static int ssl3_record_app_data_waiting(SSL *s)
{
SSL3_BUFFER *rbuf;
- int left, len;
+ size_t left, len;
unsigned char *p;
rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
int ssl3_get_record(SSL *s)
{
int ssl_major, ssl_minor, al;
- int enc_err, n, i, ret = -1;
+ int enc_err, rret, ret = -1;
+ int i;
+ size_t more, n;
SSL3_RECORD *rr;
SSL3_BUFFER *rbuf;
SSL_SESSION *sess;
if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
(RECORD_LAYER_get_packet_length(&s->rlayer)
< SSL3_RT_HEADER_LENGTH)) {
- n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
- SSL3_BUFFER_get_len(rbuf), 0,
- num_recs == 0 ? 1 : 0);
- if (n <= 0)
- return (n); /* error or non-blocking */
+ rret = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
+ SSL3_BUFFER_get_len(rbuf), 0,
+ num_recs == 0 ? 1 : 0, &n);
+ if (rret <= 0)
+ return rret; /* error or non-blocking */
RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
p = RECORD_LAYER_get_packet(&s->rlayer);
ssl_minor = *(p++);
version = (ssl_major << 8) | ssl_minor;
rr[num_recs].rec_version = version;
+ /* TODO(size_t): CHECK ME */
n2s(p, rr[num_recs].length);
/* Lets check version */
* record
*/
if (rr[num_recs].rec_version == SSL2_VERSION) {
- i = rr[num_recs].length + SSL2_RT_HEADER_LENGTH
+ more = rr[num_recs].length + SSL2_RT_HEADER_LENGTH
- SSL3_RT_HEADER_LENGTH;
} else {
- i = rr[num_recs].length;
+ more = rr[num_recs].length;
}
- if (i > 0) {
+ if (more > 0) {
/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
- n = ssl3_read_n(s, i, i, 1, 0);
- if (n <= 0)
- return (n); /* error or non-blocking io */
+ rret = ssl3_read_n(s, more, more, 1, 0, &n);
+ if (rret <= 0)
+ return rret; /* error or non-blocking io */
}
/* set state for later operations */
goto f_err;
}
#ifdef SSL_DEBUG
- printf("dec %d\n", rr->length);
+ printf("dec %ld\n", rr->length);
{
- unsigned int z;
+ size_t z;
for (z = 0; z < rr->length; z++)
printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
}
if (rr->comp == NULL)
return 0;
+ /* TODO(size_t): Convert this call */
i = COMP_expand_block(ssl->expand, rr->comp,
SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
if (i < 0)
#ifndef OPENSSL_NO_COMP
int i;
+ /* TODO(size_t): Convert this call */
i = COMP_compress_block(ssl->compress, wr->data,
SSL3_RT_MAX_COMPRESSED_LENGTH,
wr->input, (int)wr->length);
{
SSL3_RECORD *rec;
EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs, i, mac_size = 0;
+ size_t l, i;
+ int bs, mac_size = 0;
const EVP_CIPHER *enc;
rec = inrecs;
rec->input = rec->data;
} else {
l = rec->length;
+ /* TODO(size_t): Convert this call */
bs = EVP_CIPHER_CTX_block_size(ds);
/* COMPRESS */
/* otherwise, rec->length >= bs */
}
+ /* TODO(size_t): Convert this call */
if (EVP_Cipher(ds, rec->data, rec->input, l) < 1)
return -1;
* are hashing because that gives an attacker a timing-oracle.
*/
/* Final param == not SSLv3 */
+ /* TODO(size_t): Convert this call */
if (ssl3_cbc_digest_record(mac_ctx,
md, &md_size,
header, rec->input,
return -1;
}
} else {
+ /* TODO(size_t): Convert these calls */
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
}
fprintf(stderr, "rec=");
{
- unsigned int z;
+ size_t z;
for (z = 0; z < rec->length; z++)
fprintf(stderr, "%02X ", rec->data[z]);
fprintf(stderr, "\n");
* 1: if the padding was valid
* -1: otherwise.
*/
+ /* TODO(size_t): Convert me */
int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size)
{
* 1: if the padding was valid
* -1: otherwise.
*/
+ /* TODO(size_t): Convert me */
int tls1_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size)
*/
#define CBC_MAC_ROTATE_IN_PLACE
+/* TODO(size_t): Convert me */
void ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, unsigned md_size)
{
goto err;
}
#ifdef SSL_DEBUG
- printf("dec %d\n", rr->length);
+ printf("dec %ld\n", rr->length);
{
- unsigned int z;
+ size_t z;
for (z = 0; z < rr->length; z++)
printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
}
int dtls1_get_record(SSL *s)
{
int ssl_major, ssl_minor;
- int i, n;
+ int rret;
+ size_t more, n;
SSL3_RECORD *rr;
unsigned char *p = NULL;
unsigned short version;
/* check if we have the header */
if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
(RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {
- n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
- SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1);
+ rret = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
+ SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n);
/* read timeout is handled by dtls1_read_bytes */
- if (n <= 0)
- return (n); /* error or non-blocking */
+ if (rret <= 0)
+ return rret; /* error or non-blocking */
/* this packet contained a partial record, dump it */
if (RECORD_LAYER_get_packet_length(&s->rlayer) !=
memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
p += 6;
+ /* TODO(size_t): CHECK ME */
n2s(p, rr->length);
/* Lets check version */
if (rr->length >
RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
- i = rr->length;
- n = ssl3_read_n(s, i, i, 1, 1);
+ more = rr->length;
+ rret = ssl3_read_n(s, more, more, 1, 1, &n);
/* this packet contained a partial record, dump it */
- if (n != i) {
+ if (rret <= 0 || n != more) {
rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto again;