Switched to openssl-1.0.0a

author: marha <marha@users.sourceforge.net> 2010-06-16 16:17:11 +0000
committer: marha <marha@users.sourceforge.net> 2010-06-16 16:17:11 +0000
commit: fef0b61e18b9c7475e4d6e67ddfc55db46573f4e (patch)
tree: d4c68ba5b80ca0748fb23f1c344e859efd79503f /openssl/ssl
parent: 243edb24f5179d93c849ea326fb489d3f846db71 (diff)
download: vcxsrv-fef0b61e18b9c7475e4d6e67ddfc55db46573f4e.tar.gz
vcxsrv-fef0b61e18b9c7475e4d6e67ddfc55db46573f4e.tar.bz2
vcxsrv-fef0b61e18b9c7475e4d6e67ddfc55db46573f4e.zip
7 files changed, 377 insertions, 168 deletions
diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c
index 0242f1e4d..4ce4064cc 100644
--- a/openssl/ssl/d1_both.c
+++ b/openssl/ssl/d1_both.c
@@ -123,6 +123,37 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
+#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
+
+#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
+			if ((end) - (start) <= 8) { \
+				long ii; \
+				for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
+			} else { \
+				long ii; \
+				bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
+				for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
+				bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
+			} }
+
+#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
+			long ii; \
+			OPENSSL_assert((msg_len) > 0); \
+			is_complete = 1; \
+			if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
+			if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
+				if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
+
+#if 0
+#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
+			long ii; \
+			printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
+			printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
+			printf("\n"); }
+#endif
+
+static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
+static unsigned char bitmask_end_values[]   = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
 
 /* XDTLS:  figure out the right values */
 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -140,10 +171,11 @@ static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
 	long max, int *ok);
 
 static hm_fragment *
-dtls1_hm_fragment_new(unsigned long frag_len)
+dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
 	{
 	hm_fragment *frag = NULL;
 	unsigned char *buf = NULL;
+	unsigned char *bitmask = NULL;
 
 	frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
 	if ( frag == NULL)
@@ -162,6 +194,21 @@ dtls1_hm_fragment_new(unsigned long frag_len)
 	/* zero length fragment gets zero frag->fragment */
 	frag->fragment = buf;
 
+	/* Initialize reassembly bitmask if necessary */
+	if (reassembly)
+		{
+		bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
+		if (bitmask == NULL)
+			{
+			if (buf != NULL) OPENSSL_free(buf);
+			OPENSSL_free(frag);
+			return NULL;
+			}
+		memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
+		}
+
+	frag->reassembly = bitmask;
+
 	return frag;
 	}
 
@@ -169,6 +216,7 @@ static void
 dtls1_hm_fragment_free(hm_fragment *frag)
 	{
 	if (frag->fragment) OPENSSL_free(frag->fragment);
+	if (frag->reassembly) OPENSSL_free(frag->reassembly);
 	OPENSSL_free(frag);
 	}
 
@@ -363,6 +411,8 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 	{
 	int i, al;
 	struct hm_header_st *msg_hdr;
+	unsigned char *p;
+	unsigned long msg_len;
 
 	/* s3->tmp is used to store messages that are unexpected, caused
 	 * by the absence of an optional handshake message */
@@ -382,77 +432,55 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 		}
 
 	msg_hdr = &s->d1->r_msg_hdr;
-	do
-		{
-		if ( msg_hdr->frag_off == 0)
-			{
-			/* s->d1->r_message_header.msg_len = 0; */
-			memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-			}
+	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
 
-		i = dtls1_get_message_fragment(s, st1, stn, max, ok);
-		if ( i == DTLS1_HM_BAD_FRAGMENT ||
-			i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
-			continue;
-		else if ( i <= 0 && !*ok)
-			return i;
+again:
+	i = dtls1_get_message_fragment(s, st1, stn, max, ok);
+	if ( i == DTLS1_HM_BAD_FRAGMENT ||
+		i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
+		goto again;
+	else if ( i <= 0 && !*ok)
+		return i;
 
-		/* Note that s->init_sum is used as a counter summing
-		 * up fragments' lengths: as soon as they sum up to
-		 * handshake packet length, we assume we have got all
-		 * the fragments. Overlapping fragments would cause
-		 * premature termination, so we don't expect overlaps.
-		 * Well, handling overlaps would require something more
-		 * drastic. Indeed, as it is now there is no way to
-		 * tell if out-of-order fragment from the middle was
-		 * the last. '>=' is the best/least we can do to control
-		 * the potential damage caused by malformed overlaps. */
-		if ((unsigned int)s->init_num >= msg_hdr->msg_len)
-			{
-			unsigned char *p = (unsigned char *)s->init_buf->data;
-			unsigned long msg_len = msg_hdr->msg_len;
-
-			/* reconstruct message header as if it was
-			 * sent in single fragment */
-			*(p++) = msg_hdr->type;
-			l2n3(msg_len,p);
-			s2n (msg_hdr->seq,p);
-			l2n3(0,p);
-			l2n3(msg_len,p);
-			if (s->version != DTLS1_BAD_VER) {
-				p       -= DTLS1_HM_HEADER_LENGTH;
-				msg_len += DTLS1_HM_HEADER_LENGTH;
-			}
+	p = (unsigned char *)s->init_buf->data;
+	msg_len = msg_hdr->msg_len;
+
+	/* reconstruct message header */
+	*(p++) = msg_hdr->type;
+	l2n3(msg_len,p);
+	s2n (msg_hdr->seq,p);
+	l2n3(0,p);
+	l2n3(msg_len,p);
+	if (s->version != DTLS1_BAD_VER) {
+		p       -= DTLS1_HM_HEADER_LENGTH;
+		msg_len += DTLS1_HM_HEADER_LENGTH;
+	}
 
-			ssl3_finish_mac(s, p, msg_len);
-			if (s->msg_callback)
-				s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-					p, msg_len,
-					s, s->msg_callback_arg);
-
-			memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
-			s->d1->handshake_read_seq++;
-			/* we just read a handshake message from the other side:
-			 * this means that we don't need to retransmit of the
-			 * buffered messages.  
-			 * XDTLS: may be able clear out this
-			 * buffer a little sooner (i.e if an out-of-order
-			 * handshake message/record is received at the record
-			 * layer.  
-			 * XDTLS: exception is that the server needs to
-			 * know that change cipher spec and finished messages
-			 * have been received by the client before clearing this
-			 * buffer.  this can simply be done by waiting for the
-			 * first data  segment, but is there a better way?  */
-			dtls1_clear_record_buffer(s);
-
-			s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-			return s->init_num;
-			}
-		else
-			msg_hdr->frag_off = i;
-		} while(1) ;
+	ssl3_finish_mac(s, p, msg_len);
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+			p, msg_len,
+			s, s->msg_callback_arg);
+
+	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+
+	s->d1->handshake_read_seq++;
+	/* we just read a handshake message from the other side:
+	 * this means that we don't need to retransmit of the
+	 * buffered messages.  
+	 * XDTLS: may be able clear out this
+	 * buffer a little sooner (i.e if an out-of-order
+	 * handshake message/record is received at the record
+	 * layer.  
+	 * XDTLS: exception is that the server needs to
+	 * know that change cipher spec and finished messages
+	 * have been received by the client before clearing this
+	 * buffer.  this can simply be done by waiting for the
+	 * first data  segment, but is there a better way?  */
+	dtls1_clear_record_buffer(s);
+
+	s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+	return s->init_num;
 
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -528,6 +556,10 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
 		return 0;
 
 	frag = (hm_fragment *)item->data;
+	
+	/* Don't return if reassembly still in progress */
+	if (frag->reassembly != NULL)
+		return 0;
 
 	if ( s->d1->handshake_read_seq == frag->msg_header.seq)
 		{
@@ -563,6 +595,109 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
 
 
 static int
+dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+	{
+	hm_fragment *frag = NULL;
+	pitem *item = NULL;
+	int i = -1, is_complete;
+	unsigned char seq64be[8];
+	unsigned long frag_len = msg_hdr->frag_len, max_len;
+
+	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
+		goto err;
+
+	/* Determine maximum allowed message size. Depends on (user set)
+	 * maximum certificate length, but 16k is minimum.
+	 */
+	if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
+		max_len = s->max_cert_list;
+	else
+		max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+
+	if ((msg_hdr->frag_off+frag_len) > max_len)
+		goto err;
+
+	/* Try to find item in queue */
+	memset(seq64be,0,sizeof(seq64be));
+	seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
+	seq64be[7] = (unsigned char) msg_hdr->seq;
+	item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+	if (item == NULL)
+		{
+		frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
+		if ( frag == NULL)
+			goto err;
+		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+		frag->msg_header.frag_len = frag->msg_header.msg_len;
+		frag->msg_header.frag_off = 0;
+		}
+	else
+		frag = (hm_fragment*) item->data;
+
+	/* If message is already reassembled, this must be a
+	 * retransmit and can be dropped.
+	 */
+	if (frag->reassembly == NULL)
+		{
+		unsigned char devnull [256];
+
+		while (frag_len)
+			{
+			i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+				devnull,
+				frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
+			if (i<=0) goto err;
+			frag_len -= i;
+			}
+		return DTLS1_HM_FRAGMENT_RETRY;
+		}
+
+	/* read the body of the fragment (header has already been read */
+	i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+		frag->fragment + msg_hdr->frag_off,frag_len,0);
+	if (i<=0 || (unsigned long)i!=frag_len)
+		goto err;
+
+	RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
+	                    (long)(msg_hdr->frag_off + frag_len));
+
+	RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
+	                           is_complete);
+
+	if (is_complete)
+		{
+		OPENSSL_free(frag->reassembly);
+		frag->reassembly = NULL;
+		}
+
+	if (item == NULL)
+		{
+		memset(seq64be,0,sizeof(seq64be));
+		seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
+		seq64be[7] = (unsigned char)(msg_hdr->seq);
+
+		item = pitem_new(seq64be, frag);
+		if (item == NULL)
+			{
+			goto err;
+			i = -1;
+			}
+
+		pqueue_insert(s->d1->buffered_messages, item);
+		}
+
+	return DTLS1_HM_FRAGMENT_RETRY;
+
+err:
+	if (frag != NULL) dtls1_hm_fragment_free(frag);
+	if (item != NULL) OPENSSL_free(item);
+	*ok = 0;
+	return i;
+	}
+
+
+static int
 dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 {
 	int i=-1;
@@ -579,7 +714,13 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 	seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
 	seq64be[7] = (unsigned char) msg_hdr->seq;
 	item = pqueue_find(s->d1->buffered_messages, seq64be);
-	
+
+	/* If we already have an entry and this one is a fragment,
+	 * don't discard it and rather try to reassemble it.
+	 */
+	if (item != NULL && frag_len < msg_hdr->msg_len)
+		item = NULL;
+
 	/* Discard the message if sequence number was already there, is
 	 * too far in the future, already in the queue or if we received
 	 * a FINISHED before the SERVER_HELLO, which then must be a stale
@@ -600,20 +741,25 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 			frag_len -= i;
 			}
 		}
-
-	if (frag_len)
+	else
 		{
-		frag = dtls1_hm_fragment_new(frag_len);
+		if (frag_len && frag_len < msg_hdr->msg_len)
+			return dtls1_reassemble_fragment(s, msg_hdr, ok);
+
+		frag = dtls1_hm_fragment_new(frag_len, 0);
 		if ( frag == NULL)
 			goto err;
 
 		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
 
-		/* read the body of the fragment (header has already been read */
-		i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
-			frag->fragment,frag_len,0);
-		if (i<=0 || (unsigned long)i!=frag_len)
-			goto err;
+		if (frag_len)
+			{
+			/* read the body of the fragment (header has already been read */
+			i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+				frag->fragment,frag_len,0);
+			if (i<=0 || (unsigned long)i!=frag_len)
+				goto err;
+			}
 
 		memset(seq64be,0,sizeof(seq64be));
 		seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
@@ -640,14 +786,14 @@ static long
 dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 	{
 	unsigned char wire[DTLS1_HM_HEADER_LENGTH];
-	unsigned long l, frag_off, frag_len;
+	unsigned long len, frag_off, frag_len;
 	int i,al;
 	struct hm_header_st msg_hdr;
 
 	/* see if we have the required fragment already */
 	if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
 		{
-		if (*ok)	s->init_num += frag_len;
+		if (*ok)	s->init_num = frag_len;
 		return frag_len;
 		}
 
@@ -672,10 +818,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 	if ( msg_hdr.seq != s->d1->handshake_read_seq)
 		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
 
-	l = msg_hdr.msg_len;
+	len = msg_hdr.msg_len;
 	frag_off = msg_hdr.frag_off;
 	frag_len = msg_hdr.frag_len;
 
+	if (frag_len && frag_len < len)
+		return dtls1_reassemble_fragment(s, &msg_hdr, ok);
+
 	if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
 		wire[0] == SSL3_MT_HELLO_REQUEST)
 		{
@@ -735,7 +884,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 	 * s->init_buf->data, but as a counter summing up fragments'
 	 * lengths: as soon as they sum up to handshake packet
 	 * length, we assume we have got all the fragments. */
-	s->init_num += frag_len;
+	s->init_num = frag_len;
 	return frag_len;
 
 f_err:
@@ -1010,7 +1159,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	 * been serialized */
 	OPENSSL_assert(s->init_off == 0);
 
-	frag = dtls1_hm_fragment_new(s->init_num);
+	frag = dtls1_hm_fragment_new(s->init_num, 0);
 
 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
diff --git a/openssl/ssl/d1_lib.c b/openssl/ssl/d1_lib.c
index eeffce3cc..96b220e87 100644
--- a/openssl/ssl/d1_lib.c
+++ b/openssl/ssl/d1_lib.c
@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
 		timeleft->tv_usec += 1000000;
 		}
 
+	/* If remaining time is less than 15 ms, set it to 0
+	 * to prevent issues because of small devergences with
+	 * socket timeouts.
+	 */
+	if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
+		{
+		memset(timeleft, 0, sizeof(struct timeval));
+		}
+	
+
 	return timeleft;
 	}
 
diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c
index c9757e1d6..a5439d544 100644
--- a/openssl/ssl/d1_pkt.c
+++ b/openssl/ssl/d1_pkt.c
@@ -196,6 +196,9 @@ dtls1_copy_record(SSL *s, pitem *item)
     s->packet_length = rdata->packet_length;
     memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
     memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+	
+	/* Set proper sequence number for mac calculation */
+	memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
     
     return(1);
     }
@@ -414,7 +417,7 @@ dtls1_process_record(SSL *s)
 			goto err;
 
 		/* otherwise enc_err == -1 */
-		goto decryption_failed_or_bad_record_mac;
+		goto err;
 		}
 
 #ifdef TLS_DEBUG
@@ -444,7 +447,7 @@ printf("\n");
 			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
 			goto f_err;
 #else
-			goto decryption_failed_or_bad_record_mac;
+			goto err;
 #endif			
 			}
 		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
@@ -455,14 +458,14 @@ printf("\n");
 			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
 			goto f_err;
 #else
-			goto decryption_failed_or_bad_record_mac;
+			goto err;
 #endif
 			}
 		rr->length-=mac_size;
 		i=s->method->ssl3_enc->mac(s,md,0);
 		if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
 			{
-			goto decryption_failed_or_bad_record_mac;
+			goto err;
 			}
 		}
 
@@ -504,14 +507,6 @@ printf("\n");
 	dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
 	return(1);
 
-decryption_failed_or_bad_record_mac:
-	/* Separate 'decryption_failed' alert was introduced with TLS 1.0,
-	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
-	 * failure is directly visible from the ciphertext anyway,
-	 * we should not reveal which kind of error occured -- this
-	 * might become visible to an attacker (e.g. via logfile) */
-	al=SSL_AD_BAD_RECORD_MAC;
-	SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
@@ -544,8 +539,7 @@ int dtls1_get_record(SSL *s)
 
 	/* The epoch may have changed.  If so, process all the
 	 * pending records.  This is a non-blocking operation. */
-	if ( ! dtls1_process_buffered_records(s))
-            return 0;
+	dtls1_process_buffered_records(s);
 
 	/* if we're renegotiating, then there may be buffered records */
 	if (dtls1_get_processed_record(s))
@@ -667,21 +661,25 @@ again:
 	if (rr->length == 0) goto again;
 
 	/* If this record is from the next epoch (either HM or ALERT),
-	 * buffer it since it cannot be processed at this time. Records
-	 * from the next epoch are marked as received even though they
-	 * are not processed, so as to prevent any potential resource
-	 * DoS attack */
+	 * and a handshake is currently in progress, buffer it since it
+	 * cannot be processed at this time. */
 	if (is_next_epoch)
 		{
-		dtls1_record_bitmap_update(s, bitmap);
-		dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+		if (SSL_in_init(s) || s->in_handshake)
+			{
+			dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+			}
 		rr->length = 0;
 		s->packet_length = 0;
 		goto again;
 		}
 
-	if ( ! dtls1_process_record(s))
-		return(0);
+	if (!dtls1_process_record(s))
+		{
+		rr->length = 0;
+		s->packet_length = 0;  /* dump this record */
+		goto again;   /* get another record */
+		}
 
 	dtls1_clear_timeouts(s);  /* done waiting */
 	return(1);
@@ -809,7 +807,7 @@ start:
 		 * buffer the application data for later processing rather
 		 * than dropping the connection.
 		 */
-		dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
+		dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
 		rr->length = 0;
 		goto start;
 		}
diff --git a/openssl/ssl/dtls1.h b/openssl/ssl/dtls1.h
index af363a984..2900d1d8a 100644
--- a/openssl/ssl/dtls1.h
+++ b/openssl/ssl/dtls1.h
@@ -167,6 +167,7 @@ typedef struct hm_fragment_st
 	{
 	struct hm_header_st msg_header;
 	unsigned char *fragment;
+	unsigned char *reassembly;
 	} hm_fragment;
 
 typedef struct dtls1_state_st
diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com
index 85ab2f61f..c5ca9e1df 100644
--- a/openssl/ssl/ssl-lib.com
+++ b/openssl/ssl/ssl-lib.com
@@ -30,7 +30,7 @@ $!	   VAXC	 For VAX C.
 $!	   DECC	 For DEC C.
 $!	   GNUC	 For GNU C.
 $!
-$!  If you don't speficy a compiler, it will try to determine which
+$!  If you don't specify a compiler, it will try to determine which
 $!  "C" compiler to use.
 $!
 $!  P4, if defined, sets a TCP/IP library to use, through one of the following
@@ -55,7 +55,7 @@ $ THEN
 $!
 $!  The Architecture Is VAX.
 $!
-$   ARCH := VAX
+$   ARCH = "VAX"
 $!
 $! Else...
 $!
@@ -524,12 +524,12 @@ $! Else...
 $!
 $ ELSE
 $!
-$!  Else, Check To See If P1 Has A Valid Arguement.
+$!  Else, Check To See If P1 Has A Valid Argument.
 $!
 $   IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK")
 $   THEN
 $!
-$!    A Valid Arguement.
+$!    A Valid Argument.
 $!
 $     BUILDALL = P1
 $!
@@ -557,7 +557,7 @@ $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -611,7 +611,7 @@ $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -893,7 +893,7 @@ $!  Show user the result
 $!
 $   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
@@ -994,7 +994,7 @@ $!  Print info
 $!
 $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
diff --git a/openssl/ssl/ssl_algs.c b/openssl/ssl/ssl_algs.c
index a26ae4395..0967b2dfe 100644
--- a/openssl/ssl/ssl_algs.c
+++ b/openssl/ssl/ssl_algs.c
@@ -105,6 +105,14 @@ int SSL_library_init(void)
 	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
 	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
 #endif
+#ifndef OPENSSL_NO_SHA256
+	EVP_add_digest(EVP_sha224());
+	EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+	EVP_add_digest(EVP_sha384());
+	EVP_add_digest(EVP_sha512());
+#endif
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
 	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
 	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
diff --git a/openssl/ssl/t1_enc.c b/openssl/ssl/t1_enc.c
index d9cb059d0..9719541f2 100644
--- a/openssl/ssl/t1_enc.c
+++ b/openssl/ssl/t1_enc.c
@@ -148,7 +148,7 @@
 #endif
 
 /* seed1 through seed5 are virtually concatenated */
-static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 			int sec_len,
 			const void *seed1, int seed1_len,
 			const void *seed2, int seed2_len,
@@ -163,55 +163,79 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 	HMAC_CTX ctx_tmp;
 	unsigned char A1[EVP_MAX_MD_SIZE];
 	unsigned int A1_len;
+	int ret = 0;
 	
 	chunk=EVP_MD_size(md);
 	OPENSSL_assert(chunk >= 0);
 
 	HMAC_CTX_init(&ctx);
 	HMAC_CTX_init(&ctx_tmp);
-	HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
-	HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
-	if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len);
-	if (seed2 != NULL) HMAC_Update(&ctx,seed2,seed2_len);
-	if (seed3 != NULL) HMAC_Update(&ctx,seed3,seed3_len);
-	if (seed4 != NULL) HMAC_Update(&ctx,seed4,seed4_len);
-	if (seed5 != NULL) HMAC_Update(&ctx,seed5,seed5_len);
-	HMAC_Final(&ctx,A1,&A1_len);
+	if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL))
+		goto err;
+	if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL))
+		goto err;
+	if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
+		goto err;
+	if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
+		goto err;
+	if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
+		goto err;
+	if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
+		goto err;
+	if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
+		goto err;
+	if (!HMAC_Final(&ctx,A1,&A1_len))
+		goto err;
 
 	n=0;
 	for (;;)
 		{
-		HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
-		HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
-		HMAC_Update(&ctx,A1,A1_len);
-		HMAC_Update(&ctx_tmp,A1,A1_len);
-		if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len);
-		if (seed2 != NULL) HMAC_Update(&ctx,seed2,seed2_len);
-		if (seed3 != NULL) HMAC_Update(&ctx,seed3,seed3_len);
-		if (seed4 != NULL) HMAC_Update(&ctx,seed4,seed4_len);
-		if (seed5 != NULL) HMAC_Update(&ctx,seed5,seed5_len);
+		if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */
+			goto err;
+		if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */
+			goto err;
+		if (!HMAC_Update(&ctx,A1,A1_len))
+			goto err;
+		if (!HMAC_Update(&ctx_tmp,A1,A1_len))
+			goto err;
+		if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
+			goto err;
+		if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
+			goto err;
+		if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
+			goto err;
+		if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
+			goto err;
+		if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
+			goto err;
 
 		if (olen > chunk)
 			{
-			HMAC_Final(&ctx,out,&j);
+			if (!HMAC_Final(&ctx,out,&j))
+				goto err;
 			out+=j;
 			olen-=j;
-			HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
+			if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */
+				goto err;
 			}
 		else	/* last one */
 			{
-			HMAC_Final(&ctx,A1,&A1_len);
+			if (!HMAC_Final(&ctx,A1,&A1_len))
+				goto err;
 			memcpy(out,A1,olen);
 			break;
 			}
 		}
+	ret = 1;
+err:
 	HMAC_CTX_cleanup(&ctx);
 	HMAC_CTX_cleanup(&ctx_tmp);
 	OPENSSL_cleanse(A1,sizeof(A1));
+	return ret;
 	}
 
 /* seed1 through seed5 are virtually concatenated */
-static void tls1_PRF(long digest_mask,
+static int tls1_PRF(long digest_mask,
 		     const void *seed1, int seed1_len,
 		     const void *seed2, int seed2_len,
 		     const void *seed3, int seed3_len,
@@ -225,6 +249,7 @@ static void tls1_PRF(long digest_mask,
 	const unsigned char *S1;
 	long m;
 	const EVP_MD *md;
+	int ret = 0;
 
 	/* Count number of digests and partition sec evenly */
 	count=0;
@@ -239,11 +264,12 @@ static void tls1_PRF(long digest_mask,
 			if (!md) {
 				SSLerr(SSL_F_TLS1_PRF,
 				SSL_R_UNSUPPORTED_DIGEST_TYPE);
-				return;				
+				goto err;				
 			}
-			tls1_P_hash(md ,S1,len+(slen&1),
-			            seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
-			            out2,olen);
+			if (!tls1_P_hash(md ,S1,len+(slen&1),
+					seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
+					out2,olen))
+				goto err;
 			S1+=len;
 			for (i=0; i<olen; i++)
 			{
@@ -251,12 +277,15 @@ static void tls1_PRF(long digest_mask,
 			}
 		}
 	}
-
+	ret = 1;
+err:
+	return ret;
 }
-static void tls1_generate_key_block(SSL *s, unsigned char *km,
+static int tls1_generate_key_block(SSL *s, unsigned char *km,
 	     unsigned char *tmp, int num)
 	{
-	tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+	int ret;
+	ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
 		 TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
 		 s->s3->server_random,SSL3_RANDOM_SIZE,
 		 s->s3->client_random,SSL3_RANDOM_SIZE,
@@ -274,6 +303,7 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km,
                 }
         printf("\n");  }
 #endif    /* KSSL_DEBUG */
+	return ret;
 	}
 
 int tls1_change_cipher_state(SSL *s, int which)
@@ -461,22 +491,24 @@ printf("which = %04X\nmac key=",which);
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).
 		 */
-		tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-			 exp_label,exp_label_len,
-			 s->s3->client_random,SSL3_RANDOM_SIZE,
-			 s->s3->server_random,SSL3_RANDOM_SIZE,
-			 NULL,0,NULL,0,
-			 key,j,tmp1,tmp2,EVP_CIPHER_key_length(c));
+		if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+				exp_label,exp_label_len,
+				s->s3->client_random,SSL3_RANDOM_SIZE,
+				s->s3->server_random,SSL3_RANDOM_SIZE,
+				NULL,0,NULL,0,
+				key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
+			goto err2;
 		key=tmp1;
 
 		if (k > 0)
 			{
-			tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-				 TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
-				 s->s3->client_random,SSL3_RANDOM_SIZE,
-				 s->s3->server_random,SSL3_RANDOM_SIZE,
-				 NULL,0,NULL,0,
-				 empty,0,iv1,iv2,k*2);
+			if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+					TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
+					s->s3->client_random,SSL3_RANDOM_SIZE,
+					s->s3->server_random,SSL3_RANDOM_SIZE,
+					NULL,0,NULL,0,
+					empty,0,iv1,iv2,k*2))
+				goto err2;
 			if (client_write)
 				iv=iv1;
 			else
@@ -518,12 +550,13 @@ err2:
 
 int tls1_setup_key_block(SSL *s)
 	{
-	unsigned char *p1,*p2;
+	unsigned char *p1,*p2=NULL;
 	const EVP_CIPHER *c;
 	const EVP_MD *hash;
 	int num;
 	SSL_COMP *comp;
 	int mac_type= NID_undef,mac_secret_size=0;
+	int ret=0;
 
 #ifdef KSSL_DEBUG
 	printf ("tls1_setup_key_block()\n");
@@ -548,13 +581,19 @@ int tls1_setup_key_block(SSL *s)
 	ssl3_cleanup_key_block(s);
 
 	if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+		{
+		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
 		goto err;
-	if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-		goto err;
+		}
 
 	s->s3->tmp.key_block_length=num;
 	s->s3->tmp.key_block=p1;
 
+	if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+		{
+		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
 
 #ifdef TLS_DEBUG
 printf("client random\n");
@@ -564,9 +603,8 @@ printf("server random\n");
 printf("pre-master\n");
 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
 #endif
-	tls1_generate_key_block(s,p1,p2,num);
-	OPENSSL_cleanse(p2,num);
-	OPENSSL_free(p2);
+	if (!tls1_generate_key_block(s,p1,p2,num))
+		goto err;
 #ifdef TLS_DEBUG
 printf("\nkey block\n");
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
@@ -591,10 +629,14 @@ printf("\nkey block\n");
 			}
 		}
 		
-	return(1);
+	ret = 1;
 err:
-	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
-	return(0);
+	if (p2)
+		{
+		OPENSSL_cleanse(p2,num);
+		OPENSSL_free(p2);
+		}
+	return(ret);
 	}
 
 int tls1_enc(SSL *s, int send)
@@ -822,10 +864,11 @@ int tls1_final_finish_mac(SSL *s,
 			}
 		}
 		
-	tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-		 str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
-		 s->session->master_key,s->session->master_key_length,
-		 out,buf2,sizeof buf2);
+	if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+			str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
+			s->session->master_key,s->session->master_key_length,
+			out,buf2,sizeof buf2))
+		err = 1;
 	EVP_MD_CTX_cleanup(&ctx);
 
 	if (err)
author	marha <marha@users.sourceforge.net>	2010-06-16 16:17:11 +0000
committer	marha <marha@users.sourceforge.net>	2010-06-16 16:17:11 +0000
commit	fef0b61e18b9c7475e4d6e67ddfc55db46573f4e (patch)
tree	d4c68ba5b80ca0748fb23f1c344e859efd79503f /openssl/ssl
parent	243edb24f5179d93c849ea326fb489d3f846db71 (diff)
download	vcxsrv-fef0b61e18b9c7475e4d6e67ddfc55db46573f4e.tar.gz vcxsrv-fef0b61e18b9c7475e4d6e67ddfc55db46573f4e.tar.bz2 vcxsrv-fef0b61e18b9c7475e4d6e67ddfc55db46573f4e.zip