diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-18 22:36:56 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-18 22:36:56 +0000 |
| commit | ed57351851bf7f34b0d76a054a5fe65b256894be (patch) | |
| tree | cee36c101bd591b8bcd2991b36db3a7403149abe /lib | |
| parent | 3318d4f870f9445e1f4caffd39dbc6819d624259 (diff) | |
Convert dtls1_get_record to CBS.
ok miod@, input + ok jsing@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/d1_pkt.c | 49 |
1 files changed, 28 insertions, 21 deletions
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 68571c8fd06..1ff664370b4 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.43 2015/07/18 22:28:53 doug Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.44 2015/07/18 22:36:55 doug Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -124,6 +124,7 @@ #include <openssl/evp.h> #include "pqueue.h" +#include "bytestring.h" /* mod 128 saturating subtract of two 64-bit values in big-endian order */ static int @@ -464,11 +465,9 @@ err: int dtls1_get_record(SSL *s) { - int ssl_major, ssl_minor; int i, n; SSL3_RECORD *rr; unsigned char *p = NULL; - unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; @@ -494,6 +493,10 @@ again: /* check if we have the header */ if ((s->rstate != SSL_ST_READ_BODY) || (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { + CBS header, seq_no; + uint16_t epoch, len, ssl_version; + uint8_t type; + n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); /* read timeout is handled by dtls1_read_bytes */ if (n <= 0) @@ -505,35 +508,39 @@ again: s->rstate = SSL_ST_READ_BODY; - p = s->packet; + CBS_init(&header, s->packet, s->packet_length); /* Pull apart the header into the DTLS1_RECORD */ - rr->type= *(p++); - ssl_major= *(p++); - ssl_minor= *(p++); - version = (ssl_major << 8)|ssl_minor; + if (!CBS_get_u8(&header, &type)) + goto again; + if (!CBS_get_u16(&header, &ssl_version)) + goto again; /* sequence number is 64 bits, with top 2 bytes = epoch */ - n2s(p, rr->epoch); + if (!CBS_get_u16(&header, &epoch) || + !CBS_get_bytes(&header, &seq_no, 6)) + goto again; - memcpy(&(s->s3->read_sequence[2]), p, 6); - p += 6; + if (!CBS_write_bytes(&seq_no, &(s->s3->read_sequence[2]), + sizeof(s->s3->read_sequence) - 2, NULL)) + goto again; + if (!CBS_get_u16(&header, &len)) + goto again; - n2s(p, rr->length); + rr->type = type; + rr->epoch = epoch; + rr->length = len; - /* Lets check version */ - if (!s->first_packet) { - if (version != s->version) - /* unexpected version, silently discard */ - goto again; - } + /* unexpected version, silently discard */ + if (!s->first_packet && ssl_version != s->version) + goto again; - if ((version & 0xff00) != (s->version & 0xff00)) - /* wrong version, silently discard record */ + /* wrong version, silently discard record */ + if ((ssl_version & 0xff00) != (s->version & 0xff00)) goto again; + /* record too long, silently discard it */ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) - /* record too long, silently discard it */ goto again; /* now s->rstate == SSL_ST_READ_BODY */ |