projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Ensure unexpected messages are handled consistently
[oweals/openssl.git]
/
ssl
/
statem
/
statem.c
diff --git
a/ssl/statem/statem.c
b/ssl/statem/statem.c
index 1ad421b07b942797a3a4f0f1b4cc4fd0b3978fd3..a1da2a4418d112eac0f88beb28b6428065bbc0f6 100644
(file)
--- a/
ssl/statem/statem.c
+++ b/
ssl/statem/statem.c
@@
-251,20
+251,6
@@
static int state_machine(SSL *s, int server)
}
#endif
}
#endif
-#ifndef OPENSSL_NO_HEARTBEATS
- /*
- * If we're awaiting a HeartbeatResponse, pretend we already got and
- * don't await it anymore, because Heartbeats don't make sense during
- * handshakes anyway.
- */
- if (s->tlsext_hb_pending) {
- if (SSL_IS_DTLS(s))
- dtls1_stop_timer(s);
- s->tlsext_hb_pending = 0;
- s->tlsext_hb_seq++;
- }
-#endif
-
/* Initialise state machine */
if (st->state == MSG_FLOW_RENEGOTIATE) {
/* Initialise state machine */
if (st->state == MSG_FLOW_RENEGOTIATE) {
@@
-490,12
+476,12
@@
static SUB_STATE_RETURN read_state_machine(SSL *s)
{
OSSL_STATEM *st = &s->statem;
int ret, mt;
{
OSSL_STATEM *st = &s->statem;
int ret, mt;
-
unsigned long
len = 0;
+
size_t
len = 0;
int (*transition) (SSL *s, int mt);
PACKET pkt;
MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
int (*transition) (SSL *s, int mt);
PACKET pkt;
MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
-
unsigned long
(*max_message_size) (SSL *s);
+
size_t
(*max_message_size) (SSL *s);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
cb = get_callback(s);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
cb = get_callback(s);
@@
-708,8
+694,12
@@
static SUB_STATE_RETURN write_state_machine(SSL *s)
WRITE_TRAN(*transition) (SSL *s);
WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);
WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);
WRITE_TRAN(*transition) (SSL *s);
WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);
WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);
- int (*construct_message) (SSL *s, WPACKET *pkt);
+ int (*get_construct_message_f) (SSL *s, WPACKET *pkt,
+ int (**confunc) (SSL *s, WPACKET *pkt),
+ int *mt);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ int (*confunc) (SSL *s, WPACKET *pkt);
+ int mt;
WPACKET pkt;
cb = get_callback(s);
WPACKET pkt;
cb = get_callback(s);
@@
-718,12
+708,12
@@
static SUB_STATE_RETURN write_state_machine(SSL *s)
transition = ossl_statem_server_write_transition;
pre_work = ossl_statem_server_pre_work;
post_work = ossl_statem_server_post_work;
transition = ossl_statem_server_write_transition;
pre_work = ossl_statem_server_pre_work;
post_work = ossl_statem_server_post_work;
-
construct_message
= ossl_statem_server_construct_message;
+
get_construct_message_f
= ossl_statem_server_construct_message;
} else {
transition = ossl_statem_client_write_transition;
pre_work = ossl_statem_client_pre_work;
post_work = ossl_statem_client_post_work;
} else {
transition = ossl_statem_client_write_transition;
pre_work = ossl_statem_client_pre_work;
post_work = ossl_statem_client_post_work;
-
construct_message
= ossl_statem_client_construct_message;
+
get_construct_message_f
= ossl_statem_client_construct_message;
}
while (1) {
}
while (1) {
@@
-766,7
+756,10
@@
static SUB_STATE_RETURN write_state_machine(SSL *s)
return SUB_STATE_END_HANDSHAKE;
}
if (!WPACKET_init(&pkt, s->init_buf)
return SUB_STATE_END_HANDSHAKE;
}
if (!WPACKET_init(&pkt, s->init_buf)
- || !construct_message(s, &pkt)
+ || !get_construct_message_f(s, &pkt, &confunc, &mt)
+ || !ssl_set_handshake_header(s, &pkt, mt)
+ || (confunc != NULL && !confunc(s, &pkt))
+ || !ssl_close_construct_packet(s, &pkt, mt)
|| !WPACKET_finish(&pkt)) {
WPACKET_cleanup(&pkt);
ossl_statem_set_error(s);
|| !WPACKET_finish(&pkt)) {
WPACKET_cleanup(&pkt);
ossl_statem_set_error(s);