diff options
author | Emilia Kasper <emilia@openssl.org> | 2015-09-17 18:11:46 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2015-09-17 18:47:33 +0200 |
commit | 4bd16463b84efb13ce5fb35add284e284b0fd819 (patch) | |
tree | cfc82d3809a94065c8e00a70697a75f8be762580 /ssl | |
parent | 6e63c142f269c738e3820203ecec6fe74ad4efa0 (diff) |
Remove PACKET_(get|goto)_bookmark
The bookmark API results in a lot of boilerplate error checking that can
be much more easily achieved with a simple struct copy. It also lays the
path for removing the third PACKET field.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/packet_locl.h | 19 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 38 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 14 | ||||
-rw-r--r-- | ssl/t1_lib.c | 9 |
4 files changed, 21 insertions, 59 deletions
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h index 3200c22846..7a72f8e658 100644 --- a/ssl/packet_locl.h +++ b/ssl/packet_locl.h @@ -421,25 +421,6 @@ __owur static inline int PACKET_forward(PACKET *pkt, size_t len) return 1; } -/* Store a bookmark for the current reading position in |*bm| */ -__owur static inline int PACKET_get_bookmark(const PACKET *pkt, size_t *bm) -{ - *bm = pkt->curr - pkt->start; - - return 1; -} - -/* Set the current reading position to the bookmark |bm| */ -__owur static inline int PACKET_goto_bookmark(PACKET *pkt, size_t bm) -{ - if (bm > (size_t)(pkt->end - pkt->start)) - return 0; - - pkt->curr = pkt->start + bm; - - return 1; -} - /* * Stores the total length of the packet we have in the underlying buffer in * |*len| diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 0195d09958..7cfff635f0 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1102,10 +1102,9 @@ int ssl3_get_server_hello(SSL *s) if (s->version >= TLS1_VERSION && s->tls_session_secret_cb && s->session->tlsext_tick) { SSL_CIPHER *pref_cipher = NULL; - size_t bookm; - if (!PACKET_get_bookmark(&pkt, &bookm) - || !PACKET_forward(&pkt, j) - || !PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) { + PACKET bookmark = pkt; + if (!PACKET_forward(&pkt, j) + || !PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) { SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); al = SSL_AD_DECODE_ERROR; goto f_err; @@ -1122,11 +1121,7 @@ int ssl3_get_server_hello(SSL *s) al = SSL_AD_INTERNAL_ERROR; goto f_err; } - if (!PACKET_goto_bookmark(&pkt, bookm)) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } + pkt = bookmark; } /* Get the session id */ @@ -1462,9 +1457,9 @@ int ssl3_get_key_exchange(SSL *s) int curve_nid = 0; unsigned int encoded_pt_len = 0; #endif - PACKET pkt; + PACKET pkt, save_param_start; unsigned char *data, *param; - size_t startparam, endparam; + size_t param_len; EVP_MD_CTX_init(&md_ctx); @@ -1496,12 +1491,12 @@ int ssl3_get_key_exchange(SSL *s) return (1); } - if (!PACKET_buf_init(&pkt, s->init_msg, n) - || !PACKET_get_bookmark(&pkt, &startparam)) { + if (!PACKET_buf_init(&pkt, s->init_msg, n)) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; goto f_err; } + save_param_start = pkt; #ifndef OPENSSL_NO_RSA RSA_free(s->s3->peer_rsa_tmp); @@ -1894,10 +1889,11 @@ int ssl3_get_key_exchange(SSL *s) } #endif /* !OPENSSL_NO_EC */ - if (!PACKET_get_bookmark(&pkt, &endparam)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto f_err; - } + /* + * |pkt| now points to the beginning of the signature, so the difference + * equals the length of the parameters. + */ + param_len = PACKET_remaining(&save_param_start) - PACKET_remaining(&pkt); /* if it was signed, check the signature */ if (pkey != NULL) { @@ -1939,8 +1935,8 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH); goto f_err; } - if (!PACKET_goto_bookmark(&pkt, startparam) - || !PACKET_get_bytes(&pkt, ¶m, endparam - startparam)) { + pkt = save_param_start; + if (!PACKET_get_bytes(&pkt, ¶m, param_len)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; @@ -1960,7 +1956,7 @@ int ssl3_get_key_exchange(SSL *s) SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, param, endparam - startparam); + EVP_DigestUpdate(&md_ctx, param, param_len); EVP_DigestFinal_ex(&md_ctx, q, &size); q += size; j += size; @@ -1986,7 +1982,7 @@ int ssl3_get_key_exchange(SSL *s) SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx, param, endparam - startparam); + EVP_VerifyUpdate(&md_ctx, param, param_len); if (EVP_VerifyFinal(&md_ctx, data, (int)i, pkey) <= 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 18d3be1b2a..aea72794ef 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2481,14 +2481,9 @@ int ssl3_get_client_key_exchange(SSL *s) if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) { int idx = -1; EVP_PKEY *skey = NULL; - size_t bookm; + PACKET bookmark = pkt; unsigned char shared[(OPENSSL_DH_MAX_MODULUS_BITS + 7) / 8]; - if (!PACKET_get_bookmark(&pkt, &bookm)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto f_err; - } if (!PACKET_get_net_2(&pkt, &i)) { if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { al = SSL_AD_HANDSHAKE_FAILURE; @@ -2504,12 +2499,7 @@ int ssl3_get_client_key_exchange(SSL *s) SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); goto err; } else { - if (!PACKET_goto_bookmark(&pkt, bookm)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto f_err; - } + pkt = bookmark; i = PACKET_remaining(&pkt); } } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 95b4fb694d..463f34e687 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2934,7 +2934,7 @@ int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id, int len, SSL_SESSION **ret) { unsigned int i; - size_t bookmark = 0; + PACKET bookmark = *pkt; int retv = -1; *ret = NULL; @@ -2949,10 +2949,6 @@ int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id, if ((s->version <= SSL3_VERSION)) return 0; - if (!PACKET_get_bookmark(pkt, &bookmark)) { - return -1; - } - /* Skip past DTLS cookie */ if (SSL_IS_DTLS(s)) { if (!PACKET_get_1(pkt, &i) @@ -3043,8 +3039,7 @@ int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id, } retv = 0; end: - if (!PACKET_goto_bookmark(pkt, bookmark)) - return -1; + *pkt = bookmark; return retv; } |