diff options
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/statem/statem.c | 19 | ||||
| -rw-r--r-- | ssl/statem/statem_dtls.c | 51 | ||||
| -rw-r--r-- | ssl/statem/statem_local.h | 3 |
3 files changed, 50 insertions, 23 deletions
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 3b6e78e3f8..4c463974ea 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -582,7 +582,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) /* * In DTLS we get the whole message in one go - header and body */ - ret = dtls_get_message(s, &mt, &len); + ret = dtls_get_message(s, &mt); } else { ret = tls_get_message_header(s, &mt); } @@ -625,13 +625,18 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) /* Fall through */ case READ_STATE_BODY: - if (!SSL_IS_DTLS(s)) { - /* We already got this above for DTLS */ + if (SSL_IS_DTLS(s)) { + /* + * Actually we already have the body, but we give DTLS the + * opportunity to do any further processing. + */ + ret = dtls_get_message_body(s, &len); + } else { ret = tls_get_message_body(s, &len); - if (ret == 0) { - /* Could be non-blocking IO */ - return SUB_STATE_ERROR; - } + } + if (ret == 0) { + /* Could be non-blocking IO */ + return SUB_STATE_ERROR; } s->first_packet = 0; diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index c4bed3d3ee..1fcd064ea6 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -328,7 +328,7 @@ int dtls1_do_write(SSL *s, int type) return 0; } -int dtls_get_message(SSL *s, int *mt, size_t *len) +int dtls_get_message(SSL *s, int *mt) { struct hm_header_st *msg_hdr; unsigned char *p; @@ -352,7 +352,6 @@ int dtls_get_message(SSL *s, int *mt, size_t *len) *mt = s->s3.tmp.message_type; p = (unsigned char *)s->init_buf->data; - *len = s->init_num; if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->msg_callback) { @@ -373,32 +372,54 @@ int dtls_get_message(SSL *s, int *mt, size_t *len) s2n(msg_hdr->seq, p); l2n3(0, p); l2n3(msg_len, p); - if (s->version != DTLS1_BAD_VER) { - p -= DTLS1_HM_HEADER_LENGTH; - msg_len += DTLS1_HM_HEADER_LENGTH; - } + memset(msg_hdr, 0, sizeof(*msg_hdr)); + + s->d1->handshake_read_seq++; + + s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + + return 1; +} + +/* + * Actually we already have the message body - but this is an opportunity for + * DTLS to do any further processing it wants at the same point that TLS would + * be asked for the message body. + */ +int dtls_get_message_body(SSL *s, size_t *len) +{ + unsigned char *msg = (unsigned char *)s->init_buf->data; + size_t msg_len = s->init_num + DTLS1_HM_HEADER_LENGTH; + + if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { + /* Nothing to be done */ + goto end; + } /* * If receiving Finished, record MAC of prior handshake messages for * Finished verification. */ - if (*mt == SSL3_MT_FINISHED && !ssl3_take_mac(s)) { + if (*(s->init_buf->data) == SSL3_MT_FINISHED && !ssl3_take_mac(s)) { /* SSLfatal() already called */ return 0; } - if (!ssl3_finish_mac(s, p, msg_len)) + if (s->version == DTLS1_BAD_VER) { + msg += DTLS1_HM_HEADER_LENGTH; + msg_len -= DTLS1_HM_HEADER_LENGTH; + } + + if (!ssl3_finish_mac(s, msg, msg_len)) return 0; + if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, msg_len, s, s->msg_callback_arg); - - memset(msg_hdr, 0, sizeof(*msg_hdr)); - - s->d1->handshake_read_seq++; - - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, + s, s->msg_callback_arg); + end: + *len = s->init_num; return 1; } diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index 61de225584..25bfdffc6c 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -95,7 +95,8 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); /* Functions for getting new message data */ __owur int tls_get_message_header(SSL *s, int *mt); __owur int tls_get_message_body(SSL *s, size_t *len); -__owur int dtls_get_message(SSL *s, int *mt, size_t *len); +__owur int dtls_get_message(SSL *s, int *mt); +__owur int dtls_get_message_body(SSL *s, size_t *len); /* Message construction and processing functions */ __owur int tls_process_initial_server_flight(SSL *s); |