summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/d1_pkt.c44
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c44
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h2
-rw-r--r--src/lib/libssl/ssl_locl.h2
4 files changed, 12 insertions, 80 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index db898f507a..d2f63b890b 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1361,12 +1361,12 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1361 1361
1362 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); 1362 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1363 s->rwstate = SSL_NOTHING; 1363 s->rwstate = SSL_NOTHING;
1364 i = do_dtls1_write(s, type, buf, len, 0); 1364 i = do_dtls1_write(s, type, buf, len);
1365 return i; 1365 return i;
1366} 1366}
1367 1367
1368int 1368int
1369do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) 1369do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1370{ 1370{
1371 unsigned char *p, *pseq; 1371 unsigned char *p, *pseq;
1372 int i, mac_size, clear = 0; 1372 int i, mac_size, clear = 0;
@@ -1391,7 +1391,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int
1391 /* if it went, fall through and send more stuff */ 1391 /* if it went, fall through and send more stuff */
1392 } 1392 }
1393 1393
1394 if (len == 0 && !create_empty_fragment) 1394 if (len == 0)
1395 return 0; 1395 return 0;
1396 1396
1397 wr = &(s->s3->wrec); 1397 wr = &(s->s3->wrec);
@@ -1410,35 +1410,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int
1410 goto err; 1410 goto err;
1411 } 1411 }
1412 1412
1413 /* DTLS implements explicit IV, so no need for empty fragments */ 1413 /* DTLS implements explicit IV, so no need for empty fragments. */
1414#if 0
1415 /* 'create_empty_fragment' is true only when this function calls itself */
1416 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done &&
1417 SSL_version(s) != DTLS1_VERSION &&
1418 SSL_version(s) != DTLS1_BAD_VER) {
1419 /* countermeasure against known-IV weakness in CBC ciphersuites
1420 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1421 */
1422
1423 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
1424 /* recursive function call with 'create_empty_fragment' set;
1425 * this prepares and buffers the data for an empty fragment
1426 * (these 'prefix_len' bytes are sent out later
1427 * together with the actual payload) */
1428 prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
1429 if (prefix_len <= 0)
1430 goto err;
1431
1432 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
1433 /* insufficient space */
1434 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
1435 goto err;
1436 }
1437 }
1438 1414
1439 s->s3->empty_fragment_done = 1;
1440 }
1441#endif
1442 p = wb->buf + prefix_len; 1415 p = wb->buf + prefix_len;
1443 1416
1444 /* write the header */ 1417 /* write the header */
@@ -1542,13 +1515,6 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int
1542 1515
1543 ssl3_record_sequence_update(&(s->s3->write_sequence[0])); 1516 ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
1544 1517
1545 if (create_empty_fragment) {
1546 /* we are in a recursive call;
1547 * just return the length, don't write out anything here
1548 */
1549 return wr->length;
1550 }
1551
1552 /* now let's set up wb */ 1518 /* now let's set up wb */
1553 wb->left = prefix_len + wr->length; 1519 wb->left = prefix_len + wr->length;
1554 wb->offset = 0; 1520 wb->offset = 0;
@@ -1644,7 +1610,7 @@ dtls1_dispatch_alert(SSL *s)
1644 } 1610 }
1645#endif 1611#endif
1646 1612
1647 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); 1613 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
1648 if (i <= 0) { 1614 if (i <= 0) {
1649 s->s3->alert_dispatch = 1; 1615 s->s3->alert_dispatch = 1;
1650 /* fprintf( stderr, "not done with alert\n" ); */ 1616 /* fprintf( stderr, "not done with alert\n" ); */
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index db898f507a..d2f63b890b 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -1361,12 +1361,12 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1361 1361
1362 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); 1362 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1363 s->rwstate = SSL_NOTHING; 1363 s->rwstate = SSL_NOTHING;
1364 i = do_dtls1_write(s, type, buf, len, 0); 1364 i = do_dtls1_write(s, type, buf, len);
1365 return i; 1365 return i;
1366} 1366}
1367 1367
1368int 1368int
1369do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) 1369do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1370{ 1370{
1371 unsigned char *p, *pseq; 1371 unsigned char *p, *pseq;
1372 int i, mac_size, clear = 0; 1372 int i, mac_size, clear = 0;
@@ -1391,7 +1391,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int
1391 /* if it went, fall through and send more stuff */ 1391 /* if it went, fall through and send more stuff */
1392 } 1392 }
1393 1393
1394 if (len == 0 && !create_empty_fragment) 1394 if (len == 0)
1395 return 0; 1395 return 0;
1396 1396
1397 wr = &(s->s3->wrec); 1397 wr = &(s->s3->wrec);
@@ -1410,35 +1410,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int
1410 goto err; 1410 goto err;
1411 } 1411 }
1412 1412
1413 /* DTLS implements explicit IV, so no need for empty fragments */ 1413 /* DTLS implements explicit IV, so no need for empty fragments. */
1414#if 0
1415 /* 'create_empty_fragment' is true only when this function calls itself */
1416 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done &&
1417 SSL_version(s) != DTLS1_VERSION &&
1418 SSL_version(s) != DTLS1_BAD_VER) {
1419 /* countermeasure against known-IV weakness in CBC ciphersuites
1420 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1421 */
1422
1423 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
1424 /* recursive function call with 'create_empty_fragment' set;
1425 * this prepares and buffers the data for an empty fragment
1426 * (these 'prefix_len' bytes are sent out later
1427 * together with the actual payload) */
1428 prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
1429 if (prefix_len <= 0)
1430 goto err;
1431
1432 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
1433 /* insufficient space */
1434 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
1435 goto err;
1436 }
1437 }
1438 1414
1439 s->s3->empty_fragment_done = 1;
1440 }
1441#endif
1442 p = wb->buf + prefix_len; 1415 p = wb->buf + prefix_len;
1443 1416
1444 /* write the header */ 1417 /* write the header */
@@ -1542,13 +1515,6 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int
1542 1515
1543 ssl3_record_sequence_update(&(s->s3->write_sequence[0])); 1516 ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
1544 1517
1545 if (create_empty_fragment) {
1546 /* we are in a recursive call;
1547 * just return the length, don't write out anything here
1548 */
1549 return wr->length;
1550 }
1551
1552 /* now let's set up wb */ 1518 /* now let's set up wb */
1553 wb->left = prefix_len + wr->length; 1519 wb->left = prefix_len + wr->length;
1554 wb->offset = 0; 1520 wb->offset = 0;
@@ -1644,7 +1610,7 @@ dtls1_dispatch_alert(SSL *s)
1644 } 1610 }
1645#endif 1611#endif
1646 1612
1647 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); 1613 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
1648 if (i <= 0) { 1614 if (i <= 0) {
1649 s->s3->alert_dispatch = 1; 1615 s->s3->alert_dispatch = 1;
1650 /* fprintf( stderr, "not done with alert\n" ); */ 1616 /* fprintf( stderr, "not done with alert\n" ); */
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 16d31f33d2..208610dac1 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -806,7 +806,7 @@ int dtls1_shutdown(SSL *s);
806long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); 806long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
807int dtls1_get_record(SSL *s); 807int dtls1_get_record(SSL *s);
808int do_dtls1_write(SSL *s, int type, const unsigned char *buf, 808int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
809 unsigned int len, int create_empty_fragement); 809 unsigned int len);
810int dtls1_dispatch_alert(SSL *s); 810int dtls1_dispatch_alert(SSL *s);
811int dtls1_enc(SSL *s, int snd); 811int dtls1_enc(SSL *s, int snd);
812 812
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 16d31f33d2..208610dac1 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -806,7 +806,7 @@ int dtls1_shutdown(SSL *s);
806long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); 806long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
807int dtls1_get_record(SSL *s); 807int dtls1_get_record(SSL *s);
808int do_dtls1_write(SSL *s, int type, const unsigned char *buf, 808int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
809 unsigned int len, int create_empty_fragement); 809 unsigned int len);
810int dtls1_dispatch_alert(SSL *s); 810int dtls1_dispatch_alert(SSL *s);
811int dtls1_enc(SSL *s, int snd); 811int dtls1_enc(SSL *s, int snd);
812 812
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 23:14:24 +0000