1 files changed, 25 insertions, 24 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index cb0b12b400..44c7c143fe 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -118,15 +118,9 @@
 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                         unsigned int len, int create_empty_fragment);
-static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-                              unsigned int len);
 static int ssl3_get_record(SSL *s);
-static int do_compress(SSL *ssl);
-static int do_uncompress(SSL *ssl);
-static int do_change_cipher_spec(SSL *ssl);
-/* used only by ssl3_get_record */
+int ssl3_read_n(SSL *s, int n, int max, int extend)
-static int ssl3_read_n(SSL *s, int n, int max, int extend)
        {
        /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
         * packet by another n bytes.
@@ -147,6 +141,14 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend)
                /* ... now we can act as if 'extend' was set */
                }
+        /* extend reads should not span multiple packets for DTLS */
+        if ( SSL_version(s) == DTLS1_VERSION &&
+                extend)
+                {
+                if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
+                        n = s->s3->rbuf.left;
+                }
        /* if there is enough in the buffer from a previous read, take some */
        if (s->s3->rbuf.left >= (int)n)
                {
@@ -275,11 +277,7 @@ again:
                n2s(p,rr->length);
                /* Lets check version */
-                if (s->first_packet)
+                if (!s->first_packet)
-                        {
-                        s->first_packet=0;
-                        }
-                else
                        {
                        if (version != s->version)
                                {
@@ -434,7 +432,7 @@ printf("\n");
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
                        goto f_err;
                        }
-                if (!do_uncompress(s))
+                if (!ssl3_do_uncompress(s))
                        {
                        al=SSL_AD_DECOMPRESSION_FAILURE;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
@@ -472,8 +470,9 @@ err:
        return(ret);
        }
-static int do_uncompress(SSL *ssl)
+int ssl3_do_uncompress(SSL *ssl)
        {
+#ifndef OPENSSL_NO_COMP
        int i;
        SSL3_RECORD *rr;
@@ -485,12 +484,13 @@ static int do_uncompress(SSL *ssl)
        else
                rr->length=i;
        rr->data=rr->comp;
+#endif
        return(1);
        }
-static int do_compress(SSL *ssl)
+int ssl3_do_compress(SSL *ssl)
        {
+#ifndef OPENSSL_NO_COMP
        int i;
        SSL3_RECORD *wr;
@@ -504,6 +504,7 @@ static int do_compress(SSL *ssl)
                wr->length=i;
        wr->input=wr->data;
+#endif
        return(1);
        }
@@ -580,7 +581,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        /* If we have an alert to send, lets send it */
        if (s->s3->alert_dispatch)
                {
-                i=ssl3_dispatch_alert(s);
+                i=s->method->ssl_dispatch_alert(s);
                if (i <= 0)
                        return(i);
                /* if it went, fall through and send more stuff */
@@ -655,7 +656,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        /* first we compress */
        if (s->compress != NULL)
                {
-                if (!do_compress(s))
+                if (!ssl3_do_compress(s))
                        {
                        SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
                        goto err;
@@ -716,8 +717,8 @@ err:
        }
 /* if s->s3->wbuf.left != 0, we need to call this */
-static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-                              unsigned int len)
+        unsigned int len)
        {
        int i;
@@ -1089,7 +1090,7 @@ start:
                if (s->s3->tmp.new_cipher == NULL)
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
                        goto f_err;
                        }
@@ -1099,7 +1100,7 @@ start:
                        s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
                s->s3->change_cipher_spec=1;
-                if (!do_change_cipher_spec(s))
+                if (!ssl3_do_change_cipher_spec(s))
                        goto err;
                else
                        goto start;
@@ -1211,7 +1212,7 @@ err:
        return(-1);
        }
-static int do_change_cipher_spec(SSL *s)
+int ssl3_do_change_cipher_spec(SSL *s)
        {
        int i;
        const char *sender;
@@ -1268,7 +1269,7 @@ void ssl3_send_alert(SSL *s, int level, int desc)
        s->s3->send_alert[0]=level;
        s->s3->send_alert[1]=desc;
        if (s->s3->wbuf.left == 0) /* data still being written out? */
-                ssl3_dispatch_alert(s);
+                s->method->ssl_dispatch_alert(s);
        /* else data is still being written out, we will get written
         * some time in the future */
        }

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index cb0b12b400..44c7c143fe 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c
@@ -118,15 +118,9 @@
118		118
119	static int do_ssl3_write(SSL s, int type, const unsigned char buf,	119	static int do_ssl3_write(SSL s, int type, const unsigned char buf,
120	unsigned int len, int create_empty_fragment);	120	unsigned int len, int create_empty_fragment);
121	static int ssl3_write_pending(SSL s, int type, const unsigned char buf,
122	unsigned int len);
123	static int ssl3_get_record(SSL *s);	121	static int ssl3_get_record(SSL *s);
124	static int do_compress(SSL *ssl);
125	static int do_uncompress(SSL *ssl);
126	static int do_change_cipher_spec(SSL *ssl);
127		122
128	/* used only by ssl3_get_record */	123	int ssl3_read_n(SSL *s, int n, int max, int extend)
129	static int ssl3_read_n(SSL *s, int n, int max, int extend)
130	{	124	{
131	/* If extend == 0, obtain new n-byte packet; if extend == 1, increase	125	/* If extend == 0, obtain new n-byte packet; if extend == 1, increase
132	* packet by another n bytes.	126	* packet by another n bytes.
@@ -147,6 +141,14 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend)
147	/* ... now we can act as if 'extend' was set */	141	/* ... now we can act as if 'extend' was set */
148	}	142	}
149		143
		144	/* extend reads should not span multiple packets for DTLS */
		145	if ( SSL_version(s) == DTLS1_VERSION &&
		146	extend)
		147	{
		148	if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
		149	n = s->s3->rbuf.left;
		150	}
		151
150	/* if there is enough in the buffer from a previous read, take some */	152	/* if there is enough in the buffer from a previous read, take some */
151	if (s->s3->rbuf.left >= (int)n)	153	if (s->s3->rbuf.left >= (int)n)
152	{	154	{
@@ -275,11 +277,7 @@ again:
275	n2s(p,rr->length);	277	n2s(p,rr->length);
276		278
277	/* Lets check version */	279	/* Lets check version */
278	if (s->first_packet)	280	if (!s->first_packet)
279	{
280	s->first_packet=0;
281	}
282	else
283	{	281	{
284	if (version != s->version)	282	if (version != s->version)
285	{	283	{
@@ -434,7 +432,7 @@ printf("\n");
434	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);	432	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
435	goto f_err;	433	goto f_err;
436	}	434	}
437	if (!do_uncompress(s))	435	if (!ssl3_do_uncompress(s))
438	{	436	{
439	al=SSL_AD_DECOMPRESSION_FAILURE;	437	al=SSL_AD_DECOMPRESSION_FAILURE;
440	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);	438	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
@@ -472,8 +470,9 @@ err:
472	return(ret);	470	return(ret);
473	}	471	}
474		472
475	static int do_uncompress(SSL *ssl)	473	int ssl3_do_uncompress(SSL *ssl)
476	{	474	{
		475	#ifndef OPENSSL_NO_COMP
477	int i;	476	int i;
478	SSL3_RECORD *rr;	477	SSL3_RECORD *rr;
479		478
@@ -485,12 +484,13 @@ static int do_uncompress(SSL *ssl)
485	else	484	else
486	rr->length=i;	485	rr->length=i;
487	rr->data=rr->comp;	486	rr->data=rr->comp;
488		487	#endif
489	return(1);	488	return(1);
490	}	489	}
491		490
492	static int do_compress(SSL *ssl)	491	int ssl3_do_compress(SSL *ssl)
493	{	492	{
		493	#ifndef OPENSSL_NO_COMP
494	int i;	494	int i;
495	SSL3_RECORD *wr;	495	SSL3_RECORD *wr;
496		496
@@ -504,6 +504,7 @@ static int do_compress(SSL *ssl)
504	wr->length=i;	504	wr->length=i;
505		505
506	wr->input=wr->data;	506	wr->input=wr->data;
		507	#endif
507	return(1);	508	return(1);
508	}	509	}
509		510
@@ -580,7 +581,7 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
580	/* If we have an alert to send, lets send it */	581	/* If we have an alert to send, lets send it */
581	if (s->s3->alert_dispatch)	582	if (s->s3->alert_dispatch)
582	{	583	{
583	i=ssl3_dispatch_alert(s);	584	i=s->method->ssl_dispatch_alert(s);
584	if (i <= 0)	585	if (i <= 0)
585	return(i);	586	return(i);
586	/* if it went, fall through and send more stuff */	587	/* if it went, fall through and send more stuff */
@@ -655,7 +656,7 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
655	/* first we compress */	656	/* first we compress */
656	if (s->compress != NULL)	657	if (s->compress != NULL)
657	{	658	{
658	if (!do_compress(s))	659	if (!ssl3_do_compress(s))
659	{	660	{
660	SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);	661	SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
661	goto err;	662	goto err;
@@ -716,8 +717,8 @@ err:
716	}	717	}
717		718
718	/* if s->s3->wbuf.left != 0, we need to call this */	719	/* if s->s3->wbuf.left != 0, we need to call this */
719	static int ssl3_write_pending(SSL s, int type, const unsigned char buf,	720	int ssl3_write_pending(SSL s, int type, const unsigned char buf,
720	unsigned int len)	721	unsigned int len)
721	{	722	{
722	int i;	723	int i;
723		724
@@ -1089,7 +1090,7 @@ start:
1089	if (s->s3->tmp.new_cipher == NULL)	1090	if (s->s3->tmp.new_cipher == NULL)
1090	{	1091	{
1091	al=SSL_AD_UNEXPECTED_MESSAGE;	1092	al=SSL_AD_UNEXPECTED_MESSAGE;
1092	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);	1093	SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
1093	goto f_err;	1094	goto f_err;
1094	}	1095	}
1095		1096
@@ -1099,7 +1100,7 @@ start:
1099	s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);	1100	s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
1100		1101
1101	s->s3->change_cipher_spec=1;	1102	s->s3->change_cipher_spec=1;
1102	if (!do_change_cipher_spec(s))	1103	if (!ssl3_do_change_cipher_spec(s))
1103	goto err;	1104	goto err;
1104	else	1105	else
1105	goto start;	1106	goto start;
@@ -1211,7 +1212,7 @@ err:
1211	return(-1);	1212	return(-1);
1212	}	1213	}
1213		1214
1214	static int do_change_cipher_spec(SSL *s)	1215	int ssl3_do_change_cipher_spec(SSL *s)
1215	{	1216	{
1216	int i;	1217	int i;
1217	const char *sender;	1218	const char *sender;
@@ -1268,7 +1269,7 @@ void ssl3_send_alert(SSL *s, int level, int desc)
1268	s->s3->send_alert[0]=level;	1269	s->s3->send_alert[0]=level;
1269	s->s3->send_alert[1]=desc;	1270	s->s3->send_alert[1]=desc;
1270	if (s->s3->wbuf.left == 0) /* data still being written out? */	1271	if (s->s3->wbuf.left == 0) /* data still being written out? */
1271	ssl3_dispatch_alert(s);	1272	s->method->ssl_dispatch_alert(s);
1272	/* else data is still being written out, we will get written	1273	/* else data is still being written out, we will get written
1273	* some time in the future */	1274	* some time in the future */
1274	}	1275	}