OLD | NEW |
1 /* ssl/d1_both.c */ | 1 /* ssl/d1_both.c */ |
2 /* | 2 /* |
3 * DTLS implementation written by Nagendra Modadugu | 3 * DTLS implementation written by Nagendra Modadugu |
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
5 */ | 5 */ |
6 /* ==================================================================== | 6 /* ==================================================================== |
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | 7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. |
8 * | 8 * |
9 * Redistribution and use in source and binary forms, with or without | 9 * Redistribution and use in source and binary forms, with or without |
10 * modification, are permitted provided that the following conditions | 10 * modification, are permitted provided that the following conditions |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
146 | 146 |
147 #if 0 | 147 #if 0 |
148 #define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ | 148 #define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ |
149 long ii; \ | 149 long ii; \ |
150 printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++)
\ | 150 printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++)
\ |
151 printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (i
i & 7)); \ | 151 printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (i
i & 7)); \ |
152 printf("\n"); } | 152 printf("\n"); } |
153 #endif | 153 #endif |
154 | 154 |
155 static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe
0, 0xc0, 0x80}; | 155 static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe
0, 0xc0, 0x80}; |
156 static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1
f, 0x3f, 0x7f}; | 156 static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1
f, 0x3f, 0x7f}; |
157 | 157 |
158 /* XDTLS: figure out the right values */ | 158 /* XDTLS: figure out the right values */ |
159 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; | 159 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; |
160 | 160 |
161 static unsigned int dtls1_min_mtu(void); | |
162 static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); | 161 static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); |
163 static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, | 162 static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, |
164 unsigned long frag_len); | 163 unsigned long frag_len); |
165 static unsigned char *dtls1_write_message_header(SSL *s, | 164 static unsigned char *dtls1_write_message_header(SSL *s, |
166 unsigned char *p); | 165 unsigned char *p); |
167 static void dtls1_set_message_header_int(SSL *s, unsigned char mt, | 166 static void dtls1_set_message_header_int(SSL *s, unsigned char mt, |
168 unsigned long len, unsigned short seq_num, unsigned long frag_off, | 167 unsigned long len, unsigned short seq_num, unsigned long frag_off, |
169 unsigned long frag_len); | 168 unsigned long frag_len); |
170 static long dtls1_get_message_fragment(SSL *s, int st1, int stn, | 169 static long dtls1_get_message_fragment(SSL *s, int st1, int stn, |
171 long max, int *ok); | 170 long max, int *ok); |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
257 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0) | 256 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0) |
258 return ret; | 257 return ret; |
259 | 258 |
260 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) | 259 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) |
261 { | 260 { |
262 ret = BIO_flush(SSL_get_wbio(s)); | 261 ret = BIO_flush(SSL_get_wbio(s)); |
263 if ( ret <= 0) | 262 if ( ret <= 0) |
264 return ret; | 263 return ret; |
265 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LEN
GTH); | 264 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LEN
GTH); |
266 } | 265 } |
| 266 #endif |
267 | 267 |
268 » OPENSSL_assert(mtu > 0); /* should have something reasonable now */ | 268 » OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something
reasonable now */ |
269 | |
270 #endif | |
271 | 269 |
272 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) | 270 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) |
273 OPENSSL_assert(s->init_num == | 271 OPENSSL_assert(s->init_num == |
274 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); | 272 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); |
275 | 273 |
276 if (s->write_hash) | 274 if (s->write_hash) |
277 » » mac_size = EVP_MD_size(s->write_hash); | 275 » » mac_size = EVP_MD_CTX_size(s->write_hash); |
278 else | 276 else |
279 mac_size = 0; | 277 mac_size = 0; |
280 | 278 |
281 if (s->enc_write_ctx && | 279 if (s->enc_write_ctx && |
282 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)
) | 280 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)
) |
283 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); | 281 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); |
284 else | 282 else |
285 blocksize = 0; | 283 blocksize = 0; |
286 | 284 |
287 frag_off = 0; | 285 frag_off = 0; |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
353 OPENSSL_assert(len == (unsigned int)ret); | 351 OPENSSL_assert(len == (unsigned int)ret); |
354 | 352 |
355 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting
) | 353 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting
) |
356 { | 354 { |
357 /* should not be done for 'Hello Request's, but
in that case | 355 /* should not be done for 'Hello Request's, but
in that case |
358 * we'll ignore the result anyway */ | 356 * we'll ignore the result anyway */ |
359 unsigned char *p = (unsigned char *)&s->init_buf
->data[s->init_off]; | 357 unsigned char *p = (unsigned char *)&s->init_buf
->data[s->init_off]; |
360 const struct hm_header_st *msg_hdr = &s->d1->w_m
sg_hdr; | 358 const struct hm_header_st *msg_hdr = &s->d1->w_m
sg_hdr; |
361 int xlen; | 359 int xlen; |
362 | 360 |
363 » » » » if (frag_off == 0 && s->client_version != DTLS1_
BAD_VER) | 361 » » » » if (frag_off == 0 && s->version != DTLS1_BAD_VER
) |
364 { | 362 { |
365 /* reconstruct message header is if it | 363 /* reconstruct message header is if it |
366 * is being sent in single fragment */ | 364 * is being sent in single fragment */ |
367 *p++ = msg_hdr->type; | 365 *p++ = msg_hdr->type; |
368 l2n3(msg_hdr->msg_len,p); | 366 l2n3(msg_hdr->msg_len,p); |
369 s2n (msg_hdr->seq,p); | 367 s2n (msg_hdr->seq,p); |
370 l2n3(0,p); | 368 l2n3(0,p); |
371 l2n3(msg_hdr->msg_len,p); | 369 l2n3(msg_hdr->msg_len,p); |
372 p -= DTLS1_HM_HEADER_LENGTH; | 370 p -= DTLS1_HM_HEADER_LENGTH; |
373 xlen = ret; | 371 xlen = ret; |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
457 } | 455 } |
458 | 456 |
459 ssl3_finish_mac(s, p, msg_len); | 457 ssl3_finish_mac(s, p, msg_len); |
460 if (s->msg_callback) | 458 if (s->msg_callback) |
461 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, | 459 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, |
462 p, msg_len, | 460 p, msg_len, |
463 s, s->msg_callback_arg); | 461 s, s->msg_callback_arg); |
464 | 462 |
465 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | 463 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); |
466 | 464 |
467 » s->d1->handshake_read_seq++; | 465 » /* Don't change sequence numbers while listening */ |
468 » /* we just read a handshake message from the other side: | 466 » if (!s->d1->listen) |
469 » * this means that we don't need to retransmit of the | 467 » » s->d1->handshake_read_seq++; |
470 » * buffered messages. | |
471 » * XDTLS: may be able clear out this | |
472 » * buffer a little sooner (i.e if an out-of-order | |
473 » * handshake message/record is received at the record | |
474 » * layer. | |
475 » * XDTLS: exception is that the server needs to | |
476 » * know that change cipher spec and finished messages | |
477 » * have been received by the client before clearing this | |
478 » * buffer. this can simply be done by waiting for the | |
479 » * first data segment, but is there a better way? */ | |
480 » dtls1_clear_record_buffer(s); | |
481 | 468 |
482 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; | 469 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; |
483 return s->init_num; | 470 return s->init_num; |
484 | 471 |
485 f_err: | 472 f_err: |
486 ssl3_send_alert(s,SSL3_AL_FATAL,al); | 473 ssl3_send_alert(s,SSL3_AL_FATAL,al); |
487 *ok = 0; | 474 *ok = 0; |
488 return -1; | 475 return -1; |
489 } | 476 } |
490 | 477 |
(...skipping 16 matching lines...) Expand all Loading... |
507 if ( (frag_off+frag_len) > (unsigned long)max) | 494 if ( (frag_off+frag_len) > (unsigned long)max) |
508 { | 495 { |
509 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_S
IZE); | 496 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_S
IZE); |
510 return SSL_AD_ILLEGAL_PARAMETER; | 497 return SSL_AD_ILLEGAL_PARAMETER; |
511 } | 498 } |
512 | 499 |
513 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ | 500 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ |
514 { | 501 { |
515 /* msg_len is limited to 2^24, but is effectively checked | 502 /* msg_len is limited to 2^24, but is effectively checked |
516 * against max above */ | 503 * against max above */ |
517 » » if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER
_LENGTH)) | 504 » » if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENG
TH)) |
518 { | 505 { |
519 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); | 506 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); |
520 return SSL_AD_INTERNAL_ERROR; | 507 return SSL_AD_INTERNAL_ERROR; |
521 } | 508 } |
522 | 509 |
523 s->s3->tmp.message_size = msg_len; | 510 s->s3->tmp.message_size = msg_len; |
524 s->d1->r_msg_hdr.msg_len = msg_len; | 511 s->d1->r_msg_hdr.msg_len = msg_len; |
525 s->s3->tmp.message_type = msg_hdr->type; | 512 s->s3->tmp.message_type = msg_hdr->type; |
526 s->d1->r_msg_hdr.type = msg_hdr->type; | 513 s->d1->r_msg_hdr.type = msg_hdr->type; |
527 s->d1->r_msg_hdr.seq = msg_hdr->seq; | 514 s->d1->r_msg_hdr.seq = msg_hdr->seq; |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
593 return 0; | 580 return 0; |
594 } | 581 } |
595 | 582 |
596 | 583 |
597 static int | 584 static int |
598 dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) | 585 dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) |
599 { | 586 { |
600 hm_fragment *frag = NULL; | 587 hm_fragment *frag = NULL; |
601 pitem *item = NULL; | 588 pitem *item = NULL; |
602 int i = -1, is_complete; | 589 int i = -1, is_complete; |
603 » PQ_64BIT seq64; | 590 » unsigned char seq64be[8]; |
604 unsigned long frag_len = msg_hdr->frag_len, max_len; | 591 unsigned long frag_len = msg_hdr->frag_len, max_len; |
605 | 592 |
606 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) | 593 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) |
607 goto err; | 594 goto err; |
608 | 595 |
609 /* Determine maximum allowed message size. Depends on (user set) | 596 /* Determine maximum allowed message size. Depends on (user set) |
610 * maximum certificate length, but 16k is minimum. | 597 * maximum certificate length, but 16k is minimum. |
611 */ | 598 */ |
612 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_
list) | 599 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_
list) |
613 max_len = s->max_cert_list; | 600 max_len = s->max_cert_list; |
614 else | 601 else |
615 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; | 602 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; |
616 | 603 |
617 if ((msg_hdr->frag_off+frag_len) > max_len) | 604 if ((msg_hdr->frag_off+frag_len) > max_len) |
618 goto err; | 605 goto err; |
619 | 606 |
620 /* Try to find item in queue */ | 607 /* Try to find item in queue */ |
621 » pq_64bit_init(&seq64); | 608 » memset(seq64be,0,sizeof(seq64be)); |
622 » pq_64bit_assign_word(&seq64, msg_hdr->seq); | 609 » seq64be[6] = (unsigned char) (msg_hdr->seq>>8); |
623 » item = pqueue_find(s->d1->buffered_messages, seq64); | 610 » seq64be[7] = (unsigned char) msg_hdr->seq; |
624 » pq_64bit_free(&seq64); | 611 » item = pqueue_find(s->d1->buffered_messages, seq64be); |
625 | 612 |
626 if (item == NULL) | 613 if (item == NULL) |
627 { | 614 { |
628 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); | 615 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); |
629 if ( frag == NULL) | 616 if ( frag == NULL) |
630 goto err; | 617 goto err; |
631 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); | 618 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); |
632 frag->msg_header.frag_len = frag->msg_header.msg_len; | 619 frag->msg_header.frag_len = frag->msg_header.msg_len; |
633 frag->msg_header.frag_off = 0; | 620 frag->msg_header.frag_off = 0; |
634 } | 621 } |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
666 is_complete); | 653 is_complete); |
667 | 654 |
668 if (is_complete) | 655 if (is_complete) |
669 { | 656 { |
670 OPENSSL_free(frag->reassembly); | 657 OPENSSL_free(frag->reassembly); |
671 frag->reassembly = NULL; | 658 frag->reassembly = NULL; |
672 } | 659 } |
673 | 660 |
674 if (item == NULL) | 661 if (item == NULL) |
675 { | 662 { |
676 » » pq_64bit_init(&seq64); | 663 » » memset(seq64be,0,sizeof(seq64be)); |
677 » » pq_64bit_assign_word(&seq64, msg_hdr->seq); | 664 » » seq64be[6] = (unsigned char)(msg_hdr->seq>>8); |
678 » » item = pitem_new(seq64, frag); | 665 » » seq64be[7] = (unsigned char)(msg_hdr->seq); |
679 » » pq_64bit_free(&seq64); | |
680 | 666 |
| 667 item = pitem_new(seq64be, frag); |
681 if (item == NULL) | 668 if (item == NULL) |
682 { | 669 { |
683 goto err; | 670 goto err; |
684 i = -1; | 671 i = -1; |
685 } | 672 } |
686 | 673 |
687 pqueue_insert(s->d1->buffered_messages, item); | 674 pqueue_insert(s->d1->buffered_messages, item); |
688 } | 675 } |
689 | 676 |
690 return DTLS1_HM_FRAGMENT_RETRY; | 677 return DTLS1_HM_FRAGMENT_RETRY; |
691 | 678 |
692 err: | 679 err: |
693 if (frag != NULL) dtls1_hm_fragment_free(frag); | 680 if (frag != NULL) dtls1_hm_fragment_free(frag); |
694 if (item != NULL) OPENSSL_free(item); | 681 if (item != NULL) OPENSSL_free(item); |
695 *ok = 0; | 682 *ok = 0; |
696 return i; | 683 return i; |
697 } | 684 } |
698 | 685 |
699 | 686 |
700 static int | 687 static int |
701 dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) | 688 dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) |
702 { | 689 { |
703 int i=-1; | 690 int i=-1; |
704 hm_fragment *frag = NULL; | 691 hm_fragment *frag = NULL; |
705 pitem *item = NULL; | 692 pitem *item = NULL; |
706 » PQ_64BIT seq64; | 693 » unsigned char seq64be[8]; |
707 unsigned long frag_len = msg_hdr->frag_len; | 694 unsigned long frag_len = msg_hdr->frag_len; |
708 | 695 |
709 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) | 696 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) |
710 goto err; | 697 goto err; |
711 | 698 |
712 /* Try to find item in queue, to prevent duplicate entries */ | 699 /* Try to find item in queue, to prevent duplicate entries */ |
713 » pq_64bit_init(&seq64); | 700 » memset(seq64be,0,sizeof(seq64be)); |
714 » pq_64bit_assign_word(&seq64, msg_hdr->seq); | 701 » seq64be[6] = (unsigned char) (msg_hdr->seq>>8); |
715 » item = pqueue_find(s->d1->buffered_messages, seq64); | 702 » seq64be[7] = (unsigned char) msg_hdr->seq; |
716 » pq_64bit_free(&seq64); | 703 » item = pqueue_find(s->d1->buffered_messages, seq64be); |
717 | 704 |
718 /* If we already have an entry and this one is a fragment, | 705 /* If we already have an entry and this one is a fragment, |
719 * don't discard it and rather try to reassemble it. | 706 * don't discard it and rather try to reassemble it. |
720 */ | 707 */ |
721 if (item != NULL && frag_len < msg_hdr->msg_len) | 708 if (item != NULL && frag_len < msg_hdr->msg_len) |
722 item = NULL; | 709 item = NULL; |
723 | 710 |
724 /* Discard the message if sequence number was already there, is | 711 /* Discard the message if sequence number was already there, is |
725 * too far in the future, already in the queue or if we received | 712 * too far in the future, already in the queue or if we received |
726 * a FINISHED before the SERVER_HELLO, which then must be a stale | 713 * a FINISHED before the SERVER_HELLO, which then must be a stale |
(...skipping 20 matching lines...) Expand all Loading... |
747 return dtls1_reassemble_fragment(s, msg_hdr, ok); | 734 return dtls1_reassemble_fragment(s, msg_hdr, ok); |
748 | 735 |
749 frag = dtls1_hm_fragment_new(frag_len, 0); | 736 frag = dtls1_hm_fragment_new(frag_len, 0); |
750 if ( frag == NULL) | 737 if ( frag == NULL) |
751 goto err; | 738 goto err; |
752 | 739 |
753 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); | 740 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); |
754 | 741 |
755 if (frag_len) | 742 if (frag_len) |
756 { | 743 { |
757 » » » /* read the body of the fragment (header has already bee
n read) */ | 744 » » » /* read the body of the fragment (header has already bee
n read */ |
758 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, | 745 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, |
759 frag->fragment,frag_len,0); | 746 frag->fragment,frag_len,0); |
760 if (i<=0 || (unsigned long)i!=frag_len) | 747 if (i<=0 || (unsigned long)i!=frag_len) |
761 goto err; | 748 goto err; |
762 } | 749 } |
763 | 750 |
764 » » pq_64bit_init(&seq64); | 751 » » memset(seq64be,0,sizeof(seq64be)); |
765 » » pq_64bit_assign_word(&seq64, msg_hdr->seq); | 752 » » seq64be[6] = (unsigned char)(msg_hdr->seq>>8); |
| 753 » » seq64be[7] = (unsigned char)(msg_hdr->seq); |
766 | 754 |
767 » » item = pitem_new(seq64, frag); | 755 » » item = pitem_new(seq64be, frag); |
768 » » pq_64bit_free(&seq64); | |
769 if ( item == NULL) | 756 if ( item == NULL) |
770 goto err; | 757 goto err; |
771 | 758 |
772 pqueue_insert(s->d1->buffered_messages, item); | 759 pqueue_insert(s->d1->buffered_messages, item); |
773 } | 760 } |
774 | 761 |
775 return DTLS1_HM_FRAGMENT_RETRY; | 762 return DTLS1_HM_FRAGMENT_RETRY; |
776 | 763 |
777 err: | 764 err: |
778 if ( frag != NULL) dtls1_hm_fragment_free(frag); | 765 if ( frag != NULL) dtls1_hm_fragment_free(frag); |
(...skipping 20 matching lines...) Expand all Loading... |
799 | 786 |
800 /* read handshake message header */ | 787 /* read handshake message header */ |
801 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, | 788 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, |
802 DTLS1_HM_HEADER_LENGTH, 0); | 789 DTLS1_HM_HEADER_LENGTH, 0); |
803 if (i <= 0) /* nbio, or an error */ | 790 if (i <= 0) /* nbio, or an error */ |
804 { | 791 { |
805 s->rwstate=SSL_READING; | 792 s->rwstate=SSL_READING; |
806 *ok = 0; | 793 *ok = 0; |
807 return i; | 794 return i; |
808 } | 795 } |
809 » OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH); | 796 » /* Handshake fails if message header is incomplete */ |
| 797 » if (i != DTLS1_HM_HEADER_LENGTH) |
| 798 » » { |
| 799 » » al=SSL_AD_UNEXPECTED_MESSAGE; |
| 800 » » SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE
); |
| 801 » » goto f_err; |
| 802 » » } |
810 | 803 |
811 /* parse the message fragment header */ | 804 /* parse the message fragment header */ |
812 dtls1_get_message_header(wire, &msg_hdr); | 805 dtls1_get_message_header(wire, &msg_hdr); |
813 | 806 |
814 /* | 807 /* |
815 * if this is a future (or stale) message it gets buffered | 808 * if this is a future (or stale) message it gets buffered |
816 » * (or dropped)--no further processing at this time | 809 » * (or dropped)--no further processing at this time |
| 810 » * While listening, we accept seq 1 (ClientHello with cookie) |
| 811 » * although we're still expecting seq 0 (ClientHello) |
817 */ | 812 */ |
818 » if ( msg_hdr.seq != s->d1->handshake_read_seq) | 813 » if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_h
dr.seq == 1)) |
819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); | 814 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); |
820 | 815 |
821 len = msg_hdr.msg_len; | 816 len = msg_hdr.msg_len; |
822 frag_off = msg_hdr.frag_off; | 817 frag_off = msg_hdr.frag_off; |
823 frag_len = msg_hdr.frag_len; | 818 frag_len = msg_hdr.frag_len; |
824 | 819 |
825 if (frag_len && frag_len < len) | 820 if (frag_len && frag_len < len) |
826 return dtls1_reassemble_fragment(s, &msg_hdr, ok); | 821 return dtls1_reassemble_fragment(s, &msg_hdr, ok); |
827 | 822 |
828 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && | 823 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
869 s->rwstate=SSL_READING; | 864 s->rwstate=SSL_READING; |
870 *ok = 0; | 865 *ok = 0; |
871 return i; | 866 return i; |
872 } | 867 } |
873 } | 868 } |
874 else | 869 else |
875 i = 0; | 870 i = 0; |
876 | 871 |
877 /* XDTLS: an incorrectly formatted fragment should cause the | 872 /* XDTLS: an incorrectly formatted fragment should cause the |
878 * handshake to fail */ | 873 * handshake to fail */ |
879 » OPENSSL_assert(i == (int)frag_len); | 874 » if (i != (int)frag_len) |
| 875 » » { |
| 876 » » al=SSL3_AD_ILLEGAL_PARAMETER; |
| 877 » » SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETE
R); |
| 878 » » goto f_err; |
| 879 » » } |
880 | 880 |
881 *ok = 1; | 881 *ok = 1; |
882 | 882 |
883 /* Note that s->init_num is *not* used as current offset in | 883 /* Note that s->init_num is *not* used as current offset in |
884 * s->init_buf->data, but as a counter summing up fragments' | 884 * s->init_buf->data, but as a counter summing up fragments' |
885 * lengths: as soon as they sum up to handshake packet | 885 * lengths: as soon as they sum up to handshake packet |
886 * length, we assume we have got all the fragments. */ | 886 * length, we assume we have got all the fragments. */ |
887 s->init_num = frag_len; | 887 s->init_num = frag_len; |
888 return frag_len; | 888 return frag_len; |
889 | 889 |
(...skipping 10 matching lines...) Expand all Loading... |
900 unsigned char *p,*d; | 900 unsigned char *p,*d; |
901 int i; | 901 int i; |
902 unsigned long l; | 902 unsigned long l; |
903 | 903 |
904 if (s->state == a) | 904 if (s->state == a) |
905 { | 905 { |
906 d=(unsigned char *)s->init_buf->data; | 906 d=(unsigned char *)s->init_buf->data; |
907 p= &(d[DTLS1_HM_HEADER_LENGTH]); | 907 p= &(d[DTLS1_HM_HEADER_LENGTH]); |
908 | 908 |
909 i=s->method->ssl3_enc->final_finish_mac(s, | 909 i=s->method->ssl3_enc->final_finish_mac(s, |
910 &(s->s3->finish_dgst1), | |
911 &(s->s3->finish_dgst2), | |
912 sender,slen,s->s3->tmp.finish_md); | 910 sender,slen,s->s3->tmp.finish_md); |
913 s->s3->tmp.finish_md_len = i; | 911 s->s3->tmp.finish_md_len = i; |
914 memcpy(p, s->s3->tmp.finish_md, i); | 912 memcpy(p, s->s3->tmp.finish_md, i); |
915 p+=i; | 913 p+=i; |
916 l=i; | 914 l=i; |
917 | 915 |
918 /* Copy the finished so we can use it for | 916 /* Copy the finished so we can use it for |
919 * renegotiation checks | 917 * renegotiation checks |
920 */ | 918 */ |
921 if(s->type == SSL_ST_CONNECT) | 919 if(s->type == SSL_ST_CONNECT) |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
966 { | 964 { |
967 unsigned char *p; | 965 unsigned char *p; |
968 | 966 |
969 if (s->state == a) | 967 if (s->state == a) |
970 { | 968 { |
971 p=(unsigned char *)s->init_buf->data; | 969 p=(unsigned char *)s->init_buf->data; |
972 *p++=SSL3_MT_CCS; | 970 *p++=SSL3_MT_CCS; |
973 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; | 971 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; |
974 s->init_num=DTLS1_CCS_HEADER_LENGTH; | 972 s->init_num=DTLS1_CCS_HEADER_LENGTH; |
975 | 973 |
976 » » if (s->client_version == DTLS1_BAD_VER) | 974 » » if (s->version == DTLS1_BAD_VER) { |
977 » » » { | |
978 s->d1->next_handshake_write_seq++; | 975 s->d1->next_handshake_write_seq++; |
979 s2n(s->d1->handshake_write_seq,p); | 976 s2n(s->d1->handshake_write_seq,p); |
980 s->init_num+=2; | 977 s->init_num+=2; |
981 » » » } | 978 » » } |
982 | 979 |
983 s->init_off=0; | 980 s->init_off=0; |
984 | 981 |
985 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, | 982 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, |
986 s->d1->handshake_write_seq, 0, 0); | 983 s->d1->handshake_write_seq, 0, 0); |
987 | 984 |
988 /* buffer the message to handle re-xmits */ | 985 /* buffer the message to handle re-xmits */ |
989 dtls1_buffer_message(s, 1); | 986 dtls1_buffer_message(s, 1); |
990 | 987 |
991 s->state=b; | 988 s->state=b; |
992 } | 989 } |
993 | 990 |
994 /* SSL3_ST_CW_CHANGE_B */ | 991 /* SSL3_ST_CW_CHANGE_B */ |
995 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); | 992 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); |
996 } | 993 } |
997 | 994 |
998 static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) | 995 static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) |
999 { | 996 { |
1000 » » int n; | 997 » int n; |
1001 » » unsigned char *p; | 998 » unsigned char *p; |
1002 | 999 |
1003 » » n=i2d_X509(x,NULL); | 1000 » n=i2d_X509(x,NULL); |
1004 » » if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) | 1001 » if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) |
1005 » » » { | 1002 » » { |
1006 » » » SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); | 1003 » » SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); |
1007 » » » return 0; | 1004 » » return 0; |
1008 » » » } | 1005 » » } |
1009 » » p=(unsigned char *)&(buf->data[*l]); | 1006 » p=(unsigned char *)&(buf->data[*l]); |
1010 » » l2n3(n,p); | 1007 » l2n3(n,p); |
1011 » » i2d_X509(x,&p); | 1008 » i2d_X509(x,&p); |
1012 » » *l+=n+3; | 1009 » *l+=n+3; |
1013 | 1010 |
1014 » » return 1; | 1011 » return 1; |
1015 } | 1012 } |
1016 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) | 1013 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) |
1017 { | 1014 { |
1018 unsigned char *p; | 1015 unsigned char *p; |
1019 int i; | 1016 int i; |
1020 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; | 1017 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; |
1021 BUF_MEM *buf; | 1018 BUF_MEM *buf; |
1022 | 1019 |
1023 /* TLSv1 sends a chain with nothing in it, instead of an alert */ | 1020 /* TLSv1 sends a chain with nothing in it, instead of an alert */ |
1024 buf=s->init_buf; | 1021 buf=s->init_buf; |
1025 if (!BUF_MEM_grow_clean(buf,10)) | 1022 if (!BUF_MEM_grow_clean(buf,10)) |
1026 { | 1023 { |
1027 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); | 1024 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); |
1028 return(0); | 1025 return(0); |
1029 } | 1026 } |
1030 if (x != NULL) | 1027 if (x != NULL) |
1031 { | 1028 { |
1032 X509_STORE_CTX xs_ctx; | 1029 X509_STORE_CTX xs_ctx; |
1033 | 1030 |
1034 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) | 1031 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) |
1035 { | 1032 { |
1036 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); | 1033 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); |
1037 return(0); | 1034 return(0); |
1038 } | 1035 } |
1039 | 1036 |
1040 X509_verify_cert(&xs_ctx); | 1037 X509_verify_cert(&xs_ctx); |
1041 /* Don't leave errors in the queue */ | 1038 /* Don't leave errors in the queue */ |
1042 ERR_clear_error(); | 1039 ERR_clear_error(); |
1043 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) | 1040 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) |
1044 { | 1041 { |
1045 x = sk_X509_value(xs_ctx.chain, i); | 1042 x = sk_X509_value(xs_ctx.chain, i); |
1046 | 1043 |
1047 if (!dtls1_add_cert_to_buf(buf, &l, x)) | 1044 if (!dtls1_add_cert_to_buf(buf, &l, x)) |
1048 { | 1045 { |
1049 X509_STORE_CTX_cleanup(&xs_ctx); | 1046 X509_STORE_CTX_cleanup(&xs_ctx); |
1050 return 0; | 1047 return 0; |
1051 } | 1048 } |
1052 } | 1049 } |
1053 X509_STORE_CTX_cleanup(&xs_ctx); | 1050 X509_STORE_CTX_cleanup(&xs_ctx); |
1054 } | 1051 } |
1055 » /* Thawte special :-) */ | 1052 » /* Thawte special :-) */ |
1056 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) | 1053 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) |
1057 { | 1054 { |
1058 x=sk_X509_value(s->ctx->extra_certs,i); | 1055 x=sk_X509_value(s->ctx->extra_certs,i); |
1059 if (!dtls1_add_cert_to_buf(buf, &l, x)) | 1056 if (!dtls1_add_cert_to_buf(buf, &l, x)) |
1060 return 0; | 1057 return 0; |
1061 } | 1058 } |
1062 | 1059 |
1063 l-= (3 + DTLS1_HM_HEADER_LENGTH); | 1060 l-= (3 + DTLS1_HM_HEADER_LENGTH); |
1064 | 1061 |
1065 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); | 1062 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1149 } | 1146 } |
1150 | 1147 |
1151 return 1; | 1148 return 1; |
1152 } | 1149 } |
1153 | 1150 |
1154 int | 1151 int |
1155 dtls1_buffer_message(SSL *s, int is_ccs) | 1152 dtls1_buffer_message(SSL *s, int is_ccs) |
1156 { | 1153 { |
1157 pitem *item; | 1154 pitem *item; |
1158 hm_fragment *frag; | 1155 hm_fragment *frag; |
1159 » PQ_64BIT seq64; | 1156 » unsigned char seq64be[8]; |
1160 | 1157 |
1161 /* this function is called immediately after a message has | 1158 /* this function is called immediately after a message has |
1162 * been serialized */ | 1159 * been serialized */ |
1163 OPENSSL_assert(s->init_off == 0); | 1160 OPENSSL_assert(s->init_off == 0); |
1164 | 1161 |
1165 frag = dtls1_hm_fragment_new(s->init_num, 0); | 1162 frag = dtls1_hm_fragment_new(s->init_num, 0); |
1166 | 1163 |
1167 memcpy(frag->fragment, s->init_buf->data, s->init_num); | 1164 memcpy(frag->fragment, s->init_buf->data, s->init_num); |
1168 | 1165 |
1169 if ( is_ccs) | 1166 if ( is_ccs) |
1170 { | 1167 { |
1171 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + | 1168 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + |
1172 » » » DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num); | 1169 » » » ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LEN
GTH:3) == (unsigned int)s->init_num); |
1173 } | 1170 } |
1174 else | 1171 else |
1175 { | 1172 { |
1176 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + | 1173 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + |
1177 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); | 1174 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); |
1178 } | 1175 } |
1179 | 1176 |
1180 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; | 1177 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; |
1181 frag->msg_header.seq = s->d1->w_msg_hdr.seq; | 1178 frag->msg_header.seq = s->d1->w_msg_hdr.seq; |
1182 frag->msg_header.type = s->d1->w_msg_hdr.type; | 1179 frag->msg_header.type = s->d1->w_msg_hdr.type; |
1183 frag->msg_header.frag_off = 0; | 1180 frag->msg_header.frag_off = 0; |
1184 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; | 1181 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; |
1185 frag->msg_header.is_ccs = is_ccs; | 1182 frag->msg_header.is_ccs = is_ccs; |
1186 | 1183 |
1187 /* save current state*/ | 1184 /* save current state*/ |
1188 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx
; | 1185 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx
; |
1189 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; | 1186 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; |
1190 frag->msg_header.saved_retransmit_state.compress = s->compress; | 1187 frag->msg_header.saved_retransmit_state.compress = s->compress; |
1191 frag->msg_header.saved_retransmit_state.session = s->session; | 1188 frag->msg_header.saved_retransmit_state.session = s->session; |
1192 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; | 1189 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; |
| 1190 |
| 1191 memset(seq64be,0,sizeof(seq64be)); |
| 1192 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.s
eq, |
| 1193
frag->msg_header.is_ccs)>>8); |
| 1194 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.s
eq, |
| 1195
frag->msg_header.is_ccs)); |
1193 | 1196 |
1194 » pq_64bit_init(&seq64); | 1197 » item = pitem_new(seq64be, frag); |
1195 | |
1196 » pq_64bit_assign_word(&seq64, | |
1197 » » » » » » dtls1_get_queue_priority(frag->
msg_header.seq, | |
1198 » » » » » » » » » »
» » frag->msg_header.is_ccs)); | |
1199 » » | |
1200 » item = pitem_new(seq64, frag); | |
1201 » pq_64bit_free(&seq64); | |
1202 if ( item == NULL) | 1198 if ( item == NULL) |
1203 { | 1199 { |
1204 dtls1_hm_fragment_free(frag); | 1200 dtls1_hm_fragment_free(frag); |
1205 return 0; | 1201 return 0; |
1206 } | 1202 } |
1207 | 1203 |
1208 #if 0 | 1204 #if 0 |
1209 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); | 1205 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); |
1210 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); | 1206 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); |
1211 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num); | 1207 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num); |
1212 #endif | 1208 #endif |
1213 | 1209 |
1214 pqueue_insert(s->d1->sent_messages, item); | 1210 pqueue_insert(s->d1->sent_messages, item); |
1215 return 1; | 1211 return 1; |
1216 } | 1212 } |
1217 | 1213 |
1218 int | 1214 int |
1219 dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | 1215 dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, |
1220 int *found) | 1216 int *found) |
1221 { | 1217 { |
1222 int ret; | 1218 int ret; |
1223 /* XDTLS: for now assuming that read/writes are blocking */ | 1219 /* XDTLS: for now assuming that read/writes are blocking */ |
1224 pitem *item; | 1220 pitem *item; |
1225 hm_fragment *frag ; | 1221 hm_fragment *frag ; |
1226 unsigned long header_length; | 1222 unsigned long header_length; |
1227 » PQ_64BIT seq64; | 1223 » unsigned char seq64be[8]; |
1228 struct dtls1_retransmit_state saved_state; | 1224 struct dtls1_retransmit_state saved_state; |
1229 unsigned char save_write_sequence[8]; | 1225 unsigned char save_write_sequence[8]; |
1230 | 1226 |
1231 /* | 1227 /* |
1232 OPENSSL_assert(s->init_num == 0); | 1228 OPENSSL_assert(s->init_num == 0); |
1233 OPENSSL_assert(s->init_off == 0); | 1229 OPENSSL_assert(s->init_off == 0); |
1234 */ | 1230 */ |
1235 | 1231 |
1236 /* XDTLS: the requested message ought to be found, otherwise error */ | 1232 /* XDTLS: the requested message ought to be found, otherwise error */ |
1237 » pq_64bit_init(&seq64); | 1233 » memset(seq64be,0,sizeof(seq64be)); |
1238 » pq_64bit_assign_word(&seq64, seq); | 1234 » seq64be[6] = (unsigned char)(seq>>8); |
| 1235 » seq64be[7] = (unsigned char)seq; |
1239 | 1236 |
1240 » item = pqueue_find(s->d1->sent_messages, seq64); | 1237 » item = pqueue_find(s->d1->sent_messages, seq64be); |
1241 » pq_64bit_free(&seq64); | |
1242 if ( item == NULL) | 1238 if ( item == NULL) |
1243 { | 1239 { |
1244 fprintf(stderr, "retransmit: message %d non-existant\n", seq); | 1240 fprintf(stderr, "retransmit: message %d non-existant\n", seq); |
1245 *found = 0; | 1241 *found = 0; |
1246 return 0; | 1242 return 0; |
1247 } | 1243 } |
1248 | 1244 |
1249 *found = 1; | 1245 *found = 1; |
1250 frag = (hm_fragment *)item->data; | 1246 frag = (hm_fragment *)item->data; |
1251 | 1247 |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1319 dtls1_hm_fragment_free((hm_fragment *)item->data); | 1315 dtls1_hm_fragment_free((hm_fragment *)item->data); |
1320 pitem_free(item); | 1316 pitem_free(item); |
1321 } | 1317 } |
1322 } | 1318 } |
1323 | 1319 |
1324 | 1320 |
1325 unsigned char * | 1321 unsigned char * |
1326 dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, | 1322 dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, |
1327 unsigned long len, unsigned long frag_off, unsigned long
frag_len) | 1323 unsigned long len, unsigned long frag_off, unsigned long
frag_len) |
1328 { | 1324 { |
1329 » if ( frag_off == 0) | 1325 » /* Don't change sequence numbers while listening */ |
| 1326 » if (frag_off == 0 && !s->d1->listen) |
1330 { | 1327 { |
1331 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; | 1328 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; |
1332 s->d1->next_handshake_write_seq++; | 1329 s->d1->next_handshake_write_seq++; |
1333 } | 1330 } |
1334 | 1331 |
1335 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, | 1332 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, |
1336 frag_off, frag_len); | 1333 frag_off, frag_len); |
1337 | 1334 |
1338 return p += DTLS1_HM_HEADER_LENGTH; | 1335 return p += DTLS1_HM_HEADER_LENGTH; |
1339 } | 1336 } |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1372 *p++ = msg_hdr->type; | 1369 *p++ = msg_hdr->type; |
1373 l2n3(msg_hdr->msg_len, p); | 1370 l2n3(msg_hdr->msg_len, p); |
1374 | 1371 |
1375 s2n(msg_hdr->seq, p); | 1372 s2n(msg_hdr->seq, p); |
1376 l2n3(msg_hdr->frag_off, p); | 1373 l2n3(msg_hdr->frag_off, p); |
1377 l2n3(msg_hdr->frag_len, p); | 1374 l2n3(msg_hdr->frag_len, p); |
1378 | 1375 |
1379 return p; | 1376 return p; |
1380 } | 1377 } |
1381 | 1378 |
1382 static unsigned int | 1379 unsigned int |
1383 dtls1_min_mtu(void) | 1380 dtls1_min_mtu(void) |
1384 { | 1381 { |
1385 return (g_probable_mtu[(sizeof(g_probable_mtu) / | 1382 return (g_probable_mtu[(sizeof(g_probable_mtu) / |
1386 sizeof(g_probable_mtu[0])) - 1]); | 1383 sizeof(g_probable_mtu[0])) - 1]); |
1387 } | 1384 } |
1388 | 1385 |
1389 static unsigned int | 1386 static unsigned int |
1390 dtls1_guess_mtu(unsigned int curr_mtu) | 1387 dtls1_guess_mtu(unsigned int curr_mtu) |
1391 { | 1388 { |
1392 » size_t i; | 1389 » unsigned int i; |
1393 | 1390 |
1394 if ( curr_mtu == 0 ) | 1391 if ( curr_mtu == 0 ) |
1395 return g_probable_mtu[0] ; | 1392 return g_probable_mtu[0] ; |
1396 | 1393 |
1397 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++) | 1394 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++) |
1398 if ( curr_mtu > g_probable_mtu[i]) | 1395 if ( curr_mtu > g_probable_mtu[i]) |
1399 return g_probable_mtu[i]; | 1396 return g_probable_mtu[i]; |
1400 | 1397 |
1401 return curr_mtu; | 1398 return curr_mtu; |
1402 } | 1399 } |
(...skipping 10 matching lines...) Expand all Loading... |
1413 n2l3(data, msg_hdr->frag_len); | 1410 n2l3(data, msg_hdr->frag_len); |
1414 } | 1411 } |
1415 | 1412 |
1416 void | 1413 void |
1417 dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) | 1414 dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) |
1418 { | 1415 { |
1419 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); | 1416 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); |
1420 | 1417 |
1421 ccs_hdr->type = *(data++); | 1418 ccs_hdr->type = *(data++); |
1422 } | 1419 } |
OLD | NEW |