/* ssl/d1_both.c */
-/*
+/*
* DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
{
if (frag->msg_header.is_ccs) {
- EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
- EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
+ EVP_CIPHER_CTX_free(
+ frag->msg_header.saved_retransmit_state.enc_write_ctx);
+ EVP_MD_CTX_destroy(
+ frag->msg_header.saved_retransmit_state.write_hash);
}
if (frag->fragment)
free(frag->fragment);
unsigned int len, frag_off, mac_size, blocksize;
/* AHA! Figure out the MTU, and stick to the right size */
- if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+ if (s->d1->mtu < dtls1_min_mtu() &&
+ !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
s->d1->mtu = 0;
s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
- s->d1->mtu, NULL);
+ s->d1->mtu, NULL);
}
}
-#if 0
+#if 0
mtu = s->d1->mtu;
fprintf(stderr, "using MTU = %d\n", mtu);
ret = BIO_flush(SSL_get_wbio(s));
if (ret <= 0)
return ret;
- mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
+ mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH +
+ DTLS1_RT_HEADER_LENGTH);
}
#endif
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
- (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+ (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
if (s->write_hash)
mac_size = EVP_MD_CTX_size(s->write_hash);
mac_size = 0;
if (s->enc_write_ctx &&
- (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
- blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+ (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
+ blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
else
blocksize = 0;
if (ret <= 0)
return ret;
curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
- mac_size - blocksize;
+ mac_size - blocksize;
}
if (s->init_num > curr_mtu)
}
dtls1_fix_message_header(s, frag_off,
- len - DTLS1_HM_HEADER_LENGTH);
+ len - DTLS1_HM_HEADER_LENGTH);
- dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
+ dtls1_write_message_header(s,
+ (unsigned char *)&s->init_buf->data[s->init_off]);
OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
}
* which previous packet caused the failure -- so can't
* really retransmit anything. continue as if everything
* is fine and wait for an alert to handle the
- * retransmit
+ * retransmit
*/
if (BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
* message got sent. but why would this happen? */
OPENSSL_assert(len == (unsigned int)ret);
- if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) {
+ if (type == SSL3_RT_HANDSHAKE &&
+ !s->d1->retransmitting) {
/* should not be done for 'Hello Request's, but in that case
* we'll ignore the result anyway */
unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
int xlen;
- if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
+ if (frag_off == 0 &&
+ s->version != DTLS1_BAD_VER) {
/* reconstruct message header is if it
* is being sent in single fragment */
*p++ = msg_hdr->type;
s->s3->tmp.reuse_message = 0;
if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE,
+ SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
*ok = 1;
static int
-dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
+dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
+{
size_t frag_off, frag_len, msg_len;
msg_len = msg_hdr->msg_len;
/* sanity checking */
if ((frag_off + frag_len) > msg_len) {
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+ SSL_R_EXCESSIVE_MESSAGE_SIZE);
return SSL_AD_ILLEGAL_PARAMETER;
}
if ((frag_off + frag_len) > (unsigned long)max) {
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+ SSL_R_EXCESSIVE_MESSAGE_SIZE);
return SSL_AD_ILLEGAL_PARAMETER;
}
{
/* msg_len is limited to 2^24, but is effectively checked
* against max above */
- if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
+ if (!BUF_MEM_grow_clean(s->init_buf,
+ msg_len + DTLS1_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
return SSL_AD_INTERNAL_ERROR;
}
} else if (msg_len != s->d1->r_msg_hdr.msg_len) {
/* They must be playing with us! BTW, failure to enforce
* upper limit would open possibility for buffer overrun. */
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+ SSL_R_EXCESSIVE_MESSAGE_SIZE);
return SSL_AD_ILLEGAL_PARAMETER;
}
return 0; /* no error */
}
-
static int
dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
{
{
unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
memcpy(&p[frag->msg_header.frag_off],
- frag->fragment, frag->msg_header.frag_len);
+ frag->fragment, frag->msg_header.frag_len);
}
dtls1_hm_fragment_free(frag);
static int
-dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
+dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+{
hm_fragment *frag = NULL;
pitem *item = NULL;
int i = -1, is_complete;
/* Determine maximum allowed message size. Depends on (user set)
* maximum certificate length, but 16k is minimum.
*/
- if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
+ if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <
+ s->max_cert_list)
max_len = s->max_cert_list;
else
max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
while (frag_len) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
devnull, frag_len > sizeof(devnull) ?
- sizeof(devnull) : frag_len, 0);
+ sizeof(devnull) : frag_len, 0);
if (i <= 0)
goto err;
frag_len -= i;
/* read the body of the fragment (header has already been read */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
- frag->fragment + msg_hdr->frag_off, frag_len, 0);
+ frag->fragment + msg_hdr->frag_off, frag_len, 0);
if (i <= 0 || (unsigned long)i != frag_len)
goto err;
RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
- (long)(msg_hdr->frag_off + frag_len));
+ (long)(msg_hdr->frag_off + frag_len));
RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
- is_complete);
+ is_complete);
if (is_complete) {
free(frag->reassembly);
static int
-dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
+dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+{
int i = -1;
hm_fragment *frag = NULL;
pitem *item = NULL;
*/
if (msg_hdr->seq <= s->d1->handshake_read_seq ||
msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
- (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
+ (s->d1->handshake_read_seq == 0 &&
+ msg_hdr->type == SSL3_MT_FINISHED)) {
unsigned char devnull [256];
while (frag_len) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
devnull, frag_len > sizeof(devnull) ?
- sizeof(devnull) : frag_len, 0);
+ sizeof(devnull) : frag_len, 0);
if (i <= 0)
goto err;
frag_len -= i;
/* read handshake message header */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
- DTLS1_HM_HEADER_LENGTH, 0);
+ DTLS1_HM_HEADER_LENGTH, 0);
if (i <= 0) /* nbio, or an error */
{
s->rwstate = SSL_READING;
/* Handshake fails if message header is incomplete */
if (i != DTLS1_HM_HEADER_LENGTH) {
al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
+ SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
/* parse the message fragment header */
dtls1_get_message_header(wire, &msg_hdr);
- /*
+ /*
* if this is a future (or stale) message it gets buffered
* (or dropped)--no further processing at this time
* While listening, we accept seq 1 (ClientHello with cookie)
* although we're still expecting seq 0 (ClientHello)
*/
- if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
+ if (msg_hdr.seq != s->d1->handshake_read_seq &&
+ !(s->d1->listen && msg_hdr.seq == 1))
return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
len = msg_hdr.msg_len;
else /* Incorrectly formated Hello request */
{
al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
+ SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
}
} else
i = 0;
- /* XDTLS: an incorrectly formatted fragment should cause the
+ /* XDTLS: an incorrectly formatted fragment should cause the
* handshake to fail */
if (i != (int)frag_len) {
al = SSL3_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER);
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
+ SSL3_AD_ILLEGAL_PARAMETER);
goto f_err;
}
d = (unsigned char *)s->init_buf->data;
p = &(d[DTLS1_HM_HEADER_LENGTH]);
- i = s->method->ssl3_enc->final_finish_mac(s,
- sender, slen, s->s3->tmp.finish_md);
+ i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+ s->s3->tmp.finish_md);
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
p += i;
if (s->type == SSL_ST_CONNECT) {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished,
- s->s3->tmp.finish_md, i);
+ s->s3->tmp.finish_md, i);
s->s3->previous_client_finished_len = i;
} else {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished,
- s->s3->tmp.finish_md, i);
+ s->s3->tmp.finish_md, i);
s->s3->previous_server_finished_len = i;
}
s->init_off = 0;
dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
- s->d1->handshake_write_seq, 0, 0);
+ s->d1->handshake_write_seq, 0, 0);
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 1);
unsigned char *p;
n = i2d_X509(x, NULL);
- if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) {
+ if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
return 0;
}
if (x != NULL) {
X509_STORE_CTX xs_ctx;
- if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
+ if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
+ x, NULL)) {
SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
return (0);
}
dtls1_read_failed(SSL *s, int code)
{
if (code > 0) {
- fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
+ fprintf(stderr, "invalid state reached %s:%d",
+ __FILE__, __LINE__);
return 1;
}
if (!dtls1_is_timer_expired(s)) {
- /* not a timeout, none of our business,
+ /* not a timeout, none of our business,
let higher layers handle this. in fact it's probably an error */
return code;
}
#if 0 /* no more alert sending, just retransmit the last set of messages */
if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
ssl3_send_alert(s, SSL3_AL_WARNING,
- DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+ DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
#endif
return dtls1_handle_timeout(s);
* the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
* This does not only differ CSS and Finished, it also maintains the order of the
* index (important for priority queues) and fits in the unsigned short variable.
- */
+ */
return seq * 2 - is_ccs;
}
iter = pqueue_iterator(sent);
- for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
+ for (item = pqueue_next(&iter); item != NULL;
+ item = pqueue_next(&iter)) {
frag = (hm_fragment *)item->data;
if (dtls1_retransmit_message(s,
(unsigned short)dtls1_get_queue_priority(
- frag->msg_header.seq, frag->msg_header.is_ccs), 0,
- &found) <= 0 && found) {
+ frag->msg_header.seq, frag->msg_header.is_ccs), 0,
+ &found) <= 0 && found) {
fprintf(stderr, "dtls1_retransmit_message() failed\n");
return -1;
}
hm_fragment *frag;
unsigned char seq64be[8];
- /* this function is called immediately after a message has
+ /* this function is called immediately after a message has
* been serialized */
OPENSSL_assert(s->init_off == 0);
if (is_ccs) {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- ((s->version == DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
+ ((s->version == DTLS1_VERSION) ?
+ DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
} else {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
+ DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
}
frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
memset(seq64be, 0, sizeof(seq64be));
- seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
- frag->msg_header.is_ccs) >> 8);
- seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
- frag->msg_header.is_ccs));
+ seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
+ frag->msg_header.seq, frag->msg_header.is_ccs) >> 8);
+ seq64be[7] = (unsigned char)(dtls1_get_queue_priority(
+ frag->msg_header.seq, frag->msg_header.is_ccs));
item = pitem_new(seq64be, frag);
if (item == NULL) {
header_length = DTLS1_HM_HEADER_LENGTH;
memcpy(s->init_buf->data, frag->fragment,
- frag->msg_header.msg_len + header_length);
+ frag->msg_header.msg_len + header_length);
s->init_num = frag->msg_header.msg_len + header_length;
dtls1_set_message_header_int(s, frag->msg_header.type,
- frag->msg_header.msg_len, frag->msg_header.seq, 0,
- frag->msg_header.frag_len);
+ frag->msg_header.msg_len, frag->msg_header.seq, 0,
+ frag->msg_header.frag_len);
/* save current state */
saved_state.enc_write_ctx = s->enc_write_ctx;
s->session = frag->msg_header.saved_retransmit_state.session;
s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
- if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
- memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
- memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
+ if (frag->msg_header.saved_retransmit_state.epoch ==
+ saved_state.epoch - 1) {
+ memcpy(save_write_sequence, s->s3->write_sequence,
+ sizeof(s->s3->write_sequence));
+ memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
+ sizeof(s->s3->write_sequence));
}
ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
- SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
+ SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
/* restore current state */
s->enc_write_ctx = saved_state.enc_write_ctx;
s->session = saved_state.session;
s->d1->w_epoch = saved_state.epoch;
- if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
- memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
- memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
+ if (frag->msg_header.saved_retransmit_state.epoch ==
+ saved_state.epoch - 1) {
+ memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
+ sizeof(s->s3->write_sequence));
+ memcpy(s->s3->write_sequence, save_write_sequence,
+ sizeof(s->s3->write_sequence));
}
s->d1->retransmitting = 0;
}
}
-
unsigned char *
dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
unsigned long len, unsigned long frag_off, unsigned long frag_len)
}
dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
- frag_off, frag_len);
+ frag_off, frag_len);
return p += DTLS1_HM_HEADER_LENGTH;
}
-
/* don't actually do the writing, wait till the MTU has been retrieved */
static void
-dtls1_set_message_header_int(SSL *s, unsigned char mt,
- unsigned long len, unsigned short seq_num, unsigned long frag_off,
-unsigned long frag_len)
+dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
+ unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
{
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
}
static void
-dtls1_fix_message_header(SSL *s, unsigned long frag_off,
- unsigned long frag_len)
+dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
{
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
dtls1_min_mtu(void)
{
return (g_probable_mtu[(sizeof(g_probable_mtu) /
- sizeof(g_probable_mtu[0])) - 1]);
+ sizeof(g_probable_mtu[0])) - 1]);
}
static unsigned int
if (curr_mtu == 0)
return g_probable_mtu[0];
- for (i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
+ for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++)
if (curr_mtu > g_probable_mtu[i])
return g_probable_mtu[i];
}
void
-dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) {
+dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
+{
memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
msg_hdr->type = *(data++);
n2l3(data, msg_hdr->msg_len);
}
void
-dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) {
+dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
+{
memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
ccs_hdr->type = *(data++);
dtls1_shutdown(SSL *s)
{
int ret;
+
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
!(s->shutdown & SSL_SENT_SHUTDOWN)) {
return -1;
if (ret == 0)
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
+ BIO_ctrl(SSL_get_wbio(s),
+ BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
}
#endif
ret = ssl3_shutdown(s);
/* ssl/d1_both.c */
-/*
+/*
* DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
{
if (frag->msg_header.is_ccs) {
- EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
- EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
+ EVP_CIPHER_CTX_free(
+ frag->msg_header.saved_retransmit_state.enc_write_ctx);
+ EVP_MD_CTX_destroy(
+ frag->msg_header.saved_retransmit_state.write_hash);
}
if (frag->fragment)
free(frag->fragment);
unsigned int len, frag_off, mac_size, blocksize;
/* AHA! Figure out the MTU, and stick to the right size */
- if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+ if (s->d1->mtu < dtls1_min_mtu() &&
+ !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
s->d1->mtu = 0;
s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
- s->d1->mtu, NULL);
+ s->d1->mtu, NULL);
}
}
-#if 0
+#if 0
mtu = s->d1->mtu;
fprintf(stderr, "using MTU = %d\n", mtu);
ret = BIO_flush(SSL_get_wbio(s));
if (ret <= 0)
return ret;
- mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
+ mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH +
+ DTLS1_RT_HEADER_LENGTH);
}
#endif
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
- (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+ (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
if (s->write_hash)
mac_size = EVP_MD_CTX_size(s->write_hash);
mac_size = 0;
if (s->enc_write_ctx &&
- (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
- blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+ (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
+ blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
else
blocksize = 0;
if (ret <= 0)
return ret;
curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
- mac_size - blocksize;
+ mac_size - blocksize;
}
if (s->init_num > curr_mtu)
}
dtls1_fix_message_header(s, frag_off,
- len - DTLS1_HM_HEADER_LENGTH);
+ len - DTLS1_HM_HEADER_LENGTH);
- dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
+ dtls1_write_message_header(s,
+ (unsigned char *)&s->init_buf->data[s->init_off]);
OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
}
* which previous packet caused the failure -- so can't
* really retransmit anything. continue as if everything
* is fine and wait for an alert to handle the
- * retransmit
+ * retransmit
*/
if (BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
* message got sent. but why would this happen? */
OPENSSL_assert(len == (unsigned int)ret);
- if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) {
+ if (type == SSL3_RT_HANDSHAKE &&
+ !s->d1->retransmitting) {
/* should not be done for 'Hello Request's, but in that case
* we'll ignore the result anyway */
unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
int xlen;
- if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
+ if (frag_off == 0 &&
+ s->version != DTLS1_BAD_VER) {
/* reconstruct message header is if it
* is being sent in single fragment */
*p++ = msg_hdr->type;
s->s3->tmp.reuse_message = 0;
if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE,
+ SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
*ok = 1;
static int
-dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) {
+dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
+{
size_t frag_off, frag_len, msg_len;
msg_len = msg_hdr->msg_len;
/* sanity checking */
if ((frag_off + frag_len) > msg_len) {
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+ SSL_R_EXCESSIVE_MESSAGE_SIZE);
return SSL_AD_ILLEGAL_PARAMETER;
}
if ((frag_off + frag_len) > (unsigned long)max) {
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+ SSL_R_EXCESSIVE_MESSAGE_SIZE);
return SSL_AD_ILLEGAL_PARAMETER;
}
{
/* msg_len is limited to 2^24, but is effectively checked
* against max above */
- if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
+ if (!BUF_MEM_grow_clean(s->init_buf,
+ msg_len + DTLS1_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
return SSL_AD_INTERNAL_ERROR;
}
} else if (msg_len != s->d1->r_msg_hdr.msg_len) {
/* They must be playing with us! BTW, failure to enforce
* upper limit would open possibility for buffer overrun. */
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+ SSL_R_EXCESSIVE_MESSAGE_SIZE);
return SSL_AD_ILLEGAL_PARAMETER;
}
return 0; /* no error */
}
-
static int
dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
{
{
unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
memcpy(&p[frag->msg_header.frag_off],
- frag->fragment, frag->msg_header.frag_len);
+ frag->fragment, frag->msg_header.frag_len);
}
dtls1_hm_fragment_free(frag);
static int
-dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
+dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+{
hm_fragment *frag = NULL;
pitem *item = NULL;
int i = -1, is_complete;
/* Determine maximum allowed message size. Depends on (user set)
* maximum certificate length, but 16k is minimum.
*/
- if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
+ if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <
+ s->max_cert_list)
max_len = s->max_cert_list;
else
max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
while (frag_len) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
devnull, frag_len > sizeof(devnull) ?
- sizeof(devnull) : frag_len, 0);
+ sizeof(devnull) : frag_len, 0);
if (i <= 0)
goto err;
frag_len -= i;
/* read the body of the fragment (header has already been read */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
- frag->fragment + msg_hdr->frag_off, frag_len, 0);
+ frag->fragment + msg_hdr->frag_off, frag_len, 0);
if (i <= 0 || (unsigned long)i != frag_len)
goto err;
RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
- (long)(msg_hdr->frag_off + frag_len));
+ (long)(msg_hdr->frag_off + frag_len));
RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
- is_complete);
+ is_complete);
if (is_complete) {
free(frag->reassembly);
static int
-dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) {
+dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+{
int i = -1;
hm_fragment *frag = NULL;
pitem *item = NULL;
*/
if (msg_hdr->seq <= s->d1->handshake_read_seq ||
msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
- (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
+ (s->d1->handshake_read_seq == 0 &&
+ msg_hdr->type == SSL3_MT_FINISHED)) {
unsigned char devnull [256];
while (frag_len) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
devnull, frag_len > sizeof(devnull) ?
- sizeof(devnull) : frag_len, 0);
+ sizeof(devnull) : frag_len, 0);
if (i <= 0)
goto err;
frag_len -= i;
/* read handshake message header */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
- DTLS1_HM_HEADER_LENGTH, 0);
+ DTLS1_HM_HEADER_LENGTH, 0);
if (i <= 0) /* nbio, or an error */
{
s->rwstate = SSL_READING;
/* Handshake fails if message header is incomplete */
if (i != DTLS1_HM_HEADER_LENGTH) {
al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
+ SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
/* parse the message fragment header */
dtls1_get_message_header(wire, &msg_hdr);
- /*
+ /*
* if this is a future (or stale) message it gets buffered
* (or dropped)--no further processing at this time
* While listening, we accept seq 1 (ClientHello with cookie)
* although we're still expecting seq 0 (ClientHello)
*/
- if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
+ if (msg_hdr.seq != s->d1->handshake_read_seq &&
+ !(s->d1->listen && msg_hdr.seq == 1))
return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
len = msg_hdr.msg_len;
else /* Incorrectly formated Hello request */
{
al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
+ SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
}
} else
i = 0;
- /* XDTLS: an incorrectly formatted fragment should cause the
+ /* XDTLS: an incorrectly formatted fragment should cause the
* handshake to fail */
if (i != (int)frag_len) {
al = SSL3_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER);
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
+ SSL3_AD_ILLEGAL_PARAMETER);
goto f_err;
}
d = (unsigned char *)s->init_buf->data;
p = &(d[DTLS1_HM_HEADER_LENGTH]);
- i = s->method->ssl3_enc->final_finish_mac(s,
- sender, slen, s->s3->tmp.finish_md);
+ i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+ s->s3->tmp.finish_md);
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
p += i;
if (s->type == SSL_ST_CONNECT) {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished,
- s->s3->tmp.finish_md, i);
+ s->s3->tmp.finish_md, i);
s->s3->previous_client_finished_len = i;
} else {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished,
- s->s3->tmp.finish_md, i);
+ s->s3->tmp.finish_md, i);
s->s3->previous_server_finished_len = i;
}
s->init_off = 0;
dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
- s->d1->handshake_write_seq, 0, 0);
+ s->d1->handshake_write_seq, 0, 0);
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 1);
unsigned char *p;
n = i2d_X509(x, NULL);
- if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) {
+ if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
return 0;
}
if (x != NULL) {
X509_STORE_CTX xs_ctx;
- if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
+ if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
+ x, NULL)) {
SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
return (0);
}
dtls1_read_failed(SSL *s, int code)
{
if (code > 0) {
- fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
+ fprintf(stderr, "invalid state reached %s:%d",
+ __FILE__, __LINE__);
return 1;
}
if (!dtls1_is_timer_expired(s)) {
- /* not a timeout, none of our business,
+ /* not a timeout, none of our business,
let higher layers handle this. in fact it's probably an error */
return code;
}
#if 0 /* no more alert sending, just retransmit the last set of messages */
if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
ssl3_send_alert(s, SSL3_AL_WARNING,
- DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+ DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
#endif
return dtls1_handle_timeout(s);
* the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
* This does not only differ CSS and Finished, it also maintains the order of the
* index (important for priority queues) and fits in the unsigned short variable.
- */
+ */
return seq * 2 - is_ccs;
}
iter = pqueue_iterator(sent);
- for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
+ for (item = pqueue_next(&iter); item != NULL;
+ item = pqueue_next(&iter)) {
frag = (hm_fragment *)item->data;
if (dtls1_retransmit_message(s,
(unsigned short)dtls1_get_queue_priority(
- frag->msg_header.seq, frag->msg_header.is_ccs), 0,
- &found) <= 0 && found) {
+ frag->msg_header.seq, frag->msg_header.is_ccs), 0,
+ &found) <= 0 && found) {
fprintf(stderr, "dtls1_retransmit_message() failed\n");
return -1;
}
hm_fragment *frag;
unsigned char seq64be[8];
- /* this function is called immediately after a message has
+ /* this function is called immediately after a message has
* been serialized */
OPENSSL_assert(s->init_off == 0);
if (is_ccs) {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- ((s->version == DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
+ ((s->version == DTLS1_VERSION) ?
+ DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
} else {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
+ DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
}
frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
memset(seq64be, 0, sizeof(seq64be));
- seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
- frag->msg_header.is_ccs) >> 8);
- seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
- frag->msg_header.is_ccs));
+ seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
+ frag->msg_header.seq, frag->msg_header.is_ccs) >> 8);
+ seq64be[7] = (unsigned char)(dtls1_get_queue_priority(
+ frag->msg_header.seq, frag->msg_header.is_ccs));
item = pitem_new(seq64be, frag);
if (item == NULL) {
header_length = DTLS1_HM_HEADER_LENGTH;
memcpy(s->init_buf->data, frag->fragment,
- frag->msg_header.msg_len + header_length);
+ frag->msg_header.msg_len + header_length);
s->init_num = frag->msg_header.msg_len + header_length;
dtls1_set_message_header_int(s, frag->msg_header.type,
- frag->msg_header.msg_len, frag->msg_header.seq, 0,
- frag->msg_header.frag_len);
+ frag->msg_header.msg_len, frag->msg_header.seq, 0,
+ frag->msg_header.frag_len);
/* save current state */
saved_state.enc_write_ctx = s->enc_write_ctx;
s->session = frag->msg_header.saved_retransmit_state.session;
s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
- if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
- memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
- memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
+ if (frag->msg_header.saved_retransmit_state.epoch ==
+ saved_state.epoch - 1) {
+ memcpy(save_write_sequence, s->s3->write_sequence,
+ sizeof(s->s3->write_sequence));
+ memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
+ sizeof(s->s3->write_sequence));
}
ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
- SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
+ SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
/* restore current state */
s->enc_write_ctx = saved_state.enc_write_ctx;
s->session = saved_state.session;
s->d1->w_epoch = saved_state.epoch;
- if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
- memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
- memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
+ if (frag->msg_header.saved_retransmit_state.epoch ==
+ saved_state.epoch - 1) {
+ memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
+ sizeof(s->s3->write_sequence));
+ memcpy(s->s3->write_sequence, save_write_sequence,
+ sizeof(s->s3->write_sequence));
}
s->d1->retransmitting = 0;
}
}
-
unsigned char *
dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
unsigned long len, unsigned long frag_off, unsigned long frag_len)
}
dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
- frag_off, frag_len);
+ frag_off, frag_len);
return p += DTLS1_HM_HEADER_LENGTH;
}
-
/* don't actually do the writing, wait till the MTU has been retrieved */
static void
-dtls1_set_message_header_int(SSL *s, unsigned char mt,
- unsigned long len, unsigned short seq_num, unsigned long frag_off,
-unsigned long frag_len)
+dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
+ unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
{
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
}
static void
-dtls1_fix_message_header(SSL *s, unsigned long frag_off,
- unsigned long frag_len)
+dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
{
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
dtls1_min_mtu(void)
{
return (g_probable_mtu[(sizeof(g_probable_mtu) /
- sizeof(g_probable_mtu[0])) - 1]);
+ sizeof(g_probable_mtu[0])) - 1]);
}
static unsigned int
if (curr_mtu == 0)
return g_probable_mtu[0];
- for (i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
+ for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++)
if (curr_mtu > g_probable_mtu[i])
return g_probable_mtu[i];
}
void
-dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) {
+dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
+{
memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
msg_hdr->type = *(data++);
n2l3(data, msg_hdr->msg_len);
}
void
-dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) {
+dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
+{
memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
ccs_hdr->type = *(data++);
dtls1_shutdown(SSL *s)
{
int ret;
+
#ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
!(s->shutdown & SSL_SENT_SHUTDOWN)) {
return -1;
if (ret == 0)
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
+ BIO_ctrl(SSL_get_wbio(s),
+ BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
}
#endif
ret = ssl3_shutdown(s);
projects / openbsd / commitdiff