Encapsulate SSL3_BUFFER and all access to s->s3->rbuf.

Reviewed-by: NRichard Levitte <levitte@openssl.org>

ssl/Makefile

@@ -29,7 +29,8 @@ LIBSRC=	\
 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \
-	bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c
+	bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \
+	record/ssl3_buffer.c
 LIBOBJ= \
 	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
 	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
@@ -39,7 +40,8 @@ LIBOBJ= \
 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
 	ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \
-	bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o
+	bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \
+	record/ssl3_buffer.o
 
 SRC= $(LIBSRC)
 

ssl/d1_pkt.c

@@ -198,12 +198,12 @@ static int dtls1_copy_record(SSL *s, pitem *item)
 
     rdata = (DTLS1_RECORD_DATA *)item->data;
 
-    if (s->s3->rbuf.buf != NULL)
-        OPENSSL_free(s->s3->rbuf.buf);
+    SSL3_BUFFER_release(RECORD_LAYER_get_rbuf(&s->rlayer));
 
     s->packet = rdata->packet;
     s->packet_length = rdata->packet_length;
-    memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
+    memcpy(RECORD_LAYER_get_rbuf(&s->rlayer), &(rdata->rbuf),
+        sizeof(SSL3_BUFFER));
     memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
 
     /* Set proper sequence number for mac calculation */
@@ -236,7 +236,8 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 
     rdata->packet = s->packet;
     rdata->packet_length = s->packet_length;
-    memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
+    memcpy(&(rdata->rbuf), RECORD_LAYER_get_rbuf(&s->rlayer),
+        sizeof(SSL3_BUFFER));
     memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
 
     item->data = rdata;
@@ -253,7 +254,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 
     s->packet = NULL;
     s->packet_length = 0;
-    memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
+    memset(RECORD_LAYER_get_rbuf(&s->rlayer), 0, sizeof(SSL3_BUFFER));
     memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
 
     if (!ssl3_setup_buffers(s)) {
@@ -544,7 +545,8 @@ int dtls1_get_record(SSL *s)
     /* check if we have the header */
     if ((s->rstate != SSL_ST_READ_BODY) ||
         (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
-        n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
+        n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
+            SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer)), 0);
         /* read timeout is handled by dtls1_read_bytes */
         if (n <= 0)
             return (n);         /* error or non-blocking */
@@ -722,9 +724,11 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
     SSL3_RECORD *rr;
     void (*cb) (const SSL *ssl, int type2, int val) = NULL;
 
-    if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
+    if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer))) {
+        /* Not initialized yet */
         if (!ssl3_setup_buffers(s))
             return (-1);
+    }
 
     if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
          (type != SSL3_RT_HANDSHAKE)) ||
@@ -1047,7 +1051,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                 }
 
                 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-                    if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+                    if (SSL3_BUFFER_get_left(
+                        RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) {
+                        /* no read-ahead left? */
                         BIO *bio;
                         /*
                          * In the case where we try to read application data,
@@ -1269,7 +1275,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
         }
 
         if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-            if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+            if (SSL3_BUFFER_get_left(
+                RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) {
+                /* no read-ahead left? */
                 BIO *bio;
                 /*
                  * In the case where we try to read application data, but we

ssl/record/rec_layer.h

@@ -110,6 +110,8 @@
  */
 
 typedef struct record_layer_st {
+    /* The parent SSL structure */
+    SSL *s;
     /*
      * Read as many input bytes as possible (for
      * non-blocking reads)
@@ -117,5 +119,7 @@ typedef struct record_layer_st {
     int read_ahead;
 } RECORD_LAYER;
 
+#define RECORD_LAYER_set_ssl(rl, s)             ((rl)->s = (s))
 #define RECORD_LAYER_set_read_ahead(rl, ra)     ((rl)->read_ahead = (ra))
 #define RECORD_LAYER_get_read_ahead(rl)         ((rl)->read_ahead)
+#define RECORD_LAYER_get_rbuf(rl)               (&(rl)->s->s3->rbuf)

ssl/record/ssl3_buffer.c

+/* ssl/record/ssl3_buffer.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "../ssl_locl.h"
+
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, unsigned char *d, int n)
+{
+    if(d != NULL)
+        memcpy(b->buf, d, n);
+    b->left = n;
+    b->offset = 0;
+}
+
+void SSL3_BUFFER_release(SSL3_BUFFER *b)
+{
+    if (b->buf != NULL)
+        OPENSSL_free(b->buf);
+    b->buf = NULL;
+}

ssl/record/ssl3_buffer.h

+/* ssl/record/ssl3_buffer.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+typedef struct ssl3_buffer_st {
+    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
+    unsigned char *buf;
+    /* buffer size */
+    size_t len;
+    /* where to 'copy from' */
+    int offset;
+    /* how many bytes left */
+    int left;
+} SSL3_BUFFER;
+
+#define SSL3_BUFFER_get_buf(b)              ((b)->buf)
+#define SSL3_BUFFER_set_buf(b, n)           ((b)->buf = (n))
+#define SSL3_BUFFER_get_len(b)              ((b)->len)
+#define SSL3_BUFFER_set_len(b, l)           ((b)->len = (l))
+#define SSL3_BUFFER_get_left(b)             ((b)->left)
+#define SSL3_BUFFER_is_initialised(b)       ((b)->buf != NULL)
+
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, unsigned char *d, int n);
+void SSL3_BUFFER_release(SSL3_BUFFER *b);
+

ssl/s23_clnt.c

@@ -481,7 +481,7 @@ static int ssl23_client_hello(SSL *s)
 
 static int ssl23_get_server_hello(SSL *s)
 {
-    char buf[8];
+    unsigned char buf[8];
     unsigned char *p;
     int i;
     int n;
@@ -575,13 +575,11 @@ static int ssl23_get_server_hello(SSL *s)
          */
         s->rstate = SSL_ST_READ_HEADER;
         s->packet_length = n;
-        if (s->s3->rbuf.buf == NULL)
+        if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer)))
             if (!ssl3_setup_read_buffer(s))
                 goto err;
-        s->packet = &(s->s3->rbuf.buf[0]);
-        memcpy(s->packet, buf, n);
-        s->s3->rbuf.left = n;
-        s->s3->rbuf.offset = 0;
+        s->packet = SSL3_BUFFER_get_buf(RECORD_LAYER_get_rbuf(&s->rlayer));
+        SSL3_BUFFER_set_data(RECORD_LAYER_get_rbuf(&s->rlayer), buf, n);
 
         s->handshake_func = s->method->ssl_connect;
     } else {

ssl/s23_srvr.c

@@ -244,8 +244,8 @@ int ssl23_get_client_hello(SSL *s)
      *  6-8   length           > Client Hello message
      *  9/10  client_version  /
      */
-    char buf_space[11];
-    char *buf = &(buf_space[0]);
+    unsigned char buf_space[11];
+    unsigned char *buf = &(buf_space[0]);
     unsigned char *p, *d, *d_len, *dd;
     unsigned int i;
     unsigned int csl, sil, cl;
@@ -558,18 +558,15 @@ int ssl23_get_client_hello(SSL *s)
              */
             s->rstate = SSL_ST_READ_HEADER;
             s->packet_length = n;
-            if (s->s3->rbuf.buf == NULL)
+            if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer)))
                 if (!ssl3_setup_read_buffer(s))
                     goto err;
 
-            s->packet = &(s->s3->rbuf.buf[0]);
-            memcpy(s->packet, buf, n);
-            s->s3->rbuf.left = n;
-            s->s3->rbuf.offset = 0;
+            s->packet = SSL3_BUFFER_get_buf(RECORD_LAYER_get_rbuf(&s->rlayer));
+            SSL3_BUFFER_set_data(RECORD_LAYER_get_rbuf(&s->rlayer), buf, n);
         } else {
             s->packet_length = 0;
-            s->s3->rbuf.left = 0;
-            s->s3->rbuf.offset = 0;
+            SSL3_BUFFER_set_data(RECORD_LAYER_get_rbuf(&s->rlayer), NULL, 0);
         }
         s->handshake_func = s->method->ssl_accept;
     } else {

ssl/s3_both.c

@@ -577,6 +577,9 @@ int ssl3_setup_read_buffer(SSL *s)
 {
     unsigned char *p;
     size_t len, align = 0, headerlen;
+    SSL3_BUFFER *b;
+    
+    b = RECORD_LAYER_get_rbuf(&s->rlayer);
 
     if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
         headerlen = DTLS1_RT_HEADER_LENGTH;
@@ -587,7 +590,7 @@ int ssl3_setup_read_buffer(SSL *s)
     align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
 #endif
 
-    if (s->s3->rbuf.buf == NULL) {
+    if (b->buf == NULL) {
         len = SSL3_RT_MAX_PLAIN_LENGTH
             + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
         if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
@@ -600,11 +603,11 @@ int ssl3_setup_read_buffer(SSL *s)
 #endif
         if ((p = OPENSSL_malloc(len)) == NULL)
             goto err;
-        s->s3->rbuf.buf = p;
-        s->s3->rbuf.len = len;
+        b->buf = p;
+        b->len = len;
     }
 
-    s->packet = &(s->s3->rbuf.buf[0]);
+    s->packet = &(b->buf[0]);
     return 1;
 
  err:
@@ -669,9 +672,12 @@ int ssl3_release_write_buffer(SSL *s)
 
 int ssl3_release_read_buffer(SSL *s)
 {
-    if (s->s3->rbuf.buf != NULL) {
-        OPENSSL_free(s->s3->rbuf.buf);
-        s->s3->rbuf.buf = NULL;
+    SSL3_BUFFER *b;
+
+    b = RECORD_LAYER_get_rbuf(&s->rlayer);
+    if (b->buf != NULL) {
+        OPENSSL_free(b->buf);
+        b->buf = NULL;
     }
     return 1;
 }

ssl/s3_lib.c

@@ -3131,7 +3131,7 @@ void ssl3_free(SSL *s)
         return;
 
     ssl3_cleanup_key_block(s);
-    if (s->s3->rbuf.buf != NULL)
+    if (SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer)))
         ssl3_release_read_buffer(s);
     if (s->s3->wbuf.buf != NULL)
         ssl3_release_write_buffer(s);
@@ -3190,9 +3190,9 @@ void ssl3_clear(SSL *s)
 # endif                         /* !OPENSSL_NO_EC */
 #endif                          /* !OPENSSL_NO_TLSEXT */
 
-    rp = s->s3->rbuf.buf;
+    rp = SSL3_BUFFER_get_buf(RECORD_LAYER_get_rbuf(&s->rlayer));
     wp = s->s3->wbuf.buf;
-    rlen = s->s3->rbuf.len;
+    rlen = SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer));
     wlen = s->s3->wbuf.len;
     init_extra = s->s3->init_extra;
     BIO_free(s->s3->handshake_buffer);
@@ -3207,9 +3207,9 @@ void ssl3_clear(SSL *s)
     }
 #endif
     memset(s->s3, 0, sizeof *s->s3);
-    s->s3->rbuf.buf = rp;
+    SSL3_BUFFER_set_buf(RECORD_LAYER_get_rbuf(&s->rlayer), rp);
     s->s3->wbuf.buf = wp;
-    s->s3->rbuf.len = rlen;
+    SSL3_BUFFER_set_len(RECORD_LAYER_get_rbuf(&s->rlayer), rlen);
     s->s3->wbuf.len = wlen;
     s->s3->init_extra = init_extra;
 
@@ -4494,7 +4494,7 @@ int ssl3_renegotiate_check(SSL *s)
     int ret = 0;
 
     if (s->s3->renegotiate) {
-        if ((s->s3->rbuf.left == 0) &&
+        if ((SSL3_BUFFER_get_left(RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) &&
             (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
             /*
              * if we are the server, and we have sent a 'RENEGOTIATE'

ssl/s3_pkt.c

@@ -153,7 +153,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
     if (n <= 0)
         return n;
 
-    rb = &(s->s3->rbuf);
+    rb = RECORD_LAYER_get_rbuf(&s->rlayer);
     if (rb->buf == NULL)
         if (!ssl3_setup_read_buffer(s))
             return -1;
@@ -336,7 +336,8 @@ static int ssl3_get_record(SSL *s)
     /* check if we have the header */
     if ((s->rstate != SSL_ST_READ_BODY) ||
         (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
-        n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
+        n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
+            SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer)), 0);
         if (n <= 0)
             return (n);         /* error or non-blocking */
         s->rstate = SSL_ST_READ_BODY;
@@ -373,7 +374,9 @@ static int ssl3_get_record(SSL *s)
             goto err;
         }
 
-        if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
+        if (rr->length >
+                SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer))
+                - SSL3_RT_HEADER_LENGTH) {
             al = SSL_AD_RECORD_OVERFLOW;
             SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
             goto f_err;
@@ -1174,9 +1177,11 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
     SSL3_RECORD *rr;
     void (*cb) (const SSL *ssl, int type2, int val) = NULL;
 
-    if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
+    if (!SSL3_BUFFER_is_initialised(RECORD_LAYER_get_rbuf(&s->rlayer))) {
+        /* Not initialized yet */
         if (!ssl3_setup_read_buffer(s))
             return (-1);
+    }
 
     if ((type && (type != SSL3_RT_APPLICATION_DATA)
          && (type != SSL3_RT_HANDSHAKE)) || (peek
@@ -1288,7 +1293,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                 s->rstate = SSL_ST_READ_HEADER;
                 rr->off = 0;
                 if (s->mode & SSL_MODE_RELEASE_BUFFERS
-                    && s->s3->rbuf.left == 0)
+                    && SSL3_BUFFER_get_left(
+                        RECORD_LAYER_get_rbuf(&s->rlayer)) == 0)
                     ssl3_release_read_buffer(s);
             }
         }
@@ -1391,7 +1397,9 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                 }
 
                 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-                    if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+                    if (SSL3_BUFFER_get_left(
+                        RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) {
+                        /* no read-ahead left? */
                         BIO *bio;
                         /*
                          * In the case where we try to read application data,
@@ -1563,7 +1571,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
         }
 
         if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-            if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+            if (SSL3_BUFFER_get_left(RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) {
+                /* no read-ahead left? */
                 BIO *bio;
                 /*
                  * In the case where we try to read application data, but we

ssl/ssl_lib.c

@@ -280,6 +280,8 @@ SSL *SSL_new(SSL_CTX *ctx)
         goto err;
     memset(s, 0, sizeof(SSL));
 
+    RECORD_LAYER_set_ssl(&s->rlayer, s);
+
 #ifndef OPENSSL_NO_KRB5
     s->kssl_ctx = kssl_ctx_new();
 #endif                          /* OPENSSL_NO_KRB5 */

ssl/ssl_locl.h

@@ -166,6 +166,7 @@
 # include <openssl/symhacks.h>
 
 #include "record/rec_layer.h"
+#include "record/ssl3_buffer.h"
 
 # ifdef OPENSSL_BUILD_SHLIBSSL
 #  undef OPENSSL_EXTERN
@@ -979,8 +980,6 @@ struct ssl_st {
     int type;
     /* SSLv3 */
     const SSL_METHOD *method;
-
-    RECORD_LAYER rlayer;
     /*
      * There are 2 BIO's even though they are normally both the same.  This
      * is so data can be read and written to different handlers
@@ -1220,6 +1219,8 @@ struct ssl_st {
      * basis, depending on the chosen cipher.
      */
     int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+    
+    RECORD_LAYER rlayer;
 };
 
 typedef struct ssl3_record_st {
@@ -1264,17 +1265,6 @@ typedef struct ssl3_record_st {
      */ unsigned char seq_num[8];
 } SSL3_RECORD;
 
-typedef struct ssl3_buffer_st {
-    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
-    unsigned char *buf;
-    /* buffer size */
-    size_t len;
-    /* where to 'copy from' */
-    int offset;
-    /* how many bytes left */
-    int left;
-} SSL3_BUFFER;
-
 typedef struct ssl3_state_st {
     long flags;
     int delay_buf_pop_ret;