diff options
| author | Matt Caswell <matt@openssl.org> | 2016-09-06 12:05:25 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-11-04 12:09:45 +0000 |
| commit | eda757514ea3018c8510b4738b5e37479aeadc5e (patch) | |
| tree | daff400939791921a87f23cdd973528483f8a196 | |
| parent | 8e6d03cac4c34dc089751f36120b69c512f77756 (diff) | |
Further libssl size_t-ify of reading
Writing still to be done
Reviewed-by: Rich Salz <rsalz@openssl.org>
| -rw-r--r-- | include/openssl/ssl.h | 4 | ||||
| -rw-r--r-- | ssl/record/rec_layer_d1.c | 89 | ||||
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 66 | ||||
| -rw-r--r-- | ssl/record/record.h | 31 | ||||
| -rw-r--r-- | ssl/record/record_locl.h | 4 | ||||
| -rw-r--r-- | ssl/record/ssl3_buffer.c | 2 | ||||
| -rw-r--r-- | ssl/record/ssl3_record.c | 25 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 22 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 66 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 19 | ||||
| -rw-r--r-- | ssl/statem/statem.c | 4 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 2 | ||||
| -rw-r--r-- | ssl/statem/statem_dtls.c | 43 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 36 | ||||
| -rw-r--r-- | ssl/statem/statem_locl.h | 8 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 2 | ||||
| -rw-r--r-- | util/libssl.num | 2 |
18 files changed, 252 insertions, 175 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 7b40b37db2..3dc3f78657 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1568,7 +1568,9 @@ __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, __owur int SSL_accept(SSL *ssl); __owur int SSL_connect(SSL *ssl); __owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read); __owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read); __owur int SSL_write(SSL *ssl, const void *buf, int num); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); @@ -2179,7 +2181,9 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 # define SSL_F_SSL_PEEK 270 +# define SSL_F_SSL_PEEK_EX 425 # define SSL_F_SSL_READ 223 +# define SSL_F_SSL_READ_EX 426 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 # define SSL_F_SSL_SESSION_DUP 348 diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index c9fd0669ed..7b35d590dc 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -118,8 +118,8 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq) memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE); } -static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len); +static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf, + size_t len); /* copy buffered record into SSL structure */ static int dtls1_copy_record(SSL *s, pitem *item) @@ -336,10 +336,10 @@ int dtls1_process_buffered_records(SSL *s) * none of our business */ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - int len, int peek) + size_t len, int peek, size_t *read) { - int al, i, j, ret; - unsigned int n; + int al, i, j, iret; + size_t ret, n; SSL3_RECORD *rr; void (*cb) (const SSL *ssl, int type2, int val) = NULL; @@ -359,9 +359,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* * check whether there's a handshake message (client hello?) waiting */ - if ((ret = have_handshake_fragment(s, type, buf, len))) { + ret = have_handshake_fragment(s, type, buf, len); + if (ret > 0) { *recvd_type = SSL3_RT_HANDSHAKE; - return ret; + *read = ret; + return 1; } /* @@ -385,10 +387,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } } @@ -434,12 +436,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* get new packet if necessary */ if ((SSL3_RECORD_get_length(rr) == 0) || (s->rlayer.rstate == SSL_ST_READ_BODY)) { - ret = dtls1_get_record(s); - if (ret <= 0) { - ret = dtls1_read_failed(s, ret); + iret = dtls1_get_record(s); + if (iret <= 0) { + iret = dtls1_read_failed(s, iret); /* anything other than a timeout is an error */ - if (ret <= 0) - return (ret); + if (iret <= 0) + return iret; else goto start; } @@ -479,7 +481,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); s->rwstate = SSL_NOTHING; - return (0); + return 0; } if (type == SSL3_RECORD_get_type(rr) @@ -504,13 +506,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); - if (len <= 0) - return (len); + if (len == 0) + return 0; - if ((unsigned int)len > SSL3_RECORD_get_length(rr)) + if (len > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); else - n = (unsigned int)len; + n = len; memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); if (!peek) { @@ -543,10 +545,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); + return 0; } #endif - return (n); + *read = n; + return 1; } /* @@ -559,9 +562,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * that so that we can process the data at a fixed place. */ { - unsigned int k, dest_maxlen = 0; + size_t k, dest_maxlen = 0; unsigned char *dest = NULL; - unsigned int *dest_len = NULL; + size_t *dest_len = NULL; if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { dest_maxlen = sizeof s->rlayer.d->handshake_fragment; @@ -584,7 +587,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); - return (-1); + return -1; } #endif /* else it's a CCS message, or application data or wrong */ @@ -600,7 +603,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_READING; BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } /* Not certain if this is the right error handling */ @@ -677,10 +680,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (ssl3_renegotiate_check(s)) { i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -697,7 +700,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } } @@ -757,7 +760,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } #endif s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); + return 0; } #if 0 /* XXX: this is a possible improvement in the future */ @@ -797,7 +800,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); - return (0); + return 0; } else { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); @@ -811,7 +814,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * shutdown */ s->rwstate = SSL_NOTHING; SSL3_RECORD_set_length(rr, 0); - return (0); + return 0; } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -858,10 +861,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -878,7 +881,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } goto start; @@ -917,7 +920,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, (s->s3->total_renegotiations != 0) && ossl_statem_app_data_allowed(s)) { s->s3->in_read_app_data = 2; - return (-1); + return -1; } else { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); @@ -928,15 +931,15 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (-1); + return -1; } - /* - * this only happens when a client hello is received and a handshake - * is started. - */ -static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len) +/* + * this only happens when a client hello is received and a handshake + * is started. + */ +static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf, + size_t len) { if ((type == SSL3_RT_HANDSHAKE) @@ -945,7 +948,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, { unsigned char *src = s->rlayer.d->handshake_fragment; unsigned char *dst = buf; - unsigned int k, n; + size_t k, n; /* peek == 0 */ n = 0; diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 001fcc6c86..6415f4882d 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -95,7 +95,8 @@ int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0; } -int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len) +int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, + size_t len) { rl->packet_length = len; if (len != 0) { @@ -630,6 +631,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } } +/* TODO(size_t): convert me */ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int *pipelens, unsigned int numpipes, int create_empty_fragment) @@ -786,7 +788,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* lets setup the record stuff. */ SSL3_RECORD_set_data(&wr[j], outbuf[j] + eivlen); - SSL3_RECORD_set_length(&wr[j], (int)pipelens[j]); + SSL3_RECORD_set_length(&wr[j], pipelens[j]); SSL3_RECORD_set_input(&wr[j], (unsigned char *)&buf[totlen]); totlen += pipelens[j]; @@ -948,7 +950,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, return -1; } SSL3_BUFFER_add_offset(&wb[currbuf], i); - SSL3_BUFFER_add_left(&wb[currbuf], -i); + SSL3_BUFFER_sub_left(&wb[currbuf], i); } } @@ -982,10 +984,10 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, * none of our business */ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - int len, int peek) + size_t len, int peek, size_t *read) { int al, i, j, ret; - unsigned int n, curr_rec, num_recs, read_bytes; + size_t n, curr_rec, num_recs, read_bytes; SSL3_RECORD *rr; SSL3_BUFFER *rbuf; void (*cb) (const SSL *ssl, int type2, int val) = NULL; @@ -995,7 +997,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (!SSL3_BUFFER_is_initialised(rbuf)) { /* Not initialized yet */ if (!ssl3_setup_read_buffer(s)) - return (-1); + return -1; } if ((type && (type != SSL3_RT_APPLICATION_DATA) @@ -1028,7 +1030,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RT_HANDSHAKE; - return n; + *read = n; + return 1; } /* @@ -1039,10 +1042,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } } start: @@ -1063,7 +1066,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (num_recs == 0) { ret = ssl3_get_record(s); if (ret <= 0) - return (ret); + return ret; num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer); if (num_recs == 0) { /* Shouldn't happen */ @@ -1109,7 +1112,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); s->rwstate = SSL_NOTHING; - return (0); + return 0; } if (type == SSL3_RECORD_get_type(rr) @@ -1142,15 +1145,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); - if (len <= 0) - return (len); + if (len == 0) + return 0; read_bytes = 0; do { - if ((unsigned int)len - read_bytes > SSL3_RECORD_get_length(rr)) + if (len - read_bytes > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); else - n = (unsigned int)len - read_bytes; + n = len - read_bytes; memcpy(buf, &(rr->data[rr->off]), n); buf += n; @@ -1174,7 +1177,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } read_bytes += n; } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs - && read_bytes < (unsigned int)len); + && read_bytes < len); if (read_bytes == 0) { /* We must have read empty records. Get more data */ goto start; @@ -1183,7 +1186,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, && (s->mode & SSL_MODE_RELEASE_BUFFERS) && SSL3_BUFFER_get_left(rbuf) == 0) ssl3_release_read_buffer(s); - return read_bytes; + *read = read_bytes; + return 1; } /* @@ -1226,9 +1230,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * that so that we can process the data at a fixed place. */ { - unsigned int dest_maxlen = 0; + size_t dest_maxlen = 0; unsigned char *dest = NULL; - unsigned int *dest_len = NULL; + size_t *dest_len = NULL; if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { dest_maxlen = sizeof s->rlayer.handshake_fragment; @@ -1293,10 +1297,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (ssl3_renegotiate_check(s)) { i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -1313,7 +1317,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } } @@ -1376,7 +1380,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); + return 0; } /* * This is a warning but we receive it if we requested @@ -1406,7 +1410,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); - return (0); + return 0; } else { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); @@ -1421,7 +1425,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_NOTHING; SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); - return (0); + return 0; } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -1443,10 +1447,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -1463,7 +1467,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } goto start; @@ -1502,7 +1506,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (ossl_statem_app_data_allowed(s)) { s->s3->in_read_app_data = 2; - return (-1); + return -1; } else { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); @@ -1513,7 +1517,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (-1); + return -1; } void ssl3_record_sequence_update(unsigned char *seq) @@ -1539,7 +1543,7 @@ int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl) /* * Returns the length in bytes of the current rrec */ -unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) +size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) { return SSL3_RECORD_get_length(&rl->rrec[0]); } diff --git a/ssl/record/record.h b/ssl/record/record.h index 2ed8ab99a9..fc70f8d848 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -38,16 +38,16 @@ typedef struct ssl3_record_st { int type; /* How many bytes available */ /* rw */ - unsigned int length; + size_t length; /* * How many bytes were available before padding was removed? This is used * to implement the MAC check in constant time for CBC records. */ /* rw */ - unsigned int orig_len; + size_t orig_len; /* read/write offset into 'buf' */ /* r */ - unsigned int off; + size_t off; /* pointer to the record data */ /* rw */ unsigned char *data; @@ -82,7 +82,7 @@ typedef struct record_pqueue_st { typedef struct dtls1_record_data_st { unsigned char *packet; - unsigned int packet_length; + size_t packet_length; SSL3_BUFFER rbuf; SSL3_RECORD rrec; #ifndef OPENSSL_NO_SCTP @@ -116,9 +116,9 @@ typedef struct dtls_record_layer_st { * processed by ssl3_read_bytes: */ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; - unsigned int alert_fragment_len; + size_t alert_fragment_len; unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; - unsigned int handshake_fragment_len; + size_t handshake_fragment_len; /* save last and current sequence numbers for retransmissions */ unsigned char last_write_sequence[8]; unsigned char curr_write_sequence[8]; @@ -143,7 +143,7 @@ typedef struct record_layer_st { /* where we are when reading */ int rstate; /* How many pipelines can be used to read data */ - unsigned int numrpipes; + size_t numrpipes; /* How many pipelines can be used to write data */ unsigned int numwpipes; /* read IO goes into here */ @@ -162,11 +162,11 @@ typedef struct record_layer_st { * processed by ssl3_read_bytes: */ unsigned char alert_fragment[2]; - unsigned int alert_fragment_len; + size_t alert_fragment_len; unsigned char handshake_fragment[4]; - unsigned int handshake_fragment_len; + size_t handshake_fragment_len; /* The number of consecutive empty records we have received */ - unsigned int empty_record_count; + size_t empty_record_count; /* partial write - check the numbers match */ /* number bytes written */ int wpend_tot; @@ -208,18 +208,20 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl); void RECORD_LAYER_release(RECORD_LAYER *rl); int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); int RECORD_LAYER_write_pending(const RECORD_LAYER *rl); -int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len); +int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, + size_t len); void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); -unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); +size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); __owur int ssl3_pending(const SSL *s); __owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); __owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int *pipelens, unsigned int numpipes, int create_empty_fragment); __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); + unsigned char *buf, size_t len, int peek, + size_t *read); __owur int ssl3_setup_buffers(SSL *s); __owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send); __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); @@ -235,7 +237,8 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq); __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); + unsigned char *buf, size_t len, int peek, + size_t *read); __owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); __owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragement); diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h index 2bb073848a..ffd1e51dfa 100644 --- a/ssl/record/record_locl.h +++ b/ssl/record/record_locl.h @@ -62,7 +62,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); #define SSL3_BUFFER_set_len(b, l) ((b)->len = (l)) #define SSL3_BUFFER_get_left(b) ((b)->left) #define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) -#define SSL3_BUFFER_add_left(b, l) ((b)->left += (l)) +#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) #define SSL3_BUFFER_get_offset(b) ((b)->offset) #define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) #define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) @@ -70,7 +70,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); #define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l)) void SSL3_BUFFER_clear(SSL3_BUFFER *b); -void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n); +void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n); void SSL3_BUFFER_release(SSL3_BUFFER *b); __owur int ssl3_setup_read_buffer(SSL *s); __owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len); diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 963800238b..8a2a6e473d 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -10,7 +10,7 @@ #include "../ssl_locl.h" #include "record_locl.h" -void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n) +void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n) { if (d != NULL) memcpy(b->buf, d, n); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 94f140fd68..dc2b479753 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -203,6 +203,7 @@ int ssl3_get_record(SSL *s) ssl_minor = *(p++); version = (ssl_major << 8) | ssl_minor; rr[num_recs].rec_version = version; + /* TODO(size_t): CHECK ME */ n2s(p, rr[num_recs].length); /* Lets check version */ @@ -383,9 +384,9 @@ int ssl3_get_record(SSL *s) goto f_err; } #ifdef SSL_DEBUG - printf("dec %d\n", rr->length); + printf("dec %ld\n", rr->length); { - unsigned int z; + size_t z; for (z = 0; z < rr->length; z++) printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -527,6 +528,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) if (rr->comp == NULL) return 0; + /* TODO(size_t): Convert this call */ i = COMP_expand_block(ssl->expand, rr->comp, SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); if (i < 0) @@ -543,6 +545,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) #ifndef OPENSSL_NO_COMP int i; + /* TODO(size_t): Convert this call */ i = COMP_compress_block(ssl->compress, wr->data, SSL3_RT_MAX_COMPRESSED_LENGTH, wr->input, (int)wr->length); @@ -570,8 +573,8 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) { SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; - unsigned long l; - int bs, i, mac_size = 0; + size_t l, i; + int bs, mac_size = 0; const EVP_CIPHER *enc; rec = inrecs; @@ -599,6 +602,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) rec->input = rec->data; } else { l = rec->length; + /* TODO(size_t): Convert this call */ bs = EVP_CIPHER_CTX_block_size(ds); /* COMPRESS */ @@ -623,6 +627,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) /* otherwise, rec->length >= bs */ } + /* TODO(size_t): Convert this call */ if (EVP_Cipher(ds, rec->data, rec->input, l) < 1) return -1; @@ -1008,6 +1013,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) * are hashing because that gives an attacker a timing-oracle. */ /* Final param == not SSLv3 */ + /* TODO(size_t): Convert this call */ if (ssl3_cbc_digest_record(mac_ctx, md, &md_size, header, rec->input, @@ -1018,6 +1024,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) return -1; } } else { + /* TODO(size_t): Convert these calls */ if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { @@ -1045,7 +1052,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) } fprintf(stderr, "rec="); { - unsigned int z; + size_t z; for (z = 0; z < rec->length; z++) fprintf(stderr, "%02X ", rec->data[z]); fprintf(stderr, "\n"); @@ -1080,6 +1087,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) * 1: if the padding was valid * -1: otherwise. */ + /* TODO(size_t): Convert me */ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, unsigned block_size, unsigned mac_size) { @@ -1113,6 +1121,7 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, * 1: if the padding was valid * -1: otherwise. */ + /* TODO(size_t): Convert me */ int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, unsigned block_size, unsigned mac_size) @@ -1198,6 +1207,7 @@ int tls1_cbc_remove_padding(const SSL *s, */ #define CBC_MAC_ROTATE_IN_PLACE +/* TODO(size_t): Convert me */ void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec, unsigned md_size) { @@ -1350,9 +1360,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) goto err; } #ifdef SSL_DEBUG - printf("dec %d\n", rr->length); + printf("dec %ld\n", rr->length); { - unsigned int z; + size_t z; for (z = 0; z < rr->length; z++) printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -1544,6 +1554,7 @@ int dtls1_get_record(SSL *s) memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6); p += 6; + /* TODO(size_t): CHECK ME */ n2s(p, rr->length); /* Lets check version */ diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ffdb45403d..37dea73b24 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3812,12 +3812,13 @@ int ssl3_shutdown(SSL *s) return (ret); |