generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Encapsulate s->s3->rrec

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
2015-01-30 17:29:41 +00:00
parent ab97b2cd43
commit 258f8721a5
12 changed files with 352 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/Makefile
View File

@@ -30,7 +30,7 @@ LIBSRC= \
ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \
ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \ ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \
bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \
record/ssl3_buffer.c record/ssl3_buffer.c record/ssl3_record.c
LIBOBJ= \ LIBOBJ= \
s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \ s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
@@ -41,7 +41,7 @@ LIBOBJ= \
ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_ciph.o ssl_stat.o ssl_rsa.o \
ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \ ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \
bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \ bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \
record/ssl3_buffer.o record/ssl3_buffer.o record/ssl3_record.o
SRC= $(LIBSRC) SRC= $(LIBSRC)

15
ssl/d1_both.c
View File

@@ -1349,25 +1349,28 @@ int dtls1_shutdown(SSL *s)
#ifndef OPENSSL_NO_HEARTBEATS #ifndef OPENSSL_NO_HEARTBEATS
int dtls1_process_heartbeat(SSL *s) int dtls1_process_heartbeat(SSL *s)
{ {
unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned char *p, *pl;
unsigned short hbtype; unsigned short hbtype;
unsigned int payload; unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */ unsigned int padding = 16; /* Use minimum padding */
unsigned int length;
p = SSL3_RECORD_get_data(RECORD_LAYER_get_rrec(&s->rlayer));
length = SSL3_RECORD_get_length(RECORD_LAYER_get_rrec(&s->rlayer));
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length, p, length, s, s->msg_callback_arg);
s, s->msg_callback_arg);
/* Read type and payload length first */ /* Read type and payload length first */
if (1 + 2 + 16 > s->s3->rrec.length) if (1 + 2 + 16 > length)
return 0; /* silently discard */ return 0; /* silently discard */
if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH) if (length > SSL3_RT_MAX_PLAIN_LENGTH)
return 0; /* silently discard per RFC 6520 sec. 4 */ return 0; /* silently discard per RFC 6520 sec. 4 */
hbtype = *p++; hbtype = *p++;
n2s(p, payload); n2s(p, payload);
if (1 + 2 + payload + 16 > s->s3->rrec.length) if (1 + 2 + payload + 16 > length)
return 0; /* silently discard per RFC 6520 sec. 4 */ return 0; /* silently discard per RFC 6520 sec. 4 */
pl = p; pl = p;

20
ssl/d1_pkt.c
View File

@@ -204,7 +204,8 @@ static int dtls1_copy_record(SSL *s, pitem *item)
s->packet_length = rdata->packet_length; s->packet_length = rdata->packet_length;
memcpy(RECORD_LAYER_get_rbuf(&s->rlayer), &(rdata->rbuf), memcpy(RECORD_LAYER_get_rbuf(&s->rlayer), &(rdata->rbuf),
sizeof(SSL3_BUFFER)); sizeof(SSL3_BUFFER));
memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); memcpy(RECORD_LAYER_get_rrec(&s->rlayer), &(rdata->rrec),
sizeof(SSL3_RECORD));
/* Set proper sequence number for mac calculation */ /* Set proper sequence number for mac calculation */
memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
@@ -238,7 +239,8 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
rdata->packet_length = s->packet_length; rdata->packet_length = s->packet_length;
memcpy(&(rdata->rbuf), RECORD_LAYER_get_rbuf(&s->rlayer), memcpy(&(rdata->rbuf), RECORD_LAYER_get_rbuf(&s->rlayer),
sizeof(SSL3_BUFFER)); sizeof(SSL3_BUFFER));
memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); memcpy(&(rdata->rrec), RECORD_LAYER_get_rrec(&s->rlayer),
sizeof(SSL3_RECORD));
item->data = rdata; item->data = rdata;
@@ -255,7 +257,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
s->packet = NULL; s->packet = NULL;
s->packet_length = 0; s->packet_length = 0;
memset(RECORD_LAYER_get_rbuf(&s->rlayer), 0, sizeof(SSL3_BUFFER)); memset(RECORD_LAYER_get_rbuf(&s->rlayer), 0, sizeof(SSL3_BUFFER));
memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); memset(RECORD_LAYER_get_rrec(&s->rlayer), 0, sizeof(SSL3_RECORD));
if (!ssl3_setup_buffers(s)) { if (!ssl3_setup_buffers(s)) {
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
@@ -328,7 +330,7 @@ static int dtls1_process_buffered_records(SSL *s)
if (!dtls1_process_record(s)) if (!dtls1_process_record(s))
return (0); return (0);
if (dtls1_buffer_record(s, &(s->d1->processed_rcds), if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
s->s3->rrec.seq_num) < 0) SSL3_RECORD_get_seq_num(RECORD_LAYER_get_rrec(&s->rlayer))) < 0)
return -1; return -1;
} }
} }
@@ -352,7 +354,7 @@ static int dtls1_process_record(SSL *s)
unsigned int mac_size; unsigned int mac_size;
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
rr = &(s->s3->rrec); rr = RECORD_LAYER_get_rrec(&s->rlayer);
sess = s->session; sess = s->session;
/* /*
@@ -527,7 +529,7 @@ int dtls1_get_record(SSL *s)
DTLS1_BITMAP *bitmap; DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch; unsigned int is_next_epoch;
rr = &(s->s3->rrec); rr = RECORD_LAYER_get_rrec(&s->rlayer);
/* /*
* The epoch may have changed. If so, process all the pending records. * The epoch may have changed. If so, process all the pending records.
@@ -780,7 +782,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
* s->s3->rrec.off, - offset into 'data' for next read * s->s3->rrec.off, - offset into 'data' for next read
* s->s3->rrec.length, - number of bytes. * s->s3->rrec.length, - number of bytes.
*/ */
rr = &(s->s3->rrec); rr = RECORD_LAYER_get_rrec(&s->rlayer);
/* /*
* We are not handshaking and have no data yet, so process data buffered * We are not handshaking and have no data yet, so process data buffered
@@ -1629,7 +1631,7 @@ static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
cmp = satsub64be(seq, bitmap->max_seq_num); cmp = satsub64be(seq, bitmap->max_seq_num);
if (cmp > 0) { if (cmp > 0) {
memcpy(s->s3->rrec.seq_num, seq, 8); SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
return 1; /* this record in new */ return 1; /* this record in new */
} }
shift = -cmp; shift = -cmp;
@@ -1638,7 +1640,7 @@ static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
else if (bitmap->map & (1UL << shift)) else if (bitmap->map & (1UL << shift))
return 0; /* record previously received */ return 0; /* record previously received */
memcpy(s->s3->rrec.seq_num, seq, 8); SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
return 1; return 1;
} }

1
ssl/record/rec_layer.h
View File

@@ -130,3 +130,4 @@ typedef struct record_layer_st {
#define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) #define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead)
#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) #define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
#define RECORD_LAYER_get_wbuf(rl) (&(rl)->wbuf) #define RECORD_LAYER_get_wbuf(rl) (&(rl)->wbuf)
#define RECORD_LAYER_get_rrec(rl) (&(rl)->s->s3->rrec)

138
ssl/record/ssl3_record.c Normal file
View File

@@ -0,0 +1,138 @@
/* ssl/record/ssl3_record.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "../ssl_locl.h"
void SSL3_RECORD_clear(SSL3_RECORD *r)
{
memset(r->seq_num, 0, sizeof(r->seq_num));
}
void SSL3_RECORD_release(SSL3_RECORD *r)
{
if (r->comp != NULL)
OPENSSL_free(r->comp);
r->comp = NULL;
}
int SSL3_RECORD_setup(SSL3_RECORD *r, size_t len)
{
if (r->comp == NULL)
r->comp = (unsigned char *) OPENSSL_malloc(len);
if (r->comp == NULL)
return 0;
return 1;
}
void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
{
memcpy(r->seq_num, seq_num, 8);
}

162
ssl/record/ssl3_record.h Normal file
View File

@@ -0,0 +1,162 @@
/* ssl/record/ssl3_record.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
typedef struct ssl3_record_st {
/* type of record */
/*
* r
*/ int type;
/* How many bytes available */
/*
* rw
*/ unsigned int length;
/*
* How many bytes were available before padding was removed? This is used
* to implement the MAC check in constant time for CBC records.
*/
/*
* rw
*/ unsigned int orig_len;
/* read/write offset into 'buf' */
/*
* r
*/ unsigned int off;
/* pointer to the record data */
/*
* rw
*/ unsigned char *data;
/* where the decode bytes are */
/*
* rw
*/ unsigned char *input;
/* only used with decompression - malloc()ed */
/*
* r
*/ unsigned char *comp;
/* epoch number, needed by DTLS1 */
/*
* r
*/ unsigned long epoch;
/* sequence number, needed by DTLS1 */
/*
* r
*/ unsigned char seq_num[8];
} SSL3_RECORD;
#define SSL3_RECORD_get_type(r) ((r)->type)
#define SSL3_RECORD_get_length(r) ((r)->length)
#define SSL3_RECORD_get_data(r) ((r)->data)
#define SSL3_RECORD_get_seq_num(r) ((r)->seq_num)
void SSL3_RECORD_clear(SSL3_RECORD *r);
void SSL3_RECORD_release(SSL3_RECORD *r);
int SSL3_RECORD_setup(SSL3_RECORD *r, size_t len);
void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);

10
ssl/s3_enc.c
View File

@@ -270,10 +270,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
SSL_R_COMPRESSION_LIBRARY_ERROR); SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2; goto err2;
} }
if (s->s3->rrec.comp == NULL) if(!SSL3_RECORD_setup(RECORD_LAYER_get_rrec(&s->rlayer),
s->s3->rrec.comp = (unsigned char *) SSL3_RT_MAX_PLAIN_LENGTH))
OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err; goto err;
} }
#endif #endif
@@ -509,7 +507,7 @@ int ssl3_enc(SSL *s, int send)
enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
} else { } else {
ds = s->enc_read_ctx; ds = s->enc_read_ctx;
rec = &(s->s3->rrec); rec = RECORD_LAYER_get_rrec(&s->rlayer);
if (s->enc_read_ctx == NULL) if (s->enc_read_ctx == NULL)
enc = NULL; enc = NULL;
else else
@@ -732,7 +730,7 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
seq = &(ssl->s3->write_sequence[0]); seq = &(ssl->s3->write_sequence[0]);
hash = ssl->write_hash; hash = ssl->write_hash;
} else { } else {
rec = &(ssl->s3->rrec); rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
mac_sec = &(ssl->s3->read_mac_secret[0]); mac_sec = &(ssl->s3->read_mac_secret[0]);
seq = &(ssl->s3->read_sequence[0]); seq = &(ssl->s3->read_sequence[0]);
hash = ssl->read_hash; hash = ssl->read_hash;

20
ssl/s3_lib.c
View File

@@ -3083,8 +3083,9 @@ int ssl3_pending(const SSL *s)
if (s->rstate == SSL_ST_READ_BODY) if (s->rstate == SSL_ST_READ_BODY)
return 0; return 0;
return (s->s3->rrec.type == return (SSL3_RECORD_get_type(RECORD_LAYER_get_rrec(&s->rlayer))
SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; == SSL3_RT_APPLICATION_DATA)
? SSL3_RECORD_get_length(RECORD_LAYER_get_rrec(&s->rlayer)) : 0;
} }
int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
@@ -3110,11 +3111,10 @@ int ssl3_new(SSL *s)
if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
goto err; goto err;
memset(s3, 0, sizeof *s3); memset(s3, 0, sizeof *s3);
memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
s->s3 = s3; s->s3 = s3;
SSL3_RECORD_clear(RECORD_LAYER_get_rrec(&s->rlayer));
memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
if(!SSL_SRP_CTX_init(s)) if(!SSL_SRP_CTX_init(s))
goto err; goto err;
@@ -3131,8 +3131,7 @@ void ssl3_free(SSL *s)
return; return;
ssl3_cleanup_key_block(s); ssl3_cleanup_key_block(s);
if (s->s3->rrec.comp != NULL) SSL3_RECORD_release(RECORD_LAYER_get_rrec(&s->rlayer));
OPENSSL_free(s->s3->rrec.comp);
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh); DH_free(s->s3->tmp.dh);
#endif #endif
@@ -3166,10 +3165,7 @@ void ssl3_clear(SSL *s)
if (s->s3->tmp.ca_names != NULL) if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
if (s->s3->rrec.comp != NULL) { SSL3_RECORD_release(RECORD_LAYER_get_rrec(&s->rlayer));
OPENSSL_free(s->s3->rrec.comp);
s->s3->rrec.comp = NULL;
}
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh); DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL; s->s3->tmp.dh = NULL;

6
ssl/s3_pkt.c
View File

@@ -316,7 +316,7 @@ static int ssl3_get_record(SSL *s)
size_t extra; size_t extra;
unsigned empty_record_count = 0; unsigned empty_record_count = 0;
rr = &(s->s3->rrec); rr = RECORD_LAYER_get_rrec(&s->rlayer);
sess = s->session; sess = s->session;
if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
@@ -600,7 +600,7 @@ int ssl3_do_uncompress(SSL *ssl)
int i; int i;
SSL3_RECORD *rr; SSL3_RECORD *rr;
rr = &(ssl->s3->rrec); rr = RECORD_LAYER_get_rrec(&ssl->rlayer);
i = COMP_expand_block(ssl->expand, rr->comp, i = COMP_expand_block(ssl->expand, rr->comp,
SSL3_RT_MAX_PLAIN_LENGTH, rr->data, SSL3_RT_MAX_PLAIN_LENGTH, rr->data,
(int)rr->length); (int)rr->length);
@@ -1235,7 +1235,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
* s->s3->rrec.off, - offset into 'data' for next read * s->s3->rrec.off, - offset into 'data' for next read
* s->s3->rrec.length, - number of bytes. * s->s3->rrec.length, - number of bytes.
*/ */
rr = &(s->s3->rrec); rr = RECORD_LAYER_get_rrec(&s->rlayer);
/* get new packet if necessary */ /* get new packet if necessary */
if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {

44
ssl/ssl_locl.h
View File

@@ -166,6 +166,7 @@
# include <openssl/symhacks.h> # include <openssl/symhacks.h>
#include "record/ssl3_buffer.h" #include "record/ssl3_buffer.h"
#include "record/ssl3_record.h"
#include "record/rec_layer.h" #include "record/rec_layer.h"
# ifdef OPENSSL_BUILD_SHLIBSSL # ifdef OPENSSL_BUILD_SHLIBSSL
@@ -1223,47 +1224,6 @@ struct ssl_st {
RECORD_LAYER rlayer; RECORD_LAYER rlayer;
}; };
typedef struct ssl3_record_st {
/* type of record */
/*
* r
*/ int type;
/* How many bytes available */
/*
* rw
*/ unsigned int length;
/*
* How many bytes were available before padding was removed? This is used
* to implement the MAC check in constant time for CBC records.
*/
/*
* rw
*/ unsigned int orig_len;
/* read/write offset into 'buf' */
/*
* r
*/ unsigned int off;
/* pointer to the record data */
/*
* rw
*/ unsigned char *data;
/* where the decode bytes are */
/*
* rw
*/ unsigned char *input;
/* only used with decompression - malloc()ed */
/*
* r
*/ unsigned char *comp;
/* epoch number, needed by DTLS1 */
/*
* r
*/ unsigned long epoch;
/* sequence number, needed by DTLS1 */
/*
* r
*/ unsigned char seq_num[8];
} SSL3_RECORD;
typedef struct ssl3_state_st { typedef struct ssl3_state_st {
long flags; long flags;
@@ -1281,7 +1241,7 @@ typedef struct ssl3_state_st {
int empty_fragment_done; int empty_fragment_done;
/* The value of 'extra' when the buffers were initialized */ /* The value of 'extra' when the buffers were initialized */
int init_extra; int init_extra;
SSL3_RECORD rrec; /* each decoded record goes in here */ SSL3_RECORD rrec; /* each decoded record goes in here */
SSL3_RECORD wrec; /* goes out from here */ SSL3_RECORD wrec; /* goes out from here */
/* /*
* storage for Alert/Handshake protocol data received but not yet * storage for Alert/Handshake protocol data received but not yet

10
ssl/t1_enc.c
View File

@@ -396,10 +396,8 @@ int tls1_change_cipher_state(SSL *s, int which)
SSL_R_COMPRESSION_LIBRARY_ERROR); SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2; goto err2;
} }
if (s->s3->rrec.comp == NULL) if (SSL3_RECORD_setup(RECORD_LAYER_get_rrec(&s->rlayer),
s->s3->rrec.comp = (unsigned char *) SSL3_RT_MAX_ENCRYPTED_LENGTH))
OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err; goto err;
} }
#endif #endif
@@ -782,7 +780,7 @@ int tls1_enc(SSL *s, int send)
OPENSSL_assert(n >= 0); OPENSSL_assert(n >= 0);
} }
ds = s->enc_read_ctx; ds = s->enc_read_ctx;
rec = &(s->s3->rrec); rec = RECORD_LAYER_get_rrec(&s->rlayer);
if (s->enc_read_ctx == NULL) if (s->enc_read_ctx == NULL)
enc = NULL; enc = NULL;
else else
@@ -977,7 +975,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
seq = &(ssl->s3->write_sequence[0]); seq = &(ssl->s3->write_sequence[0]);
hash = ssl->write_hash; hash = ssl->write_hash;
} else { } else {
rec = &(ssl->s3->rrec); rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
seq = &(ssl->s3->read_sequence[0]); seq = &(ssl->s3->read_sequence[0]);
hash = ssl->read_hash; hash = ssl->read_hash;
} }

12
ssl/t1_lib.c
View File

@@ -3594,22 +3594,26 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
# ifndef OPENSSL_NO_HEARTBEATS # ifndef OPENSSL_NO_HEARTBEATS
int tls1_process_heartbeat(SSL *s) int tls1_process_heartbeat(SSL *s)
{ {
unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned char *p, *pl;
unsigned short hbtype; unsigned short hbtype;
unsigned int payload; unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */ unsigned int padding = 16; /* Use minimum padding */
unsigned int length;
p = SSL3_RECORD_get_data(RECORD_LAYER_get_rrec(&s->rlayer));
length = SSL3_RECORD_get_length(RECORD_LAYER_get_rrec(&s->rlayer));
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length, p, length,
s, s->msg_callback_arg); s, s->msg_callback_arg);
/* Read type and payload length first */ /* Read type and payload length first */
if (1 + 2 + 16 > s->s3->rrec.length) if (1 + 2 + 16 > length)
return 0; /* silently discard */ return 0; /* silently discard */
hbtype = *p++; hbtype = *p++;
n2s(p, payload); n2s(p, payload);
if (1 + 2 + payload + 16 > s->s3->rrec.length) if (1 + 2 + payload + 16 > length)
return 0; /* silently discard per RFC 6520 sec. 4 */ return 0; /* silently discard per RFC 6520 sec. 4 */
pl = p; pl = p;