void RECORD_LAYER_clear(RECORD_LAYER *rl)
{
- unsigned char *rp, *wp;
- size_t rlen, wlen;
- int read_ahead;
- SSL *s;
- DTLS_RECORD_LAYER *d;
-
- s = rl->s;
- d = rl->d;
- read_ahead = rl->read_ahead;
- rp = SSL3_BUFFER_get_buf(&rl->rbuf);
- rlen = SSL3_BUFFER_get_len(&rl->rbuf);
- wp = SSL3_BUFFER_get_buf(&rl->wbuf);
- wlen = SSL3_BUFFER_get_len(&rl->wbuf);
- memset(rl, 0, sizeof (RECORD_LAYER));
- SSL3_BUFFER_set_buf(&rl->rbuf, rp);
- SSL3_BUFFER_set_len(&rl->rbuf, rlen);
- SSL3_BUFFER_set_buf(&rl->wbuf, wp);
- SSL3_BUFFER_set_len(&rl->wbuf, wlen);
-
- /* Do I need to do this? As far as I can tell read_ahead did not
+ rl->rstate = SSL_ST_READ_HEADER;
+
+ /* Do I need to clear read_ahead? As far as I can tell read_ahead did not
* previously get reset by SSL_clear...so I'll keep it that way..but is
* that right?
*/
- rl->read_ahead = read_ahead;
- rl->rstate = SSL_ST_READ_HEADER;
- rl->s = s;
- rl->d = d;
+
+ rl->packet = NULL;
+ rl->packet_length = 0;
+ rl->wnum = 0;
+ memset(rl->alert_fragment, 0, sizeof(rl->alert_fragment));
+ rl->alert_fragment_len = 0;
+ memset(rl->handshake_fragment, 0, sizeof(rl->handshake_fragment));
+ rl->handshake_fragment_len = 0;
+ rl->wpend_tot = 0;
+ rl->wpend_type = 0;
+ rl->wpend_ret = 0;
+ rl->wpend_buf = NULL;
+
+ SSL3_BUFFER_clear(&rl->rbuf);
+ SSL3_BUFFER_clear(&rl->wbuf);
+ SSL3_RECORD_clear(&rl->rrec);
+ SSL3_RECORD_clear(&rl->wrec);
+
+ memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
+ memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
- if (d)
+ if (rl->d)
DTLS_RECORD_LAYER_clear(rl);
}
s->rwstate = SSL_NOTHING;
return (s->rlayer.wpend_ret);
} else if (i <= 0) {
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
/*
* For DTLS, just drop it. That's kind of the whole point in
* using a datagram service
* then it was unexpected (Hello Request or Client Hello).
*/
+ /*
+ * Lets just double check that we've not got an SSLv2 record
+ */
+ if (rr->rec_version == SSL2_VERSION) {
+ /*
+ * Should never happen. ssl3_get_record() should only give us an SSLv2
+ * record back if this is the first packet and we are looking for an
+ * initial ClientHello. Therefore |type| should always be equal to
+ * |rr->type|. If not then something has gone horribly wrong
+ */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+
+ if(s->method->version == TLS_ANY_VERSION
+ && (s->server || rr->type != SSL3_RT_ALERT)) {
+ /*
+ * If we've got this far and still haven't decided on what version
+ * we're using then this must be a client side alert we're dealing with
+ * (we don't allow heartbeats yet). We shouldn't be receiving anything
+ * other than a ClientHello if we are a server.
+ */
+ s->version = rr->rec_version;
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+
/*
* In case of record types for which we have 'fragment' storage, fill
* that so that we can process the data at a fixed place.
}
}
+/*
+ * Returns true if the current rrec was sent in SSLv2 backwards compatible
+ * format and false otherwise.
+ */
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl)
+{
+ return SSL3_RECORD_is_sslv2_record(&rl->rrec);
+}
+/*
+ * Returns the length in bytes of the current rrec
+ */
+unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
+{
+ return SSL3_RECORD_get_length(&rl->rrec);
+}
projects / openssl.git / blobdiff