From 258f8721a5d2c3ec5fd433e89112885139be1db3 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 30 Jan 2015 17:29:41 +0000 Subject: [PATCH] Encapsulate s->s3->rrec Reviewed-by: Richard Levitte --- ssl/Makefile | 4 +- ssl/d1_both.c | 15 ++-- ssl/d1_pkt.c | 20 ++--- ssl/record/rec_layer.h | 1 + ssl/record/ssl3_record.c | 138 +++++++++++++++++++++++++++++++++ ssl/record/ssl3_record.h | 162 +++++++++++++++++++++++++++++++++++++++ ssl/s3_enc.c | 10 +-- ssl/s3_lib.c | 20 ++--- ssl/s3_pkt.c | 6 +- ssl/ssl_locl.h | 44 +---------- ssl/t1_enc.c | 10 +-- ssl/t1_lib.c | 12 ++- 12 files changed, 352 insertions(+), 90 deletions(-) create mode 100644 ssl/record/ssl3_record.c create mode 100644 ssl/record/ssl3_record.h diff --git a/ssl/Makefile b/ssl/Makefile index 0e17134d57..0ef1eb0888 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -30,7 +30,7 @@ LIBSRC= \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \ bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ - record/ssl3_buffer.c + record/ssl3_buffer.c record/ssl3_record.c LIBOBJ= \ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \ s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \ @@ -41,7 +41,7 @@ LIBOBJ= \ ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \ bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \ - record/ssl3_buffer.o + record/ssl3_buffer.o record/ssl3_record.o SRC= $(LIBSRC) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 8d15f70a4f..48c75b2227 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1349,25 +1349,28 @@ int dtls1_shutdown(SSL *s) #ifndef OPENSSL_NO_HEARTBEATS int dtls1_process_heartbeat(SSL *s) { - unsigned char *p = &s->s3->rrec.data[0], *pl; + unsigned char *p, *pl; unsigned short hbtype; unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ + unsigned int length; + + p = SSL3_RECORD_get_data(RECORD_LAYER_get_rrec(&s->rlayer)); + length = SSL3_RECORD_get_length(RECORD_LAYER_get_rrec(&s->rlayer)); if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - &s->s3->rrec.data[0], s->s3->rrec.length, - s, s->msg_callback_arg); + p, length, s, s->msg_callback_arg); /* Read type and payload length first */ - if (1 + 2 + 16 > s->s3->rrec.length) + if (1 + 2 + 16 > length) return 0; /* silently discard */ - if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH) + if (length > SSL3_RT_MAX_PLAIN_LENGTH) return 0; /* silently discard per RFC 6520 sec. 4 */ hbtype = *p++; n2s(p, payload); - if (1 + 2 + payload + 16 > s->s3->rrec.length) + if (1 + 2 + payload + 16 > length) return 0; /* silently discard per RFC 6520 sec. 4 */ pl = p; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 5219444259..69a2467e0e 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -204,7 +204,8 @@ static int dtls1_copy_record(SSL *s, pitem *item) s->packet_length = rdata->packet_length; memcpy(RECORD_LAYER_get_rbuf(&s->rlayer), &(rdata->rbuf), sizeof(SSL3_BUFFER)); - memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); + memcpy(RECORD_LAYER_get_rrec(&s->rlayer), &(rdata->rrec), + sizeof(SSL3_RECORD)); /* Set proper sequence number for mac calculation */ memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); @@ -238,7 +239,8 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) rdata->packet_length = s->packet_length; memcpy(&(rdata->rbuf), RECORD_LAYER_get_rbuf(&s->rlayer), sizeof(SSL3_BUFFER)); - memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); + memcpy(&(rdata->rrec), RECORD_LAYER_get_rrec(&s->rlayer), + sizeof(SSL3_RECORD)); item->data = rdata; @@ -255,7 +257,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) s->packet = NULL; s->packet_length = 0; memset(RECORD_LAYER_get_rbuf(&s->rlayer), 0, sizeof(SSL3_BUFFER)); - memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); + memset(RECORD_LAYER_get_rrec(&s->rlayer), 0, sizeof(SSL3_RECORD)); if (!ssl3_setup_buffers(s)) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); @@ -328,7 +330,7 @@ static int dtls1_process_buffered_records(SSL *s) if (!dtls1_process_record(s)) return (0); if (dtls1_buffer_record(s, &(s->d1->processed_rcds), - s->s3->rrec.seq_num) < 0) + SSL3_RECORD_get_seq_num(RECORD_LAYER_get_rrec(&s->rlayer))) < 0) return -1; } } @@ -352,7 +354,7 @@ static int dtls1_process_record(SSL *s) unsigned int mac_size; unsigned char md[EVP_MAX_MD_SIZE]; - rr = &(s->s3->rrec); + rr = RECORD_LAYER_get_rrec(&s->rlayer); sess = s->session; /* @@ -527,7 +529,7 @@ int dtls1_get_record(SSL *s) DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; - rr = &(s->s3->rrec); + rr = RECORD_LAYER_get_rrec(&s->rlayer); /* * The epoch may have changed. If so, process all the pending records. @@ -780,7 +782,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) * s->s3->rrec.off, - offset into 'data' for next read * s->s3->rrec.length, - number of bytes. */ - rr = &(s->s3->rrec); + rr = RECORD_LAYER_get_rrec(&s->rlayer); /* * We are not handshaking and have no data yet, so process data buffered @@ -1629,7 +1631,7 @@ static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) cmp = satsub64be(seq, bitmap->max_seq_num); if (cmp > 0) { - memcpy(s->s3->rrec.seq_num, seq, 8); + SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq); return 1; /* this record in new */ } shift = -cmp; @@ -1638,7 +1640,7 @@ static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) else if (bitmap->map & (1UL << shift)) return 0; /* record previously received */ - memcpy(s->s3->rrec.seq_num, seq, 8); + SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq); return 1; } diff --git a/ssl/record/rec_layer.h b/ssl/record/rec_layer.h index 19fe04870c..cd1da6182c 100644 --- a/ssl/record/rec_layer.h +++ b/ssl/record/rec_layer.h @@ -130,3 +130,4 @@ typedef struct record_layer_st { #define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) #define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) #define RECORD_LAYER_get_wbuf(rl) (&(rl)->wbuf) +#define RECORD_LAYER_get_rrec(rl) (&(rl)->s->s3->rrec) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c new file mode 100644 index 0000000000..f78f2fef4e --- /dev/null +++ b/ssl/record/ssl3_record.c @@ -0,0 +1,138 @@ +/* ssl/record/ssl3_record.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "../ssl_locl.h" + +void SSL3_RECORD_clear(SSL3_RECORD *r) +{ + memset(r->seq_num, 0, sizeof(r->seq_num)); +} + +void SSL3_RECORD_release(SSL3_RECORD *r) +{ + if (r->comp != NULL) + OPENSSL_free(r->comp); + r->comp = NULL; +} + +int SSL3_RECORD_setup(SSL3_RECORD *r, size_t len) +{ + if (r->comp == NULL) + r->comp = (unsigned char *) OPENSSL_malloc(len); + if (r->comp == NULL) + return 0; + return 1; +} + +void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num) +{ + memcpy(r->seq_num, seq_num, 8); +} diff --git a/ssl/record/ssl3_record.h b/ssl/record/ssl3_record.h new file mode 100644 index 0000000000..5e874fd93a --- /dev/null +++ b/ssl/record/ssl3_record.h @@ -0,0 +1,162 @@ +/* ssl/record/ssl3_record.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +typedef struct ssl3_record_st { + /* type of record */ + /* + * r + */ int type; + /* How many bytes available */ + /* + * rw + */ unsigned int length; + /* + * How many bytes were available before padding was removed? This is used + * to implement the MAC check in constant time for CBC records. + */ + /* + * rw + */ unsigned int orig_len; + /* read/write offset into 'buf' */ + /* + * r + */ unsigned int off; + /* pointer to the record data */ + /* + * rw + */ unsigned char *data; + /* where the decode bytes are */ + /* + * rw + */ unsigned char *input; + /* only used with decompression - malloc()ed */ + /* + * r + */ unsigned char *comp; + /* epoch number, needed by DTLS1 */ + /* + * r + */ unsigned long epoch; + /* sequence number, needed by DTLS1 */ + /* + * r + */ unsigned char seq_num[8]; +} SSL3_RECORD; + +#define SSL3_RECORD_get_type(r) ((r)->type) +#define SSL3_RECORD_get_length(r) ((r)->length) +#define SSL3_RECORD_get_data(r) ((r)->data) +#define SSL3_RECORD_get_seq_num(r) ((r)->seq_num) + +void SSL3_RECORD_clear(SSL3_RECORD *r); +void SSL3_RECORD_release(SSL3_RECORD *r); +int SSL3_RECORD_setup(SSL3_RECORD *r, size_t len); +void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num); diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 94f6dd0647..b36aca8891 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -270,10 +270,8 @@ int ssl3_change_cipher_state(SSL *s, int which) SSL_R_COMPRESSION_LIBRARY_ERROR); goto err2; } - if (s->s3->rrec.comp == NULL) - s->s3->rrec.comp = (unsigned char *) - OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH); - if (s->s3->rrec.comp == NULL) + if(!SSL3_RECORD_setup(RECORD_LAYER_get_rrec(&s->rlayer), + SSL3_RT_MAX_PLAIN_LENGTH)) goto err; } #endif @@ -509,7 +507,7 @@ int ssl3_enc(SSL *s, int send) enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); } else { ds = s->enc_read_ctx; - rec = &(s->s3->rrec); + rec = RECORD_LAYER_get_rrec(&s->rlayer); if (s->enc_read_ctx == NULL) enc = NULL; else @@ -732,7 +730,7 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) seq = &(ssl->s3->write_sequence[0]); hash = ssl->write_hash; } else { - rec = &(ssl->s3->rrec); + rec = RECORD_LAYER_get_rrec(&ssl->rlayer); mac_sec = &(ssl->s3->read_mac_secret[0]); seq = &(ssl->s3->read_sequence[0]); hash = ssl->read_hash; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 948e14e5a4..7023ba5d83 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3083,8 +3083,9 @@ int ssl3_pending(const SSL *s) if (s->rstate == SSL_ST_READ_BODY) return 0; - return (s->s3->rrec.type == - SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; + return (SSL3_RECORD_get_type(RECORD_LAYER_get_rrec(&s->rlayer)) + == SSL3_RT_APPLICATION_DATA) + ? SSL3_RECORD_get_length(RECORD_LAYER_get_rrec(&s->rlayer)) : 0; } int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) @@ -3110,11 +3111,10 @@ int ssl3_new(SSL *s) if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) goto err; memset(s3, 0, sizeof *s3); - memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); - memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); - s->s3 = s3; - + SSL3_RECORD_clear(RECORD_LAYER_get_rrec(&s->rlayer)); + memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); + #ifndef OPENSSL_NO_SRP if(!SSL_SRP_CTX_init(s)) goto err; @@ -3131,8 +3131,7 @@ void ssl3_free(SSL *s) return; ssl3_cleanup_key_block(s); - if (s->s3->rrec.comp != NULL) - OPENSSL_free(s->s3->rrec.comp); + SSL3_RECORD_release(RECORD_LAYER_get_rrec(&s->rlayer)); #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); #endif @@ -3166,10 +3165,7 @@ void ssl3_clear(SSL *s) if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - if (s->s3->rrec.comp != NULL) { - OPENSSL_free(s->s3->rrec.comp); - s->s3->rrec.comp = NULL; - } + SSL3_RECORD_release(RECORD_LAYER_get_rrec(&s->rlayer)); #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index eb25f34ad4..b86ee1e5cf 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -316,7 +316,7 @@ static int ssl3_get_record(SSL *s) size_t extra; unsigned empty_record_count = 0; - rr = &(s->s3->rrec); + rr = RECORD_LAYER_get_rrec(&s->rlayer); sess = s->session; if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) @@ -600,7 +600,7 @@ int ssl3_do_uncompress(SSL *ssl) int i; SSL3_RECORD *rr; - rr = &(ssl->s3->rrec); + rr = RECORD_LAYER_get_rrec(&ssl->rlayer); i = COMP_expand_block(ssl->expand, rr->comp, SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); @@ -1235,7 +1235,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) * s->s3->rrec.off, - offset into 'data' for next read * s->s3->rrec.length, - number of bytes. */ - rr = &(s->s3->rrec); + rr = RECORD_LAYER_get_rrec(&s->rlayer); /* get new packet if necessary */ if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 8163b99095..8a16204a2f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -166,6 +166,7 @@ # include #include "record/ssl3_buffer.h" +#include "record/ssl3_record.h" #include "record/rec_layer.h" # ifdef OPENSSL_BUILD_SHLIBSSL @@ -1223,47 +1224,6 @@ struct ssl_st { RECORD_LAYER rlayer; }; -typedef struct ssl3_record_st { - /* type of record */ - /* - * r - */ int type; - /* How many bytes available */ - /* - * rw - */ unsigned int length; - /* - * How many bytes were available before padding was removed? This is used - * to implement the MAC check in constant time for CBC records. - */ - /* - * rw - */ unsigned int orig_len; - /* read/write offset into 'buf' */ - /* - * r - */ unsigned int off; - /* pointer to the record data */ - /* - * rw - */ unsigned char *data; - /* where the decode bytes are */ - /* - * rw - */ unsigned char *input; - /* only used with decompression - malloc()ed */ - /* - * r - */ unsigned char *comp; - /* epoch number, needed by DTLS1 */ - /* - * r - */ unsigned long epoch; - /* sequence number, needed by DTLS1 */ - /* - * r - */ unsigned char seq_num[8]; -} SSL3_RECORD; typedef struct ssl3_state_st { long flags; @@ -1281,7 +1241,7 @@ typedef struct ssl3_state_st { int empty_fragment_done; /* The value of 'extra' when the buffers were initialized */ int init_extra; - SSL3_RECORD rrec; /* each decoded record goes in here */ + SSL3_RECORD rrec; /* each decoded record goes in here */ SSL3_RECORD wrec; /* goes out from here */ /* * storage for Alert/Handshake protocol data received but not yet diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index e4a689ebc3..70ea6c0796 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -396,10 +396,8 @@ int tls1_change_cipher_state(SSL *s, int which) SSL_R_COMPRESSION_LIBRARY_ERROR); goto err2; } - if (s->s3->rrec.comp == NULL) - s->s3->rrec.comp = (unsigned char *) - OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH); - if (s->s3->rrec.comp == NULL) + if (SSL3_RECORD_setup(RECORD_LAYER_get_rrec(&s->rlayer), + SSL3_RT_MAX_ENCRYPTED_LENGTH)) goto err; } #endif @@ -782,7 +780,7 @@ int tls1_enc(SSL *s, int send) OPENSSL_assert(n >= 0); } ds = s->enc_read_ctx; - rec = &(s->s3->rrec); + rec = RECORD_LAYER_get_rrec(&s->rlayer); if (s->enc_read_ctx == NULL) enc = NULL; else @@ -977,7 +975,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) seq = &(ssl->s3->write_sequence[0]); hash = ssl->write_hash; } else { - rec = &(ssl->s3->rrec); + rec = RECORD_LAYER_get_rrec(&ssl->rlayer); seq = &(ssl->s3->read_sequence[0]); hash = ssl->read_hash; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 40d64904d8..3044fbb21f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3594,22 +3594,26 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, # ifndef OPENSSL_NO_HEARTBEATS int tls1_process_heartbeat(SSL *s) { - unsigned char *p = &s->s3->rrec.data[0], *pl; + unsigned char *p, *pl; unsigned short hbtype; unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ + unsigned int length; + + p = SSL3_RECORD_get_data(RECORD_LAYER_get_rrec(&s->rlayer)); + length = SSL3_RECORD_get_length(RECORD_LAYER_get_rrec(&s->rlayer)); if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - &s->s3->rrec.data[0], s->s3->rrec.length, + p, length, s, s->msg_callback_arg); /* Read type and payload length first */ - if (1 + 2 + 16 > s->s3->rrec.length) + if (1 + 2 + 16 > length) return 0; /* silently discard */ hbtype = *p++; n2s(p, payload); - if (1 + 2 + payload + 16 > s->s3->rrec.length) + if (1 + 2 + payload + 16 > length) return 0; /* silently discard per RFC 6520 sec. 4 */ pl = p; -- 2.25.1