File: | src/lib/libssl/d1_both.c |
Warning: | line 358, column 17 Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: d1_both.c,v 1.84 2022/12/26 07:31:44 jmc Exp $ */ |
2 | /* |
3 | * DTLS implementation written by Nagendra Modadugu |
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
5 | */ |
6 | /* ==================================================================== |
7 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. |
8 | * |
9 | * Redistribution and use in source and binary forms, with or without |
10 | * modification, are permitted provided that the following conditions |
11 | * are met: |
12 | * |
13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. |
15 | * |
16 | * 2. Redistributions in binary form must reproduce the above copyright |
17 | * notice, this list of conditions and the following disclaimer in |
18 | * the documentation and/or other materials provided with the |
19 | * distribution. |
20 | * |
21 | * 3. All advertising materials mentioning features or use of this |
22 | * software must display the following acknowledgment: |
23 | * "This product includes software developed by the OpenSSL Project |
24 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
25 | * |
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
27 | * endorse or promote products derived from this software without |
28 | * prior written permission. For written permission, please contact |
29 | * openssl-core@openssl.org. |
30 | * |
31 | * 5. Products derived from this software may not be called "OpenSSL" |
32 | * nor may "OpenSSL" appear in their names without prior written |
33 | * permission of the OpenSSL Project. |
34 | * |
35 | * 6. Redistributions of any form whatsoever must retain the following |
36 | * acknowledgment: |
37 | * "This product includes software developed by the OpenSSL Project |
38 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
39 | * |
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
52 | * ==================================================================== |
53 | * |
54 | * This product includes cryptographic software written by Eric Young |
55 | * (eay@cryptsoft.com). This product includes software written by Tim |
56 | * Hudson (tjh@cryptsoft.com). |
57 | * |
58 | */ |
59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
60 | * All rights reserved. |
61 | * |
62 | * This package is an SSL implementation written |
63 | * by Eric Young (eay@cryptsoft.com). |
64 | * The implementation was written so as to conform with Netscapes SSL. |
65 | * |
66 | * This library is free for commercial and non-commercial use as long as |
67 | * the following conditions are aheared to. The following conditions |
68 | * apply to all code found in this distribution, be it the RC4, RSA, |
69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
70 | * included with this distribution is covered by the same copyright terms |
71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
72 | * |
73 | * Copyright remains Eric Young's, and as such any Copyright notices in |
74 | * the code are not to be removed. |
75 | * If this package is used in a product, Eric Young should be given attribution |
76 | * as the author of the parts of the library used. |
77 | * This can be in the form of a textual message at program startup or |
78 | * in documentation (online or textual) provided with the package. |
79 | * |
80 | * Redistribution and use in source and binary forms, with or without |
81 | * modification, are permitted provided that the following conditions |
82 | * are met: |
83 | * 1. Redistributions of source code must retain the copyright |
84 | * notice, this list of conditions and the following disclaimer. |
85 | * 2. Redistributions in binary form must reproduce the above copyright |
86 | * notice, this list of conditions and the following disclaimer in the |
87 | * documentation and/or other materials provided with the distribution. |
88 | * 3. All advertising materials mentioning features or use of this software |
89 | * must display the following acknowledgement: |
90 | * "This product includes cryptographic software written by |
91 | * Eric Young (eay@cryptsoft.com)" |
92 | * The word 'cryptographic' can be left out if the rouines from the library |
93 | * being used are not cryptographic related :-). |
94 | * 4. If you include any Windows specific code (or a derivative thereof) from |
95 | * the apps directory (application code) you must include an acknowledgement: |
96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
97 | * |
98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
108 | * SUCH DAMAGE. |
109 | * |
110 | * The licence and distribution terms for any publically available version or |
111 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
112 | * copied and put under another distribution licence |
113 | * [including the GNU Public Licence.] |
114 | */ |
115 | |
116 | #include <limits.h> |
117 | #include <stdio.h> |
118 | #include <string.h> |
119 | |
120 | #include <openssl/buffer.h> |
121 | #include <openssl/evp.h> |
122 | #include <openssl/objects.h> |
123 | #include <openssl/x509.h> |
124 | |
125 | #include "bytestring.h" |
126 | #include "dtls_local.h" |
127 | #include "pqueue.h" |
128 | #include "ssl_local.h" |
129 | |
130 | #define RSMBLY_BITMASK_SIZE(msg_len)(((msg_len) + 7) / 8) (((msg_len) + 7) / 8) |
131 | |
132 | #define RSMBLY_BITMASK_MARK(bitmask, start, end){ if ((end) - (start) <= 8) { long ii; for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ( (ii) & 7)); } else { long ii; bitmask[((start) >> 3 )] |= bitmask_start_values[((start) & 7)]; for (ii = (((start ) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; bitmask[(((end) - 1) >> 3)] |= bitmask_end_values [((end) & 7)]; } } { \ |
133 | if ((end) - (start) <= 8) { \ |
134 | long ii; \ |
135 | for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ |
136 | } else { \ |
137 | long ii; \ |
138 | bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ |
139 | for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ |
140 | bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ |
141 | } } |
142 | |
143 | #define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete){ long ii; (void)(((msg_len) > 0) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c" , 143, "(msg_len) > 0"),1)); is_complete = 1; if (bitmask[ (((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len ) & 7)]) is_complete = 0; if (is_complete) for (ii = (((msg_len ) - 1) >> 3) - 1; ii >= 0 ; ii--) if (bitmask[ii] != 0xff) { is_complete = 0; break; } } { \ |
144 | long ii; \ |
145 | OPENSSL_assert((msg_len) > 0)(void)(((msg_len) > 0) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c" , 145, "(msg_len) > 0"),1)); \ |
146 | is_complete = 1; \ |
147 | if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ |
148 | if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ |
149 | if (bitmask[ii] != 0xff) { is_complete = 0; break; } } |
150 | |
151 | static const unsigned char bitmask_start_values[] = { |
152 | 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 |
153 | }; |
154 | static const unsigned char bitmask_end_values[] = { |
155 | 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f |
156 | }; |
157 | |
158 | /* XDTLS: figure out the right values */ |
159 | static const unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; |
160 | |
161 | static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); |
162 | static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, |
163 | unsigned long frag_len); |
164 | static int dtls1_write_message_header(const struct hm_header_st *msg_hdr, |
165 | unsigned long frag_off, unsigned long frag_len, unsigned char *p); |
166 | static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, |
167 | int *ok); |
168 | |
169 | void dtls1_hm_fragment_free(hm_fragment *frag); |
170 | |
171 | static hm_fragment * |
172 | dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) |
173 | { |
174 | hm_fragment *frag; |
175 | |
176 | if ((frag = calloc(1, sizeof(*frag))) == NULL((void *)0)) |
177 | goto err; |
178 | |
179 | if (frag_len > 0) { |
180 | if ((frag->fragment = calloc(1, frag_len)) == NULL((void *)0)) |
181 | goto err; |
182 | } |
183 | |
184 | /* Initialize reassembly bitmask if necessary. */ |
185 | if (reassembly) { |
186 | if ((frag->reassembly = calloc(1, |
187 | RSMBLY_BITMASK_SIZE(frag_len)(((frag_len) + 7) / 8))) == NULL((void *)0)) |
188 | goto err; |
189 | } |
190 | |
191 | return frag; |
192 | |
193 | err: |
194 | dtls1_hm_fragment_free(frag); |
195 | return NULL((void *)0); |
196 | } |
197 | |
198 | void |
199 | dtls1_hm_fragment_free(hm_fragment *frag) |
200 | { |
201 | if (frag == NULL((void *)0)) |
202 | return; |
203 | |
204 | free(frag->fragment); |
205 | free(frag->reassembly); |
206 | free(frag); |
207 | } |
208 | |
209 | /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ |
210 | int |
211 | dtls1_do_write(SSL *s, int type) |
212 | { |
213 | int ret; |
214 | int curr_mtu; |
215 | unsigned int len, frag_off; |
216 | size_t overhead; |
217 | |
218 | /* AHA! Figure out the MTU, and stick to the right size */ |
219 | if (s->d1->mtu < dtls1_min_mtu() && |
220 | !(SSL_get_options(s)SSL_ctrl((s),32,0,((void *)0)) & SSL_OP_NO_QUERY_MTU0x00001000L)) { |
221 | s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), |
222 | BIO_CTRL_DGRAM_QUERY_MTU40, 0, NULL((void *)0)); |
223 | |
224 | /* |
225 | * I've seen the kernel return bogus numbers when it |
226 | * doesn't know the MTU (ie., the initial write), so just |
227 | * make sure we have a reasonable number |
228 | */ |
229 | if (s->d1->mtu < dtls1_min_mtu()) { |
230 | s->d1->mtu = 0; |
231 | s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); |
232 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU42, |
233 | s->d1->mtu, NULL((void *)0)); |
234 | } |
235 | } |
236 | |
237 | OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu())(void)((s->d1->mtu >= dtls1_min_mtu()) ? 0 : (OpenSSLDie ("/usr/src/lib/libssl/d1_both.c", 237, "s->d1->mtu >= dtls1_min_mtu()" ),1)); |
238 | /* should have something reasonable now */ |
239 | |
240 | if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE22) |
241 | OPENSSL_assert(s->init_num ==(void)((s->init_num == (int)s->d1->w_msg_hdr.msg_len + 12) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c", 242 , "s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH" ),1)) |
242 | (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH)(void)((s->init_num == (int)s->d1->w_msg_hdr.msg_len + 12) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c", 242 , "s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH" ),1)); |
243 | |
244 | if (!tls12_record_layer_write_overhead(s->rl, &overhead)) |
245 | return -1; |
246 | |
247 | frag_off = 0; |
248 | while (s->init_num) { |
249 | curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s))(int)BIO_ctrl(SSL_get_wbio(s),13,0,((void *)0)) - |
250 | DTLS1_RT_HEADER_LENGTH13 - overhead; |
251 | |
252 | if (curr_mtu <= DTLS1_HM_HEADER_LENGTH12) { |
253 | /* grr.. we could get an error if MTU picked was wrong */ |
254 | ret = BIO_flush(SSL_get_wbio(s))(int)BIO_ctrl(SSL_get_wbio(s),11,0,((void *)0)); |
255 | if (ret <= 0) |
256 | return ret; |
257 | curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH13 - |
258 | overhead; |
259 | } |
260 | |
261 | if (s->init_num > curr_mtu) |
262 | len = curr_mtu; |
263 | else |
264 | len = s->init_num; |
265 | |
266 | /* XDTLS: this function is too long. split out the CCS part */ |
267 | if (type == SSL3_RT_HANDSHAKE22) { |
268 | if (s->init_off != 0) { |
269 | OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH)(void)((s->init_off > 12) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c" , 269, "s->init_off > DTLS1_HM_HEADER_LENGTH"),1)); |
270 | s->init_off -= DTLS1_HM_HEADER_LENGTH12; |
271 | s->init_num += DTLS1_HM_HEADER_LENGTH12; |
272 | |
273 | if (s->init_num > curr_mtu) |
274 | len = curr_mtu; |
275 | else |
276 | len = s->init_num; |
277 | } |
278 | |
279 | dtls1_fix_message_header(s, frag_off, |
280 | len - DTLS1_HM_HEADER_LENGTH12); |
281 | |
282 | if (!dtls1_write_message_header(&s->d1->w_msg_hdr, |
283 | s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len, |
284 | (unsigned char *)&s->init_buf->data[s->init_off])) |
285 | return -1; |
286 | |
287 | OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH)(void)((len >= 12) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c" , 287, "len >= DTLS1_HM_HEADER_LENGTH"),1)); |
288 | } |
289 | |
290 | ret = dtls1_write_bytes(s, type, |
291 | &s->init_buf->data[s->init_off], len); |
292 | if (ret < 0) { |
293 | /* |
294 | * Might need to update MTU here, but we don't know |
295 | * which previous packet caused the failure -- so |
296 | * can't really retransmit anything. continue as |
297 | * if everything is fine and wait for an alert to |
298 | * handle the retransmit |
299 | */ |
300 | if (BIO_ctrl(SSL_get_wbio(s), |
301 | BIO_CTRL_DGRAM_MTU_EXCEEDED43, 0, NULL((void *)0)) > 0) |
302 | s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), |
303 | BIO_CTRL_DGRAM_QUERY_MTU40, 0, NULL((void *)0)); |
304 | else |
305 | return (-1); |
306 | } else { |
307 | |
308 | /* |
309 | * Bad if this assert fails, only part of the |
310 | * handshake message got sent. but why would |
311 | * this happen? |
312 | */ |
313 | OPENSSL_assert(len == (unsigned int)ret)(void)((len == (unsigned int)ret) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c" , 313, "len == (unsigned int)ret"),1)); |
314 | |
315 | if (type == SSL3_RT_HANDSHAKE22 && |
316 | !s->d1->retransmitting) { |
317 | /* |
318 | * Should not be done for 'Hello Request's, |
319 | * but in that case we'll ignore the result |
320 | * anyway |
321 | */ |
322 | unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; |
323 | const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; |
324 | int xlen; |
325 | |
326 | if (frag_off == 0) { |
327 | /* |
328 | * Reconstruct message header is if it |
329 | * is being sent in single fragment |
330 | */ |
331 | if (!dtls1_write_message_header(msg_hdr, |
332 | 0, msg_hdr->msg_len, p)) |
333 | return (-1); |
334 | xlen = ret; |
335 | } else { |
336 | p += DTLS1_HM_HEADER_LENGTH12; |
337 | xlen = ret - DTLS1_HM_HEADER_LENGTH12; |
338 | } |
339 | |
340 | tls1_transcript_record(s, p, xlen); |
341 | } |
342 | |
343 | if (ret == s->init_num) { |
344 | if (s->msg_callback) |
345 | s->msg_callback(1, s->version, type, |
346 | s->init_buf->data, |
347 | (size_t)(s->init_off + s->init_num), |
348 | s, s->msg_callback_arg); |
349 | |
350 | s->init_off = 0; |
351 | /* done writing this message */ |
352 | s->init_num = 0; |
353 | |
354 | return (1); |
355 | } |
356 | s->init_off += ret; |
357 | s->init_num -= ret; |
358 | frag_off += (ret -= DTLS1_HM_HEADER_LENGTH12); |
Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret' | |
359 | } |
360 | } |
361 | return (0); |
362 | } |
363 | |
364 | |
365 | /* |
366 | * Obtain handshake message of message type 'mt' (any if mt == -1), |
367 | * maximum acceptable body length 'max'. |
368 | * Read an entire handshake message. Handshake messages arrive in |
369 | * fragments. |
370 | */ |
371 | int |
372 | dtls1_get_message(SSL *s, int st1, int stn, int mt, long max) |
373 | { |
374 | struct hm_header_st *msg_hdr; |
375 | unsigned char *p; |
376 | unsigned long msg_len; |
377 | int i, al, ok; |
378 | |
379 | /* |
380 | * s3->tmp is used to store messages that are unexpected, caused |
381 | * by the absence of an optional handshake message |
382 | */ |
383 | if (s->s3->hs.tls12.reuse_message) { |
384 | s->s3->hs.tls12.reuse_message = 0; |
385 | if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) { |
386 | al = SSL_AD_UNEXPECTED_MESSAGE10; |
387 | SSLerror(s, SSL_R_UNEXPECTED_MESSAGE)SSL_error_internal(s, 244, "/usr/src/lib/libssl/d1_both.c", 387 ); |
388 | goto fatal_err; |
389 | } |
390 | s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH12; |
391 | s->init_num = (int)s->s3->hs.tls12.message_size; |
392 | return 1; |
393 | } |
394 | |
395 | msg_hdr = &s->d1->r_msg_hdr; |
396 | memset(msg_hdr, 0, sizeof(struct hm_header_st)); |
397 | |
398 | again: |
399 | i = dtls1_get_message_fragment(s, st1, stn, max, &ok); |
400 | if (i == DTLS1_HM_BAD_FRAGMENT-2 || |
401 | i == DTLS1_HM_FRAGMENT_RETRY-3) /* bad fragment received */ |
402 | goto again; |
403 | else if (i <= 0 && !ok) |
404 | return i; |
405 | |
406 | p = (unsigned char *)s->init_buf->data; |
407 | msg_len = msg_hdr->msg_len; |
408 | |
409 | /* reconstruct message header */ |
410 | if (!dtls1_write_message_header(msg_hdr, 0, msg_len, p)) |
411 | return -1; |
412 | |
413 | msg_len += DTLS1_HM_HEADER_LENGTH12; |
414 | |
415 | tls1_transcript_record(s, p, msg_len); |
416 | if (s->msg_callback) |
417 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE22, p, msg_len, |
418 | s, s->msg_callback_arg); |
419 | |
420 | memset(msg_hdr, 0, sizeof(struct hm_header_st)); |
421 | |
422 | /* Don't change sequence numbers while listening */ |
423 | if (!s->d1->listen) |
424 | s->d1->handshake_read_seq++; |
425 | |
426 | s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH12; |
427 | return 1; |
428 | |
429 | fatal_err: |
430 | ssl3_send_alert(s, SSL3_AL_FATAL2, al); |
431 | return -1; |
432 | } |
433 | |
434 | static int |
435 | dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) |
436 | { |
437 | size_t frag_off, frag_len, msg_len; |
438 | |
439 | msg_len = msg_hdr->msg_len; |
440 | frag_off = msg_hdr->frag_off; |
441 | frag_len = msg_hdr->frag_len; |
442 | |
443 | /* sanity checking */ |
444 | if ((frag_off + frag_len) > msg_len) { |
445 | SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE)SSL_error_internal(s, 152, "/usr/src/lib/libssl/d1_both.c", 445 ); |
446 | return SSL_AD_ILLEGAL_PARAMETER47; |
447 | } |
448 | |
449 | if ((frag_off + frag_len) > (unsigned long)max) { |
450 | SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE)SSL_error_internal(s, 152, "/usr/src/lib/libssl/d1_both.c", 450 ); |
451 | return SSL_AD_ILLEGAL_PARAMETER47; |
452 | } |
453 | |
454 | if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ |
455 | { |
456 | /* |
457 | * msg_len is limited to 2^24, but is effectively checked |
458 | * against max above |
459 | */ |
460 | if (!BUF_MEM_grow_clean(s->init_buf, |
461 | msg_len + DTLS1_HM_HEADER_LENGTH12)) { |
462 | SSLerror(s, ERR_R_BUF_LIB)SSL_error_internal(s, 7, "/usr/src/lib/libssl/d1_both.c", 462 ); |
463 | return SSL_AD_INTERNAL_ERROR80; |
464 | } |
465 | |
466 | s->s3->hs.tls12.message_size = msg_len; |
467 | s->d1->r_msg_hdr.msg_len = msg_len; |
468 | s->s3->hs.tls12.message_type = msg_hdr->type; |
469 | s->d1->r_msg_hdr.type = msg_hdr->type; |
470 | s->d1->r_msg_hdr.seq = msg_hdr->seq; |
471 | } else if (msg_len != s->d1->r_msg_hdr.msg_len) { |
472 | /* |
473 | * They must be playing with us! BTW, failure to enforce |
474 | * upper limit would open possibility for buffer overrun. |
475 | */ |
476 | SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE)SSL_error_internal(s, 152, "/usr/src/lib/libssl/d1_both.c", 476 ); |
477 | return SSL_AD_ILLEGAL_PARAMETER47; |
478 | } |
479 | |
480 | return 0; /* no error */ |
481 | } |
482 | |
483 | static int |
484 | dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) |
485 | { |
486 | /* |
487 | * (0) check whether the desired fragment is available |
488 | * if so: |
489 | * (1) copy over the fragment to s->init_buf->data[] |
490 | * (2) update s->init_num |
491 | */ |
492 | pitem *item; |
493 | hm_fragment *frag; |
494 | int al; |
495 | |
496 | *ok = 0; |
497 | item = pqueue_peek(s->d1->buffered_messages); |
498 | if (item == NULL((void *)0)) |
499 | return 0; |
500 | |
501 | frag = (hm_fragment *)item->data; |
502 | |
503 | /* Don't return if reassembly still in progress */ |
504 | if (frag->reassembly != NULL((void *)0)) |
505 | return 0; |
506 | |
507 | if (s->d1->handshake_read_seq == frag->msg_header.seq) { |
508 | unsigned long frag_len = frag->msg_header.frag_len; |
509 | pqueue_pop(s->d1->buffered_messages); |
510 | |
511 | al = dtls1_preprocess_fragment(s, &frag->msg_header, max); |
512 | |
513 | if (al == 0) /* no alert */ |
514 | { |
515 | unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH12; |
516 | memcpy(&p[frag->msg_header.frag_off], |
517 | frag->fragment, frag->msg_header.frag_len); |
518 | } |
519 | |
520 | dtls1_hm_fragment_free(frag); |
521 | pitem_free(item); |
522 | |
523 | if (al == 0) { |
524 | *ok = 1; |
525 | return frag_len; |
526 | } |
527 | |
528 | ssl3_send_alert(s, SSL3_AL_FATAL2, al); |
529 | s->init_num = 0; |
530 | *ok = 0; |
531 | return -1; |
532 | } else |
533 | return 0; |
534 | } |
535 | |
536 | /* |
537 | * dtls1_max_handshake_message_len returns the maximum number of bytes |
538 | * permitted in a DTLS handshake message for |s|. The minimum is 16KB, |
539 | * but may be greater if the maximum certificate list size requires it. |
540 | */ |
541 | static unsigned long |
542 | dtls1_max_handshake_message_len(const SSL *s) |
543 | { |
544 | unsigned long max_len; |
545 | |
546 | max_len = DTLS1_HM_HEADER_LENGTH12 + SSL3_RT_MAX_ENCRYPTED_LENGTH((256 + 64)+16384); |
547 | if (max_len < (unsigned long)s->max_cert_list) |
548 | return s->max_cert_list; |
549 | return max_len; |
550 | } |
551 | |
552 | static int |
553 | dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) |
554 | { |
555 | hm_fragment *frag = NULL((void *)0); |
556 | pitem *item = NULL((void *)0); |
557 | int i = -1, is_complete; |
558 | unsigned char seq64be[8]; |
559 | unsigned long frag_len = msg_hdr->frag_len; |
560 | |
561 | if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || |
562 | msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) |
563 | goto err; |
564 | |
565 | if (frag_len == 0) { |
566 | i = DTLS1_HM_FRAGMENT_RETRY-3; |
567 | goto err; |
568 | } |
569 | |
570 | /* Try to find item in queue */ |
571 | memset(seq64be, 0, sizeof(seq64be)); |
572 | seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); |
573 | seq64be[7] = (unsigned char)msg_hdr->seq; |
574 | item = pqueue_find(s->d1->buffered_messages, seq64be); |
575 | |
576 | if (item == NULL((void *)0)) { |
577 | frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); |
578 | if (frag == NULL((void *)0)) |
579 | goto err; |
580 | memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); |
581 | frag->msg_header.frag_len = frag->msg_header.msg_len; |
582 | frag->msg_header.frag_off = 0; |
583 | } else { |
584 | frag = (hm_fragment*)item->data; |
585 | if (frag->msg_header.msg_len != msg_hdr->msg_len) { |
586 | item = NULL((void *)0); |
587 | frag = NULL((void *)0); |
588 | goto err; |
589 | } |
590 | } |
591 | |
592 | /* |
593 | * If message is already reassembled, this must be a |
594 | * retransmit and can be dropped. |
595 | */ |
596 | if (frag->reassembly == NULL((void *)0)) { |
597 | unsigned char devnull [256]; |
598 | |
599 | while (frag_len) { |
600 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE22, |
601 | devnull, frag_len > sizeof(devnull) ? |
602 | sizeof(devnull) : frag_len, 0); |
603 | if (i <= 0) |
604 | goto err; |
605 | frag_len -= i; |
606 | } |
607 | i = DTLS1_HM_FRAGMENT_RETRY-3; |
608 | goto err; |
609 | } |
610 | |
611 | /* read the body of the fragment (header has already been read */ |
612 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE22, |
613 | frag->fragment + msg_hdr->frag_off, frag_len, 0); |
614 | if (i <= 0 || (unsigned long)i != frag_len) |
615 | goto err; |
616 | |
617 | RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,{ if (((long)(msg_hdr->frag_off + frag_len)) - ((long)msg_hdr ->frag_off) <= 8) { long ii; for (ii = ((long)msg_hdr-> frag_off); ii < ((long)(msg_hdr->frag_off + frag_len)); ii++) frag->reassembly[((ii) >> 3)] |= (1 << ( (ii) & 7)); } else { long ii; frag->reassembly[(((long )msg_hdr->frag_off) >> 3)] |= bitmask_start_values[( ((long)msg_hdr->frag_off) & 7)]; for (ii = ((((long)msg_hdr ->frag_off) >> 3) + 1); ii < (((((long)(msg_hdr-> frag_off + frag_len)) - 1)) >> 3); ii++) frag->reassembly [ii] = 0xff; frag->reassembly[((((long)(msg_hdr->frag_off + frag_len)) - 1) >> 3)] |= bitmask_end_values[(((long )(msg_hdr->frag_off + frag_len)) & 7)]; } } |
618 | (long)(msg_hdr->frag_off + frag_len)){ if (((long)(msg_hdr->frag_off + frag_len)) - ((long)msg_hdr ->frag_off) <= 8) { long ii; for (ii = ((long)msg_hdr-> frag_off); ii < ((long)(msg_hdr->frag_off + frag_len)); ii++) frag->reassembly[((ii) >> 3)] |= (1 << ( (ii) & 7)); } else { long ii; frag->reassembly[(((long )msg_hdr->frag_off) >> 3)] |= bitmask_start_values[( ((long)msg_hdr->frag_off) & 7)]; for (ii = ((((long)msg_hdr ->frag_off) >> 3) + 1); ii < (((((long)(msg_hdr-> frag_off + frag_len)) - 1)) >> 3); ii++) frag->reassembly [ii] = 0xff; frag->reassembly[((((long)(msg_hdr->frag_off + frag_len)) - 1) >> 3)] |= bitmask_end_values[(((long )(msg_hdr->frag_off + frag_len)) & 7)]; } }; |
619 | |
620 | RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,{ long ii; (void)((((long)msg_hdr->msg_len) > 0) ? 0 : ( OpenSSLDie("/usr/src/lib/libssl/d1_both.c", 621, "((long)msg_hdr->msg_len) > 0" ),1)); is_complete = 1; if (frag->reassembly[((((long)msg_hdr ->msg_len) - 1) >> 3)] != bitmask_end_values[(((long )msg_hdr->msg_len) & 7)]) is_complete = 0; if (is_complete ) for (ii = ((((long)msg_hdr->msg_len) - 1) >> 3) - 1 ; ii >= 0 ; ii--) if (frag->reassembly[ii] != 0xff) { is_complete = 0; break; } } |
621 | is_complete){ long ii; (void)((((long)msg_hdr->msg_len) > 0) ? 0 : ( OpenSSLDie("/usr/src/lib/libssl/d1_both.c", 621, "((long)msg_hdr->msg_len) > 0" ),1)); is_complete = 1; if (frag->reassembly[((((long)msg_hdr ->msg_len) - 1) >> 3)] != bitmask_end_values[(((long )msg_hdr->msg_len) & 7)]) is_complete = 0; if (is_complete ) for (ii = ((((long)msg_hdr->msg_len) - 1) >> 3) - 1 ; ii >= 0 ; ii--) if (frag->reassembly[ii] != 0xff) { is_complete = 0; break; } }; |
622 | |
623 | if (is_complete) { |
624 | free(frag->reassembly); |
625 | frag->reassembly = NULL((void *)0); |
626 | } |
627 | |
628 | if (item == NULL((void *)0)) { |
629 | memset(seq64be, 0, sizeof(seq64be)); |
630 | seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); |
631 | seq64be[7] = (unsigned char)(msg_hdr->seq); |
632 | |
633 | item = pitem_new(seq64be, frag); |
634 | if (item == NULL((void *)0)) { |
635 | i = -1; |
636 | goto err; |
637 | } |
638 | |
639 | pqueue_insert(s->d1->buffered_messages, item); |
640 | } |
641 | |
642 | return DTLS1_HM_FRAGMENT_RETRY-3; |
643 | |
644 | err: |
645 | if (item == NULL((void *)0) && frag != NULL((void *)0)) |
646 | dtls1_hm_fragment_free(frag); |
647 | *ok = 0; |
648 | return i; |
649 | } |
650 | |
651 | |
652 | static int |
653 | dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) |
654 | { |
655 | int i = -1; |
656 | hm_fragment *frag = NULL((void *)0); |
657 | pitem *item = NULL((void *)0); |
658 | unsigned char seq64be[8]; |
659 | unsigned long frag_len = msg_hdr->frag_len; |
660 | |
661 | if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) |
662 | goto err; |
663 | |
664 | /* Try to find item in queue, to prevent duplicate entries */ |
665 | memset(seq64be, 0, sizeof(seq64be)); |
666 | seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); |
667 | seq64be[7] = (unsigned char) msg_hdr->seq; |
668 | item = pqueue_find(s->d1->buffered_messages, seq64be); |
669 | |
670 | /* |
671 | * If we already have an entry and this one is a fragment, |
672 | * don't discard it and rather try to reassemble it. |
673 | */ |
674 | if (item != NULL((void *)0) && frag_len < msg_hdr->msg_len) |
675 | item = NULL((void *)0); |
676 | |
677 | /* |
678 | * Discard the message if sequence number was already there, is |
679 | * too far in the future, already in the queue or if we received |
680 | * a FINISHED before the SERVER_HELLO, which then must be a stale |
681 | * retransmit. |
682 | */ |
683 | if (msg_hdr->seq <= s->d1->handshake_read_seq || |
684 | msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL((void *)0) || |
685 | (s->d1->handshake_read_seq == 0 && |
686 | msg_hdr->type == SSL3_MT_FINISHED20)) { |
687 | unsigned char devnull [256]; |
688 | |
689 | while (frag_len) { |
690 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE22, |
691 | devnull, frag_len > sizeof(devnull) ? |
692 | sizeof(devnull) : frag_len, 0); |
693 | if (i <= 0) |
694 | goto err; |
695 | frag_len -= i; |
696 | } |
697 | } else { |
698 | if (frag_len < msg_hdr->msg_len) |
699 | return dtls1_reassemble_fragment(s, msg_hdr, ok); |
700 | |
701 | if (frag_len > dtls1_max_handshake_message_len(s)) |
702 | goto err; |
703 | |
704 | frag = dtls1_hm_fragment_new(frag_len, 0); |
705 | if (frag == NULL((void *)0)) |
706 | goto err; |
707 | |
708 | memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); |
709 | |
710 | if (frag_len) { |
711 | /* read the body of the fragment (header has already been read */ |
712 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE22, |
713 | frag->fragment, frag_len, 0); |
714 | if (i <= 0 || (unsigned long)i != frag_len) |
715 | goto err; |
716 | } |
717 | |
718 | memset(seq64be, 0, sizeof(seq64be)); |
719 | seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); |
720 | seq64be[7] = (unsigned char)(msg_hdr->seq); |
721 | |
722 | item = pitem_new(seq64be, frag); |
723 | if (item == NULL((void *)0)) |
724 | goto err; |
725 | |
726 | pqueue_insert(s->d1->buffered_messages, item); |
727 | } |
728 | |
729 | return DTLS1_HM_FRAGMENT_RETRY-3; |
730 | |
731 | err: |
732 | if (item == NULL((void *)0) && frag != NULL((void *)0)) |
733 | dtls1_hm_fragment_free(frag); |
734 | *ok = 0; |
735 | return i; |
736 | } |
737 | |
738 | |
739 | static long |
740 | dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) |
741 | { |
742 | unsigned char wire[DTLS1_HM_HEADER_LENGTH12]; |
743 | unsigned long len, frag_off, frag_len; |
744 | struct hm_header_st msg_hdr; |
745 | int i, al; |
746 | CBS cbs; |
747 | |
748 | again: |
749 | /* see if we have the required fragment already */ |
750 | if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) { |
751 | if (*ok) |
752 | s->init_num = frag_len; |
753 | return frag_len; |
754 | } |
755 | |
756 | /* read handshake message header */ |
757 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE22, wire, |
758 | DTLS1_HM_HEADER_LENGTH12, 0); |
759 | if (i <= 0) { |
760 | /* nbio, or an error */ |
761 | s->rwstate = SSL_READING3; |
762 | *ok = 0; |
763 | return i; |
764 | } |
765 | |
766 | CBS_init(&cbs, wire, i); |
767 | if (!dtls1_get_message_header(&cbs, &msg_hdr)) { |
768 | /* Handshake fails if message header is incomplete. */ |
769 | al = SSL_AD_UNEXPECTED_MESSAGE10; |
770 | SSLerror(s, SSL_R_UNEXPECTED_MESSAGE)SSL_error_internal(s, 244, "/usr/src/lib/libssl/d1_both.c", 770 ); |
771 | goto fatal_err; |
772 | } |
773 | |
774 | /* |
775 | * if this is a future (or stale) message it gets buffered |
776 | * (or dropped)--no further processing at this time |
777 | * While listening, we accept seq 1 (ClientHello with cookie) |
778 | * although we're still expecting seq 0 (ClientHello) |
779 | */ |
780 | if (msg_hdr.seq != s->d1->handshake_read_seq && |
781 | !(s->d1->listen && msg_hdr.seq == 1)) |
782 | return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); |
783 | |
784 | len = msg_hdr.msg_len; |
785 | frag_off = msg_hdr.frag_off; |
786 | frag_len = msg_hdr.frag_len; |
787 | |
788 | if (frag_len && frag_len < len) |
789 | return dtls1_reassemble_fragment(s, &msg_hdr, ok); |
790 | |
791 | if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && |
792 | wire[0] == SSL3_MT_HELLO_REQUEST0) { |
793 | /* |
794 | * The server may always send 'Hello Request' messages -- |
795 | * we are doing a handshake anyway now, so ignore them |
796 | * if their format is correct. Does not count for |
797 | * 'Finished' MAC. |
798 | */ |
799 | if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { |
800 | if (s->msg_callback) |
801 | s->msg_callback(0, s->version, |
802 | SSL3_RT_HANDSHAKE22, wire, |
803 | DTLS1_HM_HEADER_LENGTH12, s, |
804 | s->msg_callback_arg); |
805 | |
806 | s->init_num = 0; |
807 | goto again; |
808 | } |
809 | else /* Incorrectly formatted Hello request */ |
810 | { |
811 | al = SSL_AD_UNEXPECTED_MESSAGE10; |
812 | SSLerror(s, SSL_R_UNEXPECTED_MESSAGE)SSL_error_internal(s, 244, "/usr/src/lib/libssl/d1_both.c", 812 ); |
813 | goto fatal_err; |
814 | } |
815 | } |
816 | |
817 | if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) |
818 | goto fatal_err; |
819 | |
820 | /* XDTLS: resurrect this when restart is in place */ |
821 | s->s3->hs.state = stn; |
822 | |
823 | if (frag_len > 0) { |
824 | unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH12; |
825 | |
826 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE22, |
827 | &p[frag_off], frag_len, 0); |
828 | /* XDTLS: fix this--message fragments cannot span multiple packets */ |
829 | if (i <= 0) { |
830 | s->rwstate = SSL_READING3; |
831 | *ok = 0; |
832 | return i; |
833 | } |
834 | } else |
835 | i = 0; |
836 | |
837 | /* |
838 | * XDTLS: an incorrectly formatted fragment should cause the |
839 | * handshake to fail |
840 | */ |
841 | if (i != (int)frag_len) { |
842 | al = SSL_AD_ILLEGAL_PARAMETER47; |
843 | SSLerror(s, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER)SSL_error_internal(s, 1047, "/usr/src/lib/libssl/d1_both.c", 843 ); |
844 | goto fatal_err; |
845 | } |
846 | |
847 | /* |
848 | * Note that s->init_num is *not* used as current offset in |
849 | * s->init_buf->data, but as a counter summing up fragments' |
850 | * lengths: as soon as they sum up to handshake packet |
851 | * length, we assume we have got all the fragments. |
852 | */ |
853 | s->init_num = frag_len; |
854 | *ok = 1; |
855 | return frag_len; |
856 | |
857 | fatal_err: |
858 | ssl3_send_alert(s, SSL3_AL_FATAL2, al); |
859 | s->init_num = 0; |
860 | |
861 | *ok = 0; |
862 | return (-1); |
863 | } |
864 | |
865 | int |
866 | dtls1_read_failed(SSL *s, int code) |
867 | { |
868 | if (code > 0) { |
869 | #ifdef DEBUG |
870 | fprintf(stderr(&__sF[2]), "invalid state reached %s:%d", |
871 | __FILE__"/usr/src/lib/libssl/d1_both.c", __LINE__871); |
872 | #endif |
873 | return 1; |
874 | } |
875 | |
876 | if (!dtls1_is_timer_expired(s)) { |
877 | /* |
878 | * not a timeout, none of our business, let higher layers |
879 | * handle this. in fact it's probably an error |
880 | */ |
881 | return code; |
882 | } |
883 | |
884 | if (!SSL_in_init(s)(SSL_state((s))&(0x1000|0x2000))) /* done, no need to send a retransmit */ |
885 | { |
886 | BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ0x01); |
887 | return code; |
888 | } |
889 | |
890 | return dtls1_handle_timeout(s); |
891 | } |
892 | |
893 | int |
894 | dtls1_get_queue_priority(unsigned short seq, int is_ccs) |
895 | { |
896 | /* |
897 | * The index of the retransmission queue actually is the message |
898 | * sequence number, since the queue only contains messages of a |
899 | * single handshake. However, the ChangeCipherSpec has no message |
900 | * sequence number and so using only the sequence will result in |
901 | * the CCS and Finished having the same index. To prevent this, the |
902 | * sequence number is multiplied by 2. In case of a CCS 1 is |
903 | * subtracted. This does not only differ CSS and Finished, it also |
904 | * maintains the order of the index (important for priority queues) |
905 | * and fits in the unsigned short variable. |
906 | */ |
907 | return seq * 2 - is_ccs; |
908 | } |
909 | |
910 | int |
911 | dtls1_retransmit_buffered_messages(SSL *s) |
912 | { |
913 | pqueue sent = s->d1->sent_messages; |
914 | piterator iter; |
915 | pitem *item; |
916 | hm_fragment *frag; |
917 | int found = 0; |
918 | |
919 | iter = pqueue_iterator(sent); |
920 | |
921 | for (item = pqueue_next(&iter); item != NULL((void *)0); |
922 | item = pqueue_next(&iter)) { |
923 | frag = (hm_fragment *)item->data; |
924 | if (dtls1_retransmit_message(s, |
925 | (unsigned short)dtls1_get_queue_priority( |
926 | frag->msg_header.seq, frag->msg_header.is_ccs), 0, |
927 | &found) <= 0 && found) { |
928 | #ifdef DEBUG |
929 | fprintf(stderr(&__sF[2]), "dtls1_retransmit_message() failed\n"); |
930 | #endif |
931 | return -1; |
932 | } |
933 | } |
934 | |
935 | return 1; |
936 | } |
937 | |
938 | int |
939 | dtls1_buffer_message(SSL *s, int is_ccs) |
940 | { |
941 | pitem *item; |
942 | hm_fragment *frag; |
943 | unsigned char seq64be[8]; |
944 | |
945 | /* Buffer the message in order to handle DTLS retransmissions. */ |
946 | |
947 | /* |
948 | * This function is called immediately after a message has |
949 | * been serialized |
950 | */ |
951 | OPENSSL_assert(s->init_off == 0)(void)((s->init_off == 0) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c" , 951, "s->init_off == 0"),1)); |
952 | |
953 | frag = dtls1_hm_fragment_new(s->init_num, 0); |
954 | if (frag == NULL((void *)0)) |
955 | return 0; |
956 | |
957 | memcpy(frag->fragment, s->init_buf->data, s->init_num); |
958 | |
959 | OPENSSL_assert(s->d1->w_msg_hdr.msg_len +(void)((s->d1->w_msg_hdr.msg_len + (is_ccs ? 1 : 12) == (unsigned int)s->init_num) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c" , 961, "s->d1->w_msg_hdr.msg_len + (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) == (unsigned int)s->init_num" ),1)) |
960 | (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) ==(void)((s->d1->w_msg_hdr.msg_len + (is_ccs ? 1 : 12) == (unsigned int)s->init_num) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c" , 961, "s->d1->w_msg_hdr.msg_len + (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) == (unsigned int)s->init_num" ),1)) |
961 | (unsigned int)s->init_num)(void)((s->d1->w_msg_hdr.msg_len + (is_ccs ? 1 : 12) == (unsigned int)s->init_num) ? 0 : (OpenSSLDie("/usr/src/lib/libssl/d1_both.c" , 961, "s->d1->w_msg_hdr.msg_len + (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) == (unsigned int)s->init_num" ),1)); |
962 | |
963 | frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; |
964 | frag->msg_header.seq = s->d1->w_msg_hdr.seq; |
965 | frag->msg_header.type = s->d1->w_msg_hdr.type; |
966 | frag->msg_header.frag_off = 0; |
967 | frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; |
968 | frag->msg_header.is_ccs = is_ccs; |
969 | |
970 | /* save current state*/ |
971 | frag->msg_header.saved_retransmit_state.session = s->session; |
972 | frag->msg_header.saved_retransmit_state.epoch = |
973 | tls12_record_layer_write_epoch(s->rl); |
974 | |
975 | memset(seq64be, 0, sizeof(seq64be)); |
976 | seq64be[6] = (unsigned char)(dtls1_get_queue_priority( |
977 | frag->msg_header.seq, frag->msg_header.is_ccs) >> 8); |
978 | seq64be[7] = (unsigned char)(dtls1_get_queue_priority( |
979 | frag->msg_header.seq, frag->msg_header.is_ccs)); |
980 | |
981 | item = pitem_new(seq64be, frag); |
982 | if (item == NULL((void *)0)) { |
983 | dtls1_hm_fragment_free(frag); |
984 | return 0; |
985 | } |
986 | |
987 | pqueue_insert(s->d1->sent_messages, item); |
988 | return 1; |
989 | } |
990 | |
991 | int |
992 | dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, |
993 | int *found) |
994 | { |
995 | int ret; |
996 | /* XDTLS: for now assuming that read/writes are blocking */ |
997 | pitem *item; |
998 | hm_fragment *frag; |
999 | unsigned long header_length; |
1000 | unsigned char seq64be[8]; |
1001 | struct dtls1_retransmit_state saved_state; |
1002 | |
1003 | /* |
1004 | OPENSSL_assert(s->init_num == 0); |
1005 | OPENSSL_assert(s->init_off == 0); |
1006 | */ |
1007 | |
1008 | /* XDTLS: the requested message ought to be found, otherwise error */ |
1009 | memset(seq64be, 0, sizeof(seq64be)); |
1010 | seq64be[6] = (unsigned char)(seq >> 8); |
1011 | seq64be[7] = (unsigned char)seq; |
1012 | |
1013 | item = pqueue_find(s->d1->sent_messages, seq64be); |
1014 | if (item == NULL((void *)0)) { |
1015 | #ifdef DEBUG |
1016 | fprintf(stderr(&__sF[2]), "retransmit: message %d non-existent\n", seq); |
1017 | #endif |
1018 | *found = 0; |
1019 | return 0; |
1020 | } |
1021 | |
1022 | *found = 1; |
1023 | frag = (hm_fragment *)item->data; |
1024 | |
1025 | if (frag->msg_header.is_ccs) |
1026 | header_length = DTLS1_CCS_HEADER_LENGTH1; |
1027 | else |
1028 | header_length = DTLS1_HM_HEADER_LENGTH12; |
1029 | |
1030 | memcpy(s->init_buf->data, frag->fragment, |
1031 | frag->msg_header.msg_len + header_length); |
1032 | s->init_num = frag->msg_header.msg_len + header_length; |
1033 | |
1034 | dtls1_set_message_header_int(s, frag->msg_header.type, |
1035 | frag->msg_header.msg_len, frag->msg_header.seq, 0, |
1036 | frag->msg_header.frag_len); |
1037 | |
1038 | /* save current state */ |
1039 | saved_state.session = s->session; |
1040 | saved_state.epoch = tls12_record_layer_write_epoch(s->rl); |
1041 | |
1042 | s->d1->retransmitting = 1; |
1043 | |
1044 | /* restore state in which the message was originally sent */ |
1045 | s->session = frag->msg_header.saved_retransmit_state.session; |
1046 | if (!tls12_record_layer_use_write_epoch(s->rl, |
1047 | frag->msg_header.saved_retransmit_state.epoch)) |
1048 | return 0; |
1049 | |
1050 | ret = dtls1_do_write(s, frag->msg_header.is_ccs ? |
1051 | SSL3_RT_CHANGE_CIPHER_SPEC20 : SSL3_RT_HANDSHAKE22); |
1052 | |
1053 | /* restore current state */ |
1054 | s->session = saved_state.session; |
1055 | if (!tls12_record_layer_use_write_epoch(s->rl, |
1056 | saved_state.epoch)) |
1057 | return 0; |
1058 | |
1059 | s->d1->retransmitting = 0; |
1060 | |
1061 | (void)BIO_flush(SSL_get_wbio(s))(int)BIO_ctrl(SSL_get_wbio(s),11,0,((void *)0)); |
1062 | return ret; |
1063 | } |
1064 | |
1065 | /* call this function when the buffered messages are no longer needed */ |
1066 | void |
1067 | dtls1_clear_record_buffer(SSL *s) |
1068 | { |
1069 | hm_fragment *frag; |
1070 | pitem *item; |
1071 | |
1072 | for(item = pqueue_pop(s->d1->sent_messages); item != NULL((void *)0); |
1073 | item = pqueue_pop(s->d1->sent_messages)) { |
1074 | frag = item->data; |
1075 | if (frag->msg_header.is_ccs) |
1076 | tls12_record_layer_write_epoch_done(s->rl, |
1077 | frag->msg_header.saved_retransmit_state.epoch); |
1078 | dtls1_hm_fragment_free(frag); |
1079 | pitem_free(item); |
1080 | } |
1081 | } |
1082 | |
1083 | void |
1084 | dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len, |
1085 | unsigned long frag_off, unsigned long frag_len) |
1086 | { |
1087 | /* Don't change sequence numbers while listening */ |
1088 | if (frag_off == 0 && !s->d1->listen) { |
1089 | s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; |
1090 | s->d1->next_handshake_write_seq++; |
1091 | } |
1092 | |
1093 | dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, |
1094 | frag_off, frag_len); |
1095 | } |
1096 | |
1097 | /* don't actually do the writing, wait till the MTU has been retrieved */ |
1098 | void |
1099 | dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, |
1100 | unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) |
1101 | { |
1102 | struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; |
1103 | |
1104 | msg_hdr->type = mt; |
1105 | msg_hdr->msg_len = len; |
1106 | msg_hdr->seq = seq_num; |
1107 | msg_hdr->frag_off = frag_off; |
1108 | msg_hdr->frag_len = frag_len; |
1109 | } |
1110 | |
1111 | static void |
1112 | dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) |
1113 | { |
1114 | struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; |
1115 | |
1116 | msg_hdr->frag_off = frag_off; |
1117 | msg_hdr->frag_len = frag_len; |
1118 | } |
1119 | |
1120 | static int |
1121 | dtls1_write_message_header(const struct hm_header_st *msg_hdr, |
1122 | unsigned long frag_off, unsigned long frag_len, unsigned char *p) |
1123 | { |
1124 | CBB cbb; |
1125 | |
1126 | /* We assume DTLS1_HM_HEADER_LENGTH bytes are available for now... */ |
1127 | if (!CBB_init_fixed(&cbb, p, DTLS1_HM_HEADER_LENGTH12)) |
1128 | return 0; |
1129 | if (!CBB_add_u8(&cbb, msg_hdr->type)) |
1130 | goto err; |
1131 | if (!CBB_add_u24(&cbb, msg_hdr->msg_len)) |
1132 | goto err; |
1133 | if (!CBB_add_u16(&cbb, msg_hdr->seq)) |
1134 | goto err; |
1135 | if (!CBB_add_u24(&cbb, frag_off)) |
1136 | goto err; |
1137 | if (!CBB_add_u24(&cbb, frag_len)) |
1138 | goto err; |
1139 | if (!CBB_finish(&cbb, NULL((void *)0), NULL((void *)0))) |
1140 | goto err; |
1141 | |
1142 | return 1; |
1143 | |
1144 | err: |
1145 | CBB_cleanup(&cbb); |
1146 | return 0; |
1147 | } |
1148 | |
1149 | unsigned int |
1150 | dtls1_min_mtu(void) |
1151 | { |
1152 | return (g_probable_mtu[(sizeof(g_probable_mtu) / |
1153 | sizeof(g_probable_mtu[0])) - 1]); |
1154 | } |
1155 | |
1156 | static unsigned int |
1157 | dtls1_guess_mtu(unsigned int curr_mtu) |
1158 | { |
1159 | unsigned int i; |
1160 | |
1161 | if (curr_mtu == 0) |
1162 | return g_probable_mtu[0]; |
1163 | |
1164 | for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++) |
1165 | if (curr_mtu > g_probable_mtu[i]) |
1166 | return g_probable_mtu[i]; |
1167 | |
1168 | return curr_mtu; |
1169 | } |
1170 | |
1171 | int |
1172 | dtls1_get_message_header(CBS *header, struct hm_header_st *msg_hdr) |
1173 | { |
1174 | uint32_t msg_len, frag_off, frag_len; |
1175 | uint16_t seq; |
1176 | uint8_t type; |
1177 | |
1178 | memset(msg_hdr, 0, sizeof(*msg_hdr)); |
1179 | |
1180 | if (!CBS_get_u8(header, &type)) |
1181 | return 0; |
1182 | if (!CBS_get_u24(header, &msg_len)) |
1183 | return 0; |
1184 | if (!CBS_get_u16(header, &seq)) |
1185 | return 0; |
1186 | if (!CBS_get_u24(header, &frag_off)) |
1187 | return 0; |
1188 | if (!CBS_get_u24(header, &frag_len)) |
1189 | return 0; |
1190 | |
1191 | msg_hdr->type = type; |
1192 | msg_hdr->msg_len = msg_len; |
1193 | msg_hdr->seq = seq; |
1194 | msg_hdr->frag_off = frag_off; |
1195 | msg_hdr->frag_len = frag_len; |
1196 | |
1197 | return 1; |
1198 | } |