SSL3_RECORD_clear(&rl->rrec);
SSL3_RECORD_clear(&rl->wrec);
- memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
- memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
+ RECORD_LAYER_reset_read_sequence(rl);
+ RECORD_LAYER_reset_write_sequence(rl);
if (rl->d)
DTLS_RECORD_LAYER_clear(rl);
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
{
- memset(rl->read_sequence, 0, 8);
+ memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
}
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
{
- memset(rl->write_sequence, 0, 8);
+ memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
}
int RECORD_LAYER_setup_comp_buffer(RECORD_LAYER *rl)
* s->packet_length bytes if extend == 1].)
*/
int i, len, left;
- long align = 0;
+ size_t align = 0;
unsigned char *pkt;
SSL3_BUFFER *rb;
left = rb->left;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
- align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
- align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
+ align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
+ align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
#endif
if (!extend) {
int i, mac_size, clear = 0;
int prefix_len = 0;
int eivlen;
- long align = 0;
+ size_t align = 0;
SSL3_RECORD *wr;
SSL3_BUFFER *wb = &s->rlayer.wbuf;
SSL_SESSION *sess;
* multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
* payload, then we can just pretent we simply have two headers.
*/
- align = (long)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
- align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
+ align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
+ align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
#endif
p = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
p = SSL3_BUFFER_get_buf(wb) + SSL3_BUFFER_get_offset(wb) + prefix_len;
} else {
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
- align = (long)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
- align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
+ align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
+ align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
#endif
p = SSL3_BUFFER_get_buf(wb) + align;
SSL3_BUFFER_set_offset(wb, align);
/* Need explicit part of IV for GCM mode */
else if (mode == EVP_CIPH_GCM_MODE)
eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ else if (mode == EVP_CIPH_CCM_MODE)
+ eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
else
eivlen = 0;
} else
* (possibly multiple records if we still don't have anything to return).
*
* This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
* Also if record payloads contain fragments too small to process, we store
* them until there is enough for the respective protocol (the record protocol
* may use arbitrary fragmentation and even interleaving):
* Application data protocol
* none of our business
*/
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+ int len, int peek)
{
int al, i, j, ret;
unsigned int n;
/* move any remaining fragment bytes: */
for (k = 0; k < s->rlayer.handshake_fragment_len; k++)
s->rlayer.handshake_fragment[k] = *src++;
+
+ if (recvd_type != NULL)
+ *recvd_type = SSL3_RT_HANDSHAKE;
+
return n;
}
return (0);
}
- if (type == SSL3_RECORD_get_type(rr)) {
- /* SSL3_RT_APPLICATION_DATA or
- * SSL3_RT_HANDSHAKE */
+ if (type == SSL3_RECORD_get_type(rr)
+ || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+ && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
+ /*
+ * SSL3_RT_APPLICATION_DATA or
+ * SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC
+ */
/*
* make sure that we are not getting application data when we are
* doing a handshake for the first time
goto f_err;
}
+ if (type == SSL3_RT_HANDSHAKE
+ && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+ && s->rlayer.handshake_fragment_len > 0) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
+ }
+
+ if (recvd_type != NULL)
+ *recvd_type = SSL3_RECORD_get_type(rr);
+
if (len <= 0)
return (len);
/*
* If we get here, then type != rr->type; if we have a handshake message,
- * then it was unexpected (Hello Request or Client Hello).
+ * then it was unexpected (Hello Request or Client Hello) or invalid (we
+ * were actually expecting a CCS).
*/
+ if (rr->type == SSL3_RT_HANDSHAKE && type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+
/*
* Lets just double check that we've not got an SSLv2 record
*/
}
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
- /*
- * 'Change Cipher Spec' is just a single byte, so we know exactly
- * what the record payload has to look like
- */
- if ((SSL3_RECORD_get_length(rr) != 1)
- || (SSL3_RECORD_get_off(rr) != 0)
- || (SSL3_RECORD_get_data(rr)[0] != SSL3_MT_CCS)) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto f_err;
- }
-
- /* Check we have a cipher to change to */
- if (s->s3->tmp.new_cipher == NULL) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
- }
-
- if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
- }
-
- s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-
- SSL3_RECORD_set_length(rr, 0);
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
- SSL3_RECORD_get_data(rr), 1, s,
- s->msg_callback_arg);
-
- s->s3->change_cipher_spec = 1;
- if (!ssl3_do_change_cipher_spec(s))
- goto err;
- else
- goto start;
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
}
/*
* application data at this point (session renegotiation not yet
* started), we will indulge it.
*/
- if (s->s3->in_read_app_data &&
- (s->s3->total_renegotiations != 0) &&
- (((s->state & SSL_ST_CONNECT) &&
- (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
- ) || ((s->state & SSL_ST_ACCEPT) &&
- (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
- )
- )) {
+ if (statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2;
return (-1);
} else {
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
return (-1);
}