summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/d1_lib.c')
-rw-r--r--src/lib/libssl/d1_lib.c70
1 files changed, 30 insertions, 40 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index ec68b25140..770734e6ff 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_lib.c,v 1.60 2021/10/21 08:30:14 tb Exp $ */ 1/* $OpenBSD: d1_lib.c,v 1.61 2021/10/23 13:36:03 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -83,20 +83,18 @@ dtls1_new(SSL *s)
83 83
84 if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL) 84 if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL)
85 goto err; 85 goto err;
86 if ((s->d1->internal = calloc(1, sizeof(*s->d1->internal))) == NULL)
87 goto err;
88 86
89 if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL) 87 if ((s->d1->unprocessed_rcds.q = pqueue_new()) == NULL)
90 goto err; 88 goto err;
91 if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL) 89 if ((s->d1->buffered_messages = pqueue_new()) == NULL)
92 goto err; 90 goto err;
93 if ((s->d1->sent_messages = pqueue_new()) == NULL) 91 if ((s->d1->sent_messages = pqueue_new()) == NULL)
94 goto err; 92 goto err;
95 if ((s->d1->internal->buffered_app_data.q = pqueue_new()) == NULL) 93 if ((s->d1->buffered_app_data.q = pqueue_new()) == NULL)
96 goto err; 94 goto err;
97 95
98 if (s->server) 96 if (s->server)
99 s->d1->internal->cookie_len = sizeof(D1I(s)->cookie); 97 s->d1->cookie_len = sizeof(s->d1->cookie);
100 98
101 s->method->ssl_clear(s); 99 s->method->ssl_clear(s);
102 return (1); 100 return (1);
@@ -140,10 +138,10 @@ dtls1_drain_fragments(pqueue queue)
140static void 138static void
141dtls1_clear_queues(SSL *s) 139dtls1_clear_queues(SSL *s)
142{ 140{
143 dtls1_drain_records(D1I(s)->unprocessed_rcds.q); 141 dtls1_drain_records(s->d1->unprocessed_rcds.q);
144 dtls1_drain_fragments(D1I(s)->buffered_messages); 142 dtls1_drain_fragments(s->d1->buffered_messages);
145 dtls1_drain_fragments(s->d1->sent_messages); 143 dtls1_drain_fragments(s->d1->sent_messages);
146 dtls1_drain_records(D1I(s)->buffered_app_data.q); 144 dtls1_drain_records(s->d1->buffered_app_data.q);
147} 145}
148 146
149void 147void
@@ -156,18 +154,14 @@ dtls1_free(SSL *s)
156 154
157 if (s->d1 == NULL) 155 if (s->d1 == NULL)
158 return; 156 return;
159 if (D1I(s) == NULL)
160 goto out;
161 157
162 dtls1_clear_queues(s); 158 dtls1_clear_queues(s);
163 159
164 pqueue_free(D1I(s)->unprocessed_rcds.q); 160 pqueue_free(s->d1->unprocessed_rcds.q);
165 pqueue_free(D1I(s)->buffered_messages); 161 pqueue_free(s->d1->buffered_messages);
166 pqueue_free(s->d1->sent_messages); 162 pqueue_free(s->d1->sent_messages);
167 pqueue_free(D1I(s)->buffered_app_data.q); 163 pqueue_free(s->d1->buffered_app_data.q);
168 164
169 out:
170 freezero(s->d1->internal, sizeof(*s->d1->internal));
171 freezero(s->d1, sizeof(*s->d1)); 165 freezero(s->d1, sizeof(*s->d1));
172 s->d1 = NULL; 166 s->d1 = NULL;
173} 167}
@@ -175,7 +169,6 @@ dtls1_free(SSL *s)
175void 169void
176dtls1_clear(SSL *s) 170dtls1_clear(SSL *s)
177{ 171{
178 struct dtls1_state_internal_st *internal;
179 pqueue unprocessed_rcds; 172 pqueue unprocessed_rcds;
180 pqueue buffered_messages; 173 pqueue buffered_messages;
181 pqueue sent_messages; 174 pqueue sent_messages;
@@ -183,34 +176,31 @@ dtls1_clear(SSL *s)
183 unsigned int mtu; 176 unsigned int mtu;
184 177
185 if (s->d1) { 178 if (s->d1) {
186 unprocessed_rcds = D1I(s)->unprocessed_rcds.q; 179 unprocessed_rcds = s->d1->unprocessed_rcds.q;
187 buffered_messages = D1I(s)->buffered_messages; 180 buffered_messages = s->d1->buffered_messages;
188 sent_messages = s->d1->sent_messages; 181 sent_messages = s->d1->sent_messages;
189 buffered_app_data = D1I(s)->buffered_app_data.q; 182 buffered_app_data = s->d1->buffered_app_data.q;
190 mtu = D1I(s)->mtu; 183 mtu = s->d1->mtu;
191 184
192 dtls1_clear_queues(s); 185 dtls1_clear_queues(s);
193 186
194 memset(s->d1->internal, 0, sizeof(*s->d1->internal));
195 internal = s->d1->internal;
196 memset(s->d1, 0, sizeof(*s->d1)); 187 memset(s->d1, 0, sizeof(*s->d1));
197 s->d1->internal = internal;
198 188
199 D1I(s)->unprocessed_rcds.epoch = 189 s->d1->unprocessed_rcds.epoch =
200 tls12_record_layer_read_epoch(s->internal->rl) + 1; 190 tls12_record_layer_read_epoch(s->internal->rl) + 1;
201 191
202 if (s->server) { 192 if (s->server) {
203 D1I(s)->cookie_len = sizeof(D1I(s)->cookie); 193 s->d1->cookie_len = sizeof(s->d1->cookie);
204 } 194 }
205 195
206 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { 196 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
207 D1I(s)->mtu = mtu; 197 s->d1->mtu = mtu;
208 } 198 }
209 199
210 D1I(s)->unprocessed_rcds.q = unprocessed_rcds; 200 s->d1->unprocessed_rcds.q = unprocessed_rcds;
211 D1I(s)->buffered_messages = buffered_messages; 201 s->d1->buffered_messages = buffered_messages;
212 s->d1->sent_messages = sent_messages; 202 s->d1->sent_messages = sent_messages;
213 D1I(s)->buffered_app_data.q = buffered_app_data; 203 s->d1->buffered_app_data.q = buffered_app_data;
214 } 204 }
215 205
216 ssl3_clear(s); 206 ssl3_clear(s);
@@ -356,7 +346,7 @@ void
356dtls1_stop_timer(SSL *s) 346dtls1_stop_timer(SSL *s)
357{ 347{
358 /* Reset everything */ 348 /* Reset everything */
359 memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st)); 349 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
360 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 350 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
361 s->d1->timeout_duration = 1; 351 s->d1->timeout_duration = 1;
362 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, 352 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
@@ -368,16 +358,16 @@ dtls1_stop_timer(SSL *s)
368int 358int
369dtls1_check_timeout_num(SSL *s) 359dtls1_check_timeout_num(SSL *s)
370{ 360{
371 D1I(s)->timeout.num_alerts++; 361 s->d1->timeout.num_alerts++;
372 362
373 /* Reduce MTU after 2 unsuccessful retransmissions */ 363 /* Reduce MTU after 2 unsuccessful retransmissions */
374 if (D1I(s)->timeout.num_alerts > 2) { 364 if (s->d1->timeout.num_alerts > 2) {
375 D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), 365 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
376 BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); 366 BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
377 367
378 } 368 }
379 369
380 if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { 370 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
381 /* fail the connection, enough alerts have been sent */ 371 /* fail the connection, enough alerts have been sent */
382 SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED); 372 SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED);
383 return -1; 373 return -1;
@@ -399,9 +389,9 @@ dtls1_handle_timeout(SSL *s)
399 if (dtls1_check_timeout_num(s) < 0) 389 if (dtls1_check_timeout_num(s) < 0)
400 return -1; 390 return -1;
401 391
402 D1I(s)->timeout.read_timeouts++; 392 s->d1->timeout.read_timeouts++;
403 if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { 393 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
404 D1I(s)->timeout.read_timeouts = 1; 394 s->d1->timeout.read_timeouts = 1;
405 } 395 }
406 396
407 dtls1_start_timer(s); 397 dtls1_start_timer(s);
@@ -417,7 +407,7 @@ dtls1_listen(SSL *s, struct sockaddr *client)
417 SSL_clear(s); 407 SSL_clear(s);
418 408
419 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); 409 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
420 D1I(s)->listen = 1; 410 s->d1->listen = 1;
421 411
422 ret = SSL_accept(s); 412 ret = SSL_accept(s);
423 if (ret <= 0) 413 if (ret <= 0)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-04 23:03:27 +0000