#14465: Update openssl to tag android-4.0.4_r2.1
diff --git a/jni/openssl/ssl/d1_pkt.c b/jni/openssl/ssl/d1_pkt.c
index e3e9864..91562f3 100644
--- a/jni/openssl/ssl/d1_pkt.c
+++ b/jni/openssl/ssl/d1_pkt.c
@@ -179,6 +179,7 @@
static int dtls1_buffer_record(SSL *s, record_pqueue *q,
unsigned char *priority);
static int dtls1_process_record(SSL *s);
+static void dtls1_clear_timeouts(SSL *s);
/* copy buffered record into SSL structure */
static int
@@ -231,14 +232,6 @@
item->data = rdata;
-#ifndef OPENSSL_NO_SCTP
- /* Store bio_dgram_sctp_rcvinfo struct */
- if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
- (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
- }
-#endif
-
/* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL)
{
@@ -382,8 +375,6 @@
SSL3_RECORD *rr;
unsigned int mac_size;
unsigned char md[EVP_MAX_MD_SIZE];
- int decryption_failed_or_bad_record_mac = 0;
- unsigned char *mac = NULL;
rr= &(s->s3->rrec);
@@ -418,10 +409,13 @@
enc_err = s->method->ssl3_enc->enc(s,0);
if (enc_err <= 0)
{
- /* To minimize information leaked via timing, we will always
- * perform all computations before discarding the message.
- */
- decryption_failed_or_bad_record_mac = 1;
+ /* decryption failed, silently discard message */
+ if (enc_err < 0)
+ {
+ rr->length = 0;
+ s->packet_length = 0;
+ }
+ goto err;
}
#ifdef TLS_DEBUG
@@ -451,32 +445,28 @@
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
- decryption_failed_or_bad_record_mac = 1;
+ goto err;
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
- if (rr->length >= mac_size)
+ if (rr->length < mac_size)
{
- rr->length -= mac_size;
- mac = &rr->data[rr->length];
+#if 0 /* OK only for stream ciphers */
+ al=SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+#else
+ goto err;
+#endif
}
- else
- rr->length = 0;
+ rr->length-=mac_size;
i=s->method->ssl3_enc->mac(s,md,0);
- if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
+ if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
{
- decryption_failed_or_bad_record_mac = 1;
+ goto err;
}
}
- if (decryption_failed_or_bad_record_mac)
- {
- /* decryption failed, silently discard message */
- rr->length = 0;
- s->packet_length = 0;
- goto err;
- }
-
/* r->length is now just compressed */
if (s->expand != NULL)
{
@@ -666,28 +656,20 @@
goto again; /* get another record */
}
-#ifndef OPENSSL_NO_SCTP
- /* Only do replay check if no SCTP bio */
- if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
- {
-#endif
- /* Check whether this is a repeat, or aged record.
- * Don't check if we're listening and this message is
- * a ClientHello. They can look as if they're replayed,
- * since they arrive from different connections and
- * would be dropped unnecessarily.
- */
- if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
- *p == SSL3_MT_CLIENT_HELLO) &&
- !dtls1_record_replay_check(s, bitmap))
- {
- rr->length = 0;
- s->packet_length=0; /* dump this record */
- goto again; /* get another record */
- }
-#ifndef OPENSSL_NO_SCTP
- }
-#endif
+ /* Check whether this is a repeat, or aged record.
+ * Don't check if we're listening and this message is
+ * a ClientHello. They can look as if they're replayed,
+ * since they arrive from different connections and
+ * would be dropped unnecessarily.
+ */
+ if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
+ *p == SSL3_MT_CLIENT_HELLO) &&
+ !dtls1_record_replay_check(s, bitmap))
+ {
+ rr->length = 0;
+ s->packet_length=0; /* dump this record */
+ goto again; /* get another record */
+ }
/* just read a 0 length packet */
if (rr->length == 0) goto again;
@@ -715,6 +697,7 @@
goto again; /* get another record */
}
+ dtls1_clear_timeouts(s); /* done waiting */
return(1);
}
@@ -772,17 +755,7 @@
/* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-#ifndef OPENSSL_NO_SCTP
- /* Continue handshake if it had to be interrupted to read
- * app data with SCTP.
- */
- if ((!s->in_handshake && SSL_in_init(s)) ||
- (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
- (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
- s->s3->in_read_app_data != 2))
-#else
if (!s->in_handshake && SSL_in_init(s))
-#endif
{
/* type == SSL3_RT_APPLICATION_DATA */
i=s->handshake_func(s);
@@ -813,15 +786,6 @@
item = pqueue_pop(s->d1->buffered_app_data.q);
if (item)
{
-#ifndef OPENSSL_NO_SCTP
- /* Restore bio_dgram_sctp_rcvinfo struct */
- if (BIO_dgram_is_sctp(SSL_get_rbio(s)))
- {
- DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
- }
-#endif
-
dtls1_copy_record(s, item);
OPENSSL_free(item->data);
@@ -904,31 +868,6 @@
rr->off=0;
}
}
-
-#ifndef OPENSSL_NO_SCTP
- /* We were about to renegotiate but had to read
- * belated application data first, so retry.
- */
- if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
- rr->type == SSL3_RT_APPLICATION_DATA &&
- (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK))
- {
- s->rwstate=SSL_READING;
- BIO_clear_retry_flags(SSL_get_rbio(s));
- BIO_set_retry_read(SSL_get_rbio(s));
- }
-
- /* We might had to delay a close_notify alert because
- * of reordered app data. If there was an alert and there
- * is no message to read anymore, finally set shutdown.
- */
- if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
- s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
- {
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return(0);
- }
-#endif
return(n);
}
@@ -956,19 +895,6 @@
dest = s->d1->alert_fragment;
dest_len = &s->d1->alert_fragment_len;
}
-#ifndef OPENSSL_NO_HEARTBEATS
- else if (rr->type == TLS1_RT_HEARTBEAT)
- {
- dtls1_process_heartbeat(s);
-
- /* Exit and notify application to read again */
- rr->length = 0;
- s->rwstate=SSL_READING;
- BIO_clear_retry_flags(SSL_get_rbio(s));
- BIO_set_retry_read(SSL_get_rbio(s));
- return(-1);
- }
-#endif
/* else it's a CCS message, or application data or wrong */
else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
{
@@ -1052,7 +978,6 @@
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate)
{
- s->new_session = 1;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
{
@@ -1114,21 +1039,6 @@
s->s3->warn_alert = alert_descr;
if (alert_descr == SSL_AD_CLOSE_NOTIFY)
{
-#ifndef OPENSSL_NO_SCTP
- /* With SCTP and streams the socket may deliver app data
- * after a close_notify alert. We have to check this
- * first so that nothing gets discarded.
- */
- if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
- BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
- {
- s->d1->shutdown_received = 1;
- s->rwstate=SSL_READING;
- BIO_clear_retry_flags(SSL_get_rbio(s));
- BIO_set_retry_read(SSL_get_rbio(s));
- return -1;
- }
-#endif
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return(0);
}
@@ -1235,15 +1145,6 @@
if (s->version == DTLS1_BAD_VER)
s->d1->handshake_read_seq++;
-#ifndef OPENSSL_NO_SCTP
- /* Remember that a CCS has been received,
- * so that an old key of SCTP-Auth can be
- * deleted when a CCS is sent. Will be ignored
- * if no SCTP is used
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
-#endif
-
goto start;
}
@@ -1266,9 +1167,6 @@
*/
if (msg_hdr.type == SSL3_MT_FINISHED)
{
- if (dtls1_check_timeout_num(s) < 0)
- return -1;
-
dtls1_retransmit_buffered_messages(s);
rr->length = 0;
goto start;
@@ -1286,7 +1184,6 @@
#else
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
#endif
- s->renegotiate=1;
s->new_session=1;
}
i=s->handshake_func(s);
@@ -1383,16 +1280,7 @@
{
int i;
-#ifndef OPENSSL_NO_SCTP
- /* Check if we have to continue an interrupted handshake
- * for reading belated app data with SCTP.
- */
- if ((SSL_in_init(s) && !s->in_handshake) ||
- (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
- (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
-#else
- if (SSL_in_init(s) && !s->in_handshake)
-#endif
+ if (SSL_in_init(s) && !s->in_handshake)
{
i=s->handshake_func(s);
if (i < 0) return(i);
@@ -1903,3 +1791,10 @@
memset(seq, 0x00, seq_bytes);
}
+
+
+static void
+dtls1_clear_timeouts(SSL *s)
+ {
+ memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
+ }