Loading include/openssl/ssl.h +2 −0 Original line number Diff line number Diff line Loading @@ -1572,6 +1572,7 @@ __owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read); __owur int SSL_peek(SSL *ssl, void *buf, int num); __owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read); __owur int SSL_write(SSL *ssl, const void *buf, int num); __owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); Loading Loading @@ -2220,6 +2221,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_VALIDATE_CT 400 # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 # define SSL_F_SSL_WRITE 208 # define SSL_F_SSL_WRITE_EX 427 # define SSL_F_STATE_MACHINE 353 # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 Loading ssl/d1_lib.c +20 −18 Original line number Diff line number Diff line Loading @@ -23,10 +23,10 @@ static void get_current_time(struct timeval *t); static int dtls1_handshake_write(SSL *s); static unsigned int dtls1_link_min_mtu(void); static size_t dtls1_link_min_mtu(void); /* XDTLS: figure out the right values */ static const unsigned int g_probable_mtu[] = { 1500, 512, 256 }; static const size_t g_probable_mtu[] = { 1500, 512, 256 }; const SSL3_ENC_METHOD DTLSv1_enc_data = { tls1_enc, Loading Loading @@ -164,8 +164,8 @@ void dtls1_clear(SSL *s) { pqueue *buffered_messages; pqueue *sent_messages; unsigned int mtu; unsigned int link_mtu; size_t mtu; size_t link_mtu; DTLS_RECORD_LAYER_clear(&s->rlayer); Loading Loading @@ -344,7 +344,7 @@ void dtls1_stop_timer(SSL *s) int dtls1_check_timeout_num(SSL *s) { unsigned int mtu; size_t mtu; s->d1->timeout.num_alerts++; Loading Loading @@ -872,12 +872,13 @@ static int dtls1_handshake_write(SSL *s) # define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16) int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) int dtls1_process_heartbeat(SSL *s, unsigned char *p, size_t length) { unsigned char *pl; unsigned short hbtype; unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ size_t written; if (s->msg_callback) s->msg_callback(0, s->version, DTLS1_RT_HEARTBEAT, Loading @@ -897,7 +898,7 @@ int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; unsigned int write_length = HEARTBEAT_SIZE(payload, padding); size_t write_length = HEARTBEAT_SIZE(payload, padding); int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) Loading @@ -920,16 +921,17 @@ int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) return -1; } r = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buffer, write_length); r = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buffer, write_length, &written); if (r >= 0 && s->msg_callback) if (r > 0 && s->msg_callback) s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); OPENSSL_free(buffer); if (r < 0) return r; if (r <= 0) return -1; } else if (hbtype == TLS1_HB_RESPONSE) { unsigned int seq; Loading @@ -953,9 +955,9 @@ int dtls1_heartbeat(SSL *s) { unsigned char *buf, *p; int ret = -1; unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int padding = 16; /* Use minimum padding */ unsigned int size; size_t payload = 18; /* Sequence number + random bytes */ size_t padding = 16; /* Use minimum padding */ size_t size, written; /* Only send if peer supports and accepts HB requests... */ if (!(s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED) || Loading Loading @@ -1006,8 +1008,8 @@ int dtls1_heartbeat(SSL *s) goto err; } ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size); if (ret >= 0) { ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size, &written); if (ret > 0) { if (s->msg_callback) s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, buf, size, s, s->msg_callback_arg); Loading Loading @@ -1078,13 +1080,13 @@ int dtls1_query_mtu(SSL *s) return 1; } static unsigned int dtls1_link_min_mtu(void) static size_t dtls1_link_min_mtu(void) { return (g_probable_mtu[(sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0])) - 1]); } unsigned int dtls1_min_mtu(SSL *s) size_t dtls1_min_mtu(SSL *s) { return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); } Loading ssl/d1_msg.c +6 −5 Original line number Diff line number Diff line Loading @@ -10,7 +10,8 @@ #define USE_SOCKETS #include "ssl_locl.h" int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, size_t *written) { int i; Loading Loading @@ -41,8 +42,7 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) return -1; } i = dtls1_write_bytes(s, type, buf_, len); return i; return dtls1_write_bytes(s, type, buf_, len, written); } int dtls1_dispatch_alert(SSL *s) Loading @@ -51,6 +51,7 @@ int dtls1_dispatch_alert(SSL *s) void (*cb) (const SSL *ssl, int type, int val) = NULL; unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; size_t written; s->s3->alert_dispatch = 0; Loading @@ -65,7 +66,7 @@ int dtls1_dispatch_alert(SSL *s) } #endif i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written); if (i <= 0) { s->s3->alert_dispatch = 1; /* fprintf( stderr, "not done with alert\n" ); */ Loading @@ -91,5 +92,5 @@ int dtls1_dispatch_alert(SSL *s) cb(s, SSL_CB_WRITE_ALERT, j); } } return (i); return i; } ssl/record/rec_layer_d1.c +11 −9 Original line number Diff line number Diff line Loading @@ -971,22 +971,23 @@ static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf, * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. */ int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, size_t *written) { int i; OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); s->rwstate = SSL_NOTHING; i = do_dtls1_write(s, type, buf, len, 0); i = do_dtls1_write(s, type, buf, len, 0, written); return i; } int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) size_t len, int create_empty_fragment, size_t *written) { unsigned char *p, *pseq; int i, mac_size, clear = 0; int prefix_len = 0; size_t prefix_len = 0; int eivlen; SSL3_RECORD wr; SSL3_BUFFER *wb; Loading @@ -1000,14 +1001,14 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, */ if (SSL3_BUFFER_get_left(wb) != 0) { OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ return (ssl3_write_pending(s, type, buf, len)); return ssl3_write_pending(s, type, buf, len, written); } /* If we have an alert to send, lets send it */ if (s->s3->alert_dispatch) { i = s->method->ssl_dispatch_alert(s); if (i <= 0) return (i); return i; /* if it went, fall through and send more stuff */ } Loading Loading @@ -1072,7 +1073,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* lets setup the record stuff. */ SSL3_RECORD_set_data(&wr, p + eivlen); /* make room for IV in case of CBC */ SSL3_RECORD_set_length(&wr, (int)len); SSL3_RECORD_set_length(&wr, len); SSL3_RECORD_set_input(&wr, (unsigned char *)buf); /* Loading Loading @@ -1160,7 +1161,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * we are in a recursive call; just return the length, don't write * out anything here */ return wr.length; *written = wr.length; return 1; } /* now let's set up wb */ Loading @@ -1177,7 +1179,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, s->rlayer.wpend_ret = len; /* we now just need to write the buffer */ return ssl3_write_pending(s, type, buf, len); return ssl3_write_pending(s, type, buf, len, written); err: return -1; } Loading ssl/record/rec_layer_s3.c +61 −53 Original line number Diff line number Diff line Loading @@ -347,22 +347,18 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. */ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, size_t *written) { const unsigned char *buf = buf_; int tot; unsigned int n, split_send_fragment, maxpipes; size_t tot; size_t n, split_send_fragment, maxpipes; #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK unsigned int max_send_fragment, nw; unsigned int u_len = (unsigned int)len; size_t max_send_fragment, nw; #endif SSL3_BUFFER *wb = &s->rlayer.wbuf[0]; int i; if (len < 0) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_NEGATIVE_LENGTH); return -1; } size_t tmpwrit; s->rwstate = SSL_NOTHING; tot = s->rlayer.wnum; Loading @@ -375,7 +371,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * promptly send beyond the end of the users buffer ... so we trap and * report the error in a way the user will notice */ if ((unsigned int)len < s->rlayer.wnum) { if (len < s->rlayer.wnum) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); return -1; } Loading @@ -385,7 +381,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { i = s->handshake_func(s); if (i < 0) return (i); return i; if (i == 0) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); return -1; Loading @@ -397,13 +393,14 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * will happen with non blocking IO */ if (wb->left != 0) { i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot); i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot, &tmpwrit); if (i <= 0) { /* XXX should we ssl3_release_write_buffer if i<0? */ s->rlayer.wnum = tot; return i; } tot += i; /* this might be last fragment */ tot += tmpwrit; /* this might be last fragment */ } #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK /* Loading @@ -413,7 +410,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * compromise is considered worthy. */ if (type == SSL3_RT_APPLICATION_DATA && u_len >= 4 * (max_send_fragment = s->max_send_fragment) && len >= 4 * (max_send_fragment = s->max_send_fragment) && s->compress == NULL && s->msg_callback == NULL && !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) & Loading @@ -433,7 +430,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, max_send_fragment, NULL); if (u_len >= 8 * max_send_fragment) if (len >= 8 * max_send_fragment) packlen *= 8; else packlen *= 4; Loading Loading @@ -513,7 +510,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) s->rlayer.wpend_type = type; s->rlayer.wpend_ret = nw; i = ssl3_write_pending(s, type, &buf[tot], nw); i = ssl3_write_pending(s, type, &buf[tot], nw, &tmpwrit); if (i <= 0) { if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) { /* free jumbo buffer */ Loading @@ -522,13 +519,14 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) s->rlayer.wnum = tot; return i; } if (i == (int)n) { if (tmpwrit == n) { /* free jumbo buffer */ ssl3_release_write_buffer(s); return tot + i; *written = tot + tmpwrit; return 1; } n -= i; tot += i; n -= tmpwrit; tot += tmpwrit; } } else #endif Loading @@ -536,7 +534,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); return tot; *written = tot; return 1; } n = (len - tot); Loading Loading @@ -574,8 +573,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } for (;;) { unsigned int pipelens[SSL_MAX_PIPELINES], tmppipelen, remain; unsigned int numpipes, j; size_t pipelens[SSL_MAX_PIPELINES], tmppipelen, remain; size_t numpipes, j; if (n == 0) numpipes = 1; Loading Loading @@ -603,14 +602,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } } i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0); i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0, &tmpwrit); if (i <= 0) { /* XXX should we ssl3_release_write_buffer if i<0? */ s->rlayer.wnum = tot; return i; } if ((i == (int)n) || if ((tmpwrit == n) || (type == SSL3_RT_APPLICATION_DATA && (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { /* Loading @@ -623,29 +623,29 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); return tot + i; *written = tot + tmpwrit; return 1; } n -= i; tot += i; n -= tmpwrit; tot += tmpwrit; } } /* TODO(size_t): convert me */ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int *pipelens, unsigned int numpipes, int create_empty_fragment) size_t *pipelens, size_t numpipes, int create_empty_fragment, size_t *written) { unsigned char *outbuf[SSL_MAX_PIPELINES], *plen[SSL_MAX_PIPELINES]; SSL3_RECORD wr[SSL_MAX_PIPELINES]; int i, mac_size, clear = 0; int prefix_len = 0; size_t prefix_len = 0; int eivlen; size_t align = 0; SSL3_BUFFER *wb; SSL_SESSION *sess; unsigned int totlen = 0; unsigned int j; size_t totlen = 0; size_t j; for (j = 0; j < numpipes; j++) totlen += pipelens[j]; Loading @@ -654,7 +654,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * will happen with non blocking IO */ if (RECORD_LAYER_write_pending(&s->rlayer)) return (ssl3_write_pending(s, type, buf, totlen)); return ssl3_write_pending(s, type, buf, totlen, written); /* If we have an alert to send, lets send it */ if (s->s3->alert_dispatch) { Loading @@ -678,6 +678,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ mac_size = 0; } else { /* TODO(siz_t): Convert me */ mac_size = EVP_MD_CTX_size(s->write_hash); if (mac_size < 0) goto err; Loading @@ -699,10 +700,11 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * 'prefix_len' bytes are sent out later together with the actual * payload) */ unsigned int tmppipelen = 0; size_t tmppipelen = 0; int ret; prefix_len = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1); if (prefix_len <= 0) ret = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1, &prefix_len); if (ret <= 0) goto err; if (prefix_len > Loading Loading @@ -749,6 +751,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { /* TODO(size_t): Convert me */ eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); if (eivlen <= 1) eivlen = 0; Loading Loading @@ -868,7 +871,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); goto err; } return SSL3_RECORD_get_length(wr); *written = SSL3_RECORD_get_length(wr); return 1; } /* now let's set up wb */ Loading @@ -886,7 +890,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, s->rlayer.wpend_ret = totlen; /* we now just need to write the buffer */ return ssl3_write_pending(s, type, buf, totlen); return ssl3_write_pending(s, type, buf, totlen, written); err: return -1; } Loading @@ -894,24 +898,24 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* if s->s3->wbuf.left != 0, we need to call this * * Return values are as per SSL_read(), i.e. * >0 The number of read bytes * 1 Success * 0 Failure (not retryable) * <0 Failure (may be retryable) */ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, size_t *written) { int i; SSL3_BUFFER *wb = s->rlayer.wbuf; unsigned int currbuf = 0; size_t currbuf = 0; size_t tmpwrit; /* XXXX */ if ((s->rlayer.wpend_tot > (int)len) if ((s->rlayer.wpend_tot > len) || ((s->rlayer.wpend_buf != buf) && !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || (s->rlayer.wpend_type != type)) { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); return (-1); return -1; } for (;;) { Loading @@ -924,21 +928,25 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, clear_sys_error(); if (s->wbio != NULL) { s->rwstate = SSL_WRITING; /* TODO(size_t): Convert this call */ i = BIO_write(s->wbio, (char *) &(SSL3_BUFFER_get_buf(&wb[currbuf]) [SSL3_BUFFER_get_offset(&wb[currbuf])]), (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); if (i >= 0) tmpwrit = i; } else { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); i = -1; } if (i == (int)SSL3_BUFFER_get_left(&wb[currbuf])) { if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) { SSL3_BUFFER_set_left(&wb[currbuf], 0); SSL3_BUFFER_add_offset(&wb[currbuf], i); SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit); if (currbuf + 1 < s->rlayer.numwpipes) continue; s->rwstate = SSL_NOTHING; return (s->rlayer.wpend_ret); *written = s->rlayer.wpend_ret; return 1; } else if (i <= 0) { if (SSL_IS_DTLS(s)) { /* Loading @@ -949,8 +957,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, } return -1; } SSL3_BUFFER_add_offset(&wb[currbuf], i); SSL3_BUFFER_sub_left(&wb[currbuf], i); SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit); SSL3_BUFFER_sub_left(&wb[currbuf], tmpwrit); } } Loading Loading
include/openssl/ssl.h +2 −0 Original line number Diff line number Diff line Loading @@ -1572,6 +1572,7 @@ __owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read); __owur int SSL_peek(SSL *ssl, void *buf, int num); __owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read); __owur int SSL_write(SSL *ssl, const void *buf, int num); __owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); Loading Loading @@ -2220,6 +2221,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_VALIDATE_CT 400 # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 # define SSL_F_SSL_WRITE 208 # define SSL_F_SSL_WRITE_EX 427 # define SSL_F_STATE_MACHINE 353 # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 Loading
ssl/d1_lib.c +20 −18 Original line number Diff line number Diff line Loading @@ -23,10 +23,10 @@ static void get_current_time(struct timeval *t); static int dtls1_handshake_write(SSL *s); static unsigned int dtls1_link_min_mtu(void); static size_t dtls1_link_min_mtu(void); /* XDTLS: figure out the right values */ static const unsigned int g_probable_mtu[] = { 1500, 512, 256 }; static const size_t g_probable_mtu[] = { 1500, 512, 256 }; const SSL3_ENC_METHOD DTLSv1_enc_data = { tls1_enc, Loading Loading @@ -164,8 +164,8 @@ void dtls1_clear(SSL *s) { pqueue *buffered_messages; pqueue *sent_messages; unsigned int mtu; unsigned int link_mtu; size_t mtu; size_t link_mtu; DTLS_RECORD_LAYER_clear(&s->rlayer); Loading Loading @@ -344,7 +344,7 @@ void dtls1_stop_timer(SSL *s) int dtls1_check_timeout_num(SSL *s) { unsigned int mtu; size_t mtu; s->d1->timeout.num_alerts++; Loading Loading @@ -872,12 +872,13 @@ static int dtls1_handshake_write(SSL *s) # define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16) int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) int dtls1_process_heartbeat(SSL *s, unsigned char *p, size_t length) { unsigned char *pl; unsigned short hbtype; unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ size_t written; if (s->msg_callback) s->msg_callback(0, s->version, DTLS1_RT_HEARTBEAT, Loading @@ -897,7 +898,7 @@ int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; unsigned int write_length = HEARTBEAT_SIZE(payload, padding); size_t write_length = HEARTBEAT_SIZE(payload, padding); int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) Loading @@ -920,16 +921,17 @@ int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) return -1; } r = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buffer, write_length); r = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buffer, write_length, &written); if (r >= 0 && s->msg_callback) if (r > 0 && s->msg_callback) s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); OPENSSL_free(buffer); if (r < 0) return r; if (r <= 0) return -1; } else if (hbtype == TLS1_HB_RESPONSE) { unsigned int seq; Loading @@ -953,9 +955,9 @@ int dtls1_heartbeat(SSL *s) { unsigned char *buf, *p; int ret = -1; unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int padding = 16; /* Use minimum padding */ unsigned int size; size_t payload = 18; /* Sequence number + random bytes */ size_t padding = 16; /* Use minimum padding */ size_t size, written; /* Only send if peer supports and accepts HB requests... */ if (!(s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED) || Loading Loading @@ -1006,8 +1008,8 @@ int dtls1_heartbeat(SSL *s) goto err; } ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size); if (ret >= 0) { ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size, &written); if (ret > 0) { if (s->msg_callback) s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, buf, size, s, s->msg_callback_arg); Loading Loading @@ -1078,13 +1080,13 @@ int dtls1_query_mtu(SSL *s) return 1; } static unsigned int dtls1_link_min_mtu(void) static size_t dtls1_link_min_mtu(void) { return (g_probable_mtu[(sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0])) - 1]); } unsigned int dtls1_min_mtu(SSL *s) size_t dtls1_min_mtu(SSL *s) { return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); } Loading
ssl/d1_msg.c +6 −5 Original line number Diff line number Diff line Loading @@ -10,7 +10,8 @@ #define USE_SOCKETS #include "ssl_locl.h" int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, size_t *written) { int i; Loading Loading @@ -41,8 +42,7 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) return -1; } i = dtls1_write_bytes(s, type, buf_, len); return i; return dtls1_write_bytes(s, type, buf_, len, written); } int dtls1_dispatch_alert(SSL *s) Loading @@ -51,6 +51,7 @@ int dtls1_dispatch_alert(SSL *s) void (*cb) (const SSL *ssl, int type, int val) = NULL; unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; size_t written; s->s3->alert_dispatch = 0; Loading @@ -65,7 +66,7 @@ int dtls1_dispatch_alert(SSL *s) } #endif i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written); if (i <= 0) { s->s3->alert_dispatch = 1; /* fprintf( stderr, "not done with alert\n" ); */ Loading @@ -91,5 +92,5 @@ int dtls1_dispatch_alert(SSL *s) cb(s, SSL_CB_WRITE_ALERT, j); } } return (i); return i; }
ssl/record/rec_layer_d1.c +11 −9 Original line number Diff line number Diff line Loading @@ -971,22 +971,23 @@ static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf, * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. */ int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, size_t *written) { int i; OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); s->rwstate = SSL_NOTHING; i = do_dtls1_write(s, type, buf, len, 0); i = do_dtls1_write(s, type, buf, len, 0, written); return i; } int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) size_t len, int create_empty_fragment, size_t *written) { unsigned char *p, *pseq; int i, mac_size, clear = 0; int prefix_len = 0; size_t prefix_len = 0; int eivlen; SSL3_RECORD wr; SSL3_BUFFER *wb; Loading @@ -1000,14 +1001,14 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, */ if (SSL3_BUFFER_get_left(wb) != 0) { OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ return (ssl3_write_pending(s, type, buf, len)); return ssl3_write_pending(s, type, buf, len, written); } /* If we have an alert to send, lets send it */ if (s->s3->alert_dispatch) { i = s->method->ssl_dispatch_alert(s); if (i <= 0) return (i); return i; /* if it went, fall through and send more stuff */ } Loading Loading @@ -1072,7 +1073,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* lets setup the record stuff. */ SSL3_RECORD_set_data(&wr, p + eivlen); /* make room for IV in case of CBC */ SSL3_RECORD_set_length(&wr, (int)len); SSL3_RECORD_set_length(&wr, len); SSL3_RECORD_set_input(&wr, (unsigned char *)buf); /* Loading Loading @@ -1160,7 +1161,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * we are in a recursive call; just return the length, don't write * out anything here */ return wr.length; *written = wr.length; return 1; } /* now let's set up wb */ Loading @@ -1177,7 +1179,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, s->rlayer.wpend_ret = len; /* we now just need to write the buffer */ return ssl3_write_pending(s, type, buf, len); return ssl3_write_pending(s, type, buf, len, written); err: return -1; } Loading
ssl/record/rec_layer_s3.c +61 −53 Original line number Diff line number Diff line Loading @@ -347,22 +347,18 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. */ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, size_t *written) { const unsigned char *buf = buf_; int tot; unsigned int n, split_send_fragment, maxpipes; size_t tot; size_t n, split_send_fragment, maxpipes; #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK unsigned int max_send_fragment, nw; unsigned int u_len = (unsigned int)len; size_t max_send_fragment, nw; #endif SSL3_BUFFER *wb = &s->rlayer.wbuf[0]; int i; if (len < 0) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_NEGATIVE_LENGTH); return -1; } size_t tmpwrit; s->rwstate = SSL_NOTHING; tot = s->rlayer.wnum; Loading @@ -375,7 +371,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * promptly send beyond the end of the users buffer ... so we trap and * report the error in a way the user will notice */ if ((unsigned int)len < s->rlayer.wnum) { if (len < s->rlayer.wnum) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); return -1; } Loading @@ -385,7 +381,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { i = s->handshake_func(s); if (i < 0) return (i); return i; if (i == 0) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); return -1; Loading @@ -397,13 +393,14 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * will happen with non blocking IO */ if (wb->left != 0) { i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot); i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot, &tmpwrit); if (i <= 0) { /* XXX should we ssl3_release_write_buffer if i<0? */ s->rlayer.wnum = tot; return i; } tot += i; /* this might be last fragment */ tot += tmpwrit; /* this might be last fragment */ } #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK /* Loading @@ -413,7 +410,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * compromise is considered worthy. */ if (type == SSL3_RT_APPLICATION_DATA && u_len >= 4 * (max_send_fragment = s->max_send_fragment) && len >= 4 * (max_send_fragment = s->max_send_fragment) && s->compress == NULL && s->msg_callback == NULL && !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) & Loading @@ -433,7 +430,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, max_send_fragment, NULL); if (u_len >= 8 * max_send_fragment) if (len >= 8 * max_send_fragment) packlen *= 8; else packlen *= 4; Loading Loading @@ -513,7 +510,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) s->rlayer.wpend_type = type; s->rlayer.wpend_ret = nw; i = ssl3_write_pending(s, type, &buf[tot], nw); i = ssl3_write_pending(s, type, &buf[tot], nw, &tmpwrit); if (i <= 0) { if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) { /* free jumbo buffer */ Loading @@ -522,13 +519,14 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) s->rlayer.wnum = tot; return i; } if (i == (int)n) { if (tmpwrit == n) { /* free jumbo buffer */ ssl3_release_write_buffer(s); return tot + i; *written = tot + tmpwrit; return 1; } n -= i; tot += i; n -= tmpwrit; tot += tmpwrit; } } else #endif Loading @@ -536,7 +534,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); return tot; *written = tot; return 1; } n = (len - tot); Loading Loading @@ -574,8 +573,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } for (;;) { unsigned int pipelens[SSL_MAX_PIPELINES], tmppipelen, remain; unsigned int numpipes, j; size_t pipelens[SSL_MAX_PIPELINES], tmppipelen, remain; size_t numpipes, j; if (n == 0) numpipes = 1; Loading Loading @@ -603,14 +602,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } } i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0); i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0, &tmpwrit); if (i <= 0) { /* XXX should we ssl3_release_write_buffer if i<0? */ s->rlayer.wnum = tot; return i; } if ((i == (int)n) || if ((tmpwrit == n) || (type == SSL3_RT_APPLICATION_DATA && (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { /* Loading @@ -623,29 +623,29 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); return tot + i; *written = tot + tmpwrit; return 1; } n -= i; tot += i; n -= tmpwrit; tot += tmpwrit; } } /* TODO(size_t): convert me */ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int *pipelens, unsigned int numpipes, int create_empty_fragment) size_t *pipelens, size_t numpipes, int create_empty_fragment, size_t *written) { unsigned char *outbuf[SSL_MAX_PIPELINES], *plen[SSL_MAX_PIPELINES]; SSL3_RECORD wr[SSL_MAX_PIPELINES]; int i, mac_size, clear = 0; int prefix_len = 0; size_t prefix_len = 0; int eivlen; size_t align = 0; SSL3_BUFFER *wb; SSL_SESSION *sess; unsigned int totlen = 0; unsigned int j; size_t totlen = 0; size_t j; for (j = 0; j < numpipes; j++) totlen += pipelens[j]; Loading @@ -654,7 +654,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * will happen with non blocking IO */ if (RECORD_LAYER_write_pending(&s->rlayer)) return (ssl3_write_pending(s, type, buf, totlen)); return ssl3_write_pending(s, type, buf, totlen, written); /* If we have an alert to send, lets send it */ if (s->s3->alert_dispatch) { Loading @@ -678,6 +678,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ mac_size = 0; } else { /* TODO(siz_t): Convert me */ mac_size = EVP_MD_CTX_size(s->write_hash); if (mac_size < 0) goto err; Loading @@ -699,10 +700,11 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * 'prefix_len' bytes are sent out later together with the actual * payload) */ unsigned int tmppipelen = 0; size_t tmppipelen = 0; int ret; prefix_len = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1); if (prefix_len <= 0) ret = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1, &prefix_len); if (ret <= 0) goto err; if (prefix_len > Loading Loading @@ -749,6 +751,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { /* TODO(size_t): Convert me */ eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); if (eivlen <= 1) eivlen = 0; Loading Loading @@ -868,7 +871,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); goto err; } return SSL3_RECORD_get_length(wr); *written = SSL3_RECORD_get_length(wr); return 1; } /* now let's set up wb */ Loading @@ -886,7 +890,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, s->rlayer.wpend_ret = totlen; /* we now just need to write the buffer */ return ssl3_write_pending(s, type, buf, totlen); return ssl3_write_pending(s, type, buf, totlen, written); err: return -1; } Loading @@ -894,24 +898,24 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* if s->s3->wbuf.left != 0, we need to call this * * Return values are as per SSL_read(), i.e. * >0 The number of read bytes * 1 Success * 0 Failure (not retryable) * <0 Failure (may be retryable) */ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, size_t *written) { int i; SSL3_BUFFER *wb = s->rlayer.wbuf; unsigned int currbuf = 0; size_t currbuf = 0; size_t tmpwrit; /* XXXX */ if ((s->rlayer.wpend_tot > (int)len) if ((s->rlayer.wpend_tot > len) || ((s->rlayer.wpend_buf != buf) && !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || (s->rlayer.wpend_type != type)) { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); return (-1); return -1; } for (;;) { Loading @@ -924,21 +928,25 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, clear_sys_error(); if (s->wbio != NULL) { s->rwstate = SSL_WRITING; /* TODO(size_t): Convert this call */ i = BIO_write(s->wbio, (char *) &(SSL3_BUFFER_get_buf(&wb[currbuf]) [SSL3_BUFFER_get_offset(&wb[currbuf])]), (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); if (i >= 0) tmpwrit = i; } else { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); i = -1; } if (i == (int)SSL3_BUFFER_get_left(&wb[currbuf])) { if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) { SSL3_BUFFER_set_left(&wb[currbuf], 0); SSL3_BUFFER_add_offset(&wb[currbuf], i); SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit); if (currbuf + 1 < s->rlayer.numwpipes) continue; s->rwstate = SSL_NOTHING; return (s->rlayer.wpend_ret); *written = s->rlayer.wpend_ret; return 1; } else if (i <= 0) { if (SSL_IS_DTLS(s)) { /* Loading @@ -949,8 +957,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, } return -1; } SSL3_BUFFER_add_offset(&wb[currbuf], i); SSL3_BUFFER_sub_left(&wb[currbuf], i); SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit); SSL3_BUFFER_sub_left(&wb[currbuf], tmpwrit); } } Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>