__owur int SSL_accept(SSL *ssl);
__owur int SSL_connect(SSL *ssl);
__owur int SSL_read(SSL *ssl, void *buf, int num);
+__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read);
__owur int SSL_peek(SSL *ssl, void *buf, int num);
+__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read);
__owur int SSL_write(SSL *ssl, const void *buf, int num);
long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
long SSL_callback_ctrl(SSL *, int, void (*)(void));
# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
# define SSL_F_SSL_PEEK 270
+# define SSL_F_SSL_PEEK_EX 425
# define SSL_F_SSL_READ 223
+# define SSL_F_SSL_READ_EX 426
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
# define SSL_F_SSL_SESSION_DUP 348
memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
}
-static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
- int len);
+static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf,
+ size_t len);
/* copy buffered record into SSL structure */
static int dtls1_copy_record(SSL *s, pitem *item)
* none of our business
*/
int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
- int len, int peek)
+ size_t len, int peek, size_t *read)
{
- int al, i, j, ret;
- unsigned int n;
+ int al, i, j, iret;
+ size_t ret, n;
SSL3_RECORD *rr;
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
/*
* check whether there's a handshake message (client hello?) waiting
*/
- if ((ret = have_handshake_fragment(s, type, buf, len))) {
+ ret = have_handshake_fragment(s, type, buf, len);
+ if (ret > 0) {
*recvd_type = SSL3_RT_HANDSHAKE;
- return ret;
+ *read = ret;
+ return 1;
}
/*
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
if (i < 0)
- return (i);
+ return i;
if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
- return (-1);
+ return -1;
}
}
/* get new packet if necessary */
if ((SSL3_RECORD_get_length(rr) == 0)
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) {
- ret = dtls1_get_record(s);
- if (ret <= 0) {
- ret = dtls1_read_failed(s, ret);
+ iret = dtls1_get_record(s);
+ if (iret <= 0) {
+ iret = dtls1_read_failed(s, iret);
/* anything other than a timeout is an error */
- if (ret <= 0)
- return (ret);
+ if (iret <= 0)
+ return iret;
else
goto start;
}
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
SSL3_RECORD_set_length(rr, 0);
s->rwstate = SSL_NOTHING;
- return (0);
+ return 0;
}
if (type == SSL3_RECORD_get_type(rr)
if (recvd_type != NULL)
*recvd_type = SSL3_RECORD_get_type(rr);
- if (len <= 0)
- return (len);
+ if (len == 0)
+ return 0;
- if ((unsigned int)len > SSL3_RECORD_get_length(rr))
+ if (len > SSL3_RECORD_get_length(rr))
n = SSL3_RECORD_get_length(rr);
else
- n = (unsigned int)len;
+ n = len;
memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
if (!peek) {
s->d1->shutdown_received
&& !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return (0);
+ return 0;
}
#endif
- return (n);
+ *read = n;
+ return 1;
}
/*
* that so that we can process the data at a fixed place.
*/
{
- unsigned int k, dest_maxlen = 0;
+ size_t k, dest_maxlen = 0;
unsigned char *dest = NULL;
- unsigned int *dest_len = NULL;
+ size_t *dest_len = NULL;
if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
dest_maxlen = sizeof s->rlayer.d->handshake_fragment;
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
- return (-1);
+ return -1;
}
#endif
/* else it's a CCS message, or application data or wrong */
s->rwstate = SSL_READING;
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
- return (-1);
+ return -1;
}
/* Not certain if this is the right error handling */
if (ssl3_renegotiate_check(s)) {
i = s->handshake_func(s);
if (i < 0)
- return (i);
+ return i;
if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
- return (-1);
+ return -1;
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
- return (-1);
+ return -1;
}
}
}
}
#endif
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return (0);
+ return 0;
}
#if 0
/* XXX: this is a possible improvement in the future */
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
- return (0);
+ return 0;
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
* shutdown */
s->rwstate = SSL_NOTHING;
SSL3_RECORD_set_length(rr, 0);
- return (0);
+ return 0;
}
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
}
i = s->handshake_func(s);
if (i < 0)
- return (i);
+ return i;
if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
- return (-1);
+ return -1;
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
- return (-1);
+ return -1;
}
}
goto start;
(s->s3->total_renegotiations != 0) &&
ossl_statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2;
- return (-1);
+ return -1;
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- return (-1);
+ return -1;
}
- /*
- * this only happens when a client hello is received and a handshake
- * is started.
- */
-static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
- int len)
+/*
+ * this only happens when a client hello is received and a handshake
+ * is started.
+ */
+static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf,
+ size_t len)
{
if ((type == SSL3_RT_HANDSHAKE)
{
unsigned char *src = s->rlayer.d->handshake_fragment;
unsigned char *dst = buf;
- unsigned int k, n;
+ size_t k, n;
/* peek == 0 */
n = 0;
&& SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
}
-int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len)
+int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf,
+ size_t len)
{
rl->packet_length = len;
if (len != 0) {
}
}
+/* TODO(size_t): convert me */
int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int *pipelens, unsigned int numpipes,
int create_empty_fragment)
/* lets setup the record stuff. */
SSL3_RECORD_set_data(&wr[j], outbuf[j] + eivlen);
- SSL3_RECORD_set_length(&wr[j], (int)pipelens[j]);
+ SSL3_RECORD_set_length(&wr[j], pipelens[j]);
SSL3_RECORD_set_input(&wr[j], (unsigned char *)&buf[totlen]);
totlen += pipelens[j];
return -1;
}
SSL3_BUFFER_add_offset(&wb[currbuf], i);
- SSL3_BUFFER_add_left(&wb[currbuf], -i);
+ SSL3_BUFFER_sub_left(&wb[currbuf], i);
}
}
* none of our business
*/
int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
- int len, int peek)
+ size_t len, int peek, size_t *read)
{
int al, i, j, ret;
- unsigned int n, curr_rec, num_recs, read_bytes;
+ size_t n, curr_rec, num_recs, read_bytes;
SSL3_RECORD *rr;
SSL3_BUFFER *rbuf;
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
if (!SSL3_BUFFER_is_initialised(rbuf)) {
/* Not initialized yet */
if (!ssl3_setup_read_buffer(s))
- return (-1);
+ return -1;
}
if ((type && (type != SSL3_RT_APPLICATION_DATA)
if (recvd_type != NULL)
*recvd_type = SSL3_RT_HANDSHAKE;
- return n;
+ *read = n;
+ return 1;
}
/*
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
if (i < 0)
- return (i);
+ return i;
if (i == 0) {
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
- return (-1);
+ return -1;
}
}
start:
if (num_recs == 0) {
ret = ssl3_get_record(s);
if (ret <= 0)
- return (ret);
+ return ret;
num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
if (num_recs == 0) {
/* Shouldn't happen */
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
SSL3_RECORD_set_length(rr, 0);
s->rwstate = SSL_NOTHING;
- return (0);
+ return 0;
}
if (type == SSL3_RECORD_get_type(rr)
if (recvd_type != NULL)
*recvd_type = SSL3_RECORD_get_type(rr);
- if (len <= 0)
- return (len);
+ if (len == 0)
+ return 0;
read_bytes = 0;
do {
- if ((unsigned int)len - read_bytes > SSL3_RECORD_get_length(rr))
+ if (len - read_bytes > SSL3_RECORD_get_length(rr))
n = SSL3_RECORD_get_length(rr);
else
- n = (unsigned int)len - read_bytes;
+ n = len - read_bytes;
memcpy(buf, &(rr->data[rr->off]), n);
buf += n;
}
read_bytes += n;
} while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
- && read_bytes < (unsigned int)len);
+ && read_bytes < len);
if (read_bytes == 0) {
/* We must have read empty records. Get more data */
goto start;
&& (s->mode & SSL_MODE_RELEASE_BUFFERS)
&& SSL3_BUFFER_get_left(rbuf) == 0)
ssl3_release_read_buffer(s);
- return read_bytes;
+ *read = read_bytes;
+ return 1;
}
/*
* that so that we can process the data at a fixed place.
*/
{
- unsigned int dest_maxlen = 0;
+ size_t dest_maxlen = 0;
unsigned char *dest = NULL;
- unsigned int *dest_len = NULL;
+ size_t *dest_len = NULL;
if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
dest_maxlen = sizeof s->rlayer.handshake_fragment;
if (ssl3_renegotiate_check(s)) {
i = s->handshake_func(s);
if (i < 0)
- return (i);
+ return i;
if (i == 0) {
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
- return (-1);
+ return -1;
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
- return (-1);
+ return -1;
}
}
}
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return (0);
+ return 0;
}
/*
* This is a warning but we receive it if we requested
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL3_RECORD_set_read(rr);
SSL_CTX_remove_session(s->session_ctx, s->session);
- return (0);
+ return 0;
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
s->rwstate = SSL_NOTHING;
SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr);
- return (0);
+ return 0;
}
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
}
i = s->handshake_func(s);
if (i < 0)
- return (i);
+ return i;
if (i == 0) {
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
- return (-1);
+ return -1;
}
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
- return (-1);
+ return -1;
}
}
goto start;
*/
if (ossl_statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2;
- return (-1);
+ return -1;
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- return (-1);
+ return -1;
}
void ssl3_record_sequence_update(unsigned char *seq)
/*
* Returns the length in bytes of the current rrec
*/
-unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
+size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
{
return SSL3_RECORD_get_length(&rl->rrec[0]);
}
int type;
/* How many bytes available */
/* rw */
- unsigned int length;
+ size_t length;
/*
* How many bytes were available before padding was removed? This is used
* to implement the MAC check in constant time for CBC records.
*/
/* rw */
- unsigned int orig_len;
+ size_t orig_len;
/* read/write offset into 'buf' */
/* r */
- unsigned int off;
+ size_t off;
/* pointer to the record data */
/* rw */
unsigned char *data;
typedef struct dtls1_record_data_st {
unsigned char *packet;
- unsigned int packet_length;
+ size_t packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
#ifndef OPENSSL_NO_SCTP
* processed by ssl3_read_bytes:
*/
unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
- unsigned int alert_fragment_len;
+ size_t alert_fragment_len;
unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
- unsigned int handshake_fragment_len;
+ size_t handshake_fragment_len;
/* save last and current sequence numbers for retransmissions */
unsigned char last_write_sequence[8];
unsigned char curr_write_sequence[8];
/* where we are when reading */
int rstate;
/* How many pipelines can be used to read data */
- unsigned int numrpipes;
+ size_t numrpipes;
/* How many pipelines can be used to write data */
unsigned int numwpipes;
/* read IO goes into here */
* processed by ssl3_read_bytes:
*/
unsigned char alert_fragment[2];
- unsigned int alert_fragment_len;
+ size_t alert_fragment_len;
unsigned char handshake_fragment[4];
- unsigned int handshake_fragment_len;
+ size_t handshake_fragment_len;
/* The number of consecutive empty records we have received */
- unsigned int empty_record_count;
+ size_t empty_record_count;
/* partial write - check the numbers match */
/* number bytes written */
int wpend_tot;
void RECORD_LAYER_release(RECORD_LAYER *rl);
int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
-int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len);
+int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf,
+ size_t len);
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
-unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
+size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
__owur int ssl3_pending(const SSL *s);
__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
__owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int *pipelens, unsigned int numpipes,
int create_empty_fragment);
__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
- unsigned char *buf, int len, int peek);
+ unsigned char *buf, size_t len, int peek,
+ size_t *read);
__owur int ssl3_setup_buffers(SSL *s);
__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send);
__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
- unsigned char *buf, int len, int peek);
+ unsigned char *buf, size_t len, int peek,
+ size_t *read);
__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
unsigned int len, int create_empty_fragement);
#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l))
#define SSL3_BUFFER_get_left(b) ((b)->left)
#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l))
-#define SSL3_BUFFER_add_left(b, l) ((b)->left += (l))
+#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l))
#define SSL3_BUFFER_get_offset(b) ((b)->offset)
#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o))
#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o))
#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l))
void SSL3_BUFFER_clear(SSL3_BUFFER *b);
-void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n);
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n);
void SSL3_BUFFER_release(SSL3_BUFFER *b);
__owur int ssl3_setup_read_buffer(SSL *s);
__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len);
#include "../ssl_locl.h"
#include "record_locl.h"
-void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n)
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
{
if (d != NULL)
memcpy(b->buf, d, n);
ssl_minor = *(p++);
version = (ssl_major << 8) | ssl_minor;
rr[num_recs].rec_version = version;
+ /* TODO(size_t): CHECK ME */
n2s(p, rr[num_recs].length);
/* Lets check version */
goto f_err;
}
#ifdef SSL_DEBUG
- printf("dec %d\n", rr->length);
+ printf("dec %ld\n", rr->length);
{
- unsigned int z;
+ size_t z;
for (z = 0; z < rr->length; z++)
printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
}
if (rr->comp == NULL)
return 0;
+ /* TODO(size_t): Convert this call */
i = COMP_expand_block(ssl->expand, rr->comp,
SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
if (i < 0)
#ifndef OPENSSL_NO_COMP
int i;
+ /* TODO(size_t): Convert this call */
i = COMP_compress_block(ssl->compress, wr->data,
SSL3_RT_MAX_COMPRESSED_LENGTH,
wr->input, (int)wr->length);
{
SSL3_RECORD *rec;
EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs, i, mac_size = 0;
+ size_t l, i;
+ int bs, mac_size = 0;
const EVP_CIPHER *enc;
rec = inrecs;
rec->input = rec->data;
} else {
l = rec->length;
+ /* TODO(size_t): Convert this call */
bs = EVP_CIPHER_CTX_block_size(ds);
/* COMPRESS */
/* otherwise, rec->length >= bs */
}
+ /* TODO(size_t): Convert this call */
if (EVP_Cipher(ds, rec->data, rec->input, l) < 1)
return -1;
* are hashing because that gives an attacker a timing-oracle.
*/
/* Final param == not SSLv3 */
+ /* TODO(size_t): Convert this call */
if (ssl3_cbc_digest_record(mac_ctx,
md, &md_size,
header, rec->input,
return -1;
}
} else {
+ /* TODO(size_t): Convert these calls */
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
}
fprintf(stderr, "rec=");
{
- unsigned int z;
+ size_t z;
for (z = 0; z < rec->length; z++)
fprintf(stderr, "%02X ", rec->data[z]);
fprintf(stderr, "\n");
* 1: if the padding was valid
* -1: otherwise.
*/
+ /* TODO(size_t): Convert me */
int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size)
{
* 1: if the padding was valid
* -1: otherwise.
*/
+ /* TODO(size_t): Convert me */
int tls1_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size)
*/
#define CBC_MAC_ROTATE_IN_PLACE
+/* TODO(size_t): Convert me */
void ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, unsigned md_size)
{
goto err;
}
#ifdef SSL_DEBUG
- printf("dec %d\n", rr->length);
+ printf("dec %ld\n", rr->length);
{
- unsigned int z;
+ size_t z;
for (z = 0; z < rr->length; z++)
printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
}
memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
p += 6;
+ /* TODO(size_t): CHECK ME */
n2s(p, rr->length);
/* Lets check version */
return (ret);
}
} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+ size_t read;
/*
* If we are waiting for a close from our peer, we are closed
*/
- s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
+ s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &read);
if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
- return (-1); /* return WANT_READ */
+ return -1; /* return WANT_READ */
}
}
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
}
-static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
+static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
+ size_t *read)
{
int ret;
s->s3->in_read_app_data = 1;
ret =
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
- peek);
+ peek, read);
if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
/*
* ssl3_read_bytes decided to call s->handshake_func, which called
ossl_statem_set_in_handshake(s, 1);
ret =
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
- len, peek);
+ len, peek, read);
ossl_statem_set_in_handshake(s, 0);
} else
s->s3->in_read_app_data = 0;
- return (ret);
+ return ret;
}
-int ssl3_read(SSL *s, void *buf, int len)
+int ssl3_read(SSL *s, void *buf, size_t len, size_t *read)
{
- return ssl3_read_internal(s, buf, len, 0);
+ return ssl3_read_internal(s, buf, len, 0, read);
}
-int ssl3_peek(SSL *s, void *buf, int len)
+int ssl3_peek(SSL *s, void *buf, size_t len, size_t *read)
{
- return ssl3_read_internal(s, buf, len, 1);
+ return ssl3_read_internal(s, buf, len, 1, read);
}
int ssl3_renegotiate(SSL *s)
{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
"ssl_parse_serverhello_use_srtp_ext"},
{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
+ {ERR_FUNC(SSL_F_SSL_PEEK_EX), "SSL_peek_ex"},
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
+ {ERR_FUNC(SSL_F_SSL_READ_EX), "SSL_read_ex"},
{ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT),
"ssl_scan_clienthello_tlsext"},
{ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT),
int num;
enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
union {
- int (*func_read) (SSL *, void *, int);
+ int (*func_read) (SSL *, void *, size_t, size_t *);
int (*func_write) (SSL *, const void *, int);
int (*func_other) (SSL *);
} f;
num = args->num;
switch (args->type) {
case READFUNC:
- return args->f.func_read(s, buf, num);
+ return args->f.func_read(s, buf, num, &s->asyncread);
case WRITEFUNC:
return args->f.func_write(s, buf, num);
case OTHERFUNC:
}
int SSL_read(SSL *s, void *buf, int num)
+{
+ int ret;
+ size_t read;
+
+ if (num < 0) {
+ SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
+ return -1;
+ }
+
+ ret = SSL_read_ex(s, buf, (size_t)num, &read);
+
+ /*
+ * The cast is safe here because ret should be <= INT_MAX because num is
+ * <= INT_MAX
+ */
+ if (ret > 0)
+ ret = (int)read;
+
+ return ret;
+}
+
+int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *read)
{
if (s->handshake_func == NULL) {
- SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+ SSLerr(SSL_F_SSL_READ_EX, SSL_R_UNINITIALIZED);
return -1;
}
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
+ int ret;
args.s = s;
args.buf = buf;
args.type = READFUNC;
args.f.func_read = s->method->ssl_read;
- return ssl_start_async_job(s, &args, ssl_io_intern);
+ ret = ssl_start_async_job(s, &args, ssl_io_intern);
+ *read = s->asyncread;
+ return ret;
} else {
- return s->method->ssl_read(s, buf, num);
+ return s->method->ssl_read(s, buf, num, read);
}
}
int SSL_peek(SSL *s, void *buf, int num)
+{
+ int ret;
+ size_t read;
+
+ if (num < 0) {
+ SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
+ return -1;
+ }
+
+ ret = SSL_peek_ex(s, buf, (size_t)num, &read);
+
+ /*
+ * The cast is safe here because ret should be <= INT_MAX because num is
+ * <= INT_MAX
+ */
+ if (ret > 0)
+ ret = (int)read;
+
+ return ret;
+}
+
+int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *read)
{
if (s->handshake_func == NULL) {
- SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
+ SSLerr(SSL_F_SSL_PEEK_EX, SSL_R_UNINITIALIZED);
return -1;
}
}
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
+ int ret;
args.s = s;
args.buf = buf;
args.type = READFUNC;
args.f.func_read = s->method->ssl_peek;
- return ssl_start_async_job(s, &args, ssl_io_intern);
+ ret = ssl_start_async_job(s, &args, ssl_io_intern);
+ *read = s->asyncread;
+ return ret;
} else {
- return s->method->ssl_peek(s, buf, num);
+ return s->method->ssl_peek(s, buf, num, read);
}
}
void (*ssl_free) (SSL *s);
int (*ssl_accept) (SSL *s);
int (*ssl_connect) (SSL *s);
- int (*ssl_read) (SSL *s, void *buf, int len);
- int (*ssl_peek) (SSL *s, void *buf, int len);
+ int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *read);
+ int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *read);
int (*ssl_write) (SSL *s, const void *buf, int len);
int (*ssl_shutdown) (SSL *s);
int (*ssl_renegotiate) (SSL *s);
int (*ssl_renegotiate_check) (SSL *s);
int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
- unsigned char *buf, int len, int peek);
+ unsigned char *buf, size_t len, int peek,
+ size_t *read);
int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
int (*ssl_dispatch_alert) (SSL *s);
long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
BUF_MEM *init_buf; /* buffer used during init */
void *init_msg; /* pointer to handshake message body, set by
* ssl3_get_message() */
- int init_num; /* amount read/written */
- int init_off; /* amount read/written */
+ size_t init_num; /* amount read/written */
+ size_t init_off; /* amount read/written */
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
/* callback that allows applications to peek at protocol messages */
/* Async Job info */
ASYNC_JOB *job;
ASYNC_WAIT_CTX *waitctx;
+ size_t asyncread;
+
CRYPTO_RWLOCK *lock;
};
int finish_md_len;
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
int peer_finish_md_len;
- unsigned long message_size;
+ size_t message_size;
int message_type;
/* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher;
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
-__owur int ssl3_read(SSL *s, void *buf, int len);
-__owur int ssl3_peek(SSL *s, void *buf, int len);
+__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *read);
+__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *read);
__owur int ssl3_write(SSL *s, const void *buf, int len);
__owur int ssl3_shutdown(SSL *s);
void ssl3_clear(SSL *s);
{
OSSL_STATEM *st = &s->statem;
int ret, mt;
- unsigned long len = 0;
+ size_t len = 0;
int (*transition) (SSL *s, int mt);
PACKET pkt;
MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
- unsigned long (*max_message_size) (SSL *s);
+ size_t (*max_message_size) (SSL *s);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
cb = get_callback(s);
* Returns the maximum allowed length for the current message that we are
* reading. Excludes the message header.
*/
-unsigned long ossl_statem_client_max_message_size(SSL *s)
+size_t ossl_statem_client_max_message_size(SSL *s)
{
OSSL_STATEM *st = &s->statem;
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
- (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+ s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
if (s->write_hash) {
if (s->enc_write_ctx
return -1;
}
- if (ret == s->init_num) {
+ if (ret == (int)s->init_num) {
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
(size_t)(s->init_off + s->init_num), s,
return (0);
}
-int dtls_get_message(SSL *s, int *mt, unsigned long *len)
+int dtls_get_message(SSL *s, int *mt, size_t *len)
{
struct hm_header_st *msg_hdr;
unsigned char *p;
int i = -1, is_complete;
unsigned char seq64be[8];
unsigned long frag_len = msg_hdr->frag_len;
+ size_t read;
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
devnull,
frag_len >
sizeof(devnull) ? sizeof(devnull) :
- frag_len, 0);
+ frag_len, 0, &read);
if (i <= 0)
goto err;
- frag_len -= i;
+ frag_len -= read;
}
return DTLS1_HM_FRAGMENT_RETRY;
}
/* read the body of the fragment (header has already been read */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
frag->fragment + msg_hdr->frag_off,
- frag_len, 0);
- if ((unsigned long)i != frag_len)
+ frag_len, 0, &read);
+ if (i <= 0 || read != frag_len)
i = -1;
if (i <= 0)
goto err;
pitem *item = NULL;
unsigned char seq64be[8];
unsigned long frag_len = msg_hdr->frag_len;
+ size_t read;
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
goto err;
devnull,
frag_len >
sizeof(devnull) ? sizeof(devnull) :
- frag_len, 0);
+ frag_len, 0, &read);
if (i <= 0)
goto err;
- frag_len -= i;
+ frag_len -= read;
}
} else {
if (frag_len != msg_hdr->msg_len)
* read the body of the fragment (header has already been read
*/
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
- frag->fragment, frag_len, 0);
- if ((unsigned long)i != frag_len)
+ frag->fragment, frag_len, 0, &read);
+ if (i<=0 || read != frag_len)
i = -1;
if (i <= 0)
goto err;
int i, al, recvd_type;
struct hm_header_st msg_hdr;
int ok;
+ size_t read;
redo:
/* see if we have the required fragment already */
/* read handshake message header */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire,
- DTLS1_HM_HEADER_LENGTH, 0);
+ DTLS1_HM_HEADER_LENGTH, 0, &read);
if (i <= 0) { /* nbio, or an error */
s->rwstate = SSL_READING;
*len = i;
goto f_err;
}
- memcpy(s->init_buf->data, wire, i);
- s->init_num = i - 1;
+ memcpy(s->init_buf->data, wire, read);
+ s->init_num = read - 1;
s->init_msg = s->init_buf->data + 1;
s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
- s->s3->tmp.message_size = i - 1;
- *len = i - 1;
+ s->s3->tmp.message_size = read - 1;
+ *len = read - 1;
return 1;
}
/* Handshake fails if message header is incomplete */
- if (i != DTLS1_HM_HEADER_LENGTH) {
+ if (read != DTLS1_HM_HEADER_LENGTH) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
- &p[frag_off], frag_len, 0);
+ &p[frag_off], frag_len, 0, &read);
/*
* This shouldn't ever fail due to NBIO because we already checked
return 0;
}
} else
- i = 0;
+ read = 0;
/*
* XDTLS: an incorrectly formatted fragment should cause the handshake
* to fail
*/
- if (i != (int)frag_len) {
+ if (read != frag_len) {
al = SSL3_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL3_AD_ILLEGAL_PARAMETER);
goto f_err;
ret))
return -1;
- if (ret == s->init_num) {
+ if (ret == (int)s->init_num) {
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
(size_t)(s->init_off + s->init_num), s,
/* s->init_num < SSL3_HM_HEADER_LENGTH */
int skip_message, i, recvd_type, al;
unsigned char *p;
- unsigned long l;
+ size_t l, read;
p = (unsigned char *)s->init_buf->data;
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
&p[s->init_num],
SSL3_HM_HEADER_LENGTH - s->init_num,
- 0);
+ 0, &read);
if (i <= 0) {
s->rwstate = SSL_READING;
return 0;
* A ChangeCipherSpec must be a single byte and may not occur
* in the middle of a handshake message.
*/
- if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
+ if (s->init_num != 0 || read != 1 || p[0] != SSL3_MT_CCS) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
SSL_R_BAD_CHANGE_CIPHER_SPEC);
goto f_err;
}
s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
- s->init_num = i - 1;
- s->s3->tmp.message_size = i;
+ s->init_num = read - 1;
+ s->s3->tmp.message_size = read;
return 1;
} else if (recvd_type != SSL3_RT_HANDSHAKE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_CCS_RECEIVED_EARLY);
goto f_err;
}
- s->init_num += i;
+ s->init_num += read;
}
skip_message = 0;
return 0;
}
-int tls_get_message_body(SSL *s, unsigned long *len)
+int tls_get_message_body(SSL *s, size_t *len)
{
- long n;
+ size_t n, read;
unsigned char *p;
int i;
n = s->s3->tmp.message_size - s->init_num;
while (n > 0) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
- &p[s->init_num], n, 0);
+ &p[s->init_num], n, 0, &read);
if (i <= 0) {
s->rwstate = SSL_READING;
*len = 0;
return 0;
}
- s->init_num += i;
- n -= i;
+ s->init_num += read;
+ n -= read;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
s->msg_callback_arg);
}
- /*
- * init_num should never be negative...should probably be declared
- * unsigned
- */
- if (s->init_num < 0) {
- SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_INTERNAL_ERROR);
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
- *len = 0;
- return 0;
- }
- *len = (unsigned long)s->init_num;
+ *len = s->init_num;
return 1;
}
WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
confunc_f *confunc, int *mt);
-unsigned long ossl_statem_client_max_message_size(SSL *s);
+size_t ossl_statem_client_max_message_size(SSL *s);
MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst);
WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
confunc_f *confunc,int *mt);
-unsigned long ossl_statem_server_max_message_size(SSL *s);
+size_t ossl_statem_server_max_message_size(SSL *s);
MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst);
/* Functions for getting new message data */
__owur int tls_get_message_header(SSL *s, int *mt);
-__owur int tls_get_message_body(SSL *s, unsigned long *len);
-__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len);
+__owur int tls_get_message_body(SSL *s, size_t *len);
+__owur int dtls_get_message(SSL *s, int *mt, size_t *len);
/* Message construction and processing functions */
__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt);
* Returns the maximum allowed length for the current message that we are
* reading. Excludes the message header.
*/
-unsigned long ossl_statem_server_max_message_size(SSL *s)
+size_t ossl_statem_server_max_message_size(SSL *s)
{
OSSL_STATEM *st = &s->statem;
SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION:
SSL_CTX_set1_cert_store 407 1_1_1 EXIST::FUNCTION:
DTLS_get_data_mtu 408 1_1_1 EXIST::FUNCTION:
+SSL_read_ex 409 1_1_1 EXIST::FUNCTION:
+SSL_peek_ex 410 1_1_1 EXIST::FUNCTION:
projects / openssl.git / commitdiff