtu;
324 else 320 else
325 len = s->init_num; 321 len = s->init_num;
326 } 322 }
327 323
328 dtls1_fix_message_header(s, frag_off, 324 dtls1_fix_message_header(s, frag_off,
329 len - DTLS1_HM_HEADER_LENGTH); 325 len - DTLS1_HM_HEADER_LENGTH);
330 326
331 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]); 327 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
332 328
333 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); 329 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
334 } 330 }
335 331
336 ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off], 332 ret = dtls1_write_bytes(s, type,
337 len); 333 &s->init_buf->data[s->init_off], len);
338 if (ret < 0) 334 if (ret < 0) {
339 {
340 /* might need to update MTU here, but we don't know 335 /* might need to update MTU here, but we don't know
341 * which previous packet caused the failure -- so can't 336 * which previous packet caused the failure -- so can't
342 * really retransmit anything. continue as if everything 337 * really retransmit anything. continue as if everything
343 * is fine and wait for an alert to handle the 338 * is fine and wait for an alert to handle the
344 * retransmit 339 * retransmit
345 */ 340 */
346 if ( BIO_ctrl(SSL_get_wbio(s), 341 if (BIO_ctrl(SSL_get_wbio(s),
347 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) 342 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
348 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), 343 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
349 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 344 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
350 else 345 else
351 return(-1); 346 return (-1);
352 } 347 } else {
353 else
354 {
355 348
356 /* bad if this assert fails, only part of the handshake 349 /* bad if this assert fails, only part of the handshake
357 * message got sent. but why would this happen? */ 350 * message got sent. but why would this happen? */
358 OPENSSL_assert(len == (unsigned int)ret); 351 OPENSSL_assert(len == (unsigned int)ret);
359 352
360 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) 353 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) {
361 {
362 /* should not be done for 'Hello Request's, but in that case 354 /* should not be done for 'Hello Request's, but in that case
363 * we'll ignore the result anyway */ 355 * we'll ignore the result anyway */
364 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; 356 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
365 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 357 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
366 int xlen; 358 int xlen;
367 359
368 if (frag_off == 0 && s->version != DTLS1_BAD_VER) 360 if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
369 {
370 /* reconstruct message header is if it 361 /* reconstruct message header is if it
371 * is being sent in single fragment */ 362 * is being sent in single fragment */
372 *p++ = msg_hdr->type; 363 *p++ = msg_hdr->type;
373 l2n3(msg_hdr->msg_len,p); 364 l2n3(msg_hdr->msg_len, p);
374 s2n (msg_hdr->seq,p); 365 s2n (msg_hdr->seq, p);
375 l2n3(0,p); 366 l2n3(0, p);
376 l2n3(msg_hdr->msg_len,p); 367 l2n3(msg_hdr->msg_len, p);
377 p -= DTLS1_HM_HEADER_LENGTH; 368 p -= DTLS1_HM_HEADER_LENGTH;
378 xlen = ret; 369 xlen = ret;
379 } 370 } else {
380 else 371 p += DTLS1_HM_HEADER_LENGTH;
381 {
382 p += DTLS1_HM_HEADER_LENGTH;
383 xlen = ret - DTLS1_HM_HEADER_LENGTH; 372 xlen = ret - DTLS1_HM_HEADER_LENGTH;
384 } 373 }
385 374
386 ssl3_finish_mac(s, p, xlen); 375 ssl3_finish_mac(s, p, xlen);
387 } 376 }
388 377
389 if (ret == s->init_num) 378 if (ret == s->init_num) {
390 {
391 if (s->msg_callback) 379 if (s->msg_callback)
392 s->msg_callback(1, s->version, type, s->init_buf->data, 380 s->msg_callback(1, s->version, type,
393 (size_t)(s->init_off + s->init_num), s, 381 s->init_buf->data,
394 s->msg_callback_arg); 382 (size_t)(s->init_off + s->init_num),
383 s, s->msg_callback_arg);
395 384
396 s->init_off = 0; /* done writing this message */ 385 s->init_off = 0;
386 /* done writing this message */
397 s->init_num = 0; 387 s->init_num = 0;
398 388
399 return(1); 389 return (1);
400 }
401 s->init_off+=ret;
402 s->init_num-=ret;
403 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
404 } 390 }
391 s->init_off += ret;
392 s->init_num -= ret;
393 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
405 } 394 }
406 return(0);
407 } 395 }
396 return (0);
397}
408 398
409 399
410/* Obtain handshake message of message type 'mt' (any if mt == -1), 400/* Obtain handshake message of message type 'mt' (any if mt == -1),
@@ -412,8 +402,9 @@ int dtls1_do_write(SSL *s, int type)
412 * Read an entire handshake message. Handshake messages arrive in 402 * Read an entire handshake message. Handshake messages arrive in
413 * fragments. 403 * fragments.
414 */ 404 */
415long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 405long
416 { 406dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
407{
417 int i, al; 408 int i, al;
418 struct hm_header_st *msg_hdr; 409 struct hm_header_st *msg_hdr;
419 unsigned char *p; 410 unsigned char *p;
@@ -421,30 +412,28 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
421 412
422 /* s3->tmp is used to store messages that are unexpected, caused 413 /* s3->tmp is used to store messages that are unexpected, caused
423 * by the absence of an optional handshake message */ 414 * by the absence of an optional handshake message */
424 if (s->s3->tmp.reuse_message) 415 if (s->s3->tmp.reuse_message) {
425 { 416 s->s3->tmp.reuse_message = 0;
426 s->s3->tmp.reuse_message=0; 417 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
427 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) 418 al = SSL_AD_UNEXPECTED_MESSAGE;
428 { 419 SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
429 al=SSL_AD_UNEXPECTED_MESSAGE;
430 SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
431 goto f_err; 420 goto f_err;
432 } 421 }
433 *ok=1; 422 *ok = 1;
434 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 423 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
435 s->init_num = (int)s->s3->tmp.message_size; 424 s->init_num = (int)s->s3->tmp.message_size;
436 return s->init_num; 425 return s->init_num;
437 } 426 }
438 427
439 msg_hdr = &s->d1->r_msg_hdr; 428 msg_hdr = &s->d1->r_msg_hdr;
440 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 429 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
441 430
442again: 431again:
443 i = dtls1_get_message_fragment(s, st1, stn, max, ok); 432 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
444 if ( i == DTLS1_HM_BAD_FRAGMENT || 433 if (i == DTLS1_HM_BAD_FRAGMENT ||
445 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ 434 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
446 goto again; 435 goto again;
447 else if ( i <= 0 && !*ok) 436 else if (i <= 0 && !*ok)
448 return i; 437 return i;
449 438
450 p = (unsigned char *)s->init_buf->data; 439 p = (unsigned char *)s->init_buf->data;
@@ -452,20 +441,19 @@ again:
452 441
453 /* reconstruct message header */ 442 /* reconstruct message header */
454 *(p++) = msg_hdr->type; 443 *(p++) = msg_hdr->type;
455 l2n3(msg_len,p); 444 l2n3(msg_len, p);
456 s2n (msg_hdr->seq,p); 445 s2n (msg_hdr->seq, p);
457 l2n3(0,p); 446 l2n3(0, p);
458 l2n3(msg_len,p); 447 l2n3(msg_len, p);
459 if (s->version != DTLS1_BAD_VER) { 448 if (s->version != DTLS1_BAD_VER) {
460 p -= DTLS1_HM_HEADER_LENGTH; 449 p -= DTLS1_HM_HEADER_LENGTH;
461 msg_len += DTLS1_HM_HEADER_LENGTH; 450 msg_len += DTLS1_HM_HEADER_LENGTH;
462 } 451 }
463 452
464 ssl3_finish_mac(s, p, msg_len); 453 ssl3_finish_mac(s, p, msg_len);
465 if (s->msg_callback) 454 if (s->msg_callback)
466 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 455 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len,
467 p, msg_len, 456 s, s->msg_callback_arg);
468 s, s->msg_callback_arg);
469 457
470 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 458 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
471 459
@@ -477,64 +465,59 @@ again:
477 return s->init_num; 465 return s->init_num;
478 466
479f_err: 467f_err:
480 ssl3_send_alert(s,SSL3_AL_FATAL,al); 468 ssl3_send_alert(s, SSL3_AL_FATAL, al);
481 *ok = 0; 469 *ok = 0;
482 return -1; 470 return -1;
483 } 471}
484 472
485 473
486static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max) 474static int
487 { 475dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
488 size_t frag_off,frag_len,msg_len; 476 size_t frag_off, frag_len, msg_len;
489 477
490 msg_len = msg_hdr->msg_len; 478 msg_len = msg_hdr->msg_len;
491 frag_off = msg_hdr->frag_off; 479 frag_off = msg_hdr->frag_off;
492 frag_len = msg_hdr->frag_len; 480 frag_len = msg_hdr->frag_len;
493 481
494 /* sanity checking */ 482 /* sanity checking */
495 if ( (frag_off+frag_len) > msg_len) 483 if ((frag_off + frag_len) > msg_len) {
496 { 484 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
497 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
498 return SSL_AD_ILLEGAL_PARAMETER; 485 return SSL_AD_ILLEGAL_PARAMETER;
499 } 486 }
500 487
501 if ( (frag_off+frag_len) > (unsigned long)max) 488 if ((frag_off + frag_len) > (unsigned long)max) {
502 { 489 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
503 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
504 return SSL_AD_ILLEGAL_PARAMETER; 490 return SSL_AD_ILLEGAL_PARAMETER;
505 } 491 }
506 492
507 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ 493 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
508 { 494 {
509 /* msg_len is limited to 2^24, but is effectively checked 495 /* msg_len is limited to 2^24, but is effectively checked
510 * against max above */ 496 * against max above */
511 if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH)) 497 if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
512 { 498 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
513 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
514 return SSL_AD_INTERNAL_ERROR; 499 return SSL_AD_INTERNAL_ERROR;
515 } 500 }
516 501
517 s->s3->tmp.message_size = msg_len; 502 s->s3->tmp.message_size = msg_len;
518 s->d1->r_msg_hdr.msg_len = msg_len; 503 s->d1->r_msg_hdr.msg_len = msg_len;
519 s->s3->tmp.message_type = msg_hdr->type; 504 s->s3->tmp.message_type = msg_hdr->type;
520 s->d1->r_msg_hdr.type = msg_hdr->type; 505 s->d1->r_msg_hdr.type = msg_hdr->type;
521 s->d1->r_msg_hdr.seq = msg_hdr->seq; 506 s->d1->r_msg_hdr.seq = msg_hdr->seq;
522 } 507 } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
523 else if (msg_len != s->d1->r_msg_hdr.msg_len)
524 {
525 /* They must be playing with us! BTW, failure to enforce 508 /* They must be playing with us! BTW, failure to enforce
526 * upper limit would open possibility for buffer overrun. */ 509 * upper limit would open possibility for buffer overrun. */
527 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); 510 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
528 return SSL_AD_ILLEGAL_PARAMETER; 511 return SSL_AD_ILLEGAL_PARAMETER;
529 } 512 }
530 513
531 return 0; /* no error */ 514 return 0; /* no error */
532 } 515}
533 516
534 517
535static int 518static int
536dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) 519dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
537 { 520{
538 /* (0) check whether the desired fragment is available 521 /* (0) check whether the desired fragment is available
539 * if so: 522 * if so:
540 * (1) copy over the fragment to s->init_buf->data[] 523 * (1) copy over the fragment to s->init_buf->data[]
@@ -546,58 +529,54 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
546 529
547 *ok = 0; 530 *ok = 0;
548 item = pqueue_peek(s->d1->buffered_messages); 531 item = pqueue_peek(s->d1->buffered_messages);
549 if ( item == NULL) 532 if (item == NULL)
550 return 0; 533 return 0;
551 534
552 frag = (hm_fragment *)item->data; 535 frag = (hm_fragment *)item->data;
553 536
554 /* Don't return if reassembly still in progress */ 537 /* Don't return if reassembly still in progress */
555 if (frag->reassembly != NULL) 538 if (frag->reassembly != NULL)
556 return 0; 539 return 0;
557 540
558 if ( s->d1->handshake_read_seq == frag->msg_header.seq) 541 if (s->d1->handshake_read_seq == frag->msg_header.seq) {
559 {
560 unsigned long frag_len = frag->msg_header.frag_len; 542 unsigned long frag_len = frag->msg_header.frag_len;
561 pqueue_pop(s->d1->buffered_messages); 543 pqueue_pop(s->d1->buffered_messages);
562 544
563 al=dtls1_preprocess_fragment(s,&frag->msg_header,max); 545 al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
564 546
565 if (al==0) /* no alert */ 547 if (al == 0) /* no alert */
566 { 548 {
567 unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH; 549 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
568 memcpy(&p[frag->msg_header.frag_off], 550 memcpy(&p[frag->msg_header.frag_off],
569 frag->fragment,frag->msg_header.frag_len); 551 frag->fragment, frag->msg_header.frag_len);
570 } 552 }
571 553
572 dtls1_hm_fragment_free(frag); 554 dtls1_hm_fragment_free(frag);
573 pitem_free(item); 555 pitem_free(item);
574 556
575 if (al==0) 557 if (al == 0) {
576 {
577 *ok = 1; 558 *ok = 1;
578 return frag_len; 559 return frag_len;
579 } 560 }
580 561
581 ssl3_send_alert(s,SSL3_AL_FATAL,al); 562 ssl3_send_alert(s, SSL3_AL_FATAL, al);
582 s->init_num = 0; 563 s->init_num = 0;
583 *ok = 0; 564 *ok = 0;
584 return -1; 565 return -1;
585 } 566 } else
586 else
587 return 0; 567 return 0;
588 } 568}
589 569
590 570
591static int 571static int
592dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) 572dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
593 {
594 hm_fragment *frag = NULL; 573 hm_fragment *frag = NULL;
595 pitem *item = NULL; 574 pitem *item = NULL;
596 int i = -1, is_complete; 575 int i = -1, is_complete;
597 unsigned char seq64be[8]; 576 unsigned char seq64be[8];
598 unsigned long frag_len = msg_hdr->frag_len, max_len; 577 unsigned long frag_len = msg_hdr->frag_len, max_len;
599 578
600 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 579 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
601 goto err; 580 goto err;
602 581
603 /* Determine maximum allowed message size. Depends on (user set) 582 /* Determine maximum allowed message size. Depends on (user set)
@@ -608,104 +587,99 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
608 else 587 else
609 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; 588 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
610 589
611 if ((msg_hdr->frag_off+frag_len) > max_len) 590 if ((msg_hdr->frag_off + frag_len) > max_len)
612 goto err; 591 goto err;
613 592
614 /* Try to find item in queue */ 593 /* Try to find item in queue */
615 memset(seq64be,0,sizeof(seq64be)); 594 memset(seq64be, 0, sizeof(seq64be));
616 seq64be[6] = (unsigned char) (msg_hdr->seq>>8); 595 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
617 seq64be[7] = (unsigned char) msg_hdr->seq; 596 seq64be[7] = (unsigned char)msg_hdr->seq;
618 item = pqueue_find(s->d1->buffered_messages, seq64be); 597 item = pqueue_find(s->d1->buffered_messages, seq64be);
619 598
620 if (item == NULL) 599 if (item == NULL) {
621 {
622 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); 600 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
623 if ( frag == NULL) 601 if (frag == NULL)
624 goto err; 602 goto err;
625 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 603 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
626 frag->msg_header.frag_len = frag->msg_header.msg_len; 604 frag->msg_header.frag_len = frag->msg_header.msg_len;
627 frag->msg_header.frag_off = 0; 605 frag->msg_header.frag_off = 0;
628 } 606 } else
629 else
630 frag = (hm_fragment*) item->data; 607 frag = (hm_fragment*) item->data;
631 608
632 /* If message is already reassembled, this must be a 609 /* If message is already reassembled, this must be a
633 * retransmit and can be dropped. 610 * retransmit and can be dropped.
634 */ 611 */
635 if (frag->reassembly == NULL) 612 if (frag->reassembly == NULL) {
636 {
637 unsigned char devnull [256]; 613 unsigned char devnull [256];
638 614
639 while (frag_len) 615 while (frag_len) {
640 { 616 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
641 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 617 devnull, frag_len > sizeof(devnull) ?
642 devnull, 618 sizeof(devnull) : frag_len, 0);
643 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); 619 if (i <= 0)
644 if (i<=0) goto err; 620 goto err;
645 frag_len -= i; 621 frag_len -= i;
646 }
647 return DTLS1_HM_FRAGMENT_RETRY;
648 } 622 }
623 return DTLS1_HM_FRAGMENT_RETRY;
624 }
649 625
650 /* read the body of the fragment (header has already been read */ 626 /* read the body of the fragment (header has already been read */
651 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 627 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
652 frag->fragment + msg_hdr->frag_off,frag_len,0); 628 frag->fragment + msg_hdr->frag_off, frag_len, 0);
653 if (i<=0 || (unsigned long)i!=frag_len) 629 if (i <= 0 || (unsigned long)i != frag_len)
654 goto err; 630 goto err;
655 631
656 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, 632 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
657 (long)(msg_hdr->frag_off + frag_len)); 633 (long)(msg_hdr->frag_off + frag_len));
658 634
659 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, 635 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
660 is_complete); 636 is_complete);
661 637
662 if (is_complete) 638 if (is_complete) {
663 {
664 OPENSSL_free(frag->reassembly); 639 OPENSSL_free(frag->reassembly);
665 frag->reassembly = NULL; 640 frag->reassembly = NULL;
666 } 641 }
667 642
668 if (item == NULL) 643 if (item == NULL) {
669 { 644 memset(seq64be, 0, sizeof(seq64be));
670 memset(seq64be,0,sizeof(seq64be)); 645 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
671 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
672 seq64be[7] = (unsigned char)(msg_hdr->seq); 646 seq64be[7] = (unsigned char)(msg_hdr->seq);
673 647
674 item = pitem_new(seq64be, frag); 648 item = pitem_new(seq64be, frag);
675 if (item == NULL) 649 if (item == NULL) {
676 {
677 goto err; 650 goto err;
678 i = -1; 651 i = -1;
679 } 652 }
680 653
681 pqueue_insert(s->d1->buffered_messages, item); 654 pqueue_insert(s->d1->buffered_messages, item);
682 } 655 }
683 656
684 return DTLS1_HM_FRAGMENT_RETRY; 657 return DTLS1_HM_FRAGMENT_RETRY;
685 658
686err: 659err:
687 if (frag != NULL) dtls1_hm_fragment_free(frag); 660 if (frag != NULL)
688 if (item != NULL) OPENSSL_free(item); 661 dtls1_hm_fragment_free(frag);
662 if (item != NULL)
663 OPENSSL_free(item);
689 *ok = 0; 664 *ok = 0;
690 return i; 665 return i;
691 } 666}
692 667
693 668
694static int 669static int
695dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) 670dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
696{ 671 int i = -1;
697 int i=-1;
698 hm_fragment *frag = NULL; 672 hm_fragment *frag = NULL;
699 pitem *item = NULL; 673 pitem *item = NULL;
700 unsigned char seq64be[8]; 674 unsigned char seq64be[8];
701 unsigned long frag_len = msg_hdr->frag_len; 675 unsigned long frag_len = msg_hdr->frag_len;
702 676
703 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 677 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
704 goto err; 678 goto err;
705 679
706 /* Try to find item in queue, to prevent duplicate entries */ 680 /* Try to find item in queue, to prevent duplicate entries */
707 memset(seq64be,0,sizeof(seq64be)); 681 memset(seq64be, 0, sizeof(seq64be));
708 seq64be[6] = (unsigned char) (msg_hdr->seq>>8); 682 seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
709 seq64be[7] = (unsigned char) msg_hdr->seq; 683 seq64be[7] = (unsigned char) msg_hdr->seq;
710 item = pqueue_find(s->d1->buffered_messages, seq64be); 684 item = pqueue_find(s->d1->buffered_messages, seq64be);
711 685
@@ -721,92 +695,89 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
721 * retransmit. 695 * retransmit.
722 */ 696 */
723 if (msg_hdr->seq <= s->d1->handshake_read_seq || 697 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
724 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || 698 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
725 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) 699 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
726 {
727 unsigned char devnull [256]; 700 unsigned char devnull [256];
728 701
729 while (frag_len) 702 while (frag_len) {
730 { 703 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
731 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 704 devnull, frag_len > sizeof(devnull) ?
732 devnull, 705 sizeof(devnull) : frag_len, 0);
733 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); 706 if (i <= 0)
734 if (i<=0) goto err; 707 goto err;
735 frag_len -= i; 708 frag_len -= i;
736 }
737 } 709 }
738 else 710 } else {
739 {
740 if (frag_len && frag_len < msg_hdr->msg_len) 711 if (frag_len && frag_len < msg_hdr->msg_len)
741 return dtls1_reassemble_fragment(s, msg_hdr, ok); 712 return dtls1_reassemble_fragment(s, msg_hdr, ok);
742 713
743 frag = dtls1_hm_fragment_new(frag_len, 0); 714 frag = dtls1_hm_fragment_new(frag_len, 0);
744 if ( frag == NULL) 715 if (frag == NULL)
745 goto err; 716 goto err;
746 717
747 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 718 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
748 719
749 if (frag_len) 720 if (frag_len) {
750 {
751 /* read the body of the fragment (header has already been read */ 721 /* read the body of the fragment (header has already been read */
752 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 722 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
753 frag->fragment,frag_len,0); 723 frag->fragment, frag_len, 0);
754 if (i<=0 || (unsigned long)i!=frag_len) 724 if (i <= 0 || (unsigned long)i != frag_len)
755 goto err; 725 goto err;
756 } 726 }
757 727
758 memset(seq64be,0,sizeof(seq64be)); 728 memset(seq64be, 0, sizeof(seq64be));
759 seq64be[6] = (unsigned char)(msg_hdr->seq>>8); 729 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
760 seq64be[7] = (unsigned char)(msg_hdr->seq); 730 seq64be[7] = (unsigned char)(msg_hdr->seq);
761 731
762 item = pitem_new(seq64be, frag); 732 item = pitem_new(seq64be, frag);
763 if ( item == NULL) 733 if (item == NULL)
764 goto err; 734 goto err;
765 735
766 pqueue_insert(s->d1->buffered_messages, item); 736 pqueue_insert(s->d1->buffered_messages, item);
767 } 737 }
768 738
769 return DTLS1_HM_FRAGMENT_RETRY; 739 return DTLS1_HM_FRAGMENT_RETRY;
770 740
771err: 741err:
772 if ( frag != NULL) dtls1_hm_fragment_free(frag); 742 if (frag != NULL)
773 if ( item != NULL) OPENSSL_free(item); 743 dtls1_hm_fragment_free(frag);
744 if (item != NULL)
745 OPENSSL_free(item);
774 *ok = 0; 746 *ok = 0;
775 return i; 747 return i;
776 } 748}
777 749
778 750
779static long 751static long
780dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) 752dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
781 { 753{
782 unsigned char wire[DTLS1_HM_HEADER_LENGTH]; 754 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
783 unsigned long len, frag_off, frag_len; 755 unsigned long len, frag_off, frag_len;
784 int i,al; 756 int i, al;
785 struct hm_header_st msg_hdr; 757 struct hm_header_st msg_hdr;
786 758
787 /* see if we have the required fragment already */ 759 /* see if we have the required fragment already */
788 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) 760 if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
789 { 761 if (*ok)
790 if (*ok) s->init_num = frag_len; 762 s->init_num = frag_len;
791 return frag_len; 763 return frag_len;
792 } 764 }
793 765
794 /* read handshake message header */ 766 /* read handshake message header */
795 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, 767 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
796 DTLS1_HM_HEADER_LENGTH, 0); 768 DTLS1_HM_HEADER_LENGTH, 0);
797 if (i <= 0) /* nbio, or an error */ 769 if (i <= 0) /* nbio, or an error */
798 { 770 {
799 s->rwstate=SSL_READING; 771 s->rwstate = SSL_READING;
800 *ok = 0; 772 *ok = 0;
801 return i; 773 return i;
802 } 774 }
803 /* Handshake fails if message header is incomplete */ 775 /* Handshake fails if message header is incomplete */
804 if (i != DTLS1_HM_HEADER_LENGTH) 776 if (i != DTLS1_HM_HEADER_LENGTH) {
805 { 777 al = SSL_AD_UNEXPECTED_MESSAGE;
806 al=SSL_AD_UNEXPECTED_MESSAGE; 778 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
807 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
808 goto f_err; 779 goto f_err;
809 } 780 }
810 781
811 /* parse the message fragment header */ 782 /* parse the message fragment header */
812 dtls1_get_message_header(wire, &msg_hdr); 783 dtls1_get_message_header(wire, &msg_hdr);
@@ -828,62 +799,56 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
828 return dtls1_reassemble_fragment(s, &msg_hdr, ok); 799 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
829 800
830 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && 801 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
831 wire[0] == SSL3_MT_HELLO_REQUEST) 802 wire[0] == SSL3_MT_HELLO_REQUEST) {
832 {
833 /* The server may always send 'Hello Request' messages -- 803 /* The server may always send 'Hello Request' messages --
834 * we are doing a handshake anyway now, so ignore them 804 * we are doing a handshake anyway now, so ignore them
835 * if their format is correct. Does not count for 805 * if their format is correct. Does not count for
836 * 'Finished' MAC. */ 806 * 'Finished' MAC. */
837 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) 807 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
838 {
839 if (s->msg_callback) 808 if (s->msg_callback)
840 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 809 s->msg_callback(0, s->version,
841 wire, DTLS1_HM_HEADER_LENGTH, s, 810 SSL3_RT_HANDSHAKE, wire,
842 s->msg_callback_arg); 811 DTLS1_HM_HEADER_LENGTH, s,
843 812 s->msg_callback_arg);
813
844 s->init_num = 0; 814 s->init_num = 0;
845 return dtls1_get_message_fragment(s, st1, stn, 815 return dtls1_get_message_fragment(s, st1, stn, max, ok);
846 max, ok); 816 }
847 }
848 else /* Incorrectly formated Hello request */ 817 else /* Incorrectly formated Hello request */
849 { 818 {
850 al=SSL_AD_UNEXPECTED_MESSAGE; 819 al = SSL_AD_UNEXPECTED_MESSAGE;
851 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); 820 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
852 goto f_err; 821 goto f_err;
853 }
854 } 822 }
823 }
855 824
856 if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max))) 825 if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
857 goto f_err; 826 goto f_err;
858 827
859 /* XDTLS: ressurect this when restart is in place */ 828 /* XDTLS: ressurect this when restart is in place */
860 s->state=stn; 829 s->state = stn;
861 830
862 if ( frag_len > 0) 831 if (frag_len > 0) {
863 { 832 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
864 unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
865 833
866 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 834 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
867 &p[frag_off],frag_len,0); 835 &p[frag_off], frag_len, 0);
868 /* XDTLS: fix this--message fragments cannot span multiple packets */ 836 /* XDTLS: fix this--message fragments cannot span multiple packets */
869 if (i <= 0) 837 if (i <= 0) {
870 { 838 s->rwstate = SSL_READING;
871 s->rwstate=SSL_READING;
872 *ok = 0; 839 *ok = 0;
873 return i; 840 return i;
874 }
875 } 841 }
876 else 842 } else
877 i = 0; 843 i = 0;
878 844
879 /* XDTLS: an incorrectly formatted fragment should cause the 845 /* XDTLS: an incorrectly formatted fragment should cause the
880 * handshake to fail */ 846 * handshake to fail */
881 if (i != (int)frag_len) 847 if (i != (int)frag_len) {
882 { 848 al = SSL3_AD_ILLEGAL_PARAMETER;
883 al=SSL3_AD_ILLEGAL_PARAMETER; 849 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER);
884 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
885 goto f_err; 850 goto f_err;
886 } 851 }
887 852
888 *ok = 1; 853 *ok = 1;
889 854
@@ -895,62 +860,59 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
895 return frag_len; 860 return frag_len;
896 861
897f_err: 862f_err:
898 ssl3_send_alert(s,SSL3_AL_FATAL,al); 863 ssl3_send_alert(s, SSL3_AL_FATAL, al);
899 s->init_num = 0; 864 s->init_num = 0;
900 865
901 *ok=0; 866 *ok = 0;
902 return(-1); 867 return (-1);
903 } 868}
904 869
905int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) 870int
906 { 871dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
907 unsigned char *p,*d; 872{
873 unsigned char *p, *d;
908 int i; 874 int i;
909 unsigned long l; 875 unsigned long l;
910 876
911 if (s->state == a) 877 if (s->state == a) {
912 { 878 d = (unsigned char *)s->init_buf->data;
913 d=(unsigned char *)s->init_buf->data; 879 p = &(d[DTLS1_HM_HEADER_LENGTH]);
914 p= &(d[DTLS1_HM_HEADER_LENGTH]);
915 880
916 i=s->method->ssl3_enc->final_finish_mac(s, 881 i = s->method->ssl3_enc->final_finish_mac(s,
917 sender,slen,s->s3->tmp.finish_md); 882 sender, slen, s->s3->tmp.finish_md);
918 s->s3->tmp.finish_md_len = i; 883 s->s3->tmp.finish_md_len = i;
919 memcpy(p, s->s3->tmp.finish_md, i); 884 memcpy(p, s->s3->tmp.finish_md, i);
920 p+=i; 885 p += i;
921 l=i; 886 l = i;
922 887
923 /* Copy the finished so we can use it for 888 /* Copy the finished so we can use it for
924 * renegotiation checks 889 * renegotiation checks
925 */ 890 */
926 if(s->type == SSL_ST_CONNECT) 891 if (s->type == SSL_ST_CONNECT) {
927 { 892 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
928 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 893 memcpy(s->s3->previous_client_finished,
929 memcpy(s->s3->previous_client_finished, 894 s->s3->tmp.finish_md, i);
930 s->s3->tmp.finish_md, i); 895 s->s3->previous_client_finished_len = i;
931 s->s3->previous_client_finished_len=i; 896 } else {
932 } 897 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
933 else 898 memcpy(s->s3->previous_server_finished,
934 { 899 s->s3->tmp.finish_md, i);
935 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 900 s->s3->previous_server_finished_len = i;
936 memcpy(s->s3->previous_server_finished,
937 s->s3->tmp.finish_md, i);
938 s->s3->previous_server_finished_len=i;
939 } 901 }
940 902
941 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l); 903 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
942 s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH; 904 s->init_num = (int)l + DTLS1_HM_HEADER_LENGTH;
943 s->init_off=0; 905 s->init_off = 0;
944 906
945 /* buffer the message to handle re-xmits */ 907 /* buffer the message to handle re-xmits */
946 dtls1_buffer_message(s, 0); 908 dtls1_buffer_message(s, 0);
947 909
948 s->state=b; 910 s->state = b;
949 } 911 }
950 912
951 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ 913 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
952 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 914 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
953 } 915}
954 916
955/* for these 2 messages, we need to 917/* for these 2 messages, we need to
956 * ssl->enc_read_ctx re-init 918 * ssl->enc_read_ctx re-init
@@ -960,161 +922,154 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
960 * ssl->session->read_compression assign 922 * ssl->session->read_compression assign
961 * ssl->session->read_hash assign 923 * ssl->session->read_hash assign
962 */ 924 */
963int dtls1_send_change_cipher_spec(SSL *s, int a, int b) 925int
964 { 926dtls1_send_change_cipher_spec(SSL *s, int a, int b)
927{
965 unsigned char *p; 928 unsigned char *p;
966 929
967 if (s->state == a) 930 if (s->state == a) {
968 { 931 p = (unsigned char *)s->init_buf->data;
969 p=(unsigned char *)s->init_buf->data;
970 *p++=SSL3_MT_CCS; 932 *p++=SSL3_MT_CCS;
971 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 933 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
972 s->init_num=DTLS1_CCS_HEADER_LENGTH; 934 s->init_num = DTLS1_CCS_HEADER_LENGTH;
973 935
974 if (s->version == DTLS1_BAD_VER) { 936 if (s->version == DTLS1_BAD_VER) {
975 s->d1->next_handshake_write_seq++; 937 s->d1->next_handshake_write_seq++;
976 s2n(s->d1->handshake_write_seq,p); 938 s2n(s->d1->handshake_write_seq, p);
977 s->init_num+=2; 939 s->init_num += 2;
978 } 940 }
979 941
980 s->init_off=0; 942 s->init_off = 0;
981 943
982 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 944 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
983 s->d1->handshake_write_seq, 0, 0); 945 s->d1->handshake_write_seq, 0, 0);
984 946
985 /* buffer the message to handle re-xmits */ 947 /* buffer the message to handle re-xmits */
986 dtls1_buffer_message(s, 1); 948 dtls1_buffer_message(s, 1);
987 949
988 s->state=b; 950 s->state = b;
989 } 951 }
990 952
991 /* SSL3_ST_CW_CHANGE_B */ 953 /* SSL3_ST_CW_CHANGE_B */
992 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); 954 return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
993 } 955}
994 956
995static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) 957static int
996 { 958dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
959{
997 int n; 960 int n;
998 unsigned char *p; 961 unsigned char *p;
999 962
1000 n=i2d_X509(x,NULL); 963 n = i2d_X509(x, NULL);
1001 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) 964 if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) {
1002 { 965 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
1003 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
1004 return 0; 966 return 0;
1005 } 967 }
1006 p=(unsigned char *)&(buf->data[*l]); 968 p = (unsigned char *)&(buf->data[*l]);
1007 l2n3(n,p); 969 l2n3(n, p);
1008 i2d_X509(x,&p); 970 i2d_X509(x, &p);
1009 *l+=n+3; 971 *l += n + 3;
1010 972
1011 return 1; 973 return 1;
1012 } 974}
1013unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) 975
1014 { 976unsigned long
977dtls1_output_cert_chain(SSL *s, X509 *x)
978{
1015 unsigned char *p; 979 unsigned char *p;
1016 int i; 980 int i;
1017 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; 981 unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
1018 BUF_MEM *buf; 982 BUF_MEM *buf;
1019 983
1020 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 984 /* TLSv1 sends a chain with nothing in it, instead of an alert */
1021 buf=s->init_buf; 985 buf = s->init_buf;
1022 if (!BUF_MEM_grow_clean(buf,10)) 986 if (!BUF_MEM_grow_clean(buf, 10)) {
1023 { 987 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
1024 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); 988 return (0);
1025 return(0); 989 }
1026 } 990 if (x != NULL) {
1027 if (x != NULL)
1028 {
1029 X509_STORE_CTX xs_ctx; 991 X509_STORE_CTX xs_ctx;
1030 992
1031 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) 993 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
1032 { 994 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
1033 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 995 return (0);
1034 return(0); 996 }
1035 } 997
1036
1037 X509_verify_cert(&xs_ctx); 998 X509_verify_cert(&xs_ctx);
1038 /* Don't leave errors in the queue */ 999 /* Don't leave errors in the queue */
1039 ERR_clear_error(); 1000 ERR_clear_error();
1040 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) 1001 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
1041 {
1042 x = sk_X509_value(xs_ctx.chain, i); 1002 x = sk_X509_value(xs_ctx.chain, i);
1043 1003
1044 if (!dtls1_add_cert_to_buf(buf, &l, x)) 1004 if (!dtls1_add_cert_to_buf(buf, &l, x)) {
1045 {
1046 X509_STORE_CTX_cleanup(&xs_ctx); 1005 X509_STORE_CTX_cleanup(&xs_ctx);
1047 return 0; 1006 return 0;
1048 } 1007 }
1049 } 1008 }
1050 X509_STORE_CTX_cleanup(&xs_ctx); 1009 X509_STORE_CTX_cleanup(&xs_ctx);
1051 } 1010 }
1052 /* Thawte special :-) */ 1011 /* Thawte special :-) */
1053 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) 1012 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
1054 { 1013 x = sk_X509_value(s->ctx->extra_certs, i);
1055 x=sk_X509_value(s->ctx->extra_certs,i);
1056 if (!dtls1_add_cert_to_buf(buf, &l, x)) 1014 if (!dtls1_add_cert_to_buf(buf, &l, x))
1057 return 0; 1015 return 0;
1058 } 1016 }
1059 1017
1060 l-= (3 + DTLS1_HM_HEADER_LENGTH); 1018 l -= (3 + DTLS1_HM_HEADER_LENGTH);
1061 1019
1062 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); 1020 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1063 l2n3(l,p); 1021 l2n3(l, p);
1064 l+=3; 1022 l += 3;
1065 p=(unsigned char *)&(buf->data[0]); 1023 p = (unsigned char *)&(buf->data[0]);
1066 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l); 1024 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
1067 1025
1068 l+=DTLS1_HM_HEADER_LENGTH; 1026 l += DTLS1_HM_HEADER_LENGTH;
1069 return(l); 1027 return (l);
1070 } 1028}
1071 1029
1072int dtls1_read_failed(SSL *s, int code) 1030int
1073 { 1031dtls1_read_failed(SSL *s, int code)
1074 if ( code > 0) 1032{
1075 { 1033 if (code > 0) {
1076 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); 1034 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
1077 return 1; 1035 return 1;
1078 } 1036 }
1079 1037
1080 if (!dtls1_is_timer_expired(s)) 1038 if (!dtls1_is_timer_expired(s)) {
1081 {
1082 /* not a timeout, none of our business, 1039 /* not a timeout, none of our business,
1083 let higher layers handle this. in fact it's probably an error */ 1040 let higher layers handle this. in fact it's probably an error */
1084 return code; 1041 return code;
1085 } 1042 }
1086 1043
1087#ifndef OPENSSL_NO_HEARTBEATS 1044#ifndef OPENSSL_NO_HEARTBEATS
1088 if (!SSL_in_init(s) && !s->tlsext_hb_pending) /* done, no need to send a retransmit */ 1045 if (!SSL_in_init(s) && !s->tlsext_hb_pending) /* done, no need to send a retransmit */
1089#else 1046#else
1090 if (!SSL_in_init(s)) /* done, no need to send a retransmit */ 1047 if (!SSL_in_init(s)) /* done, no need to send a retransmit */
1091#endif 1048#endif
1092 { 1049 {
1093 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); 1050 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
1094 return code; 1051 return code;
1095 } 1052 }
1096 1053
1097#if 0 /* for now, each alert contains only one record number */ 1054#if 0 /* for now, each alert contains only one record number */
1098 item = pqueue_peek(state->rcvd_records); 1055 item = pqueue_peek(state->rcvd_records);
1099 if ( item ) 1056 if (item ) {
1100 {
1101 /* send an alert immediately for all the missing records */ 1057 /* send an alert immediately for all the missing records */
1102 } 1058 } else
1103 else
1104#endif 1059#endif
1105 1060
1106#if 0 /* no more alert sending, just retransmit the last set of messages */ 1061#if 0 /* no more alert sending, just retransmit the last set of messages */
1107 if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) 1062 if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
1108 ssl3_send_alert(s,SSL3_AL_WARNING, 1063 ssl3_send_alert(s, SSL3_AL_WARNING,
1109 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1064 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1110#endif 1065#endif
1111 1066
1112 return dtls1_handle_timeout(s); 1067 return dtls1_handle_timeout(s);
1113 } 1068}
1114 1069
1115int 1070int
1116dtls1_get_queue_priority(unsigned short seq, int is_ccs) 1071dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1117 { 1072{
1118 /* The index of the retransmission queue actually is the message sequence number, 1073 /* The index of the retransmission queue actually is the message sequence number,
1119 * since the queue only contains messages of a single handshake. However, the 1074 * since the queue only contains messages of a single handshake. However, the
1120 * ChangeCipherSpec has no message sequence number and so using only the sequence 1075 * ChangeCipherSpec has no message sequence number and so using only the sequence
@@ -1124,11 +1079,11 @@ dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1124 * index (important for priority queues) and fits in the unsigned short variable. 1079 * index (important for priority queues) and fits in the unsigned short variable.
1125 */ 1080 */
1126 return seq * 2 - is_ccs; 1081 return seq * 2 - is_ccs;
1127 } 1082}
1128 1083
1129int 1084int
1130dtls1_retransmit_buffered_messages(SSL *s) 1085dtls1_retransmit_buffered_messages(SSL *s)
1131 { 1086{
1132 pqueue sent = s->d1->sent_messages; 1087 pqueue sent = s->d1->sent_messages;
1133 piterator iter; 1088 piterator iter;
1134 pitem *item; 1089 pitem *item;
@@ -1137,24 +1092,23 @@ dtls1_retransmit_buffered_messages(SSL *s)
1137 1092
1138 iter = pqueue_iterator(sent); 1093 iter = pqueue_iterator(sent);
1139 1094
1140 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) 1095 for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
1141 {
1142 frag = (hm_fragment *)item->data; 1096 frag = (hm_fragment *)item->data;
1143 if ( dtls1_retransmit_message(s, 1097 if (dtls1_retransmit_message(s,
1144 (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), 1098 (unsigned short)dtls1_get_queue_priority(
1145 0, &found) <= 0 && found) 1099 frag->msg_header.seq, frag->msg_header.is_ccs), 0,
1146 { 1100 &found) <= 0 && found) {
1147 fprintf(stderr, "dtls1_retransmit_message() failed\n"); 1101 fprintf(stderr, "dtls1_retransmit_message() failed\n");
1148 return -1; 1102 return -1;
1149 }
1150 } 1103 }
1104 }
1151 1105
1152 return 1; 1106 return 1;
1153 } 1107}
1154 1108
1155int 1109int
1156dtls1_buffer_message(SSL *s, int is_ccs) 1110dtls1_buffer_message(SSL *s, int is_ccs)
1157 { 1111{
1158 pitem *item; 1112 pitem *item;
1159 hm_fragment *frag; 1113 hm_fragment *frag;
1160 unsigned char seq64be[8]; 1114 unsigned char seq64be[8];
@@ -1167,16 +1121,13 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1167 1121
1168 memcpy(frag->fragment, s->init_buf->data, s->init_num); 1122 memcpy(frag->fragment, s->init_buf->data, s->init_num);
1169 1123
1170 if ( is_ccs) 1124 if (is_ccs) {
1171 { 1125 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1172 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1126 ((s->version == DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
1173 ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num); 1127 } else {
1174 } 1128 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1175 else 1129 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1176 { 1130 }
1177 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1178 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1179 }
1180 1131
1181 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; 1132 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
1182 frag->msg_header.seq = s->d1->w_msg_hdr.seq; 1133 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
@@ -1191,38 +1142,37 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1191 frag->msg_header.saved_retransmit_state.compress = s->compress; 1142 frag->msg_header.saved_retransmit_state.compress = s->compress;
1192 frag->msg_header.saved_retransmit_state.session = s->session; 1143 frag->msg_header.saved_retransmit_state.session = s->session;
1193 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; 1144 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1194 1145
1195 memset(seq64be,0,sizeof(seq64be)); 1146 memset(seq64be, 0, sizeof(seq64be));
1196 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, 1147 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1197 frag->msg_header.is_ccs)>>8); 1148 frag->msg_header.is_ccs) >> 8);
1198 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, 1149 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1199 frag->msg_header.is_ccs)); 1150 frag->msg_header.is_ccs));
1200 1151
1201 item = pitem_new(seq64be, frag); 1152 item = pitem_new(seq64be, frag);
1202 if ( item == NULL) 1153 if (item == NULL) {
1203 {
1204 dtls1_hm_fragment_free(frag); 1154 dtls1_hm_fragment_free(frag);
1205 return 0; 1155 return 0;
1206 } 1156 }
1207 1157
1208#if 0 1158#if 0
1209 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); 1159 fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
1210 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); 1160 fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
1211 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num); 1161 fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
1212#endif 1162#endif
1213 1163
1214 pqueue_insert(s->d1->sent_messages, item); 1164 pqueue_insert(s->d1->sent_messages, item);
1215 return 1; 1165 return 1;
1216 } 1166}
1217 1167
1218int 1168int
1219dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, 1169dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1220 int *found) 1170 int *found)
1221 { 1171{
1222 int ret; 1172 int ret;
1223 /* XDTLS: for now assuming that read/writes are blocking */ 1173 /* XDTLS: for now assuming that read/writes are blocking */
1224 pitem *item; 1174 pitem *item;
1225 hm_fragment *frag ; 1175 hm_fragment *frag;
1226 unsigned long header_length; 1176 unsigned long header_length;
1227 unsigned char seq64be[8]; 1177 unsigned char seq64be[8];
1228 struct dtls1_retransmit_state saved_state; 1178 struct dtls1_retransmit_state saved_state;
@@ -1234,33 +1184,32 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1234 */ 1184 */
1235 1185
1236 /* XDTLS: the requested message ought to be found, otherwise error */ 1186 /* XDTLS: the requested message ought to be found, otherwise error */
1237 memset(seq64be,0,sizeof(seq64be)); 1187 memset(seq64be, 0, sizeof(seq64be));
1238 seq64be[6] = (unsigned char)(seq>>8); 1188 seq64be[6] = (unsigned char)(seq >> 8);
1239 seq64be[7] = (unsigned char)seq; 1189 seq64be[7] = (unsigned char)seq;
1240 1190
1241 item = pqueue_find(s->d1->sent_messages, seq64be); 1191 item = pqueue_find(s->d1->sent_messages, seq64be);
1242 if ( item == NULL) 1192 if (item == NULL) {
1243 {
1244 fprintf(stderr, "retransmit: message %d non-existant\n", seq); 1193 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
1245 *found = 0; 1194 *found = 0;
1246 return 0; 1195 return 0;
1247 } 1196 }
1248 1197
1249 *found = 1; 1198 *found = 1;
1250 frag = (hm_fragment *)item->data; 1199 frag = (hm_fragment *)item->data;
1251 1200
1252 if ( frag->msg_header.is_ccs) 1201 if (frag->msg_header.is_ccs)
1253 header_length = DTLS1_CCS_HEADER_LENGTH; 1202 header_length = DTLS1_CCS_HEADER_LENGTH;
1254 else 1203 else
1255 header_length = DTLS1_HM_HEADER_LENGTH; 1204 header_length = DTLS1_HM_HEADER_LENGTH;
1256 1205
1257 memcpy(s->init_buf->data, frag->fragment, 1206 memcpy(s->init_buf->data, frag->fragment,
1258 frag->msg_header.msg_len + header_length); 1207 frag->msg_header.msg_len + header_length);
1259 s->init_num = frag->msg_header.msg_len + header_length; 1208 s->init_num = frag->msg_header.msg_len + header_length;
1260 1209
1261 dtls1_set_message_header_int(s, frag->msg_header.type, 1210 dtls1_set_message_header_int(s, frag->msg_header.type,
1262 frag->msg_header.msg_len, frag->msg_header.seq, 0, 1211 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1263 frag->msg_header.frag_len); 1212 frag->msg_header.frag_len);
1264 1213
1265 /* save current state */ 1214 /* save current state */
1266 saved_state.enc_write_ctx = s->enc_write_ctx; 1215 saved_state.enc_write_ctx = s->enc_write_ctx;
@@ -1269,34 +1218,32 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1269 saved_state.session = s->session; 1218 saved_state.session = s->session;
1270 saved_state.epoch = s->d1->w_epoch; 1219 saved_state.epoch = s->d1->w_epoch;
1271 saved_state.epoch = s->d1->w_epoch; 1220 saved_state.epoch = s->d1->w_epoch;
1272 1221
1273 s->d1->retransmitting = 1; 1222 s->d1->retransmitting = 1;
1274 1223
1275 /* restore state in which the message was originally sent */ 1224 /* restore state in which the message was originally sent */
1276 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; 1225 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1277 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; 1226 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1278 s->compress = frag->msg_header.saved_retransmit_state.compress; 1227 s->compress = frag->msg_header.saved_retransmit_state.compress;
1279 s->session = frag->msg_header.saved_retransmit_state.session; 1228 s->session = frag->msg_header.saved_retransmit_state.session;
1280 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; 1229 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1281 1230
1282 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) 1231 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
1283 {
1284 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); 1232 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1285 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); 1233 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
1286 } 1234 }
1287 1235
1288 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 1236 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1289 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); 1237 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1290 1238
1291 /* restore current state */ 1239 /* restore current state */
1292 s->enc_write_ctx = saved_state.enc_write_ctx; 1240 s->enc_write_ctx = saved_state.enc_write_ctx;
1293 s->write_hash = saved_state.write_hash; 1241 s->write_hash = saved_state.write_hash;
1294 s->compress = saved_state.compress; 1242 s->compress = saved_state.compress;
1295 s->session = saved_state.session; 1243 s->session = saved_state.session;
1296 s->d1->w_epoch = saved_state.epoch; 1244 s->d1->w_epoch = saved_state.epoch;
1297 1245
1298 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) 1246 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
1299 {
1300 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); 1247 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1301 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); 1248 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
1302 } 1249 }
@@ -1305,47 +1252,45 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1305 1252
1306 (void)BIO_flush(SSL_get_wbio(s)); 1253 (void)BIO_flush(SSL_get_wbio(s));
1307 return ret; 1254 return ret;
1308 } 1255}
1309 1256
1310/* call this function when the buffered messages are no longer needed */ 1257/* call this function when the buffered messages are no longer needed */
1311void 1258void
1312dtls1_clear_record_buffer(SSL *s) 1259dtls1_clear_record_buffer(SSL *s)
1313 { 1260{
1314 pitem *item; 1261 pitem *item;
1315 1262
1316 for(item = pqueue_pop(s->d1->sent_messages); 1263 for(item = pqueue_pop(s->d1->sent_messages); item != NULL;
1317 item != NULL; item = pqueue_pop(s->d1->sent_messages)) 1264 item = pqueue_pop(s->d1->sent_messages)) {
1318 {
1319 dtls1_hm_fragment_free((hm_fragment *)item->data); 1265 dtls1_hm_fragment_free((hm_fragment *)item->data);
1320 pitem_free(item); 1266 pitem_free(item);
1321 }
1322 } 1267 }
1268}
1323 1269
1324 1270
1325unsigned char * 1271unsigned char *
1326dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, 1272dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1327 unsigned long len, unsigned long frag_off, unsigned long frag_len) 1273 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1328 { 1274{
1329 /* Don't change sequence numbers while listening */ 1275 /* Don't change sequence numbers while listening */
1330 if (frag_off == 0 && !s->d1->listen) 1276 if (frag_off == 0 && !s->d1->listen) {
1331 {
1332 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 1277 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1333 s->d1->next_handshake_write_seq++; 1278 s->d1->next_handshake_write_seq++;
1334 } 1279 }
1335 1280
1336 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, 1281 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1337 frag_off, frag_len); 1282 frag_off, frag_len);
1338 1283
1339 return p += DTLS1_HM_HEADER_LENGTH; 1284 return p += DTLS1_HM_HEADER_LENGTH;
1340 } 1285}
1341 1286
1342 1287
1343/* don't actually do the writing, wait till the MTU has been retrieved */ 1288/* don't actually do the writing, wait till the MTU has been retrieved */
1344static void 1289static void
1345dtls1_set_message_header_int(SSL *s, unsigned char mt, 1290dtls1_set_message_header_int(SSL *s, unsigned char mt,
1346 unsigned long len, unsigned short seq_num, unsigned long frag_off, 1291 unsigned long len, unsigned short seq_num, unsigned long frag_off,
1347 unsigned long frag_len) 1292unsigned long frag_len)
1348 { 1293{
1349 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1294 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1350 1295
1351 msg_hdr->type = mt; 1296 msg_hdr->type = mt;
@@ -1353,21 +1298,21 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt,
1353 msg_hdr->seq = seq_num; 1298 msg_hdr->seq = seq_num;
1354 msg_hdr->frag_off = frag_off; 1299 msg_hdr->frag_off = frag_off;
1355 msg_hdr->frag_len = frag_len; 1300 msg_hdr->frag_len = frag_len;
1356 } 1301}
1357 1302
1358static void 1303static void
1359dtls1_fix_message_header(SSL *s, unsigned long frag_off, 1304dtls1_fix_message_header(SSL *s, unsigned long frag_off,
1360 unsigned long frag_len) 1305 unsigned long frag_len)
1361 { 1306{
1362 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1307 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1363 1308
1364 msg_hdr->frag_off = frag_off; 1309 msg_hdr->frag_off = frag_off;
1365 msg_hdr->frag_len = frag_len; 1310 msg_hdr->frag_len = frag_len;
1366 } 1311}
1367 1312
1368static unsigned char * 1313static unsigned char *
1369dtls1_write_message_header(SSL *s, unsigned char *p) 1314dtls1_write_message_header(SSL *s, unsigned char *p)
1370 { 1315{
1371 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1316 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1372 1317
1373 *p++ = msg_hdr->type; 1318 *p++ = msg_hdr->type;
@@ -1378,33 +1323,32 @@ dtls1_write_message_header(SSL *s, unsigned char *p)
1378 l2n3(msg_hdr->frag_len, p); 1323 l2n3(msg_hdr->frag_len, p);
1379 1324
1380 return p; 1325 return p;
1381 } 1326}
1382 1327
1383unsigned int 1328unsigned int
1384dtls1_min_mtu(void) 1329dtls1_min_mtu(void)
1385 { 1330{
1386 return (g_probable_mtu[(sizeof(g_probable_mtu) / 1331 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1387 sizeof(g_probable_mtu[0])) - 1]); 1332 sizeof(g_probable_mtu[0])) - 1]);
1388 } 1333}
1389 1334
1390static unsigned int 1335static unsigned int
1391dtls1_guess_mtu(unsigned int curr_mtu) 1336dtls1_guess_mtu(unsigned int curr_mtu)
1392 { 1337{
1393 unsigned int i; 1338 unsigned int i;
1394 1339
1395 if ( curr_mtu == 0 ) 1340 if (curr_mtu == 0)
1396 return g_probable_mtu[0] ; 1341 return g_probable_mtu[0];
1397 1342
1398 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++) 1343 for (i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
1399 if ( curr_mtu > g_probable_mtu[i]) 1344 if (curr_mtu > g_probable_mtu[i])
1400 return g_probable_mtu[i]; 1345 return g_probable_mtu[i];
1401 1346
1402 return curr_mtu; 1347 return curr_mtu;
1403 } 1348}
1404 1349
1405void 1350void
1406dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) 1351dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) {
1407 {
1408 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 1352 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
1409 msg_hdr->type = *(data++); 1353 msg_hdr->type = *(data++);
1410 n2l3(data, msg_hdr->msg_len); 1354 n2l3(data, msg_hdr->msg_len);
@@ -1412,41 +1356,41 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1412 n2s(data, msg_hdr->seq); 1356 n2s(data, msg_hdr->seq);
1413 n2l3(data, msg_hdr->frag_off); 1357 n2l3(data, msg_hdr->frag_off);
1414 n2l3(data, msg_hdr->frag_len); 1358 n2l3(data, msg_hdr->frag_len);
1415 } 1359}
1416 1360
1417void 1361void
1418dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) 1362dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) {
1419 {
1420 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); 1363 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1421 1364
1422 ccs_hdr->type = *(data++); 1365 ccs_hdr->type = *(data++);
1423 } 1366}
1424 1367
1425int dtls1_shutdown(SSL *s) 1368int
1426 { 1369dtls1_shutdown(SSL *s)
1370{
1427 int ret; 1371 int ret;
1428#ifndef OPENSSL_NO_SCTP 1372#ifndef OPENSSL_NO_SCTP
1429 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 1373 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1430 !(s->shutdown & SSL_SENT_SHUTDOWN)) 1374 !(s->shutdown & SSL_SENT_SHUTDOWN)) {
1431 {
1432 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); 1375 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
1433 if (ret < 0) return -1; 1376 if (ret < 0)
1377 return -1;
1434 1378
1435 if (ret == 0) 1379 if (ret == 0)
1436 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL); 1380 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
1437 } 1381 }
1438#endif 1382#endif
1439 ret = ssl3_shutdown(s); 1383 ret = ssl3_shutdown(s);
1440#ifndef OPENSSL_NO_SCTP 1384#ifndef OPENSSL_NO_SCTP
1441 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL); 1385 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
1442#endif 1386#endif
1443 return ret; 1387 return ret;
1444 } 1388}
1445 1389
1446#ifndef OPENSSL_NO_HEARTBEATS 1390#ifndef OPENSSL_NO_HEARTBEATS
1447int 1391int
1448dtls1_process_heartbeat(SSL *s) 1392dtls1_process_heartbeat(SSL *s)
1449 { 1393{
1450 unsigned char *p = &s->s3->rrec.data[0], *pl; 1394 unsigned char *p = &s->s3->rrec.data[0], *pl;
1451 unsigned short hbtype; 1395 unsigned short hbtype;
1452 unsigned int payload; 1396 unsigned int payload;
@@ -1454,8 +1398,8 @@ dtls1_process_heartbeat(SSL *s)
1454 1398
1455 if (s->msg_callback) 1399 if (s->msg_callback)
1456 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, 1400 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
1457 &s->s3->rrec.data[0], s->s3->rrec.length, 1401 &s->s3->rrec.data[0], s->s3->rrec.length,
1458 s, s->msg_callback_arg); 1402 s, s->msg_callback_arg);
1459 1403
1460 /* Read type and payload length first */ 1404 /* Read type and payload length first */
1461 if (1 + 2 + 16 > s->s3->rrec.length) 1405 if (1 + 2 + 16 > s->s3->rrec.length)
@@ -1466,12 +1410,11 @@ dtls1_process_heartbeat(SSL *s)
1466 return 0; /* silently discard per RFC 6520 sec. 4 */ 1410 return 0; /* silently discard per RFC 6520 sec. 4 */
1467 pl = p; 1411 pl = p;
1468 1412
1469 if (hbtype == TLS1_HB_REQUEST) 1413 if (hbtype == TLS1_HB_REQUEST) {
1470 {
1471 unsigned char *buffer, *bp; 1414 unsigned char *buffer, *bp;
1472 unsigned int write_length = 1 /* heartbeat type */ + 1415 unsigned int write_length = 1 /* heartbeat type */ +
1473 2 /* heartbeat length */ + 1416 2 /* heartbeat length */ +
1474 payload + padding; 1417 payload + padding;
1475 int r; 1418 int r;
1476 1419
1477 if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) 1420 if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
@@ -1496,16 +1439,14 @@ dtls1_process_heartbeat(SSL *s)
1496 1439
1497 if (r >= 0 && s->msg_callback) 1440 if (r >= 0 && s->msg_callback)
1498 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, 1441 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1499 buffer, write_length, 1442 buffer, write_length,
1500 s, s->msg_callback_arg); 1443 s, s->msg_callback_arg);
1501 1444
1502 OPENSSL_free(buffer); 1445 OPENSSL_free(buffer);
1503 1446
1504 if (r < 0) 1447 if (r < 0)
1505 return r; 1448 return r;
1506 } 1449 } else if (hbtype == TLS1_HB_RESPONSE) {
1507 else if (hbtype == TLS1_HB_RESPONSE)
1508 {
1509 unsigned int seq; 1450 unsigned int seq;
1510 1451
1511 /* We only send sequence numbers (2 bytes unsigned int), 1452 /* We only send sequence numbers (2 bytes unsigned int),
@@ -1513,20 +1454,19 @@ dtls1_process_heartbeat(SSL *s)
1513 * sequence number */ 1454 * sequence number */
1514 n2s(pl, seq); 1455 n2s(pl, seq);
1515 1456
1516 if (payload == 18 && seq == s->tlsext_hb_seq) 1457 if (payload == 18 && seq == s->tlsext_hb_seq) {
1517 {
1518 dtls1_stop_timer(s); 1458 dtls1_stop_timer(s);
1519 s->tlsext_hb_seq++; 1459 s->tlsext_hb_seq++;
1520 s->tlsext_hb_pending = 0; 1460 s->tlsext_hb_pending = 0;
1521 }
1522 } 1461 }
1462 }
1523 1463
1524 return 0; 1464 return 0;
1525 } 1465}
1526 1466
1527int 1467int
1528dtls1_heartbeat(SSL *s) 1468dtls1_heartbeat(SSL *s)
1529 { 1469{
1530 unsigned char *buf, *p; 1470 unsigned char *buf, *p;
1531 int ret; 1471 int ret;
1532 unsigned int payload = 18; /* Sequence number + random bytes */ 1472 unsigned int payload = 18; /* Sequence number + random bytes */
@@ -1534,25 +1474,22 @@ dtls1_heartbeat(SSL *s)
1534 1474
1535 /* Only send if peer supports and accepts HB requests... */ 1475 /* Only send if peer supports and accepts HB requests... */
1536 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) || 1476 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
1537 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) 1477 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
1538 { 1478 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
1539 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
1540 return -1; 1479 return -1;
1541 } 1480 }
1542 1481
1543 /* ...and there is none in flight yet... */ 1482 /* ...and there is none in flight yet... */
1544 if (s->tlsext_hb_pending) 1483 if (s->tlsext_hb_pending) {
1545 { 1484 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
1546 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING);
1547 return -1; 1485 return -1;
1548 } 1486 }
1549 1487
1550 /* ...and no handshake in progress. */ 1488 /* ...and no handshake in progress. */
1551 if (SSL_in_init(s) || s->in_handshake) 1489 if (SSL_in_init(s) || s->in_handshake) {
1552 { 1490 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
1553 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE);
1554 return -1; 1491 return -1;
1555 } 1492 }
1556 1493
1557 /* Check if padding is too long, payload and padding 1494 /* Check if padding is too long, payload and padding
1558 * must not exceed 2^14 - 3 = 16381 bytes in total. 1495 * must not exceed 2^14 - 3 = 16381 bytes in total.
@@ -1583,19 +1520,18 @@ dtls1_heartbeat(SSL *s)
1583 RAND_pseudo_bytes(p, padding); 1520 RAND_pseudo_bytes(p, padding);
1584 1521
1585 ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); 1522 ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
1586 if (ret >= 0) 1523 if (ret >= 0) {
1587 {
1588 if (s->msg_callback) 1524 if (s->msg_callback)
1589 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, 1525 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1590 buf, 3 + payload + padding, 1526 buf, 3 + payload + padding,
1591 s, s->msg_callback_arg); 1527 s, s->msg_callback_arg);
1592 1528
1593 dtls1_start_timer(s); 1529 dtls1_start_timer(s);
1594 s->tlsext_hb_pending = 1; 1530 s->tlsext_hb_pending = 1;
1595 } 1531 }
1596 1532
1597 OPENSSL_free(buf); 1533 OPENSSL_free(buf);
1598 1534
1599 return ret; 1535 return ret;
1600 } 1536}
1601#endif 1537#endif
diff --git a/src/lib/libssl/src/ssl/d1_enc.c b/src/lib/libssl/src/ssl/d1_enc.c
index 712c4647f2..1967e7a95e 100644
--- a/src/lib/libssl/src/ssl/d1_enc.c
+++ b/src/lib/libssl/src/ssl/d1_enc.c
@@ -134,127 +134,114 @@
134 * 1: if the record's padding is valid / the encryption was successful. 134 * 1: if the record's padding is valid / the encryption was successful.
135 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, 135 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
136 * an internal error occured. */ 136 * an internal error occured. */
137int dtls1_enc(SSL *s, int send) 137int
138 { 138dtls1_enc(SSL *s, int send)
139{
139 SSL3_RECORD *rec; 140 SSL3_RECORD *rec;
140 EVP_CIPHER_CTX *ds; 141 EVP_CIPHER_CTX *ds;
141 unsigned long l; 142 unsigned long l;
142 int bs,i,j,k,mac_size=0; 143 int bs, i, j, k, mac_size = 0;
143 const EVP_CIPHER *enc; 144 const EVP_CIPHER *enc;
144 145
145 if (send) 146 if (send) {
146 { 147 if (EVP_MD_CTX_md(s->write_hash)) {
147 if (EVP_MD_CTX_md(s->write_hash)) 148 mac_size = EVP_MD_CTX_size(s->write_hash);
148 {
149 mac_size=EVP_MD_CTX_size(s->write_hash);
150 if (mac_size < 0) 149 if (mac_size < 0)
151 return -1; 150 return -1;
152 } 151 }
153 ds=s->enc_write_ctx; 152 ds = s->enc_write_ctx;
154 rec= &(s->s3->wrec); 153 rec = &(s->s3->wrec);
155 if (s->enc_write_ctx == NULL) 154 if (s->enc_write_ctx == NULL)
156 enc=NULL; 155 enc = NULL;
157 else 156 else {
158 { 157 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
159 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 158 if (rec->data != rec->input)
160 if ( rec->data != rec->input)
161 /* we can't write into the input stream */ 159 /* we can't write into the input stream */
162 fprintf(stderr, "%s:%d: rec->data != rec->input\n", 160 fprintf(stderr, "%s:%d: rec->data != rec->input\n",
163 __FILE__, __LINE__); 161 __FILE__, __LINE__);
164 else if ( EVP_CIPHER_block_size(ds->cipher) > 1) 162 else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
165 {
166 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0) 163 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
167 return -1; 164 return -1;
168 }
169 } 165 }
170 } 166 }
171 else 167 } else {
172 { 168 if (EVP_MD_CTX_md(s->read_hash)) {
173 if (EVP_MD_CTX_md(s->read_hash)) 169 mac_size = EVP_MD_CTX_size(s->read_hash);
174 {
175 mac_size=EVP_MD_CTX_size(s->read_hash);
176 OPENSSL_assert(mac_size >= 0); 170 OPENSSL_assert(mac_size >= 0);
177 } 171 }
178 ds=s->enc_read_ctx; 172 ds = s->enc_read_ctx;
179 rec= &(s->s3->rrec); 173 rec = &(s->s3->rrec);
180 if (s->enc_read_ctx == NULL) 174 if (s->enc_read_ctx == NULL)
181 enc=NULL; 175 enc = NULL;
182 else 176 else
183 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 177 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
184 } 178 }
185 179
186#ifdef KSSL_DEBUG 180#ifdef KSSL_DEBUG
187 printf("dtls1_enc(%d)\n", send); 181 printf("dtls1_enc(%d)\n", send);
188#endif /* KSSL_DEBUG */ 182#endif /* KSSL_DEBUG */
189 183
190 if ((s->session == NULL) || (ds == NULL) || 184 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
191 (enc == NULL)) 185 memmove(rec->data, rec->input, rec->length);
192 { 186 rec->input = rec->data;
193 memmove(rec->data,rec->input,rec->length); 187 } else {
194 rec->input=rec->data; 188 l = rec->length;
195 } 189 bs = EVP_CIPHER_block_size(ds->cipher);
196 else
197 {
198 l=rec->length;
199 bs=EVP_CIPHER_block_size(ds->cipher);
200 190
201 if ((bs != 1) && send) 191 if ((bs != 1) && send) {
202 { 192 i = bs - ((int)l % bs);
203 i=bs-((int)l%bs);
204 193
205 /* Add weird padding of upto 256 bytes */ 194 /* Add weird padding of upto 256 bytes */
206 195
207 /* we need to add 'i' padding bytes of value j */ 196 /* we need to add 'i' padding bytes of value j */
208 j=i-1; 197 j = i - 1;
209 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) 198 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) {
210 {
211 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 199 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
212 j++; 200 j++;
213 }
214 for (k=(int)l; k<(int)(l+i); k++)
215 rec->input[k]=j;
216 l+=i;
217 rec->length+=i;
218 } 201 }
202 for (k = (int)l; k < (int)(l + i); k++)
203 rec->input[k] = j;
204 l += i;
205 rec->length += i;
206 }
219 207
220#ifdef KSSL_DEBUG 208#ifdef KSSL_DEBUG
221 { 209 {
222 unsigned long ui; 210 unsigned long ui;
223 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", 211 printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
224 ds,rec->data,rec->input,l); 212 ds, rec->data, rec->input, l);
225 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", 213 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
226 ds->buf_len, ds->cipher->key_len, 214 ds->buf_len, ds->cipher->key_len,
227 DES_KEY_SZ, DES_SCHEDULE_SZ, 215 DES_KEY_SZ, DES_SCHEDULE_SZ,
228 ds->cipher->iv_len); 216 ds->cipher->iv_len);
229 printf("\t\tIV: "); 217 printf("\t\tIV: ");
230 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); 218 for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
231 printf("\n"); 219 printf("\n");
232 printf("\trec->input="); 220 printf("\trec->input=");
233 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); 221 for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
234 printf("\n"); 222 printf("\n");
235 } 223 }
236#endif /* KSSL_DEBUG */ 224#endif /* KSSL_DEBUG */
237 225
238 if (!send) 226 if (!send) {
239 { 227 if (l == 0 || l % bs != 0)
240 if (l == 0 || l%bs != 0)
241 return 0; 228 return 0;
242 } 229 }
243 230
244 EVP_Cipher(ds,rec->data,rec->input,l); 231 EVP_Cipher(ds, rec->data, rec->input, l);
245 232
246#ifdef KSSL_DEBUG 233#ifdef KSSL_DEBUG
247 { 234 {
248 unsigned long i; 235 unsigned long i;
249 printf("\trec->data="); 236 printf("\trec->data=");
250 for (i=0; i<l; i++) 237 for (i = 0; i < l; i++)
251 printf(" %02x", rec->data[i]); printf("\n"); 238 printf(" %02x", rec->data[i]); printf("\n");
252 } 239 }
253#endif /* KSSL_DEBUG */ 240#endif /* KSSL_DEBUG */
254 241
255 if ((bs != 1) && !send) 242 if ((bs != 1) && !send)
256 return tls1_cbc_remove_padding(s, rec, bs, mac_size); 243 return tls1_cbc_remove_padding(s, rec, bs, mac_size);
257 }
258 return(1);
259 } 244 }
245 return (1);
246}
260 247
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c
index 750f83e04a..3da7c36545 100644
--- a/src/lib/libssl/src/ssl/d1_lib.c
+++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -70,8 +70,8 @@ static void get_current_time(struct timeval *t);
70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; 70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
71int dtls1_listen(SSL *s, struct sockaddr *client); 71int dtls1_listen(SSL *s, struct sockaddr *client);
72 72
73SSL3_ENC_METHOD DTLSv1_enc_data={ 73SSL3_ENC_METHOD DTLSv1_enc_data = {
74 dtls1_enc, 74 dtls1_enc,
75 tls1_mac, 75 tls1_mac,
76 tls1_setup_key_block, 76 tls1_setup_key_block,
77 tls1_generate_master_secret, 77 tls1_generate_master_secret,
@@ -79,137 +79,139 @@ SSL3_ENC_METHOD DTLSv1_enc_data={
79 tls1_final_finish_mac, 79 tls1_final_finish_mac,
80 TLS1_FINISH_MAC_LENGTH, 80 TLS1_FINISH_MAC_LENGTH,
81 tls1_cert_verify_mac, 81 tls1_cert_verify_mac,
82 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, 82 TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
83 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, 83 TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
84 tls1_alert_code, 84 tls1_alert_code,
85 tls1_export_keying_material, 85 tls1_export_keying_material,
86 }; 86};
87 87
88long dtls1_default_timeout(void) 88long
89 { 89dtls1_default_timeout(void)
90{
90 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec 91 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
91 * is way too long for http, the cache would over fill */ 92 * is way too long for http, the cache would over fill */
92 return(60*60*2); 93 return (60*60*2);
93 } 94}
94 95
95int dtls1_new(SSL *s) 96int
96 { 97dtls1_new(SSL *s)
98{
97 DTLS1_STATE *d1; 99 DTLS1_STATE *d1;
98 100
99 if (!ssl3_new(s)) return(0); 101 if (!ssl3_new(s))
100 if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0); 102 return (0);
101 memset(d1,0, sizeof *d1); 103 if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
104 memset(d1, 0, sizeof *d1);
102 105
103 /* d1->handshake_epoch=0; */ 106 /* d1->handshake_epoch=0; */
104 107
105 d1->unprocessed_rcds.q=pqueue_new(); 108 d1->unprocessed_rcds.q = pqueue_new();
106 d1->processed_rcds.q=pqueue_new(); 109 d1->processed_rcds.q = pqueue_new();
107 d1->buffered_messages = pqueue_new(); 110 d1->buffered_messages = pqueue_new();
108 d1->sent_messages=pqueue_new(); 111 d1->sent_messages = pqueue_new();
109 d1->buffered_app_data.q=pqueue_new(); 112 d1->buffered_app_data.q = pqueue_new();
110 113
111 if ( s->server) 114 if (s->server) {
112 {
113 d1->cookie_len = sizeof(s->d1->cookie); 115 d1->cookie_len = sizeof(s->d1->cookie);
114 } 116 }
115 117
116 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q 118 if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q ||
117 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) 119 !d1->buffered_messages || !d1->sent_messages ||
118 { 120 !d1->buffered_app_data.q) {
119 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); 121 if (d1->unprocessed_rcds.q)
120 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); 122 pqueue_free(d1->unprocessed_rcds.q);
121 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); 123 if (d1->processed_rcds.q)
122 if ( d1->sent_messages) pqueue_free(d1->sent_messages); 124 pqueue_free(d1->processed_rcds.q);
123 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); 125 if (d1->buffered_messages)
126 pqueue_free(d1->buffered_messages);
127 if (d1->sent_messages)
128 pqueue_free(d1->sent_messages);
129 if (d1->buffered_app_data.q)
130 pqueue_free(d1->buffered_app_data.q);
124 OPENSSL_free(d1); 131 OPENSSL_free(d1);
125 return (0); 132 return (0);
126 } 133 }
127 134
128 s->d1=d1; 135 s->d1 = d1;
129 s->method->ssl_clear(s); 136 s->method->ssl_clear(s);
130 return(1); 137 return (1);
131 } 138}
132 139
133static void dtls1_clear_queues(SSL *s) 140static void
134 { 141dtls1_clear_queues(SSL *s)
135 pitem *item = NULL; 142{
136 hm_fragment *frag = NULL; 143 pitem *item = NULL;
144 hm_fragment *frag = NULL;
137 DTLS1_RECORD_DATA *rdata; 145 DTLS1_RECORD_DATA *rdata;
138 146
139 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) 147 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
140 {
141 rdata = (DTLS1_RECORD_DATA *) item->data; 148 rdata = (DTLS1_RECORD_DATA *) item->data;
142 if (rdata->rbuf.buf) 149 if (rdata->rbuf.buf) {
143 {
144 OPENSSL_free(rdata->rbuf.buf); 150 OPENSSL_free(rdata->rbuf.buf);
145 } 151 }
146 OPENSSL_free(item->data); 152 OPENSSL_free(item->data);
147 pitem_free(item); 153 pitem_free(item);
148 } 154 }
149 155
150 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) 156 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
151 {
152 rdata = (DTLS1_RECORD_DATA *) item->data; 157 rdata = (DTLS1_RECORD_DATA *) item->data;
153 if (rdata->rbuf.buf) 158 if (rdata->rbuf.buf) {
154 {
155 OPENSSL_free(rdata->rbuf.buf); 159 OPENSSL_free(rdata->rbuf.buf);
156 } 160 }
157 OPENSSL_free(item->data); 161 OPENSSL_free(item->data);
158 pitem_free(item); 162 pitem_free(item);
159 } 163 }
160 164
161 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) 165 while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
162 {
163 frag = (hm_fragment *)item->data;
164 OPENSSL_free(frag->fragment);
165 OPENSSL_free(frag);
166 pitem_free(item);
167 }
168
169 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
170 {
171 frag = (hm_fragment *)item->data;
172 OPENSSL_free(frag->fragment);
173 OPENSSL_free(frag);
174 pitem_free(item);
175 }
176
177 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
178 {
179 frag = (hm_fragment *)item->data; 166 frag = (hm_fragment *)item->data;
180 OPENSSL_free(frag->fragment); 167 OPENSSL_free(frag->fragment);
181 OPENSSL_free(frag); 168 OPENSSL_free(frag);
182 pitem_free(item); 169 pitem_free(item);
183 }
184 } 170 }
185 171
186void dtls1_free(SSL *s) 172 while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
187 { 173 frag = (hm_fragment *)item->data;
174 OPENSSL_free(frag->fragment);
175 OPENSSL_free(frag);
176 pitem_free(item);
177 }
178
179 while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
180 frag = (hm_fragment *)item->data;
181 OPENSSL_free(frag->fragment);
182 OPENSSL_free(frag);
183 pitem_free(item);
184 }
185}
186
187void
188dtls1_free(SSL *s)
189{
188 ssl3_free(s); 190 ssl3_free(s);
189 191
190 dtls1_clear_queues(s); 192 dtls1_clear_queues(s);
191 193
192 pqueue_free(s->d1->unprocessed_rcds.q); 194 pqueue_free(s->d1->unprocessed_rcds.q);
193 pqueue_free(s->d1->processed_rcds.q); 195 pqueue_free(s->d1->processed_rcds.q);
194 pqueue_free(s->d1->buffered_messages); 196 pqueue_free(s->d1->buffered_messages);
195 pqueue_free(s->d1->sent_messages); 197 pqueue_free(s->d1->sent_messages);
196 pqueue_free(s->d1->buffered_app_data.q); 198 pqueue_free(s->d1->buffered_app_data.q);
197 199
198 OPENSSL_free(s->d1); 200 OPENSSL_free(s->d1);
199 s->d1 = NULL; 201 s->d1 = NULL;
200 } 202}
201 203
202void dtls1_clear(SSL *s) 204void
203 { 205dtls1_clear(SSL *s)
204 pqueue unprocessed_rcds; 206{
205 pqueue processed_rcds; 207 pqueue unprocessed_rcds;
206 pqueue buffered_messages; 208 pqueue processed_rcds;
209 pqueue buffered_messages;
207 pqueue sent_messages; 210 pqueue sent_messages;
208 pqueue buffered_app_data; 211 pqueue buffered_app_data;
209 unsigned int mtu; 212 unsigned int mtu;
210 213
211 if (s->d1) 214 if (s->d1) {
212 {
213 unprocessed_rcds = s->d1->unprocessed_rcds.q; 215 unprocessed_rcds = s->d1->unprocessed_rcds.q;
214 processed_rcds = s->d1->processed_rcds.q; 216 processed_rcds = s->d1->processed_rcds.q;
215 buffered_messages = s->d1->buffered_messages; 217 buffered_messages = s->d1->buffered_messages;
@@ -221,41 +223,38 @@ void dtls1_clear(SSL *s)
221 223
222 memset(s->d1, 0, sizeof(*(s->d1))); 224 memset(s->d1, 0, sizeof(*(s->d1)));
223 225
224 if (s->server) 226 if (s->server) {
225 {
226 s->d1->cookie_len = sizeof(s->d1->cookie); 227 s->d1->cookie_len = sizeof(s->d1->cookie);
227 } 228 }
228 229
229 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) 230 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
230 {
231 s->d1->mtu = mtu; 231 s->d1->mtu = mtu;
232 } 232 }
233 233
234 s->d1->unprocessed_rcds.q = unprocessed_rcds; 234 s->d1->unprocessed_rcds.q = unprocessed_rcds;
235 s->d1->processed_rcds.q = processed_rcds; 235 s->d1->processed_rcds.q = processed_rcds;
236 s->d1->buffered_messages = buffered_messages; 236 s->d1->buffered_messages = buffered_messages;
237 s->d1->sent_messages = sent_messages; 237 s->d1->sent_messages = sent_messages;
238 s->d1->buffered_app_data.q = buffered_app_data; 238 s->d1->buffered_app_data.q = buffered_app_data;
239 } 239 }
240 240
241 ssl3_clear(s); 241 ssl3_clear(s);
242 if (s->options & SSL_OP_CISCO_ANYCONNECT) 242 if (s->options & SSL_OP_CISCO_ANYCONNECT)
243 s->version=DTLS1_BAD_VER; 243 s->version = DTLS1_BAD_VER;
244 else 244 else
245 s->version=DTLS1_VERSION; 245 s->version = DTLS1_VERSION;
246 } 246}
247 247
248long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) 248long
249 { 249dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
250 int ret=0; 250{
251 int ret = 0;
251 252
252 switch (cmd) 253 switch (cmd) {
253 {
254 case DTLS_CTRL_GET_TIMEOUT: 254 case DTLS_CTRL_GET_TIMEOUT:
255 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) 255 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) {
256 {
257 ret = 1; 256 ret = 1;
258 } 257 }
259 break; 258 break;
260 case DTLS_CTRL_HANDLE_TIMEOUT: 259 case DTLS_CTRL_HANDLE_TIMEOUT:
261 ret = dtls1_handle_timeout(s); 260 ret = dtls1_handle_timeout(s);
@@ -267,9 +266,9 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
267 default: 266 default:
268 ret = ssl3_ctrl(s, cmd, larg, parg); 267 ret = ssl3_ctrl(s, cmd, larg, parg);
269 break; 268 break;
270 }
271 return(ret);
272 } 269 }
270 return (ret);
271}
273 272
274/* 273/*
275 * As it's impossible to use stream ciphers in "datagram" mode, this 274 * As it's impossible to use stream ciphers in "datagram" mode, this
@@ -278,53 +277,51 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
278 * to explicitly list their SSL_* codes. Currently RC4 is the only one 277 * to explicitly list their SSL_* codes. Currently RC4 is the only one
279 * available, but if new ones emerge, they will have to be added... 278 * available, but if new ones emerge, they will have to be added...
280 */ 279 */
281const SSL_CIPHER *dtls1_get_cipher(unsigned int u) 280const SSL_CIPHER
282 { 281*dtls1_get_cipher(unsigned int u)
282{
283 const SSL_CIPHER *ciph = ssl3_get_cipher(u); 283 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
284 284
285 if (ciph != NULL) 285 if (ciph != NULL) {
286 {
287 if (ciph->algorithm_enc == SSL_RC4) 286 if (ciph->algorithm_enc == SSL_RC4)
288 return NULL; 287 return NULL;
289 } 288 }
290 289
291 return ciph; 290 return ciph;
292 } 291}
293 292
294void dtls1_start_timer(SSL *s) 293void
295 { 294dtls1_start_timer(SSL *s)
295{
296#ifndef OPENSSL_NO_SCTP 296#ifndef OPENSSL_NO_SCTP
297 /* Disable timer for SCTP */ 297 /* Disable timer for SCTP */
298 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) 298 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
299 {
300 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 299 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
301 return; 300 return;
302 } 301 }
303#endif 302#endif
304 303
305 /* If timer is not set, initialize duration with 1 second */ 304 /* If timer is not set, initialize duration with 1 second */
306 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) 305 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
307 {
308 s->d1->timeout_duration = 1; 306 s->d1->timeout_duration = 1;
309 } 307 }
310 308
311 /* Set timeout to current time */ 309 /* Set timeout to current time */
312 get_current_time(&(s->d1->next_timeout)); 310 get_current_time(&(s->d1->next_timeout));
313 311
314 /* Add duration to current time */ 312 /* Add duration to current time */
315 s->d1->next_timeout.tv_sec += s->d1->timeout_duration; 313 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
316 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); 314 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
317 } 315}
318 316
319struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) 317struct timeval*
320 { 318dtls1_get_timeout(SSL *s, struct timeval* timeleft) {
321 struct timeval timenow; 319 struct timeval timenow;
322 320
323 /* If no timeout is set, just return NULL */ 321 /* If no timeout is set, just return NULL */
324 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) 322 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
325 {
326 return NULL; 323 return NULL;
327 } 324 }
328 325
329 /* Get current time */ 326 /* Get current time */
330 get_current_time(&timenow); 327 get_current_time(&timenow);
@@ -332,65 +329,63 @@ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
332 /* If timer already expired, set remaining time to 0 */ 329 /* If timer already expired, set remaining time to 0 */
333 if (s->d1->next_timeout.tv_sec < timenow.tv_sec || 330 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
334 (s->d1->next_timeout.tv_sec == timenow.tv_sec && 331 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
335 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) 332 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
336 {
337 memset(timeleft, 0, sizeof(struct timeval)); 333 memset(timeleft, 0, sizeof(struct timeval));
338 return timeleft; 334 return timeleft;
339 } 335 }
340 336
341 /* Calculate time left until timer expires */ 337 /* Calculate time left until timer expires */
342 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); 338 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
343 timeleft->tv_sec -= timenow.tv_sec; 339 timeleft->tv_sec -= timenow.tv_sec;
344 timeleft->tv_usec -= timenow.tv_usec; 340 timeleft->tv_usec -= timenow.tv_usec;
345 if (timeleft->tv_usec < 0) 341 if (timeleft->tv_usec < 0) {
346 {
347 timeleft->tv_sec--; 342 timeleft->tv_sec--;
348 timeleft->tv_usec += 1000000; 343 timeleft->tv_usec += 1000000;
349 } 344 }
350 345
351 /* If remaining time is less than 15 ms, set it to 0 346 /* If remaining time is less than 15 ms, set it to 0
352 * to prevent issues because of small devergences with 347 * to prevent issues because of small devergences with
353 * socket timeouts. 348 * socket timeouts.
354 */ 349 */
355 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) 350 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
356 {
357 memset(timeleft, 0, sizeof(struct timeval)); 351 memset(timeleft, 0, sizeof(struct timeval));
358 } 352 }
359 353
360 354
361 return timeleft; 355 return timeleft;
362 } 356}
363 357
364int dtls1_is_timer_expired(SSL *s) 358int
365 { 359dtls1_is_timer_expired(SSL *s)
360{
366 struct timeval timeleft; 361 struct timeval timeleft;
367 362
368 /* Get time left until timeout, return false if no timer running */ 363 /* Get time left until timeout, return false if no timer running */
369 if (dtls1_get_timeout(s, &timeleft) == NULL) 364 if (dtls1_get_timeout(s, &timeleft) == NULL) {
370 {
371 return 0; 365 return 0;
372 } 366 }
373 367
374 /* Return false if timer is not expired yet */ 368 /* Return false if timer is not expired yet */
375 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) 369 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
376 {
377 return 0; 370 return 0;
378 } 371 }
379 372
380 /* Timer expired, so return true */ 373 /* Timer expired, so return true */
381 return 1; 374 return 1;
382 } 375}
383 376
384void dtls1_double_timeout(SSL *s) 377void
385 { 378dtls1_double_timeout(SSL *s)
379{
386 s->d1->timeout_duration *= 2; 380 s->d1->timeout_duration *= 2;
387 if (s->d1->timeout_duration > 60) 381 if (s->d1->timeout_duration > 60)
388 s->d1->timeout_duration = 60; 382 s->d1->timeout_duration = 60;
389 dtls1_start_timer(s); 383 dtls1_start_timer(s);
390 } 384}
391 385
392void dtls1_stop_timer(SSL *s) 386void
393 { 387dtls1_stop_timer(SSL *s)
388{
394 /* Reset everything */ 389 /* Reset everything */
395 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); 390 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
396 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 391 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
@@ -398,35 +393,35 @@ void dtls1_stop_timer(SSL *s)
398 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); 393 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
399 /* Clear retransmission buffer */ 394 /* Clear retransmission buffer */
400 dtls1_clear_record_buffer(s); 395 dtls1_clear_record_buffer(s);
401 } 396}
402 397
403int dtls1_check_timeout_num(SSL *s) 398int
404 { 399dtls1_check_timeout_num(SSL *s)
400{
405 s->d1->timeout.num_alerts++; 401 s->d1->timeout.num_alerts++;
406 402
407 /* Reduce MTU after 2 unsuccessful retransmissions */ 403 /* Reduce MTU after 2 unsuccessful retransmissions */
408 if (s->d1->timeout.num_alerts > 2) 404 if (s->d1->timeout.num_alerts > 2) {
409 { 405 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
410 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
411 }
412 406
413 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) 407 }
414 { 408
409 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
415 /* fail the connection, enough alerts have been sent */ 410 /* fail the connection, enough alerts have been sent */
416 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED); 411 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
417 return -1; 412 return -1;
418 } 413 }
419 414
420 return 0; 415 return 0;
421 } 416}
422 417
423int dtls1_handle_timeout(SSL *s) 418int
424 { 419dtls1_handle_timeout(SSL *s)
420{
425 /* if no timer is expired, don't do anything */ 421 /* if no timer is expired, don't do anything */
426 if (!dtls1_is_timer_expired(s)) 422 if (!dtls1_is_timer_expired(s)) {
427 {
428 return 0; 423 return 0;
429 } 424 }
430 425
431 dtls1_double_timeout(s); 426 dtls1_double_timeout(s);
432 427
@@ -434,38 +429,39 @@ int dtls1_handle_timeout(SSL *s)
434 return -1; 429 return -1;
435 430
436 s->d1->timeout.read_timeouts++; 431 s->d1->timeout.read_timeouts++;
437 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) 432 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
438 {
439 s->d1->timeout.read_timeouts = 1; 433 s->d1->timeout.read_timeouts = 1;
440 } 434 }
441 435
442#ifndef OPENSSL_NO_HEARTBEATS 436#ifndef OPENSSL_NO_HEARTBEATS
443 if (s->tlsext_hb_pending) 437 if (s->tlsext_hb_pending) {
444 {
445 s->tlsext_hb_pending = 0; 438 s->tlsext_hb_pending = 0;
446 return dtls1_heartbeat(s); 439 return dtls1_heartbeat(s);
447 } 440 }
448#endif 441#endif
449 442
450 dtls1_start_timer(s); 443 dtls1_start_timer(s);
451 return dtls1_retransmit_buffered_messages(s); 444 return dtls1_retransmit_buffered_messages(s);
452 } 445}
453 446
454static void get_current_time(struct timeval *t) 447static void
448get_current_time(struct timeval *t)
455{ 449{
456 gettimeofday(t, NULL); 450 gettimeofday(t, NULL);
457} 451}
458 452
459int dtls1_listen(SSL *s, struct sockaddr *client) 453int
460 { 454dtls1_listen(SSL *s, struct sockaddr *client)
455{
461 int ret; 456 int ret;
462 457
463 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); 458 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
464 s->d1->listen = 1; 459 s->d1->listen = 1;
465 460
466 ret = SSL_accept(s); 461 ret = SSL_accept(s);
467 if (ret <= 0) return ret; 462 if (ret <= 0)
468 463 return ret;
469 (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); 464
465 (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
470 return 1; 466 return 1;
471 } 467}
diff --git a/src/lib/libssl/src/ssl/d1_meth.c b/src/lib/libssl/src/ssl/d1_meth.c
index 5c4004bfe3..2d3f3920ec 100644
--- a/src/lib/libssl/src/ssl/d1_meth.c
+++ b/src/lib/libssl/src/ssl/d1_meth.c
@@ -62,16 +62,14 @@
62#include "ssl_locl.h" 62#include "ssl_locl.h"
63 63
64static const SSL_METHOD *dtls1_get_method(int ver); 64static const SSL_METHOD *dtls1_get_method(int ver);
65static const SSL_METHOD *dtls1_get_method(int ver) 65static const SSL_METHOD
66 { 66*dtls1_get_method(int ver)
67{
67 if (ver == DTLS1_VERSION) 68 if (ver == DTLS1_VERSION)
68 return(DTLSv1_method()); 69 return (DTLSv1_method());
69 else 70 else
70 return(NULL); 71 return (NULL);
71 } 72}
72 73
73IMPLEMENT_dtls1_meth_func(DTLSv1_method, 74IMPLEMENT_dtls1_meth_func(DTLSv1_method,
74 dtls1_accept, 75 dtls1_accept, dtls1_connect, dtls1_get_method)
75 dtls1_connect,
76 dtls1_get_method)
77
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index 52f7fc022f..30fe8460fb 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -122,107 +122,120 @@
122#include <openssl/rand.h> 122#include <openssl/rand.h>
123 123
124/* mod 128 saturating subtract of two 64-bit values in big-endian order */ 124/* mod 128 saturating subtract of two 64-bit values in big-endian order */
125static int satsub64be(const unsigned char *v1,const unsigned char *v2) 125static int
126{ int ret,sat,brw,i; 126satsub64be(const unsigned char *v1, const unsigned char *v2)
127 127{
128 if (sizeof(long) == 8) do 128 int ret, sat, brw, i;
129 { const union { long one; char little; } is_endian = {1}; 129
130 long l; 130 if (sizeof(long) == 8)
131 131 do {
132 if (is_endian.little) break; 132 const union {
133 /* not reached on little-endians */ 133 long one;
134 /* following test is redundant, because input is 134 char little;
135 * always aligned, but I take no chances... */ 135 } is_endian = {1};
136 if (((size_t)v1|(size_t)v2)&0x7) break; 136 long l;
137 137
138 l = *((long *)v1); 138 if (is_endian.little)
139 l -= *((long *)v2); 139 break;
140 if (l>128) return 128; 140 /* not reached on little-endians */
141 else if (l<-128) return -128; 141 /* following test is redundant, because input is
142 else return (int)l; 142 * always aligned, but I take no chances... */
143 } while (0); 143 if (((size_t)v1 | (size_t)v2) & 0x7)
144 144 break;
145 ret = (int)v1[7]-(int)v2[7]; 145
146 l = *((long *)v1);
147 l -= *((long *)v2);
148 if (l > 128)
149 return 128;
150 else if (l<-128)
151 return -128;
152 else
153 return (int)l;
154 } while (0);
155
156 ret = (int)v1[7] - (int)v2[7];
146 sat = 0; 157 sat = 0;
147 brw = ret>>8; /* brw is either 0 or -1 */ 158 brw = ret >> 8; /* brw is either 0 or -1 */
148 if (ret & 0x80) 159 if (ret & 0x80) {
149 { for (i=6;i>=0;i--) 160 for (i = 6; i >= 0; i--) {
150 { brw += (int)v1[i]-(int)v2[i]; 161 brw += (int)v1[i]-(int)v2[i];
151 sat |= ~brw; 162 sat |= ~brw;
152 brw >>= 8; 163 brw >>= 8;
153 } 164 }
154 } 165 } else {
155 else 166 for (i = 6; i >= 0; i--) {
156 { for (i=6;i>=0;i--) 167 brw += (int)v1[i]-(int)v2[i];
157 { brw += (int)v1[i]-(int)v2[i];
158 sat |= brw; 168 sat |= brw;
159 brw >>= 8; 169 brw >>= 8;
160 } 170 }
161 } 171 }
162 brw <<= 8; /* brw is either 0 or -256 */ 172 brw <<= 8; /* brw is either 0 or -256 */
163 173
164 if (sat&0xff) return brw | 0x80; 174 if (sat & 0xff)
165 else return brw + (ret&0xFF); 175 return brw | 0x80;
176 else
177 return brw + (ret & 0xFF);
166} 178}
167 179
168static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 180static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
169 int len, int peek); 181 int len, int peek);
170static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); 182static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
171static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); 183static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
172static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, 184static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
173 unsigned int *is_next_epoch); 185 unsigned int *is_next_epoch);
174#if 0 186#if 0
175static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, 187static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
176 unsigned short *priority, unsigned long *offset); 188 unsigned short *priority, unsigned long *offset);
177#endif 189#endif
178static int dtls1_buffer_record(SSL *s, record_pqueue *q, 190static int dtls1_buffer_record(SSL *s, record_pqueue *q,
179 unsigned char *priority); 191 unsigned char *priority);
180static int dtls1_process_record(SSL *s); 192static int dtls1_process_record(SSL *s);
181 193
182/* copy buffered record into SSL structure */ 194/* copy buffered record into SSL structure */
183static int 195static int
184dtls1_copy_record(SSL *s, pitem *item) 196dtls1_copy_record(SSL *s, pitem *item)
185 { 197{
186 DTLS1_RECORD_DATA *rdata; 198 DTLS1_RECORD_DATA *rdata;
187 199
188 rdata = (DTLS1_RECORD_DATA *)item->data; 200 rdata = (DTLS1_RECORD_DATA *)item->data;
189 201
190 if (s->s3->rbuf.buf != NULL) 202 if (s->s3->rbuf.buf != NULL)
191 OPENSSL_free(s->s3->rbuf.buf); 203 OPENSSL_free(s->s3->rbuf.buf);
192 204
193 s->packet = rdata->packet; 205 s->packet = rdata->packet;
194 s->packet_length = rdata->packet_length; 206 s->packet_length = rdata->packet_length;
195 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 207 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
196 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 208 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
197 209
198 /* Set proper sequence number for mac calculation */ 210 /* Set proper sequence number for mac calculation */
199 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); 211 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
200 212
201 return(1); 213 return (1);
202 } 214}
203 215
204 216
205static int 217static int
206dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) 218dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
207 { 219{
208 DTLS1_RECORD_DATA *rdata; 220 DTLS1_RECORD_DATA *rdata;
209 pitem *item; 221 pitem *item;
210 222
211 /* Limit the size of the queue to prevent DOS attacks */ 223 /* Limit the size of the queue to prevent DOS attacks */
212 if (pqueue_size(queue->q) >= 100) 224 if (pqueue_size(queue->q) >= 100)
213 return 0; 225 return 0;
214 226
215 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); 227 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
216 item = pitem_new(priority, rdata); 228 item = pitem_new(priority, rdata);
217 if (rdata == NULL || item == NULL) 229 if (rdata == NULL || item == NULL) {
218 { 230 if (rdata != NULL)
219 if (rdata != NULL) OPENSSL_free(rdata); 231 OPENSSL_free(rdata);
220 if (item != NULL) pitem_free(item); 232 if (item != NULL)
221 233 pitem_free(item);
234
222 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); 235 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
223 return(0); 236 return (0);
224 } 237 }
225 238
226 rdata->packet = s->packet; 239 rdata->packet = s->packet;
227 rdata->packet_length = s->packet_length; 240 rdata->packet_length = s->packet_length;
228 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); 241 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
@@ -233,54 +246,51 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
233#ifndef OPENSSL_NO_SCTP 246#ifndef OPENSSL_NO_SCTP
234 /* Store bio_dgram_sctp_rcvinfo struct */ 247 /* Store bio_dgram_sctp_rcvinfo struct */
235 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 248 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
236 (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) { 249 (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
237 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); 250 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
238 } 251 }
239#endif 252#endif
240 253
241 /* insert should not fail, since duplicates are dropped */ 254 /* insert should not fail, since duplicates are dropped */
242 if (pqueue_insert(queue->q, item) == NULL) 255 if (pqueue_insert(queue->q, item) == NULL) {
243 {
244 OPENSSL_free(rdata); 256 OPENSSL_free(rdata);
245 pitem_free(item); 257 pitem_free(item);
246 return(0); 258 return (0);
247 } 259 }
248 260
249 s->packet = NULL; 261 s->packet = NULL;
250 s->packet_length = 0; 262 s->packet_length = 0;
251 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); 263 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
252 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); 264 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
253 265
254 if (!ssl3_setup_buffers(s)) 266 if (!ssl3_setup_buffers(s)) {
255 {
256 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); 267 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
257 OPENSSL_free(rdata); 268 OPENSSL_free(rdata);
258 pitem_free(item); 269 pitem_free(item);
259 return(0); 270 return (0);
260 }
261
262 return(1);
263 } 271 }
264 272
273 return (1);
274}
275
265 276
266static int 277static int
267dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) 278dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
268 { 279{
269 pitem *item; 280 pitem *item;
270 281
271 item = pqueue_pop(queue->q); 282 item = pqueue_pop(queue->q);
272 if (item) 283 if (item) {
273 { 284 dtls1_copy_record(s, item);
274 dtls1_copy_record(s, item);
275 285
276 OPENSSL_free(item->data); 286 OPENSSL_free(item->data);
277 pitem_free(item); 287 pitem_free(item);
278 288
279 return(1); 289 return (1);
280 } 290 }
281 291
282 return(0); 292 return (0);
283 } 293}
284 294
285 295
286/* retrieve a buffered record that belongs to the new epoch, i.e., not processed 296/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
@@ -296,98 +306,96 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
296 306
297static int 307static int
298dtls1_process_buffered_records(SSL *s) 308dtls1_process_buffered_records(SSL *s)
299 { 309{
300 pitem *item; 310 pitem *item;
301 311
302 item = pqueue_peek(s->d1->unprocessed_rcds.q); 312 item = pqueue_peek(s->d1->unprocessed_rcds.q);
303 if (item) 313 if (item) {
304 { 314 /* Check if epoch is current. */
305 /* Check if epoch is current. */ 315 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
306 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) 316 return (1);
307 return(1); /* Nothing to do. */ 317 /* Nothing to do. */
308 318
309 /* Process all the records. */ 319 /* Process all the records. */
310 while (pqueue_peek(s->d1->unprocessed_rcds.q)) 320 while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
311 { 321 dtls1_get_unprocessed_record(s);
312 dtls1_get_unprocessed_record(s); 322 if (! dtls1_process_record(s))
313 if ( ! dtls1_process_record(s)) 323 return (0);
314 return(0); 324 dtls1_buffer_record(s, &(s->d1->processed_rcds),
315 dtls1_buffer_record(s, &(s->d1->processed_rcds), 325 s->s3->rrec.seq_num);
316 s->s3->rrec.seq_num); 326 }
317 } 327 }
318 }
319 328
320 /* sync epoch numbers once all the unprocessed records 329 /* sync epoch numbers once all the unprocessed records
321 * have been processed */ 330 * have been processed */
322 s->d1->processed_rcds.epoch = s->d1->r_epoch; 331 s->d1->processed_rcds.epoch = s->d1->r_epoch;
323 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; 332 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
324 333
325 return(1); 334 return (1);
326 } 335}
327 336
328 337
329#if 0 338#if 0
330 339
331static int 340static int
332dtls1_get_buffered_record(SSL *s) 341dtls1_get_buffered_record(SSL *s)
333 { 342{
334 pitem *item; 343 pitem *item;
335 PQ_64BIT priority = 344 PQ_64BIT priority =
336 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | 345 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) |
337 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off); 346 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
338 347
339 if ( ! SSL_in_init(s)) /* if we're not (re)negotiating, 348 if (!SSL_in_init(s)) /* if we're not (re)negotiating,
340 nothing buffered */ 349 nothing buffered */
341 return 0; 350 return 0;
342 351
343 352
344 item = pqueue_peek(s->d1->rcvd_records); 353 item = pqueue_peek(s->d1->rcvd_records);
345 if (item && item->priority == priority) 354 if (item && item->priority == priority) {
346 {
347 /* Check if we've received the record of interest. It must be 355 /* Check if we've received the record of interest. It must be
348 * a handshake record, since data records as passed up without 356 * a handshake record, since data records as passed up without
349 * buffering */ 357 * buffering */
350 DTLS1_RECORD_DATA *rdata; 358 DTLS1_RECORD_DATA *rdata;
351 item = pqueue_pop(s->d1->rcvd_records); 359 item = pqueue_pop(s->d1->rcvd_records);
352 rdata = (DTLS1_RECORD_DATA *)item->data; 360 rdata = (DTLS1_RECORD_DATA *)item->data;
353 361
354 if (s->s3->rbuf.buf != NULL) 362 if (s->s3->rbuf.buf != NULL)
355 OPENSSL_free(s->s3->rbuf.buf); 363 OPENSSL_free(s->s3->rbuf.buf);
356 364
357 s->packet = rdata->packet; 365 s->packet = rdata->packet;
358 s->packet_length = rdata->packet_length; 366 s->packet_length = rdata->packet_length;
359 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 367 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
360 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 368 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
361 369
362 OPENSSL_free(item->data); 370 OPENSSL_free(item->data);
363 pitem_free(item); 371 pitem_free(item);
364 372
365 /* s->d1->next_expected_seq_num++; */ 373 /* s->d1->next_expected_seq_num++; */
366 return(1); 374 return (1);
367 }
368
369 return 0;
370 } 375 }
371 376
377 return 0;
378}
379
372#endif 380#endif
373 381
374static int 382static int
375dtls1_process_record(SSL *s) 383dtls1_process_record(SSL *s)
376{ 384{
377 int i,al; 385 int i, al;
378 int enc_err; 386 int enc_err;
379 SSL_SESSION *sess; 387 SSL_SESSION *sess;
380 SSL3_RECORD *rr; 388 SSL3_RECORD *rr;
381 unsigned int mac_size, orig_len; 389 unsigned int mac_size, orig_len;
382 unsigned char md[EVP_MAX_MD_SIZE]; 390 unsigned char md[EVP_MAX_MD_SIZE];
383 391
384 rr= &(s->s3->rrec); 392 rr = &(s->s3->rrec);
385 sess = s->session; 393 sess = s->session;
386 394
387 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 395 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
388 * and we have that many bytes in s->packet 396 * and we have that many bytes in s->packet
389 */ 397 */
390 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]); 398 rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);
391 399
392 /* ok, we can now read from 's->packet' data into 'rr' 400 /* ok, we can now read from 's->packet' data into 'rr'
393 * rr->input points at rr->length bytes, which 401 * rr->input points at rr->length bytes, which
@@ -400,48 +408,44 @@ dtls1_process_record(SSL *s)
400 * rr->length bytes of encrypted compressed stuff. */ 408 * rr->length bytes of encrypted compressed stuff. */
401 409
402 /* check is not needed I believe */ 410 /* check is not needed I believe */
403 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 411 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
404 { 412 al = SSL_AD_RECORD_OVERFLOW;
405 al=SSL_AD_RECORD_OVERFLOW; 413 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
406 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
407 goto f_err; 414 goto f_err;
408 } 415 }
409 416
410 /* decrypt in place in 'rr->input' */ 417 /* decrypt in place in 'rr->input' */
411 rr->data=rr->input; 418 rr->data = rr->input;
412 419
413 enc_err = s->method->ssl3_enc->enc(s,0); 420 enc_err = s->method->ssl3_enc->enc(s, 0);
414 /* enc_err is: 421 /* enc_err is:
415 * 0: (in non-constant time) if the record is publically invalid. 422 * 0: (in non-constant time) if the record is publically invalid.
416 * 1: if the padding is valid 423 * 1: if the padding is valid
417 * -1: if the padding is invalid */ 424 * -1: if the padding is invalid */
418 if (enc_err == 0) 425 if (enc_err == 0) {
419 {
420 /* For DTLS we simply ignore bad packets. */ 426 /* For DTLS we simply ignore bad packets. */
421 rr->length = 0; 427 rr->length = 0;
422 s->packet_length = 0; 428 s->packet_length = 0;
423 goto err; 429 goto err;
424 } 430 }
425 431
426#ifdef TLS_DEBUG 432#ifdef TLS_DEBUG
427printf("dec %d\n",rr->length); 433 printf("dec %d\n", rr->length);
428{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 434 { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
429printf("\n"); 435 printf("\n");
430#endif 436#endif
431 437
432 /* r->length is now the compressed data plus mac */ 438 /* r->length is now the compressed data plus mac */
433 if ((sess != NULL) && 439 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
434 (s->enc_read_ctx != NULL) && 440 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
435 (EVP_MD_CTX_md(s->read_hash) != NULL))
436 {
437 /* s->read_hash != NULL => mac_size != -1 */ 441 /* s->read_hash != NULL => mac_size != -1 */
438 unsigned char *mac = NULL; 442 unsigned char *mac = NULL;
439 unsigned char mac_tmp[EVP_MAX_MD_SIZE]; 443 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
440 mac_size=EVP_MD_CTX_size(s->read_hash); 444 mac_size = EVP_MD_CTX_size(s->read_hash);
441 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); 445 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
442 446
443 /* kludge: *_cbc_remove_padding passes padding length in rr->type */ 447 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
444 orig_len = rr->length+((unsigned int)rr->type>>8); 448 orig_len = rr->length + ((unsigned int)rr->type >> 8);
445 449
446 /* orig_len is the length of the record before any padding was 450 /* orig_len is the length of the record before any padding was
447 * removed. This is public information, as is the MAC in use, 451 * removed. This is public information, as is the MAC in use,
@@ -449,17 +453,15 @@ printf("\n");
449 * amount of time if it's too short to possibly contain a MAC. 453 * amount of time if it's too short to possibly contain a MAC.
450 */ 454 */
451 if (orig_len < mac_size || 455 if (orig_len < mac_size ||
452 /* CBC records must have a padding length byte too. */ 456 /* CBC records must have a padding length byte too. */
453 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && 457 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
454 orig_len < mac_size+1)) 458 orig_len < mac_size + 1)) {
455 { 459 al = SSL_AD_DECODE_ERROR;
456 al=SSL_AD_DECODE_ERROR; 460 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
457 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
458 goto f_err; 461 goto f_err;
459 } 462 }
460 463
461 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) 464 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
462 {
463 /* We update the length so that the TLS header bytes 465 /* We update the length so that the TLS header bytes
464 * can be constructed correctly but we need to extract 466 * can be constructed correctly but we need to extract
465 * the MAC in constant time from within the record, 467 * the MAC in constant time from within the record,
@@ -468,56 +470,49 @@ printf("\n");
468 mac = mac_tmp; 470 mac = mac_tmp;
469 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); 471 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
470 rr->length -= mac_size; 472 rr->length -= mac_size;
471 } 473 } else {
472 else
473 {
474 /* In this case there's no padding, so |orig_len| 474 /* In this case there's no padding, so |orig_len|
475 * equals |rec->length| and we checked that there's 475 * equals |rec->length| and we checked that there's
476 * enough bytes for |mac_size| above. */ 476 * enough bytes for |mac_size| above. */
477 rr->length -= mac_size; 477 rr->length -= mac_size;
478 mac = &rr->data[rr->length]; 478 mac = &rr->data[rr->length];
479 } 479 }
480 480
481 i=s->method->ssl3_enc->mac(s,md,0 /* not send */); 481 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
482 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) 482 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
483 enc_err = -1; 483 enc_err = -1;
484 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 484 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
485 enc_err = -1; 485 enc_err = -1;
486 } 486 }
487 487
488 if (enc_err < 0) 488 if (enc_err < 0) {
489 {
490 /* decryption failed, silently discard message */ 489 /* decryption failed, silently discard message */
491 rr->length = 0; 490 rr->length = 0;
492 s->packet_length = 0; 491 s->packet_length = 0;
493 goto err; 492 goto err;
494 } 493 }
495 494
496 /* r->length is now just compressed */ 495 /* r->length is now just compressed */
497 if (s->expand != NULL) 496 if (s->expand != NULL) {
498 { 497 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
499 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) 498 al = SSL_AD_RECORD_OVERFLOW;
500 { 499 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
501 al=SSL_AD_RECORD_OVERFLOW;
502 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
503 goto f_err; 500 goto f_err;
504 } 501 }
505 if (!ssl3_do_uncompress(s)) 502 if (!ssl3_do_uncompress(s)) {
506 { 503 al = SSL_AD_DECOMPRESSION_FAILURE;
507 al=SSL_AD_DECOMPRESSION_FAILURE; 504 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
508 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
509 goto f_err; 505 goto f_err;
510 }
511 } 506 }
507 }
512 508
513 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) 509 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
514 { 510 al = SSL_AD_RECORD_OVERFLOW;
515 al=SSL_AD_RECORD_OVERFLOW; 511 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
516 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
517 goto f_err; 512 goto f_err;
518 } 513 }
519 514
520 rr->off=0; 515 rr->off = 0;
521 /* So at this point the following is true 516 /* So at this point the following is true
522 * ssl->s3->rrec.type is the type of record 517 * ssl->s3->rrec.type is the type of record
523 * ssl->s3->rrec.length == number of bytes in record 518 * ssl->s3->rrec.length == number of bytes in record
@@ -527,14 +522,14 @@ printf("\n");
527 */ 522 */
528 523
529 /* we have pulled in a full packet so zero things */ 524 /* we have pulled in a full packet so zero things */
530 s->packet_length=0; 525 s->packet_length = 0;
531 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ 526 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
532 return(1); 527 return (1);
533 528
534f_err: 529f_err:
535 ssl3_send_alert(s,SSL3_AL_FATAL,al); 530 ssl3_send_alert(s, SSL3_AL_FATAL, al);
536err: 531err:
537 return(0); 532 return (0);
538} 533}
539 534
540 535
@@ -547,17 +542,18 @@ err:
547 * ssl->s3->rrec.length, - number of bytes 542 * ssl->s3->rrec.length, - number of bytes
548 */ 543 */
549/* used only by dtls1_read_bytes */ 544/* used only by dtls1_read_bytes */
550int dtls1_get_record(SSL *s) 545int
551 { 546dtls1_get_record(SSL *s)
552 int ssl_major,ssl_minor; 547{
553 int i,n; 548 int ssl_major, ssl_minor;
549 int i, n;
554 SSL3_RECORD *rr; 550 SSL3_RECORD *rr;
555 unsigned char *p = NULL; 551 unsigned char *p = NULL;
556 unsigned short version; 552 unsigned short version;
557 DTLS1_BITMAP *bitmap; 553 DTLS1_BITMAP *bitmap;
558 unsigned int is_next_epoch; 554 unsigned int is_next_epoch;
559 555
560 rr= &(s->s3->rrec); 556 rr = &(s->s3->rrec);
561 557
562 /* The epoch may have changed. If so, process all the 558 /* The epoch may have changed. If so, process all the
563 * pending records. This is a non-blocking operation. */ 559 * pending records. This is a non-blocking operation. */
@@ -570,104 +566,98 @@ int dtls1_get_record(SSL *s)
570 /* get something from the wire */ 566 /* get something from the wire */
571again: 567again:
572 /* check if we have the header */ 568 /* check if we have the header */
573 if ( (s->rstate != SSL_ST_READ_BODY) || 569 if ((s->rstate != SSL_ST_READ_BODY) ||
574 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) 570 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
575 { 571 n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
576 n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
577 /* read timeout is handled by dtls1_read_bytes */ 572 /* read timeout is handled by dtls1_read_bytes */
578 if (n <= 0) return(n); /* error or non-blocking */ 573 if (n <= 0)
574 return(n); /* error or non-blocking */
579 575
580 /* this packet contained a partial record, dump it */ 576 /* this packet contained a partial record, dump it */
581 if (s->packet_length != DTLS1_RT_HEADER_LENGTH) 577 if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {
582 {
583 s->packet_length = 0; 578 s->packet_length = 0;
584 goto again; 579 goto again;
585 } 580 }
586 581
587 s->rstate=SSL_ST_READ_BODY; 582 s->rstate = SSL_ST_READ_BODY;
588 583
589 p=s->packet; 584 p = s->packet;
590 585
591 /* Pull apart the header into the DTLS1_RECORD */ 586 /* Pull apart the header into the DTLS1_RECORD */
592 rr->type= *(p++); 587 rr->type= *(p++);
593 ssl_major= *(p++); 588 ssl_major= *(p++);
594 ssl_minor= *(p++); 589 ssl_minor= *(p++);
595 version=(ssl_major<<8)|ssl_minor; 590 version = (ssl_major << 8)|ssl_minor;
596 591
597 /* sequence number is 64 bits, with top 2 bytes = epoch */ 592 /* sequence number is 64 bits, with top 2 bytes = epoch */
598 n2s(p,rr->epoch); 593 n2s(p, rr->epoch);
599 594
600 memcpy(&(s->s3->read_sequence[2]), p, 6); 595 memcpy(&(s->s3->read_sequence[2]), p, 6);
601 p+=6; 596 p += 6;
602 597
603 n2s(p,rr->length); 598 n2s(p, rr->length);
604 599
605 /* Lets check version */ 600 /* Lets check version */
606 if (!s->first_packet) 601 if (!s->first_packet) {
607 { 602 if (version != s->version) {
608 if (version != s->version)
609 {
610 /* unexpected version, silently discard */ 603 /* unexpected version, silently discard */
611 rr->length = 0; 604 rr->length = 0;
612 s->packet_length = 0; 605 s->packet_length = 0;
613 goto again; 606 goto again;
614 }
615 } 607 }
608 }
616 609
617 if ((version & 0xff00) != (s->version & 0xff00)) 610 if ((version & 0xff00) != (s->version & 0xff00)) {
618 {
619 /* wrong version, silently discard record */ 611 /* wrong version, silently discard record */
620 rr->length = 0; 612 rr->length = 0;
621 s->packet_length = 0; 613 s->packet_length = 0;
622 goto again; 614 goto again;
623 } 615 }
624 616
625 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 617 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
626 {
627 /* record too long, silently discard it */ 618 /* record too long, silently discard it */
628 rr->length = 0; 619 rr->length = 0;
629 s->packet_length = 0; 620 s->packet_length = 0;
630 goto again; 621 goto again;
631 } 622 }
632 623
633 /* now s->rstate == SSL_ST_READ_BODY */ 624 /* now s->rstate == SSL_ST_READ_BODY */
634 } 625 }
635 626
636 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 627 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
637 628
638 if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH) 629 if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
639 {
640 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ 630 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
641 i=rr->length; 631 i = rr->length;
642 n=ssl3_read_n(s,i,i,1); 632 n = ssl3_read_n(s, i, i, 1);
643 if (n <= 0) return(n); /* error or non-blocking io */ 633 if (n <= 0)
634 return(n); /* error or non-blocking io */
644 635
645 /* this packet contained a partial record, dump it */ 636 /* this packet contained a partial record, dump it */
646 if ( n != i) 637 if (n != i) {
647 {
648 rr->length = 0; 638 rr->length = 0;
649 s->packet_length = 0; 639 s->packet_length = 0;
650 goto again; 640 goto again;
651 } 641 }
652 642
653 /* now n == rr->length, 643 /* now n == rr->length,
654 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ 644 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
655 } 645 }
656 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ 646 s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
657 647
658 /* match epochs. NULL means the packet is dropped on the floor */ 648 /* match epochs. NULL means the packet is dropped on the floor */
659 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); 649 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
660 if ( bitmap == NULL) 650 if (bitmap == NULL) {
661 {
662 rr->length = 0; 651 rr->length = 0;
663 s->packet_length = 0; /* dump this record */ 652 s->packet_length = 0;
664 goto again; /* get another record */ 653 /* dump this record */
665 } 654 goto again;
655 /* get another record */
656 }
666 657
667#ifndef OPENSSL_NO_SCTP 658#ifndef OPENSSL_NO_SCTP
668 /* Only do replay check if no SCTP bio */ 659 /* Only do replay check if no SCTP bio */
669 if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) 660 if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
670 {
671#endif 661#endif
672 /* Check whether this is a repeat, or aged record. 662 /* Check whether this is a repeat, or aged record.
673 * Don't check if we're listening and this message is 663 * Don't check if we're listening and this message is
@@ -677,45 +667,45 @@ again:
677 */ 667 */
678 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && 668 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
679 *p == SSL3_MT_CLIENT_HELLO) && 669 *p == SSL3_MT_CLIENT_HELLO) &&
680 !dtls1_record_replay_check(s, bitmap)) 670 !dtls1_record_replay_check(s, bitmap)) {
681 {
682 rr->length = 0; 671 rr->length = 0;
683 s->packet_length=0; /* dump this record */ 672 s->packet_length=0; /* dump this record */
684 goto again; /* get another record */ 673 goto again;
685 } 674 /* get another record */
675 }
686#ifndef OPENSSL_NO_SCTP 676#ifndef OPENSSL_NO_SCTP
687 } 677 }
688#endif 678#endif
689 679
690 /* just read a 0 length packet */ 680 /* just read a 0 length packet */
691 if (rr->length == 0) goto again; 681 if (rr->length == 0)
682 goto again;
692 683
693 /* If this record is from the next epoch (either HM or ALERT), 684 /* If this record is from the next epoch (either HM or ALERT),
694 * and a handshake is currently in progress, buffer it since it 685 * and a handshake is currently in progress, buffer it since it
695 * cannot be processed at this time. However, do not buffer 686 * cannot be processed at this time. However, do not buffer
696 * anything while listening. 687 * anything while listening.
697 */ 688 */
698 if (is_next_epoch) 689 if (is_next_epoch) {
699 { 690 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
700 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
701 {
702 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); 691 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
703 } 692 }
704 rr->length = 0; 693 rr->length = 0;
705 s->packet_length = 0; 694 s->packet_length = 0;
706 goto again; 695 goto again;
707 } 696 }
708 697
709 if (!dtls1_process_record(s)) 698 if (!dtls1_process_record(s)) {
710 {
711 rr->length = 0; 699 rr->length = 0;
712 s->packet_length = 0; /* dump this record */ 700 s->packet_length = 0;
713 goto again; /* get another record */ 701 /* dump this record */
714 } 702 goto again;
703 /* get another record */
704 }
715 705
716 return(1); 706 return (1);
717 707
718 } 708}
719 709
720/* Return up to 'len' payload bytes received in 'type' records. 710/* Return up to 'len' payload bytes received in 'type' records.
721 * 'type' is one of the following: 711 * 'type' is one of the following:
@@ -744,28 +734,28 @@ again:
744 * Application data protocol 734 * Application data protocol
745 * none of our business 735 * none of our business
746 */ 736 */
747int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 737int
748 { 738dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
749 int al,i,j,ret; 739{
740 int al, i, j, ret;
750 unsigned int n; 741 unsigned int n;
751 SSL3_RECORD *rr; 742 SSL3_RECORD *rr;
752 void (*cb)(const SSL *ssl,int type2,int val)=NULL; 743 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
753 744
754 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 745 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
755 if (!ssl3_setup_buffers(s)) 746 if (!ssl3_setup_buffers(s))
756 return(-1); 747 return (-1);
757 748
758 /* XXX: check what the second '&& type' is about */ 749 /* XXX: check what the second '&& type' is about */
759 if ((type && (type != SSL3_RT_APPLICATION_DATA) && 750 if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
760 (type != SSL3_RT_HANDSHAKE) && type) || 751 (type != SSL3_RT_HANDSHAKE) && type) ||
761 (peek && (type != SSL3_RT_APPLICATION_DATA))) 752 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
762 {
763 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); 753 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
764 return -1; 754 return -1;
765 } 755 }
766 756
767 /* check whether there's a handshake message (client hello?) waiting */ 757 /* check whether there's a handshake message (client hello?) waiting */
768 if ( (ret = have_handshake_fragment(s, type, buf, len, peek))) 758 if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
769 return ret; 759 return ret;
770 760
771 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ 761 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
@@ -776,24 +766,25 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
776 */ 766 */
777 if ((!s->in_handshake && SSL_in_init(s)) || 767 if ((!s->in_handshake && SSL_in_init(s)) ||
778 (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 768 (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
779 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) && 769 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
780 s->s3->in_read_app_data != 2)) 770 s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
771 s->s3->in_read_app_data != 2))
781#else 772#else
782 if (!s->in_handshake && SSL_in_init(s)) 773 if (!s->in_handshake && SSL_in_init(s))
783#endif 774#endif
784 { 775 {
785 /* type == SSL3_RT_APPLICATION_DATA */ 776 /* type == SSL3_RT_APPLICATION_DATA */
786 i=s->handshake_func(s); 777 i = s->handshake_func(s);
787 if (i < 0) return(i); 778 if (i < 0)
788 if (i == 0) 779 return (i);
789 { 780 if (i == 0) {
790 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 781 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
791 return(-1); 782 return (-1);
792 }
793 } 783 }
784 }
794 785
795start: 786start:
796 s->rwstate=SSL_NOTHING; 787 s->rwstate = SSL_NOTHING;
797 788
798 /* s->s3->rrec.type - is the type of record 789 /* s->s3->rrec.type - is the type of record
799 * s->s3->rrec.data, - data 790 * s->s3->rrec.data, - data
@@ -805,59 +796,52 @@ start:
805 * so process data buffered during the last handshake 796 * so process data buffered during the last handshake
806 * in advance, if any. 797 * in advance, if any.
807 */ 798 */
808 if (s->state == SSL_ST_OK && rr->length == 0) 799 if (s->state == SSL_ST_OK && rr->length == 0) {
809 {
810 pitem *item; 800 pitem *item;
811 item = pqueue_pop(s->d1->buffered_app_data.q); 801 item = pqueue_pop(s->d1->buffered_app_data.q);
812 if (item) 802 if (item) {
813 {
814#ifndef OPENSSL_NO_SCTP 803#ifndef OPENSSL_NO_SCTP
815 /* Restore bio_dgram_sctp_rcvinfo struct */ 804 /* Restore bio_dgram_sctp_rcvinfo struct */
816 if (BIO_dgram_is_sctp(SSL_get_rbio(s))) 805 if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
817 {
818 DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data; 806 DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
819 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); 807 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
820 } 808 }
821#endif 809#endif
822 810
823 dtls1_copy_record(s, item); 811 dtls1_copy_record(s, item);
824 812
825 OPENSSL_free(item->data); 813 OPENSSL_free(item->data);
826 pitem_free(item); 814 pitem_free(item);
827 }
828 } 815 }
816 }
829 817
830 /* Check for timeout */ 818 /* Check for timeout */
831 if (dtls1_handle_timeout(s) > 0) 819 if (dtls1_handle_timeout(s) > 0)
832 goto start; 820 goto start;
833 821
834 /* get new packet if necessary */ 822 /* get new packet if necessary */
835 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) 823 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
836 { 824 ret = dtls1_get_record(s);
837 ret=dtls1_get_record(s); 825 if (ret <= 0) {
838 if (ret <= 0)
839 {
840 ret = dtls1_read_failed(s, ret); 826 ret = dtls1_read_failed(s, ret);
841 /* anything other than a timeout is an error */ 827 /* anything other than a timeout is an error */
842 if (ret <= 0) 828 if (ret <= 0)
843 return(ret); 829 return (ret);
844 else 830 else
845 goto start; 831 goto start;
846 }
847 } 832 }
833 }
848 834
849 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) 835 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
850 {
851 rr->length = 0; 836 rr->length = 0;
852 goto start; 837 goto start;
853 } 838 }
854 839
855 /* we now have a packet which can be read and processed */ 840 /* we now have a packet which can be read and processed */
856 841
857 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 842 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
858 * reset by ssl3_get_finished */ 843 * reset by ssl3_get_finished */
859 && (rr->type != SSL3_RT_HANDSHAKE)) 844 && (rr->type != SSL3_RT_HANDSHAKE)) {
860 {
861 /* We now have application data between CCS and Finished. 845 /* We now have application data between CCS and Finished.
862 * Most likely the packets were reordered on their way, so 846 * Most likely the packets were reordered on their way, so
863 * buffer the application data for later processing rather 847 * buffer the application data for later processing rather
@@ -866,75 +850,71 @@ start:
866 dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); 850 dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
867 rr->length = 0; 851 rr->length = 0;
868 goto start; 852 goto start;
869 } 853 }
870 854
871 /* If the other end has shut down, throw anything we read away 855 /* If the other end has shut down, throw anything we read away
872 * (even in 'peek' mode) */ 856 * (even in 'peek' mode) */
873 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 857 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
874 { 858 rr->length = 0;
875 rr->length=0; 859 s->rwstate = SSL_NOTHING;
876 s->rwstate=SSL_NOTHING; 860 return (0);
877 return(0); 861 }
878 }
879 862
880 863
881 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ 864 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
882 { 865 {
883 /* make sure that we are not getting application data when we 866 /* make sure that we are not getting application data when we
884 * are doing a handshake for the first time */ 867 * are doing a handshake for the first time */
885 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && 868 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
886 (s->enc_read_ctx == NULL)) 869 (s->enc_read_ctx == NULL)) {
887 { 870 al = SSL_AD_UNEXPECTED_MESSAGE;
888 al=SSL_AD_UNEXPECTED_MESSAGE; 871 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
889 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
890 goto f_err; 872 goto f_err;
891 } 873 }
892 874
893 if (len <= 0) return(len); 875 if (len <= 0)
876 return (len);
894 877
895 if ((unsigned int)len > rr->length) 878 if ((unsigned int)len > rr->length)
896 n = rr->length; 879 n = rr->length;
897 else 880 else
898 n = (unsigned int)len; 881 n = (unsigned int)len;
899 882
900 memcpy(buf,&(rr->data[rr->off]),n); 883 memcpy(buf, &(rr->data[rr->off]), n);
901 if (!peek) 884 if (!peek) {
902 { 885 rr->length -= n;
903 rr->length-=n; 886 rr->off += n;
904 rr->off+=n; 887 if (rr->length == 0) {
905 if (rr->length == 0) 888 s->rstate = SSL_ST_READ_HEADER;
906 { 889 rr->off = 0;
907 s->rstate=SSL_ST_READ_HEADER;
908 rr->off=0;
909 }
910 } 890 }
891 }
911 892
912#ifndef OPENSSL_NO_SCTP 893#ifndef OPENSSL_NO_SCTP
913 /* We were about to renegotiate but had to read 894 /* We were about to renegotiate but had to read
914 * belated application data first, so retry. 895 * belated application data first, so retry.
915 */ 896 */
916 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 897 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
917 rr->type == SSL3_RT_APPLICATION_DATA && 898 rr->type == SSL3_RT_APPLICATION_DATA &&
918 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) 899 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
919 { 900 s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) {
920 s->rwstate=SSL_READING; 901 s->rwstate = SSL_READING;
921 BIO_clear_retry_flags(SSL_get_rbio(s)); 902 BIO_clear_retry_flags(SSL_get_rbio(s));
922 BIO_set_retry_read(SSL_get_rbio(s)); 903 BIO_set_retry_read(SSL_get_rbio(s));
923 } 904 }
924 905
925 /* We might had to delay a close_notify alert because 906 /* We might had to delay a close_notify alert because
926 * of reordered app data. If there was an alert and there 907 * of reordered app data. If there was an alert and there
927 * is no message to read anymore, finally set shutdown. 908 * is no message to read anymore, finally set shutdown.
928 */ 909 */
929 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 910 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
930 s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 911 s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
931 { 912 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
932 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 913 return (0);
933 return(0);
934 }
935#endif
936 return(n);
937 } 914 }
915#endif
916 return (n);
917 }
938 918
939 919
940 /* If we get here, then type != rr->type; if we have a handshake 920 /* If we get here, then type != rr->type; if we have a handshake
@@ -943,65 +923,57 @@ start:
943 /* In case of record types for which we have 'fragment' storage, 923 /* In case of record types for which we have 'fragment' storage,
944 * fill that so that we can process the data at a fixed place. 924 * fill that so that we can process the data at a fixed place.
945 */ 925 */
946 { 926 {
947 unsigned int k, dest_maxlen = 0; 927 unsigned int k, dest_maxlen = 0;
948 unsigned char *dest = NULL; 928 unsigned char *dest = NULL;
949 unsigned int *dest_len = NULL; 929 unsigned int *dest_len = NULL;
950 930
951 if (rr->type == SSL3_RT_HANDSHAKE) 931 if (rr->type == SSL3_RT_HANDSHAKE) {
952 {
953 dest_maxlen = sizeof s->d1->handshake_fragment; 932 dest_maxlen = sizeof s->d1->handshake_fragment;
954 dest = s->d1->handshake_fragment; 933 dest = s->d1->handshake_fragment;
955 dest_len = &s->d1->handshake_fragment_len; 934 dest_len = &s->d1->handshake_fragment_len;
956 } 935 } else if (rr->type == SSL3_RT_ALERT) {
957 else if (rr->type == SSL3_RT_ALERT)
958 {
959 dest_maxlen = sizeof(s->d1->alert_fragment); 936 dest_maxlen = sizeof(s->d1->alert_fragment);
960 dest = s->d1->alert_fragment; 937 dest = s->d1->alert_fragment;
961 dest_len = &s->d1->alert_fragment_len; 938 dest_len = &s->d1->alert_fragment_len;
962 } 939 }
963#ifndef OPENSSL_NO_HEARTBEATS 940#ifndef OPENSSL_NO_HEARTBEATS
964 else if (rr->type == TLS1_RT_HEARTBEAT) 941 else if (rr->type == TLS1_RT_HEARTBEAT) {
965 {
966 dtls1_process_heartbeat(s); 942 dtls1_process_heartbeat(s);
967 943
968 /* Exit and notify application to read again */ 944 /* Exit and notify application to read again */
969 rr->length = 0; 945 rr->length = 0;
970 s->rwstate=SSL_READING; 946 s->rwstate = SSL_READING;
971 BIO_clear_retry_flags(SSL_get_rbio(s)); 947 BIO_clear_retry_flags(SSL_get_rbio(s));
972 BIO_set_retry_read(SSL_get_rbio(s)); 948 BIO_set_retry_read(SSL_get_rbio(s));
973 return(-1); 949 return (-1);
974 } 950 }
975#endif 951#endif
976 /* else it's a CCS message, or application data or wrong */ 952 /* else it's a CCS message, or application data or wrong */
977 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) 953 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
978 {
979 /* Application data while renegotiating 954 /* Application data while renegotiating
980 * is allowed. Try again reading. 955 * is allowed. Try again reading.
981 */ 956 */
982 if (rr->type == SSL3_RT_APPLICATION_DATA) 957 if (rr->type == SSL3_RT_APPLICATION_DATA) {
983 {
984 BIO *bio; 958 BIO *bio;
985 s->s3->in_read_app_data=2; 959 s->s3->in_read_app_data = 2;
986 bio=SSL_get_rbio(s); 960 bio = SSL_get_rbio(s);
987 s->rwstate=SSL_READING; 961 s->rwstate = SSL_READING;
988 BIO_clear_retry_flags(bio); 962 BIO_clear_retry_flags(bio);
989 BIO_set_retry_read(bio); 963 BIO_set_retry_read(bio);
990 return(-1); 964 return (-1);
991 } 965 }
992 966
993 /* Not certain if this is the right error handling */ 967 /* Not certain if this is the right error handling */
994 al=SSL_AD_UNEXPECTED_MESSAGE; 968 al = SSL_AD_UNEXPECTED_MESSAGE;
995 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 969 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
996 goto f_err; 970 goto f_err;
997 } 971 }
998 972
999 if (dest_maxlen > 0) 973 if (dest_maxlen > 0) {
1000 {
1001 /* XDTLS: In a pathalogical case, the Client Hello 974 /* XDTLS: In a pathalogical case, the Client Hello
1002 * may be fragmented--don't always expect dest_maxlen bytes */ 975 * may be fragmented--don't always expect dest_maxlen bytes */
1003 if ( rr->length < dest_maxlen) 976 if (rr->length < dest_maxlen) {
1004 {
1005#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 977#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1006 /* 978 /*
1007 * for normal alerts rr->length is 2, while 979 * for normal alerts rr->length is 2, while
@@ -1010,20 +982,19 @@ start:
1010 */ 982 */
1011 FIX ME 983 FIX ME
1012#endif 984#endif
1013 s->rstate=SSL_ST_READ_HEADER; 985 s->rstate = SSL_ST_READ_HEADER;
1014 rr->length = 0; 986 rr->length = 0;
1015 goto start; 987 goto start;
1016 } 988 }
1017 989
1018 /* now move 'n' bytes: */ 990 /* now move 'n' bytes: */
1019 for ( k = 0; k < dest_maxlen; k++) 991 for ( k = 0; k < dest_maxlen; k++) {
1020 {
1021 dest[k] = rr->data[rr->off++]; 992 dest[k] = rr->data[rr->off++];
1022 rr->length--; 993 rr->length--;
1023 }
1024 *dest_len = dest_maxlen;
1025 } 994 }
995 *dest_len = dest_maxlen;
1026 } 996 }
997 }
1027 998
1028 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; 999 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
1029 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. 1000 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
@@ -1031,117 +1002,107 @@ start:
1031 1002
1032 /* If we are a client, check for an incoming 'Hello Request': */ 1003 /* If we are a client, check for an incoming 'Hello Request': */
1033 if ((!s->server) && 1004 if ((!s->server) &&
1034 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 1005 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1035 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && 1006 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1036 (s->session != NULL) && (s->session->cipher != NULL)) 1007 (s->session != NULL) && (s->session->cipher != NULL)) {
1037 {
1038 s->d1->handshake_fragment_len = 0; 1008 s->d1->handshake_fragment_len = 0;
1039 1009
1040 if ((s->d1->handshake_fragment[1] != 0) || 1010 if ((s->d1->handshake_fragment[1] != 0) ||
1041 (s->d1->handshake_fragment[2] != 0) || 1011 (s->d1->handshake_fragment[2] != 0) ||
1042 (s->d1->handshake_fragment[3] != 0)) 1012 (s->d1->handshake_fragment[3] != 0)) {
1043 { 1013 al = SSL_AD_DECODE_ERROR;
1044 al=SSL_AD_DECODE_ERROR; 1014 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
1045 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
1046 goto err; 1015 goto err;
1047 } 1016 }
1048 1017
1049 /* no need to check sequence number on HELLO REQUEST messages */ 1018 /* no need to check sequence number on HELLO REQUEST messages */
1050 1019
1051 if (s->msg_callback) 1020 if (s->msg_callback)
1052 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 1021 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
1053 s->d1->handshake_fragment, 4, s, s->msg_callback_arg); 1022 s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
1054 1023
1055 if (SSL_is_init_finished(s) && 1024 if (SSL_is_init_finished(s) &&
1056 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 1025 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1057 !s->s3->renegotiate) 1026 !s->s3->renegotiate) {
1058 {
1059 s->d1->handshake_read_seq++; 1027 s->d1->handshake_read_seq++;
1060 s->new_session = 1; 1028 s->new_session = 1;
1061 ssl3_renegotiate(s); 1029 ssl3_renegotiate(s);
1062 if (ssl3_renegotiate_check(s)) 1030 if (ssl3_renegotiate_check(s)) {
1063 { 1031 i = s->handshake_func(s);
1064 i=s->handshake_func(s); 1032 if (i < 0)
1065 if (i < 0) return(i); 1033 return (i);
1066 if (i == 0) 1034 if (i == 0) {
1067 { 1035 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1068 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1036 return (-1);
1069 return(-1); 1037 }
1070 }
1071 1038
1072 if (!(s->mode & SSL_MODE_AUTO_RETRY)) 1039 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1073 {
1074 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1040 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1075 { 1041 {
1076 BIO *bio; 1042 BIO *bio;
1077 /* In the case where we try to read application data, 1043 /* In the case where we try to read application data,
1078 * but we trigger an SSL handshake, we return -1 with 1044 * but we trigger an SSL handshake, we return -1 with
1079 * the retry option set. Otherwise renegotiation may 1045 * the retry option set. Otherwise renegotiation may
1080 * cause nasty problems in the blocking world */ 1046 * cause nasty problems in the blocking world */
1081 s->rwstate=SSL_READING; 1047 s->rwstate = SSL_READING;
1082 bio=SSL_get_rbio(s); 1048 bio = SSL_get_rbio(s);
1083 BIO_clear_retry_flags(bio); 1049 BIO_clear_retry_flags(bio);
1084 BIO_set_retry_read(bio); 1050 BIO_set_retry_read(bio);
1085 return(-1); 1051 return (-1);
1086 }
1087 } 1052 }
1088 } 1053 }
1089 } 1054 }
1055 }
1090 /* we either finished a handshake or ignored the request, 1056 /* we either finished a handshake or ignored the request,
1091 * now try again to obtain the (application) data we were asked for */ 1057 * now try again to obtain the (application) data we were asked for */
1092 goto start; 1058 goto start;
1093 } 1059 }
1094 1060
1095 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) 1061 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
1096 {
1097 int alert_level = s->d1->alert_fragment[0]; 1062 int alert_level = s->d1->alert_fragment[0];
1098 int alert_descr = s->d1->alert_fragment[1]; 1063 int alert_descr = s->d1->alert_fragment[1];
1099 1064
1100 s->d1->alert_fragment_len = 0; 1065 s->d1->alert_fragment_len = 0;
1101 1066
1102 if (s->msg_callback) 1067 if (s->msg_callback)
1103 s->msg_callback(0, s->version, SSL3_RT_ALERT, 1068 s->msg_callback(0, s->version, SSL3_RT_ALERT,
1104 s->d1->alert_fragment, 2, s, s->msg_callback_arg); 1069 s->d1->alert_fragment, 2, s, s->msg_callback_arg);
1105 1070
1106 if (s->info_callback != NULL) 1071 if (s->info_callback != NULL)
1107 cb=s->info_callback; 1072 cb = s->info_callback;
1108 else if (s->ctx->info_callback != NULL) 1073 else if (s->ctx->info_callback != NULL)
1109 cb=s->ctx->info_callback; 1074 cb = s->ctx->info_callback;
1110 1075
1111 if (cb != NULL) 1076 if (cb != NULL) {
1112 {
1113 j = (alert_level << 8) | alert_descr; 1077 j = (alert_level << 8) | alert_descr;
1114 cb(s, SSL_CB_READ_ALERT, j); 1078 cb(s, SSL_CB_READ_ALERT, j);
1115 } 1079 }
1116 1080
1117 if (alert_level == 1) /* warning */ 1081 if (alert_level == 1) /* warning */
1118 { 1082 {
1119 s->s3->warn_alert = alert_descr; 1083 s->s3->warn_alert = alert_descr;
1120 if (alert_descr == SSL_AD_CLOSE_NOTIFY) 1084 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
1121 {
1122#ifndef OPENSSL_NO_SCTP 1085#ifndef OPENSSL_NO_SCTP
1123 /* With SCTP and streams the socket may deliver app data 1086 /* With SCTP and streams the socket may deliver app data
1124 * after a close_notify alert. We have to check this 1087 * after a close_notify alert. We have to check this
1125 * first so that nothing gets discarded. 1088 * first so that nothing gets discarded.
1126 */ 1089 */
1127 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && 1090 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
1128 BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) 1091 BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
1129 {
1130 s->d1->shutdown_received = 1; 1092 s->d1->shutdown_received = 1;
1131 s->rwstate=SSL_READING; 1093 s->rwstate = SSL_READING;
1132 BIO_clear_retry_flags(SSL_get_rbio(s)); 1094 BIO_clear_retry_flags(SSL_get_rbio(s));
1133 BIO_set_retry_read(SSL_get_rbio(s)); 1095 BIO_set_retry_read(SSL_get_rbio(s));
1134 return -1; 1096 return -1;
1135 } 1097 }
1136#endif 1098#endif
1137 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1099 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1138 return(0); 1100 return (0);
1139 } 1101 }
1140#if 0 1102#if 0
1141 /* XXX: this is a possible improvement in the future */ 1103 /* XXX: this is a possible improvement in the future */
1142 /* now check if it's a missing record */ 1104 /* now check if it's a missing record */
1143 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) 1105 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
1144 {
1145 unsigned short seq; 1106 unsigned short seq;
1146 unsigned int frag_off; 1107 unsigned int frag_off;
1147 unsigned char *p = &(s->d1->alert_fragment[2]); 1108 unsigned char *p = &(s->d1->alert_fragment[2]);
@@ -1150,51 +1111,46 @@ start:
1150 n2l3(p, frag_off); 1111 n2l3(p, frag_off);
1151 1112
1152 dtls1_retransmit_message(s, 1113 dtls1_retransmit_message(s,
1153 dtls1_get_queue_priority(frag->msg_header.seq, 0), 1114 dtls1_get_queue_priority(frag->msg_header.seq, 0),
1154 frag_off, &found); 1115 frag_off, &found);
1155 if ( ! found && SSL_in_init(s)) 1116 if (!found && SSL_in_init(s)) {
1156 {
1157 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */ 1117 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
1158 /* requested a message not yet sent, 1118 /* requested a message not yet sent,
1159 send an alert ourselves */ 1119 send an alert ourselves */
1160 ssl3_send_alert(s,SSL3_AL_WARNING, 1120 ssl3_send_alert(s, SSL3_AL_WARNING,
1161 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1121 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1162 }
1163 } 1122 }
1164#endif
1165 } 1123 }
1166 else if (alert_level == 2) /* fatal */ 1124#endif
1167 { 1125 } else if (alert_level == 2) /* fatal */
1126 {
1168 char tmp[16]; 1127 char tmp[16];
1169 1128
1170 s->rwstate=SSL_NOTHING; 1129 s->rwstate = SSL_NOTHING;
1171 s->s3->fatal_alert = alert_descr; 1130 s->s3->fatal_alert = alert_descr;
1172 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); 1131 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1173 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); 1132 BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
1174 ERR_add_error_data(2,"SSL alert number ",tmp); 1133 ERR_add_error_data(2, "SSL alert number ", tmp);
1175 s->shutdown|=SSL_RECEIVED_SHUTDOWN; 1134 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1176 SSL_CTX_remove_session(s->ctx,s->session); 1135 SSL_CTX_remove_session(s->ctx, s->session);
1177 return(0); 1136 return (0);
1178 } 1137 } else {
1179 else 1138 al = SSL_AD_ILLEGAL_PARAMETER;
1180 { 1139 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
1181 al=SSL_AD_ILLEGAL_PARAMETER;
1182 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1183 goto f_err; 1140 goto f_err;
1184 } 1141 }
1185 1142
1186 goto start; 1143 goto start;
1187 } 1144 }
1188 1145
1189 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ 1146 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1190 { 1147 {
1191 s->rwstate=SSL_NOTHING; 1148 s->rwstate = SSL_NOTHING;
1192 rr->length=0; 1149 rr->length = 0;
1193 return(0); 1150 return (0);
1194 } 1151 }
1195 1152
1196 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) 1153 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1197 {
1198 struct ccs_header_st ccs_hdr; 1154 struct ccs_header_st ccs_hdr;
1199 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; 1155 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
1200 1156
@@ -1206,31 +1162,29 @@ start:
1206 /* 'Change Cipher Spec' is just a single byte, so we know 1162 /* 'Change Cipher Spec' is just a single byte, so we know
1207 * exactly what the record payload has to look like */ 1163 * exactly what the record payload has to look like */
1208 /* XDTLS: check that epoch is consistent */ 1164 /* XDTLS: check that epoch is consistent */
1209 if ( (rr->length != ccs_hdr_len) || 1165 if ((rr->length != ccs_hdr_len) ||
1210 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) 1166 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
1211 { 1167 i = SSL_AD_ILLEGAL_PARAMETER;
1212 i=SSL_AD_ILLEGAL_PARAMETER; 1168 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
1213 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1214 goto err; 1169 goto err;
1215 } 1170 }
1216 1171
1217 rr->length=0; 1172 rr->length = 0;
1218 1173
1219 if (s->msg_callback) 1174 if (s->msg_callback)
1220 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, 1175 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
1221 rr->data, 1, s, s->msg_callback_arg); 1176 rr->data, 1, s, s->msg_callback_arg);
1222 1177
1223 /* We can't process a CCS now, because previous handshake 1178 /* We can't process a CCS now, because previous handshake
1224 * messages are still missing, so just drop it. 1179 * messages are still missing, so just drop it.
1225 */ 1180 */
1226 if (!s->d1->change_cipher_spec_ok) 1181 if (!s->d1->change_cipher_spec_ok) {
1227 {
1228 goto start; 1182 goto start;
1229 } 1183 }
1230 1184
1231 s->d1->change_cipher_spec_ok = 0; 1185 s->d1->change_cipher_spec_ok = 0;
1232 1186
1233 s->s3->change_cipher_spec=1; 1187 s->s3->change_cipher_spec = 1;
1234 if (!ssl3_do_change_cipher_spec(s)) 1188 if (!ssl3_do_change_cipher_spec(s))
1235 goto err; 1189 goto err;
1236 1190
@@ -1250,90 +1204,82 @@ start:
1250#endif 1204#endif
1251 1205
1252 goto start; 1206 goto start;
1253 } 1207 }
1254 1208
1255 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1209 /* Unexpected handshake message (Client Hello, or protocol violation) */
1256 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 1210 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1257 !s->in_handshake) 1211 !s->in_handshake) {
1258 {
1259 struct hm_header_st msg_hdr; 1212 struct hm_header_st msg_hdr;
1260 1213
1261 /* this may just be a stale retransmit */ 1214 /* this may just be a stale retransmit */
1262 dtls1_get_message_header(rr->data, &msg_hdr); 1215 dtls1_get_message_header(rr->data, &msg_hdr);
1263 if( rr->epoch != s->d1->r_epoch) 1216 if (rr->epoch != s->d1->r_epoch) {
1264 {
1265 rr->length = 0; 1217 rr->length = 0;
1266 goto start; 1218 goto start;
1267 } 1219 }
1268 1220
1269 /* If we are server, we may have a repeated FINISHED of the 1221 /* If we are server, we may have a repeated FINISHED of the
1270 * client here, then retransmit our CCS and FINISHED. 1222 * client here, then retransmit our CCS and FINISHED.
1271 */ 1223 */
1272 if (msg_hdr.type == SSL3_MT_FINISHED) 1224 if (msg_hdr.type == SSL3_MT_FINISHED) {
1273 {
1274 if (dtls1_check_timeout_num(s) < 0) 1225 if (dtls1_check_timeout_num(s) < 0)
1275 return -1; 1226 return -1;
1276 1227
1277 dtls1_retransmit_buffered_messages(s); 1228 dtls1_retransmit_buffered_messages(s);
1278 rr->length = 0; 1229 rr->length = 0;
1279 goto start; 1230 goto start;
1280 } 1231 }
1281 1232
1282 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1233 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1283 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1234 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1284 {
1285#if 0 /* worked only because C operator preferences are not as expected (and 1235#if 0 /* worked only because C operator preferences are not as expected (and
1286 * because this is not really needed for clients except for detecting 1236 * because this is not really needed for clients except for detecting
1287 * protocol violations): */ 1237 * protocol violations): */
1288 s->state=SSL_ST_BEFORE|(s->server) 1238 s->state = SSL_ST_BEFORE |
1289 ?SSL_ST_ACCEPT 1239 (s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1290 :SSL_ST_CONNECT;
1291#else 1240#else
1292 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1241 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1293#endif 1242#endif
1294 s->renegotiate=1; 1243 s->renegotiate = 1;
1295 s->new_session=1; 1244 s->new_session = 1;
1296 } 1245 }
1297 i=s->handshake_func(s); 1246 i = s->handshake_func(s);
1298 if (i < 0) return(i); 1247 if (i < 0)
1299 if (i == 0) 1248 return (i);
1300 { 1249 if (i == 0) {
1301 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1250 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1302 return(-1); 1251 return (-1);
1303 } 1252 }
1304 1253
1305 if (!(s->mode & SSL_MODE_AUTO_RETRY)) 1254 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1306 {
1307 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1255 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1308 { 1256 {
1309 BIO *bio; 1257 BIO *bio;
1310 /* In the case where we try to read application data, 1258 /* In the case where we try to read application data,
1311 * but we trigger an SSL handshake, we return -1 with 1259 * but we trigger an SSL handshake, we return -1 with
1312 * the retry option set. Otherwise renegotiation may 1260 * the retry option set. Otherwise renegotiation may
1313 * cause nasty problems in the blocking world */ 1261 * cause nasty problems in the blocking world */
1314 s->rwstate=SSL_READING; 1262 s->rwstate = SSL_READING;
1315 bio=SSL_get_rbio(s); 1263 bio = SSL_get_rbio(s);
1316 BIO_clear_retry_flags(bio); 1264 BIO_clear_retry_flags(bio);
1317 BIO_set_retry_read(bio); 1265 BIO_set_retry_read(bio);
1318 return(-1); 1266 return (-1);
1319 }
1320 } 1267 }
1321 goto start;
1322 } 1268 }
1269 goto start;
1270 }
1323 1271
1324 switch (rr->type) 1272 switch (rr->type) {
1325 {
1326 default: 1273 default:
1327#ifndef OPENSSL_NO_TLS 1274#ifndef OPENSSL_NO_TLS
1328 /* TLS just ignores unknown message types */ 1275 /* TLS just ignores unknown message types */
1329 if (s->version == TLS1_VERSION) 1276 if (s->version == TLS1_VERSION) {
1330 {
1331 rr->length = 0; 1277 rr->length = 0;
1332 goto start; 1278 goto start;
1333 } 1279 }
1334#endif 1280#endif
1335 al=SSL_AD_UNEXPECTED_MESSAGE; 1281 al = SSL_AD_UNEXPECTED_MESSAGE;
1336 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1282 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1337 goto f_err; 1283 goto f_err;
1338 case SSL3_RT_CHANGE_CIPHER_SPEC: 1284 case SSL3_RT_CHANGE_CIPHER_SPEC:
1339 case SSL3_RT_ALERT: 1285 case SSL3_RT_ALERT:
@@ -1341,8 +1287,8 @@ start:
1341 /* we already handled all of these, with the possible exception 1287 /* we already handled all of these, with the possible exception
1342 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that 1288 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1343 * should not happen when type != rr->type */ 1289 * should not happen when type != rr->type */
1344 al=SSL_AD_UNEXPECTED_MESSAGE; 1290 al = SSL_AD_UNEXPECTED_MESSAGE;
1345 SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR); 1291 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
1346 goto f_err; 1292 goto f_err;
1347 case SSL3_RT_APPLICATION_DATA: 1293 case SSL3_RT_APPLICATION_DATA:
1348 /* At this point, we were expecting handshake data, 1294 /* At this point, we were expecting handshake data,
@@ -1353,123 +1299,116 @@ start:
1353 * we will indulge it. 1299 * we will indulge it.
1354 */ 1300 */
1355 if (s->s3->in_read_app_data && 1301 if (s->s3->in_read_app_data &&
1356 (s->s3->total_renegotiations != 0) && 1302 (s->s3->total_renegotiations != 0) &&
1357 (( 1303 (((s->state & SSL_ST_CONNECT) &&
1358 (s->state & SSL_ST_CONNECT) && 1304 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1359 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && 1305 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
1360 (s->state <= SSL3_ST_CR_SRVR_HELLO_A) 1306 (s->state & SSL_ST_ACCEPT) &&
1361 ) || ( 1307 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1362 (s->state & SSL_ST_ACCEPT) && 1308 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1363 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1309 s->s3->in_read_app_data = 2;
1364 (s->state >= SSL3_ST_SR_CLNT_HELLO_A) 1310 return (-1);
1365 ) 1311 } else {
1366 )) 1312 al = SSL_AD_UNEXPECTED_MESSAGE;
1367 { 1313 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1368 s->s3->in_read_app_data=2;
1369 return(-1);
1370 }
1371 else
1372 {
1373 al=SSL_AD_UNEXPECTED_MESSAGE;
1374 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1375 goto f_err; 1314 goto f_err;
1376 }
1377 } 1315 }
1316 }
1378 /* not reached */ 1317 /* not reached */
1379 1318
1380f_err: 1319f_err:
1381 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1320 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1382err: 1321err:
1383 return(-1); 1322 return (-1);
1384 } 1323}
1385 1324
1386int 1325int
1387dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) 1326dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1388 { 1327{
1389 int i; 1328 int i;
1390 1329
1391#ifndef OPENSSL_NO_SCTP 1330#ifndef OPENSSL_NO_SCTP
1392 /* Check if we have to continue an interrupted handshake 1331 /* Check if we have to continue an interrupted handshake
1393 * for reading belated app data with SCTP. 1332 * for reading belated app data with SCTP.
1394 */ 1333 */
1395 if ((SSL_in_init(s) && !s->in_handshake) || 1334 if ((SSL_in_init(s) && !s->in_handshake) ||
1396 (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 1335 (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1397 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK))) 1336 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
1337 s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
1398#else 1338#else
1399 if (SSL_in_init(s) && !s->in_handshake) 1339 if (SSL_in_init(s) && !s->in_handshake)
1400#endif 1340#endif
1401 { 1341 {
1402 i=s->handshake_func(s); 1342 i = s->handshake_func(s);
1403 if (i < 0) return(i); 1343 if (i < 0)
1404 if (i == 0) 1344 return (i);
1405 { 1345 if (i == 0) {
1406 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1346 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1407 return -1; 1347 return -1;
1408 }
1409 } 1348 }
1349 }
1410 1350
1411 if (len > SSL3_RT_MAX_PLAIN_LENGTH) 1351 if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
1412 { 1352 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
1413 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG); 1353 return -1;
1414 return -1; 1354 }
1415 }
1416 1355
1417 i = dtls1_write_bytes(s, type, buf_, len); 1356 i = dtls1_write_bytes(s, type, buf_, len);
1418 return i; 1357 return i;
1419 } 1358}
1420 1359
1421 1360
1422 /* this only happens when a client hello is received and a handshake 1361 /* this only happens when a client hello is received and a handshake
1423 * is started. */ 1362 * is started. */
1424static int 1363static int
1425have_handshake_fragment(SSL *s, int type, unsigned char *buf, 1364have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1426 int len, int peek) 1365 int len, int peek)
1427 { 1366{
1428 1367
1429 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0)) 1368 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
1430 /* (partially) satisfy request from storage */ 1369 /* (partially) satisfy request from storage */
1431 { 1370 {
1432 unsigned char *src = s->d1->handshake_fragment; 1371 unsigned char *src = s->d1->handshake_fragment;
1433 unsigned char *dst = buf; 1372 unsigned char *dst = buf;
1434 unsigned int k,n; 1373 unsigned int k, n;
1435 1374
1436 /* peek == 0 */ 1375 /* peek == 0 */
1437 n = 0; 1376 n = 0;
1438 while ((len > 0) && (s->d1->handshake_fragment_len > 0)) 1377 while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
1439 {
1440 *dst++ = *src++; 1378 *dst++ = *src++;
1441 len--; s->d1->handshake_fragment_len--; 1379 len--;
1380 s->d1->handshake_fragment_len--;
1442 n++; 1381 n++;
1443 } 1382 }
1444 /* move any remaining fragment bytes: */ 1383 /* move any remaining fragment bytes: */
1445 for (k = 0; k < s->d1->handshake_fragment_len; k++) 1384 for (k = 0; k < s->d1->handshake_fragment_len; k++)
1446 s->d1->handshake_fragment[k] = *src++; 1385 s->d1->handshake_fragment[k] = *src++;
1447 return n; 1386 return n;
1448 }
1449
1450 return 0;
1451 } 1387 }
1452 1388
1453 1389 return 0;
1390}
1454 1391
1455 1392
1456/* Call this to write data in records of type 'type' 1393/* Call this to write data in records of type 'type'
1457 * It will return <= 0 if not all data has been sent or non-blocking IO. 1394 * It will return <= 0 if not all data has been sent or non-blocking IO.
1458 */ 1395 */
1459int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) 1396int
1460 { 1397dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1398{
1461 int i; 1399 int i;
1462 1400
1463 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); 1401 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1464 s->rwstate=SSL_NOTHING; 1402 s->rwstate = SSL_NOTHING;
1465 i=do_dtls1_write(s, type, buf, len, 0); 1403 i = do_dtls1_write(s, type, buf, len, 0);
1466 return i; 1404 return i;
1467 } 1405}
1468 1406
1469int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) 1407int
1470 { 1408do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
1471 unsigned char *p,*pseq; 1409{
1472 int i,mac_size,clear=0; 1410 unsigned char *p, *pseq;
1411 int i, mac_size, clear = 0;
1473 int prefix_len = 0; 1412 int prefix_len = 0;
1474 SSL3_RECORD *wr; 1413 SSL3_RECORD *wr;
1475 SSL3_BUFFER *wb; 1414 SSL3_BUFFER *wb;
@@ -1478,54 +1417,49 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
1478 1417
1479 /* first check if there is a SSL3_BUFFER still being written 1418 /* first check if there is a SSL3_BUFFER still being written
1480 * out. This will happen with non blocking IO */ 1419 * out. This will happen with non blocking IO */
1481 if (s->s3->wbuf.left != 0) 1420 if (s->s3->wbuf.left != 0) {
1482 {
1483 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ 1421 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1484 return(ssl3_write_pending(s,type,buf,len)); 1422 return (ssl3_write_pending(s, type, buf, len));
1485 } 1423 }
1486 1424
1487 /* If we have an alert to send, lets send it */ 1425 /* If we have an alert to send, lets send it */
1488 if (s->s3->alert_dispatch) 1426 if (s->s3->alert_dispatch) {
1489 { 1427 i = s->method->ssl_dispatch_alert(s);
1490 i=s->method->ssl_dispatch_alert(s);
1491 if (i <= 0) 1428 if (i <= 0)
1492 return(i); 1429 return (i);
1493 /* if it went, fall through and send more stuff */ 1430 /* if it went, fall through and send more stuff */
1494 } 1431 }
1495 1432
1496 if (len == 0 && !create_empty_fragment) 1433 if (len == 0 && !create_empty_fragment)
1497 return 0; 1434 return 0;
1498 1435
1499 wr= &(s->s3->wrec); 1436 wr = &(s->s3->wrec);
1500 wb= &(s->s3->wbuf); 1437 wb = &(s->s3->wbuf);
1501 sess=s->session; 1438 sess = s->session;
1502 1439
1503 if ( (sess == NULL) || 1440 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
1504 (s->enc_write_ctx == NULL) || 1441 (EVP_MD_CTX_md(s->write_hash) == NULL))
1505 (EVP_MD_CTX_md(s->write_hash) == NULL)) 1442 clear = 1;
1506 clear=1;
1507 1443
1508 if (clear) 1444 if (clear)
1509 mac_size=0; 1445 mac_size = 0;
1510 else 1446 else {
1511 { 1447 mac_size = EVP_MD_CTX_size(s->write_hash);
1512 mac_size=EVP_MD_CTX_size(s->write_hash);
1513 if (mac_size < 0) 1448 if (mac_size < 0)
1514 goto err; 1449 goto err;
1515 } 1450 }
1516 1451
1517 /* DTLS implements explicit IV, so no need for empty fragments */ 1452 /* DTLS implements explicit IV, so no need for empty fragments */
1518#if 0 1453#if 0
1519 /* 'create_empty_fragment' is true only when this function calls itself */ 1454 /* 'create_empty_fragment' is true only when this function calls itself */
1520 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done 1455 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done &&
1521 && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) 1456 SSL_version(s) != DTLS1_VERSION &&
1522 { 1457 SSL_version(s) != DTLS1_BAD_VER) {
1523 /* countermeasure against known-IV weakness in CBC ciphersuites 1458 /* countermeasure against known-IV weakness in CBC ciphersuites
1524 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 1459 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1525 */ 1460 */
1526 1461
1527 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) 1462 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
1528 {
1529 /* recursive function call with 'create_empty_fragment' set; 1463 /* recursive function call with 'create_empty_fragment' set;
1530 * this prepares and buffers the data for an empty fragment 1464 * this prepares and buffers the data for an empty fragment
1531 * (these 'prefix_len' bytes are sent out later 1465 * (these 'prefix_len' bytes are sent out later
@@ -1534,211 +1468,206 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
1534 if (prefix_len <= 0) 1468 if (prefix_len <= 0)
1535 goto err; 1469 goto err;
1536 1470
1537 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) 1471 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
1538 {
1539 /* insufficient space */ 1472 /* insufficient space */
1540 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR); 1473 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
1541 goto err; 1474 goto err;
1542 }
1543 } 1475 }
1544
1545 s->s3->empty_fragment_done = 1;
1546 } 1476 }
1477
1478 s->s3->empty_fragment_done = 1;
1479 }
1547#endif 1480#endif
1548 p = wb->buf + prefix_len; 1481 p = wb->buf + prefix_len;
1549 1482
1550 /* write the header */ 1483 /* write the header */
1551 1484
1552 *(p++)=type&0xff; 1485 *(p++) = type&0xff;
1553 wr->type=type; 1486 wr->type = type;
1554 1487
1555 *(p++)=(s->version>>8); 1488 *(p++) = (s->version >> 8);
1556 *(p++)=s->version&0xff; 1489 *(p++) = s->version&0xff;
1557 1490
1558 /* field where we are to write out packet epoch, seq num and len */ 1491 /* field where we are to write out packet epoch, seq num and len */
1559 pseq=p; 1492 pseq = p;
1560 p+=10; 1493
1494 p += 10;
1561 1495
1562 /* lets setup the record stuff. */ 1496 /* lets setup the record stuff. */
1563 1497
1564 /* Make space for the explicit IV in case of CBC. 1498 /* Make space for the explicit IV in case of CBC.
1565 * (this is a bit of a boundary violation, but what the heck). 1499 * (this is a bit of a boundary violation, but what the heck).
1566 */ 1500 */
1567 if ( s->enc_write_ctx && 1501 if (s->enc_write_ctx &&
1568 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE)) 1502 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
1569 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher); 1503 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
1570 else 1504 else
1571 bs = 0; 1505 bs = 0;
1572 1506
1573 wr->data=p + bs; /* make room for IV in case of CBC */ 1507 wr->data = p + bs;
1574 wr->length=(int)len; 1508 /* make room for IV in case of CBC */
1575 wr->input=(unsigned char *)buf; 1509 wr->length = (int)len;
1510 wr->input = (unsigned char *)buf;
1576 1511
1577 /* we now 'read' from wr->input, wr->length bytes into 1512 /* we now 'read' from wr->input, wr->length bytes into
1578 * wr->data */ 1513 * wr->data */
1579 1514
1580 /* first we compress */ 1515 /* first we compress */
1581 if (s->compress != NULL) 1516 if (s->compress != NULL) {
1582 { 1517 if (!ssl3_do_compress(s)) {
1583 if (!ssl3_do_compress(s)) 1518 SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
1584 {
1585 SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
1586 goto err; 1519 goto err;
1587 }
1588 }
1589 else
1590 {
1591 memcpy(wr->data,wr->input,wr->length);
1592 wr->input=wr->data;
1593 } 1520 }
1521 } else {
1522 memcpy(wr->data, wr->input, wr->length);
1523 wr->input = wr->data;
1524 }
1594 1525
1595 /* we should still have the output to wr->data and the input 1526 /* we should still have the output to wr->data and the input
1596 * from wr->input. Length should be wr->length. 1527 * from wr->input. Length should be wr->length.
1597 * wr->data still points in the wb->buf */ 1528 * wr->data still points in the wb->buf */
1598 1529
1599 if (mac_size != 0) 1530 if (mac_size != 0) {
1600 { 1531 if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0)
1601 if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0)
1602 goto err; 1532 goto err;
1603 wr->length+=mac_size; 1533 wr->length += mac_size;
1604 } 1534 }
1605 1535
1606 /* this is true regardless of mac size */ 1536 /* this is true regardless of mac size */
1607 wr->input=p; 1537 wr->input = p;
1608 wr->data=p; 1538 wr->data = p;
1609 1539
1610 1540
1611 /* ssl3_enc can only have an error on read */ 1541 /* ssl3_enc can only have an error on read */
1612 if (bs) /* bs != 0 in case of CBC */ 1542 if (bs) /* bs != 0 in case of CBC */
1613 { 1543 {
1614 RAND_pseudo_bytes(p,bs); 1544 RAND_pseudo_bytes(p, bs);
1615 /* master IV and last CBC residue stand for 1545 /* master IV and last CBC residue stand for
1616 * the rest of randomness */ 1546 * the rest of randomness */
1617 wr->length += bs; 1547 wr->length += bs;
1618 } 1548 }
1619 1549
1620 s->method->ssl3_enc->enc(s,1); 1550 s->method->ssl3_enc->enc(s, 1);
1621 1551
1622 /* record length after mac and block padding */ 1552 /* record length after mac and block padding */
1623/* if (type == SSL3_RT_APPLICATION_DATA || 1553/* if (type == SSL3_RT_APPLICATION_DATA ||
1624 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */ 1554 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
1625 1555
1626 /* there's only one epoch between handshake and app data */ 1556 /* there's only one epoch between handshake and app data */
1627 1557
1628 s2n(s->d1->w_epoch, pseq); 1558 s2n(s->d1->w_epoch, pseq);
1629 1559
1630 /* XDTLS: ?? */ 1560 /* XDTLS: ?? */
1631/* else 1561/* else
1632 s2n(s->d1->handshake_epoch, pseq); */ 1562 s2n(s->d1->handshake_epoch, pseq);
1563*/
1633 1564
1634 memcpy(pseq, &(s->s3->write_sequence[2]), 6); 1565 memcpy(pseq, &(s->s3->write_sequence[2]), 6);
1635 pseq+=6; 1566 pseq += 6;
1636 s2n(wr->length,pseq); 1567 s2n(wr->length, pseq);
1637 1568
1638 /* we should now have 1569 /* we should now have
1639 * wr->data pointing to the encrypted data, which is 1570 * wr->data pointing to the encrypted data, which is
1640 * wr->length long */ 1571 * wr->length long */
1641 wr->type=type; /* not needed but helps for debugging */ 1572 wr->type=type; /* not needed but helps for debugging */
1642 wr->length+=DTLS1_RT_HEADER_LENGTH; 1573 wr->length += DTLS1_RT_HEADER_LENGTH;
1643 1574
1644#if 0 /* this is now done at the message layer */ 1575#if 0 /* this is now done at the message layer */
1645 /* buffer the record, making it easy to handle retransmits */ 1576 /* buffer the record, making it easy to handle retransmits */
1646 if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC) 1577 if (type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
1647 dtls1_buffer_record(s, wr->data, wr->length, 1578 dtls1_buffer_record(s, wr->data, wr->length,
1648 *((PQ_64BIT *)&(s->s3->write_sequence[0]))); 1579 *((PQ_64BIT *)&(s->s3->write_sequence[0])));
1649#endif 1580#endif
1650 1581
1651 ssl3_record_sequence_update(&(s->s3->write_sequence[0])); 1582 ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
1652 1583
1653 if (create_empty_fragment) 1584 if (create_empty_fragment) {
1654 {
1655 /* we are in a recursive call; 1585 /* we are in a recursive call;
1656 * just return the length, don't write out anything here 1586 * just return the length, don't write out anything here
1657 */ 1587 */
1658 return wr->length; 1588 return wr->length;
1659 } 1589 }
1660 1590
1661 /* now let's set up wb */ 1591 /* now let's set up wb */
1662 wb->left = prefix_len + wr->length; 1592 wb->left = prefix_len + wr->length;
1663 wb->offset = 0; 1593 wb->offset = 0;
1664 1594
1665 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ 1595 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1666 s->s3->wpend_tot=len; 1596 s->s3->wpend_tot = len;
1667 s->s3->wpend_buf=buf; 1597 s->s3->wpend_buf = buf;
1668 s->s3->wpend_type=type; 1598 s->s3->wpend_type = type;
1669 s->s3->wpend_ret=len; 1599 s->s3->wpend_ret = len;
1670 1600
1671 /* we now just need to write the buffer */ 1601 /* we now just need to write the buffer */
1672 return ssl3_write_pending(s,type,buf,len); 1602 return ssl3_write_pending(s, type, buf, len);
1673err: 1603err:
1674 return -1; 1604 return -1;
1675 } 1605}
1676 1606
1677 1607
1678 1608
1679static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) 1609static int
1680 { 1610dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1611{
1681 int cmp; 1612 int cmp;
1682 unsigned int shift; 1613 unsigned int shift;
1683 const unsigned char *seq = s->s3->read_sequence; 1614 const unsigned char *seq = s->s3->read_sequence;
1684 1615
1685 cmp = satsub64be(seq,bitmap->max_seq_num); 1616 cmp = satsub64be(seq, bitmap->max_seq_num);
1686 if (cmp > 0) 1617 if (cmp > 0) {
1687 { 1618 memcpy (s->s3->rrec.seq_num, seq, 8);
1688 memcpy (s->s3->rrec.seq_num,seq,8);
1689 return 1; /* this record in new */ 1619 return 1; /* this record in new */
1690 } 1620 }
1691 shift = -cmp; 1621 shift = -cmp;
1692 if (shift >= sizeof(bitmap->map)*8) 1622 if (shift >= sizeof(bitmap->map)*8)
1693 return 0; /* stale, outside the window */ 1623 return 0; /* stale, outside the window */
1694 else if (bitmap->map & (1UL<<shift)) 1624 else if (bitmap->map & (1UL << shift))
1695 return 0; /* record previously received */ 1625 return 0; /* record previously received */
1696 1626
1697 memcpy (s->s3->rrec.seq_num,seq,8); 1627 memcpy(s->s3->rrec.seq_num, seq, 8);
1698 return 1; 1628 return 1;
1699 } 1629}
1700 1630
1701 1631
1702static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) 1632static void
1703 { 1633dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1634{
1704 int cmp; 1635 int cmp;
1705 unsigned int shift; 1636 unsigned int shift;
1706 const unsigned char *seq = s->s3->read_sequence; 1637 const unsigned char *seq = s->s3->read_sequence;
1707 1638
1708 cmp = satsub64be(seq,bitmap->max_seq_num); 1639 cmp = satsub64be(seq, bitmap->max_seq_num);
1709 if (cmp > 0) 1640 if (cmp > 0) {
1710 {
1711 shift = cmp; 1641 shift = cmp;
1712 if (shift < sizeof(bitmap->map)*8) 1642 if (shift < sizeof(bitmap->map)*8)
1713 bitmap->map <<= shift, bitmap->map |= 1UL; 1643 bitmap->map <<= shift, bitmap->map |= 1UL;
1714 else 1644 else
1715 bitmap->map = 1UL; 1645 bitmap->map = 1UL;
1716 memcpy(bitmap->max_seq_num,seq,8); 1646 memcpy(bitmap->max_seq_num, seq, 8);
1717 } 1647 } else {
1718 else {
1719 shift = -cmp; 1648 shift = -cmp;
1720 if (shift < sizeof(bitmap->map)*8) 1649 if (shift < sizeof(bitmap->map) * 8)
1721 bitmap->map |= 1UL<<shift; 1650 bitmap->map |= 1UL << shift;
1722 }
1723 } 1651 }
1652}
1724 1653
1725 1654
1726int dtls1_dispatch_alert(SSL *s) 1655int
1727 { 1656dtls1_dispatch_alert(SSL *s)
1728 int i,j; 1657{
1729 void (*cb)(const SSL *ssl,int type,int val)=NULL; 1658 int i, j;
1659 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1730 unsigned char buf[DTLS1_AL_HEADER_LENGTH]; 1660 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1731 unsigned char *ptr = &buf[0]; 1661 unsigned char *ptr = &buf[0];
1732 1662
1733 s->s3->alert_dispatch=0; 1663 s->s3->alert_dispatch = 0;
1734 1664
1735 memset(buf, 0x00, sizeof(buf)); 1665 memset(buf, 0x00, sizeof(buf));
1736 *ptr++ = s->s3->send_alert[0]; 1666 *ptr++ = s->s3->send_alert[0];
1737 *ptr++ = s->s3->send_alert[1]; 1667 *ptr++ = s->s3->send_alert[1];
1738 1668
1739#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1669#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1740 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) 1670 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
1741 {
1742 s2n(s->d1->handshake_read_seq, ptr); 1671 s2n(s->d1->handshake_read_seq, ptr);
1743#if 0 1672#if 0
1744 if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */ 1673 if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */
@@ -1748,152 +1677,136 @@ int dtls1_dispatch_alert(SSL *s)
1748#endif 1677#endif
1749 1678
1750#if 0 1679#if 0
1751 fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq); 1680 fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n", s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq);
1752#endif 1681#endif
1753 l2n3(s->d1->r_msg_hdr.frag_off, ptr); 1682 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
1754 } 1683 }
1755#endif 1684#endif
1756 1685
1757 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); 1686 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
1758 if (i <= 0) 1687 if (i <= 0) {
1759 { 1688 s->s3->alert_dispatch = 1;
1760 s->s3->alert_dispatch=1;
1761 /* fprintf( stderr, "not done with alert\n" ); */ 1689 /* fprintf( stderr, "not done with alert\n" ); */
1762 } 1690 } else {
1763 else
1764 {
1765 if (s->s3->send_alert[0] == SSL3_AL_FATAL 1691 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1766#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1692#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1767 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1693 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1768#endif 1694#endif
1769 ) 1695 )
1770 (void)BIO_flush(s->wbio); 1696 (void)BIO_flush(s->wbio);
1771 1697
1772 if (s->msg_callback) 1698 if (s->msg_callback)
1773 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 1699 s->msg_callback(1, s->version, SSL3_RT_ALERT,
1774 2, s, s->msg_callback_arg); 1700 s->s3->send_alert, 2, s, s->msg_callback_arg);
1775 1701
1776 if (s->info_callback != NULL) 1702 if (s->info_callback != NULL)
1777 cb=s->info_callback; 1703 cb = s->info_callback;
1778 else if (s->ctx->info_callback != NULL) 1704 else if (s->ctx->info_callback != NULL)
1779 cb=s->ctx->info_callback; 1705 cb = s->ctx->info_callback;
1780 1706
1781 if (cb != NULL) 1707 if (cb != NULL) {
1782 { 1708 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1783 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1709 cb(s, SSL_CB_WRITE_ALERT, j);
1784 cb(s,SSL_CB_WRITE_ALERT,j);
1785 }
1786 } 1710 }
1787 return(i);
1788 } 1711 }
1712 return (i);
1713}
1789 1714
1790 1715
1791static DTLS1_BITMAP * 1716static DTLS1_BITMAP *
1792dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) 1717dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
1793 { 1718{
1794 1719
1795 *is_next_epoch = 0; 1720 *is_next_epoch = 0;
1796 1721
1797 /* In current epoch, accept HM, CCS, DATA, & ALERT */ 1722 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1798 if (rr->epoch == s->d1->r_epoch) 1723 if (rr->epoch == s->d1->r_epoch)
1799 return &s->d1->bitmap; 1724 return &s->d1->bitmap;
1800 1725
1801 /* Only HM and ALERT messages can be from the next epoch */ 1726 /* Only HM and ALERT messages can be from the next epoch */
1802 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && 1727 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
1803 (rr->type == SSL3_RT_HANDSHAKE || 1728 (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
1804 rr->type == SSL3_RT_ALERT)) 1729 *is_next_epoch = 1;
1805 { 1730 return &s->d1->next_bitmap;
1806 *is_next_epoch = 1; 1731 }
1807 return &s->d1->next_bitmap; 1732
1808 } 1733 return NULL;
1809 1734}
1810 return NULL;
1811 }
1812 1735
1813#if 0 1736#if 0
1814static int 1737static int
1815dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority, 1738dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
1816 unsigned long *offset) 1739 unsigned long *offset)
1817 { 1740{
1818 1741
1819 /* alerts are passed up immediately */ 1742 /* alerts are passed up immediately */
1820 if ( rr->type == SSL3_RT_APPLICATION_DATA || 1743 if (rr->type == SSL3_RT_APPLICATION_DATA || rr->type == SSL3_RT_ALERT)
1821 rr->type == SSL3_RT_ALERT)
1822 return 0; 1744 return 0;
1823 1745
1824 /* Only need to buffer if a handshake is underway. 1746 /* Only need to buffer if a handshake is underway.
1825 * (this implies that Hello Request and Client Hello are passed up 1747 * (this implies that Hello Request and Client Hello are passed up
1826 * immediately) */ 1748 * immediately) */
1827 if ( SSL_in_init(s)) 1749 if (SSL_in_init(s)) {
1828 {
1829 unsigned char *data = rr->data; 1750 unsigned char *data = rr->data;
1830 /* need to extract the HM/CCS sequence number here */ 1751 /* need to extract the HM/CCS sequence number here */
1831 if ( rr->type == SSL3_RT_HANDSHAKE || 1752 if (rr->type == SSL3_RT_HANDSHAKE ||
1832 rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) 1753 rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1833 {
1834 unsigned short seq_num; 1754 unsigned short seq_num;
1835 struct hm_header_st msg_hdr; 1755 struct hm_header_st msg_hdr;
1836 struct ccs_header_st ccs_hdr; 1756 struct ccs_header_st ccs_hdr;
1837 1757
1838 if ( rr->type == SSL3_RT_HANDSHAKE) 1758 if (rr->type == SSL3_RT_HANDSHAKE) {
1839 {
1840 dtls1_get_message_header(data, &msg_hdr); 1759 dtls1_get_message_header(data, &msg_hdr);
1841 seq_num = msg_hdr.seq; 1760 seq_num = msg_hdr.seq;
1842 *offset = msg_hdr.frag_off; 1761 *offset = msg_hdr.frag_off;
1843 } 1762 } else {
1844 else
1845 {
1846 dtls1_get_ccs_header(data, &ccs_hdr); 1763 dtls1_get_ccs_header(data, &ccs_hdr);
1847 seq_num = ccs_hdr.seq; 1764 seq_num = ccs_hdr.seq;
1848 *offset = 0; 1765 *offset = 0;
1849 } 1766 }
1850 1767
1851 /* this is either a record we're waiting for, or a 1768 /* this is either a record we're waiting for, or a
1852 * retransmit of something we happened to previously 1769 * retransmit of something we happened to previously
1853 * receive (higher layers will drop the repeat silently */ 1770 * receive (higher layers will drop the repeat silently */
1854 if ( seq_num < s->d1->handshake_read_seq) 1771 if (seq_num < s->d1->handshake_read_seq)
1855 return 0; 1772 return 0;
1856 if (rr->type == SSL3_RT_HANDSHAKE && 1773 if (rr->type == SSL3_RT_HANDSHAKE &&
1857 seq_num == s->d1->handshake_read_seq && 1774 seq_num == s->d1->handshake_read_seq &&
1858 msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off) 1775 msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
1859 return 0; 1776 return 0;
1860 else if ( seq_num == s->d1->handshake_read_seq && 1777 else if (seq_num == s->d1->handshake_read_seq &&
1861 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC || 1778 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
1862 msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off)) 1779 msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
1863 return 0; 1780 return 0;
1864 else 1781 else {
1865 {
1866 *priority = seq_num; 1782 *priority = seq_num;
1867 return 1; 1783 return 1;
1868 }
1869 } 1784 }
1785 }
1870 else /* unknown record type */ 1786 else /* unknown record type */
1871 return 0; 1787 return 0;
1872 } 1788 }
1873 1789
1874 return 0; 1790 return 0;
1875 } 1791}
1876#endif 1792#endif
1877 1793
1878void 1794void
1879dtls1_reset_seq_numbers(SSL *s, int rw) 1795dtls1_reset_seq_numbers(SSL *s, int rw)
1880 { 1796{
1881 unsigned char *seq; 1797 unsigned char *seq;
1882 unsigned int seq_bytes = sizeof(s->s3->read_sequence); 1798 unsigned int seq_bytes = sizeof(s->s3->read_sequence);
1883 1799
1884 if ( rw & SSL3_CC_READ) 1800 if (rw & SSL3_CC_READ) {
1885 {
1886 seq = s->s3->read_sequence; 1801 seq = s->s3->read_sequence;
1887 s->d1->r_epoch++; 1802 s->d1->r_epoch++;
1888 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); 1803 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1889 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); 1804 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1890 } 1805 } else {
1891 else
1892 {
1893 seq = s->s3->write_sequence; 1806 seq = s->s3->write_sequence;
1894 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); 1807 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
1895 s->d1->w_epoch++; 1808 s->d1->w_epoch++;
1896 } 1809 }
1897 1810
1898 memset(seq, 0x00, seq_bytes); 1811 memset(seq, 0x00, seq_bytes);
1899 } 1812}
diff --git a/src/lib/libssl/src/ssl/d1_srtp.c b/src/lib/libssl/src/ssl/d1_srtp.c
index ab9c41922c..fadd9f381f 100644
--- a/src/lib/libssl/src/ssl/d1_srtp.c
+++ b/src/lib/libssl/src/ssl/d1_srtp.c
@@ -124,371 +124,348 @@
124#include "srtp.h" 124#include "srtp.h"
125 125
126 126
127static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= 127static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= {
128 { 128 {
129 { 129 "SRTP_AES128_CM_SHA1_80",
130 "SRTP_AES128_CM_SHA1_80", 130 SRTP_AES128_CM_SHA1_80,
131 SRTP_AES128_CM_SHA1_80, 131 },
132 }, 132 {
133 { 133 "SRTP_AES128_CM_SHA1_32",
134 "SRTP_AES128_CM_SHA1_32", 134 SRTP_AES128_CM_SHA1_32,
135 SRTP_AES128_CM_SHA1_32, 135 },
136 },
137#if 0 136#if 0
138 { 137 {
139 "SRTP_NULL_SHA1_80", 138 "SRTP_NULL_SHA1_80",
140 SRTP_NULL_SHA1_80, 139 SRTP_NULL_SHA1_80,
141 }, 140 },
142 { 141 {
143 "SRTP_NULL_SHA1_32", 142 "SRTP_NULL_SHA1_32",
144 SRTP_NULL_SHA1_32, 143 SRTP_NULL_SHA1_32,
145 }, 144 },
146#endif 145#endif
147 {0} 146 {0}
148 }; 147};
149 148
150static int find_profile_by_name(char *profile_name, 149static int
151 SRTP_PROTECTION_PROFILE **pptr,unsigned len) 150find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr,
152 { 151 unsigned len)
152{
153 SRTP_PROTECTION_PROFILE *p; 153 SRTP_PROTECTION_PROFILE *p;
154 154
155 p=srtp_known_profiles; 155 p = srtp_known_profiles;
156 while(p->name) 156 while (p->name) {
157 { 157 if ((len == strlen(p->name)) &&
158 if((len == strlen(p->name)) && !strncmp(p->name,profile_name, 158 !strncmp(p->name, profile_name, len)) {
159 len)) 159 *pptr = p;
160 {
161 *pptr=p;
162 return 0; 160 return 0;
163 } 161 }
164 162
165 p++; 163 p++;
166 } 164 }
167 165
168 return 1; 166 return 1;
169 } 167}
170 168
171static int find_profile_by_num(unsigned profile_num, 169static int
172 SRTP_PROTECTION_PROFILE **pptr) 170find_profile_by_num(unsigned profile_num, SRTP_PROTECTION_PROFILE **pptr)
173 { 171{
174 SRTP_PROTECTION_PROFILE *p; 172 SRTP_PROTECTION_PROFILE *p;
175 173
176 p=srtp_known_profiles; 174 p = srtp_known_profiles;
177 while(p->name) 175 while (p->name) {
178 { 176 if (p->id == profile_num) {
179 if(p->id == profile_num) 177 *pptr = p;
180 {
181 *pptr=p;
182 return 0; 178 return 0;
183 }
184 p++;
185 } 179 }
180 p++;
181 }
186 182
187 return 1; 183 return 1;
188 } 184}
189 185
190static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out) 186static int
191 { 187ssl_ctx_make_profiles(const char *profiles_string,
188 STACK_OF(SRTP_PROTECTION_PROFILE) **out)
189{
192 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; 190 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
193 191
194 char *col; 192 char *col;
195 char *ptr=(char *)profiles_string; 193 char *ptr = (char *)profiles_string;
196 194
197 SRTP_PROTECTION_PROFILE *p; 195 SRTP_PROTECTION_PROFILE *p;
198 196
199 if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null())) 197 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
200 {
201 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); 198 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
202 return 1; 199 return 1;
203 } 200 }
204
205 do
206 {
207 col=strchr(ptr,':');
208
209 if(!find_profile_by_name(ptr,&p,
210 col ? col-ptr : (int)strlen(ptr)))
211 {
212 sk_SRTP_PROTECTION_PROFILE_push(profiles,p);
213 }
214 else
215 {
216 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
217 return 1;
218 }
219 201
220 if(col) ptr=col+1; 202 do {
221 } while (col); 203 col = strchr(ptr, ':');
222 204
223 *out=profiles; 205 if (!find_profile_by_name(ptr, &p,
224 206 col ? col - ptr : (int)strlen(ptr))) {
225 return 0; 207 sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
226 } 208 } else {
227 209 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
228int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles) 210 return 1;
229 { 211 }
230 return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles);
231 }
232 212
233int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles) 213 if (col)
234 { 214 ptr = col + 1;
235 return ssl_ctx_make_profiles(profiles,&s->srtp_profiles); 215 } while (col);
236 }
237 216
217 *out = profiles;
238 218
239STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) 219 return 0;
240 { 220}
241 if(s != NULL) 221
242 { 222int
243 if(s->srtp_profiles != NULL) 223SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
244 { 224{
225 return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
226}
227
228int
229SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
230{
231 return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
232}
233
234
235STACK_OF(SRTP_PROTECTION_PROFILE)
236*SSL_get_srtp_profiles(SSL *s)
237{
238 if (s != NULL) {
239 if (s->srtp_profiles != NULL) {
245 return s->srtp_profiles; 240 return s->srtp_profiles;
246 } 241 } else if ((s->ctx != NULL) &&
247 else if((s->ctx != NULL) && 242 (s->ctx->srtp_profiles != NULL)) {
248 (s->ctx->srtp_profiles != NULL))
249 {
250 return s->ctx->srtp_profiles; 243 return s->ctx->srtp_profiles;
251 }
252 } 244 }
245 }
253 246
254 return NULL; 247 return NULL;
255 } 248}
256 249
257SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) 250SRTP_PROTECTION_PROFILE
258 { 251*SSL_get_selected_srtp_profile(SSL *s)
252{
259 return s->srtp_profile; 253 return s->srtp_profile;
260 } 254}
261 255
262/* Note: this function returns 0 length if there are no 256/* Note: this function returns 0 length if there are no
263 profiles specified */ 257 profiles specified */
264int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) 258int
265 { 259ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
266 int ct=0; 260{
261 int ct = 0;
267 int i; 262 int i;
268 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0; 263 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
269 SRTP_PROTECTION_PROFILE *prof; 264 SRTP_PROTECTION_PROFILE *prof;
270
271 clnt=SSL_get_srtp_profiles(s);
272 ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
273
274 if(p)
275 {
276 if(ct==0)
277 {
278 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
279 return 1;
280 }
281 265
282 if((2 + ct*2 + 1) > maxlen) 266 clnt = SSL_get_srtp_profiles(s);
283 { 267
284 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 268 ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
269
270 if (p) {
271 if (ct == 0) {
272 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
285 return 1; 273 return 1;
286 } 274 }
287 275
288 /* Add the length */ 276 if ((2 + ct * 2 + 1) > maxlen) {
289 s2n(ct * 2, p); 277 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
290 for(i=0;i<ct;i++) 278 return 1;
291 { 279 }
292 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
293 s2n(prof->id,p);
294 }
295 280
296 /* Add an empty use_mki value */ 281 /* Add the length */
297 *p++ = 0; 282 s2n(ct * 2, p);
283 for (i = 0; i < ct; i++) {
284 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
285 s2n(prof->id, p);
298 } 286 }
299 287
300 *len=2 + ct*2 + 1; 288 /* Add an empty use_mki value */
301 289 *p++ = 0;
302 return 0;
303 } 290 }
304 291
292 *len = 2 + ct*2 + 1;
305 293
306int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) 294 return 0;
307 { 295}
308 SRTP_PROTECTION_PROFILE *cprof,*sprof; 296
309 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr; 297
310 int ct; 298int
311 int mki_len; 299ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
312 int i,j; 300{
301 SRTP_PROTECTION_PROFILE *cprof, *sprof;
302 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr;
303 int ct;
304 int mki_len;
305 int i, j;
313 int id; 306 int id;
314 int ret; 307 int ret;
315 308
316 /* Length value + the MKI length */ 309 /* Length value + the MKI length */
317 if(len < 3) 310 if (len < 3) {
318 { 311 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
319 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 312 *al = SSL_AD_DECODE_ERROR;
320 *al=SSL_AD_DECODE_ERROR;
321 return 1; 313 return 1;
322 } 314 }
323 315
324 /* Pull off the length of the cipher suite list */ 316 /* Pull off the length of the cipher suite list */
325 n2s(d, ct); 317 n2s(d, ct);
326 len -= 2; 318 len -= 2;
327 319
328 /* Check that it is even */ 320 /* Check that it is even */
329 if(ct%2) 321 if (ct % 2) {
330 { 322 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
331 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 323 *al = SSL_AD_DECODE_ERROR;
332 *al=SSL_AD_DECODE_ERROR;
333 return 1; 324 return 1;
334 } 325 }
335 326
336 /* Check that lengths are consistent */ 327 /* Check that lengths are consistent */
337 if(len < (ct + 1)) 328 if (len < (ct + 1)) {
338 { 329 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
339 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 330 *al = SSL_AD_DECODE_ERROR;
340 *al=SSL_AD_DECODE_ERROR;
341 return 1; 331 return 1;
342 } 332 }
343 333
344
345 clnt=sk_SRTP_PROTECTION_PROFILE_new_null();
346 334
347 while(ct) 335 clnt = sk_SRTP_PROTECTION_PROFILE_new_null();
348 {
349 n2s(d,id);
350 ct-=2;
351 len-=2;
352 336
353 if(!find_profile_by_num(id,&cprof)) 337 while (ct) {
354 { 338 n2s(d, id);
355 sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof); 339 ct -= 2;
356 } 340 len -= 2;
357 else 341
358 { 342 if (!find_profile_by_num(id, &cprof)) {
343 sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
344 } else {
359 ; /* Ignore */ 345 ; /* Ignore */
360 }
361 } 346 }
347 }
362 348
363 /* Now extract the MKI value as a sanity check, but discard it for now */ 349 /* Now extract the MKI value as a sanity check, but discard it for now */
364 mki_len = *d; 350 mki_len = *d;
365 d++; len--; 351 d++;
352 len--;
366 353
367 if (mki_len != len) 354 if (mki_len != len) {
368 { 355 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE);
369 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); 356 *al = SSL_AD_DECODE_ERROR;
370 *al=SSL_AD_DECODE_ERROR;
371 return 1; 357 return 1;
372 } 358 }
373 359
374 srvr=SSL_get_srtp_profiles(s); 360 srvr = SSL_get_srtp_profiles(s);
375 361
376 /* Pick our most preferred profile. If no profiles have been 362 /* Pick our most preferred profile. If no profiles have been
377 configured then the outer loop doesn't run 363 configured then the outer loop doesn't run
378 (sk_SRTP_PROTECTION_PROFILE_num() = -1) 364 (sk_SRTP_PROTECTION_PROFILE_num() = -1)
379 and so we just return without doing anything */ 365 and so we just return without doing anything */
380 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++) 366 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {
381 { 367 sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
382 sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i); 368
383 369 for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) {
384 for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++) 370 cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j);
385 { 371
386 cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j); 372 if (cprof->id == sprof->id) {
387 373 s->srtp_profile = sprof;
388 if(cprof->id==sprof->id) 374 *al = 0;
389 { 375 ret = 0;
390 s->srtp_profile=sprof;
391 *al=0;
392 ret=0;
393 goto done; 376 goto done;
394 }
395 } 377 }
396 } 378 }
379 }
380
381 ret = 0;
397 382
398 ret=0;
399
400done: 383done:
401 if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt); 384 if (clnt)
385 sk_SRTP_PROTECTION_PROFILE_free(clnt);
402 386
403 return ret; 387 return ret;
404 } 388}
405 389
406int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) 390int
407 { 391ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
408 if(p) 392{
409 { 393 if (p) {
410 if(maxlen < 5) 394 if (maxlen < 5) {
411 { 395 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
412 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
413 return 1; 396 return 1;
414 } 397 }
415 398
416 if(s->srtp_profile==0) 399 if (s->srtp_profile == 0) {
417 { 400 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_USE_SRTP_NOT_NEGOTIATED);
418 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED);
419 return 1; 401 return 1;
420 }
421 s2n(2, p);
422 s2n(s->srtp_profile->id,p);
423 *p++ = 0;
424 } 402 }
425 *len=5; 403 s2n(2, p);
426 404 s2n(s->srtp_profile->id, p);
427 return 0; 405 *p++ = 0;
428 } 406 }
429 407 *len = 5;
430 408
431int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) 409 return 0;
432 { 410}
411
412
413int
414ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
415{
433 unsigned id; 416 unsigned id;
434 int i; 417 int i;
435 int ct; 418 int ct;
436 419
437 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; 420 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
438 SRTP_PROTECTION_PROFILE *prof; 421 SRTP_PROTECTION_PROFILE *prof;
439 422
440 if(len!=5) 423 if (len != 5) {
441 { 424 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
442 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 425 *al = SSL_AD_DECODE_ERROR;
443 *al=SSL_AD_DECODE_ERROR;
444 return 1; 426 return 1;
445 } 427 }
446 428
447 n2s(d, ct); 429 n2s(d, ct);
448 if(ct!=2) 430 if (ct != 2) {
449 { 431 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
450 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 432 *al = SSL_AD_DECODE_ERROR;
451 *al=SSL_AD_DECODE_ERROR;
452 return 1; 433 return 1;
453 } 434 }
454 435
455 n2s(d,id); 436 n2s(d, id);
456 if (*d) /* Must be no MKI, since we never offer one */ 437 if (*d) /* Must be no MKI, since we never offer one */
457 { 438 {
458 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); 439 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE);
459 *al=SSL_AD_ILLEGAL_PARAMETER; 440 *al = SSL_AD_ILLEGAL_PARAMETER;
460 return 1; 441 return 1;
461 } 442 }
462 443
463 clnt=SSL_get_srtp_profiles(s); 444 clnt = SSL_get_srtp_profiles(s);
464 445
465 /* Throw an error if the server gave us an unsolicited extension */ 446 /* Throw an error if the server gave us an unsolicited extension */
466 if (clnt == NULL) 447 if (clnt == NULL) {
467 { 448 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_NO_SRTP_PROFILES);
468 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PROFILES); 449 *al = SSL_AD_DECODE_ERROR;
469 *al=SSL_AD_DECODE_ERROR;
470 return 1; 450 return 1;
471 } 451 }
472 452
473 /* Check to see if the server gave us something we support 453 /* Check to see if the server gave us something we support
474 (and presumably offered) 454 (and presumably offered)
475 */ 455 */
476 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++) 456 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
477 { 457 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
478 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); 458
479 459 if (prof->id == id) {
480 if(prof->id == id) 460 s->srtp_profile = prof;
481 { 461 *al = 0;
482 s->srtp_profile=prof;
483 *al=0;
484 return 0; 462 return 0;
485 }
486 } 463 }
487
488 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
489 *al=SSL_AD_DECODE_ERROR;
490 return 1;
491 } 464 }
492 465
466 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
467 *al = SSL_AD_DECODE_ERROR;
468 return 1;
469}
493 470
494#endif 471#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 00:32:56 +0000