Move s->packet and s->packet_length into s->rlayer
authorMatt Caswell <matt@openssl.org>
Mon, 2 Feb 2015 20:55:15 +0000 (20:55 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 26 Mar 2015 15:02:00 +0000 (15:02 +0000)
Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/record/d1_pkt.c
ssl/record/rec_layer.h
ssl/record/s23_pkt.c
ssl/record/s3_pkt.c
ssl/record/ssl3_buffer.c
ssl/record/ssl3_record.c
ssl/s23_clnt.c
ssl/s23_srvr.c
ssl/s3_lib.c
ssl/ssl_locl.h

index f177225..5ad4632 100644 (file)
@@ -193,8 +193,8 @@ static int dtls1_copy_record(SSL *s, pitem *item)
 
     SSL3_BUFFER_release(&s->rlayer.rbuf);
 
-    s->packet = rdata->packet;
-    s->packet_length = rdata->packet_length;
+    s->rlayer.packet = rdata->packet;
+    s->rlayer.packet_length = rdata->packet_length;
     memcpy(&s->rlayer.rbuf, &(rdata->rbuf), sizeof(SSL3_BUFFER));
     memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD));
 
@@ -226,8 +226,8 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
         return -1;
     }
 
-    rdata->packet = s->packet;
-    rdata->packet_length = s->packet_length;
+    rdata->packet = s->rlayer.packet;
+    rdata->packet_length = s->rlayer.packet_length;
     memcpy(&(rdata->rbuf), &s->rlayer.rbuf, sizeof(SSL3_BUFFER));
     memcpy(&(rdata->rrec), &s->rlayer.rrec, sizeof(SSL3_RECORD));
 
@@ -243,8 +243,8 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
     }
 #endif
 
-    s->packet = NULL;
-    s->packet_length = 0;
+    s->rlayer.packet = NULL;
+    s->rlayer.packet_length = 0;
     memset(&s->rlayer.rbuf, 0, sizeof(SSL3_BUFFER));
     memset(&s->rlayer.rrec, 0, sizeof(SSL3_RECORD));
 
index 8b529b7..2997419 100644 (file)
@@ -148,6 +148,11 @@ typedef struct record_layer_st {
     SSL3_RECORD rrec;
     /* goes out from here */
     SSL3_RECORD wrec;
+
+    /* used internally to point at a raw packet */
+    unsigned char *packet;
+    unsigned int packet_length;
+
 } RECORD_LAYER;
 
 
@@ -161,6 +166,9 @@ typedef struct record_layer_st {
 #define RECORD_LAYER_set_read_ahead(rl, ra)     ((rl)->read_ahead = (ra))
 #define RECORD_LAYER_get_read_ahead(rl)         ((rl)->read_ahead)
 #define RECORD_LAYER_setup_comp_buffer(rl)      (SSL3_RECORD_setup(&(rl)->rrec))
+#define RECORD_LAYER_get_packet(rl)             ((rl)->packet)
+#define RECORD_LAYER_get_packet_length(rl)      ((rl)->packet_length)
+#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
 
 void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
 void RECORD_LAYER_clear(RECORD_LAYER *rl);
@@ -193,6 +201,8 @@ void dtls1_reset_seq_numbers(SSL *s, int rw);
 #define RECORD_LAYER_get_wbuf(rl)               (&(rl)->wbuf)
 #define RECORD_LAYER_get_rrec(rl)               (&(rl)->rrec)
 #define RECORD_LAYER_get_wrec(rl)               (&(rl)->wrec)
+#define RECORD_LAYER_set_packet(rl, p)          ((rl)->packet = (p))
+#define RECORD_LAYER_reset_packet_length(rl)    ((rl)->packet_length = 0)
 
 __owur int ssl3_read_n(SSL *s, int n, int max, int extend);
 __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
index e3a9155..88acf9f 100644 (file)
@@ -94,19 +94,20 @@ int ssl23_read_bytes(SSL *s, int n)
     unsigned char *p;
     int j;
 
-    if (s->packet_length < (unsigned int)n) {
-        p = s->packet;
+    if (RECORD_LAYER_get_packet_length(&s->rlayer) < (unsigned int)n) {
+        p = RECORD_LAYER_get_packet(&s->rlayer);
 
         for (;;) {
             s->rwstate = SSL_READING;
-            j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
-                         n - s->packet_length);
+            j = BIO_read(s->rbio,
+                (char *)&(p[RECORD_LAYER_get_packet_length(&s->rlayer)]),
+                n - RECORD_LAYER_get_packet_length(&s->rlayer));
             if (j <= 0)
                 return (j);
             s->rwstate = SSL_NOTHING;
-            s->packet_length += j;
-            if (s->packet_length >= (unsigned int)n)
-                return (s->packet_length);
+            RECORD_LAYER_add_packet_length(&s->rlayer, j);
+            if (RECORD_LAYER_get_packet_length(&s->rlayer) >= (unsigned int)n)
+                return (RECORD_LAYER_get_packet_length(&s->rlayer));
         }
     }
     return (n);
index b082c03..646fd33 100644 (file)
@@ -187,7 +187,7 @@ int RECORD_LAYER_write_pending(RECORD_LAYER *rl)
 
 int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len)
 {
-    rl->s->packet_length = len;
+    rl->packet_length = len;
     if(len != 0) {
         rl->s->rstate = SSL_ST_READ_HEADER;
         if (!SSL3_BUFFER_is_initialised(&rl->rbuf))
@@ -195,7 +195,7 @@ int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len)
                 return 0;
     }
 
-    rl->s->packet = SSL3_BUFFER_get_buf(&rl->rbuf);
+    rl->packet = SSL3_BUFFER_get_buf(&rl->rbuf);
     SSL3_BUFFER_set_data(&rl->rbuf, buf, len);
 
     return 1;
@@ -261,8 +261,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
                 rb->offset = align;
             }
         }
-        s->packet = rb->buf + rb->offset;
-        s->packet_length = 0;
+        s->rlayer.packet = rb->buf + rb->offset;
+        s->rlayer.packet_length = 0;
         /* ... now we can act as if 'extend' was set */
     }
 
@@ -280,7 +280,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 
     /* if there is enough in the buffer from a previous read, take some */
     if (left >= n) {
-        s->packet_length += n;
+        s->rlayer.packet_length += n;
         rb->left = left - n;
         rb->offset += n;
         return (n);
@@ -288,15 +288,15 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 
     /* else we need to read more data */
 
-    len = s->packet_length;
+    len = s->rlayer.packet_length;
     pkt = rb->buf + align;
     /*
      * Move any available bytes to front of buffer: 'len' bytes already
      * pointed to by 'packet', 'left' extra ones at the end
      */
-    if (s->packet != pkt) {     /* len > 0 */
-        memmove(pkt, s->packet, len + left);
-        s->packet = pkt;
+    if (s->rlayer.packet != pkt) {     /* len > 0 */
+        memmove(pkt, s->rlayer.packet, len + left);
+        s->rlayer.packet = pkt;
         rb->offset = len + align;
     }
 
@@ -354,7 +354,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
     /* done reading, now the book-keeping */
     rb->offset += n;
     rb->left = left - n;
-    s->packet_length += n;
+    s->rlayer.packet_length += n;
     s->rwstate = SSL_NOTHING;
     return (n);
 }
index 2ea55c8..9afd747 100644 (file)
@@ -160,7 +160,7 @@ int ssl3_setup_read_buffer(SSL *s)
         b->len = len;
     }
 
-    s->packet = &(b->buf[0]);
+    RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
     return 1;
 
  err:
index 5975a33..7434322 100644 (file)
@@ -208,14 +208,14 @@ int ssl3_get_record(SSL *s)
  again:
     /* check if we have the header */
     if ((s->rstate != SSL_ST_READ_BODY) ||
-        (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
+        (RECORD_LAYER_get_packet_length(&s->rlayer) < SSL3_RT_HEADER_LENGTH)) {
         n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
             SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0);
         if (n <= 0)
             return (n);         /* error or non-blocking */
         s->rstate = SSL_ST_READ_BODY;
 
-        p = s->packet;
+        p = RECORD_LAYER_get_packet(&s->rlayer);
         if (s->msg_callback)
             s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s,
                             s->msg_callback_arg);
@@ -260,7 +260,8 @@ int ssl3_get_record(SSL *s)
 
     /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
 
-    if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) {
+    if (rr->length >
+        RECORD_LAYER_get_packet_length(&s->rlayer) - SSL3_RT_HEADER_LENGTH) {
         /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
         i = rr->length;
         n = ssl3_read_n(s, i, i, 1);
@@ -278,7 +279,7 @@ int ssl3_get_record(SSL *s)
      * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
      * and we have that many bytes in s->packet
      */
-    rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]);
+    rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]);
 
     /*
      * ok, we can now read from 's->packet' data into 'rr' rr->input points
@@ -446,7 +447,7 @@ int ssl3_get_record(SSL *s)
      */
 
     /* we have pulled in a full packet so zero things */
-    s->packet_length = 0;
+    RECORD_LAYER_reset_packet_length(&s->rlayer);
 
     /* just read a 0 length packet */
     if (rr->length == 0) {
@@ -1205,7 +1206,7 @@ int dtls1_process_record(SSL *s)
      * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
      * and we have that many bytes in s->packet
      */
-    rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);
+    rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);
 
     /*
      * ok, we can now read from 's->packet' data into 'rr' rr->input points
@@ -1240,7 +1241,7 @@ int dtls1_process_record(SSL *s)
     if (enc_err == 0) {
         /* For DTLS we simply ignore bad packets. */
         rr->length = 0;
-        s->packet_length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
         goto err;
     }
 #ifdef TLS_DEBUG
@@ -1308,7 +1309,7 @@ int dtls1_process_record(SSL *s)
     if (enc_err < 0) {
         /* decryption failed, silently discard message */
         rr->length = 0;
-        s->packet_length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
         goto err;
     }
 
@@ -1344,7 +1345,7 @@ int dtls1_process_record(SSL *s)
      */
 
     /* we have pulled in a full packet so zero things */
-    s->packet_length = 0;
+    RECORD_LAYER_reset_packet_length(&s->rlayer);
     return (1);
 
  f_err:
@@ -1399,7 +1400,7 @@ int dtls1_get_record(SSL *s)
  again:
     /* check if we have the header */
     if ((s->rstate != SSL_ST_READ_BODY) ||
-        (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
+        (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {
         n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
             SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0);
         /* read timeout is handled by dtls1_read_bytes */
@@ -1407,14 +1408,14 @@ int dtls1_get_record(SSL *s)
             return (n);         /* error or non-blocking */
 
         /* this packet contained a partial record, dump it */
-        if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {
-            s->packet_length = 0;
+        if (RECORD_LAYER_get_packet_length(&s->rlayer) != DTLS1_RT_HEADER_LENGTH) {
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
             goto again;
         }
 
         s->rstate = SSL_ST_READ_BODY;
 
-        p = s->packet;
+        p = RECORD_LAYER_get_packet(&s->rlayer);
 
         if (s->msg_callback)
             s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH,
@@ -1439,7 +1440,7 @@ int dtls1_get_record(SSL *s)
             if (version != s->version) {
                 /* unexpected version, silently discard */
                 rr->length = 0;
-                s->packet_length = 0;
+                RECORD_LAYER_reset_packet_length(&s->rlayer);
                 goto again;
             }
         }
@@ -1447,14 +1448,14 @@ int dtls1_get_record(SSL *s)
         if ((version & 0xff00) != (s->version & 0xff00)) {
             /* wrong version, silently discard record */
             rr->length = 0;
-            s->packet_length = 0;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
             goto again;
         }
 
         if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
             /* record too long, silently discard it */
             rr->length = 0;
-            s->packet_length = 0;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
             goto again;
         }
 
@@ -1463,14 +1464,15 @@ int dtls1_get_record(SSL *s)
 
     /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
 
-    if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
+    if (rr->length >
+        RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
         /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
         i = rr->length;
         n = ssl3_read_n(s, i, i, 1);
         /* this packet contained a partial record, dump it */
         if (n != i) {
             rr->length = 0;
-            s->packet_length = 0;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
             goto again;
         }
 
@@ -1485,7 +1487,7 @@ int dtls1_get_record(SSL *s)
     bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
     if (bitmap == NULL) {
         rr->length = 0;
-        s->packet_length = 0;   /* dump this record */
+        RECORD_LAYER_reset_packet_length(&s->rlayer);   /* dump this record */
         goto again;             /* get another record */
     }
 #ifndef OPENSSL_NO_SCTP
@@ -1499,11 +1501,13 @@ int dtls1_get_record(SSL *s)
          * connections and would be dropped unnecessarily.
          */
         if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
-              s->packet_length > DTLS1_RT_HEADER_LENGTH &&
-              s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
+              RECORD_LAYER_get_packet_length(&s->rlayer)
+                  > DTLS1_RT_HEADER_LENGTH &&
+              RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]
+                  == SSL3_MT_CLIENT_HELLO) &&
             !dtls1_record_replay_check(s, bitmap)) {
             rr->length = 0;
-            s->packet_length = 0; /* dump this record */
+            RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
             goto again;         /* get another record */
         }
 #ifndef OPENSSL_NO_SCTP
@@ -1529,13 +1533,13 @@ int dtls1_get_record(SSL *s)
             dtls1_record_bitmap_update(s, bitmap);
         }
         rr->length = 0;
-        s->packet_length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
         goto again;
     }
 
     if (!dtls1_process_record(s)) {
         rr->length = 0;
-        s->packet_length = 0;   /* dump this record */
+        RECORD_LAYER_reset_packet_length(&s->rlayer);   /* dump this record */
         goto again;             /* get another record */
     }
     dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */
index 0bc5946..76ad876 100644 (file)
@@ -490,7 +490,7 @@ static int ssl23_get_server_hello(SSL *s)
 
     if (n != 7)
         return (n);
-    p = s->packet;
+    p = RECORD_LAYER_get_packet(&s->rlayer);
 
     memcpy(buf, p, n);
 
index 3ff0ef6..7287022 100644 (file)
@@ -264,7 +264,7 @@ int ssl23_get_client_hello(SSL *s)
         if (n != sizeof buf_space)
             return (n);         /* n == -1 || n == 0 */
 
-        p = s->packet;
+        p = RECORD_LAYER_get_packet(&s->rlayer);
 
         memcpy(buf, p, n);
 
@@ -415,7 +415,7 @@ int ssl23_get_client_hello(SSL *s)
          */
 
         type = 2;
-        p = s->packet;
+        p = RECORD_LAYER_get_packet(&s->rlayer);
         v[0] = p[3];            /* == SSL3_VERSION_MAJOR */
         v[1] = p[4];
 
@@ -451,27 +451,32 @@ int ssl23_get_client_hello(SSL *s)
         if (j <= 0)
             return (j);
 
-        ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
+        ssl3_finish_mac(s, RECORD_LAYER_get_packet(&s->rlayer) + 2,
+                        RECORD_LAYER_get_packet_length(&s->rlayer) - 2);
 
         /* CLIENT-HELLO */
         if (s->msg_callback)
-            s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2,
-                            s->packet_length - 2, s, s->msg_callback_arg);
+            s->msg_callback(0, SSL2_VERSION, 0,
+                            RECORD_LAYER_get_packet(&s->rlayer) + 2,
+                            RECORD_LAYER_get_packet_length(&s->rlayer) - 2, s,
+                            s->msg_callback_arg);
 
-        p = s->packet;
+        p = RECORD_LAYER_get_packet(&s->rlayer);
         p += 5;
         n2s(p, csl);
         n2s(p, sil);
         n2s(p, cl);
         d = (unsigned char *)s->init_buf->data;
-        if ((csl + sil + cl + 11) != s->packet_length) { /* We can't have TLS
-                                                          * extensions in SSL
-                                                          * 2.0 format *
-                                                          * Client Hello, can
-                                                          * we? Error
-                                                          * condition should
-                                                          * be * '>'
-                                                          * otherweise */
+        if ((csl + sil + cl + 11)
+                != RECORD_LAYER_get_packet_length(&s->rlayer)) {
+            /* We can't have TLS
+             * extensions in SSL
+             * 2.0 format *
+             * Client Hello, can
+             * we? Error
+             * condition should
+             * be * '>'
+             * otherweise */
             SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
                    SSL_R_RECORD_LENGTH_MISMATCH);
             goto err;
index bd860d6..a7dbbf6 100644 (file)
@@ -3183,7 +3183,6 @@ void ssl3_clear(SSL *s)
 
     ssl_free_wbio_buffer(s);
 
-    s->packet_length = 0;
     s->s3->renegotiate = 0;
     s->s3->total_renegotiations = 0;
     s->s3->num_renegotiations = 0;
index 5b1dae1..27fba36 100644 (file)
@@ -1029,9 +1029,7 @@ struct ssl_st {
                                  * ssl3_get_message() */
     int init_num;               /* amount read/written */
     int init_off;               /* amount read/written */
-    /* used internally to point at a raw packet */
-    unsigned char *packet;
-    unsigned int packet_length;
+
     struct ssl3_state_st *s3;   /* SSLv3 variables */
     struct dtls1_state_st *d1;  /* DTLSv1 variables */