X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fd1_both.c;h=b746a50dd718d2a8104160ce2c25af3f877ff88b;hb=6d2cd23f402bf6cca7a29c4a6514012a4779f85c;hp=fb98bf49d0608a30806eb8569e4b5735cb27e90a;hpb=4e321ffafff3a1f31bbbfdcf1b17c0ecbde2121f;p=oweals%2Fopenssl.git diff --git a/ssl/d1_both.c b/ssl/d1_both.c index fb98bf49d0..b746a50dd7 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -222,7 +222,7 @@ int dtls1_do_write(SSL *s, int type) if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) OPENSSL_assert(s->init_num == - s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); frag_off = 0; while( s->init_num) @@ -289,7 +289,7 @@ int dtls1_do_write(SSL *s, int type) /* bad if this assert fails, only part of the handshake * message got sent. but why would this happen? */ - OPENSSL_assert(len == ret); + OPENSSL_assert(len == (unsigned int)ret); if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) /* should not be done for 'Hello Request's, but in that case @@ -324,8 +324,7 @@ int dtls1_do_write(SSL *s, int type) * Read an entire handshake message. Handshake messages arrive in * fragments. */ -long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, - int *ok) +long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) { int i, al; @@ -337,7 +336,7 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } *ok=1; @@ -361,7 +360,7 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, else if ( i <= 0 && !*ok) return i; - if (s->d1->r_msg_hdr.msg_len == s->init_num - DTLS1_HM_HEADER_LENGTH) + if (s->d1->r_msg_hdr.msg_len == (unsigned int)s->init_num - DTLS1_HM_HEADER_LENGTH) { memset(&(s->d1->r_msg_hdr), 0x00, sizeof(struct hm_header_st)); @@ -414,7 +413,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, unsigned long *copied) frag = (hm_fragment *)item->data; if ( s->d1->handshake_read_seq == frag->msg_header.seq && - frag->msg_header.frag_off <= s->init_num - DTLS1_HM_HEADER_LENGTH) + frag->msg_header.frag_off <= (unsigned int)s->init_num - DTLS1_HM_HEADER_LENGTH) { pqueue_pop(s->d1->buffered_messages); overlap = s->init_num - DTLS1_HM_HEADER_LENGTH @@ -443,6 +442,7 @@ dtls1_buffer_handshake_fragment(SSL *s, struct hm_header_st* msg_hdr) { hm_fragment *frag = NULL; pitem *item = NULL; + PQ_64BIT seq64; frag = dtls1_hm_fragment_new(msg_hdr->frag_len); if ( frag == NULL) @@ -453,10 +453,15 @@ dtls1_buffer_handshake_fragment(SSL *s, struct hm_header_st* msg_hdr) memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - item = pitem_new(msg_hdr->seq, frag); + pq_64bit_init(&seq64); + pq_64bit_assign_word(&seq64, msg_hdr->seq); + + item = pitem_new(seq64, frag); if ( item == NULL) goto err; + pq_64bit_free(&seq64); + pqueue_insert(s->d1->buffered_messages, item); return 1; @@ -488,7 +493,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st *msg_hdr, int *ok) if ( (int)msg_hdr->frag_len && !BUF_MEM_grow_clean(s->init_buf, (int)msg_hdr->frag_len + DTLS1_HM_HEADER_LENGTH + s->init_num)) { - SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); + SSLerr(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE,ERR_R_BUF_LIB); goto err; } @@ -519,7 +524,7 @@ err: } -static long +static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) { unsigned char *p; @@ -573,7 +578,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ( frag_off + frag_len > l) { al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } @@ -598,7 +603,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) else /* Incorrectly formated Hello request */ { al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } } @@ -613,13 +618,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if (l > (INT_MAX-DTLS1_HM_HEADER_LENGTH)) { al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l + DTLS1_HM_HEADER_LENGTH)) { - SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB); goto err; } /* Only do this test when we're reading the expected message. @@ -627,7 +632,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ( l > (unsigned long)max) { al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } @@ -637,20 +642,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ( frag_len > (unsigned long)max) { al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } if ( frag_len + s->init_num > (INT_MAX - DTLS1_HM_HEADER_LENGTH)) { al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } if ( frag_len & !BUF_MEM_grow_clean(s->init_buf, (int)frag_len + DTLS1_HM_HEADER_LENGTH + s->init_num)) { - SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB); goto err; } @@ -686,7 +691,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) /* XDTLS: an incorrectly formatted fragment should cause the * handshake to fail */ - OPENSSL_assert(i == frag_len); + OPENSSL_assert(i == (int)frag_len); #if 0 /* Successfully read a fragment. @@ -842,14 +847,14 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) buf=s->init_buf; if (!BUF_MEM_grow_clean(buf,10)) { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); + SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); } if (x != NULL) { if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); + SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); return(0); } @@ -858,7 +863,7 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) n=i2d_X509(x,NULL); if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); + SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); } p=(unsigned char *)&(buf->data[l]); @@ -888,7 +893,7 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) n=i2d_X509(x,NULL); if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); + SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); } p=(unsigned char *)&(buf->data[l]); @@ -1038,6 +1043,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) { pitem *item; hm_fragment *frag; + PQ_64BIT seq64; /* this function is called immediately after a message has * been serialized */ @@ -1050,12 +1056,12 @@ dtls1_buffer_message(SSL *s, int is_ccs) if ( is_ccs) { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_CCS_HEADER_LENGTH == s->init_num); + DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); } else { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_HM_HEADER_LENGTH == s->init_num); + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); } frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; @@ -1065,7 +1071,11 @@ dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; - item = pitem_new(frag->msg_header.seq, frag); + pq_64bit_init(&seq64); + pq_64bit_assign_word(&seq64, frag->msg_header.seq); + + item = pitem_new(seq64, frag); + pq_64bit_free(&seq64); if ( item == NULL) { dtls1_hm_fragment_free(frag); @@ -1091,6 +1101,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, pitem *item; hm_fragment *frag ; unsigned long header_length; + PQ_64BIT seq64; /* OPENSSL_assert(s->init_num == 0); @@ -1098,7 +1109,11 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, */ /* XDTLS: the requested message ought to be found, otherwise error */ - item = pqueue_find(s->d1->sent_messages, seq); + pq_64bit_init(&seq64); + pq_64bit_assign_word(&seq64, seq); + + item = pqueue_find(s->d1->sent_messages, seq64); + pq_64bit_free(&seq64); if ( item == NULL) { fprintf(stderr, "retransmit: message %d non-existant\n", seq); @@ -1214,7 +1229,7 @@ dtls1_min_mtu(void) static unsigned int dtls1_guess_mtu(unsigned int curr_mtu) { - int i; + size_t i; if ( curr_mtu == 0 ) return g_probable_mtu[0] ;