2 files changed, 32 insertions, 80 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 60c1236f53..68571c8fd0 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.42 2015/06/17 07:29:33 doug Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.43 2015/07/18 22:28:53 doug Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -484,7 +484,13 @@ dtls1_get_record(SSL *s)
                return 1;
        /* get something from the wire */
+        if (0) {
 again:
+                /* dump this record on all retries */
+                rr->length = 0;
+                s->packet_length = 0;
+        }
        /* check if we have the header */
        if ((s->rstate != SSL_ST_READ_BODY) ||
                (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
@@ -494,10 +500,8 @@ again:
                        return(n); /* error or non-blocking */
                /* this packet contained a partial record, dump it */
-                if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {
+                if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
-                        s->packet_length = 0;
                        goto again;
-                }
                s->rstate = SSL_ST_READ_BODY;
@@ -519,27 +523,18 @@ again:
                /* Lets check version */
                if (!s->first_packet) {
-                        if (version != s->version) {
+                        if (version != s->version)
                                /* unexpected version, silently discard */
-                                rr->length = 0;
-                                s->packet_length = 0;
                                goto again;
-                        }
                }
-                if ((version & 0xff00) != (s->version & 0xff00)) {
+                if ((version & 0xff00) != (s->version & 0xff00))
                        /* wrong version, silently discard record */
-                        rr->length = 0;
-                        s->packet_length = 0;
                        goto again;
-                }
-                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
                        /* record too long, silently discard it */
-                        rr->length = 0;
-                        s->packet_length = 0;
                        goto again;
-                }
                /* now s->rstate == SSL_ST_READ_BODY */
        }
@@ -554,11 +549,8 @@ again:
                        return(n); /* error or non-blocking io */
                /* this packet contained a partial record, dump it */
-                if (n != i) {
+                if (n != i)
-                        rr->length = 0;
-                        s->packet_length = 0;
                        goto again;
-                }
                /* now n == rr->length,
                 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
@@ -567,13 +559,8 @@ again:
        /* match epochs.  NULL means the packet is dropped on the floor */
        bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
-        if (bitmap == NULL) {
+        if (bitmap == NULL)
-                rr->length = 0;
-                s->packet_length = 0;
-                /* dump this record */
                goto again;
-                /* get another record */
-        }
        /*
         * Check whether this is a repeat, or aged record.
@@ -584,12 +571,8 @@ again:
         */
        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
            p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
-            !dtls1_record_replay_check(s, bitmap)) {
+            !dtls1_record_replay_check(s, bitmap))
-                rr->length = 0;
-                s->packet_length=0; /* dump this record */
                goto again;
-                /* get another record */
-        }
        /* just read a 0 length packet */
        if (rr->length == 0)
@@ -608,23 +591,16 @@ again:
                        /* Mark receipt of record. */
                        dtls1_record_bitmap_update(s, bitmap);
                }
-                rr->length = 0;
-                s->packet_length = 0;
                goto again;
        }
-        if (!dtls1_process_record(s)) {
+        if (!dtls1_process_record(s))
-                rr->length = 0;
-                s->packet_length = 0;
-                /* dump this record */
                goto again;
-                /* get another record */
-        }
        /* Mark receipt of record. */
        dtls1_record_bitmap_update(s, bitmap);
        return (1);
 }
 /* Return up to 'len' payload bytes received in 'type' records.
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index 60c1236f53..68571c8fd0 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.42 2015/06/17 07:29:33 doug Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.43 2015/07/18 22:28:53 doug Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -484,7 +484,13 @@ dtls1_get_record(SSL *s)
                return 1;
        /* get something from the wire */
+        if (0) {
 again:
+                /* dump this record on all retries */
+                rr->length = 0;
+                s->packet_length = 0;
+        }
        /* check if we have the header */
        if ((s->rstate != SSL_ST_READ_BODY) ||
                (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
@@ -494,10 +500,8 @@ again:
                        return(n); /* error or non-blocking */
                /* this packet contained a partial record, dump it */
-                if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {
+                if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
-                        s->packet_length = 0;
                        goto again;
-                }
                s->rstate = SSL_ST_READ_BODY;
@@ -519,27 +523,18 @@ again:
                /* Lets check version */
                if (!s->first_packet) {
-                        if (version != s->version) {
+                        if (version != s->version)
                                /* unexpected version, silently discard */
-                                rr->length = 0;
-                                s->packet_length = 0;
                                goto again;
-                        }
                }
-                if ((version & 0xff00) != (s->version & 0xff00)) {
+                if ((version & 0xff00) != (s->version & 0xff00))
                        /* wrong version, silently discard record */
-                        rr->length = 0;
-                        s->packet_length = 0;
                        goto again;
-                }
-                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
                        /* record too long, silently discard it */
-                        rr->length = 0;
-                        s->packet_length = 0;
                        goto again;
-                }
                /* now s->rstate == SSL_ST_READ_BODY */
        }
@@ -554,11 +549,8 @@ again:
                        return(n); /* error or non-blocking io */
                /* this packet contained a partial record, dump it */
-                if (n != i) {
+                if (n != i)
-                        rr->length = 0;
-                        s->packet_length = 0;
                        goto again;
-                }
                /* now n == rr->length,
                 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
@@ -567,13 +559,8 @@ again:
        /* match epochs.  NULL means the packet is dropped on the floor */
        bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
-        if (bitmap == NULL) {
+        if (bitmap == NULL)
-                rr->length = 0;
-                s->packet_length = 0;
-                /* dump this record */
                goto again;
-                /* get another record */
-        }
        /*
         * Check whether this is a repeat, or aged record.
@@ -584,12 +571,8 @@ again:
         */
        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
            p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
-            !dtls1_record_replay_check(s, bitmap)) {
+            !dtls1_record_replay_check(s, bitmap))
-                rr->length = 0;
-                s->packet_length=0; /* dump this record */
                goto again;
-                /* get another record */
-        }
        /* just read a 0 length packet */
        if (rr->length == 0)
@@ -608,23 +591,16 @@ again:
                        /* Mark receipt of record. */
                        dtls1_record_bitmap_update(s, bitmap);
                }
-                rr->length = 0;
-                s->packet_length = 0;
                goto again;
        }
-        if (!dtls1_process_record(s)) {
+        if (!dtls1_process_record(s))
-                rr->length = 0;
-                s->packet_length = 0;
-                /* dump this record */
                goto again;
-                /* get another record */
-        }
        /* Mark receipt of record. */
        dtls1_record_bitmap_update(s, bitmap);
        return (1);
 }
 /* Return up to 'len' payload bytes received in 'type' records.

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 60c1236f53..68571c8fd0 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.42 2015/06/17 07:29:33 doug Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.43 2015/07/18 22:28:53 doug Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -484,7 +484,13 @@ dtls1_get_record(SSL *s)
484	return 1;	484	return 1;
485		485
486	/* get something from the wire */	486	/* get something from the wire */
		487	if (0) {
487	again:	488	again:
		489	/* dump this record on all retries */
		490	rr->length = 0;
		491	s->packet_length = 0;
		492	}
		493
488	/* check if we have the header */	494	/* check if we have the header */
489	if ((s->rstate != SSL_ST_READ_BODY) \|\|	495	if ((s->rstate != SSL_ST_READ_BODY) \|\|
490	(s->packet_length < DTLS1_RT_HEADER_LENGTH)) {	496	(s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
@@ -494,10 +500,8 @@ again:
494	return(n); /* error or non-blocking */	500	return(n); /* error or non-blocking */
495		501
496	/* this packet contained a partial record, dump it */	502	/* this packet contained a partial record, dump it */
497	if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {	503	if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
498	s->packet_length = 0;
499	goto again;	504	goto again;
500	}
501		505
502	s->rstate = SSL_ST_READ_BODY;	506	s->rstate = SSL_ST_READ_BODY;
503		507
@@ -519,27 +523,18 @@ again:
519		523
520	/* Lets check version */	524	/* Lets check version */
521	if (!s->first_packet) {	525	if (!s->first_packet) {
522	if (version != s->version) {	526	if (version != s->version)
523	/* unexpected version, silently discard */	527	/* unexpected version, silently discard */
524	rr->length = 0;
525	s->packet_length = 0;
526	goto again;	528	goto again;
527	}
528	}	529	}
529		530
530	if ((version & 0xff00) != (s->version & 0xff00)) {	531	if ((version & 0xff00) != (s->version & 0xff00))
531	/* wrong version, silently discard record */	532	/* wrong version, silently discard record */
532	rr->length = 0;
533	s->packet_length = 0;
534	goto again;	533	goto again;
535	}
536		534
537	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {	535	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
538	/* record too long, silently discard it */	536	/* record too long, silently discard it */
539	rr->length = 0;
540	s->packet_length = 0;
541	goto again;	537	goto again;
542	}
543		538
544	/* now s->rstate == SSL_ST_READ_BODY */	539	/* now s->rstate == SSL_ST_READ_BODY */
545	}	540	}
@@ -554,11 +549,8 @@ again:
554	return(n); /* error or non-blocking io */	549	return(n); /* error or non-blocking io */
555		550
556	/* this packet contained a partial record, dump it */	551	/* this packet contained a partial record, dump it */
557	if (n != i) {	552	if (n != i)
558	rr->length = 0;
559	s->packet_length = 0;
560	goto again;	553	goto again;
561	}
562		554
563	/* now n == rr->length,	555	/* now n == rr->length,
564	* and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */	556	* and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
@@ -567,13 +559,8 @@ again:
567		559
568	/* match epochs. NULL means the packet is dropped on the floor */	560	/* match epochs. NULL means the packet is dropped on the floor */
569	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);	561	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
570	if (bitmap == NULL) {	562	if (bitmap == NULL)
571	rr->length = 0;
572	s->packet_length = 0;
573	/* dump this record */
574	goto again;	563	goto again;
575	/* get another record */
576	}
577		564
578	/*	565	/*
579	* Check whether this is a repeat, or aged record.	566	* Check whether this is a repeat, or aged record.
@@ -584,12 +571,8 @@ again:
584	*/	571	*/
585	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&	572	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
586	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&	573	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
587	!dtls1_record_replay_check(s, bitmap)) {	574	!dtls1_record_replay_check(s, bitmap))
588	rr->length = 0;
589	s->packet_length=0; /* dump this record */
590	goto again;	575	goto again;
591	/* get another record */
592	}
593		576
594	/* just read a 0 length packet */	577	/* just read a 0 length packet */
595	if (rr->length == 0)	578	if (rr->length == 0)
@@ -608,23 +591,16 @@ again:
608	/* Mark receipt of record. */	591	/* Mark receipt of record. */
609	dtls1_record_bitmap_update(s, bitmap);	592	dtls1_record_bitmap_update(s, bitmap);
610	}	593	}
611	rr->length = 0;
612	s->packet_length = 0;
613	goto again;	594	goto again;
614	}	595	}
615		596
616	if (!dtls1_process_record(s)) {	597	if (!dtls1_process_record(s))
617	rr->length = 0;
618	s->packet_length = 0;
619	/* dump this record */
620	goto again;	598	goto again;
621	/* get another record */	599
622	}
623	/* Mark receipt of record. */	600	/* Mark receipt of record. */
624	dtls1_record_bitmap_update(s, bitmap);	601	dtls1_record_bitmap_update(s, bitmap);
625		602
626	return (1);	603	return (1);
627
628	}	604	}
629		605
630	/* Return up to 'len' payload bytes received in 'type' records.	606	/* Return up to 'len' payload bytes received in 'type' records.


diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index 60c1236f53..68571c8fd0 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.42 2015/06/17 07:29:33 doug Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.43 2015/07/18 22:28:53 doug Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -484,7 +484,13 @@ dtls1_get_record(SSL *s)
484	return 1;	484	return 1;
485		485
486	/* get something from the wire */	486	/* get something from the wire */
		487	if (0) {
487	again:	488	again:
		489	/* dump this record on all retries */
		490	rr->length = 0;
		491	s->packet_length = 0;
		492	}
		493
488	/* check if we have the header */	494	/* check if we have the header */
489	if ((s->rstate != SSL_ST_READ_BODY) \|\|	495	if ((s->rstate != SSL_ST_READ_BODY) \|\|
490	(s->packet_length < DTLS1_RT_HEADER_LENGTH)) {	496	(s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
@@ -494,10 +500,8 @@ again:
494	return(n); /* error or non-blocking */	500	return(n); /* error or non-blocking */
495		501
496	/* this packet contained a partial record, dump it */	502	/* this packet contained a partial record, dump it */
497	if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {	503	if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
498	s->packet_length = 0;
499	goto again;	504	goto again;
500	}
501		505
502	s->rstate = SSL_ST_READ_BODY;	506	s->rstate = SSL_ST_READ_BODY;
503		507
@@ -519,27 +523,18 @@ again:
519		523
520	/* Lets check version */	524	/* Lets check version */
521	if (!s->first_packet) {	525	if (!s->first_packet) {
522	if (version != s->version) {	526	if (version != s->version)
523	/* unexpected version, silently discard */	527	/* unexpected version, silently discard */
524	rr->length = 0;
525	s->packet_length = 0;
526	goto again;	528	goto again;
527	}
528	}	529	}
529		530
530	if ((version & 0xff00) != (s->version & 0xff00)) {	531	if ((version & 0xff00) != (s->version & 0xff00))
531	/* wrong version, silently discard record */	532	/* wrong version, silently discard record */
532	rr->length = 0;
533	s->packet_length = 0;
534	goto again;	533	goto again;
535	}
536		534
537	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {	535	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
538	/* record too long, silently discard it */	536	/* record too long, silently discard it */
539	rr->length = 0;
540	s->packet_length = 0;
541	goto again;	537	goto again;
542	}
543		538
544	/* now s->rstate == SSL_ST_READ_BODY */	539	/* now s->rstate == SSL_ST_READ_BODY */
545	}	540	}
@@ -554,11 +549,8 @@ again:
554	return(n); /* error or non-blocking io */	549	return(n); /* error or non-blocking io */
555		550
556	/* this packet contained a partial record, dump it */	551	/* this packet contained a partial record, dump it */
557	if (n != i) {	552	if (n != i)
558	rr->length = 0;
559	s->packet_length = 0;
560	goto again;	553	goto again;
561	}
562		554
563	/* now n == rr->length,	555	/* now n == rr->length,
564	* and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */	556	* and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
@@ -567,13 +559,8 @@ again:
567		559
568	/* match epochs. NULL means the packet is dropped on the floor */	560	/* match epochs. NULL means the packet is dropped on the floor */
569	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);	561	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
570	if (bitmap == NULL) {	562	if (bitmap == NULL)
571	rr->length = 0;
572	s->packet_length = 0;
573	/* dump this record */
574	goto again;	563	goto again;
575	/* get another record */
576	}
577		564
578	/*	565	/*
579	* Check whether this is a repeat, or aged record.	566	* Check whether this is a repeat, or aged record.
@@ -584,12 +571,8 @@ again:
584	*/	571	*/
585	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&	572	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
586	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&	573	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
587	!dtls1_record_replay_check(s, bitmap)) {	574	!dtls1_record_replay_check(s, bitmap))
588	rr->length = 0;
589	s->packet_length=0; /* dump this record */
590	goto again;	575	goto again;
591	/* get another record */
592	}
593		576
594	/* just read a 0 length packet */	577	/* just read a 0 length packet */
595	if (rr->length == 0)	578	if (rr->length == 0)
@@ -608,23 +591,16 @@ again:
608	/* Mark receipt of record. */	591	/* Mark receipt of record. */
609	dtls1_record_bitmap_update(s, bitmap);	592	dtls1_record_bitmap_update(s, bitmap);
610	}	593	}
611	rr->length = 0;
612	s->packet_length = 0;
613	goto again;	594	goto again;
614	}	595	}
615		596
616	if (!dtls1_process_record(s)) {	597	if (!dtls1_process_record(s))
617	rr->length = 0;
618	s->packet_length = 0;
619	/* dump this record */
620	goto again;	598	goto again;
621	/* get another record */	599
622	}
623	/* Mark receipt of record. */	600	/* Mark receipt of record. */
624	dtls1_record_bitmap_update(s, bitmap);	601	dtls1_record_bitmap_update(s, bitmap);
625		602
626	return (1);	603	return (1);
627
628	}	604	}
629		605
630	/* Return up to 'len' payload bytes received in 'type' records.	606	/* Return up to 'len' payload bytes received in 'type' records.