projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Thread-safety fixes
[oweals/openssl.git]
/
ssl
/
d1_both.c
diff --git
a/ssl/d1_both.c
b/ssl/d1_both.c
index 68908810bda3603940f70975eb8c17c9583ce9c8..b746a50dd718d2a8104160ce2c25af3f877ff88b 100644
(file)
--- a/
ssl/d1_both.c
+++ b/
ssl/d1_both.c
@@
-222,7
+222,7
@@
int dtls1_do_write(SSL *s, int type)
if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
- s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+
(int)
s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
frag_off = 0;
while( s->init_num)
frag_off = 0;
while( s->init_num)
@@
-262,7
+262,7
@@
int dtls1_do_write(SSL *s, int type)
dtls1_fix_message_header(s, frag_off,
len - DTLS1_HM_HEADER_LENGTH);
dtls1_fix_message_header(s, frag_off,
len - DTLS1_HM_HEADER_LENGTH);
- dtls1_write_message_header(s, &s->init_buf->data[s->init_off]);
+ dtls1_write_message_header(s,
(unsigned char *)
&s->init_buf->data[s->init_off]);
OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
}
OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
}
@@
-289,7
+289,7
@@
int dtls1_do_write(SSL *s, int type)
/* bad if this assert fails, only part of the handshake
* message got sent. but why would this happen? */
/* bad if this assert fails, only part of the handshake
* message got sent. but why would this happen? */
- OPENSSL_assert(len == ret);
+ OPENSSL_assert(len ==
(unsigned int)
ret);
if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
/* should not be done for 'Hello Request's, but in that case
if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
/* should not be done for 'Hello Request's, but in that case
@@
-324,8
+324,7
@@
int dtls1_do_write(SSL *s, int type)
* Read an entire handshake message. Handshake messages arrive in
* fragments.
*/
* Read an entire handshake message. Handshake messages arrive in
* fragments.
*/
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max,
- int *ok)
+long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
int i, al;
{
int i, al;
@@
-337,7
+336,7
@@
long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max,
if ((mt >= 0) && (s->s3->tmp.message_type != mt))
{
al=SSL_AD_UNEXPECTED_MESSAGE;
if ((mt >= 0) && (s->s3->tmp.message_type != mt))
{
al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_
SSL3
_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_
DTLS1
_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
*ok=1;
goto f_err;
}
*ok=1;
@@
-361,7
+360,7
@@
long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max,
else if ( i <= 0 && !*ok)
return i;
else if ( i <= 0 && !*ok)
return i;
- if (s->d1->r_msg_hdr.msg_len == s->init_num - DTLS1_HM_HEADER_LENGTH)
+ if (s->d1->r_msg_hdr.msg_len ==
(unsigned int)
s->init_num - DTLS1_HM_HEADER_LENGTH)
{
memset(&(s->d1->r_msg_hdr), 0x00, sizeof(struct hm_header_st));
{
memset(&(s->d1->r_msg_hdr), 0x00, sizeof(struct hm_header_st));
@@
-414,7
+413,7
@@
dtls1_retrieve_buffered_fragment(SSL *s, unsigned long *copied)
frag = (hm_fragment *)item->data;
if ( s->d1->handshake_read_seq == frag->msg_header.seq &&
frag = (hm_fragment *)item->data;
if ( s->d1->handshake_read_seq == frag->msg_header.seq &&
- frag->msg_header.frag_off <= s->init_num - DTLS1_HM_HEADER_LENGTH)
+ frag->msg_header.frag_off <=
(unsigned int)
s->init_num - DTLS1_HM_HEADER_LENGTH)
{
pqueue_pop(s->d1->buffered_messages);
overlap = s->init_num - DTLS1_HM_HEADER_LENGTH
{
pqueue_pop(s->d1->buffered_messages);
overlap = s->init_num - DTLS1_HM_HEADER_LENGTH
@@
-443,6
+442,7
@@
dtls1_buffer_handshake_fragment(SSL *s, struct hm_header_st* msg_hdr)
{
hm_fragment *frag = NULL;
pitem *item = NULL;
{
hm_fragment *frag = NULL;
pitem *item = NULL;
+ PQ_64BIT seq64;
frag = dtls1_hm_fragment_new(msg_hdr->frag_len);
if ( frag == NULL)
frag = dtls1_hm_fragment_new(msg_hdr->frag_len);
if ( frag == NULL)
@@
-453,10
+453,15
@@
dtls1_buffer_handshake_fragment(SSL *s, struct hm_header_st* msg_hdr)
memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
- item = pitem_new(msg_hdr->seq, frag);
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
+
+ item = pitem_new(seq64, frag);
if ( item == NULL)
goto err;
if ( item == NULL)
goto err;
+ pq_64bit_free(&seq64);
+
pqueue_insert(s->d1->buffered_messages, item);
return 1;
pqueue_insert(s->d1->buffered_messages, item);
return 1;
@@
-472,7
+477,7
@@
dtls1_process_handshake_fragment(SSL *s, int frag_len)
{
unsigned char *p;
{
unsigned char *p;
- p = s->init_buf->data;
+ p =
(unsigned char *)
s->init_buf->data;
ssl3_finish_mac(s, &p[s->init_num - frag_len], frag_len);
}
ssl3_finish_mac(s, &p[s->init_num - frag_len], frag_len);
}
@@
-488,11
+493,11
@@
dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st *msg_hdr, int *ok)
if ( (int)msg_hdr->frag_len && !BUF_MEM_grow_clean(s->init_buf,
(int)msg_hdr->frag_len + DTLS1_HM_HEADER_LENGTH + s->init_num))
{
if ( (int)msg_hdr->frag_len && !BUF_MEM_grow_clean(s->init_buf,
(int)msg_hdr->frag_len + DTLS1_HM_HEADER_LENGTH + s->init_num))
{
- SSLerr(SSL_F_
SSL3_GET
_MESSAGE,ERR_R_BUF_LIB);
+ SSLerr(SSL_F_
DTLS1_PROCESS_OUT_OF_SEQ
_MESSAGE,ERR_R_BUF_LIB);
goto err;
}
goto err;
}
- p = s->init_buf->data;
+ p =
(unsigned char *)
s->init_buf->data;
/* read the body of the fragment (header has already been read */
if ( msg_hdr->frag_len > 0)
/* read the body of the fragment (header has already been read */
if ( msg_hdr->frag_len > 0)
@@
-519,7
+524,7
@@
err:
}
}
-static long
+static long
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
{
unsigned char *p;
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
{
unsigned char *p;
@@
-573,7
+578,7
@@
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
if ( frag_off + frag_len > l)
{
al=SSL_AD_ILLEGAL_PARAMETER;
if ( frag_off + frag_len > l)
{
al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_
SSL3_GET_MESSAGE
,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_
DTLS1_GET_MESSAGE_FRAGMENT
,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
goto f_err;
}
@@
-598,7
+603,7
@@
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
else /* Incorrectly formated Hello request */
{
al=SSL_AD_UNEXPECTED_MESSAGE;
else /* Incorrectly formated Hello request */
{
al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_
SSL3_GET_MESSAGE
,SSL_R_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_
DTLS1_GET_MESSAGE_FRAGMENT
,SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
}
goto f_err;
}
}
@@
-613,13
+618,13
@@
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
if (l > (INT_MAX-DTLS1_HM_HEADER_LENGTH))
{
al=SSL_AD_ILLEGAL_PARAMETER;
if (l > (INT_MAX-DTLS1_HM_HEADER_LENGTH))
{
al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_
SSL3_GET_MESSAGE
,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_
DTLS1_GET_MESSAGE_FRAGMENT
,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l
+ DTLS1_HM_HEADER_LENGTH))
{
goto f_err;
}
if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l
+ DTLS1_HM_HEADER_LENGTH))
{
- SSLerr(SSL_F_
SSL3_GET_MESSAGE
,ERR_R_BUF_LIB);
+ SSLerr(SSL_F_
DTLS1_GET_MESSAGE_FRAGMENT
,ERR_R_BUF_LIB);
goto err;
}
/* Only do this test when we're reading the expected message.
goto err;
}
/* Only do this test when we're reading the expected message.
@@
-627,7
+632,7
@@
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
if ( l > (unsigned long)max)
{
al=SSL_AD_ILLEGAL_PARAMETER;
if ( l > (unsigned long)max)
{
al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_
SSL3_GET_MESSAGE
,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_
DTLS1_GET_MESSAGE_FRAGMENT
,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
goto f_err;
}
@@
-637,20
+642,20
@@
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
if ( frag_len > (unsigned long)max)
{
al=SSL_AD_ILLEGAL_PARAMETER;
if ( frag_len > (unsigned long)max)
{
al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_
SSL3_GET_MESSAGE
,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_
DTLS1_GET_MESSAGE_FRAGMENT
,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if ( frag_len + s->init_num > (INT_MAX - DTLS1_HM_HEADER_LENGTH))
{
al=SSL_AD_ILLEGAL_PARAMETER;
goto f_err;
}
if ( frag_len + s->init_num > (INT_MAX - DTLS1_HM_HEADER_LENGTH))
{
al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_
SSL3_GET_MESSAGE
,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_
DTLS1_GET_MESSAGE_FRAGMENT
,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if ( frag_len & !BUF_MEM_grow_clean(s->init_buf, (int)frag_len
+ DTLS1_HM_HEADER_LENGTH + s->init_num))
{
goto f_err;
}
if ( frag_len & !BUF_MEM_grow_clean(s->init_buf, (int)frag_len
+ DTLS1_HM_HEADER_LENGTH + s->init_num))
{
- SSLerr(SSL_F_
SSL3_GET_MESSAGE
,ERR_R_BUF_LIB);
+ SSLerr(SSL_F_
DTLS1_GET_MESSAGE_FRAGMENT
,ERR_R_BUF_LIB);
goto err;
}
goto err;
}
@@
-666,7
+671,7
@@
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
s->state=stn;
/* next state (stn) */
s->state=stn;
/* next state (stn) */
- p = s->init_buf->data;
+ p =
(unsigned char *)
s->init_buf->data;
if ( frag_len > 0)
{
if ( frag_len > 0)
{
@@
-686,7
+691,7
@@
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
/* XDTLS: an incorrectly formatted fragment should cause the
* handshake to fail */
/* XDTLS: an incorrectly formatted fragment should cause the
* handshake to fail */
- OPENSSL_assert(i == frag_len);
+ OPENSSL_assert(i ==
(int)
frag_len);
#if 0
/* Successfully read a fragment.
#if 0
/* Successfully read a fragment.
@@
-842,14
+847,14
@@
unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
buf=s->init_buf;
if (!BUF_MEM_grow_clean(buf,10))
{
buf=s->init_buf;
if (!BUF_MEM_grow_clean(buf,10))
{
- SSLerr(SSL_F_
SSL3
_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+ SSLerr(SSL_F_
DTLS1
_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
if (x != NULL)
{
if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
{
return(0);
}
if (x != NULL)
{
if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
{
- SSLerr(SSL_F_
SSL3
_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+ SSLerr(SSL_F_
DTLS1
_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
return(0);
}
return(0);
}
@@
-858,7
+863,7
@@
unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
- SSLerr(SSL_F_
SSL3
_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+ SSLerr(SSL_F_
DTLS1
_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
p=(unsigned char *)&(buf->data[l]);
return(0);
}
p=(unsigned char *)&(buf->data[l]);
@@
-888,7
+893,7
@@
unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
- SSLerr(SSL_F_
SSL3
_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+ SSLerr(SSL_F_
DTLS1
_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
p=(unsigned char *)&(buf->data[l]);
return(0);
}
p=(unsigned char *)&(buf->data[l]);
@@
-1038,6
+1043,7
@@
dtls1_buffer_message(SSL *s, int is_ccs)
{
pitem *item;
hm_fragment *frag;
{
pitem *item;
hm_fragment *frag;
+ PQ_64BIT seq64;
/* this function is called immediately after a message has
* been serialized */
/* this function is called immediately after a message has
* been serialized */
@@
-1050,12
+1056,12
@@
dtls1_buffer_message(SSL *s, int is_ccs)
if ( is_ccs)
{
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
if ( is_ccs)
{
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_CCS_HEADER_LENGTH == s->init_num);
+ DTLS1_CCS_HEADER_LENGTH ==
(unsigned int)
s->init_num);
}
else
{
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
}
else
{
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_HM_HEADER_LENGTH == s->init_num);
+ DTLS1_HM_HEADER_LENGTH ==
(unsigned int)
s->init_num);
}
frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
}
frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
@@
-1065,7
+1071,11
@@
dtls1_buffer_message(SSL *s, int is_ccs)
frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
frag->msg_header.is_ccs = is_ccs;
frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
frag->msg_header.is_ccs = is_ccs;
- item = pitem_new(frag->msg_header.seq, frag);
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, frag->msg_header.seq);
+
+ item = pitem_new(seq64, frag);
+ pq_64bit_free(&seq64);
if ( item == NULL)
{
dtls1_hm_fragment_free(frag);
if ( item == NULL)
{
dtls1_hm_fragment_free(frag);
@@
-1091,6
+1101,7
@@
dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
pitem *item;
hm_fragment *frag ;
unsigned long header_length;
pitem *item;
hm_fragment *frag ;
unsigned long header_length;
+ PQ_64BIT seq64;
/*
OPENSSL_assert(s->init_num == 0);
/*
OPENSSL_assert(s->init_num == 0);
@@
-1098,7
+1109,11
@@
dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
*/
/* XDTLS: the requested message ought to be found, otherwise error */
*/
/* XDTLS: the requested message ought to be found, otherwise error */
- item = pqueue_find(s->d1->sent_messages, seq);
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, seq);
+
+ item = pqueue_find(s->d1->sent_messages, seq64);
+ pq_64bit_free(&seq64);
if ( item == NULL)
{
fprintf(stderr, "retransmit: message %d non-existant\n", seq);
if ( item == NULL)
{
fprintf(stderr, "retransmit: message %d non-existant\n", seq);
@@
-1214,7
+1229,7
@@
dtls1_min_mtu(void)
static unsigned int
dtls1_guess_mtu(unsigned int curr_mtu)
{
static unsigned int
dtls1_guess_mtu(unsigned int curr_mtu)
{
-
in
t i;
+
size_
t i;
if ( curr_mtu == 0 )
return g_probable_mtu[0] ;
if ( curr_mtu == 0 )
return g_probable_mtu[0] ;