diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/d1_pkt.c | 12 | ||||
-rw-r--r-- | ssl/record/rec_layer.h | 10 | ||||
-rw-r--r-- | ssl/record/s23_pkt.c | 15 | ||||
-rw-r--r-- | ssl/record/s3_pkt.c | 20 | ||||
-rw-r--r-- | ssl/record/ssl3_buffer.c | 2 | ||||
-rw-r--r-- | ssl/record/ssl3_record.c | 52 | ||||
-rw-r--r-- | ssl/s23_clnt.c | 2 | ||||
-rw-r--r-- | ssl/s23_srvr.c | 33 | ||||
-rw-r--r-- | ssl/s3_lib.c | 1 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 4 |
10 files changed, 84 insertions, 67 deletions
diff --git a/ssl/record/d1_pkt.c b/ssl/record/d1_pkt.c index f1772258af..5ad4632454 100644 --- a/ssl/record/d1_pkt.c +++ b/ssl/record/d1_pkt.c @@ -193,8 +193,8 @@ static int dtls1_copy_record(SSL *s, pitem *item) SSL3_BUFFER_release(&s->rlayer.rbuf); - s->packet = rdata->packet; - s->packet_length = rdata->packet_length; + s->rlayer.packet = rdata->packet; + s->rlayer.packet_length = rdata->packet_length; memcpy(&s->rlayer.rbuf, &(rdata->rbuf), sizeof(SSL3_BUFFER)); memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD)); @@ -226,8 +226,8 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) return -1; } - rdata->packet = s->packet; - rdata->packet_length = s->packet_length; + rdata->packet = s->rlayer.packet; + rdata->packet_length = s->rlayer.packet_length; memcpy(&(rdata->rbuf), &s->rlayer.rbuf, sizeof(SSL3_BUFFER)); memcpy(&(rdata->rrec), &s->rlayer.rrec, sizeof(SSL3_RECORD)); @@ -243,8 +243,8 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) } #endif - s->packet = NULL; - s->packet_length = 0; + s->rlayer.packet = NULL; + s->rlayer.packet_length = 0; memset(&s->rlayer.rbuf, 0, sizeof(SSL3_BUFFER)); memset(&s->rlayer.rrec, 0, sizeof(SSL3_RECORD)); diff --git a/ssl/record/rec_layer.h b/ssl/record/rec_layer.h index 8b529b75c3..2997419193 100644 --- a/ssl/record/rec_layer.h +++ b/ssl/record/rec_layer.h @@ -148,6 +148,11 @@ typedef struct record_layer_st { SSL3_RECORD rrec; /* goes out from here */ SSL3_RECORD wrec; + + /* used internally to point at a raw packet */ + unsigned char *packet; + unsigned int packet_length; + } RECORD_LAYER; @@ -161,6 +166,9 @@ typedef struct record_layer_st { #define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra)) #define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) #define RECORD_LAYER_setup_comp_buffer(rl) (SSL3_RECORD_setup(&(rl)->rrec)) +#define RECORD_LAYER_get_packet(rl) ((rl)->packet) +#define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length) +#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc)) void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); void RECORD_LAYER_clear(RECORD_LAYER *rl); @@ -193,6 +201,8 @@ void dtls1_reset_seq_numbers(SSL *s, int rw); #define RECORD_LAYER_get_wbuf(rl) (&(rl)->wbuf) #define RECORD_LAYER_get_rrec(rl) (&(rl)->rrec) #define RECORD_LAYER_get_wrec(rl) (&(rl)->wrec) +#define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p)) +#define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0) __owur int ssl3_read_n(SSL *s, int n, int max, int extend); __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, diff --git a/ssl/record/s23_pkt.c b/ssl/record/s23_pkt.c index e3a91554fd..88acf9f735 100644 --- a/ssl/record/s23_pkt.c +++ b/ssl/record/s23_pkt.c @@ -94,19 +94,20 @@ int ssl23_read_bytes(SSL *s, int n) unsigned char *p; int j; - if (s->packet_length < (unsigned int)n) { - p = s->packet; + if (RECORD_LAYER_get_packet_length(&s->rlayer) < (unsigned int)n) { + p = RECORD_LAYER_get_packet(&s->rlayer); for (;;) { s->rwstate = SSL_READING; - j = BIO_read(s->rbio, (char *)&(p[s->packet_length]), - n - s->packet_length); + j = BIO_read(s->rbio, + (char *)&(p[RECORD_LAYER_get_packet_length(&s->rlayer)]), + n - RECORD_LAYER_get_packet_length(&s->rlayer)); if (j <= 0) return (j); s->rwstate = SSL_NOTHING; - s->packet_length += j; - if (s->packet_length >= (unsigned int)n) - return (s->packet_length); + RECORD_LAYER_add_packet_length(&s->rlayer, j); + if (RECORD_LAYER_get_packet_length(&s->rlayer) >= (unsigned int)n) + return (RECORD_LAYER_get_packet_length(&s->rlayer)); } } return (n); diff --git a/ssl/record/s3_pkt.c b/ssl/record/s3_pkt.c index b082c037e0..646fd334c1 100644 --- a/ssl/record/s3_pkt.c +++ b/ssl/record/s3_pkt.c @@ -187,7 +187,7 @@ int RECORD_LAYER_write_pending(RECORD_LAYER *rl) int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len) { - rl->s->packet_length = len; + rl->packet_length = len; if(len != 0) { rl->s->rstate = SSL_ST_READ_HEADER; if (!SSL3_BUFFER_is_initialised(&rl->rbuf)) @@ -195,7 +195,7 @@ int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len) return 0; } - rl->s->packet = SSL3_BUFFER_get_buf(&rl->rbuf); + rl->packet = SSL3_BUFFER_get_buf(&rl->rbuf); SSL3_BUFFER_set_data(&rl->rbuf, buf, len); return 1; @@ -261,8 +261,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) rb->offset = align; } } - s->packet = rb->buf + rb->offset; - s->packet_length = 0; + s->rlayer.packet = rb->buf + rb->offset; + s->rlayer.packet_length = 0; /* ... now we can act as if 'extend' was set */ } @@ -280,7 +280,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) /* if there is enough in the buffer from a previous read, take some */ if (left >= n) { - s->packet_length += n; + s->rlayer.packet_length += n; rb->left = left - n; rb->offset += n; return (n); @@ -288,15 +288,15 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) /* else we need to read more data */ - len = s->packet_length; + len = s->rlayer.packet_length; pkt = rb->buf + align; /* * Move any available bytes to front of buffer: 'len' bytes already * pointed to by 'packet', 'left' extra ones at the end */ - if (s->packet != pkt) { /* len > 0 */ - memmove(pkt, s->packet, len + left); - s->packet = pkt; + if (s->rlayer.packet != pkt) { /* len > 0 */ + memmove(pkt, s->rlayer.packet, len + left); + s->rlayer.packet = pkt; rb->offset = len + align; } @@ -354,7 +354,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) /* done reading, now the book-keeping */ rb->offset += n; rb->left = left - n; - s->packet_length += n; + s->rlayer.packet_length += n; s->rwstate = SSL_NOTHING; return (n); } diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 2ea55c8ba4..9afd747e51 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -160,7 +160,7 @@ int ssl3_setup_read_buffer(SSL *s) b->len = len; } - s->packet = &(b->buf[0]); + RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0])); return 1; err: diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 5975a33c47..74343229cc 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -208,14 +208,14 @@ int ssl3_get_record(SSL *s) again: /* check if we have the header */ if ((s->rstate != SSL_ST_READ_BODY) || - (s->packet_length < SSL3_RT_HEADER_LENGTH)) { + (RECORD_LAYER_get_packet_length(&s->rlayer) < SSL3_RT_HEADER_LENGTH)) { n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0); if (n <= 0) return (n); /* error or non-blocking */ s->rstate = SSL_ST_READ_BODY; - p = s->packet; + p = RECORD_LAYER_get_packet(&s->rlayer); if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, s->msg_callback_arg); @@ -260,7 +260,8 @@ int ssl3_get_record(SSL *s) /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ - if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) { + if (rr->length > + RECORD_LAYER_get_packet_length(&s->rlayer) - SSL3_RT_HEADER_LENGTH) { /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ i = rr->length; n = ssl3_read_n(s, i, i, 1); @@ -278,7 +279,7 @@ int ssl3_get_record(SSL *s) * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, * and we have that many bytes in s->packet */ - rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]); + rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]); /* * ok, we can now read from 's->packet' data into 'rr' rr->input points @@ -446,7 +447,7 @@ int ssl3_get_record(SSL *s) */ /* we have pulled in a full packet so zero things */ - s->packet_length = 0; + RECORD_LAYER_reset_packet_length(&s->rlayer); /* just read a 0 length packet */ if (rr->length == 0) { @@ -1205,7 +1206,7 @@ int dtls1_process_record(SSL *s) * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, * and we have that many bytes in s->packet */ - rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]); + rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]); /* * ok, we can now read from 's->packet' data into 'rr' rr->input points @@ -1240,7 +1241,7 @@ int dtls1_process_record(SSL *s) if (enc_err == 0) { /* For DTLS we simply ignore bad packets. */ rr->length = 0; - s->packet_length = 0; + RECORD_LAYER_reset_packet_length(&s->rlayer); goto err; } #ifdef TLS_DEBUG @@ -1308,7 +1309,7 @@ int dtls1_process_record(SSL *s) if (enc_err < 0) { /* decryption failed, silently discard message */ rr->length = 0; - s->packet_length = 0; + RECORD_LAYER_reset_packet_length(&s->rlayer); goto err; } @@ -1344,7 +1345,7 @@ int dtls1_process_record(SSL *s) */ /* we have pulled in a full packet so zero things */ - s->packet_length = 0; + RECORD_LAYER_reset_packet_length(&s->rlayer); return (1); f_err: @@ -1399,7 +1400,7 @@ int dtls1_get_record(SSL *s) again: /* check if we have the header */ if ((s->rstate != SSL_ST_READ_BODY) || - (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { + (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) { n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0); /* read timeout is handled by dtls1_read_bytes */ @@ -1407,14 +1408,14 @@ int dtls1_get_record(SSL *s) return (n); /* error or non-blocking */ /* this packet contained a partial record, dump it */ - if (s->packet_length != DTLS1_RT_HEADER_LENGTH) { - s->packet_length = 0; + if (RECORD_LAYER_get_packet_length(&s->rlayer) != DTLS1_RT_HEADER_LENGTH) { + RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } s->rstate = SSL_ST_READ_BODY; - p = s->packet; + p = RECORD_LAYER_get_packet(&s->rlayer); if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, @@ -1439,7 +1440,7 @@ int dtls1_get_record(SSL *s) if (version != s->version) { /* unexpected version, silently discard */ rr->length = 0; - s->packet_length = 0; + RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } } @@ -1447,14 +1448,14 @@ int dtls1_get_record(SSL *s) if ((version & 0xff00) != (s->version & 0xff00)) { /* wrong version, silently discard record */ rr->length = 0; - s->packet_length = 0; + RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { /* record too long, silently discard it */ rr->length = 0; - s->packet_length = 0; + RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1463,14 +1464,15 @@ int dtls1_get_record(SSL *s) /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ - if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) { + if (rr->length > + RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) { /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ i = rr->length; n = ssl3_read_n(s, i, i, 1); /* this packet contained a partial record, dump it */ if (n != i) { rr->length = 0; - s->packet_length = 0; + RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1485,7 +1487,7 @@ int dtls1_get_record(SSL *s) bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); if (bitmap == NULL) { rr->length = 0; - s->packet_length = 0; /* dump this record */ + RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } #ifndef OPENSSL_NO_SCTP @@ -1499,11 +1501,13 @@ int dtls1_get_record(SSL *s) * connections and would be dropped unnecessarily. */ if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - s->packet_length > DTLS1_RT_HEADER_LENGTH && - s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) && + RECORD_LAYER_get_packet_length(&s->rlayer) + > DTLS1_RT_HEADER_LENGTH && + RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH] + == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap)) { rr->length = 0; - s->packet_length = 0; /* dump this record */ + RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } #ifndef OPENSSL_NO_SCTP @@ -1529,13 +1533,13 @@ int dtls1_get_record(SSL *s) dtls1_record_bitmap_update(s, bitmap); } rr->length = 0; - s->packet_length = 0; + RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } if (!dtls1_process_record(s)) { rr->length = 0; - s->packet_length = 0; /* dump this record */ + RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */ diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 0bc5946666..76ad876ec4 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -490,7 +490,7 @@ static int ssl23_get_server_hello(SSL *s) if (n != 7) return (n); - p = s->packet; + p = RECORD_LAYER_get_packet(&s->rlayer); memcpy(buf, p, n); diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 3ff0ef642e..7287022d23 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -264,7 +264,7 @@ int ssl23_get_client_hello(SSL *s) if (n != sizeof buf_space) return (n); /* n == -1 || n == 0 */ - p = s->packet; + p = RECORD_LAYER_get_packet(&s->rlayer); memcpy(buf, p, n); @@ -415,7 +415,7 @@ int ssl23_get_client_hello(SSL *s) */ type = 2; - p = s->packet; + p = RECORD_LAYER_get_packet(&s->rlayer); v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ v[1] = p[4]; @@ -451,27 +451,32 @@ int ssl23_get_client_hello(SSL *s) if (j <= 0) return (j); - ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); + ssl3_finish_mac(s, RECORD_LAYER_get_packet(&s->rlayer) + 2, + RECORD_LAYER_get_packet_length(&s->rlayer) - 2); /* CLIENT-HELLO */ if (s->msg_callback) - s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, - s->packet_length - 2, s, s->msg_callback_arg); + s->msg_callback(0, SSL2_VERSION, 0, + RECORD_LAYER_get_packet(&s->rlayer) + 2, + RECORD_LAYER_get_packet_length(&s->rlayer) - 2, s, + s->msg_callback_arg); - p = s->packet; + p = RECORD_LAYER_get_packet(&s->rlayer); p += 5; n2s(p, csl); n2s(p, sil); n2s(p, cl); d = (unsigned char *)s->init_buf->data; - if ((csl + sil + cl + 11) != s->packet_length) { /* We can't have TLS - * extensions in SSL - * 2.0 format * - * Client Hello, can - * we? Error - * condition should - * be * '>' - * otherweise */ + if ((csl + sil + cl + 11) + != RECORD_LAYER_get_packet_length(&s->rlayer)) { + /* We can't have TLS + * extensions in SSL + * 2.0 format * + * Client Hello, can + * we? Error + * condition should + * be * '>' + * otherweise */ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH); goto err; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index bd860d6fde..a7dbbf688d 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3183,7 +3183,6 @@ void ssl3_clear(SSL *s) ssl_free_wbio_buffer(s); - s->packet_length = 0; s->s3->renegotiate = 0; s->s3->total_renegotiations = 0; s->s3->num_renegotiations = 0; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 5b1dae1313..27fba36748 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1029,9 +1029,7 @@ struct ssl_st { * ssl3_get_message() */ int init_num; /* amount read/written */ int init_off; /* amount read/written */ - /* used internally to point at a raw packet */ - unsigned char *packet; - unsigned int packet_length; + struct ssl3_state_st *s3; /* SSLv3 variables */ struct dtls1_state_st *d1; /* DTLSv1 variables */ |