wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Further libssl size_t-ify of reading

Browse source 
Writing still to be done

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2016-09-06 12:05:25 +01:00
parent 8e6d03cac4
commit eda757514e
18 changed files with 252 additions and 175 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/openssl/ssl.h
View file

@ -1568,7 +1568,9 @@ __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
__owur int SSL_accept(SSL *ssl);
__owur int SSL_connect(SSL *ssl);
__owur int SSL_read(SSL *ssl, void *buf, int num);
__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read);
__owur int SSL_peek(SSL *ssl, void *buf, int num);
__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read);
__owur int SSL_write(SSL *ssl, const void *buf, int num);
long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
long SSL_callback_ctrl(SSL *, int, void (*)(void));
@ -2179,7 +2181,9 @@ int ERR_load_SSL_strings(void);
# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
# define SSL_F_SSL_PEEK 270
# define SSL_F_SSL_PEEK_EX 425
# define SSL_F_SSL_READ 223
# define SSL_F_SSL_READ_EX 426
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
# define SSL_F_SSL_SESSION_DUP 348

89
ssl/record/rec_layer_d1.c
View file

@ -118,8 +118,8 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
}
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
int len);
static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf,
size_t len);
/* copy buffered record into SSL structure */
static int dtls1_copy_record(SSL *s, pitem *item)
@ -336,10 +336,10 @@ int dtls1_process_buffered_records(SSL *s)
* none of our business
*/
int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
int len, int peek)
size_t len, int peek, size_t *read)
{
int al, i, j, ret;
unsigned int n;
int al, i, j, iret;
size_t ret, n;
SSL3_RECORD *rr;
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
@ -359,9 +359,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/*
* check whether there's a handshake message (client hello?) waiting
*/
if ((ret = have_handshake_fragment(s, type, buf, len))) {
ret = have_handshake_fragment(s, type, buf, len);
if (ret > 0) {
*recvd_type = SSL3_RT_HANDSHAKE;
return ret;
*read = ret;
return 1;
}
/*
@ -385,10 +387,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
if (i < 0)
return (i);
return i;
if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
return -1;
}
}
@ -434,12 +436,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* get new packet if necessary */
if ((SSL3_RECORD_get_length(rr) == 0)
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) {
ret = dtls1_get_record(s);
if (ret <= 0) {
ret = dtls1_read_failed(s, ret);
iret = dtls1_get_record(s);
if (iret <= 0) {
iret = dtls1_read_failed(s, iret);
/* anything other than a timeout is an error */
if (ret <= 0)
return (ret);
if (iret <= 0)
return iret;
else
goto start;
}
@ -479,7 +481,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
SSL3_RECORD_set_length(rr, 0);
s->rwstate = SSL_NOTHING;
return (0);
return 0;
}
if (type == SSL3_RECORD_get_type(rr)
@ -504,13 +506,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (recvd_type != NULL)
*recvd_type = SSL3_RECORD_get_type(rr);
if (len <= 0)
return (len);
if (len == 0)
return 0;
if ((unsigned int)len > SSL3_RECORD_get_length(rr))
if (len > SSL3_RECORD_get_length(rr))
n = SSL3_RECORD_get_length(rr);
else
n = (unsigned int)len;
n = len;
memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
if (!peek) {
@ -543,10 +545,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->d1->shutdown_received
&& !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
return 0;
}
#endif
return (n);
*read = n;
return 1;
}
/*
@ -559,9 +562,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* that so that we can process the data at a fixed place.
*/
{
unsigned int k, dest_maxlen = 0;
size_t k, dest_maxlen = 0;
unsigned char *dest = NULL;
unsigned int *dest_len = NULL;
size_t *dest_len = NULL;
if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
dest_maxlen = sizeof s->rlayer.d->handshake_fragment;
@ -584,7 +587,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
return (-1);
return -1;
}
#endif
/* else it's a CCS message, or application data or wrong */
@ -600,7 +603,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rwstate = SSL_READING;
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
return (-1);
return -1;
}
/* Not certain if this is the right error handling */
@ -677,10 +680,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (ssl3_renegotiate_check(s)) {
i = s->handshake_func(s);
if (i < 0)
return (i);
return i;
if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
return -1;
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
@ -697,7 +700,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
return (-1);
return -1;
}
}
}
@ -757,7 +760,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
#endif
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
return 0;
}
#if 0
/* XXX: this is a possible improvement in the future */
@ -797,7 +800,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
return (0);
return 0;
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
@ -811,7 +814,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* shutdown */
s->rwstate = SSL_NOTHING;
SSL3_RECORD_set_length(rr, 0);
return (0);
return 0;
}
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
@ -858,10 +861,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
i = s->handshake_func(s);
if (i < 0)
return (i);
return i;
if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
return -1;
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
@ -878,7 +881,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
return (-1);
return -1;
}
}
goto start;
@ -917,7 +920,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
(s->s3->total_renegotiations != 0) &&
ossl_statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2;
return (-1);
return -1;
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
@ -928,15 +931,15 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (-1);
return -1;
}
/*
* this only happens when a client hello is received and a handshake
* is started.
*/
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
int len)
/*
* this only happens when a client hello is received and a handshake
* is started.
*/
static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf,
size_t len)
{
if ((type == SSL3_RT_HANDSHAKE)
@ -945,7 +948,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
{
unsigned char *src = s->rlayer.d->handshake_fragment;
unsigned char *dst = buf;
unsigned int k, n;
size_t k, n;
/* peek == 0 */
n = 0;

66
ssl/record/rec_layer_s3.c
View file

@ -95,7 +95,8 @@ int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
&& SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
}
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len)
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf,
size_t len)
{
rl->packet_length = len;
if (len != 0) {
@ -630,6 +631,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
}
}
/* TODO(size_t): convert me */
int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int *pipelens, unsigned int numpipes,
int create_empty_fragment)
@ -786,7 +788,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* lets setup the record stuff. */
SSL3_RECORD_set_data(&wr[j], outbuf[j] + eivlen);
SSL3_RECORD_set_length(&wr[j], (int)pipelens[j]);
SSL3_RECORD_set_length(&wr[j], pipelens[j]);
SSL3_RECORD_set_input(&wr[j], (unsigned char *)&buf[totlen]);
totlen += pipelens[j];
@ -948,7 +950,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
return -1;
}
SSL3_BUFFER_add_offset(&wb[currbuf], i);
SSL3_BUFFER_add_left(&wb[currbuf], -i);
SSL3_BUFFER_sub_left(&wb[currbuf], i);
}
}
@ -982,10 +984,10 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
* none of our business
*/
int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
int len, int peek)
size_t len, int peek, size_t *read)
{
int al, i, j, ret;
unsigned int n, curr_rec, num_recs, read_bytes;
size_t n, curr_rec, num_recs, read_bytes;
SSL3_RECORD *rr;
SSL3_BUFFER *rbuf;
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
@ -995,7 +997,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (!SSL3_BUFFER_is_initialised(rbuf)) {
/* Not initialized yet */
if (!ssl3_setup_read_buffer(s))
return (-1);
return -1;
}
if ((type && (type != SSL3_RT_APPLICATION_DATA)
@ -1028,7 +1030,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (recvd_type != NULL)
*recvd_type = SSL3_RT_HANDSHAKE;
return n;
*read = n;
return 1;
}
/*
@ -1039,10 +1042,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
if (i < 0)
return (i);
return i;
if (i == 0) {
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
return -1;
}
}
start:
@ -1063,7 +1066,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (num_recs == 0) {
ret = ssl3_get_record(s);
if (ret <= 0)
return (ret);
return ret;
num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
if (num_recs == 0) {
/* Shouldn't happen */
@ -1109,7 +1112,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
SSL3_RECORD_set_length(rr, 0);
s->rwstate = SSL_NOTHING;
return (0);
return 0;
}
if (type == SSL3_RECORD_get_type(rr)
@ -1142,15 +1145,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (recvd_type != NULL)
*recvd_type = SSL3_RECORD_get_type(rr);
if (len <= 0)
return (len);
if (len == 0)
return 0;
read_bytes = 0;
do {
if ((unsigned int)len - read_bytes > SSL3_RECORD_get_length(rr))
if (len - read_bytes > SSL3_RECORD_get_length(rr))
n = SSL3_RECORD_get_length(rr);
else
n = (unsigned int)len - read_bytes;
n = len - read_bytes;
memcpy(buf, &(rr->data[rr->off]), n);
buf += n;
@ -1174,7 +1177,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
read_bytes += n;
} while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
&& read_bytes < (unsigned int)len);
&& read_bytes < len);
if (read_bytes == 0) {
/* We must have read empty records. Get more data */
goto start;
@ -1183,7 +1186,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
&& (s->mode & SSL_MODE_RELEASE_BUFFERS)
&& SSL3_BUFFER_get_left(rbuf) == 0)
ssl3_release_read_buffer(s);
return read_bytes;
*read = read_bytes;
return 1;
}
/*
@ -1226,9 +1230,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* that so that we can process the data at a fixed place.
*/
{
unsigned int dest_maxlen = 0;
size_t dest_maxlen = 0;
unsigned char *dest = NULL;
unsigned int *dest_len = NULL;
size_t *dest_len = NULL;
if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
dest_maxlen = sizeof s->rlayer.handshake_fragment;
@ -1293,10 +1297,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (ssl3_renegotiate_check(s)) {
i = s->handshake_func(s);
if (i < 0)
return (i);
return i;
if (i == 0) {
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
return -1;
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
@ -1313,7 +1317,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
return (-1);
return -1;
}
}
}
@ -1376,7 +1380,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
return 0;
}
/*
* This is a warning but we receive it if we requested
@ -1406,7 +1410,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL3_RECORD_set_read(rr);
SSL_CTX_remove_session(s->session_ctx, s->session);
return (0);
return 0;
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
@ -1421,7 +1425,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rwstate = SSL_NOTHING;
SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr);
return (0);
return 0;
}
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
@ -1443,10 +1447,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
i = s->handshake_func(s);
if (i < 0)
return (i);
return i;
if (i == 0) {
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
return -1;
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
@ -1463,7 +1467,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
return (-1);
return -1;
}
}
goto start;
@ -1502,7 +1506,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/
if (ossl_statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2;
return (-1);
return -1;
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
@ -1513,7 +1517,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (-1);
return -1;
}
void ssl3_record_sequence_update(unsigned char *seq)
@ -1539,7 +1543,7 @@ int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl)
/*
* Returns the length in bytes of the current rrec
*/
unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
{
return SSL3_RECORD_get_length(&rl->rrec[0]);
}

31
ssl/record/record.h
View file

@ -38,16 +38,16 @@ typedef struct ssl3_record_st {
int type;
/* How many bytes available */
/* rw */
unsigned int length;
size_t length;
/*
* How many bytes were available before padding was removed? This is used
* to implement the MAC check in constant time for CBC records.
*/
/* rw */
unsigned int orig_len;
size_t orig_len;
/* read/write offset into 'buf' */
/* r */
unsigned int off;
size_t off;
/* pointer to the record data */
/* rw */
unsigned char *data;
@ -82,7 +82,7 @@ typedef struct record_pqueue_st {
typedef struct dtls1_record_data_st {
unsigned char *packet;
unsigned int packet_length;
size_t packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
#ifndef OPENSSL_NO_SCTP
@ -116,9 +116,9 @@ typedef struct dtls_record_layer_st {
* processed by ssl3_read_bytes:
*/
unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
unsigned int alert_fragment_len;
size_t alert_fragment_len;
unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
unsigned int handshake_fragment_len;
size_t handshake_fragment_len;
/* save last and current sequence numbers for retransmissions */
unsigned char last_write_sequence[8];
unsigned char curr_write_sequence[8];
@ -143,7 +143,7 @@ typedef struct record_layer_st {
/* where we are when reading */
int rstate;
/* How many pipelines can be used to read data */
unsigned int numrpipes;
size_t numrpipes;
/* How many pipelines can be used to write data */
unsigned int numwpipes;
/* read IO goes into here */
@ -162,11 +162,11 @@ typedef struct record_layer_st {
* processed by ssl3_read_bytes:
*/
unsigned char alert_fragment[2];
unsigned int alert_fragment_len;
size_t alert_fragment_len;
unsigned char handshake_fragment[4];
unsigned int handshake_fragment_len;
size_t handshake_fragment_len;
/* The number of consecutive empty records we have received */
unsigned int empty_record_count;
size_t empty_record_count;
/* partial write - check the numbers match */
/* number bytes written */
int wpend_tot;
@ -208,18 +208,20 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl);
void RECORD_LAYER_release(RECORD_LAYER *rl);
int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len);
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf,
size_t len);
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
__owur int ssl3_pending(const SSL *s);
__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
__owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int *pipelens, unsigned int numpipes,
int create_empty_fragment);
__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, int len, int peek);
unsigned char *buf, size_t len, int peek,
size_t *read);
__owur int ssl3_setup_buffers(SSL *s);
__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send);
__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
@ -235,7 +237,8 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, int len, int peek);
unsigned char *buf, size_t len, int peek,
size_t *read);
__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
unsigned int len, int create_empty_fragement);

4
ssl/record/record_locl.h
View file

@ -62,7 +62,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l))
#define SSL3_BUFFER_get_left(b) ((b)->left)
#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l))
#define SSL3_BUFFER_add_left(b, l) ((b)->left += (l))
#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l))
#define SSL3_BUFFER_get_offset(b) ((b)->offset)
#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o))
#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o))
@ -70,7 +70,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l))
void SSL3_BUFFER_clear(SSL3_BUFFER *b);
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n);
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n);
void SSL3_BUFFER_release(SSL3_BUFFER *b);
__owur int ssl3_setup_read_buffer(SSL *s);
__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len);

2
ssl/record/ssl3_buffer.c
View file

@ -10,7 +10,7 @@
#include "../ssl_locl.h"
#include "record_locl.h"
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n)
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
{
if (d != NULL)
memcpy(b->buf, d, n);

25
ssl/record/ssl3_record.c
View file

@ -203,6 +203,7 @@ int ssl3_get_record(SSL *s)
ssl_minor = *(p++);
version = (ssl_major << 8) | ssl_minor;
rr[num_recs].rec_version = version;
/* TODO(size_t): CHECK ME */
n2s(p, rr[num_recs].length);
/* Lets check version */
@ -383,9 +384,9 @@ int ssl3_get_record(SSL *s)
goto f_err;
}
#ifdef SSL_DEBUG
printf("dec %d\n", rr->length);
printf("dec %ld\n", rr->length);
{
unsigned int z;
size_t z;
for (z = 0; z < rr->length; z++)
printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
}
@ -527,6 +528,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
if (rr->comp == NULL)
return 0;
/* TODO(size_t): Convert this call */
i = COMP_expand_block(ssl->expand, rr->comp,
SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
if (i < 0)
@ -543,6 +545,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
#ifndef OPENSSL_NO_COMP
int i;
/* TODO(size_t): Convert this call */
i = COMP_compress_block(ssl->compress, wr->data,
SSL3_RT_MAX_COMPRESSED_LENGTH,
wr->input, (int)wr->length);
@ -570,8 +573,8 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
{
SSL3_RECORD *rec;
EVP_CIPHER_CTX *ds;
unsigned long l;
int bs, i, mac_size = 0;
size_t l, i;
int bs, mac_size = 0;
const EVP_CIPHER *enc;
rec = inrecs;
@ -599,6 +602,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
rec->input = rec->data;
} else {
l = rec->length;
/* TODO(size_t): Convert this call */
bs = EVP_CIPHER_CTX_block_size(ds);
/* COMPRESS */
@ -623,6 +627,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
/* otherwise, rec->length >= bs */
}
/* TODO(size_t): Convert this call */
if (EVP_Cipher(ds, rec->data, rec->input, l) < 1)
return -1;
@ -1008,6 +1013,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
* are hashing because that gives an attacker a timing-oracle.
*/
/* Final param == not SSLv3 */
/* TODO(size_t): Convert this call */
if (ssl3_cbc_digest_record(mac_ctx,
md, &md_size,
header, rec->input,
@ -1018,6 +1024,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
return -1;
}
} else {
/* TODO(size_t): Convert these calls */
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
@ -1045,7 +1052,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
}
fprintf(stderr, "rec=");
{
unsigned int z;
size_t z;
for (z = 0; z < rec->length; z++)
fprintf(stderr, "%02X ", rec->data[z]);
fprintf(stderr, "\n");
@ -1080,6 +1087,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
* 1: if the padding was valid
* -1: otherwise.
*/
/* TODO(size_t): Convert me */
int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size)
{
@ -1113,6 +1121,7 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
* 1: if the padding was valid
* -1: otherwise.
*/
/* TODO(size_t): Convert me */
int tls1_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size)
@ -1198,6 +1207,7 @@ int tls1_cbc_remove_padding(const SSL *s,
*/
#define CBC_MAC_ROTATE_IN_PLACE
/* TODO(size_t): Convert me */
void ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, unsigned md_size)
{
@ -1350,9 +1360,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
goto err;
}
#ifdef SSL_DEBUG
printf("dec %d\n", rr->length);
printf("dec %ld\n", rr->length);
{
unsigned int z;
size_t z;
for (z = 0; z < rr->length; z++)
printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
}
@ -1544,6 +1554,7 @@ int dtls1_get_record(SSL *s)
memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
p += 6;
/* TODO(size_t): CHECK ME */
n2s(p, rr->length);
/* Lets check version */

22
ssl/s3_lib.c
View file

@ -3812,12 +3812,13 @@ int ssl3_shutdown(SSL *s)
return (ret);
}
} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
size_t read;
/*
* If we are waiting for a close from our peer, we are closed
*/
s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &read);
if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
return (-1); /* return WANT_READ */
return -1; /* return WANT_READ */
}
}
@ -3837,7 +3838,8 @@ int ssl3_write(SSL *s, const void *buf, int len)
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
}
static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
size_t *read)
{
int ret;
@ -3847,7 +3849,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
s->s3->in_read_app_data = 1;
ret =
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
peek);
peek, read);
if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
/*
* ssl3_read_bytes decided to call s->handshake_func, which called
@ -3859,22 +3861,22 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
ossl_statem_set_in_handshake(s, 1);
ret =
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
len, peek);
len, peek, read);
ossl_statem_set_in_handshake(s, 0);
} else
s->s3->in_read_app_data = 0;
return (ret);
return ret;
}
int ssl3_read(SSL *s, void *buf, int len)
int ssl3_read(SSL *s, void *buf, size_t len, size_t *read)
{
return ssl3_read_internal(s, buf, len, 0);
return ssl3_read_internal(s, buf, len, 0, read);
}
int ssl3_peek(SSL *s, void *buf, int len)
int ssl3_peek(SSL *s, void *buf, size_t len, size_t *read)
{
return ssl3_read_internal(s, buf, len, 1);
return ssl3_read_internal(s, buf, len, 1, read);
}
int ssl3_renegotiate(SSL *s)

2
ssl/ssl_err.c
View file

@ -181,7 +181,9 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
"ssl_parse_serverhello_use_srtp_ext"},
{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
{ERR_FUNC(SSL_F_SSL_PEEK_EX), "SSL_peek_ex"},
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
{ERR_FUNC(SSL_F_SSL_READ_EX), "SSL_read_ex"},
{ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT),
"ssl_scan_clienthello_tlsext"},
{ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT),

66
ssl/ssl_lib.c
View file

@ -84,7 +84,7 @@ struct ssl_async_args {
int num;
enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
union {
int (*func_read) (SSL *, void *, int);
int (*func_read) (SSL *, void *, size_t, size_t *);
int (*func_write) (SSL *, const void *, int);
int (*func_other) (SSL *);
} f;
@ -1517,7 +1517,7 @@ static int ssl_io_intern(void *vargs)
num = args->num;
switch (args->type) {
case READFUNC:
return args->f.func_read(s, buf, num);
return args->f.func_read(s, buf, num, &s->asyncread);
case WRITEFUNC:
return args->f.func_write(s, buf, num);
case OTHERFUNC:
@ -1527,9 +1527,31 @@ static int ssl_io_intern(void *vargs)
}
int SSL_read(SSL *s, void *buf, int num)
{
int ret;
size_t read;
if (num < 0) {
SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
return -1;
}
ret = SSL_read_ex(s, buf, (size_t)num, &read);
/*
* The cast is safe here because ret should be <= INT_MAX because num is
* <= INT_MAX
*/
if (ret > 0)
ret = (int)read;
return ret;
}
int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *read)
{
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
SSLerr(SSL_F_SSL_READ_EX, SSL_R_UNINITIALIZED);
return -1;
}
@ -1540,6 +1562,7 @@ int SSL_read(SSL *s, void *buf, int num)
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
int ret;
args.s = s;
args.buf = buf;
@ -1547,16 +1570,40 @@ int SSL_read(SSL *s, void *buf, int num)
args.type = READFUNC;
args.f.func_read = s->method->ssl_read;
return ssl_start_async_job(s, &args, ssl_io_intern);
ret = ssl_start_async_job(s, &args, ssl_io_intern);
*read = s->asyncread;
return ret;
} else {
return s->method->ssl_read(s, buf, num);
return s->method->ssl_read(s, buf, num, read);
}
}
int SSL_peek(SSL *s, void *buf, int num)
{
int ret;
size_t read;
if (num < 0) {
SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
return -1;
}
ret = SSL_peek_ex(s, buf, (size_t)num, &read);
/*
* The cast is safe here because ret should be <= INT_MAX because num is
* <= INT_MAX
*/
if (ret > 0)
ret = (int)read;
return ret;
}
int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *read)
{
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
SSLerr(SSL_F_SSL_PEEK_EX, SSL_R_UNINITIALIZED);
return -1;
}
@ -1565,6 +1612,7 @@ int SSL_peek(SSL *s, void *buf, int num)
}
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
int ret;
args.s = s;
args.buf = buf;
@ -1572,9 +1620,11 @@ int SSL_peek(SSL *s, void *buf, int num)
args.type = READFUNC;
args.f.func_read = s->method->ssl_peek;
return ssl_start_async_job(s, &args, ssl_io_intern);
ret = ssl_start_async_job(s, &args, ssl_io_intern);
*read = s->asyncread;
return ret;
} else {
return s->method->ssl_peek(s, buf, num);
return s->method->ssl_peek(s, buf, num, read);
}
}

19
ssl/ssl_locl.h
View file

@ -444,14 +444,15 @@ struct ssl_method_st {
void (*ssl_free) (SSL *s);
int (*ssl_accept) (SSL *s);
int (*ssl_connect) (SSL *s);
int (*ssl_read) (SSL *s, void *buf, int len);
int (*ssl_peek) (SSL *s, void *buf, int len);
int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *read);
int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *read);
int (*ssl_write) (SSL *s, const void *buf, int len);
int (*ssl_shutdown) (SSL *s);
int (*ssl_renegotiate) (SSL *s);
int (*ssl_renegotiate_check) (SSL *s);
int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
unsigned char *buf, int len, int peek);
unsigned char *buf, size_t len, int peek,
size_t *read);
int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
int (*ssl_dispatch_alert) (SSL *s);
long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
@ -922,8 +923,8 @@ struct ssl_st {
BUF_MEM *init_buf; /* buffer used during init */
void *init_msg; /* pointer to handshake message body, set by
* ssl3_get_message() */
int init_num; /* amount read/written */
int init_off; /* amount read/written */
size_t init_num; /* amount read/written */
size_t init_off; /* amount read/written */
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
/* callback that allows applications to peek at protocol messages */
@ -1135,6 +1136,8 @@ struct ssl_st {
/* Async Job info */
ASYNC_JOB *job;
ASYNC_WAIT_CTX *waitctx;
size_t asyncread;
CRYPTO_RWLOCK *lock;
};
@ -1184,7 +1187,7 @@ typedef struct ssl3_state_st {
int finish_md_len;
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
int peer_finish_md_len;
unsigned long message_size;
size_t message_size;
int message_type;
/* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher;
@ -1894,8 +1897,8 @@ __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
__owur int ssl3_read(SSL *s, void *buf, int len);
__owur int ssl3_peek(SSL *s, void *buf, int len);
__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *read);
__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *read);
__owur int ssl3_write(SSL *s, const void *buf, int len);
__owur int ssl3_shutdown(SSL *s);
void ssl3_clear(SSL *s);

4
ssl/statem/statem.c
View file

@ -490,12 +490,12 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
{
OSSL_STATEM *st = &s->statem;
int ret, mt;
unsigned long len = 0;
size_t len = 0;
int (*transition) (SSL *s, int mt);
PACKET pkt;
MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
unsigned long (*max_message_size) (SSL *s);
size_t (*max_message_size) (SSL *s);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
cb = get_callback(s);

2
ssl/statem/statem_clnt.c
View file

@ -568,7 +568,7 @@ int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
* Returns the maximum allowed length for the current message that we are
* reading. Excludes the message header.
*/
unsigned long ossl_statem_client_max_message_size(SSL *s)
size_t ossl_statem_client_max_message_size(SSL *s)
{
OSSL_STATEM *st = &s->statem;

43
ssl/statem/statem_dtls.c
View file

@ -124,7 +124,7 @@ int dtls1_do_write(SSL *s, int type)
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
if (s->write_hash) {
if (s->enc_write_ctx
@ -295,7 +295,7 @@ int dtls1_do_write(SSL *s, int type)
return -1;
}
if (ret == s->init_num) {
if (ret == (int)s->init_num) {
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
(size_t)(s->init_off + s->init_num), s,
@ -323,7 +323,7 @@ int dtls1_do_write(SSL *s, int type)
return (0);
}
int dtls_get_message(SSL *s, int *mt, unsigned long *len)
int dtls_get_message(SSL *s, int *mt, size_t *len)
{
struct hm_header_st *msg_hdr;
unsigned char *p;
@ -516,6 +516,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
int i = -1, is_complete;
unsigned char seq64be[8];
unsigned long frag_len = msg_hdr->frag_len;
size_t read;
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
@ -559,10 +560,10 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
devnull,
frag_len >
sizeof(devnull) ? sizeof(devnull) :
frag_len, 0);
frag_len, 0, &read);
if (i <= 0)
goto err;
frag_len -= i;
frag_len -= read;
}
return DTLS1_HM_FRAGMENT_RETRY;
}
@ -570,8 +571,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
/* read the body of the fragment (header has already been read */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
frag->fragment + msg_hdr->frag_off,
frag_len, 0);
if ((unsigned long)i != frag_len)
frag_len, 0, &read);
if (i <= 0 || read != frag_len)
i = -1;
if (i <= 0)
goto err;
@ -622,6 +623,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
pitem *item = NULL;
unsigned char seq64be[8];
unsigned long frag_len = msg_hdr->frag_len;
size_t read;
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
goto err;
@ -654,10 +656,10 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
devnull,
frag_len >
sizeof(devnull) ? sizeof(devnull) :
frag_len, 0);
frag_len, 0, &read);
if (i <= 0)
goto err;
frag_len -= i;
frag_len -= read;
}
} else {
if (frag_len != msg_hdr->msg_len)
@ -677,8 +679,8 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
* read the body of the fragment (header has already been read
*/
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
frag->fragment, frag_len, 0);
if ((unsigned long)i != frag_len)
frag->fragment, frag_len, 0, &read);
if (i<=0 || read != frag_len)
i = -1;
if (i <= 0)
goto err;
@ -716,6 +718,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
int i, al, recvd_type;
struct hm_header_st msg_hdr;
int ok;
size_t read;
redo:
/* see if we have the required fragment already */
@ -728,7 +731,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
/* read handshake message header */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire,
DTLS1_HM_HEADER_LENGTH, 0);
DTLS1_HM_HEADER_LENGTH, 0, &read);
if (i <= 0) { /* nbio, or an error */
s->rwstate = SSL_READING;
*len = i;
@ -742,17 +745,17 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
goto f_err;
}
memcpy(s->init_buf->data, wire, i);
s->init_num = i - 1;
memcpy(s->init_buf->data, wire, read);
s->init_num = read - 1;
s->init_msg = s->init_buf->data + 1;
s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
s->s3->tmp.message_size = i - 1;
*len = i - 1;
s->s3->tmp.message_size = read - 1;
*len = read - 1;
return 1;
}
/* Handshake fails if message header is incomplete */
if (i != DTLS1_HM_HEADER_LENGTH) {
if (read != DTLS1_HM_HEADER_LENGTH) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
@ -823,7 +826,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
&p[frag_off], frag_len, 0);
&p[frag_off], frag_len, 0, &read);
/*
* This shouldn't ever fail due to NBIO because we already checked
@ -835,13 +838,13 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
return 0;
}
} else
i = 0;
read = 0;
/*
* XDTLS: an incorrectly formatted fragment should cause the handshake
* to fail
*/
if (i != (int)frag_len) {
if (read != frag_len) {
al = SSL3_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL3_AD_ILLEGAL_PARAMETER);
goto f_err;

36
ssl/statem/statem_lib.c
View file

@ -45,7 +45,7 @@ int ssl3_do_write(SSL *s, int type)
ret))
return -1;
if (ret == s->init_num) {
if (ret == (int)s->init_num) {
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
(size_t)(s->init_off + s->init_num), s,
@ -357,7 +357,7 @@ int tls_get_message_header(SSL *s, int *mt)
/* s->init_num < SSL3_HM_HEADER_LENGTH */
int skip_message, i, recvd_type, al;
unsigned char *p;
unsigned long l;
size_t l, read;
p = (unsigned char *)s->init_buf->data;
@ -366,7 +366,7 @@ int tls_get_message_header(SSL *s, int *mt)
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
&p[s->init_num],
SSL3_HM_HEADER_LENGTH - s->init_num,
0);
0, &read);
if (i <= 0) {
s->rwstate = SSL_READING;
return 0;
@ -376,22 +376,22 @@ int tls_get_message_header(SSL *s, int *mt)
* A ChangeCipherSpec must be a single byte and may not occur
* in the middle of a handshake message.
*/
if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
if (s->init_num != 0 || read != 1 || p[0] != SSL3_MT_CCS) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
SSL_R_BAD_CHANGE_CIPHER_SPEC);
goto f_err;
}
s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
s->init_num = i - 1;
s->s3->tmp.message_size = i;
s->init_num = read - 1;
s->s3->tmp.message_size = read;
return 1;
} else if (recvd_type != SSL3_RT_HANDSHAKE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_CCS_RECEIVED_EARLY);
goto f_err;
}
s->init_num += i;
s->init_num += read;
}
skip_message = 0;
@ -452,9 +452,9 @@ int tls_get_message_header(SSL *s, int *mt)
return 0;
}
int tls_get_message_body(SSL *s, unsigned long *len)
int tls_get_message_body(SSL *s, size_t *len)
{
long n;
size_t n, read;
unsigned char *p;
int i;
@ -468,14 +468,14 @@ int tls_get_message_body(SSL *s, unsigned long *len)
n = s->s3->tmp.message_size - s->init_num;
while (n > 0) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
&p[s->init_num], n, 0);
&p[s->init_num], n, 0, &read);
if (i <= 0) {
s->rwstate = SSL_READING;
*len = 0;
return 0;
}
s->init_num += i;
n -= i;
s->init_num += read;
n -= read;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
@ -513,17 +513,7 @@ int tls_get_message_body(SSL *s, unsigned long *len)
s->msg_callback_arg);
}
/*
* init_num should never be negative...should probably be declared
* unsigned
*/
if (s->init_num < 0) {
SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_INTERNAL_ERROR);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
*len = 0;
return 0;
}
*len = (unsigned long)s->init_num;
*len = s->init_num;
return 1;
}

8
ssl/statem/statem_locl.h
View file

@ -54,7 +54,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst);
WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
confunc_f *confunc, int *mt);
unsigned long ossl_statem_client_max_message_size(SSL *s);
size_t ossl_statem_client_max_message_size(SSL *s);
MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst);
@ -67,14 +67,14 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst);
WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
confunc_f *confunc,int *mt);
unsigned long ossl_statem_server_max_message_size(SSL *s);
size_t ossl_statem_server_max_message_size(SSL *s);
MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst);
/* Functions for getting new message data */
__owur int tls_get_message_header(SSL *s, int *mt);
__owur int tls_get_message_body(SSL *s, unsigned long *len);
__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len);
__owur int tls_get_message_body(SSL *s, size_t *len);
__owur int dtls_get_message(SSL *s, int *mt, size_t *len);
/* Message construction and processing functions */
__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt);

2
ssl/statem/statem_srvr.c
View file

@ -717,7 +717,7 @@ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
* Returns the maximum allowed length for the current message that we are
* reading. Excludes the message header.
*/
unsigned long ossl_statem_server_max_message_size(SSL *s)
size_t ossl_statem_server_max_message_size(SSL *s)
{
OSSL_STATEM *st = &s->statem;

2
util/libssl.num
View file

@ -405,3 +405,5 @@ SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION:
SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION:
SSL_CTX_set1_cert_store 407 1_1_1 EXIST::FUNCTION:
DTLS_get_data_mtu 408 1_1_1 EXIST::FUNCTION:
SSL_read_ex 409 1_1_1 EXIST::FUNCTION:
SSL_peek_ex 410 1_1_1 EXIST::FUNCTION: