OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 /* | 5 /* |
6 * DTLS Protocol | 6 * DTLS Protocol |
7 */ | 7 */ |
8 | 8 |
9 #include "ssl.h" | 9 #include "ssl.h" |
10 #include "sslimpl.h" | 10 #include "sslimpl.h" |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
97 return SSL_LIBRARY_VERSION_TLS_1_2 + 1; | 97 return SSL_LIBRARY_VERSION_TLS_1_2 + 1; |
98 } | 98 } |
99 | 99 |
100 /* On this socket, Disable non-DTLS cipher suites in the argument's list */ | 100 /* On this socket, Disable non-DTLS cipher suites in the argument's list */ |
101 SECStatus | 101 SECStatus |
102 ssl3_DisableNonDTLSSuites(sslSocket * ss) | 102 ssl3_DisableNonDTLSSuites(sslSocket * ss) |
103 { | 103 { |
104 const ssl3CipherSuite * suite; | 104 const ssl3CipherSuite * suite; |
105 | 105 |
106 for (suite = nonDTLSSuites; *suite; ++suite) { | 106 for (suite = nonDTLSSuites; *suite; ++suite) { |
107 SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); | 107 PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); |
108 | |
109 PORT_Assert(rv == SECSuccess); /* else is coding error */ | |
110 } | 108 } |
111 return SECSuccess; | 109 return SECSuccess; |
112 } | 110 } |
113 | 111 |
114 /* Allocate a DTLSQueuedMessage. | 112 /* Allocate a DTLSQueuedMessage. |
115 * | 113 * |
116 * Called from dtls_QueueMessage() | 114 * Called from dtls_QueueMessage() |
117 */ | 115 */ |
118 static DTLSQueuedMessage * | 116 static DTLSQueuedMessage * |
119 dtls_AllocQueuedMessage(PRUint16 epoch, SSL3ContentType type, | 117 dtls_AllocQueuedMessage(PRUint16 epoch, SSL3ContentType type, |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
222 /* Parse the header */ | 220 /* Parse the header */ |
223 type = buf.buf[0]; | 221 type = buf.buf[0]; |
224 message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3]; | 222 message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3]; |
225 message_seq = (buf.buf[4] << 8) | buf.buf[5]; | 223 message_seq = (buf.buf[4] << 8) | buf.buf[5]; |
226 fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8]; | 224 fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8]; |
227 fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11]; | 225 fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11]; |
228 | 226 |
229 #define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ | 227 #define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ |
230 if (message_length > MAX_HANDSHAKE_MSG_LEN) { | 228 if (message_length > MAX_HANDSHAKE_MSG_LEN) { |
231 (void)ssl3_DecodeError(ss); | 229 (void)ssl3_DecodeError(ss); |
232 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); | 230 PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); |
233 return SECFailure; | 231 return SECFailure; |
234 } | 232 } |
235 #undef MAX_HANDSHAKE_MSG_LEN | 233 #undef MAX_HANDSHAKE_MSG_LEN |
236 | 234 |
237 buf.buf += 12; | 235 buf.buf += 12; |
238 buf.len -= 12; | 236 buf.len -= 12; |
239 | 237 |
240 /* This fragment must be complete */ | 238 /* This fragment must be complete */ |
241 if (buf.len < fragment_length) { | 239 if (buf.len < fragment_length) { |
242 PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); | 240 PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); |
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
389 * reassembly state: | 387 * reassembly state: |
390 * | 388 * |
391 * - recvdHighWater contains the highest contiguous number of | 389 * - recvdHighWater contains the highest contiguous number of |
392 * bytes received | 390 * bytes received |
393 * - recvdFragments contains a bitmask of packets received | 391 * - recvdFragments contains a bitmask of packets received |
394 * above recvdHighWater | 392 * above recvdHighWater |
395 * | 393 * |
396 * This avoids having to fill in the bitmask in the common | 394 * This avoids having to fill in the bitmask in the common |
397 * case of adjacent fragments received in sequence | 395 * case of adjacent fragments received in sequence |
398 */ | 396 */ |
399 if (fragment_offset <= ss->ssl3.hs.recvdHighWater) { | 397 if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater)
{ |
400 /* Either this is the adjacent fragment or an overlapping | 398 /* Either this is the adjacent fragment or an overlapping |
401 * fragment */ | 399 * fragment */ |
402 ss->ssl3.hs.recvdHighWater = fragment_offset + | 400 ss->ssl3.hs.recvdHighWater = fragment_offset + |
403 fragment_length; | 401 fragment_length; |
404 } else { | 402 } else { |
405 for (offset = fragment_offset; | 403 for (offset = fragment_offset; |
406 offset < fragment_offset + fragment_length; | 404 offset < fragment_offset + fragment_length; |
407 offset++) { | 405 offset++) { |
408 ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] |= | 406 ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] |= |
409 OFFSET_MASK(offset); | 407 OFFSET_MASK(offset); |
(...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
669 */ | 667 */ |
670 PORT_Assert(msg->len >= 12); | 668 PORT_Assert(msg->len >= 12); |
671 | 669 |
672 while ((fragment_offset + 12) < msg->len) { | 670 while ((fragment_offset + 12) < msg->len) { |
673 PRUint32 fragment_len; | 671 PRUint32 fragment_len; |
674 const unsigned char *content = msg->data + 12; | 672 const unsigned char *content = msg->data + 12; |
675 PRUint32 content_len = msg->len - 12; | 673 PRUint32 content_len = msg->len - 12; |
676 | 674 |
677 /* The reason we use 8 here is that that's the length of | 675 /* The reason we use 8 here is that that's the length of |
678 * the new DTLS data that we add to the header */ | 676 * the new DTLS data that we add to the header */ |
679 fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8), | 677 fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE +
8), |
680 content_len - fragment_offset); | 678 content_len - fragment_offset); |
681 PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); | 679 PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); |
682 /* Make totally sure that we are within the buffer. | 680 /* Make totally sure that we are within the buffer. |
683 * Note that the only way that fragment len could get | 681 * Note that the only way that fragment len could get |
684 * adjusted here is if | 682 * adjusted here is if |
685 * | 683 * |
686 * (a) we are in release mode so the PORT_Assert is compiled out | 684 * (a) we are in release mode so the PORT_Assert is compiled out |
687 * (b) either the MTU table is inconsistent with DTLS_MAX_MTU | 685 * (b) either the MTU table is inconsistent with DTLS_MAX_MTU |
688 * or ss->ssl3.mtu has become corrupt. | 686 * or ss->ssl3.mtu has become corrupt. |
689 */ | 687 */ |
(...skipping 449 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1139 desired = PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs); | 1137 desired = PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs); |
1140 if (elapsed > desired) { | 1138 if (elapsed > desired) { |
1141 /* Timer expired */ | 1139 /* Timer expired */ |
1142 *timeout = PR_INTERVAL_NO_WAIT; | 1140 *timeout = PR_INTERVAL_NO_WAIT; |
1143 } else { | 1141 } else { |
1144 *timeout = desired - elapsed; | 1142 *timeout = desired - elapsed; |
1145 } | 1143 } |
1146 | 1144 |
1147 return SECSuccess; | 1145 return SECSuccess; |
1148 } | 1146 } |
OLD | NEW |