#if defined(OPENSSL_SMALL_FOOTPRINT) || \
!( defined(AES_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined(_M_X64) || \
- defined(__INTEL__) ) \
+ defined(_M_AMD64) || defined(_M_X64) )
)
# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s)
{
rl->s = s;
- SSL3_RECORD_clear(&rl->rrec);
- SSL3_RECORD_clear(&rl->wrec);
+ SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
}
void RECORD_LAYER_clear(RECORD_LAYER *rl)
for(pipes = 0; pipes < rl->numwpipes; pipes++)
SSL3_BUFFER_clear(&rl->wbuf[pipes]);
rl->numwpipes = 0;
- SSL3_RECORD_clear(&rl->rrec);
- SSL3_RECORD_clear(&rl->wrec);
+ SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
RECORD_LAYER_reset_read_sequence(rl);
RECORD_LAYER_reset_write_sequence(rl);
ssl3_release_read_buffer(rl->s);
if (rl->numwpipes > 0)
ssl3_release_write_buffer(rl->s);
- SSL3_RECORD_release(&rl->rrec);
+ SSL3_RECORD_release(rl->rrec, SSL_MAX_PIPELINES);
}
-int RECORD_LAYER_read_pending(RECORD_LAYER *rl)
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
{
return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
}
-int RECORD_LAYER_write_pending(RECORD_LAYER *rl)
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
{
return (rl->numwpipes > 0)
&& SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes-1]) != 0;
memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
}
-int RECORD_LAYER_setup_comp_buffer(RECORD_LAYER *rl)
-{
- return SSL3_RECORD_setup(&(rl)->rrec);
-}
-
int ssl3_pending(const SSL *s)
{
+ unsigned int i;
+ int num = 0;
+
if (s->rlayer.rstate == SSL_ST_READ_BODY)
return 0;
- return (SSL3_RECORD_get_type(&s->rlayer.rrec) == SSL3_RT_APPLICATION_DATA)
- ? SSL3_RECORD_get_length(&s->rlayer.rrec) : 0;
+ for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
+ if (SSL3_RECORD_get_type(&s->rlayer.rrec[i])
+ != SSL3_RT_APPLICATION_DATA)
+ return 0;
+ num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]);
+ }
+
+ return num;
}
-const char *SSL_rstate_string_long(const SSL *s)
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
{
- const char *str;
+ ctx->default_read_buf_len = len;
+}
+void SSL_set_default_read_buffer_len(SSL *s, size_t len)
+{
+ SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len);
+}
+
+const char *SSL_rstate_string_long(const SSL *s)
+{
switch (s->rlayer.rstate) {
case SSL_ST_READ_HEADER:
- str = "read header";
- break;
+ return "read header";
case SSL_ST_READ_BODY:
- str = "read body";
- break;
+ return "read body";
case SSL_ST_READ_DONE:
- str = "read done";
- break;
+ return "read done";
default:
- str = "unknown";
- break;
+ return "unknown";
}
- return (str);
}
const char *SSL_rstate_string(const SSL *s)
{
- const char *str;
-
switch (s->rlayer.rstate) {
case SSL_ST_READ_HEADER:
- str = "RH";
- break;
+ return "RH";
case SSL_ST_READ_BODY:
- str = "RB";
- break;
+ return "RB";
case SSL_ST_READ_DONE:
- str = "RD";
- break;
+ return "RD";
default:
- str = "unknown";
- break;
+ return "unknown";
}
- return (str);
}
-int ssl3_read_n(SSL *s, int n, int max, int extend)
+int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
{
/*
* If extend == 0, obtain new n-byte packet; if extend == 1, increase
* s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
* s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
* s->packet_length bytes if extend == 1].)
+ * if clearold == 1, move the packet to the start of the buffer; if
+ * clearold == 0 then leave any old packets where they were
*/
int i, len, left;
size_t align = 0;
* Move any available bytes to front of buffer: 'len' bytes already
* pointed to by 'packet', 'left' extra ones at the end
*/
- if (s->rlayer.packet != pkt) { /* len > 0 */
+ if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */
memmove(pkt, s->rlayer.packet, len + left);
s->rlayer.packet = pkt;
rb->offset = len + align;
{
const unsigned char *buf = buf_;
int tot;
- unsigned int n, nw;
+ unsigned int n, split_send_fragment, maxpipes;
#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
- unsigned int max_send_fragment, split_send_fragment, maxpipes;
+ unsigned int max_send_fragment, nw;
unsigned int u_len = (unsigned int)len;
#endif
SSL3_BUFFER *wb = &s->rlayer.wbuf[0];
/*
* Depending on platform multi-block can deliver several *times*
* better performance. Downside is that it has to allocate
- * jumbo buffer to accomodate up to 8 records, but the
+ * jumbo buffer to accommodate up to 8 records, but the
* compromise is considered worthy.
*/
if (type == SSL3_RT_APPLICATION_DATA &&
split_send_fragment = s->split_send_fragment;
/*
* If max_pipelines is 0 then this means "undefined" and we default to
- * 1 pipeline. Similaraly if the cipher does not support pipelined
+ * 1 pipeline. Similarly if the cipher does not support pipelined
* processing then we also only use 1 pipeline, or if we're not using
* explicit IVs
*/
/*
* extra fragment would be couple of cipher blocks, which would be
* multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
- * payload, then we can just pretent we simply have two headers.
+ * payload, then we can just pretend we simply have two headers.
*/
align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
*(outbuf[j]++) = (s->version >> 8);
/*
- * Some servers hang if iniatial client hello is larger than 256 bytes
+ * Some servers hang if initial client hello is larger than 256 bytes
* and record version number > TLS 1.0
*/
if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
int len, int peek)
{
int al, i, j, ret;
- unsigned int n;
+ unsigned int n, curr_rec, num_recs, read_bytes;
SSL3_RECORD *rr;
+ SSL3_BUFFER *rbuf;
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
- if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) {
+ rbuf = &s->rlayer.rbuf;
+
+ if (!SSL3_BUFFER_is_initialised(rbuf)) {
/* Not initialized yet */
if (!ssl3_setup_read_buffer(s))
return (-1);
s->rwstate = SSL_NOTHING;
/*-
- * s->s3->rrec.type - is the type of record
- * s->s3->rrec.data, - data
- * s->s3->rrec.off, - offset into 'data' for next read
- * s->s3->rrec.length, - number of bytes.
+ * For each record 'i' up to |num_recs]
+ * rr[i].type - is the type of record
+ * rr[i].data, - data
+ * rr[i].off, - offset into 'data' for next read
+ * rr[i].length, - number of bytes.
*/
- rr = &s->rlayer.rrec;
-
- /* get new packet if necessary */
- if ((SSL3_RECORD_get_length(rr) == 0)
- || (s->rlayer.rstate == SSL_ST_READ_BODY)) {
- ret = ssl3_get_record(s);
- if (ret <= 0)
- return (ret);
- }
+ rr = s->rlayer.rrec;
+ num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+
+ do {
+ /* get new records if necessary */
+ if (num_recs == 0) {
+ ret = ssl3_get_record(s);
+ if (ret <= 0)
+ return (ret);
+ num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+ if (num_recs == 0) {
+ /* Shouldn't happen */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ }
+ /* Skip over any records we have already used or are zero in length */
+ for (curr_rec = 0;
+ curr_rec < num_recs && SSL3_RECORD_get_length(&rr[curr_rec]) == 0;
+ curr_rec++);
+ if (curr_rec == num_recs) {
+ RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
+ num_recs = 0;
+ curr_rec = 0;
+ }
+ } while (num_recs == 0);
+ rr = &rr[curr_rec];
/* we now have a packet which can be read and processed */
if (len <= 0)
return (len);
- if ((unsigned int)len > SSL3_RECORD_get_length(rr))
- n = SSL3_RECORD_get_length(rr);
- else
- n = (unsigned int)len;
-
- memcpy(buf, &(rr->data[rr->off]), n);
- if (!peek) {
- SSL3_RECORD_add_length(rr, -n);
- SSL3_RECORD_add_off(rr, n);
- if (SSL3_RECORD_get_length(rr) == 0) {
- s->rlayer.rstate = SSL_ST_READ_HEADER;
- SSL3_RECORD_set_off(rr, 0);
- if (s->mode & SSL_MODE_RELEASE_BUFFERS
- && SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0)
- ssl3_release_read_buffer(s);
+ read_bytes = 0;
+ do {
+ if ((unsigned int)len - read_bytes > SSL3_RECORD_get_length(rr))
+ n = SSL3_RECORD_get_length(rr);
+ else
+ n = (unsigned int)len - read_bytes;
+
+ memcpy(buf, &(rr->data[rr->off]), n);
+ buf += n;
+ if (!peek) {
+ SSL3_RECORD_add_length(rr, -n);
+ SSL3_RECORD_add_off(rr, n);
+ if (SSL3_RECORD_get_length(rr) == 0) {
+ s->rlayer.rstate = SSL_ST_READ_HEADER;
+ SSL3_RECORD_set_off(rr, 0);
+ }
}
- }
- return (n);
+ if (SSL3_RECORD_get_length(rr) == 0
+ || (peek && n == SSL3_RECORD_get_length(rr))) {
+ curr_rec++;
+ rr++;
+ }
+ read_bytes += n;
+ } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
+ && read_bytes < (unsigned int)len);
+ if (!peek && curr_rec == num_recs
+ && (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ && SSL3_BUFFER_get_left(rbuf) == 0)
+ ssl3_release_read_buffer(s);
+ return read_bytes;
}
/*
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
- if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
+ if (SSL3_BUFFER_get_left(rbuf) == 0) {
/* no read-ahead left? */
BIO *bio;
/*
/*
* This is a warning but we receive it if we requested
* renegotiation and the peer denied it. Terminate with a fatal
- * alert because if application tried to renegotiatie it
+ * alert because if application tried to renegotiate it
* presumably had a good reason and expects it to succeed. In
* future we might have a renegotiation where we don't care if
* the peer refused it where we carry on.
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
- if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
+ if (SSL3_BUFFER_get_left(rbuf) == 0) {
/* no read-ahead left? */
BIO *bio;
/*
*/
int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl)
{
- return SSL3_RECORD_is_sslv2_record(&rl->rrec);
+ return SSL3_RECORD_is_sslv2_record(&rl->rrec[0]);
}
/*
*/
unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
{
- return SSL3_RECORD_get_length(&rl->rrec);
+ return SSL3_RECORD_get_length(&rl->rrec[0]);
}