void RECORD_LAYER_clear(RECORD_LAYER *rl)
{
- unsigned char *rp, *wp;
- size_t rlen, wlen;
- int read_ahead;
- SSL *s;
- DTLS_RECORD_LAYER *d;
-
- s = rl->s;
- d = rl->d;
- read_ahead = rl->read_ahead;
- rp = SSL3_BUFFER_get_buf(&rl->rbuf);
- rlen = SSL3_BUFFER_get_len(&rl->rbuf);
- wp = SSL3_BUFFER_get_buf(&rl->wbuf);
- wlen = SSL3_BUFFER_get_len(&rl->wbuf);
- memset(rl, 0, sizeof (RECORD_LAYER));
- SSL3_BUFFER_set_buf(&rl->rbuf, rp);
- SSL3_BUFFER_set_len(&rl->rbuf, rlen);
- SSL3_BUFFER_set_buf(&rl->wbuf, wp);
- SSL3_BUFFER_set_len(&rl->wbuf, wlen);
-
- /* Do I need to do this? As far as I can tell read_ahead did not
+ rl->rstate = SSL_ST_READ_HEADER;
+
+ /* Do I need to clear read_ahead? As far as I can tell read_ahead did not
* previously get reset by SSL_clear...so I'll keep it that way..but is
* that right?
*/
- rl->read_ahead = read_ahead;
- rl->rstate = SSL_ST_READ_HEADER;
- rl->s = s;
- rl->d = d;
+
+ rl->packet = NULL;
+ rl->packet_length = 0;
+ rl->wnum = 0;
+ memset(rl->alert_fragment, 0, sizeof(rl->alert_fragment));
+ rl->alert_fragment_len = 0;
+ memset(rl->handshake_fragment, 0, sizeof(rl->handshake_fragment));
+ rl->handshake_fragment_len = 0;
+ rl->wpend_tot = 0;
+ rl->wpend_type = 0;
+ rl->wpend_ret = 0;
+ rl->wpend_buf = NULL;
+
+ SSL3_BUFFER_clear(&rl->rbuf);
+ SSL3_BUFFER_clear(&rl->wbuf);
+ SSL3_RECORD_clear(&rl->rrec);
+ SSL3_RECORD_clear(&rl->wrec);
+
+ memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
+ memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
- if(d)
+ if (rl->d)
DTLS_RECORD_LAYER_clear(rl);
}
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len)
{
rl->packet_length = len;
- if(len != 0) {
+ if (len != 0) {
rl->rstate = SSL_ST_READ_HEADER;
if (!SSL3_BUFFER_is_initialised(&rl->rbuf))
if (!ssl3_setup_read_buffer(rl->s))
}
/* We always act like read_ahead is set for DTLS */
- if (&s->rlayer.read_ahead && !SSL_IS_DTLS(s))
+ if (!s->rlayer.read_ahead && !SSL_IS_DTLS(s))
/* ignore max parameter */
max = n;
else {
unsigned int n, nw;
#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
unsigned int max_send_fragment;
+ unsigned int u_len = (unsigned int)len;
#endif
SSL3_BUFFER *wb = &s->rlayer.wbuf;
int i;
- unsigned int u_len = (unsigned int)len;
if (len < 0) {
SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_NEGATIVE_LENGTH);
packlen *= 4;
wb->buf = OPENSSL_malloc(packlen);
- if(!wb->buf) {
+ if (!wb->buf) {
SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE);
return -1;
}
* then it was unexpected (Hello Request or Client Hello).
*/
+ /*
+ * Lets just double check that we've not got an SSLv2 record
+ */
+ if (rr->rec_version == SSL2_VERSION) {
+ /*
+ * Should never happen. ssl3_get_record() should only give us an SSLv2
+ * record back if this is the first packet and we are looking for an
+ * initial ClientHello. Therefore |type| should always be equal to
+ * |rr->type|. If not then something has gone horribly wrong
+ */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+
+ if(s->method->version == TLS_ANY_VERSION
+ && (s->server || rr->type != SSL3_RT_ALERT)) {
+ /*
+ * If we've got this far and still haven't decided on what version
+ * we're using then this must be a client side alert we're dealing with
+ * (we don't allow heartbeats yet). We shouldn't be receiving anything
+ * other than a ClientHello if we are a server.
+ */
+ s->version = rr->rec_version;
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+
/*
* In case of record types for which we have 'fragment' storage, fill
* that so that we can process the data at a fixed place.
#ifndef OPENSSL_NO_HEARTBEATS
else if (SSL3_RECORD_get_type(rr)== TLS1_RT_HEARTBEAT) {
/* We can ignore 0 return values */
- if(tls1_process_heartbeat(s, SSL3_RECORD_get_data(rr),
+ if (tls1_process_heartbeat(s, SSL3_RECORD_get_data(rr),
SSL3_RECORD_get_length(rr)) < 0) {
return -1;
}
}
}
+/*
+ * Returns true if the current rrec was sent in SSLv2 backwards compatible
+ * format and false otherwise.
+ */
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl)
+{
+ return SSL3_RECORD_is_sslv2_record(&rl->rrec);
+}
+/*
+ * Returns the length in bytes of the current rrec
+ */
+unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
+{
+ return SSL3_RECORD_get_length(&rl->rrec);
+}