diff options
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/d1_lib.c | 9 | ||||
| -rw-r--r-- | ssl/record/build.info | 2 | ||||
| -rw-r--r-- | ssl/record/methods/recmethod_local.h | 16 | ||||
| -rw-r--r-- | ssl/record/methods/tls_common.c | 6 | ||||
| -rw-r--r-- | ssl/record/rec_layer_d1.c | 13 | ||||
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 12 | ||||
| -rw-r--r-- | ssl/record/record.h | 12 | ||||
| -rw-r--r-- | ssl/record/record_local.h | 24 | ||||
| -rw-r--r-- | ssl/record/ssl3_buffer.c | 99 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 3 | ||||
| -rw-r--r-- | ssl/ssl_local.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_utst.c | 1 | ||||
| -rw-r--r-- | ssl/statem/extensions.c | 6 | ||||
| -rw-r--r-- | ssl/statem/statem.c | 4 |
14 files changed, 35 insertions, 174 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index b82ddec517..a4ac629926 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -454,14 +454,12 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client) return -1; } - if (!ssl3_setup_buffers(s)) { - /* ERR_raise() already called */ - return -1; - } buf = OPENSSL_malloc(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_PLAIN_LENGTH); if (buf == NULL) return -1; - wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf; + wbuf = OPENSSL_malloc(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_PLAIN_LENGTH); + if (buf == NULL) + return -1; do { /* Get a packet */ @@ -836,6 +834,7 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client) end: BIO_ADDR_free(tmpclient); OPENSSL_free(buf); + OPENSSL_free(wbuf); return ret; } #endif diff --git a/ssl/record/build.info b/ssl/record/build.info index 15a4f8b386..8dfac91dae 100644 --- a/ssl/record/build.info +++ b/ssl/record/build.info @@ -11,7 +11,7 @@ IF[{- !$disabled{asm} -}] ENDIF SOURCE[../../libssl]=\ - rec_layer_s3.c rec_layer_d1.c ssl3_buffer.c ssl3_record.c \ + rec_layer_s3.c rec_layer_d1.c ssl3_record.c \ ssl3_record_tls13.c # For shared builds we need to include the sources needed in providers diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index 2552a8c0ac..21a8297b08 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -460,3 +460,19 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl, int tls_write_records_default(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, size_t numtempl); + +/* Macros/functions provided by the SSL3_BUFFER component */ + +#define SSL3_BUFFER_get_buf(b) ((b)->buf) +#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n)) +#define SSL3_BUFFER_get_len(b) ((b)->len) +#define SSL3_BUFFER_get_left(b) ((b)->left) +#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) +#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) +#define SSL3_BUFFER_get_offset(b) ((b)->offset) +#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) +#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) +#define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l)) +#define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer) + +void SSL3_BUFFER_release(SSL3_BUFFER *b); diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 5c27a6af15..7f1658899d 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -22,6 +22,12 @@ static void tls_int_free(OSSL_RECORD_LAYER *rl); +void SSL3_BUFFER_release(SSL3_BUFFER *b) +{ + OPENSSL_free(b->buf); + b->buf = NULL; +} + void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason, const char *fmt, ...) { diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index e8b3242e28..2d74280188 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -639,21 +639,8 @@ int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf, int i; OSSL_RECORD_TEMPLATE tmpl; SSL *s = SSL_CONNECTION_GET_SSL(sc); - SSL3_BUFFER *wb; int ret; - wb = &sc->rlayer.wbuf[0]; - - /* - * DTLS writes whole datagrams, so there can't be anything left in - * the buffer. - */ - /* TODO(RECLAYER): Remove me */ - if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - /* If we have an alert to send, lets send it */ if (sc->s3.alert_dispatch) { i = s->method->ssl_dispatch_alert(s); diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index bc115684b7..301742dba5 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -33,8 +33,6 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) rl->wpend_ret = 0; rl->wpend_buf = NULL; - ssl3_release_write_buffer(rl->s); - RECORD_LAYER_reset_write_sequence(rl); if (rl->rrlmethod != NULL) @@ -54,8 +52,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) void RECORD_LAYER_release(RECORD_LAYER *rl) { - if (rl->numwpipes > 0) - ssl3_release_write_buffer(rl->s); + /* + * TODO(RECLAYER): Need a way to release the write buffers in the record + * layer on demand + */ } /* Checks if we have unprocessed read ahead data pending */ @@ -73,10 +73,6 @@ int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl) int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) { - /* TODO(RECLAYER): Remove me when DTLS is moved to the write record layer */ - if (SSL_CONNECTION_IS_DTLS(rl->s)) - return (rl->numwpipes > 0) - && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0; return rl->wpend_tot > 0; } diff --git a/ssl/record/record.h b/ssl/record/record.h index 501963756b..1cb24b835b 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -21,7 +21,7 @@ typedef struct ssl3_buffer_st SSL3_BUFFER; *****************************************************************************/ struct ssl3_buffer_st { - /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ + /* at least SSL3_RT_MAX_PACKET_SIZE bytes */ unsigned char *buf; /* default buffer size (or 0 if no default set) */ size_t default_len; @@ -149,14 +149,7 @@ typedef struct record_layer_st { * non-blocking reads) */ int read_ahead; - /* - * TODO(RECLAYER): These next 2 fields can be removed when DTLS is moved to - * the new write record layer architecture. - */ - /* How many pipelines can be used to write data */ - size_t numwpipes; - /* write IO goes into here */ - SSL3_BUFFER wbuf[SSL_MAX_PIPELINES + 1]; + /* number of bytes sent so far */ size_t wnum; unsigned char handshake_fragment[4]; @@ -225,7 +218,6 @@ __owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len, __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, size_t len, int peek, size_t *readbytes); -__owur int ssl3_setup_buffers(SSL_CONNECTION *s); __owur int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, SSL_MAC_BUF *mac, size_t macsize); __owur int tls1_mac_old(SSL_CONNECTION *s, SSL3_RECORD *rec, unsigned char *md, diff --git a/ssl/record/record_local.h b/ssl/record/record_local.h index 04bf2ef6a0..b7535ef004 100644 --- a/ssl/record/record_local.h +++ b/ssl/record/record_local.h @@ -27,30 +27,6 @@ int dtls_buffer_record(SSL_CONNECTION *s, TLS_RECORD *rec); -/* Macros/functions provided by the SSL3_BUFFER component */ - -#define SSL3_BUFFER_get_buf(b) ((b)->buf) -#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n)) -#define SSL3_BUFFER_get_len(b) ((b)->len) -#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l)) -#define SSL3_BUFFER_get_left(b) ((b)->left) -#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) -#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) -#define SSL3_BUFFER_get_offset(b) ((b)->offset) -#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) -#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) -#define SSL3_BUFFER_is_initialised(b) ((b)->buf != NULL) -#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l)) -#define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l)) -#define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer) - -void SSL3_BUFFER_clear(SSL3_BUFFER *b); -void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n); -void SSL3_BUFFER_release(SSL3_BUFFER *b); -__owur int ssl3_setup_write_buffer(SSL_CONNECTION *s, size_t numwpipes, - size_t len); -int ssl3_release_write_buffer(SSL_CONNECTION *s); - /* Macros/functions provided by the SSL3_RECORD component */ #define SSL3_RECORD_get_type(r) ((r)->type) diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 1bb4840f88..f165e08705 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -33,102 +33,3 @@ void SSL3_BUFFER_release(SSL3_BUFFER *b) OPENSSL_free(b->buf); b->buf = NULL; } - -int ssl3_setup_write_buffer(SSL_CONNECTION *s, size_t numwpipes, size_t len) -{ - unsigned char *p; - size_t align = 0, headerlen; - SSL3_BUFFER *wb; - size_t currpipe; - - /* - * TODO(RECLAYER): Eventually this function can be removed once everything - * is moved to the write record layer. - */ - if (!SSL_CONNECTION_IS_DTLS(s)) - return 1; - - s->rlayer.numwpipes = numwpipes; - - if (len == 0) { - if (SSL_CONNECTION_IS_DTLS(s)) - headerlen = DTLS1_RT_HEADER_LENGTH + 1; - else - headerlen = SSL3_RT_HEADER_LENGTH; - -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = SSL3_ALIGN_PAYLOAD - 1; -#endif - - len = ssl_get_max_send_fragment(s) - + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; -#ifndef OPENSSL_NO_COMP - if (ssl_allow_compression(s)) - len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; -#endif - if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) - len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; - } - - wb = RECORD_LAYER_get_wbuf(&s->rlayer); - for (currpipe = 0; currpipe < numwpipes; currpipe++) { - SSL3_BUFFER *thiswb = &wb[currpipe]; - - if (thiswb->len != len) { - OPENSSL_free(thiswb->buf); - thiswb->buf = NULL; /* force reallocation */ - } - - if (thiswb->buf == NULL) { - if (s->wbio == NULL || !BIO_get_ktls_send(s->wbio)) { - p = OPENSSL_malloc(len); - if (p == NULL) { - s->rlayer.numwpipes = currpipe; - /* - * We've got a malloc failure, and we're still initialising - * buffers. We assume we're so doomed that we won't even be able - * to send an alert. - */ - SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_CRYPTO_LIB); - return 0; - } - } else { - p = NULL; - } - memset(thiswb, 0, sizeof(SSL3_BUFFER)); - thiswb->buf = p; - thiswb->len = len; - } - } - - return 1; -} - -int ssl3_setup_buffers(SSL_CONNECTION *s) -{ - if (!ssl3_setup_write_buffer(s, 1, 0)) { - /* SSLfatal() already called */ - return 0; - } - return 1; -} - -int ssl3_release_write_buffer(SSL_CONNECTION *s) -{ - SSL3_BUFFER *wb; - size_t pipes; - - pipes = s->rlayer.numwpipes; - while (pipes > 0) { - wb = &RECORD_LAYER_get_wbuf(&s->rlayer)[pipes - 1]; - - if (SSL3_BUFFER_is_app_buffer(wb)) - SSL3_BUFFER_set_app_buffer(wb, 0); - else - OPENSSL_free(wb->buf); - wb->buf = NULL; - pipes--; - } - s->rlayer.numwpipes = 0; - return 1; -} diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 77b0fcefc3..d47526b6cf 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -6388,7 +6388,8 @@ int SSL_alloc_buffers(SSL *ssl) if (sc == NULL) return 0; - return ssl3_setup_buffers(sc); + /* TODO(RECLAYER): Need a way to make this happen in the record layer */ + return 1; } void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index a1f15a712f..6a935760a0 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2447,7 +2447,6 @@ const SSL_METHOD *func_name(void) \ struct openssl_ssl_test_functions { int (*p_ssl_init_wbio_buffer) (SSL_CONNECTION *s); - int (*p_ssl3_setup_buffers) (SSL_CONNECTION *s); }; const char *ssl_protocol_to_string(int version); @@ -2959,7 +2958,6 @@ void ssl_session_calculate_timeout(SSL_SESSION *ss); # else /* OPENSSL_UNIT_TEST */ # define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer -# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers # endif diff --git a/ssl/ssl_utst.c b/ssl/ssl_utst.c index 690db6d497..91be7398ca 100644 --- a/ssl/ssl_utst.c +++ b/ssl/ssl_utst.c @@ -13,7 +13,6 @@ static const struct openssl_ssl_test_functions ssl_test_functions = { ssl_init_wbio_buffer, - ssl3_setup_buffers, }; const struct openssl_ssl_test_functions *SSL_test_functions(void) diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index b879050c40..601682152a 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1732,12 +1732,6 @@ static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context, GET_MAX_FRAGMENT_LENGTH(s->session)); s->rlayer.wrlmethod->set_max_frag_len(s->rlayer.wrl, ssl_get_max_send_fragment(s)); - /* trigger a larger buffer reallocation */ - /* TODO(RECLAYER): Remove me when DTLS moved to write record layer */ - if (SSL_CONNECTION_IS_DTLS(s) && !ssl3_setup_buffers(s)) { - /* SSLfatal() already called */ - return 0; - } } return 1; diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 448d655a17..921d7cfb1e 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -439,10 +439,6 @@ static int state_machine(SSL_CONNECTION *s, int server) buf = NULL; } - if (!ssl3_setup_buffers(s)) { - SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); - goto end; - } s->init_num = 0; /* |