From eda757514ea3018c8510b4738b5e37479aeadc5e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 6 Sep 2016 12:05:25 +0100 Subject: [PATCH] Further libssl size_t-ify of reading Writing still to be done Reviewed-by: Rich Salz --- include/openssl/ssl.h | 4 ++ ssl/record/rec_layer_d1.c | 89 ++++++++++++++++++++------------------- ssl/record/rec_layer_s3.c | 66 +++++++++++++++-------------- ssl/record/record.h | 31 ++++++++------ ssl/record/record_locl.h | 4 +- ssl/record/ssl3_buffer.c | 2 +- ssl/record/ssl3_record.c | 25 ++++++++--- ssl/s3_lib.c | 22 +++++----- ssl/ssl_err.c | 2 + ssl/ssl_lib.c | 66 +++++++++++++++++++++++++---- ssl/ssl_locl.h | 19 +++++---- ssl/statem/statem.c | 4 +- ssl/statem/statem_clnt.c | 2 +- ssl/statem/statem_dtls.c | 43 ++++++++++--------- ssl/statem/statem_lib.c | 36 ++++++---------- ssl/statem/statem_locl.h | 8 ++-- ssl/statem/statem_srvr.c | 2 +- util/libssl.num | 2 + 18 files changed, 252 insertions(+), 175 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 7b40b37db2..3dc3f78657 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1568,7 +1568,9 @@ __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, __owur int SSL_accept(SSL *ssl); __owur int SSL_connect(SSL *ssl); __owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read); __owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read); __owur int SSL_write(SSL *ssl, const void *buf, int num); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); @@ -2179,7 +2181,9 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 # define SSL_F_SSL_PEEK 270 +# define SSL_F_SSL_PEEK_EX 425 # define SSL_F_SSL_READ 223 +# define SSL_F_SSL_READ_EX 426 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 # define SSL_F_SSL_SESSION_DUP 348 diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index c9fd0669ed..7b35d590dc 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -118,8 +118,8 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq) memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE); } -static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len); +static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf, + size_t len); /* copy buffered record into SSL structure */ static int dtls1_copy_record(SSL *s, pitem *item) @@ -336,10 +336,10 @@ int dtls1_process_buffered_records(SSL *s) * none of our business */ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - int len, int peek) + size_t len, int peek, size_t *read) { - int al, i, j, ret; - unsigned int n; + int al, i, j, iret; + size_t ret, n; SSL3_RECORD *rr; void (*cb) (const SSL *ssl, int type2, int val) = NULL; @@ -359,9 +359,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* * check whether there's a handshake message (client hello?) waiting */ - if ((ret = have_handshake_fragment(s, type, buf, len))) { + ret = have_handshake_fragment(s, type, buf, len); + if (ret > 0) { *recvd_type = SSL3_RT_HANDSHAKE; - return ret; + *read = ret; + return 1; } /* @@ -385,10 +387,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } } @@ -434,12 +436,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* get new packet if necessary */ if ((SSL3_RECORD_get_length(rr) == 0) || (s->rlayer.rstate == SSL_ST_READ_BODY)) { - ret = dtls1_get_record(s); - if (ret <= 0) { - ret = dtls1_read_failed(s, ret); + iret = dtls1_get_record(s); + if (iret <= 0) { + iret = dtls1_read_failed(s, iret); /* anything other than a timeout is an error */ - if (ret <= 0) - return (ret); + if (iret <= 0) + return iret; else goto start; } @@ -479,7 +481,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); s->rwstate = SSL_NOTHING; - return (0); + return 0; } if (type == SSL3_RECORD_get_type(rr) @@ -504,13 +506,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); - if (len <= 0) - return (len); + if (len == 0) + return 0; - if ((unsigned int)len > SSL3_RECORD_get_length(rr)) + if (len > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); else - n = (unsigned int)len; + n = len; memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); if (!peek) { @@ -543,10 +545,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); + return 0; } #endif - return (n); + *read = n; + return 1; } /* @@ -559,9 +562,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * that so that we can process the data at a fixed place. */ { - unsigned int k, dest_maxlen = 0; + size_t k, dest_maxlen = 0; unsigned char *dest = NULL; - unsigned int *dest_len = NULL; + size_t *dest_len = NULL; if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { dest_maxlen = sizeof s->rlayer.d->handshake_fragment; @@ -584,7 +587,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); - return (-1); + return -1; } #endif /* else it's a CCS message, or application data or wrong */ @@ -600,7 +603,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_READING; BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } /* Not certain if this is the right error handling */ @@ -677,10 +680,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (ssl3_renegotiate_check(s)) { i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -697,7 +700,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } } @@ -757,7 +760,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } #endif s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); + return 0; } #if 0 /* XXX: this is a possible improvement in the future */ @@ -797,7 +800,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); - return (0); + return 0; } else { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); @@ -811,7 +814,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * shutdown */ s->rwstate = SSL_NOTHING; SSL3_RECORD_set_length(rr, 0); - return (0); + return 0; } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -858,10 +861,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -878,7 +881,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } goto start; @@ -917,7 +920,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, (s->s3->total_renegotiations != 0) && ossl_statem_app_data_allowed(s)) { s->s3->in_read_app_data = 2; - return (-1); + return -1; } else { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); @@ -928,15 +931,15 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (-1); + return -1; } - /* - * this only happens when a client hello is received and a handshake - * is started. - */ -static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len) +/* + * this only happens when a client hello is received and a handshake + * is started. + */ +static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf, + size_t len) { if ((type == SSL3_RT_HANDSHAKE) @@ -945,7 +948,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, { unsigned char *src = s->rlayer.d->handshake_fragment; unsigned char *dst = buf; - unsigned int k, n; + size_t k, n; /* peek == 0 */ n = 0; diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 001fcc6c86..6415f4882d 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -95,7 +95,8 @@ int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0; } -int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len) +int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, + size_t len) { rl->packet_length = len; if (len != 0) { @@ -630,6 +631,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } } +/* TODO(size_t): convert me */ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int *pipelens, unsigned int numpipes, int create_empty_fragment) @@ -786,7 +788,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* lets setup the record stuff. */ SSL3_RECORD_set_data(&wr[j], outbuf[j] + eivlen); - SSL3_RECORD_set_length(&wr[j], (int)pipelens[j]); + SSL3_RECORD_set_length(&wr[j], pipelens[j]); SSL3_RECORD_set_input(&wr[j], (unsigned char *)&buf[totlen]); totlen += pipelens[j]; @@ -948,7 +950,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, return -1; } SSL3_BUFFER_add_offset(&wb[currbuf], i); - SSL3_BUFFER_add_left(&wb[currbuf], -i); + SSL3_BUFFER_sub_left(&wb[currbuf], i); } } @@ -982,10 +984,10 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, * none of our business */ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - int len, int peek) + size_t len, int peek, size_t *read) { int al, i, j, ret; - unsigned int n, curr_rec, num_recs, read_bytes; + size_t n, curr_rec, num_recs, read_bytes; SSL3_RECORD *rr; SSL3_BUFFER *rbuf; void (*cb) (const SSL *ssl, int type2, int val) = NULL; @@ -995,7 +997,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (!SSL3_BUFFER_is_initialised(rbuf)) { /* Not initialized yet */ if (!ssl3_setup_read_buffer(s)) - return (-1); + return -1; } if ((type && (type != SSL3_RT_APPLICATION_DATA) @@ -1028,7 +1030,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RT_HANDSHAKE; - return n; + *read = n; + return 1; } /* @@ -1039,10 +1042,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } } start: @@ -1063,7 +1066,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (num_recs == 0) { ret = ssl3_get_record(s); if (ret <= 0) - return (ret); + return ret; num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer); if (num_recs == 0) { /* Shouldn't happen */ @@ -1109,7 +1112,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); s->rwstate = SSL_NOTHING; - return (0); + return 0; } if (type == SSL3_RECORD_get_type(rr) @@ -1142,15 +1145,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); - if (len <= 0) - return (len); + if (len == 0) + return 0; read_bytes = 0; do { - if ((unsigned int)len - read_bytes > SSL3_RECORD_get_length(rr)) + if (len - read_bytes > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); else - n = (unsigned int)len - read_bytes; + n = len - read_bytes; memcpy(buf, &(rr->data[rr->off]), n); buf += n; @@ -1174,7 +1177,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } read_bytes += n; } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs - && read_bytes < (unsigned int)len); + && read_bytes < len); if (read_bytes == 0) { /* We must have read empty records. Get more data */ goto start; @@ -1183,7 +1186,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, && (s->mode & SSL_MODE_RELEASE_BUFFERS) && SSL3_BUFFER_get_left(rbuf) == 0) ssl3_release_read_buffer(s); - return read_bytes; + *read = read_bytes; + return 1; } /* @@ -1226,9 +1230,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * that so that we can process the data at a fixed place. */ { - unsigned int dest_maxlen = 0; + size_t dest_maxlen = 0; unsigned char *dest = NULL; - unsigned int *dest_len = NULL; + size_t *dest_len = NULL; if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { dest_maxlen = sizeof s->rlayer.handshake_fragment; @@ -1293,10 +1297,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (ssl3_renegotiate_check(s)) { i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -1313,7 +1317,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } } @@ -1376,7 +1380,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); + return 0; } /* * This is a warning but we receive it if we requested @@ -1406,7 +1410,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); - return (0); + return 0; } else { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); @@ -1421,7 +1425,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_NOTHING; SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); - return (0); + return 0; } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -1443,10 +1447,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -1463,7 +1467,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } goto start; @@ -1502,7 +1506,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (ossl_statem_app_data_allowed(s)) { s->s3->in_read_app_data = 2; - return (-1); + return -1; } else { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); @@ -1513,7 +1517,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (-1); + return -1; } void ssl3_record_sequence_update(unsigned char *seq) @@ -1539,7 +1543,7 @@ int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl) /* * Returns the length in bytes of the current rrec */ -unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) +size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) { return SSL3_RECORD_get_length(&rl->rrec[0]); } diff --git a/ssl/record/record.h b/ssl/record/record.h index 2ed8ab99a9..fc70f8d848 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -38,16 +38,16 @@ typedef struct ssl3_record_st { int type; /* How many bytes available */ /* rw */ - unsigned int length; + size_t length; /* * How many bytes were available before padding was removed? This is used * to implement the MAC check in constant time for CBC records. */ /* rw */ - unsigned int orig_len; + size_t orig_len; /* read/write offset into 'buf' */ /* r */ - unsigned int off; + size_t off; /* pointer to the record data */ /* rw */ unsigned char *data; @@ -82,7 +82,7 @@ typedef struct record_pqueue_st { typedef struct dtls1_record_data_st { unsigned char *packet; - unsigned int packet_length; + size_t packet_length; SSL3_BUFFER rbuf; SSL3_RECORD rrec; #ifndef OPENSSL_NO_SCTP @@ -116,9 +116,9 @@ typedef struct dtls_record_layer_st { * processed by ssl3_read_bytes: */ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; - unsigned int alert_fragment_len; + size_t alert_fragment_len; unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; - unsigned int handshake_fragment_len; + size_t handshake_fragment_len; /* save last and current sequence numbers for retransmissions */ unsigned char last_write_sequence[8]; unsigned char curr_write_sequence[8]; @@ -143,7 +143,7 @@ typedef struct record_layer_st { /* where we are when reading */ int rstate; /* How many pipelines can be used to read data */ - unsigned int numrpipes; + size_t numrpipes; /* How many pipelines can be used to write data */ unsigned int numwpipes; /* read IO goes into here */ @@ -162,11 +162,11 @@ typedef struct record_layer_st { * processed by ssl3_read_bytes: */ unsigned char alert_fragment[2]; - unsigned int alert_fragment_len; + size_t alert_fragment_len; unsigned char handshake_fragment[4]; - unsigned int handshake_fragment_len; + size_t handshake_fragment_len; /* The number of consecutive empty records we have received */ - unsigned int empty_record_count; + size_t empty_record_count; /* partial write - check the numbers match */ /* number bytes written */ int wpend_tot; @@ -208,18 +208,20 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl); void RECORD_LAYER_release(RECORD_LAYER *rl); int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); int RECORD_LAYER_write_pending(const RECORD_LAYER *rl); -int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len); +int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, + size_t len); void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); -unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); +size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); __owur int ssl3_pending(const SSL *s); __owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); __owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int *pipelens, unsigned int numpipes, int create_empty_fragment); __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); + unsigned char *buf, size_t len, int peek, + size_t *read); __owur int ssl3_setup_buffers(SSL *s); __owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send); __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); @@ -235,7 +237,8 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq); __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); + unsigned char *buf, size_t len, int peek, + size_t *read); __owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); __owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragement); diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h index 2bb073848a..ffd1e51dfa 100644 --- a/ssl/record/record_locl.h +++ b/ssl/record/record_locl.h @@ -62,7 +62,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); #define SSL3_BUFFER_set_len(b, l) ((b)->len = (l)) #define SSL3_BUFFER_get_left(b) ((b)->left) #define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) -#define SSL3_BUFFER_add_left(b, l) ((b)->left += (l)) +#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) #define SSL3_BUFFER_get_offset(b) ((b)->offset) #define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) #define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) @@ -70,7 +70,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); #define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l)) void SSL3_BUFFER_clear(SSL3_BUFFER *b); -void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n); +void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n); void SSL3_BUFFER_release(SSL3_BUFFER *b); __owur int ssl3_setup_read_buffer(SSL *s); __owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len); diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 963800238b..8a2a6e473d 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -10,7 +10,7 @@ #include "../ssl_locl.h" #include "record_locl.h" -void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n) +void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n) { if (d != NULL) memcpy(b->buf, d, n); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 94f140fd68..dc2b479753 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -203,6 +203,7 @@ int ssl3_get_record(SSL *s) ssl_minor = *(p++); version = (ssl_major << 8) | ssl_minor; rr[num_recs].rec_version = version; + /* TODO(size_t): CHECK ME */ n2s(p, rr[num_recs].length); /* Lets check version */ @@ -383,9 +384,9 @@ int ssl3_get_record(SSL *s) goto f_err; } #ifdef SSL_DEBUG - printf("dec %d\n", rr->length); + printf("dec %ld\n", rr->length); { - unsigned int z; + size_t z; for (z = 0; z < rr->length; z++) printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -527,6 +528,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) if (rr->comp == NULL) return 0; + /* TODO(size_t): Convert this call */ i = COMP_expand_block(ssl->expand, rr->comp, SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); if (i < 0) @@ -543,6 +545,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) #ifndef OPENSSL_NO_COMP int i; + /* TODO(size_t): Convert this call */ i = COMP_compress_block(ssl->compress, wr->data, SSL3_RT_MAX_COMPRESSED_LENGTH, wr->input, (int)wr->length); @@ -570,8 +573,8 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) { SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; - unsigned long l; - int bs, i, mac_size = 0; + size_t l, i; + int bs, mac_size = 0; const EVP_CIPHER *enc; rec = inrecs; @@ -599,6 +602,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) rec->input = rec->data; } else { l = rec->length; + /* TODO(size_t): Convert this call */ bs = EVP_CIPHER_CTX_block_size(ds); /* COMPRESS */ @@ -623,6 +627,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) /* otherwise, rec->length >= bs */ } + /* TODO(size_t): Convert this call */ if (EVP_Cipher(ds, rec->data, rec->input, l) < 1) return -1; @@ -1008,6 +1013,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) * are hashing because that gives an attacker a timing-oracle. */ /* Final param == not SSLv3 */ + /* TODO(size_t): Convert this call */ if (ssl3_cbc_digest_record(mac_ctx, md, &md_size, header, rec->input, @@ -1018,6 +1024,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) return -1; } } else { + /* TODO(size_t): Convert these calls */ if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { @@ -1045,7 +1052,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) } fprintf(stderr, "rec="); { - unsigned int z; + size_t z; for (z = 0; z < rec->length; z++) fprintf(stderr, "%02X ", rec->data[z]); fprintf(stderr, "\n"); @@ -1080,6 +1087,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) * 1: if the padding was valid * -1: otherwise. */ + /* TODO(size_t): Convert me */ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, unsigned block_size, unsigned mac_size) { @@ -1113,6 +1121,7 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, * 1: if the padding was valid * -1: otherwise. */ + /* TODO(size_t): Convert me */ int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, unsigned block_size, unsigned mac_size) @@ -1198,6 +1207,7 @@ int tls1_cbc_remove_padding(const SSL *s, */ #define CBC_MAC_ROTATE_IN_PLACE +/* TODO(size_t): Convert me */ void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec, unsigned md_size) { @@ -1350,9 +1360,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) goto err; } #ifdef SSL_DEBUG - printf("dec %d\n", rr->length); + printf("dec %ld\n", rr->length); { - unsigned int z; + size_t z; for (z = 0; z < rr->length; z++) printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -1544,6 +1554,7 @@ int dtls1_get_record(SSL *s) memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6); p += 6; + /* TODO(size_t): CHECK ME */ n2s(p, rr->length); /* Lets check version */ diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ffdb45403d..37dea73b24 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3812,12 +3812,13 @@ int ssl3_shutdown(SSL *s) return (ret); } } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + size_t read; /* * If we are waiting for a close from our peer, we are closed */ - s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0); + s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &read); if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return (-1); /* return WANT_READ */ + return -1; /* return WANT_READ */ } } @@ -3837,7 +3838,8 @@ int ssl3_write(SSL *s, const void *buf, int len) return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len); } -static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) +static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, + size_t *read) { int ret; @@ -3847,7 +3849,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) s->s3->in_read_app_data = 1; ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, - peek); + peek, read); if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->handshake_func, which called @@ -3859,22 +3861,22 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) ossl_statem_set_in_handshake(s, 1); ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, - len, peek); + len, peek, read); ossl_statem_set_in_handshake(s, 0); } else s->s3->in_read_app_data = 0; - return (ret); + return ret; } -int ssl3_read(SSL *s, void *buf, int len) +int ssl3_read(SSL *s, void *buf, size_t len, size_t *read) { - return ssl3_read_internal(s, buf, len, 0); + return ssl3_read_internal(s, buf, len, 0, read); } -int ssl3_peek(SSL *s, void *buf, int len) +int ssl3_peek(SSL *s, void *buf, size_t len, size_t *read) { - return ssl3_read_internal(s, buf, len, 1); + return ssl3_read_internal(s, buf, len, 1, read); } int ssl3_renegotiate(SSL *s) diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index c1a886ac4c..eac03a4ac5 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -181,7 +181,9 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "ssl_parse_serverhello_use_srtp_ext"}, {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, + {ERR_FUNC(SSL_F_SSL_PEEK_EX), "SSL_peek_ex"}, {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, + {ERR_FUNC(SSL_F_SSL_READ_EX), "SSL_read_ex"}, {ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT), "ssl_scan_clienthello_tlsext"}, {ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 67eee74bf5..30b1d6b860 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -84,7 +84,7 @@ struct ssl_async_args { int num; enum { READFUNC, WRITEFUNC, OTHERFUNC } type; union { - int (*func_read) (SSL *, void *, int); + int (*func_read) (SSL *, void *, size_t, size_t *); int (*func_write) (SSL *, const void *, int); int (*func_other) (SSL *); } f; @@ -1517,7 +1517,7 @@ static int ssl_io_intern(void *vargs) num = args->num; switch (args->type) { case READFUNC: - return args->f.func_read(s, buf, num); + return args->f.func_read(s, buf, num, &s->asyncread); case WRITEFUNC: return args->f.func_write(s, buf, num); case OTHERFUNC: @@ -1527,9 +1527,31 @@ static int ssl_io_intern(void *vargs) } int SSL_read(SSL *s, void *buf, int num) +{ + int ret; + size_t read; + + if (num < 0) { + SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH); + return -1; + } + + ret = SSL_read_ex(s, buf, (size_t)num, &read); + + /* + * The cast is safe here because ret should be <= INT_MAX because num is + * <= INT_MAX + */ + if (ret > 0) + ret = (int)read; + + return ret; +} + +int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *read) { if (s->handshake_func == NULL) { - SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_READ_EX, SSL_R_UNINITIALIZED); return -1; } @@ -1540,6 +1562,7 @@ int SSL_read(SSL *s, void *buf, int num) if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; + int ret; args.s = s; args.buf = buf; @@ -1547,16 +1570,40 @@ int SSL_read(SSL *s, void *buf, int num) args.type = READFUNC; args.f.func_read = s->method->ssl_read; - return ssl_start_async_job(s, &args, ssl_io_intern); + ret = ssl_start_async_job(s, &args, ssl_io_intern); + *read = s->asyncread; + return ret; } else { - return s->method->ssl_read(s, buf, num); + return s->method->ssl_read(s, buf, num, read); } } int SSL_peek(SSL *s, void *buf, int num) +{ + int ret; + size_t read; + + if (num < 0) { + SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH); + return -1; + } + + ret = SSL_peek_ex(s, buf, (size_t)num, &read); + + /* + * The cast is safe here because ret should be <= INT_MAX because num is + * <= INT_MAX + */ + if (ret > 0) + ret = (int)read; + + return ret; +} + +int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *read) { if (s->handshake_func == NULL) { - SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_PEEK_EX, SSL_R_UNINITIALIZED); return -1; } @@ -1565,6 +1612,7 @@ int SSL_peek(SSL *s, void *buf, int num) } if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; + int ret; args.s = s; args.buf = buf; @@ -1572,9 +1620,11 @@ int SSL_peek(SSL *s, void *buf, int num) args.type = READFUNC; args.f.func_read = s->method->ssl_peek; - return ssl_start_async_job(s, &args, ssl_io_intern); + ret = ssl_start_async_job(s, &args, ssl_io_intern); + *read = s->asyncread; + return ret; } else { - return s->method->ssl_peek(s, buf, num); + return s->method->ssl_peek(s, buf, num, read); } } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 1cf27b95aa..4aea4571d4 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -444,14 +444,15 @@ struct ssl_method_st { void (*ssl_free) (SSL *s); int (*ssl_accept) (SSL *s); int (*ssl_connect) (SSL *s); - int (*ssl_read) (SSL *s, void *buf, int len); - int (*ssl_peek) (SSL *s, void *buf, int len); + int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *read); + int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *read); int (*ssl_write) (SSL *s, const void *buf, int len); int (*ssl_shutdown) (SSL *s); int (*ssl_renegotiate) (SSL *s); int (*ssl_renegotiate_check) (SSL *s); int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); + unsigned char *buf, size_t len, int peek, + size_t *read); int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); int (*ssl_dispatch_alert) (SSL *s); long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); @@ -922,8 +923,8 @@ struct ssl_st { BUF_MEM *init_buf; /* buffer used during init */ void *init_msg; /* pointer to handshake message body, set by * ssl3_get_message() */ - int init_num; /* amount read/written */ - int init_off; /* amount read/written */ + size_t init_num; /* amount read/written */ + size_t init_off; /* amount read/written */ struct ssl3_state_st *s3; /* SSLv3 variables */ struct dtls1_state_st *d1; /* DTLSv1 variables */ /* callback that allows applications to peek at protocol messages */ @@ -1135,6 +1136,8 @@ struct ssl_st { /* Async Job info */ ASYNC_JOB *job; ASYNC_WAIT_CTX *waitctx; + size_t asyncread; + CRYPTO_RWLOCK *lock; }; @@ -1184,7 +1187,7 @@ typedef struct ssl3_state_st { int finish_md_len; unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; int peer_finish_md_len; - unsigned long message_size; + size_t message_size; int message_type; /* used to hold the new cipher we are going to use */ const SSL_CIPHER *new_cipher; @@ -1894,8 +1897,8 @@ __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, __owur int ssl3_digest_cached_records(SSL *s, int keep); __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); -__owur int ssl3_read(SSL *s, void *buf, int len); -__owur int ssl3_peek(SSL *s, void *buf, int len); +__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *read); +__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *read); __owur int ssl3_write(SSL *s, const void *buf, int len); __owur int ssl3_shutdown(SSL *s); void ssl3_clear(SSL *s); diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 786eb24850..901a3f2c49 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -490,12 +490,12 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) { OSSL_STATEM *st = &s->statem; int ret, mt; - unsigned long len = 0; + size_t len = 0; int (*transition) (SSL *s, int mt); PACKET pkt; MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt); WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst); - unsigned long (*max_message_size) (SSL *s); + size_t (*max_message_size) (SSL *s); void (*cb) (const SSL *ssl, int type, int val) = NULL; cb = get_callback(s); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 51513d5470..5704654df1 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -568,7 +568,7 @@ int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, * Returns the maximum allowed length for the current message that we are * reading. Excludes the message header. */ -unsigned long ossl_statem_client_max_message_size(SSL *s) +size_t ossl_statem_client_max_message_size(SSL *s) { OSSL_STATEM *st = &s->statem; diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 5b90c5604f..828118833f 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -124,7 +124,7 @@ int dtls1_do_write(SSL *s, int type) if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) OPENSSL_assert(s->init_num == - (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); if (s->write_hash) { if (s->enc_write_ctx @@ -295,7 +295,7 @@ int dtls1_do_write(SSL *s, int type) return -1; } - if (ret == s->init_num) { + if (ret == (int)s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, @@ -323,7 +323,7 @@ int dtls1_do_write(SSL *s, int type) return (0); } -int dtls_get_message(SSL *s, int *mt, unsigned long *len) +int dtls_get_message(SSL *s, int *mt, size_t *len) { struct hm_header_st *msg_hdr; unsigned char *p; @@ -516,6 +516,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) int i = -1, is_complete; unsigned char seq64be[8]; unsigned long frag_len = msg_hdr->frag_len; + size_t read; if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) @@ -559,10 +560,10 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : - frag_len, 0); + frag_len, 0, &read); if (i <= 0) goto err; - frag_len -= i; + frag_len -= read; } return DTLS1_HM_FRAGMENT_RETRY; } @@ -570,8 +571,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) /* read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, frag->fragment + msg_hdr->frag_off, - frag_len, 0); - if ((unsigned long)i != frag_len) + frag_len, 0, &read); + if (i <= 0 || read != frag_len) i = -1; if (i <= 0) goto err; @@ -622,6 +623,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, pitem *item = NULL; unsigned char seq64be[8]; unsigned long frag_len = msg_hdr->frag_len; + size_t read; if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) goto err; @@ -654,10 +656,10 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : - frag_len, 0); + frag_len, 0, &read); if (i <= 0) goto err; - frag_len -= i; + frag_len -= read; } } else { if (frag_len != msg_hdr->msg_len) @@ -677,8 +679,8 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, * read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - frag->fragment, frag_len, 0); - if ((unsigned long)i != frag_len) + frag->fragment, frag_len, 0, &read); + if (i<=0 || read != frag_len) i = -1; if (i <= 0) goto err; @@ -716,6 +718,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len) int i, al, recvd_type; struct hm_header_st msg_hdr; int ok; + size_t read; redo: /* see if we have the required fragment already */ @@ -728,7 +731,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len) /* read handshake message header */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire, - DTLS1_HM_HEADER_LENGTH, 0); + DTLS1_HM_HEADER_LENGTH, 0, &read); if (i <= 0) { /* nbio, or an error */ s->rwstate = SSL_READING; *len = i; @@ -742,17 +745,17 @@ static int dtls_get_reassembled_message(SSL *s, long *len) goto f_err; } - memcpy(s->init_buf->data, wire, i); - s->init_num = i - 1; + memcpy(s->init_buf->data, wire, read); + s->init_num = read - 1; s->init_msg = s->init_buf->data + 1; s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC; - s->s3->tmp.message_size = i - 1; - *len = i - 1; + s->s3->tmp.message_size = read - 1; + *len = read - 1; return 1; } /* Handshake fails if message header is incomplete */ - if (i != DTLS1_HM_HEADER_LENGTH) { + if (read != DTLS1_HM_HEADER_LENGTH) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; @@ -823,7 +826,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len) (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[frag_off], frag_len, 0); + &p[frag_off], frag_len, 0, &read); /* * This shouldn't ever fail due to NBIO because we already checked @@ -835,13 +838,13 @@ static int dtls_get_reassembled_message(SSL *s, long *len) return 0; } } else - i = 0; + read = 0; /* * XDTLS: an incorrectly formatted fragment should cause the handshake * to fail */ - if (i != (int)frag_len) { + if (read != frag_len) { al = SSL3_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL3_AD_ILLEGAL_PARAMETER); goto f_err; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index a3d8d1ee26..e7ea4c6a4d 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -45,7 +45,7 @@ int ssl3_do_write(SSL *s, int type) ret)) return -1; - if (ret == s->init_num) { + if (ret == (int)s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, @@ -357,7 +357,7 @@ int tls_get_message_header(SSL *s, int *mt) /* s->init_num < SSL3_HM_HEADER_LENGTH */ int skip_message, i, recvd_type, al; unsigned char *p; - unsigned long l; + size_t l, read; p = (unsigned char *)s->init_buf->data; @@ -366,7 +366,7 @@ int tls_get_message_header(SSL *s, int *mt) i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, &p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, - 0); + 0, &read); if (i <= 0) { s->rwstate = SSL_READING; return 0; @@ -376,22 +376,22 @@ int tls_get_message_header(SSL *s, int *mt) * A ChangeCipherSpec must be a single byte and may not occur * in the middle of a handshake message. */ - if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) { + if (s->init_num != 0 || read != 1 || p[0] != SSL3_MT_CCS) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; } s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC; - s->init_num = i - 1; - s->s3->tmp.message_size = i; + s->init_num = read - 1; + s->s3->tmp.message_size = read; return 1; } else if (recvd_type != SSL3_RT_HANDSHAKE) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_CCS_RECEIVED_EARLY); goto f_err; } - s->init_num += i; + s->init_num += read; } skip_message = 0; @@ -452,9 +452,9 @@ int tls_get_message_header(SSL *s, int *mt) return 0; } -int tls_get_message_body(SSL *s, unsigned long *len) +int tls_get_message_body(SSL *s, size_t *len) { - long n; + size_t n, read; unsigned char *p; int i; @@ -468,14 +468,14 @@ int tls_get_message_body(SSL *s, unsigned long *len) n = s->s3->tmp.message_size - s->init_num; while (n > 0) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[s->init_num], n, 0); + &p[s->init_num], n, 0, &read); if (i <= 0) { s->rwstate = SSL_READING; *len = 0; return 0; } - s->init_num += i; - n -= i; + s->init_num += read; + n -= read; } #ifndef OPENSSL_NO_NEXTPROTONEG @@ -513,17 +513,7 @@ int tls_get_message_body(SSL *s, unsigned long *len) s->msg_callback_arg); } - /* - * init_num should never be negative...should probably be declared - * unsigned - */ - if (s->init_num < 0) { - SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_INTERNAL_ERROR); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - *len = 0; - return 0; - } - *len = (unsigned long)s->init_num; + *len = s->init_num; return 1; } diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index 6b57b25392..a360fc9427 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -54,7 +54,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst); int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, confunc_f *confunc, int *mt); -unsigned long ossl_statem_client_max_message_size(SSL *s); +size_t ossl_statem_client_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt); WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst); @@ -67,14 +67,14 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst); int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, confunc_f *confunc,int *mt); -unsigned long ossl_statem_server_max_message_size(SSL *s); +size_t ossl_statem_server_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt); WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); /* Functions for getting new message data */ __owur int tls_get_message_header(SSL *s, int *mt); -__owur int tls_get_message_body(SSL *s, unsigned long *len); -__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len); +__owur int tls_get_message_body(SSL *s, size_t *len); +__owur int dtls_get_message(SSL *s, int *mt, size_t *len); /* Message construction and processing functions */ __owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 009d06c811..a243161e3a 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -717,7 +717,7 @@ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, * Returns the maximum allowed length for the current message that we are * reading. Excludes the message header. */ -unsigned long ossl_statem_server_max_message_size(SSL *s) +size_t ossl_statem_server_max_message_size(SSL *s) { OSSL_STATEM *st = &s->statem; diff --git a/util/libssl.num b/util/libssl.num index 9f44b38415..f15c503514 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -405,3 +405,5 @@ SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION: SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION: SSL_CTX_set1_cert_store 407 1_1_1 EXIST::FUNCTION: DTLS_get_data_mtu 408 1_1_1 EXIST::FUNCTION: +SSL_read_ex 409 1_1_1 EXIST::FUNCTION: +SSL_peek_ex 410 1_1_1 EXIST::FUNCTION: -- 2.34.1