Update to OpenSSL 1.0.2.o

2018-04-13 17:29:45 +00:00
parent ccd3ab4aff
commit 4933cd8231
386 changed files with 5623 additions and 2984 deletions
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -517,6 +517,17 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        return i;
    }

+    /*
+     * Don't change the *message* read sequence number while listening. For
+     * the *record* write sequence we reflect the ClientHello sequence number
+     * when listening.
+     */
+    if (s->d1->listen)
+        memcpy(s->s3->write_sequence, s->s3->read_sequence,
+               sizeof(s->s3->write_sequence));
+    else
+        s->d1->handshake_read_seq++;
+
    if (mt >= 0 && s->s3->tmp.message_type != mt) {
        al = SSL_AD_UNEXPECTED_MESSAGE;
        SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
@@ -544,10 +555,6 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)

    memset(msg_hdr, 0x00, sizeof(struct hm_header_st));

-    /* Don't change sequence numbers while listening */
-    if (!s->d1->listen)
-        s->d1->handshake_read_seq++;
-
    s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
    return s->init_num;

@@ -1068,7 +1075,9 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
 int dtls1_read_failed(SSL *s, int code)
 {
    if (code > 0) {
+#ifdef TLS_DEBUG
        fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
+#endif
        return 1;
    }

@@ -1140,7 +1149,9 @@ int dtls1_retransmit_buffered_messages(SSL *s)
                                     (frag->msg_header.seq,
                                      frag->msg_header.is_ccs), 0,
                                     &found) <= 0 && found) {
+#ifdef TLS_DEBUG
            fprintf(stderr, "dtls1_retransmit_message() failed\n");
+#endif
            return -1;
        }
    }
@@ -1240,7 +1251,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,

    item = pqueue_find(s->d1->sent_messages, seq64be);
    if (item == NULL) {
+#ifdef TLS_DEBUG
        fprintf(stderr, "retransmit:  message %d non-existant\n", seq);
+#endif
        *found = 0;
        return 0;
    }