1/* ssl/d1_pkt.c */ 2/* 3 * DTLS implementation written by Nagendra Modadugu 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 8 * --- 125 unchanged lines hidden (view full) --- 134 unsigned short *priority, unsigned long *offset); 135#endif 136static int dtls1_buffer_record(SSL *s, record_pqueue *q, 137 PQ_64BIT *priority); 138static int dtls1_process_record(SSL *s); 139#if PQ_64BIT_IS_INTEGER 140static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num); 141#endif |
142 143/* copy buffered record into SSL structure */ 144static int 145dtls1_copy_record(SSL *s, pitem *item) 146 { 147 DTLS1_RECORD_DATA *rdata; 148 149 rdata = (DTLS1_RECORD_DATA *)item->data; --- 179 unchanged lines hidden (view full) --- 329{ 330 int al; 331 int clear=0; 332 int enc_err; 333 SSL_SESSION *sess; 334 SSL3_RECORD *rr; 335 unsigned int mac_size; 336 unsigned char md[EVP_MAX_MD_SIZE]; |
337 int decryption_failed_or_bad_record_mac = 0; 338 unsigned char *mac = NULL; |
339 340 341 rr= &(s->s3->rrec); 342 sess = s->session; 343 344 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 345 * and we have that many bytes in s->packet 346 */ --- 18 unchanged lines hidden (view full) --- 365 } 366 367 /* decrypt in place in 'rr->input' */ 368 rr->data=rr->input; 369 370 enc_err = s->method->ssl3_enc->enc(s,0); 371 if (enc_err <= 0) 372 { |
373 /* To minimize information leaked via timing, we will always 374 * perform all computations before discarding the message. 375 */ 376 decryption_failed_or_bad_record_mac = 1; |
377 } 378 379#ifdef TLS_DEBUG 380printf("dec %d\n",rr->length); 381{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 382printf("\n"); 383#endif 384 --- 9 unchanged lines hidden (view full) --- 394 395 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 396 { 397#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ 398 al=SSL_AD_RECORD_OVERFLOW; 399 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 400 goto f_err; 401#else |
402 decryption_failed_or_bad_record_mac = 1; |
403#endif 404 } 405 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ |
406 if (rr->length >= mac_size) |
407 { |
408 rr->length -= mac_size; 409 mac = &rr->data[rr->length]; |
410 } |
411 else 412 rr->length = 0; |
413 s->method->ssl3_enc->mac(s,md,0); |
414 if (mac == NULL || memcmp(md, mac, mac_size) != 0) |
415 { |
416 decryption_failed_or_bad_record_mac = 1; |
417 } 418 } 419 |
420 if (decryption_failed_or_bad_record_mac) 421 { 422 /* decryption failed, silently discard message */ 423 rr->length = 0; 424 s->packet_length = 0; 425 goto err; 426 } 427 |
428 /* r->length is now just compressed */ 429 if (s->expand != NULL) 430 { 431 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) 432 { 433 al=SSL_AD_RECORD_OVERFLOW; 434 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); 435 goto f_err; --- 177 unchanged lines hidden (view full) --- 613 goto again; /* get another record */ 614 } 615 616 /* just read a 0 length packet */ 617 if (rr->length == 0) goto again; 618 619 /* If this record is from the next epoch (either HM or ALERT), 620 * and a handshake is currently in progress, buffer it since it |
621 * cannot be processed at this time. However, do not buffer 622 * anything while listening. 623 */ |
624 if (is_next_epoch) 625 { |
626 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) |
627 { 628 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num); 629 } 630 rr->length = 0; 631 s->packet_length = 0; 632 goto again; 633 } 634 635 if (!dtls1_process_record(s)) 636 { 637 rr->length = 0; 638 s->packet_length=0; /* dump this record */ 639 goto again; /* get another record */ 640 } 641 |
642 return(1); 643 644 } 645 646/* Return up to 'len' payload bytes received in 'type' records. 647 * 'type' is one of the following: 648 * 649 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) --- 452 unchanged lines hidden (view full) --- 1102 goto start; 1103 } 1104 1105 /* If we are server, we may have a repeated FINISHED of the 1106 * client here, then retransmit our CCS and FINISHED. 1107 */ 1108 if (msg_hdr.type == SSL3_MT_FINISHED) 1109 { |
1110 if (dtls1_check_timeout_num(s) < 0) 1111 return -1; 1112 |
1113 dtls1_retransmit_buffered_messages(s); 1114 rr->length = 0; 1115 goto start; 1116 } 1117 1118 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1119 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1120 { --- 687 unchanged lines hidden (view full) --- 1808 (((PQ_64BIT)bytes[5]) << 16) | 1809 (((PQ_64BIT)bytes[6]) << 8) | 1810 (((PQ_64BIT)bytes[7]) ); 1811 1812 *num = _num ; 1813 return _num; 1814 } 1815#endif |