Use the read and write buffers in DTLSv1_listen()

Rather than using init_buf we use the record layer read and write buffers in DTLSv1_listen(). These seem more appropriate anyway and will help with the next commit. Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7375)

Use the read and write buffers in DTLSv1_listen()
Rather than using init_buf we use the record layer read and write buffers in DTLSv1_listen(). These seem more appropriate anyway and will help with the next commit. Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7375)
2fc4c77c · Matt Caswell · edcd29ef · 2fc4c77c · 2fc4c77c · 2fc4c77c
隐藏空白更改
内联并排

Showing with 19 addition and 30 deletion

ssl/d1_lib.c ssl/d1_lib.c +17 -28

ssl/record/record.h ssl/record/record.h +2 -0

ssl/record/record_locl.h ssl/record/record_locl.h +0 -2

未找到文件。
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -449,11 +449,10 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
    unsigned char cookie[DTLS1_COOKIE_LENGTH];
    unsigned char seq[SEQ_NUM_SIZE];
    const unsigned char *data;
-    unsigned char *buf;
+    unsigned char *buf, *wbuf;
    size_t fragoff, fraglen, msglen;
    unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
    BIO *rbio, *wbio;
-    BUF_MEM *bufm;
    BIO_ADDR *tmpclient = NULL;
    PACKET pkt, msgpkt, msgpayload, session, cookiepkt;

@@ -495,34 +494,19 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
        return -1;
    }

-    if (s->init_buf == NULL) {
-        if ((bufm = BUF_MEM_new()) == NULL) {
-            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-
-        if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
-            BUF_MEM_free(bufm);
-            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-        s->init_buf = bufm;
+    if (!ssl3_setup_buffers(s)) {
+        /* SSLerr already called */
+        return -1;
    }
-    buf = (unsigned char *)s->init_buf->data;
+    buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+    wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;

    do {
        /* Get a packet */

        clear_sys_error();
-        /*
-         * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
-         * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store
-         * the record header as well, but we do here. We've set up init_buf to
-         * be the standard size for simplicity. In practice we shouldn't ever
-         * receive a ClientHello as long as this. If we do it will get dropped
-         * in the record length check below.
-         */
-        n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
+        n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH
+                                + DTLS1_RT_HEADER_LENGTH);

        if (n <= 0) {
            if (BIO_should_retry(rbio)) {
@@ -732,7 +716,11 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
                                                               : s->version;

            /* Construct the record and message headers */
-            if (!WPACKET_init(&wpkt, s->init_buf)
+            if (!WPACKET_init_static_len(&wpkt,
+                                         wbuf,
+                                         SSL3_RT_MAX_PLAIN_LENGTH
+                                         + DTLS1_RT_HEADER_LENGTH,
+                                         0)
                    || !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE)
                    || !WPACKET_put_bytes_u16(&wpkt, version)
                       /*
@@ -790,8 +778,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
             * plus one byte for the message content type. The source is the
             * last 3 bytes of the message header
             */
-            memcpy(&buf[DTLS1_RT_HEADER_LENGTH + 1],
-                   &buf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
+            memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1],
+                   &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
                   3);

            if (s->msg_callback)
@@ -815,7 +803,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
            tmpclient = NULL;

            /* TODO(size_t): convert this call */
-            if (BIO_write(wbio, buf, wreclen) < (int)wreclen) {
+            if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) {
                if (BIO_should_retry(wbio)) {
                    /*
                     * Non-blocking IO...but we're stateless, so we're just
@@ -865,6 +853,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
    if (BIO_dgram_get_peer(rbio, client) <= 0)
        BIO_ADDR_clear(client);

+
    ret = 1;
    clearpkt = 0;
 end:

--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -188,6 +188,8 @@ typedef struct record_layer_st {
                                                ((rl)->d->processed_rcds)
 #define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
                                                ((rl)->d->unprocessed_rcds)
+#define RECORD_LAYER_get_rbuf(rl)               (&(rl)->rbuf)
+#define RECORD_LAYER_get_wbuf(rl)               ((rl)->wbuf)

 void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
 void RECORD_LAYER_clear(RECORD_LAYER *rl);

--- a/ssl/record/record_locl.h
+++ b/ssl/record/record_locl.h
@@ -18,8 +18,6 @@

 /* Functions/macros provided by the RECORD_LAYER component */

-#define RECORD_LAYER_get_rbuf(rl)               (&(rl)->rbuf)
-#define RECORD_LAYER_get_wbuf(rl)               ((rl)->wbuf)
 #define RECORD_LAYER_get_rrec(rl)               ((rl)->rrec)
 #define RECORD_LAYER_set_packet(rl, p)          ((rl)->packet = (p))
 #define RECORD_LAYER_reset_packet_length(rl)    ((rl)->packet_length = 0)