diff options
Diffstat (limited to 'lib/libssl/d1_both.c')
| -rw-r--r-- | lib/libssl/d1_both.c | 129 |
1 files changed, 84 insertions, 45 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index bd4267238ff..f27588fcff8 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.22 2014/07/02 20:45:26 miod Exp $ */ +/* $OpenBSD: d1_both.c,v 1.23 2014/07/10 08:25:00 guenther Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -233,8 +233,11 @@ dtls1_do_write(SSL *s, int type) s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); - /* I've seen the kernel return bogus numbers when it doesn't know - * (initial write), so just make sure we have a reasonable number */ + /* + * I've seen the kernel return bogus numbers when it + * doesn't know the MTU (ie., the initial write), so just + * make sure we have a reasonable number + */ if (s->d1->mtu < dtls1_min_mtu()) { s->d1->mtu = 0; s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); @@ -306,11 +309,12 @@ dtls1_do_write(SSL *s, int type) ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len); if (ret < 0) { - /* might need to update MTU here, but we don't know - * which previous packet caused the failure -- so can't - * really retransmit anything. continue as if everything - * is fine and wait for an alert to handle the - * retransmit + /* + * Might need to update MTU here, but we don't know + * which previous packet caused the failure -- so + * can't really retransmit anything. continue as + * if everything is fine and wait for an alert to + * handle the retransmit */ if (BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) @@ -320,22 +324,30 @@ dtls1_do_write(SSL *s, int type) return (-1); } else { - /* bad if this assert fails, only part of the handshake - * message got sent. but why would this happen? */ + /* + * Bad if this assert fails, only part of the + * handshake message got sent. but why would + * this happen? + */ OPENSSL_assert(len == (unsigned int)ret); if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) { - /* should not be done for 'Hello Request's, but in that case - * we'll ignore the result anyway */ + /* + * Should not be done for 'Hello Request's, + * but in that case we'll ignore the result + * anyway + */ unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; int xlen; if (frag_off == 0 && s->version != DTLS1_BAD_VER) { - /* reconstruct message header is if it - * is being sent in single fragment */ + /* + * Reconstruct message header is if it + * is being sent in single fragment + */ *p++ = msg_hdr->type; l2n3(msg_hdr->msg_len, p); s2n (msg_hdr->seq, p); @@ -373,7 +385,8 @@ dtls1_do_write(SSL *s, int type) } -/* Obtain handshake message of message type 'mt' (any if mt == -1), +/* + * Obtain handshake message of message type 'mt' (any if mt == -1), * maximum acceptable body length 'max'. * Read an entire handshake message. Handshake messages arrive in * fragments. @@ -386,8 +399,10 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) unsigned char *p; unsigned long msg_len; - /* s3->tmp is used to store messages that are unexpected, caused - * by the absence of an optional handshake message */ + /* + * s3->tmp is used to store messages that are unexpected, caused + * by the absence of an optional handshake message + */ if (s->s3->tmp.reuse_message) { s->s3->tmp.reuse_message = 0; if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { @@ -472,8 +487,10 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ { - /* msg_len is limited to 2^24, but is effectively checked - * against max above */ + /* + * msg_len is limited to 2^24, but is effectively checked + * against max above + */ if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) { SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB); @@ -486,8 +503,10 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) s->d1->r_msg_hdr.type = msg_hdr->type; s->d1->r_msg_hdr.seq = msg_hdr->seq; } else if (msg_len != s->d1->r_msg_hdr.msg_len) { - /* They must be playing with us! BTW, failure to enforce - * upper limit would open possibility for buffer overrun. */ + /* + * They must be playing with us! BTW, failure to enforce + * upper limit would open possibility for buffer overrun. + */ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); return SSL_AD_ILLEGAL_PARAMETER; @@ -499,7 +518,8 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) { - /* (0) check whether the desired fragment is available + /* + * (0) check whether the desired fragment is available * if so: * (1) copy over the fragment to s->init_buf->data[] * (2) update s->init_num @@ -561,7 +581,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) goto err; - /* Determine maximum allowed message size. Depends on (user set) + /* + * Determine maximum allowed message size. Depends on (user set) * maximum certificate length, but 16k is minimum. */ if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < @@ -595,7 +616,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) } } - /* If message is already reassembled, this must be a + /* + * If message is already reassembled, this must be a * retransmit and can be dropped. */ if (frag->reassembly == NULL) { @@ -672,13 +694,15 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) seq64be[7] = (unsigned char) msg_hdr->seq; item = pqueue_find(s->d1->buffered_messages, seq64be); - /* If we already have an entry and this one is a fragment, + /* + * If we already have an entry and this one is a fragment, * don't discard it and rather try to reassemble it. */ if (item != NULL && frag_len < msg_hdr->msg_len) item = NULL; - /* Discard the message if sequence number was already there, is + /* + * Discard the message if sequence number was already there, is * too far in the future, already in the queue or if we received * a FINISHED before the SERVER_HELLO, which then must be a stale * retransmit. @@ -791,10 +815,12 @@ again: if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && wire[0] == SSL3_MT_HELLO_REQUEST) { - /* The server may always send 'Hello Request' messages -- + /* + * The server may always send 'Hello Request' messages -- * we are doing a handshake anyway now, so ignore them * if their format is correct. Does not count for - * 'Finished' MAC. */ + * 'Finished' MAC. + */ if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { if (s->msg_callback) s->msg_callback(0, s->version, @@ -834,8 +860,10 @@ again: } else i = 0; - /* XDTLS: an incorrectly formatted fragment should cause the - * handshake to fail */ + /* + * XDTLS: an incorrectly formatted fragment should cause the + * handshake to fail + */ if (i != (int)frag_len) { al = SSL3_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, @@ -845,10 +873,12 @@ again: *ok = 1; - /* Note that s->init_num is *not* used as current offset in + /* + * Note that s->init_num is *not* used as current offset in * s->init_buf->data, but as a counter summing up fragments' * lengths: as soon as they sum up to handshake packet - * length, we assume we have got all the fragments. */ + * length, we assume we have got all the fragments. + */ s->init_num = frag_len; return frag_len; @@ -878,7 +908,8 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) p += i; l = i; - /* Copy the finished so we can use it for + /* + * Copy the finished so we can use it for * renegotiation checks */ if (s->type == SSL_ST_CONNECT) { @@ -907,7 +938,8 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); } -/* for these 2 messages, we need to +/* + * for these 2 messages, we need to * ssl->enc_read_ctx re-init * ssl->s3->read_sequence zero * ssl->s3->read_mac_secret re-init @@ -1031,8 +1063,10 @@ dtls1_read_failed(SSL *s, int code) } if (!dtls1_is_timer_expired(s)) { - /* not a timeout, none of our business, - let higher layers handle this. in fact it's probably an error */ + /* + * not a timeout, none of our business, let higher layers + * handle this. in fact it's probably an error + */ return code; } @@ -1048,13 +1082,16 @@ dtls1_read_failed(SSL *s, int code) int dtls1_get_queue_priority(unsigned short seq, int is_ccs) { - /* The index of the retransmission queue actually is the message sequence number, - * since the queue only contains messages of a single handshake. However, the - * ChangeCipherSpec has no message sequence number and so using only the sequence - * will result in the CCS and Finished having the same index. To prevent this, - * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted. - * This does not only differ CSS and Finished, it also maintains the order of the - * index (important for priority queues) and fits in the unsigned short variable. + /* + * The index of the retransmission queue actually is the message + * sequence number, since the queue only contains messages of a + * single handshake. However, the ChangeCipherSpec has no message + * sequence number and so using only the sequence will result in + * the CCS and Finished having the same index. To prevent this, the + * sequence number is multiplied by 2. In case of a CCS 1 is + * subtracted. This does not only differ CSS and Finished, it also + * maintains the order of the index (important for priority queues) + * and fits in the unsigned short variable. */ return seq * 2 - is_ccs; } @@ -1092,8 +1129,10 @@ dtls1_buffer_message(SSL *s, int is_ccs) hm_fragment *frag; unsigned char seq64be[8]; - /* this function is called immediately after a message has - * been serialized */ + /* + * This function is called immediately after a message has + * been serialized + */ OPENSSL_assert(s->init_off == 0); frag = dtls1_hm_fragment_new(s->init_num, 0); |