mirror of https://github.com/openssl/openssl.git
Further libssl size_t-ify of reading
Writing still to be done Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell
parent
8e6d03cac4
commit
eda757514e
|
|
@ -1568,7 +1568,9 @@ __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
|
||||||
__owur int SSL_accept(SSL *ssl);
|
__owur int SSL_accept(SSL *ssl);
|
||||||
__owur int SSL_connect(SSL *ssl);
|
__owur int SSL_connect(SSL *ssl);
|
||||||
__owur int SSL_read(SSL *ssl, void *buf, int num);
|
__owur int SSL_read(SSL *ssl, void *buf, int num);
|
||||||
|
__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read);
|
||||||
__owur int SSL_peek(SSL *ssl, void *buf, int num);
|
__owur int SSL_peek(SSL *ssl, void *buf, int num);
|
||||||
|
__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read);
|
||||||
__owur int SSL_write(SSL *ssl, const void *buf, int num);
|
__owur int SSL_write(SSL *ssl, const void *buf, int num);
|
||||||
long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
|
long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
|
||||||
long SSL_callback_ctrl(SSL *, int, void (*)(void));
|
long SSL_callback_ctrl(SSL *, int, void (*)(void));
|
||||||
|
|
@ -2179,7 +2181,9 @@ int ERR_load_SSL_strings(void);
|
||||||
# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
|
# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
|
||||||
# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
|
# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
|
||||||
# define SSL_F_SSL_PEEK 270
|
# define SSL_F_SSL_PEEK 270
|
||||||
|
# define SSL_F_SSL_PEEK_EX 425
|
||||||
# define SSL_F_SSL_READ 223
|
# define SSL_F_SSL_READ 223
|
||||||
|
# define SSL_F_SSL_READ_EX 426
|
||||||
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
|
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
|
||||||
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
|
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
|
||||||
# define SSL_F_SSL_SESSION_DUP 348
|
# define SSL_F_SSL_SESSION_DUP 348
|
||||||
|
|
|
||||||
|
|
@ -118,8 +118,8 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
|
||||||
memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
|
memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
|
static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf,
|
||||||
int len);
|
size_t len);
|
||||||
|
|
||||||
/* copy buffered record into SSL structure */
|
/* copy buffered record into SSL structure */
|
||||||
static int dtls1_copy_record(SSL *s, pitem *item)
|
static int dtls1_copy_record(SSL *s, pitem *item)
|
||||||
|
|
@ -336,10 +336,10 @@ int dtls1_process_buffered_records(SSL *s)
|
||||||
* none of our business
|
* none of our business
|
||||||
*/
|
*/
|
||||||
int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
int len, int peek)
|
size_t len, int peek, size_t *read)
|
||||||
{
|
{
|
||||||
int al, i, j, ret;
|
int al, i, j, iret;
|
||||||
unsigned int n;
|
size_t ret, n;
|
||||||
SSL3_RECORD *rr;
|
SSL3_RECORD *rr;
|
||||||
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
|
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
|
||||||
|
|
||||||
|
|
@ -359,9 +359,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
/*
|
/*
|
||||||
* check whether there's a handshake message (client hello?) waiting
|
* check whether there's a handshake message (client hello?) waiting
|
||||||
*/
|
*/
|
||||||
if ((ret = have_handshake_fragment(s, type, buf, len))) {
|
ret = have_handshake_fragment(s, type, buf, len);
|
||||||
|
if (ret > 0) {
|
||||||
*recvd_type = SSL3_RT_HANDSHAKE;
|
*recvd_type = SSL3_RT_HANDSHAKE;
|
||||||
return ret;
|
*read = ret;
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -385,10 +387,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
/* type == SSL3_RT_APPLICATION_DATA */
|
/* type == SSL3_RT_APPLICATION_DATA */
|
||||||
i = s->handshake_func(s);
|
i = s->handshake_func(s);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
return (i);
|
return i;
|
||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -434,12 +436,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
/* get new packet if necessary */
|
/* get new packet if necessary */
|
||||||
if ((SSL3_RECORD_get_length(rr) == 0)
|
if ((SSL3_RECORD_get_length(rr) == 0)
|
||||||
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) {
|
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) {
|
||||||
ret = dtls1_get_record(s);
|
iret = dtls1_get_record(s);
|
||||||
if (ret <= 0) {
|
if (iret <= 0) {
|
||||||
ret = dtls1_read_failed(s, ret);
|
iret = dtls1_read_failed(s, iret);
|
||||||
/* anything other than a timeout is an error */
|
/* anything other than a timeout is an error */
|
||||||
if (ret <= 0)
|
if (iret <= 0)
|
||||||
return (ret);
|
return iret;
|
||||||
else
|
else
|
||||||
goto start;
|
goto start;
|
||||||
}
|
}
|
||||||
|
|
@ -479,7 +481,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
|
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
|
||||||
SSL3_RECORD_set_length(rr, 0);
|
SSL3_RECORD_set_length(rr, 0);
|
||||||
s->rwstate = SSL_NOTHING;
|
s->rwstate = SSL_NOTHING;
|
||||||
return (0);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (type == SSL3_RECORD_get_type(rr)
|
if (type == SSL3_RECORD_get_type(rr)
|
||||||
|
|
@ -504,13 +506,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
if (recvd_type != NULL)
|
if (recvd_type != NULL)
|
||||||
*recvd_type = SSL3_RECORD_get_type(rr);
|
*recvd_type = SSL3_RECORD_get_type(rr);
|
||||||
|
|
||||||
if (len <= 0)
|
if (len == 0)
|
||||||
return (len);
|
return 0;
|
||||||
|
|
||||||
if ((unsigned int)len > SSL3_RECORD_get_length(rr))
|
if (len > SSL3_RECORD_get_length(rr))
|
||||||
n = SSL3_RECORD_get_length(rr);
|
n = SSL3_RECORD_get_length(rr);
|
||||||
else
|
else
|
||||||
n = (unsigned int)len;
|
n = len;
|
||||||
|
|
||||||
memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
|
memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
|
||||||
if (!peek) {
|
if (!peek) {
|
||||||
|
|
@ -543,10 +545,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
s->d1->shutdown_received
|
s->d1->shutdown_received
|
||||||
&& !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
|
&& !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
|
||||||
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
||||||
return (0);
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
return (n);
|
*read = n;
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -559,9 +562,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
* that so that we can process the data at a fixed place.
|
* that so that we can process the data at a fixed place.
|
||||||
*/
|
*/
|
||||||
{
|
{
|
||||||
unsigned int k, dest_maxlen = 0;
|
size_t k, dest_maxlen = 0;
|
||||||
unsigned char *dest = NULL;
|
unsigned char *dest = NULL;
|
||||||
unsigned int *dest_len = NULL;
|
size_t *dest_len = NULL;
|
||||||
|
|
||||||
if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
|
if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
|
||||||
dest_maxlen = sizeof s->rlayer.d->handshake_fragment;
|
dest_maxlen = sizeof s->rlayer.d->handshake_fragment;
|
||||||
|
|
@ -584,7 +587,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
s->rwstate = SSL_READING;
|
s->rwstate = SSL_READING;
|
||||||
BIO_clear_retry_flags(SSL_get_rbio(s));
|
BIO_clear_retry_flags(SSL_get_rbio(s));
|
||||||
BIO_set_retry_read(SSL_get_rbio(s));
|
BIO_set_retry_read(SSL_get_rbio(s));
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
/* else it's a CCS message, or application data or wrong */
|
/* else it's a CCS message, or application data or wrong */
|
||||||
|
|
@ -600,7 +603,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
s->rwstate = SSL_READING;
|
s->rwstate = SSL_READING;
|
||||||
BIO_clear_retry_flags(bio);
|
BIO_clear_retry_flags(bio);
|
||||||
BIO_set_retry_read(bio);
|
BIO_set_retry_read(bio);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Not certain if this is the right error handling */
|
/* Not certain if this is the right error handling */
|
||||||
|
|
@ -677,10 +680,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
if (ssl3_renegotiate_check(s)) {
|
if (ssl3_renegotiate_check(s)) {
|
||||||
i = s->handshake_func(s);
|
i = s->handshake_func(s);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
return (i);
|
return i;
|
||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
|
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
|
||||||
|
|
@ -697,7 +700,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
bio = SSL_get_rbio(s);
|
bio = SSL_get_rbio(s);
|
||||||
BIO_clear_retry_flags(bio);
|
BIO_clear_retry_flags(bio);
|
||||||
BIO_set_retry_read(bio);
|
BIO_set_retry_read(bio);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -757,7 +760,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
||||||
return (0);
|
return 0;
|
||||||
}
|
}
|
||||||
#if 0
|
#if 0
|
||||||
/* XXX: this is a possible improvement in the future */
|
/* XXX: this is a possible improvement in the future */
|
||||||
|
|
@ -797,7 +800,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
ERR_add_error_data(2, "SSL alert number ", tmp);
|
ERR_add_error_data(2, "SSL alert number ", tmp);
|
||||||
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
||||||
SSL_CTX_remove_session(s->session_ctx, s->session);
|
SSL_CTX_remove_session(s->session_ctx, s->session);
|
||||||
return (0);
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
al = SSL_AD_ILLEGAL_PARAMETER;
|
al = SSL_AD_ILLEGAL_PARAMETER;
|
||||||
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
|
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
|
||||||
|
|
@ -811,7 +814,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
* shutdown */
|
* shutdown */
|
||||||
s->rwstate = SSL_NOTHING;
|
s->rwstate = SSL_NOTHING;
|
||||||
SSL3_RECORD_set_length(rr, 0);
|
SSL3_RECORD_set_length(rr, 0);
|
||||||
return (0);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
|
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
|
||||||
|
|
@ -858,10 +861,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
}
|
}
|
||||||
i = s->handshake_func(s);
|
i = s->handshake_func(s);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
return (i);
|
return i;
|
||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
|
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
|
||||||
|
|
@ -878,7 +881,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
bio = SSL_get_rbio(s);
|
bio = SSL_get_rbio(s);
|
||||||
BIO_clear_retry_flags(bio);
|
BIO_clear_retry_flags(bio);
|
||||||
BIO_set_retry_read(bio);
|
BIO_set_retry_read(bio);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
goto start;
|
goto start;
|
||||||
|
|
@ -917,7 +920,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
(s->s3->total_renegotiations != 0) &&
|
(s->s3->total_renegotiations != 0) &&
|
||||||
ossl_statem_app_data_allowed(s)) {
|
ossl_statem_app_data_allowed(s)) {
|
||||||
s->s3->in_read_app_data = 2;
|
s->s3->in_read_app_data = 2;
|
||||||
return (-1);
|
return -1;
|
||||||
} else {
|
} else {
|
||||||
al = SSL_AD_UNEXPECTED_MESSAGE;
|
al = SSL_AD_UNEXPECTED_MESSAGE;
|
||||||
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
|
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
|
||||||
|
|
@ -928,15 +931,15 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
|
|
||||||
f_err:
|
f_err:
|
||||||
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* this only happens when a client hello is received and a handshake
|
* this only happens when a client hello is received and a handshake
|
||||||
* is started.
|
* is started.
|
||||||
*/
|
*/
|
||||||
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
|
static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf,
|
||||||
int len)
|
size_t len)
|
||||||
{
|
{
|
||||||
|
|
||||||
if ((type == SSL3_RT_HANDSHAKE)
|
if ((type == SSL3_RT_HANDSHAKE)
|
||||||
|
|
@ -945,7 +948,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
|
||||||
{
|
{
|
||||||
unsigned char *src = s->rlayer.d->handshake_fragment;
|
unsigned char *src = s->rlayer.d->handshake_fragment;
|
||||||
unsigned char *dst = buf;
|
unsigned char *dst = buf;
|
||||||
unsigned int k, n;
|
size_t k, n;
|
||||||
|
|
||||||
/* peek == 0 */
|
/* peek == 0 */
|
||||||
n = 0;
|
n = 0;
|
||||||
|
|
|
||||||
|
|
@ -95,7 +95,8 @@ int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
|
||||||
&& SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
|
&& SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len)
|
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf,
|
||||||
|
size_t len)
|
||||||
{
|
{
|
||||||
rl->packet_length = len;
|
rl->packet_length = len;
|
||||||
if (len != 0) {
|
if (len != 0) {
|
||||||
|
|
@ -630,6 +631,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* TODO(size_t): convert me */
|
||||||
int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
||||||
unsigned int *pipelens, unsigned int numpipes,
|
unsigned int *pipelens, unsigned int numpipes,
|
||||||
int create_empty_fragment)
|
int create_empty_fragment)
|
||||||
|
|
@ -786,7 +788,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
||||||
|
|
||||||
/* lets setup the record stuff. */
|
/* lets setup the record stuff. */
|
||||||
SSL3_RECORD_set_data(&wr[j], outbuf[j] + eivlen);
|
SSL3_RECORD_set_data(&wr[j], outbuf[j] + eivlen);
|
||||||
SSL3_RECORD_set_length(&wr[j], (int)pipelens[j]);
|
SSL3_RECORD_set_length(&wr[j], pipelens[j]);
|
||||||
SSL3_RECORD_set_input(&wr[j], (unsigned char *)&buf[totlen]);
|
SSL3_RECORD_set_input(&wr[j], (unsigned char *)&buf[totlen]);
|
||||||
totlen += pipelens[j];
|
totlen += pipelens[j];
|
||||||
|
|
||||||
|
|
@ -948,7 +950,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
SSL3_BUFFER_add_offset(&wb[currbuf], i);
|
SSL3_BUFFER_add_offset(&wb[currbuf], i);
|
||||||
SSL3_BUFFER_add_left(&wb[currbuf], -i);
|
SSL3_BUFFER_sub_left(&wb[currbuf], i);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -982,10 +984,10 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
|
||||||
* none of our business
|
* none of our business
|
||||||
*/
|
*/
|
||||||
int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
int len, int peek)
|
size_t len, int peek, size_t *read)
|
||||||
{
|
{
|
||||||
int al, i, j, ret;
|
int al, i, j, ret;
|
||||||
unsigned int n, curr_rec, num_recs, read_bytes;
|
size_t n, curr_rec, num_recs, read_bytes;
|
||||||
SSL3_RECORD *rr;
|
SSL3_RECORD *rr;
|
||||||
SSL3_BUFFER *rbuf;
|
SSL3_BUFFER *rbuf;
|
||||||
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
|
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
|
||||||
|
|
@ -995,7 +997,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
if (!SSL3_BUFFER_is_initialised(rbuf)) {
|
if (!SSL3_BUFFER_is_initialised(rbuf)) {
|
||||||
/* Not initialized yet */
|
/* Not initialized yet */
|
||||||
if (!ssl3_setup_read_buffer(s))
|
if (!ssl3_setup_read_buffer(s))
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((type && (type != SSL3_RT_APPLICATION_DATA)
|
if ((type && (type != SSL3_RT_APPLICATION_DATA)
|
||||||
|
|
@ -1028,7 +1030,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
if (recvd_type != NULL)
|
if (recvd_type != NULL)
|
||||||
*recvd_type = SSL3_RT_HANDSHAKE;
|
*recvd_type = SSL3_RT_HANDSHAKE;
|
||||||
|
|
||||||
return n;
|
*read = n;
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -1039,10 +1042,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
/* type == SSL3_RT_APPLICATION_DATA */
|
/* type == SSL3_RT_APPLICATION_DATA */
|
||||||
i = s->handshake_func(s);
|
i = s->handshake_func(s);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
return (i);
|
return i;
|
||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
start:
|
start:
|
||||||
|
|
@ -1063,7 +1066,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
if (num_recs == 0) {
|
if (num_recs == 0) {
|
||||||
ret = ssl3_get_record(s);
|
ret = ssl3_get_record(s);
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return (ret);
|
return ret;
|
||||||
num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
|
num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
|
||||||
if (num_recs == 0) {
|
if (num_recs == 0) {
|
||||||
/* Shouldn't happen */
|
/* Shouldn't happen */
|
||||||
|
|
@ -1109,7 +1112,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
|
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
|
||||||
SSL3_RECORD_set_length(rr, 0);
|
SSL3_RECORD_set_length(rr, 0);
|
||||||
s->rwstate = SSL_NOTHING;
|
s->rwstate = SSL_NOTHING;
|
||||||
return (0);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (type == SSL3_RECORD_get_type(rr)
|
if (type == SSL3_RECORD_get_type(rr)
|
||||||
|
|
@ -1142,15 +1145,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
if (recvd_type != NULL)
|
if (recvd_type != NULL)
|
||||||
*recvd_type = SSL3_RECORD_get_type(rr);
|
*recvd_type = SSL3_RECORD_get_type(rr);
|
||||||
|
|
||||||
if (len <= 0)
|
if (len == 0)
|
||||||
return (len);
|
return 0;
|
||||||
|
|
||||||
read_bytes = 0;
|
read_bytes = 0;
|
||||||
do {
|
do {
|
||||||
if ((unsigned int)len - read_bytes > SSL3_RECORD_get_length(rr))
|
if (len - read_bytes > SSL3_RECORD_get_length(rr))
|
||||||
n = SSL3_RECORD_get_length(rr);
|
n = SSL3_RECORD_get_length(rr);
|
||||||
else
|
else
|
||||||
n = (unsigned int)len - read_bytes;
|
n = len - read_bytes;
|
||||||
|
|
||||||
memcpy(buf, &(rr->data[rr->off]), n);
|
memcpy(buf, &(rr->data[rr->off]), n);
|
||||||
buf += n;
|
buf += n;
|
||||||
|
|
@ -1174,7 +1177,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
}
|
}
|
||||||
read_bytes += n;
|
read_bytes += n;
|
||||||
} while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
|
} while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
|
||||||
&& read_bytes < (unsigned int)len);
|
&& read_bytes < len);
|
||||||
if (read_bytes == 0) {
|
if (read_bytes == 0) {
|
||||||
/* We must have read empty records. Get more data */
|
/* We must have read empty records. Get more data */
|
||||||
goto start;
|
goto start;
|
||||||
|
|
@ -1183,7 +1186,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
&& (s->mode & SSL_MODE_RELEASE_BUFFERS)
|
&& (s->mode & SSL_MODE_RELEASE_BUFFERS)
|
||||||
&& SSL3_BUFFER_get_left(rbuf) == 0)
|
&& SSL3_BUFFER_get_left(rbuf) == 0)
|
||||||
ssl3_release_read_buffer(s);
|
ssl3_release_read_buffer(s);
|
||||||
return read_bytes;
|
*read = read_bytes;
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -1226,9 +1230,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
* that so that we can process the data at a fixed place.
|
* that so that we can process the data at a fixed place.
|
||||||
*/
|
*/
|
||||||
{
|
{
|
||||||
unsigned int dest_maxlen = 0;
|
size_t dest_maxlen = 0;
|
||||||
unsigned char *dest = NULL;
|
unsigned char *dest = NULL;
|
||||||
unsigned int *dest_len = NULL;
|
size_t *dest_len = NULL;
|
||||||
|
|
||||||
if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
|
if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
|
||||||
dest_maxlen = sizeof s->rlayer.handshake_fragment;
|
dest_maxlen = sizeof s->rlayer.handshake_fragment;
|
||||||
|
|
@ -1293,10 +1297,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
if (ssl3_renegotiate_check(s)) {
|
if (ssl3_renegotiate_check(s)) {
|
||||||
i = s->handshake_func(s);
|
i = s->handshake_func(s);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
return (i);
|
return i;
|
||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
|
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
|
||||||
|
|
@ -1313,7 +1317,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
bio = SSL_get_rbio(s);
|
bio = SSL_get_rbio(s);
|
||||||
BIO_clear_retry_flags(bio);
|
BIO_clear_retry_flags(bio);
|
||||||
BIO_set_retry_read(bio);
|
BIO_set_retry_read(bio);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1376,7 +1380,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
|
|
||||||
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
|
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
|
||||||
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
||||||
return (0);
|
return 0;
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
* This is a warning but we receive it if we requested
|
* This is a warning but we receive it if we requested
|
||||||
|
|
@ -1406,7 +1410,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
||||||
SSL3_RECORD_set_read(rr);
|
SSL3_RECORD_set_read(rr);
|
||||||
SSL_CTX_remove_session(s->session_ctx, s->session);
|
SSL_CTX_remove_session(s->session_ctx, s->session);
|
||||||
return (0);
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
al = SSL_AD_ILLEGAL_PARAMETER;
|
al = SSL_AD_ILLEGAL_PARAMETER;
|
||||||
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
|
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
|
||||||
|
|
@ -1421,7 +1425,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
s->rwstate = SSL_NOTHING;
|
s->rwstate = SSL_NOTHING;
|
||||||
SSL3_RECORD_set_length(rr, 0);
|
SSL3_RECORD_set_length(rr, 0);
|
||||||
SSL3_RECORD_set_read(rr);
|
SSL3_RECORD_set_read(rr);
|
||||||
return (0);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
|
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
|
||||||
|
|
@ -1443,10 +1447,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
}
|
}
|
||||||
i = s->handshake_func(s);
|
i = s->handshake_func(s);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
return (i);
|
return i;
|
||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
|
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
|
||||||
|
|
@ -1463,7 +1467,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
bio = SSL_get_rbio(s);
|
bio = SSL_get_rbio(s);
|
||||||
BIO_clear_retry_flags(bio);
|
BIO_clear_retry_flags(bio);
|
||||||
BIO_set_retry_read(bio);
|
BIO_set_retry_read(bio);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
goto start;
|
goto start;
|
||||||
|
|
@ -1502,7 +1506,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
*/
|
*/
|
||||||
if (ossl_statem_app_data_allowed(s)) {
|
if (ossl_statem_app_data_allowed(s)) {
|
||||||
s->s3->in_read_app_data = 2;
|
s->s3->in_read_app_data = 2;
|
||||||
return (-1);
|
return -1;
|
||||||
} else {
|
} else {
|
||||||
al = SSL_AD_UNEXPECTED_MESSAGE;
|
al = SSL_AD_UNEXPECTED_MESSAGE;
|
||||||
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
|
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
|
||||||
|
|
@ -1513,7 +1517,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|
||||||
|
|
||||||
f_err:
|
f_err:
|
||||||
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void ssl3_record_sequence_update(unsigned char *seq)
|
void ssl3_record_sequence_update(unsigned char *seq)
|
||||||
|
|
@ -1539,7 +1543,7 @@ int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl)
|
||||||
/*
|
/*
|
||||||
* Returns the length in bytes of the current rrec
|
* Returns the length in bytes of the current rrec
|
||||||
*/
|
*/
|
||||||
unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
|
size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
|
||||||
{
|
{
|
||||||
return SSL3_RECORD_get_length(&rl->rrec[0]);
|
return SSL3_RECORD_get_length(&rl->rrec[0]);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -38,16 +38,16 @@ typedef struct ssl3_record_st {
|
||||||
int type;
|
int type;
|
||||||
/* How many bytes available */
|
/* How many bytes available */
|
||||||
/* rw */
|
/* rw */
|
||||||
unsigned int length;
|
size_t length;
|
||||||
/*
|
/*
|
||||||
* How many bytes were available before padding was removed? This is used
|
* How many bytes were available before padding was removed? This is used
|
||||||
* to implement the MAC check in constant time for CBC records.
|
* to implement the MAC check in constant time for CBC records.
|
||||||
*/
|
*/
|
||||||
/* rw */
|
/* rw */
|
||||||
unsigned int orig_len;
|
size_t orig_len;
|
||||||
/* read/write offset into 'buf' */
|
/* read/write offset into 'buf' */
|
||||||
/* r */
|
/* r */
|
||||||
unsigned int off;
|
size_t off;
|
||||||
/* pointer to the record data */
|
/* pointer to the record data */
|
||||||
/* rw */
|
/* rw */
|
||||||
unsigned char *data;
|
unsigned char *data;
|
||||||
|
|
@ -82,7 +82,7 @@ typedef struct record_pqueue_st {
|
||||||
|
|
||||||
typedef struct dtls1_record_data_st {
|
typedef struct dtls1_record_data_st {
|
||||||
unsigned char *packet;
|
unsigned char *packet;
|
||||||
unsigned int packet_length;
|
size_t packet_length;
|
||||||
SSL3_BUFFER rbuf;
|
SSL3_BUFFER rbuf;
|
||||||
SSL3_RECORD rrec;
|
SSL3_RECORD rrec;
|
||||||
#ifndef OPENSSL_NO_SCTP
|
#ifndef OPENSSL_NO_SCTP
|
||||||
|
|
@ -116,9 +116,9 @@ typedef struct dtls_record_layer_st {
|
||||||
* processed by ssl3_read_bytes:
|
* processed by ssl3_read_bytes:
|
||||||
*/
|
*/
|
||||||
unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
|
unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
|
||||||
unsigned int alert_fragment_len;
|
size_t alert_fragment_len;
|
||||||
unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
|
unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
|
||||||
unsigned int handshake_fragment_len;
|
size_t handshake_fragment_len;
|
||||||
/* save last and current sequence numbers for retransmissions */
|
/* save last and current sequence numbers for retransmissions */
|
||||||
unsigned char last_write_sequence[8];
|
unsigned char last_write_sequence[8];
|
||||||
unsigned char curr_write_sequence[8];
|
unsigned char curr_write_sequence[8];
|
||||||
|
|
@ -143,7 +143,7 @@ typedef struct record_layer_st {
|
||||||
/* where we are when reading */
|
/* where we are when reading */
|
||||||
int rstate;
|
int rstate;
|
||||||
/* How many pipelines can be used to read data */
|
/* How many pipelines can be used to read data */
|
||||||
unsigned int numrpipes;
|
size_t numrpipes;
|
||||||
/* How many pipelines can be used to write data */
|
/* How many pipelines can be used to write data */
|
||||||
unsigned int numwpipes;
|
unsigned int numwpipes;
|
||||||
/* read IO goes into here */
|
/* read IO goes into here */
|
||||||
|
|
@ -162,11 +162,11 @@ typedef struct record_layer_st {
|
||||||
* processed by ssl3_read_bytes:
|
* processed by ssl3_read_bytes:
|
||||||
*/
|
*/
|
||||||
unsigned char alert_fragment[2];
|
unsigned char alert_fragment[2];
|
||||||
unsigned int alert_fragment_len;
|
size_t alert_fragment_len;
|
||||||
unsigned char handshake_fragment[4];
|
unsigned char handshake_fragment[4];
|
||||||
unsigned int handshake_fragment_len;
|
size_t handshake_fragment_len;
|
||||||
/* The number of consecutive empty records we have received */
|
/* The number of consecutive empty records we have received */
|
||||||
unsigned int empty_record_count;
|
size_t empty_record_count;
|
||||||
/* partial write - check the numbers match */
|
/* partial write - check the numbers match */
|
||||||
/* number bytes written */
|
/* number bytes written */
|
||||||
int wpend_tot;
|
int wpend_tot;
|
||||||
|
|
@ -208,18 +208,20 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl);
|
||||||
void RECORD_LAYER_release(RECORD_LAYER *rl);
|
void RECORD_LAYER_release(RECORD_LAYER *rl);
|
||||||
int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
|
int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
|
||||||
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
|
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
|
||||||
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len);
|
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf,
|
||||||
|
size_t len);
|
||||||
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
|
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
|
||||||
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
|
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
|
||||||
int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
|
int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
|
||||||
unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
|
size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
|
||||||
__owur int ssl3_pending(const SSL *s);
|
__owur int ssl3_pending(const SSL *s);
|
||||||
__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
|
__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
|
||||||
__owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
__owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
||||||
unsigned int *pipelens, unsigned int numpipes,
|
unsigned int *pipelens, unsigned int numpipes,
|
||||||
int create_empty_fragment);
|
int create_empty_fragment);
|
||||||
__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
|
__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
|
||||||
unsigned char *buf, int len, int peek);
|
unsigned char *buf, size_t len, int peek,
|
||||||
|
size_t *read);
|
||||||
__owur int ssl3_setup_buffers(SSL *s);
|
__owur int ssl3_setup_buffers(SSL *s);
|
||||||
__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send);
|
__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send);
|
||||||
__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
|
__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
|
||||||
|
|
@ -235,7 +237,8 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
|
||||||
void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl);
|
void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl);
|
||||||
void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
|
void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
|
||||||
__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
|
__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
|
||||||
unsigned char *buf, int len, int peek);
|
unsigned char *buf, size_t len, int peek,
|
||||||
|
size_t *read);
|
||||||
__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
|
__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
|
||||||
__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
|
__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
|
||||||
unsigned int len, int create_empty_fragement);
|
unsigned int len, int create_empty_fragement);
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
|
||||||
#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l))
|
#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l))
|
||||||
#define SSL3_BUFFER_get_left(b) ((b)->left)
|
#define SSL3_BUFFER_get_left(b) ((b)->left)
|
||||||
#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l))
|
#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l))
|
||||||
#define SSL3_BUFFER_add_left(b, l) ((b)->left += (l))
|
#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l))
|
||||||
#define SSL3_BUFFER_get_offset(b) ((b)->offset)
|
#define SSL3_BUFFER_get_offset(b) ((b)->offset)
|
||||||
#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o))
|
#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o))
|
||||||
#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o))
|
#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o))
|
||||||
|
|
@ -70,7 +70,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
|
||||||
#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l))
|
#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l))
|
||||||
|
|
||||||
void SSL3_BUFFER_clear(SSL3_BUFFER *b);
|
void SSL3_BUFFER_clear(SSL3_BUFFER *b);
|
||||||
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n);
|
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n);
|
||||||
void SSL3_BUFFER_release(SSL3_BUFFER *b);
|
void SSL3_BUFFER_release(SSL3_BUFFER *b);
|
||||||
__owur int ssl3_setup_read_buffer(SSL *s);
|
__owur int ssl3_setup_read_buffer(SSL *s);
|
||||||
__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len);
|
__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len);
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@
|
||||||
#include "../ssl_locl.h"
|
#include "../ssl_locl.h"
|
||||||
#include "record_locl.h"
|
#include "record_locl.h"
|
||||||
|
|
||||||
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n)
|
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
|
||||||
{
|
{
|
||||||
if (d != NULL)
|
if (d != NULL)
|
||||||
memcpy(b->buf, d, n);
|
memcpy(b->buf, d, n);
|
||||||
|
|
|
||||||
|
|
@ -203,6 +203,7 @@ int ssl3_get_record(SSL *s)
|
||||||
ssl_minor = *(p++);
|
ssl_minor = *(p++);
|
||||||
version = (ssl_major << 8) | ssl_minor;
|
version = (ssl_major << 8) | ssl_minor;
|
||||||
rr[num_recs].rec_version = version;
|
rr[num_recs].rec_version = version;
|
||||||
|
/* TODO(size_t): CHECK ME */
|
||||||
n2s(p, rr[num_recs].length);
|
n2s(p, rr[num_recs].length);
|
||||||
|
|
||||||
/* Lets check version */
|
/* Lets check version */
|
||||||
|
|
@ -383,9 +384,9 @@ int ssl3_get_record(SSL *s)
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
#ifdef SSL_DEBUG
|
#ifdef SSL_DEBUG
|
||||||
printf("dec %d\n", rr->length);
|
printf("dec %ld\n", rr->length);
|
||||||
{
|
{
|
||||||
unsigned int z;
|
size_t z;
|
||||||
for (z = 0; z < rr->length; z++)
|
for (z = 0; z < rr->length; z++)
|
||||||
printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
|
printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
|
||||||
}
|
}
|
||||||
|
|
@ -527,6 +528,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
|
||||||
if (rr->comp == NULL)
|
if (rr->comp == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
/* TODO(size_t): Convert this call */
|
||||||
i = COMP_expand_block(ssl->expand, rr->comp,
|
i = COMP_expand_block(ssl->expand, rr->comp,
|
||||||
SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
|
SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
|
|
@ -543,6 +545,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
|
||||||
#ifndef OPENSSL_NO_COMP
|
#ifndef OPENSSL_NO_COMP
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
/* TODO(size_t): Convert this call */
|
||||||
i = COMP_compress_block(ssl->compress, wr->data,
|
i = COMP_compress_block(ssl->compress, wr->data,
|
||||||
SSL3_RT_MAX_COMPRESSED_LENGTH,
|
SSL3_RT_MAX_COMPRESSED_LENGTH,
|
||||||
wr->input, (int)wr->length);
|
wr->input, (int)wr->length);
|
||||||
|
|
@ -570,8 +573,8 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
|
||||||
{
|
{
|
||||||
SSL3_RECORD *rec;
|
SSL3_RECORD *rec;
|
||||||
EVP_CIPHER_CTX *ds;
|
EVP_CIPHER_CTX *ds;
|
||||||
unsigned long l;
|
size_t l, i;
|
||||||
int bs, i, mac_size = 0;
|
int bs, mac_size = 0;
|
||||||
const EVP_CIPHER *enc;
|
const EVP_CIPHER *enc;
|
||||||
|
|
||||||
rec = inrecs;
|
rec = inrecs;
|
||||||
|
|
@ -599,6 +602,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
|
||||||
rec->input = rec->data;
|
rec->input = rec->data;
|
||||||
} else {
|
} else {
|
||||||
l = rec->length;
|
l = rec->length;
|
||||||
|
/* TODO(size_t): Convert this call */
|
||||||
bs = EVP_CIPHER_CTX_block_size(ds);
|
bs = EVP_CIPHER_CTX_block_size(ds);
|
||||||
|
|
||||||
/* COMPRESS */
|
/* COMPRESS */
|
||||||
|
|
@ -623,6 +627,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
|
||||||
/* otherwise, rec->length >= bs */
|
/* otherwise, rec->length >= bs */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* TODO(size_t): Convert this call */
|
||||||
if (EVP_Cipher(ds, rec->data, rec->input, l) < 1)
|
if (EVP_Cipher(ds, rec->data, rec->input, l) < 1)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
|
@ -1008,6 +1013,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
|
||||||
* are hashing because that gives an attacker a timing-oracle.
|
* are hashing because that gives an attacker a timing-oracle.
|
||||||
*/
|
*/
|
||||||
/* Final param == not SSLv3 */
|
/* Final param == not SSLv3 */
|
||||||
|
/* TODO(size_t): Convert this call */
|
||||||
if (ssl3_cbc_digest_record(mac_ctx,
|
if (ssl3_cbc_digest_record(mac_ctx,
|
||||||
md, &md_size,
|
md, &md_size,
|
||||||
header, rec->input,
|
header, rec->input,
|
||||||
|
|
@ -1018,6 +1024,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
/* TODO(size_t): Convert these calls */
|
||||||
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|
||||||
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|
||||||
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
|
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
|
||||||
|
|
@ -1045,7 +1052,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
|
||||||
}
|
}
|
||||||
fprintf(stderr, "rec=");
|
fprintf(stderr, "rec=");
|
||||||
{
|
{
|
||||||
unsigned int z;
|
size_t z;
|
||||||
for (z = 0; z < rec->length; z++)
|
for (z = 0; z < rec->length; z++)
|
||||||
fprintf(stderr, "%02X ", rec->data[z]);
|
fprintf(stderr, "%02X ", rec->data[z]);
|
||||||
fprintf(stderr, "\n");
|
fprintf(stderr, "\n");
|
||||||
|
|
@ -1080,6 +1087,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
|
||||||
* 1: if the padding was valid
|
* 1: if the padding was valid
|
||||||
* -1: otherwise.
|
* -1: otherwise.
|
||||||
*/
|
*/
|
||||||
|
/* TODO(size_t): Convert me */
|
||||||
int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
|
int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
|
||||||
unsigned block_size, unsigned mac_size)
|
unsigned block_size, unsigned mac_size)
|
||||||
{
|
{
|
||||||
|
|
@ -1113,6 +1121,7 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
|
||||||
* 1: if the padding was valid
|
* 1: if the padding was valid
|
||||||
* -1: otherwise.
|
* -1: otherwise.
|
||||||
*/
|
*/
|
||||||
|
/* TODO(size_t): Convert me */
|
||||||
int tls1_cbc_remove_padding(const SSL *s,
|
int tls1_cbc_remove_padding(const SSL *s,
|
||||||
SSL3_RECORD *rec,
|
SSL3_RECORD *rec,
|
||||||
unsigned block_size, unsigned mac_size)
|
unsigned block_size, unsigned mac_size)
|
||||||
|
|
@ -1198,6 +1207,7 @@ int tls1_cbc_remove_padding(const SSL *s,
|
||||||
*/
|
*/
|
||||||
#define CBC_MAC_ROTATE_IN_PLACE
|
#define CBC_MAC_ROTATE_IN_PLACE
|
||||||
|
|
||||||
|
/* TODO(size_t): Convert me */
|
||||||
void ssl3_cbc_copy_mac(unsigned char *out,
|
void ssl3_cbc_copy_mac(unsigned char *out,
|
||||||
const SSL3_RECORD *rec, unsigned md_size)
|
const SSL3_RECORD *rec, unsigned md_size)
|
||||||
{
|
{
|
||||||
|
|
@ -1350,9 +1360,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
#ifdef SSL_DEBUG
|
#ifdef SSL_DEBUG
|
||||||
printf("dec %d\n", rr->length);
|
printf("dec %ld\n", rr->length);
|
||||||
{
|
{
|
||||||
unsigned int z;
|
size_t z;
|
||||||
for (z = 0; z < rr->length; z++)
|
for (z = 0; z < rr->length; z++)
|
||||||
printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
|
printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
|
||||||
}
|
}
|
||||||
|
|
@ -1544,6 +1554,7 @@ int dtls1_get_record(SSL *s)
|
||||||
memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
|
memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
|
||||||
p += 6;
|
p += 6;
|
||||||
|
|
||||||
|
/* TODO(size_t): CHECK ME */
|
||||||
n2s(p, rr->length);
|
n2s(p, rr->length);
|
||||||
|
|
||||||
/* Lets check version */
|
/* Lets check version */
|
||||||
|
|
|
||||||
22
ssl/s3_lib.c
22
ssl/s3_lib.c
|
|
@ -3812,12 +3812,13 @@ int ssl3_shutdown(SSL *s)
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
|
} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
|
||||||
|
size_t read;
|
||||||
/*
|
/*
|
||||||
* If we are waiting for a close from our peer, we are closed
|
* If we are waiting for a close from our peer, we are closed
|
||||||
*/
|
*/
|
||||||
s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
|
s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &read);
|
||||||
if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
|
if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
|
||||||
return (-1); /* return WANT_READ */
|
return -1; /* return WANT_READ */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -3837,7 +3838,8 @@ int ssl3_write(SSL *s, const void *buf, int len)
|
||||||
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
|
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
|
static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
|
||||||
|
size_t *read)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
|
@ -3847,7 +3849,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
|
||||||
s->s3->in_read_app_data = 1;
|
s->s3->in_read_app_data = 1;
|
||||||
ret =
|
ret =
|
||||||
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
|
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
|
||||||
peek);
|
peek, read);
|
||||||
if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
|
if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
|
||||||
/*
|
/*
|
||||||
* ssl3_read_bytes decided to call s->handshake_func, which called
|
* ssl3_read_bytes decided to call s->handshake_func, which called
|
||||||
|
|
@ -3859,22 +3861,22 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
|
||||||
ossl_statem_set_in_handshake(s, 1);
|
ossl_statem_set_in_handshake(s, 1);
|
||||||
ret =
|
ret =
|
||||||
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
|
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
|
||||||
len, peek);
|
len, peek, read);
|
||||||
ossl_statem_set_in_handshake(s, 0);
|
ossl_statem_set_in_handshake(s, 0);
|
||||||
} else
|
} else
|
||||||
s->s3->in_read_app_data = 0;
|
s->s3->in_read_app_data = 0;
|
||||||
|
|
||||||
return (ret);
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int ssl3_read(SSL *s, void *buf, int len)
|
int ssl3_read(SSL *s, void *buf, size_t len, size_t *read)
|
||||||
{
|
{
|
||||||
return ssl3_read_internal(s, buf, len, 0);
|
return ssl3_read_internal(s, buf, len, 0, read);
|
||||||
}
|
}
|
||||||
|
|
||||||
int ssl3_peek(SSL *s, void *buf, int len)
|
int ssl3_peek(SSL *s, void *buf, size_t len, size_t *read)
|
||||||
{
|
{
|
||||||
return ssl3_read_internal(s, buf, len, 1);
|
return ssl3_read_internal(s, buf, len, 1, read);
|
||||||
}
|
}
|
||||||
|
|
||||||
int ssl3_renegotiate(SSL *s)
|
int ssl3_renegotiate(SSL *s)
|
||||||
|
|
|
||||||
|
|
@ -181,7 +181,9 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
||||||
{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
|
{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
|
||||||
"ssl_parse_serverhello_use_srtp_ext"},
|
"ssl_parse_serverhello_use_srtp_ext"},
|
||||||
{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
|
{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
|
||||||
|
{ERR_FUNC(SSL_F_SSL_PEEK_EX), "SSL_peek_ex"},
|
||||||
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
|
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
|
||||||
|
{ERR_FUNC(SSL_F_SSL_READ_EX), "SSL_read_ex"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT),
|
{ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT),
|
||||||
"ssl_scan_clienthello_tlsext"},
|
"ssl_scan_clienthello_tlsext"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT),
|
{ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT),
|
||||||
|
|
|
||||||
|
|
@ -84,7 +84,7 @@ struct ssl_async_args {
|
||||||
int num;
|
int num;
|
||||||
enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
|
enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
|
||||||
union {
|
union {
|
||||||
int (*func_read) (SSL *, void *, int);
|
int (*func_read) (SSL *, void *, size_t, size_t *);
|
||||||
int (*func_write) (SSL *, const void *, int);
|
int (*func_write) (SSL *, const void *, int);
|
||||||
int (*func_other) (SSL *);
|
int (*func_other) (SSL *);
|
||||||
} f;
|
} f;
|
||||||
|
|
@ -1517,7 +1517,7 @@ static int ssl_io_intern(void *vargs)
|
||||||
num = args->num;
|
num = args->num;
|
||||||
switch (args->type) {
|
switch (args->type) {
|
||||||
case READFUNC:
|
case READFUNC:
|
||||||
return args->f.func_read(s, buf, num);
|
return args->f.func_read(s, buf, num, &s->asyncread);
|
||||||
case WRITEFUNC:
|
case WRITEFUNC:
|
||||||
return args->f.func_write(s, buf, num);
|
return args->f.func_write(s, buf, num);
|
||||||
case OTHERFUNC:
|
case OTHERFUNC:
|
||||||
|
|
@ -1527,9 +1527,31 @@ static int ssl_io_intern(void *vargs)
|
||||||
}
|
}
|
||||||
|
|
||||||
int SSL_read(SSL *s, void *buf, int num)
|
int SSL_read(SSL *s, void *buf, int num)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
size_t read;
|
||||||
|
|
||||||
|
if (num < 0) {
|
||||||
|
SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = SSL_read_ex(s, buf, (size_t)num, &read);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The cast is safe here because ret should be <= INT_MAX because num is
|
||||||
|
* <= INT_MAX
|
||||||
|
*/
|
||||||
|
if (ret > 0)
|
||||||
|
ret = (int)read;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *read)
|
||||||
{
|
{
|
||||||
if (s->handshake_func == NULL) {
|
if (s->handshake_func == NULL) {
|
||||||
SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
|
SSLerr(SSL_F_SSL_READ_EX, SSL_R_UNINITIALIZED);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1540,6 +1562,7 @@ int SSL_read(SSL *s, void *buf, int num)
|
||||||
|
|
||||||
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
|
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
|
||||||
struct ssl_async_args args;
|
struct ssl_async_args args;
|
||||||
|
int ret;
|
||||||
|
|
||||||
args.s = s;
|
args.s = s;
|
||||||
args.buf = buf;
|
args.buf = buf;
|
||||||
|
|
@ -1547,16 +1570,40 @@ int SSL_read(SSL *s, void *buf, int num)
|
||||||
args.type = READFUNC;
|
args.type = READFUNC;
|
||||||
args.f.func_read = s->method->ssl_read;
|
args.f.func_read = s->method->ssl_read;
|
||||||
|
|
||||||
return ssl_start_async_job(s, &args, ssl_io_intern);
|
ret = ssl_start_async_job(s, &args, ssl_io_intern);
|
||||||
|
*read = s->asyncread;
|
||||||
|
return ret;
|
||||||
} else {
|
} else {
|
||||||
return s->method->ssl_read(s, buf, num);
|
return s->method->ssl_read(s, buf, num, read);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int SSL_peek(SSL *s, void *buf, int num)
|
int SSL_peek(SSL *s, void *buf, int num)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
size_t read;
|
||||||
|
|
||||||
|
if (num < 0) {
|
||||||
|
SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = SSL_peek_ex(s, buf, (size_t)num, &read);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The cast is safe here because ret should be <= INT_MAX because num is
|
||||||
|
* <= INT_MAX
|
||||||
|
*/
|
||||||
|
if (ret > 0)
|
||||||
|
ret = (int)read;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *read)
|
||||||
{
|
{
|
||||||
if (s->handshake_func == NULL) {
|
if (s->handshake_func == NULL) {
|
||||||
SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
|
SSLerr(SSL_F_SSL_PEEK_EX, SSL_R_UNINITIALIZED);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1565,6 +1612,7 @@ int SSL_peek(SSL *s, void *buf, int num)
|
||||||
}
|
}
|
||||||
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
|
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
|
||||||
struct ssl_async_args args;
|
struct ssl_async_args args;
|
||||||
|
int ret;
|
||||||
|
|
||||||
args.s = s;
|
args.s = s;
|
||||||
args.buf = buf;
|
args.buf = buf;
|
||||||
|
|
@ -1572,9 +1620,11 @@ int SSL_peek(SSL *s, void *buf, int num)
|
||||||
args.type = READFUNC;
|
args.type = READFUNC;
|
||||||
args.f.func_read = s->method->ssl_peek;
|
args.f.func_read = s->method->ssl_peek;
|
||||||
|
|
||||||
return ssl_start_async_job(s, &args, ssl_io_intern);
|
ret = ssl_start_async_job(s, &args, ssl_io_intern);
|
||||||
|
*read = s->asyncread;
|
||||||
|
return ret;
|
||||||
} else {
|
} else {
|
||||||
return s->method->ssl_peek(s, buf, num);
|
return s->method->ssl_peek(s, buf, num, read);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -444,14 +444,15 @@ struct ssl_method_st {
|
||||||
void (*ssl_free) (SSL *s);
|
void (*ssl_free) (SSL *s);
|
||||||
int (*ssl_accept) (SSL *s);
|
int (*ssl_accept) (SSL *s);
|
||||||
int (*ssl_connect) (SSL *s);
|
int (*ssl_connect) (SSL *s);
|
||||||
int (*ssl_read) (SSL *s, void *buf, int len);
|
int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *read);
|
||||||
int (*ssl_peek) (SSL *s, void *buf, int len);
|
int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *read);
|
||||||
int (*ssl_write) (SSL *s, const void *buf, int len);
|
int (*ssl_write) (SSL *s, const void *buf, int len);
|
||||||
int (*ssl_shutdown) (SSL *s);
|
int (*ssl_shutdown) (SSL *s);
|
||||||
int (*ssl_renegotiate) (SSL *s);
|
int (*ssl_renegotiate) (SSL *s);
|
||||||
int (*ssl_renegotiate_check) (SSL *s);
|
int (*ssl_renegotiate_check) (SSL *s);
|
||||||
int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
|
int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
|
||||||
unsigned char *buf, int len, int peek);
|
unsigned char *buf, size_t len, int peek,
|
||||||
|
size_t *read);
|
||||||
int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
|
int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
|
||||||
int (*ssl_dispatch_alert) (SSL *s);
|
int (*ssl_dispatch_alert) (SSL *s);
|
||||||
long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
|
long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
|
||||||
|
|
@ -922,8 +923,8 @@ struct ssl_st {
|
||||||
BUF_MEM *init_buf; /* buffer used during init */
|
BUF_MEM *init_buf; /* buffer used during init */
|
||||||
void *init_msg; /* pointer to handshake message body, set by
|
void *init_msg; /* pointer to handshake message body, set by
|
||||||
* ssl3_get_message() */
|
* ssl3_get_message() */
|
||||||
int init_num; /* amount read/written */
|
size_t init_num; /* amount read/written */
|
||||||
int init_off; /* amount read/written */
|
size_t init_off; /* amount read/written */
|
||||||
struct ssl3_state_st *s3; /* SSLv3 variables */
|
struct ssl3_state_st *s3; /* SSLv3 variables */
|
||||||
struct dtls1_state_st *d1; /* DTLSv1 variables */
|
struct dtls1_state_st *d1; /* DTLSv1 variables */
|
||||||
/* callback that allows applications to peek at protocol messages */
|
/* callback that allows applications to peek at protocol messages */
|
||||||
|
|
@ -1135,6 +1136,8 @@ struct ssl_st {
|
||||||
/* Async Job info */
|
/* Async Job info */
|
||||||
ASYNC_JOB *job;
|
ASYNC_JOB *job;
|
||||||
ASYNC_WAIT_CTX *waitctx;
|
ASYNC_WAIT_CTX *waitctx;
|
||||||
|
size_t asyncread;
|
||||||
|
|
||||||
CRYPTO_RWLOCK *lock;
|
CRYPTO_RWLOCK *lock;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -1184,7 +1187,7 @@ typedef struct ssl3_state_st {
|
||||||
int finish_md_len;
|
int finish_md_len;
|
||||||
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
|
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
|
||||||
int peer_finish_md_len;
|
int peer_finish_md_len;
|
||||||
unsigned long message_size;
|
size_t message_size;
|
||||||
int message_type;
|
int message_type;
|
||||||
/* used to hold the new cipher we are going to use */
|
/* used to hold the new cipher we are going to use */
|
||||||
const SSL_CIPHER *new_cipher;
|
const SSL_CIPHER *new_cipher;
|
||||||
|
|
@ -1894,8 +1897,8 @@ __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
|
||||||
__owur int ssl3_digest_cached_records(SSL *s, int keep);
|
__owur int ssl3_digest_cached_records(SSL *s, int keep);
|
||||||
__owur int ssl3_new(SSL *s);
|
__owur int ssl3_new(SSL *s);
|
||||||
void ssl3_free(SSL *s);
|
void ssl3_free(SSL *s);
|
||||||
__owur int ssl3_read(SSL *s, void *buf, int len);
|
__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *read);
|
||||||
__owur int ssl3_peek(SSL *s, void *buf, int len);
|
__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *read);
|
||||||
__owur int ssl3_write(SSL *s, const void *buf, int len);
|
__owur int ssl3_write(SSL *s, const void *buf, int len);
|
||||||
__owur int ssl3_shutdown(SSL *s);
|
__owur int ssl3_shutdown(SSL *s);
|
||||||
void ssl3_clear(SSL *s);
|
void ssl3_clear(SSL *s);
|
||||||
|
|
|
||||||
|
|
@ -490,12 +490,12 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
|
||||||
{
|
{
|
||||||
OSSL_STATEM *st = &s->statem;
|
OSSL_STATEM *st = &s->statem;
|
||||||
int ret, mt;
|
int ret, mt;
|
||||||
unsigned long len = 0;
|
size_t len = 0;
|
||||||
int (*transition) (SSL *s, int mt);
|
int (*transition) (SSL *s, int mt);
|
||||||
PACKET pkt;
|
PACKET pkt;
|
||||||
MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
|
MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
|
||||||
WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
|
WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
|
||||||
unsigned long (*max_message_size) (SSL *s);
|
size_t (*max_message_size) (SSL *s);
|
||||||
void (*cb) (const SSL *ssl, int type, int val) = NULL;
|
void (*cb) (const SSL *ssl, int type, int val) = NULL;
|
||||||
|
|
||||||
cb = get_callback(s);
|
cb = get_callback(s);
|
||||||
|
|
|
||||||
|
|
@ -568,7 +568,7 @@ int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
|
||||||
* Returns the maximum allowed length for the current message that we are
|
* Returns the maximum allowed length for the current message that we are
|
||||||
* reading. Excludes the message header.
|
* reading. Excludes the message header.
|
||||||
*/
|
*/
|
||||||
unsigned long ossl_statem_client_max_message_size(SSL *s)
|
size_t ossl_statem_client_max_message_size(SSL *s)
|
||||||
{
|
{
|
||||||
OSSL_STATEM *st = &s->statem;
|
OSSL_STATEM *st = &s->statem;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -124,7 +124,7 @@ int dtls1_do_write(SSL *s, int type)
|
||||||
|
|
||||||
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
|
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
|
||||||
OPENSSL_assert(s->init_num ==
|
OPENSSL_assert(s->init_num ==
|
||||||
(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
|
s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
|
||||||
|
|
||||||
if (s->write_hash) {
|
if (s->write_hash) {
|
||||||
if (s->enc_write_ctx
|
if (s->enc_write_ctx
|
||||||
|
|
@ -295,7 +295,7 @@ int dtls1_do_write(SSL *s, int type)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == s->init_num) {
|
if (ret == (int)s->init_num) {
|
||||||
if (s->msg_callback)
|
if (s->msg_callback)
|
||||||
s->msg_callback(1, s->version, type, s->init_buf->data,
|
s->msg_callback(1, s->version, type, s->init_buf->data,
|
||||||
(size_t)(s->init_off + s->init_num), s,
|
(size_t)(s->init_off + s->init_num), s,
|
||||||
|
|
@ -323,7 +323,7 @@ int dtls1_do_write(SSL *s, int type)
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
int dtls_get_message(SSL *s, int *mt, unsigned long *len)
|
int dtls_get_message(SSL *s, int *mt, size_t *len)
|
||||||
{
|
{
|
||||||
struct hm_header_st *msg_hdr;
|
struct hm_header_st *msg_hdr;
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
|
|
@ -516,6 +516,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
|
||||||
int i = -1, is_complete;
|
int i = -1, is_complete;
|
||||||
unsigned char seq64be[8];
|
unsigned char seq64be[8];
|
||||||
unsigned long frag_len = msg_hdr->frag_len;
|
unsigned long frag_len = msg_hdr->frag_len;
|
||||||
|
size_t read;
|
||||||
|
|
||||||
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
|
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
|
||||||
msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
|
msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
|
||||||
|
|
@ -559,10 +560,10 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
|
||||||
devnull,
|
devnull,
|
||||||
frag_len >
|
frag_len >
|
||||||
sizeof(devnull) ? sizeof(devnull) :
|
sizeof(devnull) ? sizeof(devnull) :
|
||||||
frag_len, 0);
|
frag_len, 0, &read);
|
||||||
if (i <= 0)
|
if (i <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
frag_len -= i;
|
frag_len -= read;
|
||||||
}
|
}
|
||||||
return DTLS1_HM_FRAGMENT_RETRY;
|
return DTLS1_HM_FRAGMENT_RETRY;
|
||||||
}
|
}
|
||||||
|
|
@ -570,8 +571,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
|
||||||
/* read the body of the fragment (header has already been read */
|
/* read the body of the fragment (header has already been read */
|
||||||
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
|
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
|
||||||
frag->fragment + msg_hdr->frag_off,
|
frag->fragment + msg_hdr->frag_off,
|
||||||
frag_len, 0);
|
frag_len, 0, &read);
|
||||||
if ((unsigned long)i != frag_len)
|
if (i <= 0 || read != frag_len)
|
||||||
i = -1;
|
i = -1;
|
||||||
if (i <= 0)
|
if (i <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
@ -622,6 +623,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
|
||||||
pitem *item = NULL;
|
pitem *item = NULL;
|
||||||
unsigned char seq64be[8];
|
unsigned char seq64be[8];
|
||||||
unsigned long frag_len = msg_hdr->frag_len;
|
unsigned long frag_len = msg_hdr->frag_len;
|
||||||
|
size_t read;
|
||||||
|
|
||||||
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
|
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
@ -654,10 +656,10 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
|
||||||
devnull,
|
devnull,
|
||||||
frag_len >
|
frag_len >
|
||||||
sizeof(devnull) ? sizeof(devnull) :
|
sizeof(devnull) ? sizeof(devnull) :
|
||||||
frag_len, 0);
|
frag_len, 0, &read);
|
||||||
if (i <= 0)
|
if (i <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
frag_len -= i;
|
frag_len -= read;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (frag_len != msg_hdr->msg_len)
|
if (frag_len != msg_hdr->msg_len)
|
||||||
|
|
@ -677,8 +679,8 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
|
||||||
* read the body of the fragment (header has already been read
|
* read the body of the fragment (header has already been read
|
||||||
*/
|
*/
|
||||||
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
|
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
|
||||||
frag->fragment, frag_len, 0);
|
frag->fragment, frag_len, 0, &read);
|
||||||
if ((unsigned long)i != frag_len)
|
if (i<=0 || read != frag_len)
|
||||||
i = -1;
|
i = -1;
|
||||||
if (i <= 0)
|
if (i <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
@ -716,6 +718,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
|
||||||
int i, al, recvd_type;
|
int i, al, recvd_type;
|
||||||
struct hm_header_st msg_hdr;
|
struct hm_header_st msg_hdr;
|
||||||
int ok;
|
int ok;
|
||||||
|
size_t read;
|
||||||
|
|
||||||
redo:
|
redo:
|
||||||
/* see if we have the required fragment already */
|
/* see if we have the required fragment already */
|
||||||
|
|
@ -728,7 +731,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
|
||||||
|
|
||||||
/* read handshake message header */
|
/* read handshake message header */
|
||||||
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire,
|
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire,
|
||||||
DTLS1_HM_HEADER_LENGTH, 0);
|
DTLS1_HM_HEADER_LENGTH, 0, &read);
|
||||||
if (i <= 0) { /* nbio, or an error */
|
if (i <= 0) { /* nbio, or an error */
|
||||||
s->rwstate = SSL_READING;
|
s->rwstate = SSL_READING;
|
||||||
*len = i;
|
*len = i;
|
||||||
|
|
@ -742,17 +745,17 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(s->init_buf->data, wire, i);
|
memcpy(s->init_buf->data, wire, read);
|
||||||
s->init_num = i - 1;
|
s->init_num = read - 1;
|
||||||
s->init_msg = s->init_buf->data + 1;
|
s->init_msg = s->init_buf->data + 1;
|
||||||
s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
|
s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
|
||||||
s->s3->tmp.message_size = i - 1;
|
s->s3->tmp.message_size = read - 1;
|
||||||
*len = i - 1;
|
*len = read - 1;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Handshake fails if message header is incomplete */
|
/* Handshake fails if message header is incomplete */
|
||||||
if (i != DTLS1_HM_HEADER_LENGTH) {
|
if (read != DTLS1_HM_HEADER_LENGTH) {
|
||||||
al = SSL_AD_UNEXPECTED_MESSAGE;
|
al = SSL_AD_UNEXPECTED_MESSAGE;
|
||||||
SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
|
SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
|
|
@ -823,7 +826,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
|
||||||
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
|
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
|
||||||
|
|
||||||
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
|
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
|
||||||
&p[frag_off], frag_len, 0);
|
&p[frag_off], frag_len, 0, &read);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This shouldn't ever fail due to NBIO because we already checked
|
* This shouldn't ever fail due to NBIO because we already checked
|
||||||
|
|
@ -835,13 +838,13 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
i = 0;
|
read = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* XDTLS: an incorrectly formatted fragment should cause the handshake
|
* XDTLS: an incorrectly formatted fragment should cause the handshake
|
||||||
* to fail
|
* to fail
|
||||||
*/
|
*/
|
||||||
if (i != (int)frag_len) {
|
if (read != frag_len) {
|
||||||
al = SSL3_AD_ILLEGAL_PARAMETER;
|
al = SSL3_AD_ILLEGAL_PARAMETER;
|
||||||
SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL3_AD_ILLEGAL_PARAMETER);
|
SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL3_AD_ILLEGAL_PARAMETER);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
|
|
|
||||||
|
|
@ -45,7 +45,7 @@ int ssl3_do_write(SSL *s, int type)
|
||||||
ret))
|
ret))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (ret == s->init_num) {
|
if (ret == (int)s->init_num) {
|
||||||
if (s->msg_callback)
|
if (s->msg_callback)
|
||||||
s->msg_callback(1, s->version, type, s->init_buf->data,
|
s->msg_callback(1, s->version, type, s->init_buf->data,
|
||||||
(size_t)(s->init_off + s->init_num), s,
|
(size_t)(s->init_off + s->init_num), s,
|
||||||
|
|
@ -357,7 +357,7 @@ int tls_get_message_header(SSL *s, int *mt)
|
||||||
/* s->init_num < SSL3_HM_HEADER_LENGTH */
|
/* s->init_num < SSL3_HM_HEADER_LENGTH */
|
||||||
int skip_message, i, recvd_type, al;
|
int skip_message, i, recvd_type, al;
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
unsigned long l;
|
size_t l, read;
|
||||||
|
|
||||||
p = (unsigned char *)s->init_buf->data;
|
p = (unsigned char *)s->init_buf->data;
|
||||||
|
|
||||||
|
|
@ -366,7 +366,7 @@ int tls_get_message_header(SSL *s, int *mt)
|
||||||
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
|
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
|
||||||
&p[s->init_num],
|
&p[s->init_num],
|
||||||
SSL3_HM_HEADER_LENGTH - s->init_num,
|
SSL3_HM_HEADER_LENGTH - s->init_num,
|
||||||
0);
|
0, &read);
|
||||||
if (i <= 0) {
|
if (i <= 0) {
|
||||||
s->rwstate = SSL_READING;
|
s->rwstate = SSL_READING;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -376,22 +376,22 @@ int tls_get_message_header(SSL *s, int *mt)
|
||||||
* A ChangeCipherSpec must be a single byte and may not occur
|
* A ChangeCipherSpec must be a single byte and may not occur
|
||||||
* in the middle of a handshake message.
|
* in the middle of a handshake message.
|
||||||
*/
|
*/
|
||||||
if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
|
if (s->init_num != 0 || read != 1 || p[0] != SSL3_MT_CCS) {
|
||||||
al = SSL_AD_UNEXPECTED_MESSAGE;
|
al = SSL_AD_UNEXPECTED_MESSAGE;
|
||||||
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
|
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
|
||||||
SSL_R_BAD_CHANGE_CIPHER_SPEC);
|
SSL_R_BAD_CHANGE_CIPHER_SPEC);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
|
s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
|
||||||
s->init_num = i - 1;
|
s->init_num = read - 1;
|
||||||
s->s3->tmp.message_size = i;
|
s->s3->tmp.message_size = read;
|
||||||
return 1;
|
return 1;
|
||||||
} else if (recvd_type != SSL3_RT_HANDSHAKE) {
|
} else if (recvd_type != SSL3_RT_HANDSHAKE) {
|
||||||
al = SSL_AD_UNEXPECTED_MESSAGE;
|
al = SSL_AD_UNEXPECTED_MESSAGE;
|
||||||
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_CCS_RECEIVED_EARLY);
|
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_CCS_RECEIVED_EARLY);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
s->init_num += i;
|
s->init_num += read;
|
||||||
}
|
}
|
||||||
|
|
||||||
skip_message = 0;
|
skip_message = 0;
|
||||||
|
|
@ -452,9 +452,9 @@ int tls_get_message_header(SSL *s, int *mt)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_get_message_body(SSL *s, unsigned long *len)
|
int tls_get_message_body(SSL *s, size_t *len)
|
||||||
{
|
{
|
||||||
long n;
|
size_t n, read;
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
|
@ -468,14 +468,14 @@ int tls_get_message_body(SSL *s, unsigned long *len)
|
||||||
n = s->s3->tmp.message_size - s->init_num;
|
n = s->s3->tmp.message_size - s->init_num;
|
||||||
while (n > 0) {
|
while (n > 0) {
|
||||||
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
|
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
|
||||||
&p[s->init_num], n, 0);
|
&p[s->init_num], n, 0, &read);
|
||||||
if (i <= 0) {
|
if (i <= 0) {
|
||||||
s->rwstate = SSL_READING;
|
s->rwstate = SSL_READING;
|
||||||
*len = 0;
|
*len = 0;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
s->init_num += i;
|
s->init_num += read;
|
||||||
n -= i;
|
n -= read;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||||
|
|
@ -513,17 +513,7 @@ int tls_get_message_body(SSL *s, unsigned long *len)
|
||||||
s->msg_callback_arg);
|
s->msg_callback_arg);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
*len = s->init_num;
|
||||||
* init_num should never be negative...should probably be declared
|
|
||||||
* unsigned
|
|
||||||
*/
|
|
||||||
if (s->init_num < 0) {
|
|
||||||
SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_INTERNAL_ERROR);
|
|
||||||
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
|
||||||
*len = 0;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
*len = (unsigned long)s->init_num;
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst);
|
||||||
WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
|
WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
|
||||||
int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
|
int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
|
||||||
confunc_f *confunc, int *mt);
|
confunc_f *confunc, int *mt);
|
||||||
unsigned long ossl_statem_client_max_message_size(SSL *s);
|
size_t ossl_statem_client_max_message_size(SSL *s);
|
||||||
MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
|
MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
|
||||||
WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst);
|
WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst);
|
||||||
|
|
||||||
|
|
@ -67,14 +67,14 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst);
|
||||||
WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
|
WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
|
||||||
int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
|
int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
|
||||||
confunc_f *confunc,int *mt);
|
confunc_f *confunc,int *mt);
|
||||||
unsigned long ossl_statem_server_max_message_size(SSL *s);
|
size_t ossl_statem_server_max_message_size(SSL *s);
|
||||||
MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
|
MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
|
||||||
WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst);
|
WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst);
|
||||||
|
|
||||||
/* Functions for getting new message data */
|
/* Functions for getting new message data */
|
||||||
__owur int tls_get_message_header(SSL *s, int *mt);
|
__owur int tls_get_message_header(SSL *s, int *mt);
|
||||||
__owur int tls_get_message_body(SSL *s, unsigned long *len);
|
__owur int tls_get_message_body(SSL *s, size_t *len);
|
||||||
__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len);
|
__owur int dtls_get_message(SSL *s, int *mt, size_t *len);
|
||||||
|
|
||||||
/* Message construction and processing functions */
|
/* Message construction and processing functions */
|
||||||
__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt);
|
__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt);
|
||||||
|
|
|
||||||
|
|
@ -717,7 +717,7 @@ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
|
||||||
* Returns the maximum allowed length for the current message that we are
|
* Returns the maximum allowed length for the current message that we are
|
||||||
* reading. Excludes the message header.
|
* reading. Excludes the message header.
|
||||||
*/
|
*/
|
||||||
unsigned long ossl_statem_server_max_message_size(SSL *s)
|
size_t ossl_statem_server_max_message_size(SSL *s)
|
||||||
{
|
{
|
||||||
OSSL_STATEM *st = &s->statem;
|
OSSL_STATEM *st = &s->statem;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -405,3 +405,5 @@ SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION:
|
||||||
SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION:
|
SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION:
|
||||||
SSL_CTX_set1_cert_store 407 1_1_1 EXIST::FUNCTION:
|
SSL_CTX_set1_cert_store 407 1_1_1 EXIST::FUNCTION:
|
||||||
DTLS_get_data_mtu 408 1_1_1 EXIST::FUNCTION:
|
DTLS_get_data_mtu 408 1_1_1 EXIST::FUNCTION:
|
||||||
|
SSL_read_ex 409 1_1_1 EXIST::FUNCTION:
|
||||||
|
SSL_peek_ex 410 1_1_1 EXIST::FUNCTION:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue