openssl/ssl/d1_both.c - Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with.

Side by Side Diff: openssl/ssl/d1_both.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/

Patch Set: '' Created 8 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /* ssl/d1_both.c */	1 /* ssl/d1_both.c */

2 /*	2 /*

3 * DTLS implementation written by Nagendra Modadugu	3 * DTLS implementation written by Nagendra Modadugu

4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

5 */	5 */

6 /* ====================================================================	6 /* ====================================================================

7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.	7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.

8 *	8 *

9 * Redistribution and use in source and binary forms, with or without	9 * Redistribution and use in source and binary forms, with or without

10 * modification, are permitted provided that the following conditions	10 * modification, are permitted provided that the following conditions

(...skipping 135 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
146	146

147 #if 0	147 #if 0

148 #define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \	148 #define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \

149 long ii; \	149 long ii; \

150 printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \	150 printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \

151 printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (i i & 7)); \	151 printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (i i & 7)); \

152 printf("\n"); }	152 printf("\n"); }

153 #endif	153 #endif

154	154

155 static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe 0, 0xc0, 0x80};	155 static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe 0, 0xc0, 0x80};

156 static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1 f, 0x3f, 0x7f};	156 static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1 f, 0x3f, 0x7f};

157	157

158 /* XDTLS: figure out the right values */	158 /* XDTLS: figure out the right values */

159 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};	159 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};

160	160

161 static unsigned int dtls1_min_mtu(void);

162 static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);	161 static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);

163 static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,	162 static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,

164 unsigned long frag_len);	163 unsigned long frag_len);

165 static unsigned char dtls1_write_message_header(SSL s,	164 static unsigned char dtls1_write_message_header(SSL s,

166 unsigned char *p);	165 unsigned char *p);

167 static void dtls1_set_message_header_int(SSL *s, unsigned char mt,	166 static void dtls1_set_message_header_int(SSL *s, unsigned char mt,

168 unsigned long len, unsigned short seq_num, unsigned long frag_off,	167 unsigned long len, unsigned short seq_num, unsigned long frag_off,

169 unsigned long frag_len);	168 unsigned long frag_len);

170 static long dtls1_get_message_fragment(SSL *s, int st1, int stn,	169 static long dtls1_get_message_fragment(SSL *s, int st1, int stn,

171 long max, int *ok);	170 long max, int *ok);

(...skipping 85 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
257 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)	256 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)

258 return ret;	257 return ret;

259	258

260 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)	259 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)

261 {	260 {

262 ret = BIO_flush(SSL_get_wbio(s));	261 ret = BIO_flush(SSL_get_wbio(s));

263 if ( ret <= 0)	262 if ( ret <= 0)

264 return ret;	263 return ret;

265 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LEN GTH);	264 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LEN GTH);

266 }	265 }

	266 #endif

267	267

268 » OPENSSL_assert(mtu > 0); /* should have something reasonable now */	268 » OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */

269

270 #endif

271	269

272 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)	270 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)

273 OPENSSL_assert(s->init_num ==	271 OPENSSL_assert(s->init_num ==

274 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);	272 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);

275	273

276 if (s->write_hash)	274 if (s->write_hash)

277 » » mac_size = EVP_MD_size(s->write_hash);	275 » » mac_size = EVP_MD_CTX_size(s->write_hash);

278 else	276 else

279 mac_size = 0;	277 mac_size = 0;

280	278

281 if (s->enc_write_ctx &&	279 if (s->enc_write_ctx &&

282 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE) )	280 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE) )

283 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);	281 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);

284 else	282 else

285 blocksize = 0;	283 blocksize = 0;

286	284

287 frag_off = 0;	285 frag_off = 0;

(...skipping 65 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
353 OPENSSL_assert(len == (unsigned int)ret);	351 OPENSSL_assert(len == (unsigned int)ret);

354	352

355 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting )	353 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting )

356 {	354 {

357 /* should not be done for 'Hello Request's, but in that case	355 /* should not be done for 'Hello Request's, but in that case

358 * we'll ignore the result anyway */	356 * we'll ignore the result anyway */

359 unsigned char p = (unsigned char )&s->init_buf ->data[s->init_off];	357 unsigned char p = (unsigned char )&s->init_buf ->data[s->init_off];

360 const struct hm_header_st *msg_hdr = &s->d1->w_m sg_hdr;	358 const struct hm_header_st *msg_hdr = &s->d1->w_m sg_hdr;

361 int xlen;	359 int xlen;

362	360

363 » » » » if (frag_off == 0 && s->client_version != DTLS1_ BAD_VER)	361 » » » » if (frag_off == 0 && s->version != DTLS1_BAD_VER )

364 {	362 {

365 /* reconstruct message header is if it	363 /* reconstruct message header is if it

366 * is being sent in single fragment */	364 * is being sent in single fragment */

367 *p++ = msg_hdr->type;	365 *p++ = msg_hdr->type;

368 l2n3(msg_hdr->msg_len,p);	366 l2n3(msg_hdr->msg_len,p);

369 s2n (msg_hdr->seq,p);	367 s2n (msg_hdr->seq,p);

370 l2n3(0,p);	368 l2n3(0,p);

371 l2n3(msg_hdr->msg_len,p);	369 l2n3(msg_hdr->msg_len,p);

372 p -= DTLS1_HM_HEADER_LENGTH;	370 p -= DTLS1_HM_HEADER_LENGTH;

373 xlen = ret;	371 xlen = ret;

(...skipping 83 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
457 }	455 }

458	456

459 ssl3_finish_mac(s, p, msg_len);	457 ssl3_finish_mac(s, p, msg_len);

460 if (s->msg_callback)	458 if (s->msg_callback)

461 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,	459 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,

462 p, msg_len,	460 p, msg_len,

463 s, s->msg_callback_arg);	461 s, s->msg_callback_arg);

464	462

465 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));	463 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));

466	464

467 » s->d1->handshake_read_seq++;	465 » /* Don't change sequence numbers while listening */

468 » /* we just read a handshake message from the other side:	466 » if (!s->d1->listen)

469 » * this means that we don't need to retransmit of the	467 » » s->d1->handshake_read_seq++;

470 » * buffered messages.

471 » * XDTLS: may be able clear out this

472 » * buffer a little sooner (i.e if an out-of-order

473 » * handshake message/record is received at the record

474 » * layer.

475 » * XDTLS: exception is that the server needs to

476 » * know that change cipher spec and finished messages

477 » * have been received by the client before clearing this

478 » * buffer. this can simply be done by waiting for the

479 » * first data segment, but is there a better way? */

480 » dtls1_clear_record_buffer(s);

481	468

482 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;	469 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;

483 return s->init_num;	470 return s->init_num;

484	471

485 f_err:	472 f_err:

486 ssl3_send_alert(s,SSL3_AL_FATAL,al);	473 ssl3_send_alert(s,SSL3_AL_FATAL,al);

487 *ok = 0;	474 *ok = 0;

488 return -1;	475 return -1;

489 }	476 }

490	477

(...skipping 16 matching lines...) Expand all Loading...
507 if ( (frag_off+frag_len) > (unsigned long)max)	494 if ( (frag_off+frag_len) > (unsigned long)max)

508 {	495 {

509 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_S IZE);	496 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_S IZE);

510 return SSL_AD_ILLEGAL_PARAMETER;	497 return SSL_AD_ILLEGAL_PARAMETER;

511 }	498 }

512	499

513 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */	500 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */

514 {	501 {

515 /* msg_len is limited to 2^24, but is effectively checked	502 /* msg_len is limited to 2^24, but is effectively checked

516 * against max above */	503 * against max above */

517 » » if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER _LENGTH))	504 » » if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENG TH))

518 {	505 {

519 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);	506 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);

520 return SSL_AD_INTERNAL_ERROR;	507 return SSL_AD_INTERNAL_ERROR;

521 }	508 }

522	509

523 s->s3->tmp.message_size = msg_len;	510 s->s3->tmp.message_size = msg_len;

524 s->d1->r_msg_hdr.msg_len = msg_len;	511 s->d1->r_msg_hdr.msg_len = msg_len;

525 s->s3->tmp.message_type = msg_hdr->type;	512 s->s3->tmp.message_type = msg_hdr->type;

526 s->d1->r_msg_hdr.type = msg_hdr->type;	513 s->d1->r_msg_hdr.type = msg_hdr->type;

527 s->d1->r_msg_hdr.seq = msg_hdr->seq;	514 s->d1->r_msg_hdr.seq = msg_hdr->seq;

(...skipping 65 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
593 return 0;	580 return 0;

594 }	581 }

595	582

596	583

597 static int	584 static int

598 dtls1_reassemble_fragment(SSL s, struct hm_header_st msg_hdr, int *ok)	585 dtls1_reassemble_fragment(SSL s, struct hm_header_st msg_hdr, int *ok)

599 {	586 {

600 hm_fragment *frag = NULL;	587 hm_fragment *frag = NULL;

601 pitem *item = NULL;	588 pitem *item = NULL;

602 int i = -1, is_complete;	589 int i = -1, is_complete;

603 » PQ_64BIT seq64;	590 » unsigned char seq64be[8];

604 unsigned long frag_len = msg_hdr->frag_len, max_len;	591 unsigned long frag_len = msg_hdr->frag_len, max_len;

605	592

606 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)	593 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)

607 goto err;	594 goto err;

608	595

609 /* Determine maximum allowed message size. Depends on (user set)	596 /* Determine maximum allowed message size. Depends on (user set)

610 * maximum certificate length, but 16k is minimum.	597 * maximum certificate length, but 16k is minimum.

611 */	598 */

612 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_ list)	599 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_ list)

613 max_len = s->max_cert_list;	600 max_len = s->max_cert_list;

614 else	601 else

615 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;	602 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;

616	603

617 if ((msg_hdr->frag_off+frag_len) > max_len)	604 if ((msg_hdr->frag_off+frag_len) > max_len)

618 goto err;	605 goto err;

619	606

620 /* Try to find item in queue */	607 /* Try to find item in queue */

621 » pq_64bit_init(&seq64);	608 » memset(seq64be,0,sizeof(seq64be));

622 » pq_64bit_assign_word(&seq64, msg_hdr->seq);	609 » seq64be[6] = (unsigned char) (msg_hdr->seq>>8);

623 » item = pqueue_find(s->d1->buffered_messages, seq64);	610 » seq64be[7] = (unsigned char) msg_hdr->seq;

624 » pq_64bit_free(&seq64);	611 » item = pqueue_find(s->d1->buffered_messages, seq64be);

625	612

626 if (item == NULL)	613 if (item == NULL)

627 {	614 {

628 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);	615 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);

629 if ( frag == NULL)	616 if ( frag == NULL)

630 goto err;	617 goto err;

631 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));	618 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));

632 frag->msg_header.frag_len = frag->msg_header.msg_len;	619 frag->msg_header.frag_len = frag->msg_header.msg_len;

633 frag->msg_header.frag_off = 0;	620 frag->msg_header.frag_off = 0;

634 }	621 }

(...skipping 31 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
666 is_complete);	653 is_complete);

667	654

668 if (is_complete)	655 if (is_complete)

669 {	656 {

670 OPENSSL_free(frag->reassembly);	657 OPENSSL_free(frag->reassembly);

671 frag->reassembly = NULL;	658 frag->reassembly = NULL;

672 }	659 }

673	660

674 if (item == NULL)	661 if (item == NULL)

675 {	662 {

676 » » pq_64bit_init(&seq64);	663 » » memset(seq64be,0,sizeof(seq64be));

677 » » pq_64bit_assign_word(&seq64, msg_hdr->seq);	664 » » seq64be[6] = (unsigned char)(msg_hdr->seq>>8);

678 » » item = pitem_new(seq64, frag);	665 » » seq64be[7] = (unsigned char)(msg_hdr->seq);

679 » » pq_64bit_free(&seq64);

680	666

	667 item = pitem_new(seq64be, frag);

681 if (item == NULL)	668 if (item == NULL)

682 {	669 {

683 goto err;	670 goto err;

684 i = -1;	671 i = -1;

685 }	672 }

686	673

687 pqueue_insert(s->d1->buffered_messages, item);	674 pqueue_insert(s->d1->buffered_messages, item);

688 }	675 }

689	676

690 return DTLS1_HM_FRAGMENT_RETRY;	677 return DTLS1_HM_FRAGMENT_RETRY;

691	678

692 err:	679 err:

693 if (frag != NULL) dtls1_hm_fragment_free(frag);	680 if (frag != NULL) dtls1_hm_fragment_free(frag);

694 if (item != NULL) OPENSSL_free(item);	681 if (item != NULL) OPENSSL_free(item);

695 *ok = 0;	682 *ok = 0;

696 return i;	683 return i;

697 }	684 }

698	685

699	686

700 static int	687 static int

701 dtls1_process_out_of_seq_message(SSL s, struct hm_header_st msg_hdr, int *ok)	688 dtls1_process_out_of_seq_message(SSL s, struct hm_header_st msg_hdr, int *ok)

702 {	689 {

703 int i=-1;	690 int i=-1;

704 hm_fragment *frag = NULL;	691 hm_fragment *frag = NULL;

705 pitem *item = NULL;	692 pitem *item = NULL;

706 » PQ_64BIT seq64;	693 » unsigned char seq64be[8];

707 unsigned long frag_len = msg_hdr->frag_len;	694 unsigned long frag_len = msg_hdr->frag_len;

708	695

709 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)	696 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)

710 goto err;	697 goto err;

711	698

712 /* Try to find item in queue, to prevent duplicate entries */	699 /* Try to find item in queue, to prevent duplicate entries */

713 » pq_64bit_init(&seq64);	700 » memset(seq64be,0,sizeof(seq64be));

714 » pq_64bit_assign_word(&seq64, msg_hdr->seq);	701 » seq64be[6] = (unsigned char) (msg_hdr->seq>>8);

715 » item = pqueue_find(s->d1->buffered_messages, seq64);	702 » seq64be[7] = (unsigned char) msg_hdr->seq;

716 » pq_64bit_free(&seq64);	703 » item = pqueue_find(s->d1->buffered_messages, seq64be);

717	704

718 /* If we already have an entry and this one is a fragment,	705 /* If we already have an entry and this one is a fragment,

719 * don't discard it and rather try to reassemble it.	706 * don't discard it and rather try to reassemble it.

720 */	707 */

721 if (item != NULL && frag_len < msg_hdr->msg_len)	708 if (item != NULL && frag_len < msg_hdr->msg_len)

722 item = NULL;	709 item = NULL;

723	710

724 /* Discard the message if sequence number was already there, is	711 /* Discard the message if sequence number was already there, is

725 * too far in the future, already in the queue or if we received	712 * too far in the future, already in the queue or if we received

726 * a FINISHED before the SERVER_HELLO, which then must be a stale	713 * a FINISHED before the SERVER_HELLO, which then must be a stale

(...skipping 20 matching lines...) Expand all Loading...
747 return dtls1_reassemble_fragment(s, msg_hdr, ok);	734 return dtls1_reassemble_fragment(s, msg_hdr, ok);

748	735

749 frag = dtls1_hm_fragment_new(frag_len, 0);	736 frag = dtls1_hm_fragment_new(frag_len, 0);

750 if ( frag == NULL)	737 if ( frag == NULL)

751 goto err;	738 goto err;

752	739

753 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));	740 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));

754	741

755 if (frag_len)	742 if (frag_len)

756 {	743 {

757 » » » /* read the body of the fragment (header has already bee n read) */	744 » » » /* read the body of the fragment (header has already bee n read */

758 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,	745 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,

759 frag->fragment,frag_len,0);	746 frag->fragment,frag_len,0);

760 if (i<=0 \|\| (unsigned long)i!=frag_len)	747 if (i<=0 \|\| (unsigned long)i!=frag_len)

761 goto err;	748 goto err;

762 }	749 }

763	750

764 » » pq_64bit_init(&seq64);	751 » » memset(seq64be,0,sizeof(seq64be));

765 » » pq_64bit_assign_word(&seq64, msg_hdr->seq);	752 » » seq64be[6] = (unsigned char)(msg_hdr->seq>>8);

	753 » » seq64be[7] = (unsigned char)(msg_hdr->seq);

766	754

767 » » item = pitem_new(seq64, frag);	755 » » item = pitem_new(seq64be, frag);

768 » » pq_64bit_free(&seq64);

769 if ( item == NULL)	756 if ( item == NULL)

770 goto err;	757 goto err;

771	758

772 pqueue_insert(s->d1->buffered_messages, item);	759 pqueue_insert(s->d1->buffered_messages, item);

773 }	760 }

774	761

775 return DTLS1_HM_FRAGMENT_RETRY;	762 return DTLS1_HM_FRAGMENT_RETRY;

776	763

777 err:	764 err:

778 if ( frag != NULL) dtls1_hm_fragment_free(frag);	765 if ( frag != NULL) dtls1_hm_fragment_free(frag);

(...skipping 20 matching lines...) Expand all Loading...
799	786

800 /* read handshake message header */	787 /* read handshake message header */

801 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,	788 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,

802 DTLS1_HM_HEADER_LENGTH, 0);	789 DTLS1_HM_HEADER_LENGTH, 0);

803 if (i <= 0) /* nbio, or an error */	790 if (i <= 0) /* nbio, or an error */

804 {	791 {

805 s->rwstate=SSL_READING;	792 s->rwstate=SSL_READING;

806 *ok = 0;	793 *ok = 0;

807 return i;	794 return i;

808 }	795 }

809 » OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);	796 » /* Handshake fails if message header is incomplete */

	797 » if (i != DTLS1_HM_HEADER_LENGTH)

	798 » » {

	799 » » al=SSL_AD_UNEXPECTED_MESSAGE;

	800 » » SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE );

	801 » » goto f_err;

	802 » » }

810	803

811 /* parse the message fragment header */	804 /* parse the message fragment header */

812 dtls1_get_message_header(wire, &msg_hdr);	805 dtls1_get_message_header(wire, &msg_hdr);

813	806

814 /*	807 /*

815 * if this is a future (or stale) message it gets buffered	808 * if this is a future (or stale) message it gets buffered

816 » * (or dropped)--no further processing at this time	809 » * (or dropped)--no further processing at this time

	810 » * While listening, we accept seq 1 (ClientHello with cookie)

	811 » * although we're still expecting seq 0 (ClientHello)

817 */	812 */

818 » if ( msg_hdr.seq != s->d1->handshake_read_seq)	813 » if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_h dr.seq == 1))

819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);	814 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);

820	815

821 len = msg_hdr.msg_len;	816 len = msg_hdr.msg_len;

822 frag_off = msg_hdr.frag_off;	817 frag_off = msg_hdr.frag_off;

823 frag_len = msg_hdr.frag_len;	818 frag_len = msg_hdr.frag_len;

824	819

825 if (frag_len && frag_len < len)	820 if (frag_len && frag_len < len)

826 return dtls1_reassemble_fragment(s, &msg_hdr, ok);	821 return dtls1_reassemble_fragment(s, &msg_hdr, ok);

827	822

828 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&	823 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&

(...skipping 40 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
869 s->rwstate=SSL_READING;	864 s->rwstate=SSL_READING;

870 *ok = 0;	865 *ok = 0;

871 return i;	866 return i;

872 }	867 }

873 }	868 }

874 else	869 else

875 i = 0;	870 i = 0;

876	871

877 /* XDTLS: an incorrectly formatted fragment should cause the	872 /* XDTLS: an incorrectly formatted fragment should cause the

878 * handshake to fail */	873 * handshake to fail */

879 » OPENSSL_assert(i == (int)frag_len);	874 » if (i != (int)frag_len)

	875 » » {

	876 » » al=SSL3_AD_ILLEGAL_PARAMETER;

	877 » » SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETE R);

	878 » » goto f_err;

	879 » » }

880	880

881 *ok = 1;	881 *ok = 1;

882	882

883 /* Note that s->init_num is not used as current offset in	883 /* Note that s->init_num is not used as current offset in

884 * s->init_buf->data, but as a counter summing up fragments'	884 * s->init_buf->data, but as a counter summing up fragments'

885 * lengths: as soon as they sum up to handshake packet	885 * lengths: as soon as they sum up to handshake packet

886 * length, we assume we have got all the fragments. */	886 * length, we assume we have got all the fragments. */

887 s->init_num = frag_len;	887 s->init_num = frag_len;

888 return frag_len;	888 return frag_len;

889	889

(...skipping 10 matching lines...) Expand all Loading...
900 unsigned char p,d;	900 unsigned char p,d;

901 int i;	901 int i;

902 unsigned long l;	902 unsigned long l;

903	903

904 if (s->state == a)	904 if (s->state == a)

905 {	905 {

906 d=(unsigned char *)s->init_buf->data;	906 d=(unsigned char *)s->init_buf->data;

907 p= &(d[DTLS1_HM_HEADER_LENGTH]);	907 p= &(d[DTLS1_HM_HEADER_LENGTH]);

908	908

909 i=s->method->ssl3_enc->final_finish_mac(s,	909 i=s->method->ssl3_enc->final_finish_mac(s,

910 &(s->s3->finish_dgst1),

911 &(s->s3->finish_dgst2),

912 sender,slen,s->s3->tmp.finish_md);	910 sender,slen,s->s3->tmp.finish_md);

913 s->s3->tmp.finish_md_len = i;	911 s->s3->tmp.finish_md_len = i;

914 memcpy(p, s->s3->tmp.finish_md, i);	912 memcpy(p, s->s3->tmp.finish_md, i);

915 p+=i;	913 p+=i;

916 l=i;	914 l=i;

917	915

918 /* Copy the finished so we can use it for	916 /* Copy the finished so we can use it for

919 * renegotiation checks	917 * renegotiation checks

920 */	918 */

921 if(s->type == SSL_ST_CONNECT)	919 if(s->type == SSL_ST_CONNECT)

(...skipping 44 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
966 {	964 {

967 unsigned char *p;	965 unsigned char *p;

968	966

969 if (s->state == a)	967 if (s->state == a)

970 {	968 {

971 p=(unsigned char *)s->init_buf->data;	969 p=(unsigned char *)s->init_buf->data;

972 *p++=SSL3_MT_CCS;	970 *p++=SSL3_MT_CCS;

973 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;	971 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;

974 s->init_num=DTLS1_CCS_HEADER_LENGTH;	972 s->init_num=DTLS1_CCS_HEADER_LENGTH;

975	973

976 » » if (s->client_version == DTLS1_BAD_VER)	974 » » if (s->version == DTLS1_BAD_VER) {

977 » » » {

978 s->d1->next_handshake_write_seq++;	975 s->d1->next_handshake_write_seq++;

979 s2n(s->d1->handshake_write_seq,p);	976 s2n(s->d1->handshake_write_seq,p);

980 s->init_num+=2;	977 s->init_num+=2;

981 » » » }	978 » » }

982	979

983 s->init_off=0;	980 s->init_off=0;

984	981

985 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,	982 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,

986 s->d1->handshake_write_seq, 0, 0);	983 s->d1->handshake_write_seq, 0, 0);

987	984

988 /* buffer the message to handle re-xmits */	985 /* buffer the message to handle re-xmits */

989 dtls1_buffer_message(s, 1);	986 dtls1_buffer_message(s, 1);

990	987

991 s->state=b;	988 s->state=b;

992 }	989 }

993	990

994 /* SSL3_ST_CW_CHANGE_B */	991 /* SSL3_ST_CW_CHANGE_B */

995 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));	992 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));

996 }	993 }

997	994

998 static int dtls1_add_cert_to_buf(BUF_MEM buf, unsigned long l, X509 *x)	995 static int dtls1_add_cert_to_buf(BUF_MEM buf, unsigned long l, X509 *x)

999 {	996 {

1000 » » int n;	997 » int n;

1001 » » unsigned char *p;	998 » unsigned char *p;

1002	999

1003 » » n=i2d_X509(x,NULL);	1000 » n=i2d_X509(x,NULL);

1004 » » if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))	1001 » if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))

1005 » » » {	1002 » » {

1006 » » » SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);	1003 » » SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);

1007 » » » return 0;	1004 » » return 0;

1008 » » » }	1005 » » }

1009 » » p=(unsigned char )&(buf->data[l]);	1006 » p=(unsigned char )&(buf->data[l]);

1010 » » l2n3(n,p);	1007 » l2n3(n,p);

1011 » » i2d_X509(x,&p);	1008 » i2d_X509(x,&p);

1012 » » *l+=n+3;	1009 » *l+=n+3;

1013	1010

1014 » » return 1;	1011 » return 1;

1015 }	1012 }

1016 unsigned long dtls1_output_cert_chain(SSL s, X509 x)	1013 unsigned long dtls1_output_cert_chain(SSL s, X509 x)

1017 {	1014 {

1018 unsigned char *p;	1015 unsigned char *p;

1019 int i;	1016 int i;

1020 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;	1017 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;

1021 BUF_MEM *buf;	1018 BUF_MEM *buf;

1022	1019

1023 /* TLSv1 sends a chain with nothing in it, instead of an alert */	1020 /* TLSv1 sends a chain with nothing in it, instead of an alert */

1024 buf=s->init_buf;	1021 buf=s->init_buf;

1025 if (!BUF_MEM_grow_clean(buf,10))	1022 if (!BUF_MEM_grow_clean(buf,10))

1026 {	1023 {

1027 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);	1024 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);

1028 return(0);	1025 return(0);

1029 }	1026 }

1030 if (x != NULL)	1027 if (x != NULL)

1031 {	1028 {

1032 X509_STORE_CTX xs_ctx;	1029 X509_STORE_CTX xs_ctx;

1033	1030

1034 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))	1031 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))

1035 {	1032 {

1036 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);	1033 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);

1037 return(0);	1034 return(0);

1038 }	1035 }

1039	1036

1040 X509_verify_cert(&xs_ctx);	1037 X509_verify_cert(&xs_ctx);

1041 /* Don't leave errors in the queue */	1038 /* Don't leave errors in the queue */

1042 ERR_clear_error();	1039 ERR_clear_error();

1043 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)	1040 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)

1044 {	1041 {

1045 x = sk_X509_value(xs_ctx.chain, i);	1042 x = sk_X509_value(xs_ctx.chain, i);

1046	1043

1047 if (!dtls1_add_cert_to_buf(buf, &l, x))	1044 if (!dtls1_add_cert_to_buf(buf, &l, x))

1048 {	1045 {

1049 X509_STORE_CTX_cleanup(&xs_ctx);	1046 X509_STORE_CTX_cleanup(&xs_ctx);

1050 return 0;	1047 return 0;

1051 }	1048 }

1052 }	1049 }

1053 X509_STORE_CTX_cleanup(&xs_ctx);	1050 X509_STORE_CTX_cleanup(&xs_ctx);

1054 }	1051 }

1055 » /* Thawte special :-) */	1052 » /* Thawte special :-) */

1056 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)	1053 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)

1057 {	1054 {

1058 x=sk_X509_value(s->ctx->extra_certs,i);	1055 x=sk_X509_value(s->ctx->extra_certs,i);

1059 if (!dtls1_add_cert_to_buf(buf, &l, x))	1056 if (!dtls1_add_cert_to_buf(buf, &l, x))

1060 return 0;	1057 return 0;

1061 }	1058 }

1062	1059

1063 l-= (3 + DTLS1_HM_HEADER_LENGTH);	1060 l-= (3 + DTLS1_HM_HEADER_LENGTH);

1064	1061

1065 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);	1062 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);

(...skipping 83 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1149 }	1146 }

1150	1147

1151 return 1;	1148 return 1;

1152 }	1149 }

1153	1150

1154 int	1151 int

1155 dtls1_buffer_message(SSL *s, int is_ccs)	1152 dtls1_buffer_message(SSL *s, int is_ccs)

1156 {	1153 {

1157 pitem *item;	1154 pitem *item;

1158 hm_fragment *frag;	1155 hm_fragment *frag;

1159 » PQ_64BIT seq64;	1156 » unsigned char seq64be[8];

1160	1157

1161 /* this function is called immediately after a message has	1158 /* this function is called immediately after a message has

1162 * been serialized */	1159 * been serialized */

1163 OPENSSL_assert(s->init_off == 0);	1160 OPENSSL_assert(s->init_off == 0);

1164	1161

1165 frag = dtls1_hm_fragment_new(s->init_num, 0);	1162 frag = dtls1_hm_fragment_new(s->init_num, 0);

1166	1163

1167 memcpy(frag->fragment, s->init_buf->data, s->init_num);	1164 memcpy(frag->fragment, s->init_buf->data, s->init_num);

1168	1165

1169 if ( is_ccs)	1166 if ( is_ccs)

1170 {	1167 {

1171 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +	1168 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +

1172 » » » DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num);	1169 » » » ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LEN GTH:3) == (unsigned int)s->init_num);

1173 }	1170 }

1174 else	1171 else

1175 {	1172 {

1176 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +	1173 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +

1177 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);	1174 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);

1178 }	1175 }

1179	1176

1180 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;	1177 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;

1181 frag->msg_header.seq = s->d1->w_msg_hdr.seq;	1178 frag->msg_header.seq = s->d1->w_msg_hdr.seq;

1182 frag->msg_header.type = s->d1->w_msg_hdr.type;	1179 frag->msg_header.type = s->d1->w_msg_hdr.type;

1183 frag->msg_header.frag_off = 0;	1180 frag->msg_header.frag_off = 0;

1184 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;	1181 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;

1185 frag->msg_header.is_ccs = is_ccs;	1182 frag->msg_header.is_ccs = is_ccs;

1186	1183

1187 /* save current state*/	1184 /* save current state*/

1188 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx ;	1185 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx ;

1189 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;	1186 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;

1190 frag->msg_header.saved_retransmit_state.compress = s->compress;	1187 frag->msg_header.saved_retransmit_state.compress = s->compress;

1191 frag->msg_header.saved_retransmit_state.session = s->session;	1188 frag->msg_header.saved_retransmit_state.session = s->session;

1192 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;	1189 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;

	1190

	1191 memset(seq64be,0,sizeof(seq64be));

	1192 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.s eq,

	1193 frag->msg_header.is_ccs)>>8);

	1194 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.s eq,

	1195 frag->msg_header.is_ccs));

1193	1196

1194 » pq_64bit_init(&seq64);	1197 » item = pitem_new(seq64be, frag);

1195

1196 » pq_64bit_assign_word(&seq64,

1197 » » » » » » dtls1_get_queue_priority(frag-> msg_header.seq,

1198 » » » » » » » » » » » » frag->msg_header.is_ccs));

1199 » »

1200 » item = pitem_new(seq64, frag);

1201 » pq_64bit_free(&seq64);

1202 if ( item == NULL)	1198 if ( item == NULL)

1203 {	1199 {

1204 dtls1_hm_fragment_free(frag);	1200 dtls1_hm_fragment_free(frag);

1205 return 0;	1201 return 0;

1206 }	1202 }

1207	1203

1208 #if 0	1204 #if 0

1209 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);	1205 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);

1210 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);	1206 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);

1211 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);	1207 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);

1212 #endif	1208 #endif

1213	1209

1214 pqueue_insert(s->d1->sent_messages, item);	1210 pqueue_insert(s->d1->sent_messages, item);

1215 return 1;	1211 return 1;

1216 }	1212 }

1217	1213

1218 int	1214 int

1219 dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,	1215 dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,

1220 int *found)	1216 int *found)

1221 {	1217 {

1222 int ret;	1218 int ret;

1223 /* XDTLS: for now assuming that read/writes are blocking */	1219 /* XDTLS: for now assuming that read/writes are blocking */

1224 pitem *item;	1220 pitem *item;

1225 hm_fragment *frag ;	1221 hm_fragment *frag ;

1226 unsigned long header_length;	1222 unsigned long header_length;

1227 » PQ_64BIT seq64;	1223 » unsigned char seq64be[8];

1228 struct dtls1_retransmit_state saved_state;	1224 struct dtls1_retransmit_state saved_state;

1229 unsigned char save_write_sequence[8];	1225 unsigned char save_write_sequence[8];

1230	1226

1231 /*	1227 /*

1232 OPENSSL_assert(s->init_num == 0);	1228 OPENSSL_assert(s->init_num == 0);

1233 OPENSSL_assert(s->init_off == 0);	1229 OPENSSL_assert(s->init_off == 0);

1234 */	1230 */

1235	1231

1236 /* XDTLS: the requested message ought to be found, otherwise error */	1232 /* XDTLS: the requested message ought to be found, otherwise error */

1237 » pq_64bit_init(&seq64);	1233 » memset(seq64be,0,sizeof(seq64be));

1238 » pq_64bit_assign_word(&seq64, seq);	1234 » seq64be[6] = (unsigned char)(seq>>8);

	1235 » seq64be[7] = (unsigned char)seq;

1239	1236

1240 » item = pqueue_find(s->d1->sent_messages, seq64);	1237 » item = pqueue_find(s->d1->sent_messages, seq64be);

1241 » pq_64bit_free(&seq64);

1242 if ( item == NULL)	1238 if ( item == NULL)

1243 {	1239 {

1244 fprintf(stderr, "retransmit: message %d non-existant\n", seq);	1240 fprintf(stderr, "retransmit: message %d non-existant\n", seq);

1245 *found = 0;	1241 *found = 0;

1246 return 0;	1242 return 0;

1247 }	1243 }

1248	1244

1249 *found = 1;	1245 *found = 1;

1250 frag = (hm_fragment *)item->data;	1246 frag = (hm_fragment *)item->data;

1251	1247

(...skipping 67 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1319 dtls1_hm_fragment_free((hm_fragment *)item->data);	1315 dtls1_hm_fragment_free((hm_fragment *)item->data);

1320 pitem_free(item);	1316 pitem_free(item);

1321 }	1317 }

1322 }	1318 }

1323	1319

1324	1320

1325 unsigned char *	1321 unsigned char *

1326 dtls1_set_message_header(SSL s, unsigned char p, unsigned char mt,	1322 dtls1_set_message_header(SSL s, unsigned char p, unsigned char mt,

1327 unsigned long len, unsigned long frag_off, unsigned long frag_len)	1323 unsigned long len, unsigned long frag_off, unsigned long frag_len)

1328 {	1324 {

1329 » if ( frag_off == 0)	1325 » /* Don't change sequence numbers while listening */

	1326 » if (frag_off == 0 && !s->d1->listen)

1330 {	1327 {

1331 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;	1328 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;

1332 s->d1->next_handshake_write_seq++;	1329 s->d1->next_handshake_write_seq++;

1333 }	1330 }

1334	1331

1335 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,	1332 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,

1336 frag_off, frag_len);	1333 frag_off, frag_len);

1337	1334

1338 return p += DTLS1_HM_HEADER_LENGTH;	1335 return p += DTLS1_HM_HEADER_LENGTH;

1339 }	1336 }

(...skipping 32 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1372 *p++ = msg_hdr->type;	1369 *p++ = msg_hdr->type;

1373 l2n3(msg_hdr->msg_len, p);	1370 l2n3(msg_hdr->msg_len, p);

1374	1371

1375 s2n(msg_hdr->seq, p);	1372 s2n(msg_hdr->seq, p);

1376 l2n3(msg_hdr->frag_off, p);	1373 l2n3(msg_hdr->frag_off, p);

1377 l2n3(msg_hdr->frag_len, p);	1374 l2n3(msg_hdr->frag_len, p);

1378	1375

1379 return p;	1376 return p;

1380 }	1377 }

1381	1378

1382 static unsigned int	1379 unsigned int

1383 dtls1_min_mtu(void)	1380 dtls1_min_mtu(void)

1384 {	1381 {

1385 return (g_probable_mtu[(sizeof(g_probable_mtu) /	1382 return (g_probable_mtu[(sizeof(g_probable_mtu) /

1386 sizeof(g_probable_mtu[0])) - 1]);	1383 sizeof(g_probable_mtu[0])) - 1]);

1387 }	1384 }

1388	1385

1389 static unsigned int	1386 static unsigned int

1390 dtls1_guess_mtu(unsigned int curr_mtu)	1387 dtls1_guess_mtu(unsigned int curr_mtu)

1391 {	1388 {

1392 » size_t i;	1389 » unsigned int i;

1393	1390

1394 if ( curr_mtu == 0 )	1391 if ( curr_mtu == 0 )

1395 return g_probable_mtu[0] ;	1392 return g_probable_mtu[0] ;

1396	1393

1397 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)	1394 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)

1398 if ( curr_mtu > g_probable_mtu[i])	1395 if ( curr_mtu > g_probable_mtu[i])

1399 return g_probable_mtu[i];	1396 return g_probable_mtu[i];

1400	1397

1401 return curr_mtu;	1398 return curr_mtu;

1402 }	1399 }

(...skipping 10 matching lines...) Expand all Loading...
1413 n2l3(data, msg_hdr->frag_len);	1410 n2l3(data, msg_hdr->frag_len);

1414 }	1411 }

1415	1412

1416 void	1413 void

1417 dtls1_get_ccs_header(unsigned char data, struct ccs_header_st ccs_hdr)	1414 dtls1_get_ccs_header(unsigned char data, struct ccs_header_st ccs_hdr)

1418 {	1415 {

1419 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));	1416 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));

1420	1417

1421 ccs_hdr->type = *(data++);	1418 ccs_hdr->type = *(data++);

1422 }	1419 }

OLD	NEW

« openssl.gyp ('K') | « openssl/ssl/bio_ssl.c ('k') | openssl/ssl/d1_clnt.c » ('j') | patches/x509_hash_name_algorithm_change.patch » ('J')