summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2017-01-25 06:13:03 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2017-01-25 06:13:03 +0000
commitaa63f8fe8a148628386a3999df8c7bfae55a8056 (patch)
treedb78752964860ad185d72027b853bb7c858528ef /lib
parent1d02f04d51d3accb93ffd7dcc0c072e3f1e72f06 (diff)
Provide ssl3_packet_read() and ssl3_packet_extend() functions that improve
the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/d1_pkt.c31
-rw-r--r--lib/libssl/s3_pkt.c58
-rw-r--r--lib/libssl/ssl_locl.h5
3 files changed, 59 insertions, 35 deletions
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index f15b64364e8..19853d23756 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.58 2017/01/23 14:35:42 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.59 2017/01/25 06:13:02 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -469,11 +469,11 @@ err:
int
dtls1_get_record(SSL *s)
{
- int i, n;
SSL3_RECORD *rr;
unsigned char *p = NULL;
DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch;
+ int n;
rr = &(S3I(s)->rrec);
@@ -501,13 +501,12 @@ again:
uint16_t epoch, len, ssl_version;
uint8_t type;
- n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
- /* read timeout is handled by dtls1_read_bytes */
+ n = ssl3_packet_read(s, DTLS1_RT_HEADER_LENGTH);
if (n <= 0)
- return(n); /* error or non-blocking */
+ return (n);
- /* this packet contained a partial record, dump it */
- if (s->internal->packet_length != DTLS1_RT_HEADER_LENGTH)
+ /* If this packet contained a partial record, dump it. */
+ if (n != DTLS1_RT_HEADER_LENGTH)
goto again;
s->internal->rstate = SSL_ST_READ_BODY;
@@ -553,20 +552,14 @@ again:
/* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */
- if (rr->length > s->internal->packet_length - DTLS1_RT_HEADER_LENGTH) {
- /* now s->internal->packet_length == DTLS1_RT_HEADER_LENGTH */
- i = rr->length;
- n = ssl3_read_n(s, i, i, 1);
- if (n <= 0)
- return(n); /* error or non-blocking io */
+ n = ssl3_packet_extend(s, DTLS1_RT_HEADER_LENGTH + rr->length);
+ if (n <= 0)
+ return (n);
- /* this packet contained a partial record, dump it */
- if (n != i)
- goto again;
+ /* If this packet contained a partial record, dump it. */
+ if (n != DTLS1_RT_HEADER_LENGTH + rr->length)
+ goto again;
- /* now n == rr->length,
- * and s->internal->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
- }
s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
/* match epochs. NULL means the packet is dropped on the floor */
diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c
index a9737a7f400..152e384a4bd 100644
--- a/lib/libssl/s3_pkt.c
+++ b/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.68 2017/01/23 14:35:42 jsing Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.69 2017/01/25 06:13:02 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -130,7 +130,7 @@ static int ssl3_get_record(SSL *s);
* (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf
* [plus s->internal->packet_length bytes if extend == 1].)
*/
-int
+static int
ssl3_read_n(SSL *s, int n, int max, int extend)
{
int i, len, left;
@@ -263,9 +263,42 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
rb->left = left - n;
s->internal->packet_length += n;
s->internal->rwstate = SSL_NOTHING;
+
return (n);
}
+int
+ssl3_packet_read(SSL *s, int plen)
+{
+ int n;
+
+ n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0);
+ if (n <= 0)
+ return n;
+ if (s->internal->packet_length < plen)
+ return s->internal->packet_length;
+
+ return plen;
+}
+
+int
+ssl3_packet_extend(SSL *s, int plen)
+{
+ int rlen, n;
+
+ if (s->internal->packet_length >= plen)
+ return plen;
+ rlen = plen - s->internal->packet_length;
+
+ n = ssl3_read_n(s, rlen, rlen, 1);
+ if (n <= 0)
+ return n;
+ if (s->internal->packet_length < plen)
+ return s->internal->packet_length;
+
+ return plen;
+}
+
/* Call this to get a new input record.
* It will return <= 0 if more data is needed, normally due to an error
* or non-blocking IO.
@@ -296,9 +329,10 @@ again:
uint16_t len, ssl_version;
uint8_t type;
- n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
+ n = ssl3_packet_read(s, SSL3_RT_HEADER_LENGTH);
if (n <= 0)
- return(n); /* error or non-blocking */
+ return (n);
+
s->internal->rstate = SSL_ST_READ_BODY;
CBS_init(&header, s->internal->packet, n);
@@ -345,17 +379,13 @@ again:
/* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */
- if (rr->length > s->internal->packet_length - SSL3_RT_HEADER_LENGTH) {
- /* now s->internal->packet_length == SSL3_RT_HEADER_LENGTH */
- i = rr->length;
- n = ssl3_read_n(s, i, i, 1);
- if (n <= 0)
- return(n); /* error or non-blocking io */
- /* now n == rr->length,
- * and s->internal->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
- }
+ n = ssl3_packet_extend(s, SSL3_RT_HEADER_LENGTH + rr->length);
+ if (n <= 0)
+ return (n);
+ if (n != SSL3_RT_HEADER_LENGTH + rr->length)
+ return (n);
- s->internal->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
+ s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
/* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
* and we have that many bytes in s->internal->packet
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 0cda709da60..9cad2bc50d6 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.164 2017/01/24 09:03:21 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.165 2017/01/25 06:13:02 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1198,7 +1198,8 @@ long ssl23_default_timeout(void);
long tls1_default_timeout(void);
int dtls1_do_write(SSL *s, int type);
-int ssl3_read_n(SSL *s, int n, int max, int extend);
+int ssl3_packet_read(SSL *s, int plen);
+int ssl3_packet_extend(SSL *s, int plen);
int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
unsigned int len);