X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fstatem%2Fstatem_dtls.c;h=34964dbd5d791618a7c080c0c0fcd5174dcdf89c;hb=9784ec04745a8c8ecbf5610c0a2f5540e1e0f2cd;hp=a651e65fab8b8d28578c818a21655cbee3a84643;hpb=d736bc1a7d45744300b2c81f7296b0d1e550ae0d;p=oweals%2Fopenssl.git diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index a651e65fab..34964dbd5d 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -214,11 +214,6 @@ int dtls1_do_write(SSL *s, int type) else len = s->init_num; - /* Shouldn't ever happen */ - /* TODO(size_t): can this go now? */ - if (len > INT_MAX) - len = INT_MAX; - /* * XDTLS: this function is too long. split out the CCS part */ @@ -395,11 +390,10 @@ int dtls_get_message(SSL *s, int *mt, size_t *len) * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but * may be greater if the maximum certificate list size requires it. */ -static unsigned long dtls1_max_handshake_message_len(const SSL *s) +static size_t dtls1_max_handshake_message_len(const SSL *s) { - unsigned long max_len = - DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; - if (max_len < (unsigned long)s->max_cert_list) + size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + if (max_len < s->max_cert_list) return s->max_cert_list; return max_len; } @@ -516,7 +510,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) int i = -1, is_complete; unsigned char seq64be[8]; size_t frag_len = msg_hdr->frag_len; - size_t read; + size_t readbytes; if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) @@ -561,10 +555,10 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : - frag_len, 0, &read); + frag_len, 0, &readbytes); if (i <= 0) goto err; - frag_len -= read; + frag_len -= readbytes; } return DTLS1_HM_FRAGMENT_RETRY; } @@ -572,8 +566,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) /* read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, frag->fragment + msg_hdr->frag_off, - frag_len, 0, &read); - if (i <= 0 || read != frag_len) + frag_len, 0, &readbytes); + if (i <= 0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; @@ -622,7 +616,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) pitem *item = NULL; unsigned char seq64be[8]; size_t frag_len = msg_hdr->frag_len; - size_t read; + size_t readbytes; if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) goto err; @@ -655,14 +649,14 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : - frag_len, 0, &read); + frag_len, 0, &readbytes); if (i <= 0) goto err; - frag_len -= read; + frag_len -= readbytes; } } else { if (frag_len != msg_hdr->msg_len) { - return dtls1_reassemble_fragment(s, msg_hdr);; + return dtls1_reassemble_fragment(s, msg_hdr); } if (frag_len > dtls1_max_handshake_message_len(s)) @@ -679,8 +673,9 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) * read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - frag->fragment, frag_len, 0, &read); - if (i<=0 || read != frag_len) + frag->fragment, frag_len, 0, + &readbytes); + if (i<=0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; @@ -716,7 +711,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) size_t mlen, frag_off, frag_len; int i, al, recvd_type; struct hm_header_st msg_hdr; - size_t read; + size_t readbytes; *errtype = 0; @@ -730,7 +725,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) /* read handshake message header */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire, - DTLS1_HM_HEADER_LENGTH, 0, &read); + DTLS1_HM_HEADER_LENGTH, 0, &readbytes); if (i <= 0) { /* nbio, or an error */ s->rwstate = SSL_READING; *len = 0; @@ -744,17 +739,17 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) goto f_err; } - memcpy(s->init_buf->data, wire, read); - s->init_num = read - 1; + memcpy(s->init_buf->data, wire, readbytes); + s->init_num = readbytes - 1; s->init_msg = s->init_buf->data + 1; s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC; - s->s3->tmp.message_size = read - 1; - *len = read - 1; + s->s3->tmp.message_size = readbytes - 1; + *len = readbytes - 1; return 1; } /* Handshake fails if message header is incomplete */ - if (read != DTLS1_HM_HEADER_LENGTH) { + if (readbytes != DTLS1_HM_HEADER_LENGTH) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; @@ -793,8 +788,10 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) return 0; } - if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && - wire[0] == SSL3_MT_HELLO_REQUEST) { + if (!s->server + && s->d1->r_msg_hdr.frag_off == 0 + && s->statem.hand_state != TLS_ST_OK + && wire[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- we are * doing a handshake anyway now, so ignore them if their format is @@ -825,7 +822,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[frag_off], frag_len, 0, &read); + &p[frag_off], frag_len, 0, &readbytes); /* * This shouldn't ever fail due to NBIO because we already checked @@ -837,14 +834,14 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) return 0; } } else { - read = 0; + readbytes = 0; } /* * XDTLS: an incorrectly formatted fragment should cause the handshake * to fail */ - if (read != frag_len) { + if (readbytes != frag_len) { al = SSL3_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL3_AD_ILLEGAL_PARAMETER); goto f_err; @@ -924,13 +921,8 @@ int dtls1_read_failed(SSL *s, int code) */ return code; } -#ifndef OPENSSL_NO_HEARTBEATS - /* done, no need to send a retransmit */ - if (!SSL_in_init(s) && !s->tlsext_hb_pending) -#else /* done, no need to send a retransmit */ if (!SSL_in_init(s)) -#endif { BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); return code;