generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Encapsulate SSL3_BUFFER and all access to s->s3->rbuf.

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2015-01-30 14:57:54 +00:00
parent 52e1d7b152
commit 28d59af874
12 changed files with 334 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/Makefile
View File

@ -29,7 +29,8 @@ LIBSRC= \
ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \
ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \ ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \
bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \
record/ssl3_buffer.c
LIBOBJ= \ LIBOBJ= \
s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \ s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
@ -39,7 +40,8 @@ LIBOBJ= \
ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_ciph.o ssl_stat.o ssl_rsa.o \
ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \ ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \
bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \
record/ssl3_buffer.o
SRC= $(LIBSRC) SRC= $(LIBSRC)

26
ssl/d1_pkt.c
View File

@ -198,12 +198,12 @@ static int dtls1_copy_record(SSL *s, pitem *item)
rdata = (DTLS1_RECORD_DATA *)item->data; rdata = (DTLS1_RECORD_DATA *)item->data;
if (s->s3->rbuf.buf != NULL) SSL3_BUFFER_release(RECORD_LAYER_get_rbuf(&s->rlayer));
OPENSSL_free(s->s3->rbuf.buf);
s->packet = rdata->packet; s->packet = rdata->packet;
s->packet_length = rdata->packet_length; s->packet_length = rdata->packet_length;
memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); memcpy(RECORD_LAYER_get_rbuf(&s->rlayer), &(rdata->rbuf),
sizeof(SSL3_BUFFER));
memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
/* Set proper sequence number for mac calculation */ /* Set proper sequence number for mac calculation */
@ -236,7 +236,8 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
rdata->packet = s->packet; rdata->packet = s->packet;
rdata->packet_length = s->packet_length; rdata->packet_length = s->packet_length;
memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); memcpy(&(rdata->rbuf), RECORD_LAYER_get_rbuf(&s->rlayer),
sizeof(SSL3_BUFFER));
memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
item->data = rdata; item->data = rdata;
@ -253,7 +254,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
s->packet = NULL; s->packet = NULL;
s->packet_length = 0; s->packet_length = 0;
memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); memset(RECORD_LAYER_get_rbuf(&s->rlayer), 0, sizeof(SSL3_BUFFER));
memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
if (!ssl3_setup_buffers(s)) { if (!ssl3_setup_buffers(s)) {
@ -544,7 +545,8 @@ int dtls1_get_record(SSL *s)
/* check if we have the header */ /* check if we have the header */
if ((s->rstate != SSL_ST_READ_BODY) || if ((s->rstate != SSL_ST_READ_BODY) ||
(s->packet_length < DTLS1_RT_HEADER_LENGTH)) { (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer)), 0);
/* read timeout is handled by dtls1_read_bytes */ /* read timeout is handled by dtls1_read_bytes */
if (n <= 0) if (n <= 0)
return (n); /* error or non-blocking */ return (n); /* error or non-blocking */
@ -722,9 +724,11 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
SSL3_RECORD *rr; SSL3_RECORD *rr;
void (*cb) (const SSL *ssl, int type2, int val) = NULL; void (*cb) (const SSL *ssl, int type2, int val) = NULL;
if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer))) {
/* Not initialized yet */
if (!ssl3_setup_buffers(s)) if (!ssl3_setup_buffers(s))
return (-1); return (-1);
}
if ((type && (type != SSL3_RT_APPLICATION_DATA) && if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
(type != SSL3_RT_HANDSHAKE)) || (type != SSL3_RT_HANDSHAKE)) ||
@ -1047,7 +1051,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
} }
if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ if (SSL3_BUFFER_get_left(
RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) {
/* no read-ahead left? */
BIO *bio; BIO *bio;
/* /*
* In the case where we try to read application data, * In the case where we try to read application data,
@ -1269,7 +1275,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
} }
if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ if (SSL3_BUFFER_get_left(
RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) {
/* no read-ahead left? */
BIO *bio; BIO *bio;
/* /*
* In the case where we try to read application data, but we * In the case where we try to read application data, but we

4
ssl/record/rec_layer.h
View File

@ -110,6 +110,8 @@
*/ */
typedef struct record_layer_st { typedef struct record_layer_st {
/* The parent SSL structure */
SSL *s;
/* /*
* Read as many input bytes as possible (for * Read as many input bytes as possible (for
* non-blocking reads) * non-blocking reads)
@ -117,5 +119,7 @@ typedef struct record_layer_st {
int read_ahead; int read_ahead;
} RECORD_LAYER; } RECORD_LAYER;
#define RECORD_LAYER_set_ssl(rl, s) ((rl)->s = (s))
#define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra)) #define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra))
#define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) #define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead)
#define RECORD_LAYER_get_rbuf(rl) (&(rl)->s->s3->rbuf)

127
ssl/record/ssl3_buffer.c Normal file
View File

@ -0,0 +1,127 @@
/* ssl/record/ssl3_buffer.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "../ssl_locl.h"
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, unsigned char *d, int n)
{
if(d != NULL)
memcpy(b->buf, d, n);
b->left = n;
b->offset = 0;
}
void SSL3_BUFFER_release(SSL3_BUFFER *b)
{
if (b->buf != NULL)
OPENSSL_free(b->buf);
b->buf = NULL;
}

132
ssl/record/ssl3_buffer.h Normal file
View File

@ -0,0 +1,132 @@
/* ssl/record/ssl3_buffer.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
typedef struct ssl3_buffer_st {
/* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
unsigned char *buf;
/* buffer size */
size_t len;
/* where to 'copy from' */
int offset;
/* how many bytes left */
int left;
} SSL3_BUFFER;
#define SSL3_BUFFER_get_buf(b) ((b)->buf)
#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n))
#define SSL3_BUFFER_get_len(b) ((b)->len)
#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l))
#define SSL3_BUFFER_get_left(b) ((b)->left)
#define SSL3_BUFFER_is_initialised(b) ((b)->buf != NULL)
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, unsigned char *d, int n);
void SSL3_BUFFER_release(SSL3_BUFFER *b);

10
ssl/s23_clnt.c
View File

@ -481,7 +481,7 @@ static int ssl23_client_hello(SSL *s)
static int ssl23_get_server_hello(SSL *s) static int ssl23_get_server_hello(SSL *s)
{ {
char buf[8]; unsigned char buf[8];
unsigned char *p; unsigned char *p;
int i; int i;
int n; int n;
@ -575,13 +575,11 @@ static int ssl23_get_server_hello(SSL *s)
*/ */
s->rstate = SSL_ST_READ_HEADER; s->rstate = SSL_ST_READ_HEADER;
s->packet_length = n; s->packet_length = n;
if (s->s3->rbuf.buf == NULL) if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer)))
if (!ssl3_setup_read_buffer(s)) if (!ssl3_setup_read_buffer(s))
goto err; goto err;
s->packet = &(s->s3->rbuf.buf[0]); s->packet = SSL3_BUFFER_get_buf(RECORD_LAYER_get_rbuf(&s->rlayer));
memcpy(s->packet, buf, n); SSL3_BUFFER_set_data(RECORD_LAYER_get_rbuf(&s->rlayer), buf, n);
s->s3->rbuf.left = n;
s->s3->rbuf.offset = 0;
s->handshake_func = s->method->ssl_connect; s->handshake_func = s->method->ssl_connect;
} else { } else {

15
ssl/s23_srvr.c
View File

@ -244,8 +244,8 @@ int ssl23_get_client_hello(SSL *s)
* 6-8 length > Client Hello message * 6-8 length > Client Hello message
* 9/10 client_version / * 9/10 client_version /
*/ */
char buf_space[11]; unsigned char buf_space[11];
char *buf = &(buf_space[0]); unsigned char *buf = &(buf_space[0]);
unsigned char *p, *d, *d_len, *dd; unsigned char *p, *d, *d_len, *dd;
unsigned int i; unsigned int i;
unsigned int csl, sil, cl; unsigned int csl, sil, cl;
@ -558,18 +558,15 @@ int ssl23_get_client_hello(SSL *s)
*/ */
s->rstate = SSL_ST_READ_HEADER; s->rstate = SSL_ST_READ_HEADER;
s->packet_length = n; s->packet_length = n;
if (s->s3->rbuf.buf == NULL) if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer)))
if (!ssl3_setup_read_buffer(s)) if (!ssl3_setup_read_buffer(s))
goto err; goto err;
s->packet = &(s->s3->rbuf.buf[0]); s->packet = SSL3_BUFFER_get_buf(RECORD_LAYER_get_rbuf(&s->rlayer));
memcpy(s->packet, buf, n); SSL3_BUFFER_set_data(RECORD_LAYER_get_rbuf(&s->rlayer), buf, n);
s->s3->rbuf.left = n;
s->s3->rbuf.offset = 0;
} else { } else {
s->packet_length = 0; s->packet_length = 0;
s->s3->rbuf.left = 0; SSL3_BUFFER_set_data(RECORD_LAYER_get_rbuf(&s->rlayer), NULL, 0);
s->s3->rbuf.offset = 0;
} }
s->handshake_func = s->method->ssl_accept; s->handshake_func = s->method->ssl_accept;
} else { } else {

20
ssl/s3_both.c
View File

@ -577,6 +577,9 @@ int ssl3_setup_read_buffer(SSL *s)
{ {
unsigned char *p; unsigned char *p;
size_t len, align = 0, headerlen; size_t len, align = 0, headerlen;
SSL3_BUFFER *b;
b = RECORD_LAYER_get_rbuf(&s->rlayer);
if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
headerlen = DTLS1_RT_HEADER_LENGTH; headerlen = DTLS1_RT_HEADER_LENGTH;
@ -587,7 +590,7 @@ int ssl3_setup_read_buffer(SSL *s)
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
#endif #endif
if (s->s3->rbuf.buf == NULL) { if (b->buf == NULL) {
len = SSL3_RT_MAX_PLAIN_LENGTH len = SSL3_RT_MAX_PLAIN_LENGTH
+ SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
@ -600,11 +603,11 @@ int ssl3_setup_read_buffer(SSL *s)
#endif #endif
if ((p = OPENSSL_malloc(len)) == NULL) if ((p = OPENSSL_malloc(len)) == NULL)
goto err; goto err;
s->s3->rbuf.buf = p; b->buf = p;
s->s3->rbuf.len = len; b->len = len;
} }
s->packet = &(s->s3->rbuf.buf[0]); s->packet = &(b->buf[0]);
return 1; return 1;
err: err:
@ -669,9 +672,12 @@ int ssl3_release_write_buffer(SSL *s)
int ssl3_release_read_buffer(SSL *s) int ssl3_release_read_buffer(SSL *s)
{ {
if (s->s3->rbuf.buf != NULL) { SSL3_BUFFER *b;
OPENSSL_free(s->s3->rbuf.buf);
s->s3->rbuf.buf = NULL; b = RECORD_LAYER_get_rbuf(&s->rlayer);
if (b->buf != NULL) {
OPENSSL_free(b->buf);
b->buf = NULL;
} }
return 1; return 1;
} }

12
ssl/s3_lib.c
View File

@ -3131,7 +3131,7 @@ void ssl3_free(SSL *s)
return; return;
ssl3_cleanup_key_block(s); ssl3_cleanup_key_block(s);
if (s->s3->rbuf.buf != NULL) if (SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer)))
ssl3_release_read_buffer(s); ssl3_release_read_buffer(s);
if (s->s3->wbuf.buf != NULL) if (s->s3->wbuf.buf != NULL)
ssl3_release_write_buffer(s); ssl3_release_write_buffer(s);
@ -3190,9 +3190,9 @@ void ssl3_clear(SSL *s)
# endif /* !OPENSSL_NO_EC */ # endif /* !OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_TLSEXT */ #endif /* !OPENSSL_NO_TLSEXT */
rp = s->s3->rbuf.buf; rp = SSL3_BUFFER_get_buf(RECORD_LAYER_get_rbuf(&s->rlayer));
wp = s->s3->wbuf.buf; wp = s->s3->wbuf.buf;
rlen = s->s3->rbuf.len; rlen = SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer));
wlen = s->s3->wbuf.len; wlen = s->s3->wbuf.len;
init_extra = s->s3->init_extra; init_extra = s->s3->init_extra;
BIO_free(s->s3->handshake_buffer); BIO_free(s->s3->handshake_buffer);
@ -3207,9 +3207,9 @@ void ssl3_clear(SSL *s)
} }
#endif #endif
memset(s->s3, 0, sizeof *s->s3); memset(s->s3, 0, sizeof *s->s3);
s->s3->rbuf.buf = rp; SSL3_BUFFER_set_buf(RECORD_LAYER_get_rbuf(&s->rlayer), rp);
s->s3->wbuf.buf = wp; s->s3->wbuf.buf = wp;
s->s3->rbuf.len = rlen; SSL3_BUFFER_set_len(RECORD_LAYER_get_rbuf(&s->rlayer), rlen);
s->s3->wbuf.len = wlen; s->s3->wbuf.len = wlen;
s->s3->init_extra = init_extra; s->s3->init_extra = init_extra;
@ -4494,7 +4494,7 @@ int ssl3_renegotiate_check(SSL *s)
int ret = 0; int ret = 0;
if (s->s3->renegotiate) { if (s->s3->renegotiate) {
if ((s->s3->rbuf.left == 0) && if ((SSL3_BUFFER_get_left(RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) &&
(s->s3->wbuf.left == 0) && !SSL_in_init(s)) { (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
/* /*
* if we are the server, and we have sent a 'RENEGOTIATE' * if we are the server, and we have sent a 'RENEGOTIATE'

23
ssl/s3_pkt.c
View File

@ -153,7 +153,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
if (n <= 0) if (n <= 0)
return n; return n;
rb = &(s->s3->rbuf); rb = RECORD_LAYER_get_rbuf(&s->rlayer);
if (rb->buf == NULL) if (rb->buf == NULL)
if (!ssl3_setup_read_buffer(s)) if (!ssl3_setup_read_buffer(s))
return -1; return -1;
@ -336,7 +336,8 @@ static int ssl3_get_record(SSL *s)
/* check if we have the header */ /* check if we have the header */
if ((s->rstate != SSL_ST_READ_BODY) || if ((s->rstate != SSL_ST_READ_BODY) ||
(s->packet_length < SSL3_RT_HEADER_LENGTH)) { (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer)), 0);
if (n <= 0) if (n <= 0)
return (n); /* error or non-blocking */ return (n); /* error or non-blocking */
s->rstate = SSL_ST_READ_BODY; s->rstate = SSL_ST_READ_BODY;
@ -373,7 +374,9 @@ static int ssl3_get_record(SSL *s)
goto err; goto err;
} }
if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { if (rr->length >
SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer))
- SSL3_RT_HEADER_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW; al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
goto f_err; goto f_err;
@ -1174,9 +1177,11 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
SSL3_RECORD *rr; SSL3_RECORD *rr;
void (*cb) (const SSL *ssl, int type2, int val) = NULL; void (*cb) (const SSL *ssl, int type2, int val) = NULL;
if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer))) {
/* Not initialized yet */
if (!ssl3_setup_read_buffer(s)) if (!ssl3_setup_read_buffer(s))
return (-1); return (-1);
}
if ((type && (type != SSL3_RT_APPLICATION_DATA) if ((type && (type != SSL3_RT_APPLICATION_DATA)
&& (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_HANDSHAKE)) || (peek
@ -1288,7 +1293,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
s->rstate = SSL_ST_READ_HEADER; s->rstate = SSL_ST_READ_HEADER;
rr->off = 0; rr->off = 0;
if (s->mode & SSL_MODE_RELEASE_BUFFERS if (s->mode & SSL_MODE_RELEASE_BUFFERS
&& s->s3->rbuf.left == 0) && SSL3_BUFFER_get_left(
RECORD_LAYER_get_rbuf(&s->rlayer)) == 0)
ssl3_release_read_buffer(s); ssl3_release_read_buffer(s);
} }
} }
@ -1391,7 +1397,9 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
} }
if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ if (SSL3_BUFFER_get_left(
RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) {
/* no read-ahead left? */
BIO *bio; BIO *bio;
/* /*
* In the case where we try to read application data, * In the case where we try to read application data,
@ -1563,7 +1571,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
} }
if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ if (SSL3_BUFFER_get_left(RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) {
/* no read-ahead left? */
BIO *bio; BIO *bio;
/* /*
* In the case where we try to read application data, but we * In the case where we try to read application data, but we

2
ssl/ssl_lib.c
View File

@ -280,6 +280,8 @@ SSL *SSL_new(SSL_CTX *ctx)
goto err; goto err;
memset(s, 0, sizeof(SSL)); memset(s, 0, sizeof(SSL));
RECORD_LAYER_set_ssl(&s->rlayer, s);
#ifndef OPENSSL_NO_KRB5 #ifndef OPENSSL_NO_KRB5
s->kssl_ctx = kssl_ctx_new(); s->kssl_ctx = kssl_ctx_new();
#endif /* OPENSSL_NO_KRB5 */ #endif /* OPENSSL_NO_KRB5 */

16
ssl/ssl_locl.h
View File

@ -166,6 +166,7 @@
# include <openssl/symhacks.h> # include <openssl/symhacks.h>
#include "record/rec_layer.h" #include "record/rec_layer.h"
#include "record/ssl3_buffer.h"
# ifdef OPENSSL_BUILD_SHLIBSSL # ifdef OPENSSL_BUILD_SHLIBSSL
# undef OPENSSL_EXTERN # undef OPENSSL_EXTERN
@ -979,8 +980,6 @@ struct ssl_st {
int type; int type;
/* SSLv3 */ /* SSLv3 */
const SSL_METHOD *method; const SSL_METHOD *method;
RECORD_LAYER rlayer;
/* /*
* There are 2 BIO's even though they are normally both the same. This * There are 2 BIO's even though they are normally both the same. This
* is so data can be read and written to different handlers * is so data can be read and written to different handlers
@ -1220,6 +1219,8 @@ struct ssl_st {
* basis, depending on the chosen cipher. * basis, depending on the chosen cipher.
*/ */
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
RECORD_LAYER rlayer;
}; };
typedef struct ssl3_record_st { typedef struct ssl3_record_st {
@ -1264,17 +1265,6 @@ typedef struct ssl3_record_st {
*/ unsigned char seq_num[8]; */ unsigned char seq_num[8];
} SSL3_RECORD; } SSL3_RECORD;
typedef struct ssl3_buffer_st {
/* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
unsigned char *buf;
/* buffer size */
size_t len;
/* where to 'copy from' */
int offset;
/* how many bytes left */
int left;
} SSL3_BUFFER;
typedef struct ssl3_state_st { typedef struct ssl3_state_st {
long flags; long flags;
int delay_buf_pop_ret; int delay_buf_pop_ret;