PR: 1647

[oweals/openssl.git] / ssl / d1_lib.c

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 78308111447fae8c165f69bfa4a775d06381e793..ae067f6eed6329afce330e15584bfc108fb0ca9c 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -61,7 +61,7 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
-const char *dtls1_version_str="DTLSv1" OPENSSL_VERSION_PTEXT;
+const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
 
 SSL3_ENC_METHOD DTLSv1_enc_data={
     dtls1_enc,
@@ -106,6 +106,7 @@ int dtls1_new(SSL *s)
        pq_64bit_init(&(d1->bitmap.map));
        pq_64bit_init(&(d1->bitmap.max_seq_num));
        
+       d1->next_bitmap.length = d1->bitmap.length;
        pq_64bit_init(&(d1->next_bitmap.map));
        pq_64bit_init(&(d1->next_bitmap.max_seq_num));
 
@@ -113,6 +114,7 @@ int dtls1_new(SSL *s)
        d1->processed_rcds.q=pqueue_new();
        d1->buffered_messages = pqueue_new();
        d1->sent_messages=pqueue_new();
+       d1->buffered_app_data.q=pqueue_new();
 
        if ( s->server)
                {
@@ -120,12 +122,13 @@ int dtls1_new(SSL *s)
                }
 
        if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q 
-        || ! d1->buffered_messages || ! d1->sent_messages)
+        || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
                {
         if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
         if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
         if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
                if ( d1->sent_messages) pqueue_free(d1->sent_messages);
+               if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
                OPENSSL_free(d1);
                return (0);
                }
@@ -174,6 +177,15 @@ void dtls1_free(SSL *s)
         }
        pqueue_free(s->d1->sent_messages);
 
+       while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
+       {
+               frag = (hm_fragment *)item->data;
+               OPENSSL_free(frag->fragment);
+               OPENSSL_free(frag);
+               pitem_free(item);
+       }
+       pqueue_free(s->d1->buffered_app_data.q);
+       
        pq_64bit_free(&(s->d1->bitmap.map));
        pq_64bit_free(&(s->d1->bitmap.max_seq_num));
 
@@ -188,3 +200,23 @@ void dtls1_clear(SSL *s)
        ssl3_clear(s);
        s->version=DTLS1_VERSION;
        }
+
+/*
+ * As it's impossible to use stream ciphers in "datagram" mode, this
+ * simple filter is designed to disengage them in DTLS. Unfortunately
+ * there is no universal way to identify stream SSL_CIPHER, so we have
+ * to explicitly list their SSL_* codes. Currently RC4 is the only one
+ * available, but if new ones emerge, they will have to be added...
+ */
+SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+       {
+       SSL_CIPHER *ciph = ssl3_get_cipher(u);
+
+       if (ciph != NULL)
+               {
+               if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4)
+                       return NULL;
+               }
+
+       return ciph;
+       }