From 2c60ed0452919ea9a67886685e2fa5c8b9330620 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 2 Feb 2015 15:47:39 +0000 Subject: [PATCH] Removed dependency on rrec from heartbeat processing Reviewed-by: Richard Levitte --- ssl/d1_both.c | 8 ++------ ssl/heartbeat_test.c | 15 ++++++++------- ssl/record/d1_pkt.c | 4 ++-- ssl/record/s3_pkt.c | 3 ++- ssl/ssl_locl.h | 10 ++++++---- ssl/t1_lib.c | 8 ++------ 6 files changed, 22 insertions(+), 26 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 48c75b2227..587eb9e53a 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1347,16 +1347,12 @@ int dtls1_shutdown(SSL *s) } #ifndef OPENSSL_NO_HEARTBEATS -int dtls1_process_heartbeat(SSL *s) +int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) { - unsigned char *p, *pl; + unsigned char *pl; unsigned short hbtype; unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - unsigned int length; - - p = SSL3_RECORD_get_data(RECORD_LAYER_get_rrec(&s->rlayer)); - length = SSL3_RECORD_get_length(RECORD_LAYER_get_rrec(&s->rlayer)); if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, diff --git a/ssl/heartbeat_test.c b/ssl/heartbeat_test.c index d6b7cfc417..491bbedd18 100644 --- a/ssl/heartbeat_test.c +++ b/ssl/heartbeat_test.c @@ -60,7 +60,7 @@ typedef struct heartbeat_test_fixture { SSL_CTX *ctx; SSL *s; const char *test_case_name; - int (*process_heartbeat) (SSL *s); + int (*process_heartbeat) (SSL *s, unsigned char *p, unsigned int length); unsigned char *payload; int sent_payload_len; int expected_return_value; @@ -112,7 +112,7 @@ static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name, * zeroed in opt mode and will cause spurious test failures that will * change with each execution. */ - memset(fixture.s->s3->wbuf.buf, 0, fixture.s->s3->wbuf.len); + memset(fixture.s->rlayer.wbuf.buf, 0, fixture.s->rlayer.wbuf.len); fail: if (!setup_ok) { @@ -202,8 +202,8 @@ static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture) unsigned const char *p; int actual_payload_len; - s->s3->rrec.data = payload; - s->s3->rrec.length = strlen((const char *)payload); + s->rlayer.rrec.data = payload; + s->rlayer.rrec.length = strlen((const char *)payload); *payload++ = TLS1_HB_REQUEST; s2n(fixture.sent_payload_len, payload); @@ -213,7 +213,8 @@ static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture) */ memcpy((char *)sent_buf, (const char *)payload, sizeof(sent_buf)); - return_value = fixture.process_heartbeat(s); + return_value = fixture.process_heartbeat(s, s->rlayer.rrec.data, + s->rlayer.rrec.length); if (return_value != fixture.expected_return_value) { printf("%s failed: expected return value %d, received %d\n", @@ -225,8 +226,8 @@ static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture) /* * If there is any byte alignment, it will be stored in wbuf.offset. */ - p = &(s->s3-> - wbuf.buf[fixture.return_payload_offset + s->s3->wbuf.offset]); + p = &(s->rlayer. + wbuf.buf[fixture.return_payload_offset + s->rlayer.wbuf.offset]); actual_payload_len = 0; n2s(p, actual_payload_len); diff --git a/ssl/record/d1_pkt.c b/ssl/record/d1_pkt.c index e85e94dd74..2f2417d7a3 100644 --- a/ssl/record/d1_pkt.c +++ b/ssl/record/d1_pkt.c @@ -585,10 +585,10 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) #ifndef OPENSSL_NO_HEARTBEATS else if (rr->type == TLS1_RT_HEARTBEAT) { /* We allow a 0 return */ - if(dtls1_process_heartbeat(s) < 0) { + if(dtls1_process_heartbeat(s, SSL3_RECORD_get_data(&s->rlayer.rrec), + SSL3_RECORD_get_length(&s->rlayer.rrec)) < 0) { return -1; } - /* Exit and notify application to read again */ rr->length = 0; s->rwstate = SSL_READING; diff --git a/ssl/record/s3_pkt.c b/ssl/record/s3_pkt.c index 7653d8b8d6..61288f21ed 100644 --- a/ssl/record/s3_pkt.c +++ b/ssl/record/s3_pkt.c @@ -1054,7 +1054,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) #ifndef OPENSSL_NO_HEARTBEATS else if (rr->type == TLS1_RT_HEARTBEAT) { /* We can ignore 0 return values */ - if(tls1_process_heartbeat(s) < 0) { + if(tls1_process_heartbeat(s, SSL3_RECORD_get_data(&s->rlayer.rrec), + SSL3_RECORD_get_length(&s->rlayer.rrec)) < 0) { return -1; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 323a00df1e..5b1dae1313 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1979,8 +1979,10 @@ const SSL_METHOD *func_name(void) \ struct openssl_ssl_test_functions { int (*p_ssl_init_wbio_buffer) (SSL *s, int push); int (*p_ssl3_setup_buffers) (SSL *s); - int (*p_tls1_process_heartbeat) (SSL *s); - int (*p_dtls1_process_heartbeat) (SSL *s); + int (*p_tls1_process_heartbeat) (SSL *s, + unsigned char *p, unsigned int length); + int (*p_dtls1_process_heartbeat) (SSL *s, + unsigned char *p, unsigned int length); }; # ifndef OPENSSL_UNIT_TEST @@ -2267,8 +2269,8 @@ __owur int ssl_prepare_serverhello_tlsext(SSL *s); # ifndef OPENSSL_NO_HEARTBEATS __owur int tls1_heartbeat(SSL *s); __owur int dtls1_heartbeat(SSL *s); -__owur int tls1_process_heartbeat(SSL *s); -__owur int dtls1_process_heartbeat(SSL *s); +__owur int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length); +__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length); # endif __owur int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3044fbb21f..aef0ef6659 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3592,16 +3592,12 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, } # ifndef OPENSSL_NO_HEARTBEATS -int tls1_process_heartbeat(SSL *s) +int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) { - unsigned char *p, *pl; + unsigned char *pl; unsigned short hbtype; unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - unsigned int length; - - p = SSL3_RECORD_get_data(RECORD_LAYER_get_rrec(&s->rlayer)); - length = SSL3_RECORD_get_length(RECORD_LAYER_get_rrec(&s->rlayer)); if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, -- 2.34.1