Lines Matching refs:s
49 static void dtls1_fix_message_header(SSL_CONNECTION *s, size_t frag_off,
51 static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s,
53 static void dtls1_set_message_header_int(SSL_CONNECTION *s, unsigned char mt,
58 static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype,
109 int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) in dtls1_do_write() argument
116 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in dtls1_do_write()
117 SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); in dtls1_do_write()
119 if (!dtls1_query_mtu(s)) in dtls1_do_write()
122 if (s->d1->mtu < dtls1_min_mtu(s)) in dtls1_do_write()
126 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) { in dtls1_do_write()
127 if (!ossl_assert(s->init_num == in dtls1_do_write()
128 s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH)) in dtls1_do_write()
132 overhead = s->rlayer.wrlmethod->get_max_record_overhead(s->rlayer.wrl); in dtls1_do_write()
135 s->rwstate = SSL_NOTHING; in dtls1_do_write()
138 while (s->init_num > 0) { in dtls1_do_write()
139 if (type == SSL3_RT_HANDSHAKE && s->init_off != 0) { in dtls1_do_write()
145 if (s->init_off <= DTLS1_HM_HEADER_LENGTH) { in dtls1_do_write()
160 s->init_off -= DTLS1_HM_HEADER_LENGTH; in dtls1_do_write()
161 s->init_num += DTLS1_HM_HEADER_LENGTH; in dtls1_do_write()
169 frag_off = s->d1->w_msg_hdr.frag_off; in dtls1_do_write()
173 used_len = BIO_wpending(s->wbio) + overhead; in dtls1_do_write()
174 if (s->d1->mtu > used_len) in dtls1_do_write()
175 curr_mtu = s->d1->mtu - used_len; in dtls1_do_write()
183 ret = BIO_flush(s->wbio); in dtls1_do_write()
185 s->rwstate = SSL_WRITING; in dtls1_do_write()
188 if (s->d1->mtu > overhead + DTLS1_HM_HEADER_LENGTH) { in dtls1_do_write()
189 curr_mtu = s->d1->mtu - overhead; in dtls1_do_write()
199 if (((unsigned int)s->init_num) > curr_mtu) in dtls1_do_write()
202 len = s->init_num; in dtls1_do_write()
204 if (len > ssl_get_max_send_fragment(s)) in dtls1_do_write()
205 len = ssl_get_max_send_fragment(s); in dtls1_do_write()
218 dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH); in dtls1_do_write()
220 dtls1_write_message_header(s, in dtls1_do_write()
221 (unsigned char *)&s->init_buf-> in dtls1_do_write()
222 data[s->init_off]); in dtls1_do_write()
225 ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, in dtls1_do_write()
237 if (!dtls1_query_mtu(s)) in dtls1_do_write()
262 assert(s->s3.tmp.new_compression != NULL in dtls1_do_write()
263 || BIO_wpending(s->wbio) <= (int)s->d1->mtu); in dtls1_do_write()
265 if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) { in dtls1_do_write()
271 (unsigned char *)&s->init_buf->data[s->init_off]; in dtls1_do_write()
272 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; in dtls1_do_write()
275 if (frag_off == 0 && s->version != DTLS1_BAD_VER) { in dtls1_do_write()
292 if (!ssl3_finish_mac(s, p, xlen)) in dtls1_do_write()
296 if (written == s->init_num) { in dtls1_do_write()
297 if (s->msg_callback) in dtls1_do_write()
298 s->msg_callback(1, s->version, type, s->init_buf->data, in dtls1_do_write()
299 (size_t)(s->init_off + s->init_num), ussl, in dtls1_do_write()
300 s->msg_callback_arg); in dtls1_do_write()
302 s->init_off = 0; /* done writing this message */ in dtls1_do_write()
303 s->init_num = 0; in dtls1_do_write()
307 s->init_off += written; in dtls1_do_write()
308 s->init_num -= written; in dtls1_do_write()
318 dtls1_fix_message_header(s, frag_off, 0); in dtls1_do_write()
324 int dtls_get_message(SSL_CONNECTION *s, int *mt) in dtls_get_message() argument
332 msg_hdr = &s->d1->r_msg_hdr; in dtls_get_message()
336 if (!dtls_get_reassembled_message(s, &errtype, &tmplen)) { in dtls_get_message()
345 *mt = s->s3.tmp.message_type; in dtls_get_message()
347 p = (unsigned char *)s->init_buf->data; in dtls_get_message()
350 if (s->msg_callback) { in dtls_get_message()
351 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, in dtls_get_message()
352 p, 1, SSL_CONNECTION_GET_USER_SSL(s), in dtls_get_message()
353 s->msg_callback_arg); in dtls_get_message()
372 s->d1->handshake_read_seq++; in dtls_get_message()
374 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; in dtls_get_message()
384 int dtls_get_message_body(SSL_CONNECTION *s, size_t *len) in dtls_get_message_body() argument
386 unsigned char *msg = (unsigned char *)s->init_buf->data; in dtls_get_message_body()
387 size_t msg_len = s->init_num + DTLS1_HM_HEADER_LENGTH; in dtls_get_message_body()
389 if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { in dtls_get_message_body()
397 if (*(s->init_buf->data) == SSL3_MT_FINISHED && !ssl3_take_mac(s)) { in dtls_get_message_body()
402 if (s->version == DTLS1_BAD_VER) { in dtls_get_message_body()
407 if (!ssl3_finish_mac(s, msg, msg_len)) in dtls_get_message_body()
410 if (s->msg_callback) in dtls_get_message_body()
411 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, in dtls_get_message_body()
412 s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, in dtls_get_message_body()
413 SSL_CONNECTION_GET_USER_SSL(s), s->msg_callback_arg); in dtls_get_message_body()
416 *len = s->init_num; in dtls_get_message_body()
425 static size_t dtls1_max_handshake_message_len(const SSL_CONNECTION *s) in dtls1_max_handshake_message_len() argument
428 if (max_len < s->max_cert_list) in dtls1_max_handshake_message_len()
429 return s->max_cert_list; in dtls1_max_handshake_message_len()
433 static int dtls1_preprocess_fragment(SSL_CONNECTION *s, in dtls1_preprocess_fragment() argument
444 || msg_len > dtls1_max_handshake_message_len(s)) { in dtls1_preprocess_fragment()
445 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE); in dtls1_preprocess_fragment()
449 if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */ in dtls1_preprocess_fragment()
454 if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) { in dtls1_preprocess_fragment()
455 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); in dtls1_preprocess_fragment()
459 s->s3.tmp.message_size = msg_len; in dtls1_preprocess_fragment()
460 s->d1->r_msg_hdr.msg_len = msg_len; in dtls1_preprocess_fragment()
461 s->s3.tmp.message_type = msg_hdr->type; in dtls1_preprocess_fragment()
462 s->d1->r_msg_hdr.type = msg_hdr->type; in dtls1_preprocess_fragment()
463 s->d1->r_msg_hdr.seq = msg_hdr->seq; in dtls1_preprocess_fragment()
464 } else if (msg_len != s->d1->r_msg_hdr.msg_len) { in dtls1_preprocess_fragment()
469 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE); in dtls1_preprocess_fragment()
480 static int dtls1_retrieve_buffered_fragment(SSL_CONNECTION *s, size_t *len) in dtls1_retrieve_buffered_fragment() argument
494 iter = pqueue_iterator(s->d1->buffered_messages); in dtls1_retrieve_buffered_fragment()
502 if (frag->msg_header.seq < s->d1->handshake_read_seq) { in dtls1_retrieve_buffered_fragment()
506 if (!s->server in dtls1_retrieve_buffered_fragment()
508 || s->d1->handshake_read_seq != 1 in dtls1_retrieve_buffered_fragment()
509 || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { in dtls1_retrieve_buffered_fragment()
515 pqueue_pop(s->d1->buffered_messages); in dtls1_retrieve_buffered_fragment()
530 if (nextfrag->msg_header.seq == s->d1->handshake_read_seq) { in dtls1_retrieve_buffered_fragment()
535 pqueue_pop(s->d1->buffered_messages); in dtls1_retrieve_buffered_fragment()
554 if (s->d1->handshake_read_seq == frag->msg_header.seq || chretran) { in dtls1_retrieve_buffered_fragment()
556 pqueue_pop(s->d1->buffered_messages); in dtls1_retrieve_buffered_fragment()
559 ret = dtls1_preprocess_fragment(s, &frag->msg_header); in dtls1_retrieve_buffered_fragment()
563 (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; in dtls1_retrieve_buffered_fragment()
579 s->d1->handshake_read_seq = 0; in dtls1_retrieve_buffered_fragment()
580 s->d1->next_handshake_write_seq = 0; in dtls1_retrieve_buffered_fragment()
587 s->init_num = 0; in dtls1_retrieve_buffered_fragment()
594 static int dtls1_reassemble_fragment(SSL_CONNECTION *s, in dtls1_reassemble_fragment() argument
603 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in dtls1_reassemble_fragment()
606 msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) in dtls1_reassemble_fragment()
617 item = pqueue_find(s->d1->buffered_messages, seq64be); in dtls1_reassemble_fragment()
685 item = pqueue_insert(s->d1->buffered_messages, item); in dtls1_reassemble_fragment()
704 static int dtls1_process_out_of_seq_message(SSL_CONNECTION *s, in dtls1_process_out_of_seq_message() argument
713 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in dtls1_process_out_of_seq_message()
722 item = pqueue_find(s->d1->buffered_messages, seq64be); in dtls1_process_out_of_seq_message()
736 if (msg_hdr->seq <= s->d1->handshake_read_seq || in dtls1_process_out_of_seq_message()
737 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || in dtls1_process_out_of_seq_message()
738 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { in dtls1_process_out_of_seq_message()
753 return dtls1_reassemble_fragment(s, msg_hdr); in dtls1_process_out_of_seq_message()
756 if (frag_len > dtls1_max_handshake_message_len(s)) in dtls1_process_out_of_seq_message()
782 item = pqueue_insert(s->d1->buffered_messages, item); in dtls1_process_out_of_seq_message()
803 static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, in dtls_get_reassembled_message() argument
811 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in dtls_get_reassembled_message()
812 SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); in dtls_get_reassembled_message()
818 p = (unsigned char *)s->init_buf->data; in dtls_get_reassembled_message()
822 ret = dtls1_retrieve_buffered_fragment(s, &frag_len); in dtls_get_reassembled_message()
828 s->init_num = frag_len; in dtls_get_reassembled_message()
837 s->rwstate = SSL_READING; in dtls_get_reassembled_message()
843 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, in dtls_get_reassembled_message()
848 s->init_num = readbytes - 1; in dtls_get_reassembled_message()
849 s->init_msg = s->init_buf->data + 1; in dtls_get_reassembled_message()
850 s->s3.tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC; in dtls_get_reassembled_message()
851 s->s3.tmp.message_size = readbytes - 1; in dtls_get_reassembled_message()
858 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); in dtls_get_reassembled_message()
873 if (frag_len > s->rlayer.tlsrecs[s->rlayer.curr_rec].length) { in dtls_get_reassembled_message()
874 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_LENGTH); in dtls_get_reassembled_message()
884 if (msg_hdr.seq != s->d1->handshake_read_seq) { in dtls_get_reassembled_message()
885 if (!s->server in dtls_get_reassembled_message()
887 || s->d1->handshake_read_seq != 1 in dtls_get_reassembled_message()
889 || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { in dtls_get_reassembled_message()
890 *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr); in dtls_get_reassembled_message()
902 *errtype = dtls1_reassemble_fragment(s, &msg_hdr); in dtls_get_reassembled_message()
906 if (!s->server in dtls_get_reassembled_message()
907 && s->d1->r_msg_hdr.frag_off == 0 in dtls_get_reassembled_message()
908 && s->statem.hand_state != TLS_ST_OK in dtls_get_reassembled_message()
916 if (s->msg_callback) in dtls_get_reassembled_message()
917 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, in dtls_get_reassembled_message()
919 s->msg_callback_arg); in dtls_get_reassembled_message()
921 s->init_num = 0; in dtls_get_reassembled_message()
925 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); in dtls_get_reassembled_message()
930 if (!dtls1_preprocess_fragment(s, &msg_hdr)) { in dtls_get_reassembled_message()
946 s->rwstate = SSL_READING; in dtls_get_reassembled_message()
959 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_LENGTH); in dtls_get_reassembled_message()
970 s->d1->handshake_read_seq = 0; in dtls_get_reassembled_message()
971 s->d1->next_handshake_write_seq = 0; in dtls_get_reassembled_message()
980 *len = s->init_num = frag_len; in dtls_get_reassembled_message()
984 s->init_num = 0; in dtls_get_reassembled_message()
995 CON_FUNC_RETURN dtls_construct_change_cipher_spec(SSL_CONNECTION *s, in dtls_construct_change_cipher_spec() argument
998 if (s->version == DTLS1_BAD_VER) { in dtls_construct_change_cipher_spec()
999 s->d1->next_handshake_write_seq++; in dtls_construct_change_cipher_spec()
1001 if (!WPACKET_put_bytes_u16(pkt, s->d1->handshake_write_seq)) { in dtls_construct_change_cipher_spec()
1002 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in dtls_construct_change_cipher_spec()
1015 WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s) in dtls_wait_for_dry() argument
1019 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in dtls_wait_for_dry()
1024 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in dtls_wait_for_dry()
1035 if (dtls_get_reassembled_message(s, &errtype, &len)) { in dtls_wait_for_dry()
1037 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); in dtls_wait_for_dry()
1041 s->s3.in_read_app_data = 2; in dtls_wait_for_dry()
1042 s->rwstate = SSL_READING; in dtls_wait_for_dry()
1051 int dtls1_read_failed(SSL_CONNECTION *s, int code) in dtls1_read_failed() argument
1053 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in dtls1_read_failed()
1056 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in dtls1_read_failed()
1060 if (!dtls1_is_timer_expired(s) || ossl_statem_in_error(s)) { in dtls1_read_failed()
1073 return dtls1_handle_timeout(s); in dtls1_read_failed()
1091 int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s) in dtls1_retransmit_buffered_messages() argument
1093 pqueue *sent = s->d1->sent_messages; in dtls1_retransmit_buffered_messages()
1103 if (dtls1_retransmit_message(s, (unsigned short) in dtls1_retransmit_buffered_messages()
1113 int dtls1_buffer_message(SSL_CONNECTION *s, int is_ccs) in dtls1_buffer_message() argument
1123 if (!ossl_assert(s->init_off == 0)) in dtls1_buffer_message()
1126 frag = dtls1_hm_fragment_new(s->init_num, 0); in dtls1_buffer_message()
1130 memcpy(frag->fragment, s->init_buf->data, s->init_num); in dtls1_buffer_message()
1134 if (!ossl_assert(s->d1->w_msg_hdr.msg_len + in dtls1_buffer_message()
1135 ((s->version == in dtls1_buffer_message()
1137 == (unsigned int)s->init_num)) { in dtls1_buffer_message()
1142 if (!ossl_assert(s->d1->w_msg_hdr.msg_len + in dtls1_buffer_message()
1143 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num)) { in dtls1_buffer_message()
1149 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; in dtls1_buffer_message()
1150 frag->msg_header.seq = s->d1->w_msg_hdr.seq; in dtls1_buffer_message()
1151 frag->msg_header.type = s->d1->w_msg_hdr.type; in dtls1_buffer_message()
1153 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; in dtls1_buffer_message()
1157 frag->msg_header.saved_retransmit_state.wrlmethod = s->rlayer.wrlmethod; in dtls1_buffer_message()
1158 frag->msg_header.saved_retransmit_state.wrl = s->rlayer.wrl; in dtls1_buffer_message()
1177 pqueue_insert(s->d1->sent_messages, item); in dtls1_buffer_message()
1181 int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq, int *found) in dtls1_retransmit_message() argument
1196 item = pqueue_find(s->d1->sent_messages, seq64be); in dtls1_retransmit_message()
1198 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in dtls1_retransmit_message()
1211 memcpy(s->init_buf->data, frag->fragment, in dtls1_retransmit_message()
1213 s->init_num = frag->msg_header.msg_len + header_length; in dtls1_retransmit_message()
1215 dtls1_set_message_header_int(s, frag->msg_header.type, in dtls1_retransmit_message()
1221 saved_state.wrlmethod = s->rlayer.wrlmethod; in dtls1_retransmit_message()
1222 saved_state.wrl = s->rlayer.wrl; in dtls1_retransmit_message()
1224 s->d1->retransmitting = 1; in dtls1_retransmit_message()
1227 s->rlayer.wrlmethod = frag->msg_header.saved_retransmit_state.wrlmethod; in dtls1_retransmit_message()
1228 s->rlayer.wrl = frag->msg_header.saved_retransmit_state.wrl; in dtls1_retransmit_message()
1234 s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio); in dtls1_retransmit_message()
1236 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? in dtls1_retransmit_message()
1240 s->rlayer.wrlmethod = saved_state.wrlmethod; in dtls1_retransmit_message()
1241 s->rlayer.wrl = saved_state.wrl; in dtls1_retransmit_message()
1243 s->d1->retransmitting = 0; in dtls1_retransmit_message()
1245 (void)BIO_flush(s->wbio); in dtls1_retransmit_message()
1249 void dtls1_set_message_header(SSL_CONNECTION *s, in dtls1_set_message_header() argument
1254 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; in dtls1_set_message_header()
1255 s->d1->next_handshake_write_seq++; in dtls1_set_message_header()
1258 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, in dtls1_set_message_header()
1264 dtls1_set_message_header_int(SSL_CONNECTION *s, unsigned char mt, in dtls1_set_message_header_int() argument
1268 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; in dtls1_set_message_header_int()
1278 dtls1_fix_message_header(SSL_CONNECTION *s, size_t frag_off, size_t frag_len) in dtls1_fix_message_header() argument
1280 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; in dtls1_fix_message_header()
1286 static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s, in dtls1_write_message_header() argument
1289 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; in dtls1_write_message_header()
1313 int dtls1_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype) in dtls1_set_handshake_header() argument
1318 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; in dtls1_set_handshake_header()
1319 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, in dtls1_set_handshake_header()
1320 s->d1->handshake_write_seq, 0, 0); in dtls1_set_handshake_header()
1324 dtls1_set_message_header(s, htype, 0, 0, 0); in dtls1_set_handshake_header()
1337 int dtls1_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype) in dtls1_close_construct_packet() argument
1347 s->d1->w_msg_hdr.msg_len = msglen - DTLS1_HM_HEADER_LENGTH; in dtls1_close_construct_packet()
1348 s->d1->w_msg_hdr.frag_len = msglen - DTLS1_HM_HEADER_LENGTH; in dtls1_close_construct_packet()
1350 s->init_num = (int)msglen; in dtls1_close_construct_packet()
1351 s->init_off = 0; in dtls1_close_construct_packet()
1355 if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC in dtls1_close_construct_packet()
