From 28d59af8740680c89e22ac19304457f2163e4371 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 30 Jan 2015 14:57:54 +0000 Subject: [PATCH] Encapsulate SSL3_BUFFER and all access to s->s3->rbuf. Reviewed-by: Richard Levitte --- ssl/Makefile | 6 +- ssl/d1_pkt.c | 26 +++++--- ssl/record/rec_layer.h | 4 ++ ssl/record/ssl3_buffer.c | 127 +++++++++++++++++++++++++++++++++++++ ssl/record/ssl3_buffer.h | 132 +++++++++++++++++++++++++++++++++++++++ ssl/s23_clnt.c | 10 ++- ssl/s23_srvr.c | 15 ++--- ssl/s3_both.c | 20 +++--- ssl/s3_lib.c | 12 ++-- ssl/s3_pkt.c | 23 ++++--- ssl/ssl_lib.c | 2 + ssl/ssl_locl.h | 16 +---- 12 files changed, 334 insertions(+), 59 deletions(-) create mode 100644 ssl/record/ssl3_buffer.c create mode 100644 ssl/record/ssl3_buffer.h diff --git a/ssl/Makefile b/ssl/Makefile index 90b6ac5fea..0e17134d57 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -29,7 +29,8 @@ LIBSRC= \ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \ - bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c + bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ + record/ssl3_buffer.c LIBOBJ= \ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \ s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \ @@ -39,7 +40,8 @@ LIBOBJ= \ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \ - bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o + bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \ + record/ssl3_buffer.o SRC= $(LIBSRC) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 19e60b7889..4ac29b1c3b 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -198,12 +198,12 @@ static int dtls1_copy_record(SSL *s, pitem *item) rdata = (DTLS1_RECORD_DATA *)item->data; - if (s->s3->rbuf.buf != NULL) - OPENSSL_free(s->s3->rbuf.buf); + SSL3_BUFFER_release(RECORD_LAYER_get_rbuf(&s->rlayer)); s->packet = rdata->packet; s->packet_length = rdata->packet_length; - memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); + memcpy(RECORD_LAYER_get_rbuf(&s->rlayer), &(rdata->rbuf), + sizeof(SSL3_BUFFER)); memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); /* Set proper sequence number for mac calculation */ @@ -236,7 +236,8 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) rdata->packet = s->packet; rdata->packet_length = s->packet_length; - memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); + memcpy(&(rdata->rbuf), RECORD_LAYER_get_rbuf(&s->rlayer), + sizeof(SSL3_BUFFER)); memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); item->data = rdata; @@ -253,7 +254,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) s->packet = NULL; s->packet_length = 0; - memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); + memset(RECORD_LAYER_get_rbuf(&s->rlayer), 0, sizeof(SSL3_BUFFER)); memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); if (!ssl3_setup_buffers(s)) { @@ -544,7 +545,8 @@ int dtls1_get_record(SSL *s) /* check if we have the header */ if ((s->rstate != SSL_ST_READ_BODY) || (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { - n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); + n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, + SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer)), 0); /* read timeout is handled by dtls1_read_bytes */ if (n <= 0) return (n); /* error or non-blocking */ @@ -722,9 +724,11 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) SSL3_RECORD *rr; void (*cb) (const SSL *ssl, int type2, int val) = NULL; - if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ + if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer))) { + /* Not initialized yet */ if (!ssl3_setup_buffers(s)) return (-1); + } if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || @@ -1047,7 +1051,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ + if (SSL3_BUFFER_get_left( + RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) { + /* no read-ahead left? */ BIO *bio; /* * In the case where we try to read application data, @@ -1269,7 +1275,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ + if (SSL3_BUFFER_get_left( + RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) { + /* no read-ahead left? */ BIO *bio; /* * In the case where we try to read application data, but we diff --git a/ssl/record/rec_layer.h b/ssl/record/rec_layer.h index 71f0847bd6..4a75b216e0 100644 --- a/ssl/record/rec_layer.h +++ b/ssl/record/rec_layer.h @@ -110,6 +110,8 @@ */ typedef struct record_layer_st { + /* The parent SSL structure */ + SSL *s; /* * Read as many input bytes as possible (for * non-blocking reads) @@ -117,5 +119,7 @@ typedef struct record_layer_st { int read_ahead; } RECORD_LAYER; +#define RECORD_LAYER_set_ssl(rl, s) ((rl)->s = (s)) #define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra)) #define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) +#define RECORD_LAYER_get_rbuf(rl) (&(rl)->s->s3->rbuf) diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c new file mode 100644 index 0000000000..e5abbd652b --- /dev/null +++ b/ssl/record/ssl3_buffer.c @@ -0,0 +1,127 @@ +/* ssl/record/ssl3_buffer.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "../ssl_locl.h" + +void SSL3_BUFFER_set_data(SSL3_BUFFER *b, unsigned char *d, int n) +{ + if(d != NULL) + memcpy(b->buf, d, n); + b->left = n; + b->offset = 0; +} + +void SSL3_BUFFER_release(SSL3_BUFFER *b) +{ + if (b->buf != NULL) + OPENSSL_free(b->buf); + b->buf = NULL; +} diff --git a/ssl/record/ssl3_buffer.h b/ssl/record/ssl3_buffer.h new file mode 100644 index 0000000000..0eb5d0020d --- /dev/null +++ b/ssl/record/ssl3_buffer.h @@ -0,0 +1,132 @@ +/* ssl/record/ssl3_buffer.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +typedef struct ssl3_buffer_st { + /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ + unsigned char *buf; + /* buffer size */ + size_t len; + /* where to 'copy from' */ + int offset; + /* how many bytes left */ + int left; +} SSL3_BUFFER; + +#define SSL3_BUFFER_get_buf(b) ((b)->buf) +#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n)) +#define SSL3_BUFFER_get_len(b) ((b)->len) +#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l)) +#define SSL3_BUFFER_get_left(b) ((b)->left) +#define SSL3_BUFFER_is_initialised(b) ((b)->buf != NULL) + +void SSL3_BUFFER_set_data(SSL3_BUFFER *b, unsigned char *d, int n); +void SSL3_BUFFER_release(SSL3_BUFFER *b); + diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 3451b7c1ef..abefcaa0ef 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -481,7 +481,7 @@ static int ssl23_client_hello(SSL *s) static int ssl23_get_server_hello(SSL *s) { - char buf[8]; + unsigned char buf[8]; unsigned char *p; int i; int n; @@ -575,13 +575,11 @@ static int ssl23_get_server_hello(SSL *s) */ s->rstate = SSL_ST_READ_HEADER; s->packet_length = n; - if (s->s3->rbuf.buf == NULL) + if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer))) if (!ssl3_setup_read_buffer(s)) goto err; - s->packet = &(s->s3->rbuf.buf[0]); - memcpy(s->packet, buf, n); - s->s3->rbuf.left = n; - s->s3->rbuf.offset = 0; + s->packet = SSL3_BUFFER_get_buf(RECORD_LAYER_get_rbuf(&s->rlayer)); + SSL3_BUFFER_set_data(RECORD_LAYER_get_rbuf(&s->rlayer), buf, n); s->handshake_func = s->method->ssl_connect; } else { diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 255d27810f..349d66b474 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -244,8 +244,8 @@ int ssl23_get_client_hello(SSL *s) * 6-8 length > Client Hello message * 9/10 client_version / */ - char buf_space[11]; - char *buf = &(buf_space[0]); + unsigned char buf_space[11]; + unsigned char *buf = &(buf_space[0]); unsigned char *p, *d, *d_len, *dd; unsigned int i; unsigned int csl, sil, cl; @@ -558,18 +558,15 @@ int ssl23_get_client_hello(SSL *s) */ s->rstate = SSL_ST_READ_HEADER; s->packet_length = n; - if (s->s3->rbuf.buf == NULL) + if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer))) if (!ssl3_setup_read_buffer(s)) goto err; - s->packet = &(s->s3->rbuf.buf[0]); - memcpy(s->packet, buf, n); - s->s3->rbuf.left = n; - s->s3->rbuf.offset = 0; + s->packet = SSL3_BUFFER_get_buf(RECORD_LAYER_get_rbuf(&s->rlayer)); + SSL3_BUFFER_set_data(RECORD_LAYER_get_rbuf(&s->rlayer), buf, n); } else { s->packet_length = 0; - s->s3->rbuf.left = 0; - s->s3->rbuf.offset = 0; + SSL3_BUFFER_set_data(RECORD_LAYER_get_rbuf(&s->rlayer), NULL, 0); } s->handshake_func = s->method->ssl_accept; } else { diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 2bc4e6a710..c8be27b601 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -577,6 +577,9 @@ int ssl3_setup_read_buffer(SSL *s) { unsigned char *p; size_t len, align = 0, headerlen; + SSL3_BUFFER *b; + + b = RECORD_LAYER_get_rbuf(&s->rlayer); if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) headerlen = DTLS1_RT_HEADER_LENGTH; @@ -587,7 +590,7 @@ int ssl3_setup_read_buffer(SSL *s) align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); #endif - if (s->s3->rbuf.buf == NULL) { + if (b->buf == NULL) { len = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { @@ -600,11 +603,11 @@ int ssl3_setup_read_buffer(SSL *s) #endif if ((p = OPENSSL_malloc(len)) == NULL) goto err; - s->s3->rbuf.buf = p; - s->s3->rbuf.len = len; + b->buf = p; + b->len = len; } - s->packet = &(s->s3->rbuf.buf[0]); + s->packet = &(b->buf[0]); return 1; err: @@ -669,9 +672,12 @@ int ssl3_release_write_buffer(SSL *s) int ssl3_release_read_buffer(SSL *s) { - if (s->s3->rbuf.buf != NULL) { - OPENSSL_free(s->s3->rbuf.buf); - s->s3->rbuf.buf = NULL; + SSL3_BUFFER *b; + + b = RECORD_LAYER_get_rbuf(&s->rlayer); + if (b->buf != NULL) { + OPENSSL_free(b->buf); + b->buf = NULL; } return 1; } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 69f3d5d6f7..101cf852a9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3131,7 +3131,7 @@ void ssl3_free(SSL *s) return; ssl3_cleanup_key_block(s); - if (s->s3->rbuf.buf != NULL) + if (SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer))) ssl3_release_read_buffer(s); if (s->s3->wbuf.buf != NULL) ssl3_release_write_buffer(s); @@ -3190,9 +3190,9 @@ void ssl3_clear(SSL *s) # endif /* !OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_TLSEXT */ - rp = s->s3->rbuf.buf; + rp = SSL3_BUFFER_get_buf(RECORD_LAYER_get_rbuf(&s->rlayer)); wp = s->s3->wbuf.buf; - rlen = s->s3->rbuf.len; + rlen = SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer)); wlen = s->s3->wbuf.len; init_extra = s->s3->init_extra; BIO_free(s->s3->handshake_buffer); @@ -3207,9 +3207,9 @@ void ssl3_clear(SSL *s) } #endif memset(s->s3, 0, sizeof *s->s3); - s->s3->rbuf.buf = rp; + SSL3_BUFFER_set_buf(RECORD_LAYER_get_rbuf(&s->rlayer), rp); s->s3->wbuf.buf = wp; - s->s3->rbuf.len = rlen; + SSL3_BUFFER_set_len(RECORD_LAYER_get_rbuf(&s->rlayer), rlen); s->s3->wbuf.len = wlen; s->s3->init_extra = init_extra; @@ -4494,7 +4494,7 @@ int ssl3_renegotiate_check(SSL *s) int ret = 0; if (s->s3->renegotiate) { - if ((s->s3->rbuf.left == 0) && + if ((SSL3_BUFFER_get_left(RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) && (s->s3->wbuf.left == 0) && !SSL_in_init(s)) { /* * if we are the server, and we have sent a 'RENEGOTIATE' diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index a196a427f2..733ed91f4a 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -153,7 +153,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) if (n <= 0) return n; - rb = &(s->s3->rbuf); + rb = RECORD_LAYER_get_rbuf(&s->rlayer); if (rb->buf == NULL) if (!ssl3_setup_read_buffer(s)) return -1; @@ -336,7 +336,8 @@ static int ssl3_get_record(SSL *s) /* check if we have the header */ if ((s->rstate != SSL_ST_READ_BODY) || (s->packet_length < SSL3_RT_HEADER_LENGTH)) { - n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); + n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, + SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer)), 0); if (n <= 0) return (n); /* error or non-blocking */ s->rstate = SSL_ST_READ_BODY; @@ -373,7 +374,9 @@ static int ssl3_get_record(SSL *s) goto err; } - if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { + if (rr->length > + SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer)) + - SSL3_RT_HEADER_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; @@ -1174,9 +1177,11 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) SSL3_RECORD *rr; void (*cb) (const SSL *ssl, int type2, int val) = NULL; - if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ + if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer))) { + /* Not initialized yet */ if (!ssl3_setup_read_buffer(s)) return (-1); + } if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek @@ -1288,7 +1293,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->rstate = SSL_ST_READ_HEADER; rr->off = 0; if (s->mode & SSL_MODE_RELEASE_BUFFERS - && s->s3->rbuf.left == 0) + && SSL3_BUFFER_get_left( + RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) ssl3_release_read_buffer(s); } } @@ -1391,7 +1397,9 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ + if (SSL3_BUFFER_get_left( + RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) { + /* no read-ahead left? */ BIO *bio; /* * In the case where we try to read application data, @@ -1563,7 +1571,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ + if (SSL3_BUFFER_get_left(RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) { + /* no read-ahead left? */ BIO *bio; /* * In the case where we try to read application data, but we diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index af31831aec..bec54eb17a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -280,6 +280,8 @@ SSL *SSL_new(SSL_CTX *ctx) goto err; memset(s, 0, sizeof(SSL)); + RECORD_LAYER_set_ssl(&s->rlayer, s); + #ifndef OPENSSL_NO_KRB5 s->kssl_ctx = kssl_ctx_new(); #endif /* OPENSSL_NO_KRB5 */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index f91dbc5a98..f845b67bfa 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -166,6 +166,7 @@ # include #include "record/rec_layer.h" +#include "record/ssl3_buffer.h" # ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN @@ -979,8 +980,6 @@ struct ssl_st { int type; /* SSLv3 */ const SSL_METHOD *method; - - RECORD_LAYER rlayer; /* * There are 2 BIO's even though they are normally both the same. This * is so data can be read and written to different handlers @@ -1220,6 +1219,8 @@ struct ssl_st { * basis, depending on the chosen cipher. */ int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); + + RECORD_LAYER rlayer; }; typedef struct ssl3_record_st { @@ -1264,17 +1265,6 @@ typedef struct ssl3_record_st { */ unsigned char seq_num[8]; } SSL3_RECORD; -typedef struct ssl3_buffer_st { - /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ - unsigned char *buf; - /* buffer size */ - size_t len; - /* where to 'copy from' */ - int offset; - /* how many bytes left */ - int left; -} SSL3_BUFFER; - typedef struct ssl3_state_st { long flags; int delay_buf_pop_ret; -- 2.40.0