d1_both.c (205128) | d1_both.c (215697) |
---|---|
1/* ssl/d1_both.c */ 2/* 3 * DTLS implementation written by Nagendra Modadugu 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 8 * --- 109 unchanged lines hidden (view full) --- 118#include <stdio.h> 119#include "ssl_locl.h" 120#include <openssl/buffer.h> 121#include <openssl/rand.h> 122#include <openssl/objects.h> 123#include <openssl/evp.h> 124#include <openssl/x509.h> 125 | 1/* ssl/d1_both.c */ 2/* 3 * DTLS implementation written by Nagendra Modadugu 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 8 * --- 109 unchanged lines hidden (view full) --- 118#include <stdio.h> 119#include "ssl_locl.h" 120#include <openssl/buffer.h> 121#include <openssl/rand.h> 122#include <openssl/objects.h> 123#include <openssl/evp.h> 124#include <openssl/x509.h> 125 |
126#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) |
|
126 | 127 |
128#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ 129 if ((end) - (start) <= 8) { \ 130 long ii; \ 131 for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ 132 } else { \ 133 long ii; \ 134 bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ 135 for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ 136 bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ 137 } } 138 139#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ 140 long ii; \ 141 OPENSSL_assert((msg_len) > 0); \ 142 is_complete = 1; \ 143 if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ 144 if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ 145 if (bitmask[ii] != 0xff) { is_complete = 0; break; } } 146 147#if 0 148#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ 149 long ii; \ 150 printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \ 151 printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \ 152 printf("\n"); } 153#endif 154 155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; 156static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; 157 |
|
127/* XDTLS: figure out the right values */ 128static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; 129 130static unsigned int dtls1_min_mtu(void); 131static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); 132static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 133 unsigned long frag_len); 134static unsigned char *dtls1_write_message_header(SSL *s, 135 unsigned char *p); 136static void dtls1_set_message_header_int(SSL *s, unsigned char mt, 137 unsigned long len, unsigned short seq_num, unsigned long frag_off, 138 unsigned long frag_len); 139static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 140 long max, int *ok); 141 142static hm_fragment * | 158/* XDTLS: figure out the right values */ 159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; 160 161static unsigned int dtls1_min_mtu(void); 162static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); 163static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 164 unsigned long frag_len); 165static unsigned char *dtls1_write_message_header(SSL *s, 166 unsigned char *p); 167static void dtls1_set_message_header_int(SSL *s, unsigned char mt, 168 unsigned long len, unsigned short seq_num, unsigned long frag_off, 169 unsigned long frag_len); 170static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 171 long max, int *ok); 172 173static hm_fragment * |
143dtls1_hm_fragment_new(unsigned long frag_len) | 174dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) |
144 { 145 hm_fragment *frag = NULL; 146 unsigned char *buf = NULL; | 175 { 176 hm_fragment *frag = NULL; 177 unsigned char *buf = NULL; |
178 unsigned char *bitmask = NULL; |
|
147 148 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); 149 if ( frag == NULL) 150 return NULL; 151 152 if (frag_len) 153 { 154 buf = (unsigned char *)OPENSSL_malloc(frag_len); 155 if ( buf == NULL) 156 { 157 OPENSSL_free(frag); 158 return NULL; 159 } 160 } 161 162 /* zero length fragment gets zero frag->fragment */ 163 frag->fragment = buf; 164 | 179 180 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); 181 if ( frag == NULL) 182 return NULL; 183 184 if (frag_len) 185 { 186 buf = (unsigned char *)OPENSSL_malloc(frag_len); 187 if ( buf == NULL) 188 { 189 OPENSSL_free(frag); 190 return NULL; 191 } 192 } 193 194 /* zero length fragment gets zero frag->fragment */ 195 frag->fragment = buf; 196 |
197 /* Initialize reassembly bitmask if necessary */ 198 if (reassembly) 199 { 200 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); 201 if (bitmask == NULL) 202 { 203 if (buf != NULL) OPENSSL_free(buf); 204 OPENSSL_free(frag); 205 return NULL; 206 } 207 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); 208 } 209 210 frag->reassembly = bitmask; 211 |
|
165 return frag; 166 } 167 168static void 169dtls1_hm_fragment_free(hm_fragment *frag) 170 { 171 if (frag->fragment) OPENSSL_free(frag->fragment); | 212 return frag; 213 } 214 215static void 216dtls1_hm_fragment_free(hm_fragment *frag) 217 { 218 if (frag->fragment) OPENSSL_free(frag->fragment); |
219 if (frag->reassembly) OPENSSL_free(frag->reassembly); |
|
172 OPENSSL_free(frag); 173 } 174 175/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ 176int dtls1_do_write(SSL *s, int type) 177 { 178 int ret; 179 int curr_mtu; --- 178 unchanged lines hidden (view full) --- 358 * maximum acceptable body length 'max'. 359 * Read an entire handshake message. Handshake messages arrive in 360 * fragments. 361 */ 362long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 363 { 364 int i, al; 365 struct hm_header_st *msg_hdr; | 220 OPENSSL_free(frag); 221 } 222 223/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ 224int dtls1_do_write(SSL *s, int type) 225 { 226 int ret; 227 int curr_mtu; --- 178 unchanged lines hidden (view full) --- 406 * maximum acceptable body length 'max'. 407 * Read an entire handshake message. Handshake messages arrive in 408 * fragments. 409 */ 410long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 411 { 412 int i, al; 413 struct hm_header_st *msg_hdr; |
414 unsigned char *p; 415 unsigned long msg_len; |
|
366 367 /* s3->tmp is used to store messages that are unexpected, caused 368 * by the absence of an optional handshake message */ 369 if (s->s3->tmp.reuse_message) 370 { 371 s->s3->tmp.reuse_message=0; 372 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) 373 { 374 al=SSL_AD_UNEXPECTED_MESSAGE; 375 SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); 376 goto f_err; 377 } 378 *ok=1; 379 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 380 s->init_num = (int)s->s3->tmp.message_size; 381 return s->init_num; 382 } 383 384 msg_hdr = &s->d1->r_msg_hdr; | 416 417 /* s3->tmp is used to store messages that are unexpected, caused 418 * by the absence of an optional handshake message */ 419 if (s->s3->tmp.reuse_message) 420 { 421 s->s3->tmp.reuse_message=0; 422 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) 423 { 424 al=SSL_AD_UNEXPECTED_MESSAGE; 425 SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); 426 goto f_err; 427 } 428 *ok=1; 429 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 430 s->init_num = (int)s->s3->tmp.message_size; 431 return s->init_num; 432 } 433 434 msg_hdr = &s->d1->r_msg_hdr; |
385 do 386 { 387 if ( msg_hdr->frag_off == 0) 388 { 389 /* s->d1->r_message_header.msg_len = 0; */ 390 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 391 } | 435 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); |
392 | 436 |
393 i = dtls1_get_message_fragment(s, st1, stn, max, ok); 394 if ( i == DTLS1_HM_BAD_FRAGMENT || 395 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ 396 continue; 397 else if ( i <= 0 && !*ok) 398 return i; | 437again: 438 i = dtls1_get_message_fragment(s, st1, stn, max, ok); 439 if ( i == DTLS1_HM_BAD_FRAGMENT || 440 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ 441 goto again; 442 else if ( i <= 0 && !*ok) 443 return i; |
399 | 444 |
400 /* Note that s->init_sum is used as a counter summing 401 * up fragments' lengths: as soon as they sum up to 402 * handshake packet length, we assume we have got all 403 * the fragments. Overlapping fragments would cause 404 * premature termination, so we don't expect overlaps. 405 * Well, handling overlaps would require something more 406 * drastic. Indeed, as it is now there is no way to 407 * tell if out-of-order fragment from the middle was 408 * the last. '>=' is the best/least we can do to control 409 * the potential damage caused by malformed overlaps. */ 410 if ((unsigned int)s->init_num >= msg_hdr->msg_len) 411 { 412 unsigned char *p = (unsigned char *)s->init_buf->data; 413 unsigned long msg_len = msg_hdr->msg_len; | 445 p = (unsigned char *)s->init_buf->data; 446 msg_len = msg_hdr->msg_len; |
414 | 447 |
415 /* reconstruct message header as if it was 416 * sent in single fragment */ 417 *(p++) = msg_hdr->type; 418 l2n3(msg_len,p); 419 s2n (msg_hdr->seq,p); 420 l2n3(0,p); 421 l2n3(msg_len,p); 422 if (s->client_version != DTLS1_BAD_VER) 423 p -= DTLS1_HM_HEADER_LENGTH, 424 msg_len += DTLS1_HM_HEADER_LENGTH; | 448 /* reconstruct message header */ 449 *(p++) = msg_hdr->type; 450 l2n3(msg_len,p); 451 s2n (msg_hdr->seq,p); 452 l2n3(0,p); 453 l2n3(msg_len,p); 454 if (s->version != DTLS1_BAD_VER) { 455 p -= DTLS1_HM_HEADER_LENGTH; 456 msg_len += DTLS1_HM_HEADER_LENGTH; 457 } |
425 | 458 |
426 ssl3_finish_mac(s, p, msg_len); 427 if (s->msg_callback) 428 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 429 p, msg_len, 430 s, s->msg_callback_arg); | 459 ssl3_finish_mac(s, p, msg_len); 460 if (s->msg_callback) 461 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 462 p, msg_len, 463 s, s->msg_callback_arg); |
431 | 464 |
432 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | 465 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); |
433 | 466 |
434 s->d1->handshake_read_seq++; 435 /* we just read a handshake message from the other side: 436 * this means that we don't need to retransmit of the 437 * buffered messages. 438 * XDTLS: may be able clear out this 439 * buffer a little sooner (i.e if an out-of-order 440 * handshake message/record is received at the record 441 * layer. 442 * XDTLS: exception is that the server needs to 443 * know that change cipher spec and finished messages 444 * have been received by the client before clearing this 445 * buffer. this can simply be done by waiting for the 446 * first data segment, but is there a better way? */ 447 dtls1_clear_record_buffer(s); | 467 s->d1->handshake_read_seq++; 468 /* we just read a handshake message from the other side: 469 * this means that we don't need to retransmit of the 470 * buffered messages. 471 * XDTLS: may be able clear out this 472 * buffer a little sooner (i.e if an out-of-order 473 * handshake message/record is received at the record 474 * layer. 475 * XDTLS: exception is that the server needs to 476 * know that change cipher spec and finished messages 477 * have been received by the client before clearing this 478 * buffer. this can simply be done by waiting for the 479 * first data segment, but is there a better way? */ 480 dtls1_clear_record_buffer(s); |
448 | 481 |
449 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 450 return s->init_num; 451 } 452 else 453 msg_hdr->frag_off = i; 454 } while(1) ; | 482 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 483 return s->init_num; |
455 456f_err: 457 ssl3_send_alert(s,SSL3_AL_FATAL,al); 458 *ok = 0; 459 return -1; 460 } 461 462 --- 59 unchanged lines hidden (view full) --- 522 int al; 523 524 *ok = 0; 525 item = pqueue_peek(s->d1->buffered_messages); 526 if ( item == NULL) 527 return 0; 528 529 frag = (hm_fragment *)item->data; | 484 485f_err: 486 ssl3_send_alert(s,SSL3_AL_FATAL,al); 487 *ok = 0; 488 return -1; 489 } 490 491 --- 59 unchanged lines hidden (view full) --- 551 int al; 552 553 *ok = 0; 554 item = pqueue_peek(s->d1->buffered_messages); 555 if ( item == NULL) 556 return 0; 557 558 frag = (hm_fragment *)item->data; |
559 560 /* Don't return if reassembly still in progress */ 561 if (frag->reassembly != NULL) 562 return 0; |
|
530 531 if ( s->d1->handshake_read_seq == frag->msg_header.seq) 532 { 533 unsigned long frag_len = frag->msg_header.frag_len; 534 pqueue_pop(s->d1->buffered_messages); 535 536 al=dtls1_preprocess_fragment(s,&frag->msg_header,max); 537 --- 19 unchanged lines hidden (view full) --- 557 return -1; 558 } 559 else 560 return 0; 561 } 562 563 564static int | 563 564 if ( s->d1->handshake_read_seq == frag->msg_header.seq) 565 { 566 unsigned long frag_len = frag->msg_header.frag_len; 567 pqueue_pop(s->d1->buffered_messages); 568 569 al=dtls1_preprocess_fragment(s,&frag->msg_header,max); 570 --- 19 unchanged lines hidden (view full) --- 590 return -1; 591 } 592 else 593 return 0; 594 } 595 596 597static int |
598dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) 599 { 600 hm_fragment *frag = NULL; 601 pitem *item = NULL; 602 int i = -1, is_complete; 603 PQ_64BIT seq64; 604 unsigned long frag_len = msg_hdr->frag_len, max_len; 605 606 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 607 goto err; 608 609 /* Determine maximum allowed message size. Depends on (user set) 610 * maximum certificate length, but 16k is minimum. 611 */ 612 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list) 613 max_len = s->max_cert_list; 614 else 615 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; 616 617 if ((msg_hdr->frag_off+frag_len) > max_len) 618 goto err; 619 620 /* Try to find item in queue */ 621 pq_64bit_init(&seq64); 622 pq_64bit_assign_word(&seq64, msg_hdr->seq); 623 item = pqueue_find(s->d1->buffered_messages, seq64); 624 pq_64bit_free(&seq64); 625 626 if (item == NULL) 627 { 628 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); 629 if ( frag == NULL) 630 goto err; 631 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 632 frag->msg_header.frag_len = frag->msg_header.msg_len; 633 frag->msg_header.frag_off = 0; 634 } 635 else 636 frag = (hm_fragment*) item->data; 637 638 /* If message is already reassembled, this must be a 639 * retransmit and can be dropped. 640 */ 641 if (frag->reassembly == NULL) 642 { 643 unsigned char devnull [256]; 644 645 while (frag_len) 646 { 647 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 648 devnull, 649 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); 650 if (i<=0) goto err; 651 frag_len -= i; 652 } 653 return DTLS1_HM_FRAGMENT_RETRY; 654 } 655 656 /* read the body of the fragment (header has already been read */ 657 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 658 frag->fragment + msg_hdr->frag_off,frag_len,0); 659 if (i<=0 || (unsigned long)i!=frag_len) 660 goto err; 661 662 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, 663 (long)(msg_hdr->frag_off + frag_len)); 664 665 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, 666 is_complete); 667 668 if (is_complete) 669 { 670 OPENSSL_free(frag->reassembly); 671 frag->reassembly = NULL; 672 } 673 674 if (item == NULL) 675 { 676 pq_64bit_init(&seq64); 677 pq_64bit_assign_word(&seq64, msg_hdr->seq); 678 item = pitem_new(seq64, frag); 679 pq_64bit_free(&seq64); 680 681 if (item == NULL) 682 { 683 goto err; 684 i = -1; 685 } 686 687 pqueue_insert(s->d1->buffered_messages, item); 688 } 689 690 return DTLS1_HM_FRAGMENT_RETRY; 691 692err: 693 if (frag != NULL) dtls1_hm_fragment_free(frag); 694 if (item != NULL) OPENSSL_free(item); 695 *ok = 0; 696 return i; 697 } 698 699 700static int |
|
565dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) 566{ 567 int i=-1; 568 hm_fragment *frag = NULL; 569 pitem *item = NULL; 570 PQ_64BIT seq64; 571 unsigned long frag_len = msg_hdr->frag_len; 572 573 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 574 goto err; 575 576 /* Try to find item in queue, to prevent duplicate entries */ 577 pq_64bit_init(&seq64); 578 pq_64bit_assign_word(&seq64, msg_hdr->seq); 579 item = pqueue_find(s->d1->buffered_messages, seq64); 580 pq_64bit_free(&seq64); | 701dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) 702{ 703 int i=-1; 704 hm_fragment *frag = NULL; 705 pitem *item = NULL; 706 PQ_64BIT seq64; 707 unsigned long frag_len = msg_hdr->frag_len; 708 709 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 710 goto err; 711 712 /* Try to find item in queue, to prevent duplicate entries */ 713 pq_64bit_init(&seq64); 714 pq_64bit_assign_word(&seq64, msg_hdr->seq); 715 item = pqueue_find(s->d1->buffered_messages, seq64); 716 pq_64bit_free(&seq64); |
581 | 717 718 /* If we already have an entry and this one is a fragment, 719 * don't discard it and rather try to reassemble it. 720 */ 721 if (item != NULL && frag_len < msg_hdr->msg_len) 722 item = NULL; 723 |
582 /* Discard the message if sequence number was already there, is 583 * too far in the future, already in the queue or if we received 584 * a FINISHED before the SERVER_HELLO, which then must be a stale 585 * retransmit. 586 */ 587 if (msg_hdr->seq <= s->d1->handshake_read_seq || 588 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || 589 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) --- 4 unchanged lines hidden (view full) --- 594 { 595 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 596 devnull, 597 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); 598 if (i<=0) goto err; 599 frag_len -= i; 600 } 601 } | 724 /* Discard the message if sequence number was already there, is 725 * too far in the future, already in the queue or if we received 726 * a FINISHED before the SERVER_HELLO, which then must be a stale 727 * retransmit. 728 */ 729 if (msg_hdr->seq <= s->d1->handshake_read_seq || 730 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || 731 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) --- 4 unchanged lines hidden (view full) --- 736 { 737 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 738 devnull, 739 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); 740 if (i<=0) goto err; 741 frag_len -= i; 742 } 743 } |
744 else 745 { 746 if (frag_len && frag_len < msg_hdr->msg_len) 747 return dtls1_reassemble_fragment(s, msg_hdr, ok); |
|
602 | 748 |
603 if (frag_len) 604 { 605 frag = dtls1_hm_fragment_new(frag_len); | 749 frag = dtls1_hm_fragment_new(frag_len, 0); |
606 if ( frag == NULL) 607 goto err; 608 609 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 610 | 750 if ( frag == NULL) 751 goto err; 752 753 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 754 |
611 /* read the body of the fragment (header has already been read) */ 612 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 613 frag->fragment,frag_len,0); 614 if (i<=0 || (unsigned long)i!=frag_len) 615 goto err; | 755 if (frag_len) 756 { 757 /* read the body of the fragment (header has already been read) */ 758 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 759 frag->fragment,frag_len,0); 760 if (i<=0 || (unsigned long)i!=frag_len) 761 goto err; 762 } |
616 617 pq_64bit_init(&seq64); 618 pq_64bit_assign_word(&seq64, msg_hdr->seq); 619 620 item = pitem_new(seq64, frag); 621 pq_64bit_free(&seq64); 622 if ( item == NULL) 623 goto err; 624 625 pqueue_insert(s->d1->buffered_messages, item); | 763 764 pq_64bit_init(&seq64); 765 pq_64bit_assign_word(&seq64, msg_hdr->seq); 766 767 item = pitem_new(seq64, frag); 768 pq_64bit_free(&seq64); 769 if ( item == NULL) 770 goto err; 771 772 pqueue_insert(s->d1->buffered_messages, item); |
626 } | 773 } |
627 628 return DTLS1_HM_FRAGMENT_RETRY; 629 630err: 631 if ( frag != NULL) dtls1_hm_fragment_free(frag); 632 if ( item != NULL) OPENSSL_free(item); 633 *ok = 0; 634 return i; 635 } 636 637 638static long 639dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) 640 { 641 unsigned char wire[DTLS1_HM_HEADER_LENGTH]; | 774 775 return DTLS1_HM_FRAGMENT_RETRY; 776 777err: 778 if ( frag != NULL) dtls1_hm_fragment_free(frag); 779 if ( item != NULL) OPENSSL_free(item); 780 *ok = 0; 781 return i; 782 } 783 784 785static long 786dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) 787 { 788 unsigned char wire[DTLS1_HM_HEADER_LENGTH]; |
642 unsigned long l, frag_off, frag_len; | 789 unsigned long len, frag_off, frag_len; |
643 int i,al; 644 struct hm_header_st msg_hdr; 645 646 /* see if we have the required fragment already */ 647 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) 648 { | 790 int i,al; 791 struct hm_header_st msg_hdr; 792 793 /* see if we have the required fragment already */ 794 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) 795 { |
649 if (*ok) s->init_num += frag_len; | 796 if (*ok) s->init_num = frag_len; |
650 return frag_len; 651 } 652 653 /* read handshake message header */ 654 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, 655 DTLS1_HM_HEADER_LENGTH, 0); 656 if (i <= 0) /* nbio, or an error */ 657 { --- 8 unchanged lines hidden (view full) --- 666 667 /* 668 * if this is a future (or stale) message it gets buffered 669 * (or dropped)--no further processing at this time 670 */ 671 if ( msg_hdr.seq != s->d1->handshake_read_seq) 672 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 673 | 797 return frag_len; 798 } 799 800 /* read handshake message header */ 801 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, 802 DTLS1_HM_HEADER_LENGTH, 0); 803 if (i <= 0) /* nbio, or an error */ 804 { --- 8 unchanged lines hidden (view full) --- 813 814 /* 815 * if this is a future (or stale) message it gets buffered 816 * (or dropped)--no further processing at this time 817 */ 818 if ( msg_hdr.seq != s->d1->handshake_read_seq) 819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 820 |
674 l = msg_hdr.msg_len; | 821 len = msg_hdr.msg_len; |
675 frag_off = msg_hdr.frag_off; 676 frag_len = msg_hdr.frag_len; 677 | 822 frag_off = msg_hdr.frag_off; 823 frag_len = msg_hdr.frag_len; 824 |
825 if (frag_len && frag_len < len) 826 return dtls1_reassemble_fragment(s, &msg_hdr, ok); 827 |
|
678 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && 679 wire[0] == SSL3_MT_HELLO_REQUEST) 680 { 681 /* The server may always send 'Hello Request' messages -- 682 * we are doing a handshake anyway now, so ignore them 683 * if their format is correct. Does not count for 684 * 'Finished' MAC. */ 685 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) --- 43 unchanged lines hidden (view full) --- 729 OPENSSL_assert(i == (int)frag_len); 730 731 *ok = 1; 732 733 /* Note that s->init_num is *not* used as current offset in 734 * s->init_buf->data, but as a counter summing up fragments' 735 * lengths: as soon as they sum up to handshake packet 736 * length, we assume we have got all the fragments. */ | 828 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && 829 wire[0] == SSL3_MT_HELLO_REQUEST) 830 { 831 /* The server may always send 'Hello Request' messages -- 832 * we are doing a handshake anyway now, so ignore them 833 * if their format is correct. Does not count for 834 * 'Finished' MAC. */ 835 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) --- 43 unchanged lines hidden (view full) --- 879 OPENSSL_assert(i == (int)frag_len); 880 881 *ok = 1; 882 883 /* Note that s->init_num is *not* used as current offset in 884 * s->init_buf->data, but as a counter summing up fragments' 885 * lengths: as soon as they sum up to handshake packet 886 * length, we assume we have got all the fragments. */ |
737 s->init_num += frag_len; | 887 s->init_num = frag_len; |
738 return frag_len; 739 740f_err: 741 ssl3_send_alert(s,SSL3_AL_FATAL,al); 742 s->init_num = 0; 743 744 *ok=0; 745 return(-1); --- 137 unchanged lines hidden (view full) --- 883 884 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) 885 { 886 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 887 return(0); 888 } 889 890 X509_verify_cert(&xs_ctx); | 888 return frag_len; 889 890f_err: 891 ssl3_send_alert(s,SSL3_AL_FATAL,al); 892 s->init_num = 0; 893 894 *ok=0; 895 return(-1); --- 137 unchanged lines hidden (view full) --- 1033 1034 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) 1035 { 1036 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 1037 return(0); 1038 } 1039 1040 X509_verify_cert(&xs_ctx); |
1041 /* Don't leave errors in the queue */ 1042 ERR_clear_error(); |
|
891 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) 892 { 893 x = sk_X509_value(xs_ctx.chain, i); 894 895 if (!dtls1_add_cert_to_buf(buf, &l, x)) 896 { 897 X509_STORE_CTX_cleanup(&xs_ctx); 898 return 0; --- 106 unchanged lines hidden (view full) --- 1005 pitem *item; 1006 hm_fragment *frag; 1007 PQ_64BIT seq64; 1008 1009 /* this function is called immediately after a message has 1010 * been serialized */ 1011 OPENSSL_assert(s->init_off == 0); 1012 | 1043 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) 1044 { 1045 x = sk_X509_value(xs_ctx.chain, i); 1046 1047 if (!dtls1_add_cert_to_buf(buf, &l, x)) 1048 { 1049 X509_STORE_CTX_cleanup(&xs_ctx); 1050 return 0; --- 106 unchanged lines hidden (view full) --- 1157 pitem *item; 1158 hm_fragment *frag; 1159 PQ_64BIT seq64; 1160 1161 /* this function is called immediately after a message has 1162 * been serialized */ 1163 OPENSSL_assert(s->init_off == 0); 1164 |
1013 frag = dtls1_hm_fragment_new(s->init_num); | 1165 frag = dtls1_hm_fragment_new(s->init_num, 0); |
1014 1015 memcpy(frag->fragment, s->init_buf->data, s->init_num); 1016 1017 if ( is_ccs) 1018 { 1019 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1020 DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num); 1021 } --- 249 unchanged lines hidden --- | 1166 1167 memcpy(frag->fragment, s->init_buf->data, s->init_num); 1168 1169 if ( is_ccs) 1170 { 1171 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1172 DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num); 1173 } --- 249 unchanged lines hidden --- |