summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_both.c214
-rw-r--r--src/lib/libssl/src/ssl/d1_both.c214
2 files changed, 244 insertions, 184 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index ae7e7b457b..7762ccdee6 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,7 +1,7 @@
1/* ssl/d1_both.c */ 1/* ssl/d1_both.c */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */ 5 */
6/* ==================================================================== 6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
@@ -11,7 +11,7 @@
11 * are met: 11 * are met:
12 * 12 *
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
15 * 15 *
16 * 2. Redistributions in binary form must reproduce the above copyright 16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in 17 * notice, this list of conditions and the following disclaimer in
@@ -62,21 +62,21 @@
62 * This package is an SSL implementation written 62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com). 63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL. 64 * The implementation was written so as to conform with Netscapes SSL.
65 * 65 *
66 * This library is free for commercial and non-commercial use as long as 66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions 67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA, 68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms 70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 * 72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in 73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed. 74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution 75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used. 76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or 77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package. 78 * in documentation (online or textual) provided with the package.
79 * 79 *
80 * Redistribution and use in source and binary forms, with or without 80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions 81 * modification, are permitted provided that the following conditions
82 * are met: 82 * are met:
@@ -91,10 +91,10 @@
91 * Eric Young (eay@cryptsoft.com)" 91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library 92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-). 93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from 94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement: 95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 * 97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -106,7 +106,7 @@
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE. 108 * SUCH DAMAGE.
109 * 109 *
110 * The licence and distribution terms for any publically available version or 110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be 111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence 112 * copied and put under another distribution licence
@@ -216,8 +216,10 @@ dtls1_hm_fragment_free(hm_fragment *frag)
216{ 216{
217 217
218 if (frag->msg_header.is_ccs) { 218 if (frag->msg_header.is_ccs) {
219 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); 219 EVP_CIPHER_CTX_free(
220 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); 220 frag->msg_header.saved_retransmit_state.enc_write_ctx);
221 EVP_MD_CTX_destroy(
222 frag->msg_header.saved_retransmit_state.write_hash);
221 } 223 }
222 if (frag->fragment) 224 if (frag->fragment)
223 free(frag->fragment); 225 free(frag->fragment);
@@ -235,7 +237,8 @@ dtls1_do_write(SSL *s, int type)
235 unsigned int len, frag_off, mac_size, blocksize; 237 unsigned int len, frag_off, mac_size, blocksize;
236 238
237 /* AHA! Figure out the MTU, and stick to the right size */ 239 /* AHA! Figure out the MTU, and stick to the right size */
238 if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { 240 if (s->d1->mtu < dtls1_min_mtu() &&
241 !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
239 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), 242 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
240 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 243 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
241 244
@@ -245,10 +248,10 @@ dtls1_do_write(SSL *s, int type)
245 s->d1->mtu = 0; 248 s->d1->mtu = 0;
246 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); 249 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
247 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, 250 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
248 s->d1->mtu, NULL); 251 s->d1->mtu, NULL);
249 } 252 }
250 } 253 }
251#if 0 254#if 0
252 mtu = s->d1->mtu; 255 mtu = s->d1->mtu;
253 256
254 fprintf(stderr, "using MTU = %d\n", mtu); 257 fprintf(stderr, "using MTU = %d\n", mtu);
@@ -266,7 +269,8 @@ dtls1_do_write(SSL *s, int type)
266 ret = BIO_flush(SSL_get_wbio(s)); 269 ret = BIO_flush(SSL_get_wbio(s));
267 if (ret <= 0) 270 if (ret <= 0)
268 return ret; 271 return ret;
269 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); 272 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH +
273 DTLS1_RT_HEADER_LENGTH);
270 } 274 }
271#endif 275#endif
272 276
@@ -275,7 +279,7 @@ dtls1_do_write(SSL *s, int type)
275 279
276 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) 280 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
277 OPENSSL_assert(s->init_num == 281 OPENSSL_assert(s->init_num ==
278 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 282 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
279 283
280 if (s->write_hash) 284 if (s->write_hash)
281 mac_size = EVP_MD_CTX_size(s->write_hash); 285 mac_size = EVP_MD_CTX_size(s->write_hash);
@@ -283,8 +287,8 @@ dtls1_do_write(SSL *s, int type)
283 mac_size = 0; 287 mac_size = 0;
284 288
285 if (s->enc_write_ctx && 289 if (s->enc_write_ctx &&
286 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) 290 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
287 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); 291 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
288 else 292 else
289 blocksize = 0; 293 blocksize = 0;
290 294
@@ -299,7 +303,7 @@ dtls1_do_write(SSL *s, int type)
299 if (ret <= 0) 303 if (ret <= 0)
300 return ret; 304 return ret;
301 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - 305 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
302 mac_size - blocksize; 306 mac_size - blocksize;
303 } 307 }
304 308
305 if (s->init_num > curr_mtu) 309 if (s->init_num > curr_mtu)
@@ -322,9 +326,10 @@ dtls1_do_write(SSL *s, int type)
322 } 326 }
323 327
324 dtls1_fix_message_header(s, frag_off, 328 dtls1_fix_message_header(s, frag_off,
325 len - DTLS1_HM_HEADER_LENGTH); 329 len - DTLS1_HM_HEADER_LENGTH);
326 330
327 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]); 331 dtls1_write_message_header(s,
332 (unsigned char *)&s->init_buf->data[s->init_off]);
328 333
329 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); 334 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
330 } 335 }
@@ -336,7 +341,7 @@ dtls1_do_write(SSL *s, int type)
336 * which previous packet caused the failure -- so can't 341 * which previous packet caused the failure -- so can't
337 * really retransmit anything. continue as if everything 342 * really retransmit anything. continue as if everything
338 * is fine and wait for an alert to handle the 343 * is fine and wait for an alert to handle the
339 * retransmit 344 * retransmit
340 */ 345 */
341 if (BIO_ctrl(SSL_get_wbio(s), 346 if (BIO_ctrl(SSL_get_wbio(s),
342 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) 347 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
@@ -350,14 +355,16 @@ dtls1_do_write(SSL *s, int type)
350 * message got sent. but why would this happen? */ 355 * message got sent. but why would this happen? */
351 OPENSSL_assert(len == (unsigned int)ret); 356 OPENSSL_assert(len == (unsigned int)ret);
352 357
353 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) { 358 if (type == SSL3_RT_HANDSHAKE &&
359 !s->d1->retransmitting) {
354 /* should not be done for 'Hello Request's, but in that case 360 /* should not be done for 'Hello Request's, but in that case
355 * we'll ignore the result anyway */ 361 * we'll ignore the result anyway */
356 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; 362 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
357 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 363 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
358 int xlen; 364 int xlen;
359 365
360 if (frag_off == 0 && s->version != DTLS1_BAD_VER) { 366 if (frag_off == 0 &&
367 s->version != DTLS1_BAD_VER) {
361 /* reconstruct message header is if it 368 /* reconstruct message header is if it
362 * is being sent in single fragment */ 369 * is being sent in single fragment */
363 *p++ = msg_hdr->type; 370 *p++ = msg_hdr->type;
@@ -416,7 +423,8 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
416 s->s3->tmp.reuse_message = 0; 423 s->s3->tmp.reuse_message = 0;
417 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { 424 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
418 al = SSL_AD_UNEXPECTED_MESSAGE; 425 al = SSL_AD_UNEXPECTED_MESSAGE;
419 SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); 426 SSLerr(SSL_F_DTLS1_GET_MESSAGE,
427 SSL_R_UNEXPECTED_MESSAGE);
420 goto f_err; 428 goto f_err;
421 } 429 }
422 *ok = 1; 430 *ok = 1;
@@ -472,7 +480,8 @@ f_err:
472 480
473 481
474static int 482static int
475dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) { 483dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
484{
476 size_t frag_off, frag_len, msg_len; 485 size_t frag_off, frag_len, msg_len;
477 486
478 msg_len = msg_hdr->msg_len; 487 msg_len = msg_hdr->msg_len;
@@ -481,12 +490,14 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
481 490
482 /* sanity checking */ 491 /* sanity checking */
483 if ((frag_off + frag_len) > msg_len) { 492 if ((frag_off + frag_len) > msg_len) {
484 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); 493 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
494 SSL_R_EXCESSIVE_MESSAGE_SIZE);
485 return SSL_AD_ILLEGAL_PARAMETER; 495 return SSL_AD_ILLEGAL_PARAMETER;
486 } 496 }
487 497
488 if ((frag_off + frag_len) > (unsigned long)max) { 498 if ((frag_off + frag_len) > (unsigned long)max) {
489 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); 499 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
500 SSL_R_EXCESSIVE_MESSAGE_SIZE);
490 return SSL_AD_ILLEGAL_PARAMETER; 501 return SSL_AD_ILLEGAL_PARAMETER;
491 } 502 }
492 503
@@ -494,7 +505,8 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
494 { 505 {
495 /* msg_len is limited to 2^24, but is effectively checked 506 /* msg_len is limited to 2^24, but is effectively checked
496 * against max above */ 507 * against max above */
497 if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) { 508 if (!BUF_MEM_grow_clean(s->init_buf,
509 msg_len + DTLS1_HM_HEADER_LENGTH)) {
498 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB); 510 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
499 return SSL_AD_INTERNAL_ERROR; 511 return SSL_AD_INTERNAL_ERROR;
500 } 512 }
@@ -507,14 +519,14 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
507 } else if (msg_len != s->d1->r_msg_hdr.msg_len) { 519 } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
508 /* They must be playing with us! BTW, failure to enforce 520 /* They must be playing with us! BTW, failure to enforce
509 * upper limit would open possibility for buffer overrun. */ 521 * upper limit would open possibility for buffer overrun. */
510 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); 522 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
523 SSL_R_EXCESSIVE_MESSAGE_SIZE);
511 return SSL_AD_ILLEGAL_PARAMETER; 524 return SSL_AD_ILLEGAL_PARAMETER;
512 } 525 }
513 526
514 return 0; /* no error */ 527 return 0; /* no error */
515} 528}
516 529
517
518static int 530static int
519dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) 531dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
520{ 532{
@@ -548,7 +560,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
548 { 560 {
549 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 561 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
550 memcpy(&p[frag->msg_header.frag_off], 562 memcpy(&p[frag->msg_header.frag_off],
551 frag->fragment, frag->msg_header.frag_len); 563 frag->fragment, frag->msg_header.frag_len);
552 } 564 }
553 565
554 dtls1_hm_fragment_free(frag); 566 dtls1_hm_fragment_free(frag);
@@ -569,7 +581,8 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
569 581
570 582
571static int 583static int
572dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) { 584dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
585{
573 hm_fragment *frag = NULL; 586 hm_fragment *frag = NULL;
574 pitem *item = NULL; 587 pitem *item = NULL;
575 int i = -1, is_complete; 588 int i = -1, is_complete;
@@ -582,7 +595,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
582 /* Determine maximum allowed message size. Depends on (user set) 595 /* Determine maximum allowed message size. Depends on (user set)
583 * maximum certificate length, but 16k is minimum. 596 * maximum certificate length, but 16k is minimum.
584 */ 597 */
585 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list) 598 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <
599 s->max_cert_list)
586 max_len = s->max_cert_list; 600 max_len = s->max_cert_list;
587 else 601 else
588 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; 602 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
@@ -615,7 +629,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
615 while (frag_len) { 629 while (frag_len) {
616 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, 630 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
617 devnull, frag_len > sizeof(devnull) ? 631 devnull, frag_len > sizeof(devnull) ?
618 sizeof(devnull) : frag_len, 0); 632 sizeof(devnull) : frag_len, 0);
619 if (i <= 0) 633 if (i <= 0)
620 goto err; 634 goto err;
621 frag_len -= i; 635 frag_len -= i;
@@ -625,15 +639,15 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
625 639
626 /* read the body of the fragment (header has already been read */ 640 /* read the body of the fragment (header has already been read */
627 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, 641 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
628 frag->fragment + msg_hdr->frag_off, frag_len, 0); 642 frag->fragment + msg_hdr->frag_off, frag_len, 0);
629 if (i <= 0 || (unsigned long)i != frag_len) 643 if (i <= 0 || (unsigned long)i != frag_len)
630 goto err; 644 goto err;
631 645
632 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, 646 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
633 (long)(msg_hdr->frag_off + frag_len)); 647 (long)(msg_hdr->frag_off + frag_len));
634 648
635 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, 649 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
636 is_complete); 650 is_complete);
637 651
638 if (is_complete) { 652 if (is_complete) {
639 free(frag->reassembly); 653 free(frag->reassembly);
@@ -667,7 +681,8 @@ err:
667 681
668 682
669static int 683static int
670dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) { 684dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
685{
671 int i = -1; 686 int i = -1;
672 hm_fragment *frag = NULL; 687 hm_fragment *frag = NULL;
673 pitem *item = NULL; 688 pitem *item = NULL;
@@ -696,13 +711,14 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
696 */ 711 */
697 if (msg_hdr->seq <= s->d1->handshake_read_seq || 712 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
698 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || 713 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
699 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { 714 (s->d1->handshake_read_seq == 0 &&
715 msg_hdr->type == SSL3_MT_FINISHED)) {
700 unsigned char devnull [256]; 716 unsigned char devnull [256];
701 717
702 while (frag_len) { 718 while (frag_len) {
703 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, 719 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
704 devnull, frag_len > sizeof(devnull) ? 720 devnull, frag_len > sizeof(devnull) ?
705 sizeof(devnull) : frag_len, 0); 721 sizeof(devnull) : frag_len, 0);
706 if (i <= 0) 722 if (i <= 0)
707 goto err; 723 goto err;
708 frag_len -= i; 724 frag_len -= i;
@@ -765,7 +781,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
765 781
766 /* read handshake message header */ 782 /* read handshake message header */
767 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, 783 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
768 DTLS1_HM_HEADER_LENGTH, 0); 784 DTLS1_HM_HEADER_LENGTH, 0);
769 if (i <= 0) /* nbio, or an error */ 785 if (i <= 0) /* nbio, or an error */
770 { 786 {
771 s->rwstate = SSL_READING; 787 s->rwstate = SSL_READING;
@@ -775,20 +791,22 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
775 /* Handshake fails if message header is incomplete */ 791 /* Handshake fails if message header is incomplete */
776 if (i != DTLS1_HM_HEADER_LENGTH) { 792 if (i != DTLS1_HM_HEADER_LENGTH) {
777 al = SSL_AD_UNEXPECTED_MESSAGE; 793 al = SSL_AD_UNEXPECTED_MESSAGE;
778 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE); 794 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
795 SSL_R_UNEXPECTED_MESSAGE);
779 goto f_err; 796 goto f_err;
780 } 797 }
781 798
782 /* parse the message fragment header */ 799 /* parse the message fragment header */
783 dtls1_get_message_header(wire, &msg_hdr); 800 dtls1_get_message_header(wire, &msg_hdr);
784 801
785 /* 802 /*
786 * if this is a future (or stale) message it gets buffered 803 * if this is a future (or stale) message it gets buffered
787 * (or dropped)--no further processing at this time 804 * (or dropped)--no further processing at this time
788 * While listening, we accept seq 1 (ClientHello with cookie) 805 * While listening, we accept seq 1 (ClientHello with cookie)
789 * although we're still expecting seq 0 (ClientHello) 806 * although we're still expecting seq 0 (ClientHello)
790 */ 807 */
791 if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1)) 808 if (msg_hdr.seq != s->d1->handshake_read_seq &&
809 !(s->d1->listen && msg_hdr.seq == 1))
792 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 810 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
793 811
794 len = msg_hdr.msg_len; 812 len = msg_hdr.msg_len;
@@ -817,7 +835,8 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
817 else /* Incorrectly formated Hello request */ 835 else /* Incorrectly formated Hello request */
818 { 836 {
819 al = SSL_AD_UNEXPECTED_MESSAGE; 837 al = SSL_AD_UNEXPECTED_MESSAGE;
820 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE); 838 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
839 SSL_R_UNEXPECTED_MESSAGE);
821 goto f_err; 840 goto f_err;
822 } 841 }
823 } 842 }
@@ -842,11 +861,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
842 } else 861 } else
843 i = 0; 862 i = 0;
844 863
845 /* XDTLS: an incorrectly formatted fragment should cause the 864 /* XDTLS: an incorrectly formatted fragment should cause the
846 * handshake to fail */ 865 * handshake to fail */
847 if (i != (int)frag_len) { 866 if (i != (int)frag_len) {
848 al = SSL3_AD_ILLEGAL_PARAMETER; 867 al = SSL3_AD_ILLEGAL_PARAMETER;
849 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER); 868 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
869 SSL3_AD_ILLEGAL_PARAMETER);
850 goto f_err; 870 goto f_err;
851 } 871 }
852 872
@@ -878,8 +898,8 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
878 d = (unsigned char *)s->init_buf->data; 898 d = (unsigned char *)s->init_buf->data;
879 p = &(d[DTLS1_HM_HEADER_LENGTH]); 899 p = &(d[DTLS1_HM_HEADER_LENGTH]);
880 900
881 i = s->method->ssl3_enc->final_finish_mac(s, 901 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
882 sender, slen, s->s3->tmp.finish_md); 902 s->s3->tmp.finish_md);
883 s->s3->tmp.finish_md_len = i; 903 s->s3->tmp.finish_md_len = i;
884 memcpy(p, s->s3->tmp.finish_md, i); 904 memcpy(p, s->s3->tmp.finish_md, i);
885 p += i; 905 p += i;
@@ -891,12 +911,12 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
891 if (s->type == SSL_ST_CONNECT) { 911 if (s->type == SSL_ST_CONNECT) {
892 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 912 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
893 memcpy(s->s3->previous_client_finished, 913 memcpy(s->s3->previous_client_finished,
894 s->s3->tmp.finish_md, i); 914 s->s3->tmp.finish_md, i);
895 s->s3->previous_client_finished_len = i; 915 s->s3->previous_client_finished_len = i;
896 } else { 916 } else {
897 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 917 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
898 memcpy(s->s3->previous_server_finished, 918 memcpy(s->s3->previous_server_finished,
899 s->s3->tmp.finish_md, i); 919 s->s3->tmp.finish_md, i);
900 s->s3->previous_server_finished_len = i; 920 s->s3->previous_server_finished_len = i;
901 } 921 }
902 922
@@ -942,7 +962,7 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
942 s->init_off = 0; 962 s->init_off = 0;
943 963
944 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 964 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
945 s->d1->handshake_write_seq, 0, 0); 965 s->d1->handshake_write_seq, 0, 0);
946 966
947 /* buffer the message to handle re-xmits */ 967 /* buffer the message to handle re-xmits */
948 dtls1_buffer_message(s, 1); 968 dtls1_buffer_message(s, 1);
@@ -961,7 +981,7 @@ dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
961 unsigned char *p; 981 unsigned char *p;
962 982
963 n = i2d_X509(x, NULL); 983 n = i2d_X509(x, NULL);
964 if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) { 984 if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
965 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); 985 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
966 return 0; 986 return 0;
967 } 987 }
@@ -990,7 +1010,8 @@ dtls1_output_cert_chain(SSL *s, X509 *x)
990 if (x != NULL) { 1010 if (x != NULL) {
991 X509_STORE_CTX xs_ctx; 1011 X509_STORE_CTX xs_ctx;
992 1012
993 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) { 1013 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
1014 x, NULL)) {
994 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB); 1015 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
995 return (0); 1016 return (0);
996 } 1017 }
@@ -1031,12 +1052,13 @@ int
1031dtls1_read_failed(SSL *s, int code) 1052dtls1_read_failed(SSL *s, int code)
1032{ 1053{
1033 if (code > 0) { 1054 if (code > 0) {
1034 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); 1055 fprintf(stderr, "invalid state reached %s:%d",
1056 __FILE__, __LINE__);
1035 return 1; 1057 return 1;
1036 } 1058 }
1037 1059
1038 if (!dtls1_is_timer_expired(s)) { 1060 if (!dtls1_is_timer_expired(s)) {
1039 /* not a timeout, none of our business, 1061 /* not a timeout, none of our business,
1040 let higher layers handle this. in fact it's probably an error */ 1062 let higher layers handle this. in fact it's probably an error */
1041 return code; 1063 return code;
1042 } 1064 }
@@ -1057,7 +1079,7 @@ dtls1_read_failed(SSL *s, int code)
1057#if 0 /* no more alert sending, just retransmit the last set of messages */ 1079#if 0 /* no more alert sending, just retransmit the last set of messages */
1058 if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) 1080 if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
1059 ssl3_send_alert(s, SSL3_AL_WARNING, 1081 ssl3_send_alert(s, SSL3_AL_WARNING,
1060 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1082 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1061#endif 1083#endif
1062 1084
1063 return dtls1_handle_timeout(s); 1085 return dtls1_handle_timeout(s);
@@ -1073,7 +1095,7 @@ dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1073 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted. 1095 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
1074 * This does not only differ CSS and Finished, it also maintains the order of the 1096 * This does not only differ CSS and Finished, it also maintains the order of the
1075 * index (important for priority queues) and fits in the unsigned short variable. 1097 * index (important for priority queues) and fits in the unsigned short variable.
1076 */ 1098 */
1077 return seq * 2 - is_ccs; 1099 return seq * 2 - is_ccs;
1078} 1100}
1079 1101
@@ -1088,12 +1110,13 @@ dtls1_retransmit_buffered_messages(SSL *s)
1088 1110
1089 iter = pqueue_iterator(sent); 1111 iter = pqueue_iterator(sent);
1090 1112
1091 for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) { 1113 for (item = pqueue_next(&iter); item != NULL;
1114 item = pqueue_next(&iter)) {
1092 frag = (hm_fragment *)item->data; 1115 frag = (hm_fragment *)item->data;
1093 if (dtls1_retransmit_message(s, 1116 if (dtls1_retransmit_message(s,
1094 (unsigned short)dtls1_get_queue_priority( 1117 (unsigned short)dtls1_get_queue_priority(
1095 frag->msg_header.seq, frag->msg_header.is_ccs), 0, 1118 frag->msg_header.seq, frag->msg_header.is_ccs), 0,
1096 &found) <= 0 && found) { 1119 &found) <= 0 && found) {
1097 fprintf(stderr, "dtls1_retransmit_message() failed\n"); 1120 fprintf(stderr, "dtls1_retransmit_message() failed\n");
1098 return -1; 1121 return -1;
1099 } 1122 }
@@ -1109,7 +1132,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1109 hm_fragment *frag; 1132 hm_fragment *frag;
1110 unsigned char seq64be[8]; 1133 unsigned char seq64be[8];
1111 1134
1112 /* this function is called immediately after a message has 1135 /* this function is called immediately after a message has
1113 * been serialized */ 1136 * been serialized */
1114 OPENSSL_assert(s->init_off == 0); 1137 OPENSSL_assert(s->init_off == 0);
1115 1138
@@ -1119,10 +1142,11 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1119 1142
1120 if (is_ccs) { 1143 if (is_ccs) {
1121 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1144 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1122 ((s->version == DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num); 1145 ((s->version == DTLS1_VERSION) ?
1146 DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
1123 } else { 1147 } else {
1124 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1148 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1125 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); 1149 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1126 } 1150 }
1127 1151
1128 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; 1152 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
@@ -1140,10 +1164,10 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1140 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; 1164 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1141 1165
1142 memset(seq64be, 0, sizeof(seq64be)); 1166 memset(seq64be, 0, sizeof(seq64be));
1143 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, 1167 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
1144 frag->msg_header.is_ccs) >> 8); 1168 frag->msg_header.seq, frag->msg_header.is_ccs) >> 8);
1145 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, 1169 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(
1146 frag->msg_header.is_ccs)); 1170 frag->msg_header.seq, frag->msg_header.is_ccs));
1147 1171
1148 item = pitem_new(seq64be, frag); 1172 item = pitem_new(seq64be, frag);
1149 if (item == NULL) { 1173 if (item == NULL) {
@@ -1200,12 +1224,12 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1200 header_length = DTLS1_HM_HEADER_LENGTH; 1224 header_length = DTLS1_HM_HEADER_LENGTH;
1201 1225
1202 memcpy(s->init_buf->data, frag->fragment, 1226 memcpy(s->init_buf->data, frag->fragment,
1203 frag->msg_header.msg_len + header_length); 1227 frag->msg_header.msg_len + header_length);
1204 s->init_num = frag->msg_header.msg_len + header_length; 1228 s->init_num = frag->msg_header.msg_len + header_length;
1205 1229
1206 dtls1_set_message_header_int(s, frag->msg_header.type, 1230 dtls1_set_message_header_int(s, frag->msg_header.type,
1207 frag->msg_header.msg_len, frag->msg_header.seq, 0, 1231 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1208 frag->msg_header.frag_len); 1232 frag->msg_header.frag_len);
1209 1233
1210 /* save current state */ 1234 /* save current state */
1211 saved_state.enc_write_ctx = s->enc_write_ctx; 1235 saved_state.enc_write_ctx = s->enc_write_ctx;
@@ -1223,13 +1247,16 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1223 s->session = frag->msg_header.saved_retransmit_state.session; 1247 s->session = frag->msg_header.saved_retransmit_state.session;
1224 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; 1248 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1225 1249
1226 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { 1250 if (frag->msg_header.saved_retransmit_state.epoch ==
1227 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); 1251 saved_state.epoch - 1) {
1228 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); 1252 memcpy(save_write_sequence, s->s3->write_sequence,
1253 sizeof(s->s3->write_sequence));
1254 memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
1255 sizeof(s->s3->write_sequence));
1229 } 1256 }
1230 1257
1231 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 1258 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1232 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); 1259 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1233 1260
1234 /* restore current state */ 1261 /* restore current state */
1235 s->enc_write_ctx = saved_state.enc_write_ctx; 1262 s->enc_write_ctx = saved_state.enc_write_ctx;
@@ -1238,9 +1265,12 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1238 s->session = saved_state.session; 1265 s->session = saved_state.session;
1239 s->d1->w_epoch = saved_state.epoch; 1266 s->d1->w_epoch = saved_state.epoch;
1240 1267
1241 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { 1268 if (frag->msg_header.saved_retransmit_state.epoch ==
1242 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); 1269 saved_state.epoch - 1) {
1243 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); 1270 memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
1271 sizeof(s->s3->write_sequence));
1272 memcpy(s->s3->write_sequence, save_write_sequence,
1273 sizeof(s->s3->write_sequence));
1244 } 1274 }
1245 1275
1246 s->d1->retransmitting = 0; 1276 s->d1->retransmitting = 0;
@@ -1262,7 +1292,6 @@ dtls1_clear_record_buffer(SSL *s)
1262 } 1292 }
1263} 1293}
1264 1294
1265
1266unsigned char * 1295unsigned char *
1267dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, 1296dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1268 unsigned long len, unsigned long frag_off, unsigned long frag_len) 1297 unsigned long len, unsigned long frag_off, unsigned long frag_len)
@@ -1274,17 +1303,15 @@ dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1274 } 1303 }
1275 1304
1276 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, 1305 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1277 frag_off, frag_len); 1306 frag_off, frag_len);
1278 1307
1279 return p += DTLS1_HM_HEADER_LENGTH; 1308 return p += DTLS1_HM_HEADER_LENGTH;
1280} 1309}
1281 1310
1282
1283/* don't actually do the writing, wait till the MTU has been retrieved */ 1311/* don't actually do the writing, wait till the MTU has been retrieved */
1284static void 1312static void
1285dtls1_set_message_header_int(SSL *s, unsigned char mt, 1313dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1286 unsigned long len, unsigned short seq_num, unsigned long frag_off, 1314 unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
1287unsigned long frag_len)
1288{ 1315{
1289 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1316 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1290 1317
@@ -1296,8 +1323,7 @@ unsigned long frag_len)
1296} 1323}
1297 1324
1298static void 1325static void
1299dtls1_fix_message_header(SSL *s, unsigned long frag_off, 1326dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
1300 unsigned long frag_len)
1301{ 1327{
1302 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1328 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1303 1329
@@ -1324,7 +1350,7 @@ unsigned int
1324dtls1_min_mtu(void) 1350dtls1_min_mtu(void)
1325{ 1351{
1326 return (g_probable_mtu[(sizeof(g_probable_mtu) / 1352 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1327 sizeof(g_probable_mtu[0])) - 1]); 1353 sizeof(g_probable_mtu[0])) - 1]);
1328} 1354}
1329 1355
1330static unsigned int 1356static unsigned int
@@ -1335,7 +1361,7 @@ dtls1_guess_mtu(unsigned int curr_mtu)
1335 if (curr_mtu == 0) 1361 if (curr_mtu == 0)
1336 return g_probable_mtu[0]; 1362 return g_probable_mtu[0];
1337 1363
1338 for (i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++) 1364 for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++)
1339 if (curr_mtu > g_probable_mtu[i]) 1365 if (curr_mtu > g_probable_mtu[i])
1340 return g_probable_mtu[i]; 1366 return g_probable_mtu[i];
1341 1367
@@ -1343,7 +1369,8 @@ dtls1_guess_mtu(unsigned int curr_mtu)
1343} 1369}
1344 1370
1345void 1371void
1346dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) { 1372dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1373{
1347 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 1374 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
1348 msg_hdr->type = *(data++); 1375 msg_hdr->type = *(data++);
1349 n2l3(data, msg_hdr->msg_len); 1376 n2l3(data, msg_hdr->msg_len);
@@ -1354,7 +1381,8 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) {
1354} 1381}
1355 1382
1356void 1383void
1357dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) { 1384dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
1385{
1358 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); 1386 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1359 1387
1360 ccs_hdr->type = *(data++); 1388 ccs_hdr->type = *(data++);
@@ -1364,6 +1392,7 @@ int
1364dtls1_shutdown(SSL *s) 1392dtls1_shutdown(SSL *s)
1365{ 1393{
1366 int ret; 1394 int ret;
1395
1367#ifndef OPENSSL_NO_SCTP 1396#ifndef OPENSSL_NO_SCTP
1368 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 1397 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1369 !(s->shutdown & SSL_SENT_SHUTDOWN)) { 1398 !(s->shutdown & SSL_SENT_SHUTDOWN)) {
@@ -1372,7 +1401,8 @@ dtls1_shutdown(SSL *s)
1372 return -1; 1401 return -1;
1373 1402
1374 if (ret == 0) 1403 if (ret == 0)
1375 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL); 1404 BIO_ctrl(SSL_get_wbio(s),
1405 BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
1376 } 1406 }
1377#endif 1407#endif
1378 ret = ssl3_shutdown(s); 1408 ret = ssl3_shutdown(s);
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index ae7e7b457b..7762ccdee6 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -1,7 +1,7 @@
1/* ssl/d1_both.c */ 1/* ssl/d1_both.c */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */ 5 */
6/* ==================================================================== 6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
@@ -11,7 +11,7 @@
11 * are met: 11 * are met:
12 * 12 *
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
15 * 15 *
16 * 2. Redistributions in binary form must reproduce the above copyright 16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in 17 * notice, this list of conditions and the following disclaimer in
@@ -62,21 +62,21 @@
62 * This package is an SSL implementation written 62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com). 63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL. 64 * The implementation was written so as to conform with Netscapes SSL.
65 * 65 *
66 * This library is free for commercial and non-commercial use as long as 66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions 67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA, 68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms 70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 * 72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in 73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed. 74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution 75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used. 76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or 77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package. 78 * in documentation (online or textual) provided with the package.
79 * 79 *
80 * Redistribution and use in source and binary forms, with or without 80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions 81 * modification, are permitted provided that the following conditions
82 * are met: 82 * are met:
@@ -91,10 +91,10 @@
91 * Eric Young (eay@cryptsoft.com)" 91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library 92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-). 93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from 94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement: 95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 * 97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -106,7 +106,7 @@
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE. 108 * SUCH DAMAGE.
109 * 109 *
110 * The licence and distribution terms for any publically available version or 110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be 111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence 112 * copied and put under another distribution licence
@@ -216,8 +216,10 @@ dtls1_hm_fragment_free(hm_fragment *frag)
216{ 216{
217 217
218 if (frag->msg_header.is_ccs) { 218 if (frag->msg_header.is_ccs) {
219 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); 219 EVP_CIPHER_CTX_free(
220 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); 220 frag->msg_header.saved_retransmit_state.enc_write_ctx);
221 EVP_MD_CTX_destroy(
222 frag->msg_header.saved_retransmit_state.write_hash);
221 } 223 }
222 if (frag->fragment) 224 if (frag->fragment)
223 free(frag->fragment); 225 free(frag->fragment);
@@ -235,7 +237,8 @@ dtls1_do_write(SSL *s, int type)
235 unsigned int len, frag_off, mac_size, blocksize; 237 unsigned int len, frag_off, mac_size, blocksize;
236 238
237 /* AHA! Figure out the MTU, and stick to the right size */ 239 /* AHA! Figure out the MTU, and stick to the right size */
238 if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { 240 if (s->d1->mtu < dtls1_min_mtu() &&
241 !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
239 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), 242 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
240 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 243 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
241 244
@@ -245,10 +248,10 @@ dtls1_do_write(SSL *s, int type)
245 s->d1->mtu = 0; 248 s->d1->mtu = 0;
246 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); 249 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
247 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, 250 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
248 s->d1->mtu, NULL); 251 s->d1->mtu, NULL);
249 } 252 }
250 } 253 }
251#if 0 254#if 0
252 mtu = s->d1->mtu; 255 mtu = s->d1->mtu;
253 256
254 fprintf(stderr, "using MTU = %d\n", mtu); 257 fprintf(stderr, "using MTU = %d\n", mtu);
@@ -266,7 +269,8 @@ dtls1_do_write(SSL *s, int type)
266 ret = BIO_flush(SSL_get_wbio(s)); 269 ret = BIO_flush(SSL_get_wbio(s));
267 if (ret <= 0) 270 if (ret <= 0)
268 return ret; 271 return ret;
269 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); 272 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH +
273 DTLS1_RT_HEADER_LENGTH);
270 } 274 }
271#endif 275#endif
272 276
@@ -275,7 +279,7 @@ dtls1_do_write(SSL *s, int type)
275 279
276 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) 280 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
277 OPENSSL_assert(s->init_num == 281 OPENSSL_assert(s->init_num ==
278 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 282 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
279 283
280 if (s->write_hash) 284 if (s->write_hash)
281 mac_size = EVP_MD_CTX_size(s->write_hash); 285 mac_size = EVP_MD_CTX_size(s->write_hash);
@@ -283,8 +287,8 @@ dtls1_do_write(SSL *s, int type)
283 mac_size = 0; 287 mac_size = 0;
284 288
285 if (s->enc_write_ctx && 289 if (s->enc_write_ctx &&
286 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) 290 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
287 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); 291 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
288 else 292 else
289 blocksize = 0; 293 blocksize = 0;
290 294
@@ -299,7 +303,7 @@ dtls1_do_write(SSL *s, int type)
299 if (ret <= 0) 303 if (ret <= 0)
300 return ret; 304 return ret;
301 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - 305 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
302 mac_size - blocksize; 306 mac_size - blocksize;
303 } 307 }
304 308
305 if (s->init_num > curr_mtu) 309 if (s->init_num > curr_mtu)
@@ -322,9 +326,10 @@ dtls1_do_write(SSL *s, int type)
322 } 326 }
323 327
324 dtls1_fix_message_header(s, frag_off, 328 dtls1_fix_message_header(s, frag_off,
325 len - DTLS1_HM_HEADER_LENGTH); 329 len - DTLS1_HM_HEADER_LENGTH);
326 330
327 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]); 331 dtls1_write_message_header(s,
332 (unsigned char *)&s->init_buf->data[s->init_off]);
328 333
329 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); 334 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
330 } 335 }
@@ -336,7 +341,7 @@ dtls1_do_write(SSL *s, int type)
336 * which previous packet caused the failure -- so can't 341 * which previous packet caused the failure -- so can't
337 * really retransmit anything. continue as if everything 342 * really retransmit anything. continue as if everything
338 * is fine and wait for an alert to handle the 343 * is fine and wait for an alert to handle the
339 * retransmit 344 * retransmit
340 */ 345 */
341 if (BIO_ctrl(SSL_get_wbio(s), 346 if (BIO_ctrl(SSL_get_wbio(s),
342 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) 347 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
@@ -350,14 +355,16 @@ dtls1_do_write(SSL *s, int type)
350 * message got sent. but why would this happen? */ 355 * message got sent. but why would this happen? */
351 OPENSSL_assert(len == (unsigned int)ret); 356 OPENSSL_assert(len == (unsigned int)ret);
352 357
353 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) { 358 if (type == SSL3_RT_HANDSHAKE &&
359 !s->d1->retransmitting) {
354 /* should not be done for 'Hello Request's, but in that case 360 /* should not be done for 'Hello Request's, but in that case
355 * we'll ignore the result anyway */ 361 * we'll ignore the result anyway */
356 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; 362 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
357 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 363 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
358 int xlen; 364 int xlen;
359 365
360 if (frag_off == 0 && s->version != DTLS1_BAD_VER) { 366 if (frag_off == 0 &&
367 s->version != DTLS1_BAD_VER) {
361 /* reconstruct message header is if it 368 /* reconstruct message header is if it
362 * is being sent in single fragment */ 369 * is being sent in single fragment */
363 *p++ = msg_hdr->type; 370 *p++ = msg_hdr->type;
@@ -416,7 +423,8 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
416 s->s3->tmp.reuse_message = 0; 423 s->s3->tmp.reuse_message = 0;
417 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { 424 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
418 al = SSL_AD_UNEXPECTED_MESSAGE; 425 al = SSL_AD_UNEXPECTED_MESSAGE;
419 SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); 426 SSLerr(SSL_F_DTLS1_GET_MESSAGE,
427 SSL_R_UNEXPECTED_MESSAGE);
420 goto f_err; 428 goto f_err;
421 } 429 }
422 *ok = 1; 430 *ok = 1;
@@ -472,7 +480,8 @@ f_err:
472 480
473 481
474static int 482static int
475dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) { 483dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
484{
476 size_t frag_off, frag_len, msg_len; 485 size_t frag_off, frag_len, msg_len;
477 486
478 msg_len = msg_hdr->msg_len; 487 msg_len = msg_hdr->msg_len;
@@ -481,12 +490,14 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
481 490
482 /* sanity checking */ 491 /* sanity checking */
483 if ((frag_off + frag_len) > msg_len) { 492 if ((frag_off + frag_len) > msg_len) {
484 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); 493 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
494 SSL_R_EXCESSIVE_MESSAGE_SIZE);
485 return SSL_AD_ILLEGAL_PARAMETER; 495 return SSL_AD_ILLEGAL_PARAMETER;
486 } 496 }
487 497
488 if ((frag_off + frag_len) > (unsigned long)max) { 498 if ((frag_off + frag_len) > (unsigned long)max) {
489 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); 499 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
500 SSL_R_EXCESSIVE_MESSAGE_SIZE);
490 return SSL_AD_ILLEGAL_PARAMETER; 501 return SSL_AD_ILLEGAL_PARAMETER;
491 } 502 }
492 503
@@ -494,7 +505,8 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
494 { 505 {
495 /* msg_len is limited to 2^24, but is effectively checked 506 /* msg_len is limited to 2^24, but is effectively checked
496 * against max above */ 507 * against max above */
497 if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) { 508 if (!BUF_MEM_grow_clean(s->init_buf,
509 msg_len + DTLS1_HM_HEADER_LENGTH)) {
498 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB); 510 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
499 return SSL_AD_INTERNAL_ERROR; 511 return SSL_AD_INTERNAL_ERROR;
500 } 512 }
@@ -507,14 +519,14 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
507 } else if (msg_len != s->d1->r_msg_hdr.msg_len) { 519 } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
508 /* They must be playing with us! BTW, failure to enforce 520 /* They must be playing with us! BTW, failure to enforce
509 * upper limit would open possibility for buffer overrun. */ 521 * upper limit would open possibility for buffer overrun. */
510 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); 522 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
523 SSL_R_EXCESSIVE_MESSAGE_SIZE);
511 return SSL_AD_ILLEGAL_PARAMETER; 524 return SSL_AD_ILLEGAL_PARAMETER;
512 } 525 }
513 526
514 return 0; /* no error */ 527 return 0; /* no error */
515} 528}
516 529
517
518static int 530static int
519dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) 531dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
520{ 532{
@@ -548,7 +560,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
548 { 560 {
549 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 561 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
550 memcpy(&p[frag->msg_header.frag_off], 562 memcpy(&p[frag->msg_header.frag_off],
551 frag->fragment, frag->msg_header.frag_len); 563 frag->fragment, frag->msg_header.frag_len);
552 } 564 }
553 565
554 dtls1_hm_fragment_free(frag); 566 dtls1_hm_fragment_free(frag);
@@ -569,7 +581,8 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
569 581
570 582
571static int 583static int
572dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) { 584dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
585{
573 hm_fragment *frag = NULL; 586 hm_fragment *frag = NULL;
574 pitem *item = NULL; 587 pitem *item = NULL;
575 int i = -1, is_complete; 588 int i = -1, is_complete;
@@ -582,7 +595,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
582 /* Determine maximum allowed message size. Depends on (user set) 595 /* Determine maximum allowed message size. Depends on (user set)
583 * maximum certificate length, but 16k is minimum. 596 * maximum certificate length, but 16k is minimum.
584 */ 597 */
585 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list) 598 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <
599 s->max_cert_list)
586 max_len = s->max_cert_list; 600 max_len = s->max_cert_list;
587 else 601 else
588 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; 602 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
@@ -615,7 +629,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
615 while (frag_len) { 629 while (frag_len) {
616 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, 630 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
617 devnull, frag_len > sizeof(devnull) ? 631 devnull, frag_len > sizeof(devnull) ?
618 sizeof(devnull) : frag_len, 0); 632 sizeof(devnull) : frag_len, 0);
619 if (i <= 0) 633 if (i <= 0)
620 goto err; 634 goto err;
621 frag_len -= i; 635 frag_len -= i;
@@ -625,15 +639,15 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
625 639
626 /* read the body of the fragment (header has already been read */ 640 /* read the body of the fragment (header has already been read */
627 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, 641 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
628 frag->fragment + msg_hdr->frag_off, frag_len, 0); 642 frag->fragment + msg_hdr->frag_off, frag_len, 0);
629 if (i <= 0 || (unsigned long)i != frag_len) 643 if (i <= 0 || (unsigned long)i != frag_len)
630 goto err; 644 goto err;
631 645
632 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, 646 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
633 (long)(msg_hdr->frag_off + frag_len)); 647 (long)(msg_hdr->frag_off + frag_len));
634 648
635 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, 649 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
636 is_complete); 650 is_complete);
637 651
638 if (is_complete) { 652 if (is_complete) {
639 free(frag->reassembly); 653 free(frag->reassembly);
@@ -667,7 +681,8 @@ err:
667 681
668 682
669static int 683static int
670dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) { 684dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
685{
671 int i = -1; 686 int i = -1;
672 hm_fragment *frag = NULL; 687 hm_fragment *frag = NULL;
673 pitem *item = NULL; 688 pitem *item = NULL;
@@ -696,13 +711,14 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
696 */ 711 */
697 if (msg_hdr->seq <= s->d1->handshake_read_seq || 712 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
698 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || 713 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
699 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { 714 (s->d1->handshake_read_seq == 0 &&
715 msg_hdr->type == SSL3_MT_FINISHED)) {
700 unsigned char devnull [256]; 716 unsigned char devnull [256];
701 717
702 while (frag_len) { 718 while (frag_len) {
703 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, 719 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
704 devnull, frag_len > sizeof(devnull) ? 720 devnull, frag_len > sizeof(devnull) ?
705 sizeof(devnull) : frag_len, 0); 721 sizeof(devnull) : frag_len, 0);
706 if (i <= 0) 722 if (i <= 0)
707 goto err; 723 goto err;
708 frag_len -= i; 724 frag_len -= i;
@@ -765,7 +781,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
765 781
766 /* read handshake message header */ 782 /* read handshake message header */
767 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, 783 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
768 DTLS1_HM_HEADER_LENGTH, 0); 784 DTLS1_HM_HEADER_LENGTH, 0);
769 if (i <= 0) /* nbio, or an error */ 785 if (i <= 0) /* nbio, or an error */
770 { 786 {
771 s->rwstate = SSL_READING; 787 s->rwstate = SSL_READING;
@@ -775,20 +791,22 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
775 /* Handshake fails if message header is incomplete */ 791 /* Handshake fails if message header is incomplete */
776 if (i != DTLS1_HM_HEADER_LENGTH) { 792 if (i != DTLS1_HM_HEADER_LENGTH) {
777 al = SSL_AD_UNEXPECTED_MESSAGE; 793 al = SSL_AD_UNEXPECTED_MESSAGE;
778 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE); 794 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
795 SSL_R_UNEXPECTED_MESSAGE);
779 goto f_err; 796 goto f_err;
780 } 797 }
781 798
782 /* parse the message fragment header */ 799 /* parse the message fragment header */
783 dtls1_get_message_header(wire, &msg_hdr); 800 dtls1_get_message_header(wire, &msg_hdr);
784 801
785 /* 802 /*
786 * if this is a future (or stale) message it gets buffered 803 * if this is a future (or stale) message it gets buffered
787 * (or dropped)--no further processing at this time 804 * (or dropped)--no further processing at this time
788 * While listening, we accept seq 1 (ClientHello with cookie) 805 * While listening, we accept seq 1 (ClientHello with cookie)
789 * although we're still expecting seq 0 (ClientHello) 806 * although we're still expecting seq 0 (ClientHello)
790 */ 807 */
791 if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1)) 808 if (msg_hdr.seq != s->d1->handshake_read_seq &&
809 !(s->d1->listen && msg_hdr.seq == 1))
792 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 810 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
793 811
794 len = msg_hdr.msg_len; 812 len = msg_hdr.msg_len;
@@ -817,7 +835,8 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
817 else /* Incorrectly formated Hello request */ 835 else /* Incorrectly formated Hello request */
818 { 836 {
819 al = SSL_AD_UNEXPECTED_MESSAGE; 837 al = SSL_AD_UNEXPECTED_MESSAGE;
820 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE); 838 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
839 SSL_R_UNEXPECTED_MESSAGE);
821 goto f_err; 840 goto f_err;
822 } 841 }
823 } 842 }
@@ -842,11 +861,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
842 } else 861 } else
843 i = 0; 862 i = 0;
844 863
845 /* XDTLS: an incorrectly formatted fragment should cause the 864 /* XDTLS: an incorrectly formatted fragment should cause the
846 * handshake to fail */ 865 * handshake to fail */
847 if (i != (int)frag_len) { 866 if (i != (int)frag_len) {
848 al = SSL3_AD_ILLEGAL_PARAMETER; 867 al = SSL3_AD_ILLEGAL_PARAMETER;
849 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER); 868 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
869 SSL3_AD_ILLEGAL_PARAMETER);
850 goto f_err; 870 goto f_err;
851 } 871 }
852 872
@@ -878,8 +898,8 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
878 d = (unsigned char *)s->init_buf->data; 898 d = (unsigned char *)s->init_buf->data;
879 p = &(d[DTLS1_HM_HEADER_LENGTH]); 899 p = &(d[DTLS1_HM_HEADER_LENGTH]);
880 900
881 i = s->method->ssl3_enc->final_finish_mac(s, 901 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
882 sender, slen, s->s3->tmp.finish_md); 902 s->s3->tmp.finish_md);
883 s->s3->tmp.finish_md_len = i; 903 s->s3->tmp.finish_md_len = i;
884 memcpy(p, s->s3->tmp.finish_md, i); 904 memcpy(p, s->s3->tmp.finish_md, i);
885 p += i; 905 p += i;
@@ -891,12 +911,12 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
891 if (s->type == SSL_ST_CONNECT) { 911 if (s->type == SSL_ST_CONNECT) {
892 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 912 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
893 memcpy(s->s3->previous_client_finished, 913 memcpy(s->s3->previous_client_finished,
894 s->s3->tmp.finish_md, i); 914 s->s3->tmp.finish_md, i);
895 s->s3->previous_client_finished_len = i; 915 s->s3->previous_client_finished_len = i;
896 } else { 916 } else {
897 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 917 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
898 memcpy(s->s3->previous_server_finished, 918 memcpy(s->s3->previous_server_finished,
899 s->s3->tmp.finish_md, i); 919 s->s3->tmp.finish_md, i);
900 s->s3->previous_server_finished_len = i; 920 s->s3->previous_server_finished_len = i;
901 } 921 }
902 922
@@ -942,7 +962,7 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
942 s->init_off = 0; 962 s->init_off = 0;
943 963
944 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 964 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
945 s->d1->handshake_write_seq, 0, 0); 965 s->d1->handshake_write_seq, 0, 0);
946 966
947 /* buffer the message to handle re-xmits */ 967 /* buffer the message to handle re-xmits */
948 dtls1_buffer_message(s, 1); 968 dtls1_buffer_message(s, 1);
@@ -961,7 +981,7 @@ dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
961 unsigned char *p; 981 unsigned char *p;
962 982
963 n = i2d_X509(x, NULL); 983 n = i2d_X509(x, NULL);
964 if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) { 984 if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
965 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); 985 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
966 return 0; 986 return 0;
967 } 987 }
@@ -990,7 +1010,8 @@ dtls1_output_cert_chain(SSL *s, X509 *x)
990 if (x != NULL) { 1010 if (x != NULL) {
991 X509_STORE_CTX xs_ctx; 1011 X509_STORE_CTX xs_ctx;
992 1012
993 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) { 1013 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
1014 x, NULL)) {
994 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB); 1015 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
995 return (0); 1016 return (0);
996 } 1017 }
@@ -1031,12 +1052,13 @@ int
1031dtls1_read_failed(SSL *s, int code) 1052dtls1_read_failed(SSL *s, int code)
1032{ 1053{
1033 if (code > 0) { 1054 if (code > 0) {
1034 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); 1055 fprintf(stderr, "invalid state reached %s:%d",
1056 __FILE__, __LINE__);
1035 return 1; 1057 return 1;
1036 } 1058 }
1037 1059
1038 if (!dtls1_is_timer_expired(s)) { 1060 if (!dtls1_is_timer_expired(s)) {
1039 /* not a timeout, none of our business, 1061 /* not a timeout, none of our business,
1040 let higher layers handle this. in fact it's probably an error */ 1062 let higher layers handle this. in fact it's probably an error */
1041 return code; 1063 return code;
1042 } 1064 }
@@ -1057,7 +1079,7 @@ dtls1_read_failed(SSL *s, int code)
1057#if 0 /* no more alert sending, just retransmit the last set of messages */ 1079#if 0 /* no more alert sending, just retransmit the last set of messages */
1058 if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) 1080 if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
1059 ssl3_send_alert(s, SSL3_AL_WARNING, 1081 ssl3_send_alert(s, SSL3_AL_WARNING,
1060 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1082 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1061#endif 1083#endif
1062 1084
1063 return dtls1_handle_timeout(s); 1085 return dtls1_handle_timeout(s);
@@ -1073,7 +1095,7 @@ dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1073 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted. 1095 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
1074 * This does not only differ CSS and Finished, it also maintains the order of the 1096 * This does not only differ CSS and Finished, it also maintains the order of the
1075 * index (important for priority queues) and fits in the unsigned short variable. 1097 * index (important for priority queues) and fits in the unsigned short variable.
1076 */ 1098 */
1077 return seq * 2 - is_ccs; 1099 return seq * 2 - is_ccs;
1078} 1100}
1079 1101
@@ -1088,12 +1110,13 @@ dtls1_retransmit_buffered_messages(SSL *s)
1088 1110
1089 iter = pqueue_iterator(sent); 1111 iter = pqueue_iterator(sent);
1090 1112
1091 for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) { 1113 for (item = pqueue_next(&iter); item != NULL;
1114 item = pqueue_next(&iter)) {
1092 frag = (hm_fragment *)item->data; 1115 frag = (hm_fragment *)item->data;
1093 if (dtls1_retransmit_message(s, 1116 if (dtls1_retransmit_message(s,
1094 (unsigned short)dtls1_get_queue_priority( 1117 (unsigned short)dtls1_get_queue_priority(
1095 frag->msg_header.seq, frag->msg_header.is_ccs), 0, 1118 frag->msg_header.seq, frag->msg_header.is_ccs), 0,
1096 &found) <= 0 && found) { 1119 &found) <= 0 && found) {
1097 fprintf(stderr, "dtls1_retransmit_message() failed\n"); 1120 fprintf(stderr, "dtls1_retransmit_message() failed\n");
1098 return -1; 1121 return -1;
1099 } 1122 }
@@ -1109,7 +1132,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1109 hm_fragment *frag; 1132 hm_fragment *frag;
1110 unsigned char seq64be[8]; 1133 unsigned char seq64be[8];
1111 1134
1112 /* this function is called immediately after a message has 1135 /* this function is called immediately after a message has
1113 * been serialized */ 1136 * been serialized */
1114 OPENSSL_assert(s->init_off == 0); 1137 OPENSSL_assert(s->init_off == 0);
1115 1138
@@ -1119,10 +1142,11 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1119 1142
1120 if (is_ccs) { 1143 if (is_ccs) {
1121 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1144 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1122 ((s->version == DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num); 1145 ((s->version == DTLS1_VERSION) ?
1146 DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
1123 } else { 1147 } else {
1124 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1148 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1125 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); 1149 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1126 } 1150 }
1127 1151
1128 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; 1152 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
@@ -1140,10 +1164,10 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1140 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; 1164 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1141 1165
1142 memset(seq64be, 0, sizeof(seq64be)); 1166 memset(seq64be, 0, sizeof(seq64be));
1143 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, 1167 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
1144 frag->msg_header.is_ccs) >> 8); 1168 frag->msg_header.seq, frag->msg_header.is_ccs) >> 8);
1145 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, 1169 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(
1146 frag->msg_header.is_ccs)); 1170 frag->msg_header.seq, frag->msg_header.is_ccs));
1147 1171
1148 item = pitem_new(seq64be, frag); 1172 item = pitem_new(seq64be, frag);
1149 if (item == NULL) { 1173 if (item == NULL) {
@@ -1200,12 +1224,12 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1200 header_length = DTLS1_HM_HEADER_LENGTH; 1224 header_length = DTLS1_HM_HEADER_LENGTH;
1201 1225
1202 memcpy(s->init_buf->data, frag->fragment, 1226 memcpy(s->init_buf->data, frag->fragment,
1203 frag->msg_header.msg_len + header_length); 1227 frag->msg_header.msg_len + header_length);
1204 s->init_num = frag->msg_header.msg_len + header_length; 1228 s->init_num = frag->msg_header.msg_len + header_length;
1205 1229
1206 dtls1_set_message_header_int(s, frag->msg_header.type, 1230 dtls1_set_message_header_int(s, frag->msg_header.type,
1207 frag->msg_header.msg_len, frag->msg_header.seq, 0, 1231 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1208 frag->msg_header.frag_len); 1232 frag->msg_header.frag_len);
1209 1233
1210 /* save current state */ 1234 /* save current state */
1211 saved_state.enc_write_ctx = s->enc_write_ctx; 1235 saved_state.enc_write_ctx = s->enc_write_ctx;
@@ -1223,13 +1247,16 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1223 s->session = frag->msg_header.saved_retransmit_state.session; 1247 s->session = frag->msg_header.saved_retransmit_state.session;
1224 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; 1248 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1225 1249
1226 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { 1250 if (frag->msg_header.saved_retransmit_state.epoch ==
1227 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); 1251 saved_state.epoch - 1) {
1228 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); 1252 memcpy(save_write_sequence, s->s3->write_sequence,
1253 sizeof(s->s3->write_sequence));
1254 memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
1255 sizeof(s->s3->write_sequence));
1229 } 1256 }
1230 1257
1231 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 1258 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1232 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); 1259 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1233 1260
1234 /* restore current state */ 1261 /* restore current state */
1235 s->enc_write_ctx = saved_state.enc_write_ctx; 1262 s->enc_write_ctx = saved_state.enc_write_ctx;
@@ -1238,9 +1265,12 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1238 s->session = saved_state.session; 1265 s->session = saved_state.session;
1239 s->d1->w_epoch = saved_state.epoch; 1266 s->d1->w_epoch = saved_state.epoch;
1240 1267
1241 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { 1268 if (frag->msg_header.saved_retransmit_state.epoch ==
1242 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); 1269 saved_state.epoch - 1) {
1243 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); 1270 memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
1271 sizeof(s->s3->write_sequence));
1272 memcpy(s->s3->write_sequence, save_write_sequence,
1273 sizeof(s->s3->write_sequence));
1244 } 1274 }
1245 1275
1246 s->d1->retransmitting = 0; 1276 s->d1->retransmitting = 0;
@@ -1262,7 +1292,6 @@ dtls1_clear_record_buffer(SSL *s)
1262 } 1292 }
1263} 1293}
1264 1294
1265
1266unsigned char * 1295unsigned char *
1267dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, 1296dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1268 unsigned long len, unsigned long frag_off, unsigned long frag_len) 1297 unsigned long len, unsigned long frag_off, unsigned long frag_len)
@@ -1274,17 +1303,15 @@ dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1274 } 1303 }
1275 1304
1276 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, 1305 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1277 frag_off, frag_len); 1306 frag_off, frag_len);
1278 1307
1279 return p += DTLS1_HM_HEADER_LENGTH; 1308 return p += DTLS1_HM_HEADER_LENGTH;
1280} 1309}
1281 1310
1282
1283/* don't actually do the writing, wait till the MTU has been retrieved */ 1311/* don't actually do the writing, wait till the MTU has been retrieved */
1284static void 1312static void
1285dtls1_set_message_header_int(SSL *s, unsigned char mt, 1313dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1286 unsigned long len, unsigned short seq_num, unsigned long frag_off, 1314 unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
1287unsigned long frag_len)
1288{ 1315{
1289 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1316 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1290 1317
@@ -1296,8 +1323,7 @@ unsigned long frag_len)
1296} 1323}
1297 1324
1298static void 1325static void
1299dtls1_fix_message_header(SSL *s, unsigned long frag_off, 1326dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
1300 unsigned long frag_len)
1301{ 1327{
1302 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1328 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1303 1329
@@ -1324,7 +1350,7 @@ unsigned int
1324dtls1_min_mtu(void) 1350dtls1_min_mtu(void)
1325{ 1351{
1326 return (g_probable_mtu[(sizeof(g_probable_mtu) / 1352 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1327 sizeof(g_probable_mtu[0])) - 1]); 1353 sizeof(g_probable_mtu[0])) - 1]);
1328} 1354}
1329 1355
1330static unsigned int 1356static unsigned int
@@ -1335,7 +1361,7 @@ dtls1_guess_mtu(unsigned int curr_mtu)
1335 if (curr_mtu == 0) 1361 if (curr_mtu == 0)
1336 return g_probable_mtu[0]; 1362 return g_probable_mtu[0];
1337 1363
1338 for (i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++) 1364 for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++)
1339 if (curr_mtu > g_probable_mtu[i]) 1365 if (curr_mtu > g_probable_mtu[i])
1340 return g_probable_mtu[i]; 1366 return g_probable_mtu[i];
1341 1367
@@ -1343,7 +1369,8 @@ dtls1_guess_mtu(unsigned int curr_mtu)
1343} 1369}
1344 1370
1345void 1371void
1346dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) { 1372dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1373{
1347 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 1374 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
1348 msg_hdr->type = *(data++); 1375 msg_hdr->type = *(data++);
1349 n2l3(data, msg_hdr->msg_len); 1376 n2l3(data, msg_hdr->msg_len);
@@ -1354,7 +1381,8 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) {
1354} 1381}
1355 1382
1356void 1383void
1357dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) { 1384dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
1385{
1358 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); 1386 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1359 1387
1360 ccs_hdr->type = *(data++); 1388 ccs_hdr->type = *(data++);
@@ -1364,6 +1392,7 @@ int
1364dtls1_shutdown(SSL *s) 1392dtls1_shutdown(SSL *s)
1365{ 1393{
1366 int ret; 1394 int ret;
1395
1367#ifndef OPENSSL_NO_SCTP 1396#ifndef OPENSSL_NO_SCTP
1368 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && 1397 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1369 !(s->shutdown & SSL_SENT_SHUTDOWN)) { 1398 !(s->shutdown & SSL_SENT_SHUTDOWN)) {
@@ -1372,7 +1401,8 @@ dtls1_shutdown(SSL *s)
1372 return -1; 1401 return -1;
1373 1402
1374 if (ret == 0) 1403 if (ret == 0)
1375 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL); 1404 BIO_ctrl(SSL_get_wbio(s),
1405 BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
1376 } 1406 }
1377#endif 1407#endif
1378 ret = ssl3_shutdown(s); 1408 ret = ssl3_shutdown(s);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 08:49:39 +0000