diff options
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 49 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_pkt.c | 49 |
2 files changed, 56 insertions, 42 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 68571c8fd0..1ff664370b 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.43 2015/07/18 22:28:53 doug Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.44 2015/07/18 22:36:55 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -124,6 +124,7 @@ | |||
| 124 | #include <openssl/evp.h> | 124 | #include <openssl/evp.h> |
| 125 | 125 | ||
| 126 | #include "pqueue.h" | 126 | #include "pqueue.h" |
| 127 | #include "bytestring.h" | ||
| 127 | 128 | ||
| 128 | /* mod 128 saturating subtract of two 64-bit values in big-endian order */ | 129 | /* mod 128 saturating subtract of two 64-bit values in big-endian order */ |
| 129 | static int | 130 | static int |
| @@ -464,11 +465,9 @@ err: | |||
| 464 | int | 465 | int |
| 465 | dtls1_get_record(SSL *s) | 466 | dtls1_get_record(SSL *s) |
| 466 | { | 467 | { |
| 467 | int ssl_major, ssl_minor; | ||
| 468 | int i, n; | 468 | int i, n; |
| 469 | SSL3_RECORD *rr; | 469 | SSL3_RECORD *rr; |
| 470 | unsigned char *p = NULL; | 470 | unsigned char *p = NULL; |
| 471 | unsigned short version; | ||
| 472 | DTLS1_BITMAP *bitmap; | 471 | DTLS1_BITMAP *bitmap; |
| 473 | unsigned int is_next_epoch; | 472 | unsigned int is_next_epoch; |
| 474 | 473 | ||
| @@ -494,6 +493,10 @@ again: | |||
| 494 | /* check if we have the header */ | 493 | /* check if we have the header */ |
| 495 | if ((s->rstate != SSL_ST_READ_BODY) || | 494 | if ((s->rstate != SSL_ST_READ_BODY) || |
| 496 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { | 495 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { |
| 496 | CBS header, seq_no; | ||
| 497 | uint16_t epoch, len, ssl_version; | ||
| 498 | uint8_t type; | ||
| 499 | |||
| 497 | n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); | 500 | n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); |
| 498 | /* read timeout is handled by dtls1_read_bytes */ | 501 | /* read timeout is handled by dtls1_read_bytes */ |
| 499 | if (n <= 0) | 502 | if (n <= 0) |
| @@ -505,35 +508,39 @@ again: | |||
| 505 | 508 | ||
| 506 | s->rstate = SSL_ST_READ_BODY; | 509 | s->rstate = SSL_ST_READ_BODY; |
| 507 | 510 | ||
| 508 | p = s->packet; | 511 | CBS_init(&header, s->packet, s->packet_length); |
| 509 | 512 | ||
| 510 | /* Pull apart the header into the DTLS1_RECORD */ | 513 | /* Pull apart the header into the DTLS1_RECORD */ |
| 511 | rr->type= *(p++); | 514 | if (!CBS_get_u8(&header, &type)) |
| 512 | ssl_major= *(p++); | 515 | goto again; |
| 513 | ssl_minor= *(p++); | 516 | if (!CBS_get_u16(&header, &ssl_version)) |
| 514 | version = (ssl_major << 8)|ssl_minor; | 517 | goto again; |
| 515 | 518 | ||
| 516 | /* sequence number is 64 bits, with top 2 bytes = epoch */ | 519 | /* sequence number is 64 bits, with top 2 bytes = epoch */ |
| 517 | n2s(p, rr->epoch); | 520 | if (!CBS_get_u16(&header, &epoch) || |
| 521 | !CBS_get_bytes(&header, &seq_no, 6)) | ||
| 522 | goto again; | ||
| 518 | 523 | ||
| 519 | memcpy(&(s->s3->read_sequence[2]), p, 6); | 524 | if (!CBS_write_bytes(&seq_no, &(s->s3->read_sequence[2]), |
| 520 | p += 6; | 525 | sizeof(s->s3->read_sequence) - 2, NULL)) |
| 526 | goto again; | ||
| 527 | if (!CBS_get_u16(&header, &len)) | ||
| 528 | goto again; | ||
| 521 | 529 | ||
| 522 | n2s(p, rr->length); | 530 | rr->type = type; |
| 531 | rr->epoch = epoch; | ||
| 532 | rr->length = len; | ||
| 523 | 533 | ||
| 524 | /* Lets check version */ | 534 | /* unexpected version, silently discard */ |
| 525 | if (!s->first_packet) { | 535 | if (!s->first_packet && ssl_version != s->version) |
| 526 | if (version != s->version) | 536 | goto again; |
| 527 | /* unexpected version, silently discard */ | ||
| 528 | goto again; | ||
| 529 | } | ||
| 530 | 537 | ||
| 531 | if ((version & 0xff00) != (s->version & 0xff00)) | 538 | /* wrong version, silently discard record */ |
| 532 | /* wrong version, silently discard record */ | 539 | if ((ssl_version & 0xff00) != (s->version & 0xff00)) |
| 533 | goto again; | 540 | goto again; |
| 534 | 541 | ||
| 542 | /* record too long, silently discard it */ | ||
| 535 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) | 543 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) |
| 536 | /* record too long, silently discard it */ | ||
| 537 | goto again; | 544 | goto again; |
| 538 | 545 | ||
| 539 | /* now s->rstate == SSL_ST_READ_BODY */ | 546 | /* now s->rstate == SSL_ST_READ_BODY */ |
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index 68571c8fd0..1ff664370b 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.43 2015/07/18 22:28:53 doug Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.44 2015/07/18 22:36:55 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -124,6 +124,7 @@ | |||
| 124 | #include <openssl/evp.h> | 124 | #include <openssl/evp.h> |
| 125 | 125 | ||
| 126 | #include "pqueue.h" | 126 | #include "pqueue.h" |
| 127 | #include "bytestring.h" | ||
| 127 | 128 | ||
| 128 | /* mod 128 saturating subtract of two 64-bit values in big-endian order */ | 129 | /* mod 128 saturating subtract of two 64-bit values in big-endian order */ |
| 129 | static int | 130 | static int |
| @@ -464,11 +465,9 @@ err: | |||
| 464 | int | 465 | int |
| 465 | dtls1_get_record(SSL *s) | 466 | dtls1_get_record(SSL *s) |
| 466 | { | 467 | { |
| 467 | int ssl_major, ssl_minor; | ||
| 468 | int i, n; | 468 | int i, n; |
| 469 | SSL3_RECORD *rr; | 469 | SSL3_RECORD *rr; |
| 470 | unsigned char *p = NULL; | 470 | unsigned char *p = NULL; |
| 471 | unsigned short version; | ||
| 472 | DTLS1_BITMAP *bitmap; | 471 | DTLS1_BITMAP *bitmap; |
| 473 | unsigned int is_next_epoch; | 472 | unsigned int is_next_epoch; |
| 474 | 473 | ||
| @@ -494,6 +493,10 @@ again: | |||
| 494 | /* check if we have the header */ | 493 | /* check if we have the header */ |
| 495 | if ((s->rstate != SSL_ST_READ_BODY) || | 494 | if ((s->rstate != SSL_ST_READ_BODY) || |
| 496 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { | 495 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { |
| 496 | CBS header, seq_no; | ||
| 497 | uint16_t epoch, len, ssl_version; | ||
| 498 | uint8_t type; | ||
| 499 | |||
| 497 | n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); | 500 | n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); |
| 498 | /* read timeout is handled by dtls1_read_bytes */ | 501 | /* read timeout is handled by dtls1_read_bytes */ |
| 499 | if (n <= 0) | 502 | if (n <= 0) |
| @@ -505,35 +508,39 @@ again: | |||
| 505 | 508 | ||
| 506 | s->rstate = SSL_ST_READ_BODY; | 509 | s->rstate = SSL_ST_READ_BODY; |
| 507 | 510 | ||
| 508 | p = s->packet; | 511 | CBS_init(&header, s->packet, s->packet_length); |
| 509 | 512 | ||
| 510 | /* Pull apart the header into the DTLS1_RECORD */ | 513 | /* Pull apart the header into the DTLS1_RECORD */ |
| 511 | rr->type= *(p++); | 514 | if (!CBS_get_u8(&header, &type)) |
| 512 | ssl_major= *(p++); | 515 | goto again; |
| 513 | ssl_minor= *(p++); | 516 | if (!CBS_get_u16(&header, &ssl_version)) |
| 514 | version = (ssl_major << 8)|ssl_minor; | 517 | goto again; |
| 515 | 518 | ||
| 516 | /* sequence number is 64 bits, with top 2 bytes = epoch */ | 519 | /* sequence number is 64 bits, with top 2 bytes = epoch */ |
| 517 | n2s(p, rr->epoch); | 520 | if (!CBS_get_u16(&header, &epoch) || |
| 521 | !CBS_get_bytes(&header, &seq_no, 6)) | ||
| 522 | goto again; | ||
| 518 | 523 | ||
| 519 | memcpy(&(s->s3->read_sequence[2]), p, 6); | 524 | if (!CBS_write_bytes(&seq_no, &(s->s3->read_sequence[2]), |
| 520 | p += 6; | 525 | sizeof(s->s3->read_sequence) - 2, NULL)) |
| 526 | goto again; | ||
| 527 | if (!CBS_get_u16(&header, &len)) | ||
| 528 | goto again; | ||
| 521 | 529 | ||
| 522 | n2s(p, rr->length); | 530 | rr->type = type; |
| 531 | rr->epoch = epoch; | ||
| 532 | rr->length = len; | ||
| 523 | 533 | ||
| 524 | /* Lets check version */ | 534 | /* unexpected version, silently discard */ |
| 525 | if (!s->first_packet) { | 535 | if (!s->first_packet && ssl_version != s->version) |
| 526 | if (version != s->version) | 536 | goto again; |
| 527 | /* unexpected version, silently discard */ | ||
| 528 | goto again; | ||
| 529 | } | ||
| 530 | 537 | ||
| 531 | if ((version & 0xff00) != (s->version & 0xff00)) | 538 | /* wrong version, silently discard record */ |
| 532 | /* wrong version, silently discard record */ | 539 | if ((ssl_version & 0xff00) != (s->version & 0xff00)) |
| 533 | goto again; | 540 | goto again; |
| 534 | 541 | ||
| 542 | /* record too long, silently discard it */ | ||
| 535 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) | 543 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) |
| 536 | /* record too long, silently discard it */ | ||
| 537 | goto again; | 544 | goto again; |
| 538 | 545 | ||
| 539 | /* now s->rstate == SSL_ST_READ_BODY */ | 546 | /* now s->rstate == SSL_ST_READ_BODY */ |