summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/d1_pkt.c')
-rw-r--r--src/lib/libssl/d1_pkt.c167
1 files changed, 34 insertions, 133 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 987af60835..e0c0f0cc9a 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -179,6 +179,7 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
179static int dtls1_buffer_record(SSL *s, record_pqueue *q, 179static int dtls1_buffer_record(SSL *s, record_pqueue *q,
180 unsigned char *priority); 180 unsigned char *priority);
181static int dtls1_process_record(SSL *s); 181static int dtls1_process_record(SSL *s);
182static void dtls1_clear_timeouts(SSL *s);
182 183
183/* copy buffered record into SSL structure */ 184/* copy buffered record into SSL structure */
184static int 185static int
@@ -231,14 +232,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
231 232
232 item->data = rdata; 233 item->data = rdata;
233 234
234#ifndef OPENSSL_NO_SCTP
235 /* Store bio_dgram_sctp_rcvinfo struct */
236 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
237 (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
238 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
239 }
240#endif
241
242 /* insert should not fail, since duplicates are dropped */ 235 /* insert should not fail, since duplicates are dropped */
243 if (pqueue_insert(queue->q, item) == NULL) 236 if (pqueue_insert(queue->q, item) == NULL)
244 { 237 {
@@ -383,7 +376,6 @@ dtls1_process_record(SSL *s)
383 unsigned int mac_size; 376 unsigned int mac_size;
384 unsigned char md[EVP_MAX_MD_SIZE]; 377 unsigned char md[EVP_MAX_MD_SIZE];
385 int decryption_failed_or_bad_record_mac = 0; 378 int decryption_failed_or_bad_record_mac = 0;
386 unsigned char *mac = NULL;
387 379
388 380
389 rr= &(s->s3->rrec); 381 rr= &(s->s3->rrec);
@@ -455,15 +447,19 @@ printf("\n");
455#endif 447#endif
456 } 448 }
457 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 449 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
458 if (rr->length >= mac_size) 450 if (rr->length < mac_size)
459 { 451 {
460 rr->length -= mac_size; 452#if 0 /* OK only for stream ciphers */
461 mac = &rr->data[rr->length]; 453 al=SSL_AD_DECODE_ERROR;
454 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
455 goto f_err;
456#else
457 decryption_failed_or_bad_record_mac = 1;
458#endif
462 } 459 }
463 else 460 rr->length-=mac_size;
464 rr->length = 0;
465 i=s->method->ssl3_enc->mac(s,md,0); 461 i=s->method->ssl3_enc->mac(s,md,0);
466 if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) 462 if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
467 { 463 {
468 decryption_failed_or_bad_record_mac = 1; 464 decryption_failed_or_bad_record_mac = 1;
469 } 465 }
@@ -648,28 +644,20 @@ again:
648 goto again; /* get another record */ 644 goto again; /* get another record */
649 } 645 }
650 646
651#ifndef OPENSSL_NO_SCTP 647 /* Check whether this is a repeat, or aged record.
652 /* Only do replay check if no SCTP bio */ 648 * Don't check if we're listening and this message is
653 if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) 649 * a ClientHello. They can look as if they're replayed,
654 { 650 * since they arrive from different connections and
655#endif 651 * would be dropped unnecessarily.
656 /* Check whether this is a repeat, or aged record. 652 */
657 * Don't check if we're listening and this message is 653 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
658 * a ClientHello. They can look as if they're replayed, 654 *p == SSL3_MT_CLIENT_HELLO) &&
659 * since they arrive from different connections and 655 !dtls1_record_replay_check(s, bitmap))
660 * would be dropped unnecessarily. 656 {
661 */ 657 rr->length = 0;
662 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && 658 s->packet_length=0; /* dump this record */
663 *p == SSL3_MT_CLIENT_HELLO) && 659 goto again; /* get another record */
664 !dtls1_record_replay_check(s, bitmap)) 660 }
665 {
666 rr->length = 0;
667 s->packet_length=0; /* dump this record */
668 goto again; /* get another record */
669 }
670#ifndef OPENSSL_NO_SCTP
671 }
672#endif
673 661
674 /* just read a 0 length packet */ 662 /* just read a 0 length packet */
675 if (rr->length == 0) goto again; 663 if (rr->length == 0) goto again;
@@ -697,6 +685,7 @@ again:
697 goto again; /* get another record */ 685 goto again; /* get another record */
698 } 686 }
699 687
688 dtls1_clear_timeouts(s); /* done waiting */
700 return(1); 689 return(1);
701 690
702 } 691 }
@@ -754,17 +743,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
754 743
755 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ 744 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
756 745
757#ifndef OPENSSL_NO_SCTP
758 /* Continue handshake if it had to be interrupted to read
759 * app data with SCTP.
760 */
761 if ((!s->in_handshake && SSL_in_init(s)) ||
762 (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
763 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
764 s->s3->in_read_app_data != 2))
765#else
766 if (!s->in_handshake && SSL_in_init(s)) 746 if (!s->in_handshake && SSL_in_init(s))
767#endif
768 { 747 {
769 /* type == SSL3_RT_APPLICATION_DATA */ 748 /* type == SSL3_RT_APPLICATION_DATA */
770 i=s->handshake_func(s); 749 i=s->handshake_func(s);
@@ -795,15 +774,6 @@ start:
795 item = pqueue_pop(s->d1->buffered_app_data.q); 774 item = pqueue_pop(s->d1->buffered_app_data.q);
796 if (item) 775 if (item)
797 { 776 {
798#ifndef OPENSSL_NO_SCTP
799 /* Restore bio_dgram_sctp_rcvinfo struct */
800 if (BIO_dgram_is_sctp(SSL_get_rbio(s)))
801 {
802 DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
803 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
804 }
805#endif
806
807 dtls1_copy_record(s, item); 777 dtls1_copy_record(s, item);
808 778
809 OPENSSL_free(item->data); 779 OPENSSL_free(item->data);
@@ -886,31 +856,6 @@ start:
886 rr->off=0; 856 rr->off=0;
887 } 857 }
888 } 858 }
889
890#ifndef OPENSSL_NO_SCTP
891 /* We were about to renegotiate but had to read
892 * belated application data first, so retry.
893 */
894 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
895 rr->type == SSL3_RT_APPLICATION_DATA &&
896 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK))
897 {
898 s->rwstate=SSL_READING;
899 BIO_clear_retry_flags(SSL_get_rbio(s));
900 BIO_set_retry_read(SSL_get_rbio(s));
901 }
902
903 /* We might had to delay a close_notify alert because
904 * of reordered app data. If there was an alert and there
905 * is no message to read anymore, finally set shutdown.
906 */
907 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
908 s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
909 {
910 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
911 return(0);
912 }
913#endif
914 return(n); 859 return(n);
915 } 860 }
916 861
@@ -938,19 +883,6 @@ start:
938 dest = s->d1->alert_fragment; 883 dest = s->d1->alert_fragment;
939 dest_len = &s->d1->alert_fragment_len; 884 dest_len = &s->d1->alert_fragment_len;
940 } 885 }
941#ifndef OPENSSL_NO_HEARTBEATS
942 else if (rr->type == TLS1_RT_HEARTBEAT)
943 {
944 dtls1_process_heartbeat(s);
945
946 /* Exit and notify application to read again */
947 rr->length = 0;
948 s->rwstate=SSL_READING;
949 BIO_clear_retry_flags(SSL_get_rbio(s));
950 BIO_set_retry_read(SSL_get_rbio(s));
951 return(-1);
952 }
953#endif
954 /* else it's a CCS message, or application data or wrong */ 886 /* else it's a CCS message, or application data or wrong */
955 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) 887 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
956 { 888 {
@@ -1034,7 +966,6 @@ start:
1034 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 966 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1035 !s->s3->renegotiate) 967 !s->s3->renegotiate)
1036 { 968 {
1037 s->new_session = 1;
1038 ssl3_renegotiate(s); 969 ssl3_renegotiate(s);
1039 if (ssl3_renegotiate_check(s)) 970 if (ssl3_renegotiate_check(s))
1040 { 971 {
@@ -1096,21 +1027,6 @@ start:
1096 s->s3->warn_alert = alert_descr; 1027 s->s3->warn_alert = alert_descr;
1097 if (alert_descr == SSL_AD_CLOSE_NOTIFY) 1028 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
1098 { 1029 {
1099#ifndef OPENSSL_NO_SCTP
1100 /* With SCTP and streams the socket may deliver app data
1101 * after a close_notify alert. We have to check this
1102 * first so that nothing gets discarded.
1103 */
1104 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
1105 BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
1106 {
1107 s->d1->shutdown_received = 1;
1108 s->rwstate=SSL_READING;
1109 BIO_clear_retry_flags(SSL_get_rbio(s));
1110 BIO_set_retry_read(SSL_get_rbio(s));
1111 return -1;
1112 }
1113#endif
1114 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1030 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1115 return(0); 1031 return(0);
1116 } 1032 }
@@ -1217,15 +1133,6 @@ start:
1217 if (s->version == DTLS1_BAD_VER) 1133 if (s->version == DTLS1_BAD_VER)
1218 s->d1->handshake_read_seq++; 1134 s->d1->handshake_read_seq++;
1219 1135
1220#ifndef OPENSSL_NO_SCTP
1221 /* Remember that a CCS has been received,
1222 * so that an old key of SCTP-Auth can be
1223 * deleted when a CCS is sent. Will be ignored
1224 * if no SCTP is used
1225 */
1226 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
1227#endif
1228
1229 goto start; 1136 goto start;
1230 } 1137 }
1231 1138
@@ -1248,9 +1155,6 @@ start:
1248 */ 1155 */
1249 if (msg_hdr.type == SSL3_MT_FINISHED) 1156 if (msg_hdr.type == SSL3_MT_FINISHED)
1250 { 1157 {
1251 if (dtls1_check_timeout_num(s) < 0)
1252 return -1;
1253
1254 dtls1_retransmit_buffered_messages(s); 1158 dtls1_retransmit_buffered_messages(s);
1255 rr->length = 0; 1159 rr->length = 0;
1256 goto start; 1160 goto start;
@@ -1268,7 +1172,6 @@ start:
1268#else 1172#else
1269 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1173 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1270#endif 1174#endif
1271 s->renegotiate=1;
1272 s->new_session=1; 1175 s->new_session=1;
1273 } 1176 }
1274 i=s->handshake_func(s); 1177 i=s->handshake_func(s);
@@ -1365,16 +1268,7 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1365 { 1268 {
1366 int i; 1269 int i;
1367 1270
1368#ifndef OPENSSL_NO_SCTP 1271 if (SSL_in_init(s) && !s->in_handshake)
1369 /* Check if we have to continue an interrupted handshake
1370 * for reading belated app data with SCTP.
1371 */
1372 if ((SSL_in_init(s) && !s->in_handshake) ||
1373 (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1374 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
1375#else
1376 if (SSL_in_init(s) && !s->in_handshake)
1377#endif
1378 { 1272 {
1379 i=s->handshake_func(s); 1273 i=s->handshake_func(s);
1380 if (i < 0) return(i); 1274 if (i < 0) return(i);
@@ -1874,3 +1768,10 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
1874 1768
1875 memset(seq, 0x00, seq_bytes); 1769 memset(seq, 0x00, seq_bytes);
1876 } 1770 }
1771
1772
1773static void
1774dtls1_clear_timeouts(SSL *s)
1775 {
1776 memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
1777 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 04:42:03 +0000