d1_pkt.c (205128) | d1_pkt.c (215697) |
---|---|
1/* ssl/d1_pkt.c */ 2/* 3 * DTLS implementation written by Nagendra Modadugu 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 8 * --- 142 unchanged lines hidden (view full) --- 151 152 if (s->s3->rbuf.buf != NULL) 153 OPENSSL_free(s->s3->rbuf.buf); 154 155 s->packet = rdata->packet; 156 s->packet_length = rdata->packet_length; 157 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 158 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); | 1/* ssl/d1_pkt.c */ 2/* 3 * DTLS implementation written by Nagendra Modadugu 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 8 * --- 142 unchanged lines hidden (view full) --- 151 152 if (s->s3->rbuf.buf != NULL) 153 OPENSSL_free(s->s3->rbuf.buf); 154 155 s->packet = rdata->packet; 156 s->packet_length = rdata->packet_length; 157 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 158 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); |
159 160 /* Set proper sequence number for mac calculation */ 161 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); |
|
159 160 return(1); 161 } 162 163 164static int 165dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT *priority) 166{ --- 81 unchanged lines hidden (view full) --- 248static int 249dtls1_process_buffered_records(SSL *s) 250 { 251 pitem *item; 252 253 item = pqueue_peek(s->d1->unprocessed_rcds.q); 254 if (item) 255 { | 162 163 return(1); 164 } 165 166 167static int 168dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT *priority) 169{ --- 81 unchanged lines hidden (view full) --- 251static int 252dtls1_process_buffered_records(SSL *s) 253 { 254 pitem *item; 255 256 item = pqueue_peek(s->d1->unprocessed_rcds.q); 257 if (item) 258 { |
256 DTLS1_RECORD_DATA *rdata; 257 rdata = (DTLS1_RECORD_DATA *)item->data; 258 | |
259 /* Check if epoch is current. */ 260 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) 261 return(1); /* Nothing to do. */ 262 263 /* Process all the records. */ 264 while (pqueue_peek(s->d1->unprocessed_rcds.q)) 265 { 266 dtls1_get_unprocessed_record(s); --- 56 unchanged lines hidden (view full) --- 323 return 0; 324 } 325 326#endif 327 328static int 329dtls1_process_record(SSL *s) 330{ | 259 /* Check if epoch is current. */ 260 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) 261 return(1); /* Nothing to do. */ 262 263 /* Process all the records. */ 264 while (pqueue_peek(s->d1->unprocessed_rcds.q)) 265 { 266 dtls1_get_unprocessed_record(s); --- 56 unchanged lines hidden (view full) --- 323 return 0; 324 } 325 326#endif 327 328static int 329dtls1_process_record(SSL *s) 330{ |
331 int i,al; | 331 int al; |
332 int clear=0; 333 int enc_err; 334 SSL_SESSION *sess; 335 SSL3_RECORD *rr; 336 unsigned int mac_size; 337 unsigned char md[EVP_MAX_MD_SIZE]; 338 339 --- 29 unchanged lines hidden (view full) --- 369 enc_err = s->method->ssl3_enc->enc(s,0); 370 if (enc_err <= 0) 371 { 372 if (enc_err == 0) 373 /* SSLerr() and ssl3_send_alert() have been called */ 374 goto err; 375 376 /* otherwise enc_err == -1 */ | 332 int clear=0; 333 int enc_err; 334 SSL_SESSION *sess; 335 SSL3_RECORD *rr; 336 unsigned int mac_size; 337 unsigned char md[EVP_MAX_MD_SIZE]; 338 339 --- 29 unchanged lines hidden (view full) --- 369 enc_err = s->method->ssl3_enc->enc(s,0); 370 if (enc_err <= 0) 371 { 372 if (enc_err == 0) 373 /* SSLerr() and ssl3_send_alert() have been called */ 374 goto err; 375 376 /* otherwise enc_err == -1 */ |
377 goto decryption_failed_or_bad_record_mac; | 377 goto err; |
378 } 379 380#ifdef TLS_DEBUG 381printf("dec %d\n",rr->length); 382{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 383printf("\n"); 384#endif 385 --- 9 unchanged lines hidden (view full) --- 395 396 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 397 { 398#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ 399 al=SSL_AD_RECORD_OVERFLOW; 400 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 401 goto f_err; 402#else | 378 } 379 380#ifdef TLS_DEBUG 381printf("dec %d\n",rr->length); 382{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 383printf("\n"); 384#endif 385 --- 9 unchanged lines hidden (view full) --- 395 396 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 397 { 398#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ 399 al=SSL_AD_RECORD_OVERFLOW; 400 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 401 goto f_err; 402#else |
403 goto decryption_failed_or_bad_record_mac; | 403 goto err; |
404#endif 405 } 406 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 407 if (rr->length < mac_size) 408 { 409#if 0 /* OK only for stream ciphers */ 410 al=SSL_AD_DECODE_ERROR; 411 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); 412 goto f_err; 413#else | 404#endif 405 } 406 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 407 if (rr->length < mac_size) 408 { 409#if 0 /* OK only for stream ciphers */ 410 al=SSL_AD_DECODE_ERROR; 411 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); 412 goto f_err; 413#else |
414 goto decryption_failed_or_bad_record_mac; | 414 goto err; |
415#endif 416 } 417 rr->length-=mac_size; | 415#endif 416 } 417 rr->length-=mac_size; |
418 i=s->method->ssl3_enc->mac(s,md,0); | 418 s->method->ssl3_enc->mac(s,md,0); |
419 if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) 420 { | 419 if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) 420 { |
421 goto decryption_failed_or_bad_record_mac; | 421 goto err; |
422 } 423 } 424 425 /* r->length is now just compressed */ 426 if (s->expand != NULL) 427 { 428 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) 429 { --- 25 unchanged lines hidden (view full) --- 455 * after use :-). 456 */ 457 458 /* we have pulled in a full packet so zero things */ 459 s->packet_length=0; 460 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ 461 return(1); 462 | 422 } 423 } 424 425 /* r->length is now just compressed */ 426 if (s->expand != NULL) 427 { 428 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) 429 { --- 25 unchanged lines hidden (view full) --- 455 * after use :-). 456 */ 457 458 /* we have pulled in a full packet so zero things */ 459 s->packet_length=0; 460 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ 461 return(1); 462 |
463decryption_failed_or_bad_record_mac: 464 /* Separate 'decryption_failed' alert was introduced with TLS 1.0, 465 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption 466 * failure is directly visible from the ciphertext anyway, 467 * we should not reveal which kind of error occured -- this 468 * might become visible to an attacker (e.g. via logfile) */ 469 al=SSL_AD_BAD_RECORD_MAC; 470 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | |
471f_err: 472 ssl3_send_alert(s,SSL3_AL_FATAL,al); 473err: 474 return(0); 475} 476 477 478/* Call this to get a new input record. --- 5 unchanged lines hidden (view full) --- 484 * ssl->s3->rrec.length, - number of bytes 485 */ 486/* used only by dtls1_read_bytes */ 487int dtls1_get_record(SSL *s) 488 { 489 int ssl_major,ssl_minor; 490 int i,n; 491 SSL3_RECORD *rr; | 463f_err: 464 ssl3_send_alert(s,SSL3_AL_FATAL,al); 465err: 466 return(0); 467} 468 469 470/* Call this to get a new input record. --- 5 unchanged lines hidden (view full) --- 476 * ssl->s3->rrec.length, - number of bytes 477 */ 478/* used only by dtls1_read_bytes */ 479int dtls1_get_record(SSL *s) 480 { 481 int ssl_major,ssl_minor; 482 int i,n; 483 SSL3_RECORD *rr; |
492 SSL_SESSION *sess; | |
493 unsigned char *p = NULL; 494 unsigned short version; 495 DTLS1_BITMAP *bitmap; 496 unsigned int is_next_epoch; 497 498 rr= &(s->s3->rrec); | 484 unsigned char *p = NULL; 485 unsigned short version; 486 DTLS1_BITMAP *bitmap; 487 unsigned int is_next_epoch; 488 489 rr= &(s->s3->rrec); |
499 sess=s->session; | |
500 501 /* The epoch may have changed. If so, process all the 502 * pending records. This is a non-blocking operation. */ | 490 491 /* The epoch may have changed. If so, process all the 492 * pending records. This is a non-blocking operation. */ |
503 if ( ! dtls1_process_buffered_records(s)) 504 return 0; | 493 dtls1_process_buffered_records(s); |
505 506 /* if we're renegotiating, then there may be buffered records */ 507 if (dtls1_get_processed_record(s)) 508 return 1; 509 510 /* get something from the wire */ 511again: 512 /* check if we have the header */ --- 106 unchanged lines hidden (view full) --- 619 rr->length = 0; 620 s->packet_length=0; /* dump this record */ 621 goto again; /* get another record */ 622 } 623 624 /* just read a 0 length packet */ 625 if (rr->length == 0) goto again; 626 | 494 495 /* if we're renegotiating, then there may be buffered records */ 496 if (dtls1_get_processed_record(s)) 497 return 1; 498 499 /* get something from the wire */ 500again: 501 /* check if we have the header */ --- 106 unchanged lines hidden (view full) --- 608 rr->length = 0; 609 s->packet_length=0; /* dump this record */ 610 goto again; /* get another record */ 611 } 612 613 /* just read a 0 length packet */ 614 if (rr->length == 0) goto again; 615 |
627 /* If this record is from the next epoch (either HM or ALERT), buffer it 628 * since it cannot be processed at this time. 629 * Records from the next epoch are marked as received even though they are 630 * not processed, so as to prevent any potential resource DoS attack */ 631 if (is_next_epoch) 632 { 633 dtls1_record_bitmap_update(s, bitmap); 634 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num); 635 rr->length = 0; | 616 /* If this record is from the next epoch (either HM or ALERT), 617 * and a handshake is currently in progress, buffer it since it 618 * cannot be processed at this time. */ 619 if (is_next_epoch) 620 { 621 if (SSL_in_init(s) || s->in_handshake) 622 { 623 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num); 624 } 625 rr->length = 0; |
636 s->packet_length = 0; 637 goto again; 638 } 639 | 626 s->packet_length = 0; 627 goto again; 628 } 629 |
640 if ( ! dtls1_process_record(s)) 641 return(0); | 630 if (!dtls1_process_record(s)) 631 { 632 rr->length = 0; 633 s->packet_length=0; /* dump this record */ 634 goto again; /* get another record */ 635 } |
642 643 dtls1_clear_timeouts(s); /* done waiting */ 644 return(1); 645 646 } 647 648/* Return up to 'len' payload bytes received in 'type' records. 649 * 'type' is one of the following: --- 111 unchanged lines hidden (view full) --- 761 * reset by ssl3_get_finished */ 762 && (rr->type != SSL3_RT_HANDSHAKE)) 763 { 764 /* We now have application data between CCS and Finished. 765 * Most likely the packets were reordered on their way, so 766 * buffer the application data for later processing rather 767 * than dropping the connection. 768 */ | 636 637 dtls1_clear_timeouts(s); /* done waiting */ 638 return(1); 639 640 } 641 642/* Return up to 'len' payload bytes received in 'type' records. 643 * 'type' is one of the following: --- 111 unchanged lines hidden (view full) --- 755 * reset by ssl3_get_finished */ 756 && (rr->type != SSL3_RT_HANDSHAKE)) 757 { 758 /* We now have application data between CCS and Finished. 759 * Most likely the packets were reordered on their way, so 760 * buffer the application data for later processing rather 761 * than dropping the connection. 762 */ |
769 dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0); | 763 dtls1_buffer_record(s, &(s->d1->buffered_app_data), &rr->seq_num); |
770 rr->length = 0; 771 goto start; 772 } 773 774 /* If the other end has shut down, throw anything we read away 775 * (even in 'peek' mode) */ 776 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 777 { --- 1044 unchanged lines hidden --- | 764 rr->length = 0; 765 goto start; 766 } 767 768 /* If the other end has shut down, throw anything we read away 769 * (even in 'peek' mode) */ 770 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 771 { --- 1044 unchanged lines hidden --- |