(linenum→info "unix/slp.c:2238")

openssl/0.9.8g/ssl/d1_both.c

    1: /* ssl/d1_both.c */
    2: /* 
    3:  * DTLS implementation written by Nagendra Modadugu
    4:  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
    5:  */
    6: /* ====================================================================
    7:  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
    8:  *
    9:  * Redistribution and use in source and binary forms, with or without
   10:  * modification, are permitted provided that the following conditions
   11:  * are met:
   12:  *
   13:  * 1. Redistributions of source code must retain the above copyright
   14:  *    notice, this list of conditions and the following disclaimer. 
   15:  *
   16:  * 2. Redistributions in binary form must reproduce the above copyright
   17:  *    notice, this list of conditions and the following disclaimer in
   18:  *    the documentation and/or other materials provided with the
   19:  *    distribution.
   20:  *
   21:  * 3. All advertising materials mentioning features or use of this
   22:  *    software must display the following acknowledgment:
   23:  *    "This product includes software developed by the OpenSSL Project
   24:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   25:  *
   26:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   27:  *    endorse or promote products derived from this software without
   28:  *    prior written permission. For written permission, please contact
   29:  *    openssl-core@openssl.org.
   30:  *
   31:  * 5. Products derived from this software may not be called "OpenSSL"
   32:  *    nor may "OpenSSL" appear in their names without prior written
   33:  *    permission of the OpenSSL Project.
   34:  *
   35:  * 6. Redistributions of any form whatsoever must retain the following
   36:  *    acknowledgment:
   37:  *    "This product includes software developed by the OpenSSL Project
   38:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   39:  *
   40:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   41:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   42:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   43:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   44:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   45:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   46:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   47:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
   49:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   50:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   51:  * OF THE POSSIBILITY OF SUCH DAMAGE.
   52:  * ====================================================================
   53:  *
   54:  * This product includes cryptographic software written by Eric Young
   55:  * (eay@cryptsoft.com).  This product includes software written by Tim
   56:  * Hudson (tjh@cryptsoft.com).
   57:  *
   58:  */
   59: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   60:  * All rights reserved.
   61:  *
   62:  * This package is an SSL implementation written
   63:  * by Eric Young (eay@cryptsoft.com).
   64:  * The implementation was written so as to conform with Netscapes SSL.
   65:  * 
   66:  * This library is free for commercial and non-commercial use as long as
   67:  * the following conditions are aheared to.  The following conditions
   68:  * apply to all code found in this distribution, be it the RC4, RSA,
   69:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   70:  * included with this distribution is covered by the same copyright terms
   71:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   72:  * 
   73:  * Copyright remains Eric Young's, and as such any Copyright notices in
   74:  * the code are not to be removed.
   75:  * If this package is used in a product, Eric Young should be given attribution
   76:  * as the author of the parts of the library used.
   77:  * This can be in the form of a textual message at program startup or
   78:  * in documentation (online or textual) provided with the package.
   79:  * 
   80:  * Redistribution and use in source and binary forms, with or without
   81:  * modification, are permitted provided that the following conditions
   82:  * are met:
   83:  * 1. Redistributions of source code must retain the copyright
   84:  *    notice, this list of conditions and the following disclaimer.
   85:  * 2. Redistributions in binary form must reproduce the above copyright
   86:  *    notice, this list of conditions and the following disclaimer in the
   87:  *    documentation and/or other materials provided with the distribution.
   88:  * 3. All advertising materials mentioning features or use of this software
   89:  *    must display the following acknowledgement:
   90:  *    "This product includes cryptographic software written by
   91:  *     Eric Young (eay@cryptsoft.com)"
   92:  *    The word 'cryptographic' can be left out if the rouines from the library
   93:  *    being used are not cryptographic related :-).
   94:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   95:  *    the apps directory (application code) you must include an acknowledgement:
   96:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   97:  * 
   98:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   99:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  100:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  101:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  102:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  103:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  104:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  105:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  106:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  107:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  108:  * SUCH DAMAGE.
  109:  * 
  110:  * The licence and distribution terms for any publically available version or
  111:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  112:  * copied and put under another distribution licence
  113:  * [including the GNU Public Licence.]
  114:  */
  115: 
  116: #include <limits.h>
  117: #include <string.h>
  118: #include <stdio.h>
  119: #include "ssl_locl.h"
  120: #include <openssl/buffer.h>
  121: #include <openssl/rand.h>
  122: #include <openssl/objects.h>
  123: #include <openssl/evp.h>
  124: #include <openssl/x509.h>
  125: 
  126: 
  127: /* XDTLS:  figure out the right values */
  128: static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
  129: 
  130: static unsigned int dtls1_min_mtu(void);
  131: static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
  132: static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 
  133:         unsigned long frag_len);
  134: static unsigned char *dtls1_write_message_header(SSL *s,
  135:         unsigned char *p);
  136: static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
  137:         unsigned long len, unsigned short seq_num, unsigned long frag_off, 
  138:         unsigned long frag_len);
  139: static int dtls1_retransmit_buffered_messages(SSL *s);
  140: static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 
  141:         long max, int *ok);
  142: 
  143: static hm_fragment *
  144: dtls1_hm_fragment_new(unsigned long frag_len)
  145:         {
  146:         hm_fragment *frag = NULL;
  147:         unsigned char *buf = NULL;
  148: 
  149:         frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
  150:         if ( frag == NULL)
  151:                 return NULL;
  152: 
  153:         if (frag_len)
  154:                 {
  155:                 buf = (unsigned char *)OPENSSL_malloc(frag_len);
  156:                 if ( buf == NULL)
  157:                         {
  158:                         OPENSSL_free(frag);
  159:                         return NULL;
  160:                         }
  161:                 }
  162: 
  163:         /* zero length fragment gets zero frag->fragment */
  164:         frag->fragment = buf;
  165: 
  166:         return frag;
  167:         }
  168: 
  169: static void
  170: dtls1_hm_fragment_free(hm_fragment *frag)
  171:         {
  172:         if (frag->fragment) OPENSSL_free(frag->fragment);
  173:         OPENSSL_free(frag);
  174:         }
  175: 
  176: /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
  177: int dtls1_do_write(SSL *s, int type)
  178:         {
  179:         int ret;
  180:         int curr_mtu;
  181:         unsigned int len, frag_off;
  182: 
  183:         /* AHA!  Figure out the MTU, and stick to the right size */
  184:         if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
  185:                 {
  186:                 s->d1->mtu = 
  187:                         BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
  188: 
  189:                 /* I've seen the kernel return bogus numbers when it doesn't know
  190:                  * (initial write), so just make sure we have a reasonable number */
  191:                 if ( s->d1->mtu < dtls1_min_mtu())
  192:                         {
  193:                         s->d1->mtu = 0;
  194:                         s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
  195:                         BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, 
  196:                                 s->d1->mtu, NULL);
  197:                         }
  198:                 }
  199: #if 0 
  200:         mtu = s->d1->mtu;
  201: 
  202:         fprintf(stderr, "using MTU = %d\n", mtu);
  203: 
  204:         mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
  205: 
  206:         curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
  207: 
  208:         if ( curr_mtu > 0)
  209:                 mtu = curr_mtu;
  210:         else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
  211:                 return ret;
  212: 
  213:         if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
  214:                 {
  215:                 ret = BIO_flush(SSL_get_wbio(s));
  216:                 if ( ret <= 0)
  217:                         return ret;
  218:                 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
  219:                 }
  220: 
  221:         OPENSSL_assert(mtu > 0);  /* should have something reasonable now */
  222: 
  223: #endif
  224: 
  225:         if ( s->init_off == 0  && type == SSL3_RT_HANDSHAKE)
  226:                 OPENSSL_assert(s->init_num == 
  227:                         (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
  228: 
  229:         frag_off = 0;
  230:         while( s->init_num)
  231:                 {
  232:                 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 
  233:                         DTLS1_RT_HEADER_LENGTH;
  234: 
  235:                 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
  236:                         {
  237:                         /* grr.. we could get an error if MTU picked was wrong */
  238:                         ret = BIO_flush(SSL_get_wbio(s));
  239:                         if ( ret <= 0)
  240:                                 return ret;
  241:                         curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH;
  242:                         }
  243: 
  244:                 if ( s->init_num > curr_mtu)
  245:                         len = curr_mtu;
  246:                 else
  247:                         len = s->init_num;
  248: 
  249: 
  250:                 /* XDTLS: this function is too long.  split out the CCS part */
  251:                 if ( type == SSL3_RT_HANDSHAKE)
  252:                         {
  253:                         if ( s->init_off != 0)
  254:                                 {
  255:                                 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
  256:                                 s->init_off -= DTLS1_HM_HEADER_LENGTH;
  257:                                 s->init_num += DTLS1_HM_HEADER_LENGTH;
  258: 
  259:                                 /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
  260:                                 if ( len <= DTLS1_HM_HEADER_LENGTH)  
  261:                                         len += DTLS1_HM_HEADER_LENGTH;
  262:                                 }
  263: 
  264:                         dtls1_fix_message_header(s, frag_off, 
  265:                                 len - DTLS1_HM_HEADER_LENGTH);
  266: 
  267:                         dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
  268: 
  269:                         OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
  270:                         }
  271: 
  272:                 ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
  273:                         len);
  274:                 if (ret < 0)
  275:                         {
  276:                         /* might need to update MTU here, but we don't know
  277:                          * which previous packet caused the failure -- so can't
  278:                          * really retransmit anything.  continue as if everything
  279:                          * is fine and wait for an alert to handle the
  280:                          * retransmit 
  281:                          */
  282:                         if ( BIO_ctrl(SSL_get_wbio(s),
  283:                                 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL))
  284:                                 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
  285:                                         BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
  286:                         else
  287:                                 return(-1);
  288:                         }
  289:                 else
  290:                         {
  291: 
  292:                         /* bad if this assert fails, only part of the handshake
  293:                          * message got sent.  but why would this happen? */
  294:                         OPENSSL_assert(len == (unsigned int)ret);
  295: 
  296:                         if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
  297:                                 {
  298:                                 /* should not be done for 'Hello Request's, but in that case
  299:                                  * we'll ignore the result anyway */
  300:                                 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
  301:                                 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
  302:                                 int xlen;
  303: 
  304:                                 if (frag_off == 0 && s->client_version != DTLS1_BAD_VER)
  305:                                         {
  306:                                         /* reconstruct message header is if it
  307:                                          * is being sent in single fragment */
  308:                                         *p++ = msg_hdr->type;
  309:                                         l2n3(msg_hdr->msg_len,p);
  310:                                         s2n (msg_hdr->seq,p);
  311:                                         l2n3(0,p);
  312:                                         l2n3(msg_hdr->msg_len,p);
  313:                                         p  -= DTLS1_HM_HEADER_LENGTH;
  314:                                         xlen = ret;
  315:                                         }
  316:                                 else
  317:                                         {
  318:                                         p  += DTLS1_HM_HEADER_LENGTH;
  319:                                         xlen = ret - DTLS1_HM_HEADER_LENGTH;
  320:                                         }
  321: 
  322:                                 ssl3_finish_mac(s, p, xlen);
  323:                                 }
  324: 
  325:                         if (ret == s->init_num)
  326:                                 {
  327:                                 if (s->msg_callback)
  328:                                         s->msg_callback(1, s->version, type, s->init_buf->data, 
  329:                                                 (size_t)(s->init_off + s->init_num), s, 
  330:                                                 s->msg_callback_arg);
  331: 
  332:                                 s->init_off = 0;  /* done writing this message */
  333:                                 s->init_num = 0;
  334: 
  335:                                 return(1);
  336:                                 }
  337:                         s->init_off+=ret;
  338:                         s->init_num-=ret;
  339:                         frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
  340:                         }
  341:                 }
  342:         return(0);
  343:         }
  344: 
  345: 
  346: /* Obtain handshake message of message type 'mt' (any if mt == -1),
  347:  * maximum acceptable body length 'max'.
  348:  * Read an entire handshake message.  Handshake messages arrive in
  349:  * fragments.
  350:  */
  351: long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
  352:         {
  353:         int i, al;
  354:         struct hm_header_st *msg_hdr;
  355: 
  356:         /* s3->tmp is used to store messages that are unexpected, caused
  357:          * by the absence of an optional handshake message */
  358:         if (s->s3->tmp.reuse_message)
  359:                 {
  360:                 s->s3->tmp.reuse_message=0;
  361:                 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
  362:                         {
  363:                         al=SSL_AD_UNEXPECTED_MESSAGE;
  364:                         SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
  365:                         goto f_err;
  366:                         }
  367:                 *ok=1;
  368:                 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
  369:                 s->init_num = (int)s->s3->tmp.message_size;
  370:                 return s->init_num;
  371:                 }
  372: 
  373:         msg_hdr = &s->d1->r_msg_hdr;
  374:         do
  375:                 {
  376:                 if ( msg_hdr->frag_off == 0)
  377:                         {
  378:                         /* s->d1->r_message_header.msg_len = 0; */
  379:                         memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
  380:                         }
  381: 
  382:                 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
  383:                 if ( i == DTLS1_HM_BAD_FRAGMENT ||
  384:                         i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
  385:                         continue;
  386:                 else if ( i <= 0 && !*ok)
  387:                         return i;
  388: 
  389:                 /* Note that s->init_sum is used as a counter summing
  390:                  * up fragments' lengths: as soon as they sum up to
  391:                  * handshake packet length, we assume we have got all
  392:                  * the fragments. Overlapping fragments would cause
  393:                  * premature termination, so we don't expect overlaps.
  394:                  * Well, handling overlaps would require something more
  395:                  * drastic. Indeed, as it is now there is no way to
  396:                  * tell if out-of-order fragment from the middle was
  397:                  * the last. '>=' is the best/least we can do to control
  398:                  * the potential damage caused by malformed overlaps. */
  399:                 if ((unsigned int)s->init_num >= msg_hdr->msg_len)
  400:                         {
  401:                         unsigned char *p = (unsigned char *)s->init_buf->data;
  402:                         unsigned long msg_len = msg_hdr->msg_len;
  403: 
  404:                         /* reconstruct message header as if it was
  405:                          * sent in single fragment */
  406:                         *(p++) = msg_hdr->type;
  407:                         l2n3(msg_len,p);
  408:                         s2n (msg_hdr->seq,p);
  409:                         l2n3(0,p);
  410:                         l2n3(msg_len,p);
  411:                         if (s->client_version != DTLS1_BAD_VER)
  412:                                 p       -= DTLS1_HM_HEADER_LENGTH,
  413:                                 msg_len += DTLS1_HM_HEADER_LENGTH;
  414: 
  415:                         ssl3_finish_mac(s, p, msg_len);
  416:                         if (s->msg_callback)
  417:                                 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
  418:                                         p, msg_len,
  419:                                         s, s->msg_callback_arg);
  420: 
  421:                         memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
  422: 
  423:                         s->d1->handshake_read_seq++;
  424:                         /* we just read a handshake message from the other side:
  425:                          * this means that we don't need to retransmit of the
  426:                          * buffered messages.  
  427:                          * XDTLS: may be able clear out this
  428:                          * buffer a little sooner (i.e if an out-of-order
  429:                          * handshake message/record is received at the record
  430:                          * layer.  
  431:                          * XDTLS: exception is that the server needs to
  432:                          * know that change cipher spec and finished messages
  433:                          * have been received by the client before clearing this
  434:                          * buffer.  this can simply be done by waiting for the
  435:                          * first data  segment, but is there a better way?  */
  436:                         dtls1_clear_record_buffer(s);
  437: 
  438:                         s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
  439:                         return s->init_num;
  440:                         }
  441:                 else
  442:                         msg_hdr->frag_off = i;
  443:                 } while(1) ;
  444: 
  445: f_err:
  446:         ssl3_send_alert(s,SSL3_AL_FATAL,al);
  447:         *ok = 0;
  448:         return -1;
  449:         }
  450: 
  451: 
  452: static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max)
  453:         {
  454:         size_t frag_off,frag_len,msg_len;
  455: 
  456:         msg_len  = msg_hdr->msg_len;
  457:         frag_off = msg_hdr->frag_off;
  458:         frag_len = msg_hdr->frag_len;
  459: 
  460:         /* sanity checking */
  461:         if ( (frag_off+frag_len) > msg_len)
  462:                 {
  463:                 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
  464:                 return SSL_AD_ILLEGAL_PARAMETER;
  465:                 }
  466: 
  467:         if ( (frag_off+frag_len) > (unsigned long)max)
  468:                 {
  469:                 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
  470:                 return SSL_AD_ILLEGAL_PARAMETER;
  471:                 }
  472: 
  473:         if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
  474:                 {
  475:                 /* msg_len is limited to 2^24, but is effectively checked
  476:                  * against max above */
  477:                 if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH))
  478:                         {
  479:                         SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
  480:                         return SSL_AD_INTERNAL_ERROR;
  481:                         }
  482: 
  483:                 s->s3->tmp.message_size  = msg_len;
  484:                 s->d1->r_msg_hdr.msg_len = msg_len;
  485:                 s->s3->tmp.message_type  = msg_hdr->type;
  486:                 s->d1->r_msg_hdr.type    = msg_hdr->type;
  487:                 s->d1->r_msg_hdr.seq     = msg_hdr->seq;
  488:                 }
  489:         else if (msg_len != s->d1->r_msg_hdr.msg_len)
  490:                 {
  491:                 /* They must be playing with us! BTW, failure to enforce
  492:                  * upper limit would open possibility for buffer overrun. */
  493:                 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
  494:                 return SSL_AD_ILLEGAL_PARAMETER;
  495:                 }
  496: 
  497:         return 0; /* no error */
  498:         }
  499: 
  500: 
  501: static int
  502: dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
  503:         {
  504:         /* (0) check whether the desired fragment is available
  505:          * if so:
  506:          * (1) copy over the fragment to s->init_buf->data[]
  507:          * (2) update s->init_num
  508:          */
  509:         pitem *item;
  510:         hm_fragment *frag;
  511:         int al;
  512: 
  513:         *ok = 0;
  514:         item = pqueue_peek(s->d1->buffered_messages);
  515:         if ( item == NULL)
  516:                 return 0;
  517: 
  518:         frag = (hm_fragment *)item->data;
  519: 
  520:         if ( s->d1->handshake_read_seq == frag->msg_header.seq)
  521:                 {
  522:                 pqueue_pop(s->d1->buffered_messages);
  523: 
  524:                 al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
  525: 
  526:                 if (al==0) /* no alert */
  527:                         {
  528:                         unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
  529:                         memcpy(&p[frag->msg_header.frag_off],
  530:                                 frag->fragment,frag->msg_header.frag_len);
  531:                         }
  532: 
  533:                 dtls1_hm_fragment_free(frag);
  534:                 pitem_free(item);
  535: 
  536:                 if (al==0)
  537:                         {
  538:                         *ok = 1;
  539:                         return frag->msg_header.frag_len;
  540:                         }
  541: 
  542:                 ssl3_send_alert(s,SSL3_AL_FATAL,al);
  543:                 s->init_num = 0;
  544:                 *ok = 0;
  545:                 return -1;
  546:                 }
  547:         else
  548:                 return 0;
  549:         }
  550: 
  551: 
  552: static int
  553: dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
  554: {
  555: