diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 56 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_pkt.c | 56 |
2 files changed, 32 insertions, 80 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 60c1236f53..68571c8fd0 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.42 2015/06/17 07:29:33 doug Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.43 2015/07/18 22:28:53 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -484,7 +484,13 @@ dtls1_get_record(SSL *s) | |||
| 484 | return 1; | 484 | return 1; |
| 485 | 485 | ||
| 486 | /* get something from the wire */ | 486 | /* get something from the wire */ |
| 487 | if (0) { | ||
| 487 | again: | 488 | again: |
| 489 | /* dump this record on all retries */ | ||
| 490 | rr->length = 0; | ||
| 491 | s->packet_length = 0; | ||
| 492 | } | ||
| 493 | |||
| 488 | /* check if we have the header */ | 494 | /* check if we have the header */ |
| 489 | if ((s->rstate != SSL_ST_READ_BODY) || | 495 | if ((s->rstate != SSL_ST_READ_BODY) || |
| 490 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { | 496 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { |
| @@ -494,10 +500,8 @@ again: | |||
| 494 | return(n); /* error or non-blocking */ | 500 | return(n); /* error or non-blocking */ |
| 495 | 501 | ||
| 496 | /* this packet contained a partial record, dump it */ | 502 | /* this packet contained a partial record, dump it */ |
| 497 | if (s->packet_length != DTLS1_RT_HEADER_LENGTH) { | 503 | if (s->packet_length != DTLS1_RT_HEADER_LENGTH) |
| 498 | s->packet_length = 0; | ||
| 499 | goto again; | 504 | goto again; |
| 500 | } | ||
| 501 | 505 | ||
| 502 | s->rstate = SSL_ST_READ_BODY; | 506 | s->rstate = SSL_ST_READ_BODY; |
| 503 | 507 | ||
| @@ -519,27 +523,18 @@ again: | |||
| 519 | 523 | ||
| 520 | /* Lets check version */ | 524 | /* Lets check version */ |
| 521 | if (!s->first_packet) { | 525 | if (!s->first_packet) { |
| 522 | if (version != s->version) { | 526 | if (version != s->version) |
| 523 | /* unexpected version, silently discard */ | 527 | /* unexpected version, silently discard */ |
| 524 | rr->length = 0; | ||
| 525 | s->packet_length = 0; | ||
| 526 | goto again; | 528 | goto again; |
| 527 | } | ||
| 528 | } | 529 | } |
| 529 | 530 | ||
| 530 | if ((version & 0xff00) != (s->version & 0xff00)) { | 531 | if ((version & 0xff00) != (s->version & 0xff00)) |
| 531 | /* wrong version, silently discard record */ | 532 | /* wrong version, silently discard record */ |
| 532 | rr->length = 0; | ||
| 533 | s->packet_length = 0; | ||
| 534 | goto again; | 533 | goto again; |
| 535 | } | ||
| 536 | 534 | ||
| 537 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { | 535 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) |
| 538 | /* record too long, silently discard it */ | 536 | /* record too long, silently discard it */ |
| 539 | rr->length = 0; | ||
| 540 | s->packet_length = 0; | ||
| 541 | goto again; | 537 | goto again; |
| 542 | } | ||
| 543 | 538 | ||
| 544 | /* now s->rstate == SSL_ST_READ_BODY */ | 539 | /* now s->rstate == SSL_ST_READ_BODY */ |
| 545 | } | 540 | } |
| @@ -554,11 +549,8 @@ again: | |||
| 554 | return(n); /* error or non-blocking io */ | 549 | return(n); /* error or non-blocking io */ |
| 555 | 550 | ||
| 556 | /* this packet contained a partial record, dump it */ | 551 | /* this packet contained a partial record, dump it */ |
| 557 | if (n != i) { | 552 | if (n != i) |
| 558 | rr->length = 0; | ||
| 559 | s->packet_length = 0; | ||
| 560 | goto again; | 553 | goto again; |
| 561 | } | ||
| 562 | 554 | ||
| 563 | /* now n == rr->length, | 555 | /* now n == rr->length, |
| 564 | * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ | 556 | * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ |
| @@ -567,13 +559,8 @@ again: | |||
| 567 | 559 | ||
| 568 | /* match epochs. NULL means the packet is dropped on the floor */ | 560 | /* match epochs. NULL means the packet is dropped on the floor */ |
| 569 | bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); | 561 | bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); |
| 570 | if (bitmap == NULL) { | 562 | if (bitmap == NULL) |
| 571 | rr->length = 0; | ||
| 572 | s->packet_length = 0; | ||
| 573 | /* dump this record */ | ||
| 574 | goto again; | 563 | goto again; |
| 575 | /* get another record */ | ||
| 576 | } | ||
| 577 | 564 | ||
| 578 | /* | 565 | /* |
| 579 | * Check whether this is a repeat, or aged record. | 566 | * Check whether this is a repeat, or aged record. |
| @@ -584,12 +571,8 @@ again: | |||
| 584 | */ | 571 | */ |
| 585 | if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && | 572 | if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && |
| 586 | p != NULL && *p == SSL3_MT_CLIENT_HELLO) && | 573 | p != NULL && *p == SSL3_MT_CLIENT_HELLO) && |
| 587 | !dtls1_record_replay_check(s, bitmap)) { | 574 | !dtls1_record_replay_check(s, bitmap)) |
| 588 | rr->length = 0; | ||
| 589 | s->packet_length=0; /* dump this record */ | ||
| 590 | goto again; | 575 | goto again; |
| 591 | /* get another record */ | ||
| 592 | } | ||
| 593 | 576 | ||
| 594 | /* just read a 0 length packet */ | 577 | /* just read a 0 length packet */ |
| 595 | if (rr->length == 0) | 578 | if (rr->length == 0) |
| @@ -608,23 +591,16 @@ again: | |||
| 608 | /* Mark receipt of record. */ | 591 | /* Mark receipt of record. */ |
| 609 | dtls1_record_bitmap_update(s, bitmap); | 592 | dtls1_record_bitmap_update(s, bitmap); |
| 610 | } | 593 | } |
| 611 | rr->length = 0; | ||
| 612 | s->packet_length = 0; | ||
| 613 | goto again; | 594 | goto again; |
| 614 | } | 595 | } |
| 615 | 596 | ||
| 616 | if (!dtls1_process_record(s)) { | 597 | if (!dtls1_process_record(s)) |
| 617 | rr->length = 0; | ||
| 618 | s->packet_length = 0; | ||
| 619 | /* dump this record */ | ||
| 620 | goto again; | 598 | goto again; |
| 621 | /* get another record */ | 599 | |
| 622 | } | ||
| 623 | /* Mark receipt of record. */ | 600 | /* Mark receipt of record. */ |
| 624 | dtls1_record_bitmap_update(s, bitmap); | 601 | dtls1_record_bitmap_update(s, bitmap); |
| 625 | 602 | ||
| 626 | return (1); | 603 | return (1); |
| 627 | |||
| 628 | } | 604 | } |
| 629 | 605 | ||
| 630 | /* Return up to 'len' payload bytes received in 'type' records. | 606 | /* Return up to 'len' payload bytes received in 'type' records. |
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index 60c1236f53..68571c8fd0 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.42 2015/06/17 07:29:33 doug Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.43 2015/07/18 22:28:53 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -484,7 +484,13 @@ dtls1_get_record(SSL *s) | |||
| 484 | return 1; | 484 | return 1; |
| 485 | 485 | ||
| 486 | /* get something from the wire */ | 486 | /* get something from the wire */ |
| 487 | if (0) { | ||
| 487 | again: | 488 | again: |
| 489 | /* dump this record on all retries */ | ||
| 490 | rr->length = 0; | ||
| 491 | s->packet_length = 0; | ||
| 492 | } | ||
| 493 | |||
| 488 | /* check if we have the header */ | 494 | /* check if we have the header */ |
| 489 | if ((s->rstate != SSL_ST_READ_BODY) || | 495 | if ((s->rstate != SSL_ST_READ_BODY) || |
| 490 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { | 496 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { |
| @@ -494,10 +500,8 @@ again: | |||
| 494 | return(n); /* error or non-blocking */ | 500 | return(n); /* error or non-blocking */ |
| 495 | 501 | ||
| 496 | /* this packet contained a partial record, dump it */ | 502 | /* this packet contained a partial record, dump it */ |
| 497 | if (s->packet_length != DTLS1_RT_HEADER_LENGTH) { | 503 | if (s->packet_length != DTLS1_RT_HEADER_LENGTH) |
| 498 | s->packet_length = 0; | ||
| 499 | goto again; | 504 | goto again; |
| 500 | } | ||
| 501 | 505 | ||
| 502 | s->rstate = SSL_ST_READ_BODY; | 506 | s->rstate = SSL_ST_READ_BODY; |
| 503 | 507 | ||
| @@ -519,27 +523,18 @@ again: | |||
| 519 | 523 | ||
| 520 | /* Lets check version */ | 524 | /* Lets check version */ |
| 521 | if (!s->first_packet) { | 525 | if (!s->first_packet) { |
| 522 | if (version != s->version) { | 526 | if (version != s->version) |
| 523 | /* unexpected version, silently discard */ | 527 | /* unexpected version, silently discard */ |
| 524 | rr->length = 0; | ||
| 525 | s->packet_length = 0; | ||
| 526 | goto again; | 528 | goto again; |
| 527 | } | ||
| 528 | } | 529 | } |
| 529 | 530 | ||
| 530 | if ((version & 0xff00) != (s->version & 0xff00)) { | 531 | if ((version & 0xff00) != (s->version & 0xff00)) |
| 531 | /* wrong version, silently discard record */ | 532 | /* wrong version, silently discard record */ |
| 532 | rr->length = 0; | ||
| 533 | s->packet_length = 0; | ||
| 534 | goto again; | 533 | goto again; |
| 535 | } | ||
| 536 | 534 | ||
| 537 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { | 535 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) |
| 538 | /* record too long, silently discard it */ | 536 | /* record too long, silently discard it */ |
| 539 | rr->length = 0; | ||
| 540 | s->packet_length = 0; | ||
| 541 | goto again; | 537 | goto again; |
| 542 | } | ||
| 543 | 538 | ||
| 544 | /* now s->rstate == SSL_ST_READ_BODY */ | 539 | /* now s->rstate == SSL_ST_READ_BODY */ |
| 545 | } | 540 | } |
| @@ -554,11 +549,8 @@ again: | |||
| 554 | return(n); /* error or non-blocking io */ | 549 | return(n); /* error or non-blocking io */ |
| 555 | 550 | ||
| 556 | /* this packet contained a partial record, dump it */ | 551 | /* this packet contained a partial record, dump it */ |
| 557 | if (n != i) { | 552 | if (n != i) |
| 558 | rr->length = 0; | ||
| 559 | s->packet_length = 0; | ||
| 560 | goto again; | 553 | goto again; |
| 561 | } | ||
| 562 | 554 | ||
| 563 | /* now n == rr->length, | 555 | /* now n == rr->length, |
| 564 | * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ | 556 | * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ |
| @@ -567,13 +559,8 @@ again: | |||
| 567 | 559 | ||
| 568 | /* match epochs. NULL means the packet is dropped on the floor */ | 560 | /* match epochs. NULL means the packet is dropped on the floor */ |
| 569 | bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); | 561 | bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); |
| 570 | if (bitmap == NULL) { | 562 | if (bitmap == NULL) |
| 571 | rr->length = 0; | ||
| 572 | s->packet_length = 0; | ||
| 573 | /* dump this record */ | ||
| 574 | goto again; | 563 | goto again; |
| 575 | /* get another record */ | ||
| 576 | } | ||
| 577 | 564 | ||
| 578 | /* | 565 | /* |
| 579 | * Check whether this is a repeat, or aged record. | 566 | * Check whether this is a repeat, or aged record. |
| @@ -584,12 +571,8 @@ again: | |||
| 584 | */ | 571 | */ |
| 585 | if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && | 572 | if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && |
| 586 | p != NULL && *p == SSL3_MT_CLIENT_HELLO) && | 573 | p != NULL && *p == SSL3_MT_CLIENT_HELLO) && |
| 587 | !dtls1_record_replay_check(s, bitmap)) { | 574 | !dtls1_record_replay_check(s, bitmap)) |
| 588 | rr->length = 0; | ||
| 589 | s->packet_length=0; /* dump this record */ | ||
| 590 | goto again; | 575 | goto again; |
| 591 | /* get another record */ | ||
| 592 | } | ||
| 593 | 576 | ||
| 594 | /* just read a 0 length packet */ | 577 | /* just read a 0 length packet */ |
| 595 | if (rr->length == 0) | 578 | if (rr->length == 0) |
| @@ -608,23 +591,16 @@ again: | |||
| 608 | /* Mark receipt of record. */ | 591 | /* Mark receipt of record. */ |
| 609 | dtls1_record_bitmap_update(s, bitmap); | 592 | dtls1_record_bitmap_update(s, bitmap); |
| 610 | } | 593 | } |
| 611 | rr->length = 0; | ||
| 612 | s->packet_length = 0; | ||
| 613 | goto again; | 594 | goto again; |
| 614 | } | 595 | } |
| 615 | 596 | ||
| 616 | if (!dtls1_process_record(s)) { | 597 | if (!dtls1_process_record(s)) |
| 617 | rr->length = 0; | ||
| 618 | s->packet_length = 0; | ||
| 619 | /* dump this record */ | ||
| 620 | goto again; | 598 | goto again; |
| 621 | /* get another record */ | 599 | |
| 622 | } | ||
| 623 | /* Mark receipt of record. */ | 600 | /* Mark receipt of record. */ |
| 624 | dtls1_record_bitmap_update(s, bitmap); | 601 | dtls1_record_bitmap_update(s, bitmap); |
| 625 | 602 | ||
| 626 | return (1); | 603 | return (1); |
| 627 | |||
| 628 | } | 604 | } |
| 629 | 605 | ||
| 630 | /* Return up to 'len' payload bytes received in 'type' records. | 606 | /* Return up to 'len' payload bytes received in 'type' records. |