-/* ssl/record/rec_layer_s3.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
SSL3_RECORD_clear(&rl->rrec);
SSL3_RECORD_clear(&rl->wrec);
- memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
- memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
+ RECORD_LAYER_reset_read_sequence(rl);
+ RECORD_LAYER_reset_write_sequence(rl);
if (rl->d)
DTLS_RECORD_LAYER_clear(rl);
return 1;
}
-void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src)
-{
- /*
- * Currently only called from SSL_dup...which only seems to expect the
- * rstate to be duplicated and nothing else from the RECORD_LAYER???
- */
- dst->rstate = src->rstate;
-}
-
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
{
- memset(rl->read_sequence, 0, 8);
+ memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
}
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
{
- memset(rl->write_sequence, 0, 8);
+ memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
}
int RECORD_LAYER_setup_comp_buffer(RECORD_LAYER *rl)
* s->packet_length bytes if extend == 1].)
*/
int i, len, left;
- long align = 0;
+ size_t align = 0;
unsigned char *pkt;
SSL3_BUFFER *rb;
left = rb->left;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
- align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
- align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
+ align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
+ align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
#endif
if (!extend) {
}
s->rwstate = SSL_NOTHING;
- OPENSSL_assert(s->rlayer.wnum <= INT_MAX);
tot = s->rlayer.wnum;
- s->rlayer.wnum = 0;
-
- if (SSL_in_init(s) && !s->in_handshake) {
- i = s->handshake_func(s);
- if (i < 0)
- return (i);
- if (i == 0) {
- SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
- return -1;
- }
- }
-
/*
* ensure that if we end up with a smaller value of data to write out
* than the the original len from a write which didn't complete for
* promptly send beyond the end of the users buffer ... so we trap and
* report the error in a way the user will notice
*/
- if (len < tot) {
+ if ((unsigned int)len < s->rlayer.wnum) {
SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH);
- return (-1);
+ return -1;
+ }
+
+
+ s->rlayer.wnum = 0;
+
+ if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return -1;
+ }
}
/*
u_len >= 4 * (max_send_fragment = s->max_send_fragment) &&
s->compress == NULL && s->msg_callback == NULL &&
!SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
- EVP_CIPHER_flags(s->enc_write_ctx->cipher) &
+ EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
unsigned char aad[13];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
packlen *= 4;
wb->buf = OPENSSL_malloc(packlen);
- if (!wb->buf) {
+ if (wb->buf == NULL) {
SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE);
return -1;
}
int i, mac_size, clear = 0;
int prefix_len = 0;
int eivlen;
- long align = 0;
+ size_t align = 0;
SSL3_RECORD *wr;
SSL3_BUFFER *wb = &s->rlayer.wbuf;
SSL_SESSION *sess;
* multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
* payload, then we can just pretent we simply have two headers.
*/
- align = (long)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
- align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
+ align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
+ align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
#endif
p = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
p = SSL3_BUFFER_get_buf(wb) + SSL3_BUFFER_get_offset(wb) + prefix_len;
} else {
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
- align = (long)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
- align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
+ align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
+ align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
#endif
p = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
* Some servers hang if iniatial client hello is larger than 256 bytes
* and record version number > TLS 1.0
*/
- if (s->state == SSL3_ST_CW_CLNT_HELLO_B
+ if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
&& !s->renegotiate && TLS1_get_version(s) > TLS1_VERSION)
*(p++) = 0x1;
else
/* Need explicit part of IV for GCM mode */
else if (mode == EVP_CIPH_GCM_MODE)
eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ else if (mode == EVP_CIPH_CCM_MODE)
+ eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
else
eivlen = 0;
} else
/* move any remaining fragment bytes: */
for (k = 0; k < s->rlayer.handshake_fragment_len; k++)
s->rlayer.handshake_fragment[k] = *src++;
+
+ if (recvd_type != NULL)
+ *recvd_type = SSL3_RT_HANDSHAKE;
+
return n;
}
* Now s->rlayer.handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
*/
- if (!s->in_handshake && SSL_in_init(s)) {
+ if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
if (i < 0)
/*
* Unexpected handshake message (Client Hello, or protocol violation)
*/
- if ((s->rlayer.handshake_fragment_len >= 4) && !s->in_handshake) {
- if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
+ if ((s->rlayer.handshake_fragment_len >= 4)
+ && !ossl_statem_get_in_handshake(s)) {
+ if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
- s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+ ossl_statem_set_in_init(s, 1);
s->renegotiate = 1;
s->new_session = 1;
}
case SSL3_RT_HANDSHAKE:
/*
* we already handled all of these, with the possible exception of
- * SSL3_RT_HANDSHAKE when s->in_handshake is set, but that should not
- * happen when type != rr->type
+ * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
+ * that should not happen when type != rr->type
*/
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
* application data at this point (session renegotiation not yet
* started), we will indulge it.
*/
- if (s->s3->in_read_app_data &&
- (s->s3->total_renegotiations != 0) &&
- (((s->state & SSL_ST_CONNECT) &&
- (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
- ) || ((s->state & SSL_ST_ACCEPT) &&
- (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
- )
- )) {
+ if (ossl_statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2;
return (-1);
} else {