diff options
Diffstat (limited to 'src/lib/libssl/d1_both.c')
| -rw-r--r-- | src/lib/libssl/d1_both.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 2180c6d4da..9f898d6997 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -158,7 +158,6 @@ static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1 | |||
| 158 | /* XDTLS: figure out the right values */ | 158 | /* XDTLS: figure out the right values */ |
| 159 | static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; | 159 | static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; |
| 160 | 160 | ||
| 161 | static unsigned int dtls1_min_mtu(void); | ||
| 162 | static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); | 161 | static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); |
| 163 | static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, | 162 | static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, |
| 164 | unsigned long frag_len); | 163 | unsigned long frag_len); |
| @@ -264,11 +263,10 @@ int dtls1_do_write(SSL *s, int type) | |||
| 264 | return ret; | 263 | return ret; |
| 265 | mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); | 264 | mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); |
| 266 | } | 265 | } |
| 267 | |||
| 268 | OPENSSL_assert(mtu > 0); /* should have something reasonable now */ | ||
| 269 | |||
| 270 | #endif | 266 | #endif |
| 271 | 267 | ||
| 268 | OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ | ||
| 269 | |||
| 272 | if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) | 270 | if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) |
| 273 | OPENSSL_assert(s->init_num == | 271 | OPENSSL_assert(s->init_num == |
| 274 | (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); | 272 | (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); |
| @@ -795,7 +793,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | |||
| 795 | *ok = 0; | 793 | *ok = 0; |
| 796 | return i; | 794 | return i; |
| 797 | } | 795 | } |
| 798 | OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH); | 796 | /* Handshake fails if message header is incomplete */ |
| 797 | if (i != DTLS1_HM_HEADER_LENGTH) | ||
| 798 | { | ||
| 799 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 800 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); | ||
| 801 | goto f_err; | ||
| 802 | } | ||
| 799 | 803 | ||
| 800 | /* parse the message fragment header */ | 804 | /* parse the message fragment header */ |
| 801 | dtls1_get_message_header(wire, &msg_hdr); | 805 | dtls1_get_message_header(wire, &msg_hdr); |
| @@ -867,7 +871,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | |||
| 867 | 871 | ||
| 868 | /* XDTLS: an incorrectly formatted fragment should cause the | 872 | /* XDTLS: an incorrectly formatted fragment should cause the |
| 869 | * handshake to fail */ | 873 | * handshake to fail */ |
| 870 | OPENSSL_assert(i == (int)frag_len); | 874 | if (i != (int)frag_len) |
| 875 | { | ||
| 876 | al=SSL3_AD_ILLEGAL_PARAMETER; | ||
| 877 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER); | ||
| 878 | goto f_err; | ||
| 879 | } | ||
| 871 | 880 | ||
| 872 | *ok = 1; | 881 | *ok = 1; |
| 873 | 882 | ||
| @@ -1367,7 +1376,7 @@ dtls1_write_message_header(SSL *s, unsigned char *p) | |||
| 1367 | return p; | 1376 | return p; |
| 1368 | } | 1377 | } |
| 1369 | 1378 | ||
| 1370 | static unsigned int | 1379 | unsigned int |
| 1371 | dtls1_min_mtu(void) | 1380 | dtls1_min_mtu(void) |
| 1372 | { | 1381 | { |
| 1373 | return (g_probable_mtu[(sizeof(g_probable_mtu) / | 1382 | return (g_probable_mtu[(sizeof(g_probable_mtu) / |