From ae5c8664e587f2445c8e4eb436cffbb64af4f6b8 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 22 Jan 2015 03:29:12 +0000 Subject: Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson --- ssl/bio_ssl.c | 982 +++--- ssl/d1_both.c | 2634 ++++++++-------- ssl/d1_clnt.c | 1267 ++++---- ssl/d1_lib.c | 832 +++--- ssl/d1_meth.c | 51 +- ssl/d1_pkt.c | 3234 ++++++++++---------- ssl/d1_srtp.c | 656 ++-- ssl/d1_srvr.c | 1506 +++++----- ssl/dtls1.h | 397 ++- ssl/heartbeat_test.c | 766 ++--- ssl/kssl.c | 3863 ++++++++++++------------ ssl/kssl.h | 192 +- ssl/kssl_lcl.h | 19 +- ssl/s23_clnt.c | 1284 ++++---- ssl/s23_lib.c | 211 +- ssl/s23_meth.c | 49 +- ssl/s23_pkt.c | 96 +- ssl/s23_srvr.c | 1019 ++++--- ssl/s2_clnt.c | 1944 ++++++------ ssl/s2_enc.c | 266 +- ssl/s2_lib.c | 778 ++--- ssl/s2_meth.c | 37 +- ssl/s2_pkt.c | 1188 ++++---- ssl/s2_srvr.c | 2007 ++++++------- ssl/s3_both.c | 1106 ++++--- ssl/s3_cbc.c | 1226 ++++---- ssl/s3_clnt.c | 6546 ++++++++++++++++++++-------------------- ssl/s3_enc.c | 1473 +++++---- ssl/s3_lib.c | 8073 +++++++++++++++++++++++++------------------------ ssl/s3_meth.c | 28 +- ssl/s3_pkt.c | 3053 ++++++++++--------- ssl/s3_srvr.c | 6450 +++++++++++++++++++-------------------- ssl/srtp.h | 45 +- ssl/ssl.h | 4984 ++++++++++++++++--------------- ssl/ssl2.h | 359 ++- ssl/ssl23.h | 33 +- ssl/ssl3.h | 1175 ++++---- ssl/ssl_algs.c | 129 +- ssl/ssl_asn1.c | 1005 +++---- ssl/ssl_cert.c | 1981 ++++++------ ssl/ssl_ciph.c | 3539 +++++++++++----------- ssl/ssl_conf.c | 1063 ++++--- ssl/ssl_err.c | 1322 ++++---- ssl/ssl_err2.c | 21 +- ssl/ssl_lib.c | 5756 ++++++++++++++++++----------------- ssl/ssl_locl.h | 1842 ++++++------ ssl/ssl_rsa.c | 1803 ++++++----- ssl/ssl_sess.c | 1737 ++++++----- ssl/ssl_stat.c | 1370 ++++++--- ssl/ssl_task.c | 371 +-- ssl/ssl_txt.c | 306 +- ssl/ssl_utst.c | 25 +- ssl/ssltest.c | 5192 ++++++++++++++++---------------- ssl/t1_clnt.c | 55 +- ssl/t1_enc.c | 2153 ++++++------- ssl/t1_ext.c | 415 ++- ssl/t1_lib.c | 8138 ++++++++++++++++++++++++-------------------------- ssl/t1_meth.c | 53 +- ssl/t1_reneg.c | 226 +- ssl/t1_srvr.c | 56 +- ssl/t1_trce.c | 2308 +++++++------- ssl/tls1.h | 981 +++--- ssl/tls_srp.c | 878 +++--- 63 files changed, 51052 insertions(+), 51502 deletions(-) (limited to 'ssl') diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index e9552caee2..a0c583e342 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -72,534 +72,516 @@ static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int ssl_new(BIO *h); static int ssl_free(BIO *data); static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -typedef struct bio_ssl_st - { - SSL *ssl; /* The ssl handle :-) */ - /* re-negotiate every time the total number of bytes is this size */ - int num_renegotiates; - unsigned long renegotiate_count; - unsigned long byte_count; - unsigned long renegotiate_timeout; - unsigned long last_time; - } BIO_SSL; - -static BIO_METHOD methods_sslp= - { - BIO_TYPE_SSL,"ssl", - ssl_write, - ssl_read, - ssl_puts, - NULL, /* ssl_gets, */ - ssl_ctrl, - ssl_new, - ssl_free, - ssl_callback_ctrl, - }; +typedef struct bio_ssl_st { + SSL *ssl; /* The ssl handle :-) */ + /* re-negotiate every time the total number of bytes is this size */ + int num_renegotiates; + unsigned long renegotiate_count; + unsigned long byte_count; + unsigned long renegotiate_timeout; + unsigned long last_time; +} BIO_SSL; + +static BIO_METHOD methods_sslp = { + BIO_TYPE_SSL, "ssl", + ssl_write, + ssl_read, + ssl_puts, + NULL, /* ssl_gets, */ + ssl_ctrl, + ssl_new, + ssl_free, + ssl_callback_ctrl, +}; BIO_METHOD *BIO_f_ssl(void) - { - return(&methods_sslp); - } +{ + return (&methods_sslp); +} static int ssl_new(BIO *bi) - { - BIO_SSL *bs; - - bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); - if (bs == NULL) - { - BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); - return(0); - } - memset(bs,0,sizeof(BIO_SSL)); - bi->init=0; - bi->ptr=(char *)bs; - bi->flags=0; - return(1); - } +{ + BIO_SSL *bs; + + bs = (BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); + if (bs == NULL) { + BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE); + return (0); + } + memset(bs, 0, sizeof(BIO_SSL)); + bi->init = 0; + bi->ptr = (char *)bs; + bi->flags = 0; + return (1); +} static int ssl_free(BIO *a) - { - BIO_SSL *bs; - - if (a == NULL) return(0); - bs=(BIO_SSL *)a->ptr; - if (bs->ssl != NULL) SSL_shutdown(bs->ssl); - if (a->shutdown) - { - if (a->init && (bs->ssl != NULL)) - SSL_free(bs->ssl); - a->init=0; - a->flags=0; - } - if (a->ptr != NULL) - OPENSSL_free(a->ptr); - return(1); - } - +{ + BIO_SSL *bs; + + if (a == NULL) + return (0); + bs = (BIO_SSL *)a->ptr; + if (bs->ssl != NULL) + SSL_shutdown(bs->ssl); + if (a->shutdown) { + if (a->init && (bs->ssl != NULL)) + SSL_free(bs->ssl); + a->init = 0; + a->flags = 0; + } + if (a->ptr != NULL) + OPENSSL_free(a->ptr); + return (1); +} + static int ssl_read(BIO *b, char *out, int outl) - { - int ret=1; - BIO_SSL *sb; - SSL *ssl; - int retry_reason=0; - int r=0; +{ + int ret = 1; + BIO_SSL *sb; + SSL *ssl; + int retry_reason = 0; + int r = 0; - if (out == NULL) return(0); - sb=(BIO_SSL *)b->ptr; - ssl=sb->ssl; + if (out == NULL) + return (0); + sb = (BIO_SSL *)b->ptr; + ssl = sb->ssl; - BIO_clear_retry_flags(b); + BIO_clear_retry_flags(b); #if 0 - if (!SSL_is_init_finished(ssl)) - { -/* ret=SSL_do_handshake(ssl); */ - if (ret > 0) - { - - outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); - ret= -1; - goto end; - } - } + if (!SSL_is_init_finished(ssl)) { +/* ret=SSL_do_handshake(ssl); */ + if (ret > 0) { + + outflags = (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY); + ret = -1; + goto end; + } + } #endif -/* if (ret > 0) */ - ret=SSL_read(ssl,out,outl); - - switch (SSL_get_error(ssl,ret)) - { - case SSL_ERROR_NONE: - if (ret <= 0) break; - if (sb->renegotiate_count > 0) - { - sb->byte_count+=ret; - if (sb->byte_count > sb->renegotiate_count) - { - sb->byte_count=0; - sb->num_renegotiates++; - SSL_renegotiate(ssl); - r=1; - } - } - if ((sb->renegotiate_timeout > 0) && (!r)) - { - unsigned long tm; - - tm=(unsigned long)time(NULL); - if (tm > sb->last_time+sb->renegotiate_timeout) - { - sb->last_time=tm; - sb->num_renegotiates++; - SSL_renegotiate(ssl); - } - } - - break; - case SSL_ERROR_WANT_READ: - BIO_set_retry_read(b); - break; - case SSL_ERROR_WANT_WRITE: - BIO_set_retry_write(b); - break; - case SSL_ERROR_WANT_X509_LOOKUP: - BIO_set_retry_special(b); - retry_reason=BIO_RR_SSL_X509_LOOKUP; - break; - case SSL_ERROR_WANT_ACCEPT: - BIO_set_retry_special(b); - retry_reason=BIO_RR_ACCEPT; - break; - case SSL_ERROR_WANT_CONNECT: - BIO_set_retry_special(b); - retry_reason=BIO_RR_CONNECT; - break; - case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: - case SSL_ERROR_ZERO_RETURN: - default: - break; - } - - b->retry_reason=retry_reason; - return(ret); - } +/* if (ret > 0) */ + ret = SSL_read(ssl, out, outl); + + switch (SSL_get_error(ssl, ret)) { + case SSL_ERROR_NONE: + if (ret <= 0) + break; + if (sb->renegotiate_count > 0) { + sb->byte_count += ret; + if (sb->byte_count > sb->renegotiate_count) { + sb->byte_count = 0; + sb->num_renegotiates++; + SSL_renegotiate(ssl); + r = 1; + } + } + if ((sb->renegotiate_timeout > 0) && (!r)) { + unsigned long tm; + + tm = (unsigned long)time(NULL); + if (tm > sb->last_time + sb->renegotiate_timeout) { + sb->last_time = tm; + sb->num_renegotiates++; + SSL_renegotiate(ssl); + } + } + + break; + case SSL_ERROR_WANT_READ: + BIO_set_retry_read(b); + break; + case SSL_ERROR_WANT_WRITE: + BIO_set_retry_write(b); + break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_set_retry_special(b); + retry_reason = BIO_RR_SSL_X509_LOOKUP; + break; + case SSL_ERROR_WANT_ACCEPT: + BIO_set_retry_special(b); + retry_reason = BIO_RR_ACCEPT; + break; + case SSL_ERROR_WANT_CONNECT: + BIO_set_retry_special(b); + retry_reason = BIO_RR_CONNECT; + break; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + case SSL_ERROR_ZERO_RETURN: + default: + break; + } + + b->retry_reason = retry_reason; + return (ret); +} static int ssl_write(BIO *b, const char *out, int outl) - { - int ret,r=0; - int retry_reason=0; - SSL *ssl; - BIO_SSL *bs; - - if (out == NULL) return(0); - bs=(BIO_SSL *)b->ptr; - ssl=bs->ssl; - - BIO_clear_retry_flags(b); - -/* ret=SSL_do_handshake(ssl); - if (ret > 0) */ - ret=SSL_write(ssl,out,outl); - - switch (SSL_get_error(ssl,ret)) - { - case SSL_ERROR_NONE: - if (ret <= 0) break; - if (bs->renegotiate_count > 0) - { - bs->byte_count+=ret; - if (bs->byte_count > bs->renegotiate_count) - { - bs->byte_count=0; - bs->num_renegotiates++; - SSL_renegotiate(ssl); - r=1; - } - } - if ((bs->renegotiate_timeout > 0) && (!r)) - { - unsigned long tm; - - tm=(unsigned long)time(NULL); - if (tm > bs->last_time+bs->renegotiate_timeout) - { - bs->last_time=tm; - bs->num_renegotiates++; - SSL_renegotiate(ssl); - } - } - break; - case SSL_ERROR_WANT_WRITE: - BIO_set_retry_write(b); - break; - case SSL_ERROR_WANT_READ: - BIO_set_retry_read(b); - break; - case SSL_ERROR_WANT_X509_LOOKUP: - BIO_set_retry_special(b); - retry_reason=BIO_RR_SSL_X509_LOOKUP; - break; - case SSL_ERROR_WANT_CONNECT: - BIO_set_retry_special(b); - retry_reason=BIO_RR_CONNECT; - case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: - default: - break; - } - - b->retry_reason=retry_reason; - return(ret); - } +{ + int ret, r = 0; + int retry_reason = 0; + SSL *ssl; + BIO_SSL *bs; + + if (out == NULL) + return (0); + bs = (BIO_SSL *)b->ptr; + ssl = bs->ssl; + + BIO_clear_retry_flags(b); + + /* + * ret=SSL_do_handshake(ssl); if (ret > 0) + */ + ret = SSL_write(ssl, out, outl); + + switch (SSL_get_error(ssl, ret)) { + case SSL_ERROR_NONE: + if (ret <= 0) + break; + if (bs->renegotiate_count > 0) { + bs->byte_count += ret; + if (bs->byte_count > bs->renegotiate_count) { + bs->byte_count = 0; + bs->num_renegotiates++; + SSL_renegotiate(ssl); + r = 1; + } + } + if ((bs->renegotiate_timeout > 0) && (!r)) { + unsigned long tm; + + tm = (unsigned long)time(NULL); + if (tm > bs->last_time + bs->renegotiate_timeout) { + bs->last_time = tm; + bs->num_renegotiates++; + SSL_renegotiate(ssl); + } + } + break; + case SSL_ERROR_WANT_WRITE: + BIO_set_retry_write(b); + break; + case SSL_ERROR_WANT_READ: + BIO_set_retry_read(b); + break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_set_retry_special(b); + retry_reason = BIO_RR_SSL_X509_LOOKUP; + break; + case SSL_ERROR_WANT_CONNECT: + BIO_set_retry_special(b); + retry_reason = BIO_RR_CONNECT; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + default: + break; + } + + b->retry_reason = retry_reason; + return (ret); +} static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) - { - SSL **sslp,*ssl; - BIO_SSL *bs; - BIO *dbio,*bio; - long ret=1; - - bs=(BIO_SSL *)b->ptr; - ssl=bs->ssl; - if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) - return(0); - switch (cmd) - { - case BIO_CTRL_RESET: - SSL_shutdown(ssl); - - if (ssl->handshake_func == ssl->method->ssl_connect) - SSL_set_connect_state(ssl); - else if (ssl->handshake_func == ssl->method->ssl_accept) - SSL_set_accept_state(ssl); - - SSL_clear(ssl); - - if (b->next_bio != NULL) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - else if (ssl->rbio != NULL) - ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); - else - ret=1; - break; - case BIO_CTRL_INFO: - ret=0; - break; - case BIO_C_SSL_MODE: - if (num) /* client mode */ - SSL_set_connect_state(ssl); - else - SSL_set_accept_state(ssl); - break; - case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: - ret=bs->renegotiate_timeout; - if (num < 60) num=5; - bs->renegotiate_timeout=(unsigned long)num; - bs->last_time=(unsigned long)time(NULL); - break; - case BIO_C_SET_SSL_RENEGOTIATE_BYTES: - ret=bs->renegotiate_count; - if ((long)num >=512) - bs->renegotiate_count=(unsigned long)num; - break; - case BIO_C_GET_SSL_NUM_RENEGOTIATES: - ret=bs->num_renegotiates; - break; - case BIO_C_SET_SSL: - if (ssl != NULL) - { - ssl_free(b); - if (!ssl_new(b)) - return 0; - } - b->shutdown=(int)num; - ssl=(SSL *)ptr; - ((BIO_SSL *)b->ptr)->ssl=ssl; - bio=SSL_get_rbio(ssl); - if (bio != NULL) - { - if (b->next_bio != NULL) - BIO_push(bio,b->next_bio); - b->next_bio=bio; - CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO); - } - b->init=1; - break; - case BIO_C_GET_SSL: - if (ptr != NULL) - { - sslp=(SSL **)ptr; - *sslp=ssl; - } - else - ret=0; - break; - case BIO_CTRL_GET_CLOSE: - ret=b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown=(int)num; - break; - case BIO_CTRL_WPENDING: - ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); - break; - case BIO_CTRL_PENDING: - ret=SSL_pending(ssl); - if (ret == 0) - ret=BIO_pending(ssl->rbio); - break; - case BIO_CTRL_FLUSH: - BIO_clear_retry_flags(b); - ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); - BIO_copy_next_retry(b); - break; - case BIO_CTRL_PUSH: - if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) - { - SSL_set_bio(ssl,b->next_bio,b->next_bio); - CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); - } - break; - case BIO_CTRL_POP: - /* Only detach if we are the BIO explicitly being popped */ - if (b == ptr) - { - /* Shouldn't happen in practice because the - * rbio and wbio are the same when pushed. - */ - if (ssl->rbio != ssl->wbio) - BIO_free_all(ssl->wbio); - if (b->next_bio != NULL) - CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO); - ssl->wbio=NULL; - ssl->rbio=NULL; - } - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - - b->retry_reason=0; - ret=(int)SSL_do_handshake(ssl); - - switch (SSL_get_error(ssl,(int)ret)) - { - case SSL_ERROR_WANT_READ: - BIO_set_flags(b, - BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); - break; - case SSL_ERROR_WANT_WRITE: - BIO_set_flags(b, - BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); - break; - case SSL_ERROR_WANT_CONNECT: - BIO_set_flags(b, - BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); - b->retry_reason=b->next_bio->retry_reason; - break; - default: - break; - } - break; - case BIO_CTRL_DUP: - dbio=(BIO *)ptr; - if (((BIO_SSL *)dbio->ptr)->ssl != NULL) - SSL_free(((BIO_SSL *)dbio->ptr)->ssl); - ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl); - ((BIO_SSL *)dbio->ptr)->renegotiate_count= - ((BIO_SSL *)b->ptr)->renegotiate_count; - ((BIO_SSL *)dbio->ptr)->byte_count= - ((BIO_SSL *)b->ptr)->byte_count; - ((BIO_SSL *)dbio->ptr)->renegotiate_timeout= - ((BIO_SSL *)b->ptr)->renegotiate_timeout; - ((BIO_SSL *)dbio->ptr)->last_time= - ((BIO_SSL *)b->ptr)->last_time; - ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL); - break; - case BIO_C_GET_FD: - ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); - break; - case BIO_CTRL_SET_CALLBACK: - { -#if 0 /* FIXME: Should this be used? -- Richard Levitte */ - SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ret = -1; +{ + SSL **sslp, *ssl; + BIO_SSL *bs; + BIO *dbio, *bio; + long ret = 1; + + bs = (BIO_SSL *)b->ptr; + ssl = bs->ssl; + if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) + return (0); + switch (cmd) { + case BIO_CTRL_RESET: + SSL_shutdown(ssl); + + if (ssl->handshake_func == ssl->method->ssl_connect) + SSL_set_connect_state(ssl); + else if (ssl->handshake_func == ssl->method->ssl_accept) + SSL_set_accept_state(ssl); + + SSL_clear(ssl); + + if (b->next_bio != NULL) + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + else if (ssl->rbio != NULL) + ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); + else + ret = 1; + break; + case BIO_CTRL_INFO: + ret = 0; + break; + case BIO_C_SSL_MODE: + if (num) /* client mode */ + SSL_set_connect_state(ssl); + else + SSL_set_accept_state(ssl); + break; + case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: + ret = bs->renegotiate_timeout; + if (num < 60) + num = 5; + bs->renegotiate_timeout = (unsigned long)num; + bs->last_time = (unsigned long)time(NULL); + break; + case BIO_C_SET_SSL_RENEGOTIATE_BYTES: + ret = bs->renegotiate_count; + if ((long)num >= 512) + bs->renegotiate_count = (unsigned long)num; + break; + case BIO_C_GET_SSL_NUM_RENEGOTIATES: + ret = bs->num_renegotiates; + break; + case BIO_C_SET_SSL: + if (ssl != NULL) { + ssl_free(b); + if (!ssl_new(b)) + return 0; + } + b->shutdown = (int)num; + ssl = (SSL *)ptr; + ((BIO_SSL *)b->ptr)->ssl = ssl; + bio = SSL_get_rbio(ssl); + if (bio != NULL) { + if (b->next_bio != NULL) + BIO_push(bio, b->next_bio); + b->next_bio = bio; + CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO); + } + b->init = 1; + break; + case BIO_C_GET_SSL: + if (ptr != NULL) { + sslp = (SSL **)ptr; + *sslp = ssl; + } else + ret = 0; + break; + case BIO_CTRL_GET_CLOSE: + ret = b->shutdown; + break; + case BIO_CTRL_SET_CLOSE: + b->shutdown = (int)num; + break; + case BIO_CTRL_WPENDING: + ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); + break; + case BIO_CTRL_PENDING: + ret = SSL_pending(ssl); + if (ret == 0) + ret = BIO_pending(ssl->rbio); + break; + case BIO_CTRL_FLUSH: + BIO_clear_retry_flags(b); + ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + case BIO_CTRL_PUSH: + if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) { + SSL_set_bio(ssl, b->next_bio, b->next_bio); + CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO); + } + break; + case BIO_CTRL_POP: + /* Only detach if we are the BIO explicitly being popped */ + if (b == ptr) { + /* + * Shouldn't happen in practice because the rbio and wbio are the + * same when pushed. + */ + if (ssl->rbio != ssl->wbio) + BIO_free_all(ssl->wbio); + if (b->next_bio != NULL) + CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO); + ssl->wbio = NULL; + ssl->rbio = NULL; + } + break; + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + + b->retry_reason = 0; + ret = (int)SSL_do_handshake(ssl); + + switch (SSL_get_error(ssl, (int)ret)) { + case SSL_ERROR_WANT_READ: + BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_WRITE: + BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY); + break; + case SSL_ERROR_WANT_CONNECT: + BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY); + b->retry_reason = b->next_bio->retry_reason; + break; + default: + break; + } + break; + case BIO_CTRL_DUP: + dbio = (BIO *)ptr; + if (((BIO_SSL *)dbio->ptr)->ssl != NULL) + SSL_free(((BIO_SSL *)dbio->ptr)->ssl); + ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl); + ((BIO_SSL *)dbio->ptr)->renegotiate_count = + ((BIO_SSL *)b->ptr)->renegotiate_count; + ((BIO_SSL *)dbio->ptr)->byte_count = ((BIO_SSL *)b->ptr)->byte_count; + ((BIO_SSL *)dbio->ptr)->renegotiate_timeout = + ((BIO_SSL *)b->ptr)->renegotiate_timeout; + ((BIO_SSL *)dbio->ptr)->last_time = ((BIO_SSL *)b->ptr)->last_time; + ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL); + break; + case BIO_C_GET_FD: + ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); + break; + case BIO_CTRL_SET_CALLBACK: + { +#if 0 /* FIXME: Should this be used? -- Richard + * Levitte */ + SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ret = -1; #else - ret=0; + ret = 0; #endif - } - break; - case BIO_CTRL_GET_CALLBACK: - { - void (**fptr)(const SSL *xssl,int type,int val); - - fptr=(void (**)(const SSL *xssl,int type,int val))ptr; - *fptr=SSL_get_info_callback(ssl); - } - break; - default: - ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); - break; - } - return(ret); - } + } + break; + case BIO_CTRL_GET_CALLBACK: + { + void (**fptr) (const SSL *xssl, int type, int val); + + fptr = (void (**)(const SSL *xssl, int type, int val))ptr; + *fptr = SSL_get_info_callback(ssl); + } + break; + default: + ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); + break; + } + return (ret); +} static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - SSL *ssl; - BIO_SSL *bs; - long ret=1; - - bs=(BIO_SSL *)b->ptr; - ssl=bs->ssl; - switch (cmd) - { - case BIO_CTRL_SET_CALLBACK: - { - /* FIXME: setting this via a completely different prototype - seems like a crap idea */ - SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp); - } - break; - default: - ret=BIO_callback_ctrl(ssl->rbio,cmd,fp); - break; - } - return(ret); - } +{ + SSL *ssl; + BIO_SSL *bs; + long ret = 1; + + bs = (BIO_SSL *)b->ptr; + ssl = bs->ssl; + switch (cmd) { + case BIO_CTRL_SET_CALLBACK: + { + /* + * FIXME: setting this via a completely different prototype seems + * like a crap idea + */ + SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp); + } + break; + default: + ret = BIO_callback_ctrl(ssl->rbio, cmd, fp); + break; + } + return (ret); +} static int ssl_puts(BIO *bp, const char *str) - { - int n,ret; +{ + int n, ret; - n=strlen(str); - ret=BIO_write(bp,str,n); - return(ret); - } + n = strlen(str); + ret = BIO_write(bp, str, n); + return (ret); +} BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) - { +{ #ifndef OPENSSL_NO_SOCK - BIO *ret=NULL,*buf=NULL,*ssl=NULL; - - if ((buf=BIO_new(BIO_f_buffer())) == NULL) - return(NULL); - if ((ssl=BIO_new_ssl_connect(ctx)) == NULL) - goto err; - if ((ret=BIO_push(buf,ssl)) == NULL) - goto err; - return(ret); -err: - if (buf != NULL) BIO_free(buf); - if (ssl != NULL) BIO_free(ssl); + BIO *ret = NULL, *buf = NULL, *ssl = NULL; + + if ((buf = BIO_new(BIO_f_buffer())) == NULL) + return (NULL); + if ((ssl = BIO_new_ssl_connect(ctx)) == NULL) + goto err; + if ((ret = BIO_push(buf, ssl)) == NULL) + goto err; + return (ret); + err: + if (buf != NULL) + BIO_free(buf); + if (ssl != NULL) + BIO_free(ssl); #endif - return(NULL); - } + return (NULL); +} BIO *BIO_new_ssl_connect(SSL_CTX *ctx) - { +{ #ifndef OPENSSL_NO_SOCK - BIO *ret=NULL,*con=NULL,*ssl=NULL; - - if ((con=BIO_new(BIO_s_connect())) == NULL) - return(NULL); - if ((ssl=BIO_new_ssl(ctx,1)) == NULL) - goto err; - if ((ret=BIO_push(ssl,con)) == NULL) - goto err; - return(ret); -err: - if (con != NULL) BIO_free(con); + BIO *ret = NULL, *con = NULL, *ssl = NULL; + + if ((con = BIO_new(BIO_s_connect())) == NULL) + return (NULL); + if ((ssl = BIO_new_ssl(ctx, 1)) == NULL) + goto err; + if ((ret = BIO_push(ssl, con)) == NULL) + goto err; + return (ret); + err: + if (con != NULL) + BIO_free(con); #endif - return(NULL); - } + return (NULL); +} BIO *BIO_new_ssl(SSL_CTX *ctx, int client) - { - BIO *ret; - SSL *ssl; - - if ((ret=BIO_new(BIO_f_ssl())) == NULL) - return(NULL); - if ((ssl=SSL_new(ctx)) == NULL) - { - BIO_free(ret); - return(NULL); - } - if (client) - SSL_set_connect_state(ssl); - else - SSL_set_accept_state(ssl); - - BIO_set_ssl(ret,ssl,BIO_CLOSE); - return(ret); - } +{ + BIO *ret; + SSL *ssl; + + if ((ret = BIO_new(BIO_f_ssl())) == NULL) + return (NULL); + if ((ssl = SSL_new(ctx)) == NULL) { + BIO_free(ret); + return (NULL); + } + if (client) + SSL_set_connect_state(ssl); + else + SSL_set_accept_state(ssl); + + BIO_set_ssl(ret, ssl, BIO_CLOSE); + return (ret); +} int BIO_ssl_copy_session_id(BIO *t, BIO *f) - { - t=BIO_find_type(t,BIO_TYPE_SSL); - f=BIO_find_type(f,BIO_TYPE_SSL); - if ((t == NULL) || (f == NULL)) - return(0); - if ( (((BIO_SSL *)t->ptr)->ssl == NULL) || - (((BIO_SSL *)f->ptr)->ssl == NULL)) - return(0); - SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl); - return(1); - } +{ + t = BIO_find_type(t, BIO_TYPE_SSL); + f = BIO_find_type(f, BIO_TYPE_SSL); + if ((t == NULL) || (f == NULL)) + return (0); + if ((((BIO_SSL *)t->ptr)->ssl == NULL) || + (((BIO_SSL *)f->ptr)->ssl == NULL)) + return (0); + SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl); + return (1); +} void BIO_ssl_shutdown(BIO *b) - { - SSL *s; - - while (b != NULL) - { - if (b->method->type == BIO_TYPE_SSL) - { - s=((BIO_SSL *)b->ptr)->ssl; - SSL_shutdown(s); - break; - } - b=b->next_bio; - } - } +{ + SSL *s; + + while (b != NULL) { + if (b->method->type == BIO_TYPE_SSL) { + s = ((BIO_SSL *)b->ptr)->ssl; + SSL_shutdown(s); + break; + } + b = b->next_bio; + } +} diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 99a067cbe9..d731d47150 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1,7 +1,7 @@ /* ssl/d1_both.c */ -/* +/* * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. @@ -11,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,21 +62,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -91,10 +91,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -106,7 +106,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -126,1418 +126,1398 @@ #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) #define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ - if ((end) - (start) <= 8) { \ - long ii; \ - for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ - } else { \ - long ii; \ - bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ - for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ - bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ - } } + if ((end) - (start) <= 8) { \ + long ii; \ + for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ + } else { \ + long ii; \ + bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ + for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ + bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ + } } #define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ - long ii; \ - OPENSSL_assert((msg_len) > 0); \ - is_complete = 1; \ - if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ - if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ - if (bitmask[ii] != 0xff) { is_complete = 0; break; } } + long ii; \ + OPENSSL_assert((msg_len) > 0); \ + is_complete = 1; \ + if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ + if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ + if (bitmask[ii] != 0xff) { is_complete = 0; break; } } #if 0 -#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ - long ii; \ - printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \ - printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \ - printf("\n"); } +# define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ + long ii; \ + printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \ + printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \ + printf("\n"); } #endif -static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; -static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; +static unsigned char bitmask_start_values[] = + { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 }; +static unsigned char bitmask_end_values[] = + { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; /* XDTLS: figure out the right values */ -static const unsigned int g_probable_mtu[] = {1500, 512, 256}; +static const unsigned int g_probable_mtu[] = { 1500, 512, 256 }; -static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, - unsigned long frag_len); -static unsigned char *dtls1_write_message_header(SSL *s, - unsigned char *p); +static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, + unsigned long frag_len); +static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); static void dtls1_set_message_header_int(SSL *s, unsigned char mt, - unsigned long len, unsigned short seq_num, unsigned long frag_off, - unsigned long frag_len); -static long dtls1_get_message_fragment(SSL *s, int st1, int stn, - long max, int *ok); - -static hm_fragment * -dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) - { - hm_fragment *frag = NULL; - unsigned char *buf = NULL; - unsigned char *bitmask = NULL; - - frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); - if ( frag == NULL) - return NULL; - - if (frag_len) - { - buf = (unsigned char *)OPENSSL_malloc(frag_len); - if ( buf == NULL) - { - OPENSSL_free(frag); - return NULL; - } - } - - /* zero length fragment gets zero frag->fragment */ - frag->fragment = buf; - - /* Initialize reassembly bitmask if necessary */ - if (reassembly) - { - bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); - if (bitmask == NULL) - { - if (buf != NULL) OPENSSL_free(buf); - OPENSSL_free(frag); - return NULL; - } - memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); - } - - frag->reassembly = bitmask; - - return frag; - } + unsigned long len, + unsigned short seq_num, + unsigned long frag_off, + unsigned long frag_len); +static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, + int *ok); + +static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, + int reassembly) +{ + hm_fragment *frag = NULL; + unsigned char *buf = NULL; + unsigned char *bitmask = NULL; + + frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); + if (frag == NULL) + return NULL; + + if (frag_len) { + buf = (unsigned char *)OPENSSL_malloc(frag_len); + if (buf == NULL) { + OPENSSL_free(frag); + return NULL; + } + } + + /* zero length fragment gets zero frag->fragment */ + frag->fragment = buf; + + /* Initialize reassembly bitmask if necessary */ + if (reassembly) { + bitmask = + (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); + if (bitmask == NULL) { + if (buf != NULL) + OPENSSL_free(buf); + OPENSSL_free(frag); + return NULL; + } + memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); + } + + frag->reassembly = bitmask; + + return frag; +} void dtls1_hm_fragment_free(hm_fragment *frag) - { - - if (frag->msg_header.is_ccs) - { - EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); - EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); - } - if (frag->fragment) OPENSSL_free(frag->fragment); - if (frag->reassembly) OPENSSL_free(frag->reassembly); - OPENSSL_free(frag); - } +{ + + if (frag->msg_header.is_ccs) { + EVP_CIPHER_CTX_free(frag->msg_header. + saved_retransmit_state.enc_write_ctx); + EVP_MD_CTX_destroy(frag->msg_header. + saved_retransmit_state.write_hash); + } + if (frag->fragment) + OPENSSL_free(frag->fragment); + if (frag->reassembly) + OPENSSL_free(frag->reassembly); + OPENSSL_free(frag); +} static int dtls1_query_mtu(SSL *s) { - if(s->d1->link_mtu) - { - s->d1->mtu = s->d1->link_mtu-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); - s->d1->link_mtu = 0; - } - - /* AHA! Figure out the MTU, and stick to the right size */ - if (s->d1->mtu < dtls1_min_mtu(s)) - { - if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) - { - s->d1->mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); - - /* I've seen the kernel return bogus numbers when it doesn't know - * (initial write), so just make sure we have a reasonable number */ - if (s->d1->mtu < dtls1_min_mtu(s)) - { - /* Set to min mtu */ - s->d1->mtu = dtls1_min_mtu(s); - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - s->d1->mtu, NULL); - } - } - else - return 0; - } - return 1; + if (s->d1->link_mtu) { + s->d1->mtu = + s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); + s->d1->link_mtu = 0; + } + + /* AHA! Figure out the MTU, and stick to the right size */ + if (s->d1->mtu < dtls1_min_mtu(s)) { + if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { + s->d1->mtu = + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); + + /* + * I've seen the kernel return bogus numbers when it doesn't know + * (initial write), so just make sure we have a reasonable number + */ + if (s->d1->mtu < dtls1_min_mtu(s)) { + /* Set to min mtu */ + s->d1->mtu = dtls1_min_mtu(s); + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, + s->d1->mtu, NULL); + } + } else + return 0; + } + return 1; } -/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ +/* + * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or + * SSL3_RT_CHANGE_CIPHER_SPEC) + */ int dtls1_do_write(SSL *s, int type) - { - int ret; - unsigned int curr_mtu; - int retry = 1; - unsigned int len, frag_off, mac_size, blocksize, used_len; - - if(!dtls1_query_mtu(s)) - return -1; - - OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s)); /* should have something reasonable now */ - - if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) - OPENSSL_assert(s->init_num == - (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); - - if (s->write_hash) - { - if (s->enc_write_ctx && EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_GCM_MODE) - mac_size = 0; - else - mac_size = EVP_MD_CTX_size(s->write_hash); - } - else - mac_size = 0; - - if (s->enc_write_ctx && - (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)) - blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); - else - blocksize = 0; - - frag_off = 0; - /* s->init_num shouldn't ever be < 0...but just in case */ - while(s->init_num > 0) - { - used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH - + mac_size + blocksize; - if(s->d1->mtu > used_len) - curr_mtu = s->d1->mtu - used_len; - else - curr_mtu = 0; - - if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) - { - /* grr.. we could get an error if MTU picked was wrong */ - ret = BIO_flush(SSL_get_wbio(s)); - if ( ret <= 0) - return ret; - used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize; - if(s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH) - { - curr_mtu = s->d1->mtu - used_len; - } - else - { - /* Shouldn't happen */ - return -1; - } - } - - /* We just checked that s->init_num > 0 so this cast should be safe */ - if (((unsigned int)s->init_num) > curr_mtu) - len = curr_mtu; - else - len = s->init_num; - - /* Shouldn't ever happen */ - if(len > INT_MAX) - len = INT_MAX; - - /* XDTLS: this function is too long. split out the CCS part */ - if ( type == SSL3_RT_HANDSHAKE) - { - if ( s->init_off != 0) - { - OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH); - s->init_off -= DTLS1_HM_HEADER_LENGTH; - s->init_num += DTLS1_HM_HEADER_LENGTH; - - /* We just checked that s->init_num > 0 so this cast should be safe */ - if (((unsigned int)s->init_num) > curr_mtu) - len = curr_mtu; - else - len = s->init_num; - } - - /* Shouldn't ever happen */ - if(len > INT_MAX) - len = INT_MAX; - - if ( len < DTLS1_HM_HEADER_LENGTH ) - { - /* - * len is so small that we really can't do anything sensible - * so fail - */ - return -1; - } - dtls1_fix_message_header(s, frag_off, - len - DTLS1_HM_HEADER_LENGTH); - - dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]); - } - - ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off], - len); - if (ret < 0) - { - /* might need to update MTU here, but we don't know - * which previous packet caused the failure -- so can't - * really retransmit anything. continue as if everything - * is fine and wait for an alert to handle the - * retransmit - */ - if ( retry && BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) - { - if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) - { - if(!dtls1_query_mtu(s)) - return -1; - /* Have one more go */ - retry = 0; - } - else - return -1; - } - else - { - return(-1); - } - } - else - { - - /* bad if this assert fails, only part of the handshake - * message got sent. but why would this happen? */ - OPENSSL_assert(len == (unsigned int)ret); - - if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) - { - /* should not be done for 'Hello Request's, but in that case - * we'll ignore the result anyway */ - unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; - const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - int xlen; - - if (frag_off == 0 && s->version != DTLS1_BAD_VER) - { - /* reconstruct message header is if it - * is being sent in single fragment */ - *p++ = msg_hdr->type; - l2n3(msg_hdr->msg_len,p); - s2n (msg_hdr->seq,p); - l2n3(0,p); - l2n3(msg_hdr->msg_len,p); - p -= DTLS1_HM_HEADER_LENGTH; - xlen = ret; - } - else - { - p += DTLS1_HM_HEADER_LENGTH; - xlen = ret - DTLS1_HM_HEADER_LENGTH; - } - - ssl3_finish_mac(s, p, xlen); - } - - if (ret == s->init_num) - { - if (s->msg_callback) - s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), s, - s->msg_callback_arg); - - s->init_off = 0; /* done writing this message */ - s->init_num = 0; - - return(1); - } - s->init_off+=ret; - s->init_num-=ret; - frag_off += (ret -= DTLS1_HM_HEADER_LENGTH); - } - } - return(0); - } - - -/* Obtain handshake message of message type 'mt' (any if mt == -1), - * maximum acceptable body length 'max'. - * Read an entire handshake message. Handshake messages arrive in - * fragments. +{ + int ret; + unsigned int curr_mtu; + int retry = 1; + unsigned int len, frag_off, mac_size, blocksize, used_len; + + if (!dtls1_query_mtu(s)) + return -1; + + OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s)); /* should have something + * reasonable now */ + + if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) + OPENSSL_assert(s->init_num == + (int)s->d1->w_msg_hdr.msg_len + + DTLS1_HM_HEADER_LENGTH); + + if (s->write_hash) { + if (s->enc_write_ctx + && EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_GCM_MODE) + mac_size = 0; + else + mac_size = EVP_MD_CTX_size(s->write_hash); + } else + mac_size = 0; + + if (s->enc_write_ctx && + (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)) + blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); + else + blocksize = 0; + + frag_off = 0; + /* s->init_num shouldn't ever be < 0...but just in case */ + while (s->init_num > 0) { + used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH + + mac_size + blocksize; + if (s->d1->mtu > used_len) + curr_mtu = s->d1->mtu - used_len; + else + curr_mtu = 0; + + if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { + /* + * grr.. we could get an error if MTU picked was wrong + */ + ret = BIO_flush(SSL_get_wbio(s)); + if (ret <= 0) + return ret; + used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize; + if (s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH) { + curr_mtu = s->d1->mtu - used_len; + } else { + /* Shouldn't happen */ + return -1; + } + } + + /* + * We just checked that s->init_num > 0 so this cast should be safe + */ + if (((unsigned int)s->init_num) > curr_mtu) + len = curr_mtu; + else + len = s->init_num; + + /* Shouldn't ever happen */ + if (len > INT_MAX) + len = INT_MAX; + + /* + * XDTLS: this function is too long. split out the CCS part + */ + if (type == SSL3_RT_HANDSHAKE) { + if (s->init_off != 0) { + OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH); + s->init_off -= DTLS1_HM_HEADER_LENGTH; + s->init_num += DTLS1_HM_HEADER_LENGTH; + + /* + * We just checked that s->init_num > 0 so this cast should + * be safe + */ + if (((unsigned int)s->init_num) > curr_mtu) + len = curr_mtu; + else + len = s->init_num; + } + + /* Shouldn't ever happen */ + if (len > INT_MAX) + len = INT_MAX; + + if (len < DTLS1_HM_HEADER_LENGTH) { + /* + * len is so small that we really can't do anything sensible + * so fail + */ + return -1; + } + dtls1_fix_message_header(s, frag_off, + len - DTLS1_HM_HEADER_LENGTH); + + dtls1_write_message_header(s, + (unsigned char *)&s->init_buf-> + data[s->init_off]); + } + + ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], + len); + if (ret < 0) { + /* + * might need to update MTU here, but we don't know which + * previous packet caused the failure -- so can't really + * retransmit anything. continue as if everything is fine and + * wait for an alert to handle the retransmit + */ + if (retry && BIO_ctrl(SSL_get_wbio(s), + BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) { + if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { + if (!dtls1_query_mtu(s)) + return -1; + /* Have one more go */ + retry = 0; + } else + return -1; + } else { + return (-1); + } + } else { + + /* + * bad if this assert fails, only part of the handshake message + * got sent. but why would this happen? + */ + OPENSSL_assert(len == (unsigned int)ret); + + if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) { + /* + * should not be done for 'Hello Request's, but in that case + * we'll ignore the result anyway + */ + unsigned char *p = + (unsigned char *)&s->init_buf->data[s->init_off]; + const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; + int xlen; + + if (frag_off == 0 && s->version != DTLS1_BAD_VER) { + /* + * reconstruct message header is if it is being sent in + * single fragment + */ + *p++ = msg_hdr->type; + l2n3(msg_hdr->msg_len, p); + s2n(msg_hdr->seq, p); + l2n3(0, p); + l2n3(msg_hdr->msg_len, p); + p -= DTLS1_HM_HEADER_LENGTH; + xlen = ret; + } else { + p += DTLS1_HM_HEADER_LENGTH; + xlen = ret - DTLS1_HM_HEADER_LENGTH; + } + + ssl3_finish_mac(s, p, xlen); + } + + if (ret == s->init_num) { + if (s->msg_callback) + s->msg_callback(1, s->version, type, s->init_buf->data, + (size_t)(s->init_off + s->init_num), s, + s->msg_callback_arg); + + s->init_off = 0; /* done writing this message */ + s->init_num = 0; + + return (1); + } + s->init_off += ret; + s->init_num -= ret; + frag_off += (ret -= DTLS1_HM_HEADER_LENGTH); + } + } + return (0); +} + +/* + * Obtain handshake message of message type 'mt' (any if mt == -1), maximum + * acceptable body length 'max'. Read an entire handshake message. Handshake + * messages arrive in fragments. */ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) - { - int i, al; - struct hm_header_st *msg_hdr; - unsigned char *p; - unsigned long msg_len; - - /* s3->tmp is used to store messages that are unexpected, caused - * by the absence of an optional handshake message */ - if (s->s3->tmp.reuse_message) - { - s->s3->tmp.reuse_message=0; - if ((mt >= 0) && (s->s3->tmp.message_type != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - *ok=1; - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - s->init_num = (int)s->s3->tmp.message_size; - return s->init_num; - } - - msg_hdr = &s->d1->r_msg_hdr; - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - -again: - i = dtls1_get_message_fragment(s, st1, stn, max, ok); - if ( i == DTLS1_HM_BAD_FRAGMENT || - i == DTLS1_HM_FRAGMENT_RETRY) - { - /* bad fragment received */ - goto again; - } - else if ( i <= 0 && !*ok) - { - return i; - } - - p = (unsigned char *)s->init_buf->data; - msg_len = msg_hdr->msg_len; - - /* reconstruct message header */ - *(p++) = msg_hdr->type; - l2n3(msg_len,p); - s2n (msg_hdr->seq,p); - l2n3(0,p); - l2n3(msg_len,p); - if (s->version != DTLS1_BAD_VER) { - p -= DTLS1_HM_HEADER_LENGTH; - msg_len += DTLS1_HM_HEADER_LENGTH; - } - - ssl3_finish_mac(s, p, msg_len); - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, msg_len, - s, s->msg_callback_arg); - - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - - /* Don't change sequence numbers while listening */ - if (!s->d1->listen) - s->d1->handshake_read_seq++; - - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - return s->init_num; - -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - *ok = 0; - return -1; - } - - -static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max) - { - size_t frag_off,frag_len,msg_len; - - msg_len = msg_hdr->msg_len; - frag_off = msg_hdr->frag_off; - frag_len = msg_hdr->frag_len; - - /* sanity checking */ - if ( (frag_off+frag_len) > msg_len) - { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - if ( (frag_off+frag_len) > (unsigned long)max) - { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ - { - /* msg_len is limited to 2^24, but is effectively checked - * against max above */ - if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH)) - { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); - return SSL_AD_INTERNAL_ERROR; - } - - s->s3->tmp.message_size = msg_len; - s->d1->r_msg_hdr.msg_len = msg_len; - s->s3->tmp.message_type = msg_hdr->type; - s->d1->r_msg_hdr.type = msg_hdr->type; - s->d1->r_msg_hdr.seq = msg_hdr->seq; - } - else if (msg_len != s->d1->r_msg_hdr.msg_len) - { - /* They must be playing with us! BTW, failure to enforce - * upper limit would open possibility for buffer overrun. */ - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; - } - - return 0; /* no error */ - } +{ + int i, al; + struct hm_header_st *msg_hdr; + unsigned char *p; + unsigned long msg_len; + + /* + * s3->tmp is used to store messages that are unexpected, caused by the + * absence of an optional handshake message + */ + if (s->s3->tmp.reuse_message) { + s->s3->tmp.reuse_message = 0; + if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + *ok = 1; + s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + s->init_num = (int)s->s3->tmp.message_size; + return s->init_num; + } + + msg_hdr = &s->d1->r_msg_hdr; + memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); + + again: + i = dtls1_get_message_fragment(s, st1, stn, max, ok); + if (i == DTLS1_HM_BAD_FRAGMENT || i == DTLS1_HM_FRAGMENT_RETRY) { + /* bad fragment received */ + goto again; + } else if (i <= 0 && !*ok) { + return i; + } + + p = (unsigned char *)s->init_buf->data; + msg_len = msg_hdr->msg_len; + + /* reconstruct message header */ + *(p++) = msg_hdr->type; + l2n3(msg_len, p); + s2n(msg_hdr->seq, p); + l2n3(0, p); + l2n3(msg_len, p); + if (s->version != DTLS1_BAD_VER) { + p -= DTLS1_HM_HEADER_LENGTH; + msg_len += DTLS1_HM_HEADER_LENGTH; + } + + ssl3_finish_mac(s, p, msg_len); + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, + p, msg_len, s, s->msg_callback_arg); + + memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); + + /* Don't change sequence numbers while listening */ + if (!s->d1->listen) + s->d1->handshake_read_seq++; + + s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + return s->init_num; + + f_err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + *ok = 0; + return -1; +} +static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, + int max) +{ + size_t frag_off, frag_len, msg_len; + + msg_len = msg_hdr->msg_len; + frag_off = msg_hdr->frag_off; + frag_len = msg_hdr->frag_len; + + /* sanity checking */ + if ((frag_off + frag_len) > msg_len) { + SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); + return SSL_AD_ILLEGAL_PARAMETER; + } + + if ((frag_off + frag_len) > (unsigned long)max) { + SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); + return SSL_AD_ILLEGAL_PARAMETER; + } + + if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */ + /* + * msg_len is limited to 2^24, but is effectively checked against max + * above + */ + if (!BUF_MEM_grow_clean + (s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) { + SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB); + return SSL_AD_INTERNAL_ERROR; + } + + s->s3->tmp.message_size = msg_len; + s->d1->r_msg_hdr.msg_len = msg_len; + s->s3->tmp.message_type = msg_hdr->type; + s->d1->r_msg_hdr.type = msg_hdr->type; + s->d1->r_msg_hdr.seq = msg_hdr->seq; + } else if (msg_len != s->d1->r_msg_hdr.msg_len) { + /* + * They must be playing with us! BTW, failure to enforce upper limit + * would open possibility for buffer overrun. + */ + SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); + return SSL_AD_ILLEGAL_PARAMETER; + } + + return 0; /* no error */ +} -static int -dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) - { - /*- - * (0) check whether the desired fragment is available - * if so: - * (1) copy over the fragment to s->init_buf->data[] - * (2) update s->init_num - */ - pitem *item; - hm_fragment *frag; - int al; - - *ok = 0; - item = pqueue_peek(s->d1->buffered_messages); - if ( item == NULL) - return 0; - - frag = (hm_fragment *)item->data; - - /* Don't return if reassembly still in progress */ - if (frag->reassembly != NULL) - return 0; - - if ( s->d1->handshake_read_seq == frag->msg_header.seq) - { - unsigned long frag_len = frag->msg_header.frag_len; - pqueue_pop(s->d1->buffered_messages); - - al=dtls1_preprocess_fragment(s,&frag->msg_header,max); - - if (al==0) /* no alert */ - { - unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH; - memcpy(&p[frag->msg_header.frag_off], - frag->fragment,frag->msg_header.frag_len); - } - - dtls1_hm_fragment_free(frag); - pitem_free(item); - - if (al==0) - { - *ok = 1; - return frag_len; - } - - ssl3_send_alert(s,SSL3_AL_FATAL,al); - s->init_num = 0; - *ok = 0; - return -1; - } - else - return 0; - } - -/* dtls1_max_handshake_message_len returns the maximum number of bytes - * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may - * be greater if the maximum certificate list size requires it. */ +static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) +{ + /*- + * (0) check whether the desired fragment is available + * if so: + * (1) copy over the fragment to s->init_buf->data[] + * (2) update s->init_num + */ + pitem *item; + hm_fragment *frag; + int al; + + *ok = 0; + item = pqueue_peek(s->d1->buffered_messages); + if (item == NULL) + return 0; + + frag = (hm_fragment *)item->data; + + /* Don't return if reassembly still in progress */ + if (frag->reassembly != NULL) + return 0; + + if (s->d1->handshake_read_seq == frag->msg_header.seq) { + unsigned long frag_len = frag->msg_header.frag_len; + pqueue_pop(s->d1->buffered_messages); + + al = dtls1_preprocess_fragment(s, &frag->msg_header, max); + + if (al == 0) { /* no alert */ + unsigned char *p = + (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + memcpy(&p[frag->msg_header.frag_off], frag->fragment, + frag->msg_header.frag_len); + } + + dtls1_hm_fragment_free(frag); + pitem_free(item); + + if (al == 0) { + *ok = 1; + return frag_len; + } + + ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->init_num = 0; + *ok = 0; + return -1; + } else + return 0; +} + +/* + * dtls1_max_handshake_message_len returns the maximum number of bytes + * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but + * may be greater if the maximum certificate list size requires it. + */ static unsigned long dtls1_max_handshake_message_len(const SSL *s) - { - unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; - if (max_len < (unsigned long)s->max_cert_list) - return s->max_cert_list; - return max_len; - } +{ + unsigned long max_len = + DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + if (max_len < (unsigned long)s->max_cert_list) + return s->max_cert_list; + return max_len; +} static int -dtls1_reassemble_fragment(SSL *s, const struct hm_header_st* msg_hdr, int *ok) - { - hm_fragment *frag = NULL; - pitem *item = NULL; - int i = -1, is_complete; - unsigned char seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; - - if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len || - msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) - goto err; - - if (frag_len == 0) - return DTLS1_HM_FRAGMENT_RETRY; - - /* Try to find item in queue */ - memset(seq64be,0,sizeof(seq64be)); - seq64be[6] = (unsigned char) (msg_hdr->seq>>8); - seq64be[7] = (unsigned char) msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); - - if (item == NULL) - { - frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); - if ( frag == NULL) - goto err; - memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - frag->msg_header.frag_len = frag->msg_header.msg_len; - frag->msg_header.frag_off = 0; - } - else - { - frag = (hm_fragment*) item->data; - if (frag->msg_header.msg_len != msg_hdr->msg_len) - { - item = NULL; - frag = NULL; - goto err; - } - } - - - /* If message is already reassembl