2016-05-18 02:18:30 +08:00
|
|
|
/*
|
2021-07-29 22:41:35 +08:00
|
|
|
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
2015-01-30 22:57:54 +08:00
|
|
|
*
|
2018-12-06 20:08:51 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 02:18:30 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
2015-01-30 22:57:54 +08:00
|
|
|
*/
|
|
|
|
|
2019-09-28 06:45:40 +08:00
|
|
|
#include "../ssl_local.h"
|
|
|
|
#include "record_local.h"
|
2015-01-30 22:57:54 +08:00
|
|
|
|
2016-09-06 19:05:25 +08:00
|
|
|
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
|
2015-01-30 22:57:54 +08:00
|
|
|
{
|
2015-04-16 13:50:03 +08:00
|
|
|
if (d != NULL)
|
2015-01-30 22:57:54 +08:00
|
|
|
memcpy(b->buf, d, n);
|
|
|
|
b->left = n;
|
|
|
|
b->offset = 0;
|
|
|
|
}
|
|
|
|
|
2015-05-21 21:06:52 +08:00
|
|
|
/*
|
2016-01-13 22:20:25 +08:00
|
|
|
* Clear the contents of an SSL3_BUFFER but retain any memory allocated. Also
|
|
|
|
* retains the default_len setting
|
2015-05-21 21:06:52 +08:00
|
|
|
*/
|
|
|
|
void SSL3_BUFFER_clear(SSL3_BUFFER *b)
|
|
|
|
{
|
2016-01-13 22:20:25 +08:00
|
|
|
b->offset = 0;
|
|
|
|
b->left = 0;
|
2015-05-21 21:06:52 +08:00
|
|
|
}
|
|
|
|
|
2015-01-30 22:57:54 +08:00
|
|
|
void SSL3_BUFFER_release(SSL3_BUFFER *b)
|
|
|
|
{
|
2015-05-01 22:02:07 +08:00
|
|
|
OPENSSL_free(b->buf);
|
2015-01-30 22:57:54 +08:00
|
|
|
b->buf = NULL;
|
|
|
|
}
|
2015-02-02 00:03:18 +08:00
|
|
|
|
|
|
|
int ssl3_setup_read_buffer(SSL *s)
|
|
|
|
{
|
|
|
|
unsigned char *p;
|
|
|
|
size_t len, align = 0, headerlen;
|
|
|
|
SSL3_BUFFER *b;
|
2016-06-29 04:51:27 +08:00
|
|
|
|
2015-02-02 00:03:18 +08:00
|
|
|
b = RECORD_LAYER_get_rbuf(&s->rlayer);
|
|
|
|
|
2015-08-26 21:45:40 +08:00
|
|
|
if (SSL_IS_DTLS(s))
|
2015-02-02 00:03:18 +08:00
|
|
|
headerlen = DTLS1_RT_HEADER_LENGTH;
|
|
|
|
else
|
|
|
|
headerlen = SSL3_RT_HEADER_LENGTH;
|
|
|
|
|
|
|
|
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
|
|
|
|
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (b->buf == NULL) {
|
|
|
|
len = SSL3_RT_MAX_PLAIN_LENGTH
|
|
|
|
+ SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
|
|
|
|
#ifndef OPENSSL_NO_COMP
|
|
|
|
if (ssl_allow_compression(s))
|
|
|
|
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
|
|
|
|
#endif
|
2016-01-13 22:20:25 +08:00
|
|
|
if (b->default_len > len)
|
|
|
|
len = b->default_len;
|
2017-12-04 22:28:35 +08:00
|
|
|
if ((p = OPENSSL_malloc(len)) == NULL) {
|
|
|
|
/*
|
|
|
|
* We've got a malloc failure, and we're still initialising buffers.
|
|
|
|
* We assume we're so doomed that we won't even be able to send an
|
|
|
|
* alert.
|
|
|
|
*/
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_MALLOC_FAILURE);
|
2017-12-04 22:28:35 +08:00
|
|
|
return 0;
|
|
|
|
}
|
2015-02-02 00:03:18 +08:00
|
|
|
b->buf = p;
|
|
|
|
b->len = len;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2016-09-07 18:34:39 +08:00
|
|
|
int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
|
2015-02-02 00:03:18 +08:00
|
|
|
{
|
|
|
|
unsigned char *p;
|
2016-07-25 17:36:57 +08:00
|
|
|
size_t align = 0, headerlen;
|
2015-02-02 00:03:18 +08:00
|
|
|
SSL3_BUFFER *wb;
|
2016-09-07 18:34:39 +08:00
|
|
|
size_t currpipe;
|
2015-09-22 18:12:50 +08:00
|
|
|
|
|
|
|
s->rlayer.numwpipes = numwpipes;
|
2015-02-02 00:03:18 +08:00
|
|
|
|
2016-07-25 17:36:57 +08:00
|
|
|
if (len == 0) {
|
|
|
|
if (SSL_IS_DTLS(s))
|
|
|
|
headerlen = DTLS1_RT_HEADER_LENGTH + 1;
|
|
|
|
else
|
|
|
|
headerlen = SSL3_RT_HEADER_LENGTH;
|
2015-02-02 00:03:18 +08:00
|
|
|
|
|
|
|
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
|
2020-05-08 18:12:10 +08:00
|
|
|
align = SSL3_ALIGN_PAYLOAD - 1;
|
2015-02-02 00:03:18 +08:00
|
|
|
#endif
|
|
|
|
|
2017-11-06 00:46:48 +08:00
|
|
|
len = ssl_get_max_send_fragment(s)
|
2016-07-25 17:36:57 +08:00
|
|
|
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
|
2015-02-02 00:03:18 +08:00
|
|
|
#ifndef OPENSSL_NO_COMP
|
2016-07-25 17:36:57 +08:00
|
|
|
if (ssl_allow_compression(s))
|
|
|
|
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
|
2015-02-02 00:03:18 +08:00
|
|
|
#endif
|
2016-07-25 17:36:57 +08:00
|
|
|
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
|
|
|
|
len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
|
|
|
|
}
|
2015-02-02 00:03:18 +08:00
|
|
|
|
2015-09-22 18:12:50 +08:00
|
|
|
wb = RECORD_LAYER_get_wbuf(&s->rlayer);
|
|
|
|
for (currpipe = 0; currpipe < numwpipes; currpipe++) {
|
2016-12-06 18:49:01 +08:00
|
|
|
SSL3_BUFFER *thiswb = &wb[currpipe];
|
|
|
|
|
2017-06-01 14:25:47 +08:00
|
|
|
if (thiswb->len != len) {
|
2017-11-06 00:46:48 +08:00
|
|
|
OPENSSL_free(thiswb->buf);
|
|
|
|
thiswb->buf = NULL; /* force reallocation */
|
|
|
|
}
|
|
|
|
|
2016-12-06 18:49:01 +08:00
|
|
|
if (thiswb->buf == NULL) {
|
2017-06-01 14:25:47 +08:00
|
|
|
if (s->wbio == NULL || !BIO_get_ktls_send(s->wbio)) {
|
|
|
|
p = OPENSSL_malloc(len);
|
|
|
|
if (p == NULL) {
|
|
|
|
s->rlayer.numwpipes = currpipe;
|
|
|
|
/*
|
|
|
|
* We've got a malloc failure, and we're still initialising
|
|
|
|
* buffers. We assume we're so doomed that we won't even be able
|
|
|
|
* to send an alert.
|
|
|
|
*/
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_MALLOC_FAILURE);
|
2017-06-01 14:25:47 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
p = NULL;
|
2015-09-22 18:12:50 +08:00
|
|
|
}
|
2016-12-06 18:49:01 +08:00
|
|
|
memset(thiswb, 0, sizeof(SSL3_BUFFER));
|
|
|
|
thiswb->buf = p;
|
|
|
|
thiswb->len = len;
|
2015-09-22 18:12:50 +08:00
|
|
|
}
|
2015-02-02 00:03:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int ssl3_setup_buffers(SSL *s)
|
|
|
|
{
|
2017-12-04 22:28:35 +08:00
|
|
|
if (!ssl3_setup_read_buffer(s)) {
|
|
|
|
/* SSLfatal() already called */
|
2015-02-02 00:03:18 +08:00
|
|
|
return 0;
|
2017-12-04 22:28:35 +08:00
|
|
|
}
|
2017-11-22 01:18:43 +08:00
|
|
|
if (!ssl3_setup_write_buffer(s, 1, 0)) {
|
|
|
|
/* SSLfatal() already called */
|
2015-02-02 00:03:18 +08:00
|
|
|
return 0;
|
2017-11-22 01:18:43 +08:00
|
|
|
}
|
2015-02-02 00:03:18 +08:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int ssl3_release_write_buffer(SSL *s)
|
|
|
|
{
|
|
|
|
SSL3_BUFFER *wb;
|
2016-10-07 02:17:54 +08:00
|
|
|
size_t pipes;
|
2015-02-02 00:03:18 +08:00
|
|
|
|
2015-09-22 18:12:50 +08:00
|
|
|
pipes = s->rlayer.numwpipes;
|
|
|
|
while (pipes > 0) {
|
|
|
|
wb = &RECORD_LAYER_get_wbuf(&s->rlayer)[pipes - 1];
|
2015-02-02 00:03:18 +08:00
|
|
|
|
2019-11-21 05:40:12 +08:00
|
|
|
if (SSL3_BUFFER_is_app_buffer(wb))
|
|
|
|
SSL3_BUFFER_set_app_buffer(wb, 0);
|
|
|
|
else
|
2017-06-01 14:25:47 +08:00
|
|
|
OPENSSL_free(wb->buf);
|
2015-09-22 18:12:50 +08:00
|
|
|
wb->buf = NULL;
|
|
|
|
pipes--;
|
|
|
|
}
|
|
|
|
s->rlayer.numwpipes = 0;
|
2015-02-02 00:03:18 +08:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int ssl3_release_read_buffer(SSL *s)
|
|
|
|
{
|
|
|
|
SSL3_BUFFER *b;
|
|
|
|
|
|
|
|
b = RECORD_LAYER_get_rbuf(&s->rlayer);
|
2020-06-23 18:14:41 +08:00
|
|
|
if (s->options & SSL_OP_CLEANSE_PLAINTEXT)
|
|
|
|
OPENSSL_cleanse(b->buf, b->len);
|
2015-05-01 22:02:07 +08:00
|
|
|
OPENSSL_free(b->buf);
|
|
|
|
b->buf = NULL;
|
2015-02-02 00:03:18 +08:00
|
|
|
return 1;
|
|
|
|
}
|