diff options
| -rw-r--r-- | src/lib/libssl/d1_both.c | 44 | ||||
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_both.c | 44 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_pkt.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 4 |
6 files changed, 74 insertions, 32 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 534db59ee8..5c93af8bd9 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_both.c,v 1.32 2015/02/09 10:53:28 jsing Exp $ */ | 1 | /* $OpenBSD: d1_both.c,v 1.33 2015/07/18 23:00:23 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -125,6 +125,7 @@ | |||
| 125 | #include <openssl/x509.h> | 125 | #include <openssl/x509.h> |
| 126 | 126 | ||
| 127 | #include "pqueue.h" | 127 | #include "pqueue.h" |
| 128 | #include "bytestring.h" | ||
| 128 | 129 | ||
| 129 | #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) | 130 | #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) |
| 130 | 131 | ||
| @@ -798,16 +799,15 @@ again: | |||
| 798 | return i; | 799 | return i; |
| 799 | } | 800 | } |
| 800 | /* Handshake fails if message header is incomplete */ | 801 | /* Handshake fails if message header is incomplete */ |
| 801 | if (i != DTLS1_HM_HEADER_LENGTH) { | 802 | if (i != DTLS1_HM_HEADER_LENGTH || |
| 803 | /* parse the message fragment header */ | ||
| 804 | dtls1_get_message_header(wire, &msg_hdr) == 0) { | ||
| 802 | al = SSL_AD_UNEXPECTED_MESSAGE; | 805 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 803 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, | 806 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, |
| 804 | SSL_R_UNEXPECTED_MESSAGE); | 807 | SSL_R_UNEXPECTED_MESSAGE); |
| 805 | goto f_err; | 808 | goto f_err; |
| 806 | } | 809 | } |
| 807 | 810 | ||
| 808 | /* parse the message fragment header */ | ||
| 809 | dtls1_get_message_header(wire, &msg_hdr); | ||
| 810 | |||
| 811 | /* | 811 | /* |
| 812 | * if this is a future (or stale) message it gets buffered | 812 | * if this is a future (or stale) message it gets buffered |
| 813 | * (or dropped)--no further processing at this time | 813 | * (or dropped)--no further processing at this time |
| @@ -1372,16 +1372,36 @@ dtls1_guess_mtu(unsigned int curr_mtu) | |||
| 1372 | return curr_mtu; | 1372 | return curr_mtu; |
| 1373 | } | 1373 | } |
| 1374 | 1374 | ||
| 1375 | void | 1375 | int |
| 1376 | dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) | 1376 | dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) |
| 1377 | { | 1377 | { |
| 1378 | memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | 1378 | CBS header; |
| 1379 | msg_hdr->type = *(data++); | 1379 | uint32_t msg_len, frag_off, frag_len; |
| 1380 | n2l3(data, msg_hdr->msg_len); | 1380 | uint16_t seq; |
| 1381 | uint8_t type; | ||
| 1382 | |||
| 1383 | CBS_init(&header, data, sizeof(*msg_hdr)); | ||
| 1384 | |||
| 1385 | memset(msg_hdr, 0, sizeof(*msg_hdr)); | ||
| 1386 | |||
| 1387 | if (!CBS_get_u8(&header, &type)) | ||
| 1388 | return 0; | ||
| 1389 | if (!CBS_get_u24(&header, &msg_len)) | ||
| 1390 | return 0; | ||
| 1391 | if (!CBS_get_u16(&header, &seq)) | ||
| 1392 | return 0; | ||
| 1393 | if (!CBS_get_u24(&header, &frag_off)) | ||
| 1394 | return 0; | ||
| 1395 | if (!CBS_get_u24(&header, &frag_len)) | ||
| 1396 | return 0; | ||
| 1381 | 1397 | ||
| 1382 | n2s(data, msg_hdr->seq); | 1398 | msg_hdr->type = type; |
| 1383 | n2l3(data, msg_hdr->frag_off); | 1399 | msg_hdr->msg_len = msg_len; |
| 1384 | n2l3(data, msg_hdr->frag_len); | 1400 | msg_hdr->seq = seq; |
| 1401 | msg_hdr->frag_off = frag_off; | ||
| 1402 | msg_hdr->frag_len = frag_len; | ||
| 1403 | |||
| 1404 | return 1; | ||
| 1385 | } | 1405 | } |
| 1386 | 1406 | ||
| 1387 | void | 1407 | void |
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 1ff664370b..b26ff2cec2 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.44 2015/07/18 22:36:55 doug Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.45 2015/07/18 23:00:23 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -1018,7 +1018,8 @@ start: | |||
| 1018 | struct hm_header_st msg_hdr; | 1018 | struct hm_header_st msg_hdr; |
| 1019 | 1019 | ||
| 1020 | /* this may just be a stale retransmit */ | 1020 | /* this may just be a stale retransmit */ |
| 1021 | dtls1_get_message_header(rr->data, &msg_hdr); | 1021 | if (!dtls1_get_message_header(rr->data, &msg_hdr)) |
| 1022 | return -1; | ||
| 1022 | if (rr->epoch != s->d1->r_epoch) { | 1023 | if (rr->epoch != s->d1->r_epoch) { |
| 1023 | rr->length = 0; | 1024 | rr->length = 0; |
| 1024 | goto start; | 1025 | goto start; |
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c index 534db59ee8..5c93af8bd9 100644 --- a/src/lib/libssl/src/ssl/d1_both.c +++ b/src/lib/libssl/src/ssl/d1_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_both.c,v 1.32 2015/02/09 10:53:28 jsing Exp $ */ | 1 | /* $OpenBSD: d1_both.c,v 1.33 2015/07/18 23:00:23 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -125,6 +125,7 @@ | |||
| 125 | #include <openssl/x509.h> | 125 | #include <openssl/x509.h> |
| 126 | 126 | ||
| 127 | #include "pqueue.h" | 127 | #include "pqueue.h" |
| 128 | #include "bytestring.h" | ||
| 128 | 129 | ||
| 129 | #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) | 130 | #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) |
| 130 | 131 | ||
| @@ -798,16 +799,15 @@ again: | |||
| 798 | return i; | 799 | return i; |
| 799 | } | 800 | } |
| 800 | /* Handshake fails if message header is incomplete */ | 801 | /* Handshake fails if message header is incomplete */ |
| 801 | if (i != DTLS1_HM_HEADER_LENGTH) { | 802 | if (i != DTLS1_HM_HEADER_LENGTH || |
| 803 | /* parse the message fragment header */ | ||
| 804 | dtls1_get_message_header(wire, &msg_hdr) == 0) { | ||
| 802 | al = SSL_AD_UNEXPECTED_MESSAGE; | 805 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 803 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, | 806 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, |
| 804 | SSL_R_UNEXPECTED_MESSAGE); | 807 | SSL_R_UNEXPECTED_MESSAGE); |
| 805 | goto f_err; | 808 | goto f_err; |
| 806 | } | 809 | } |
| 807 | 810 | ||
| 808 | /* parse the message fragment header */ | ||
| 809 | dtls1_get_message_header(wire, &msg_hdr); | ||
| 810 | |||
| 811 | /* | 811 | /* |
| 812 | * if this is a future (or stale) message it gets buffered | 812 | * if this is a future (or stale) message it gets buffered |
| 813 | * (or dropped)--no further processing at this time | 813 | * (or dropped)--no further processing at this time |
| @@ -1372,16 +1372,36 @@ dtls1_guess_mtu(unsigned int curr_mtu) | |||
| 1372 | return curr_mtu; | 1372 | return curr_mtu; |
| 1373 | } | 1373 | } |
| 1374 | 1374 | ||
| 1375 | void | 1375 | int |
| 1376 | dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) | 1376 | dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) |
| 1377 | { | 1377 | { |
| 1378 | memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | 1378 | CBS header; |
| 1379 | msg_hdr->type = *(data++); | 1379 | uint32_t msg_len, frag_off, frag_len; |
| 1380 | n2l3(data, msg_hdr->msg_len); | 1380 | uint16_t seq; |
| 1381 | uint8_t type; | ||
| 1382 | |||
| 1383 | CBS_init(&header, data, sizeof(*msg_hdr)); | ||
| 1384 | |||
| 1385 | memset(msg_hdr, 0, sizeof(*msg_hdr)); | ||
| 1386 | |||
| 1387 | if (!CBS_get_u8(&header, &type)) | ||
| 1388 | return 0; | ||
| 1389 | if (!CBS_get_u24(&header, &msg_len)) | ||
| 1390 | return 0; | ||
| 1391 | if (!CBS_get_u16(&header, &seq)) | ||
| 1392 | return 0; | ||
| 1393 | if (!CBS_get_u24(&header, &frag_off)) | ||
| 1394 | return 0; | ||
| 1395 | if (!CBS_get_u24(&header, &frag_len)) | ||
| 1396 | return 0; | ||
| 1381 | 1397 | ||
| 1382 | n2s(data, msg_hdr->seq); | 1398 | msg_hdr->type = type; |
| 1383 | n2l3(data, msg_hdr->frag_off); | 1399 | msg_hdr->msg_len = msg_len; |
| 1384 | n2l3(data, msg_hdr->frag_len); | 1400 | msg_hdr->seq = seq; |
| 1401 | msg_hdr->frag_off = frag_off; | ||
| 1402 | msg_hdr->frag_len = frag_len; | ||
| 1403 | |||
| 1404 | return 1; | ||
| 1385 | } | 1405 | } |
| 1386 | 1406 | ||
| 1387 | void | 1407 | void |
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index 1ff664370b..b26ff2cec2 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.44 2015/07/18 22:36:55 doug Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.45 2015/07/18 23:00:23 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -1018,7 +1018,8 @@ start: | |||
| 1018 | struct hm_header_st msg_hdr; | 1018 | struct hm_header_st msg_hdr; |
| 1019 | 1019 | ||
| 1020 | /* this may just be a stale retransmit */ | 1020 | /* this may just be a stale retransmit */ |
| 1021 | dtls1_get_message_header(rr->data, &msg_hdr); | 1021 | if (!dtls1_get_message_header(rr->data, &msg_hdr)) |
| 1022 | return -1; | ||
| 1022 | if (rr->epoch != s->d1->r_epoch) { | 1023 | if (rr->epoch != s->d1->r_epoch) { |
| 1023 | rr->length = 0; | 1024 | rr->length = 0; |
| 1024 | goto start; | 1025 | goto start; |
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 3256354463..ba8fc79964 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.96 2015/07/17 17:36:24 doug Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.97 2015/07/18 23:00:23 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -694,7 +694,7 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, | |||
| 694 | int dtls1_get_queue_priority(unsigned short seq, int is_ccs); | 694 | int dtls1_get_queue_priority(unsigned short seq, int is_ccs); |
| 695 | int dtls1_retransmit_buffered_messages(SSL *s); | 695 | int dtls1_retransmit_buffered_messages(SSL *s); |
| 696 | void dtls1_clear_record_buffer(SSL *s); | 696 | void dtls1_clear_record_buffer(SSL *s); |
| 697 | void dtls1_get_message_header(unsigned char *data, | 697 | int dtls1_get_message_header(unsigned char *data, |
| 698 | struct hm_header_st *msg_hdr); | 698 | struct hm_header_st *msg_hdr); |
| 699 | void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); | 699 | void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); |
| 700 | void dtls1_reset_seq_numbers(SSL *s, int rw); | 700 | void dtls1_reset_seq_numbers(SSL *s, int rw); |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 3256354463..ba8fc79964 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.96 2015/07/17 17:36:24 doug Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.97 2015/07/18 23:00:23 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -694,7 +694,7 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, | |||
| 694 | int dtls1_get_queue_priority(unsigned short seq, int is_ccs); | 694 | int dtls1_get_queue_priority(unsigned short seq, int is_ccs); |
| 695 | int dtls1_retransmit_buffered_messages(SSL *s); | 695 | int dtls1_retransmit_buffered_messages(SSL *s); |
| 696 | void dtls1_clear_record_buffer(SSL *s); | 696 | void dtls1_clear_record_buffer(SSL *s); |
| 697 | void dtls1_get_message_header(unsigned char *data, | 697 | int dtls1_get_message_header(unsigned char *data, |
| 698 | struct hm_header_st *msg_hdr); | 698 | struct hm_header_st *msg_hdr); |
| 699 | void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); | 699 | void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); |
| 700 | void dtls1_reset_seq_numbers(SSL *s, int rw); | 700 | void dtls1_reset_seq_numbers(SSL *s, int rw); |