Rename the numpipes argument to ssl3_enc/tls1_enc

The numpipes argument to ssl3_enc/tls1_enc is actually the number of
records passed in the array. To make this clearer rename the argument to
|n_recs|.
Reviewed-by: NTim Hudson <tjh@openssl.org>

ssl/record/record.h

@@ -335,13 +335,11 @@ __owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
                            unsigned char *buf, int len, int peek);
 __owur int ssl3_setup_buffers(SSL *s);
-__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int numpipes,
-                    int send);
+__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send);
 __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
 __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
                        unsigned int len);
-__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int numpipes,
-                    int send);
+__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send);
 __owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
 int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
 void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);

ssl/record/ssl3_record.c

@@ -646,7 +646,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
 }
 
 /*-
- * ssl3_enc encrypts/decrypts |numpipes| records in |inrecs|
+ * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|
  *
  * Returns:
  *   0: (in non-constant time) if the record is publically invalid (i.e. too
@@ -655,7 +655,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
  *   -1: if the record's padding is invalid or, if sending, an internal error
  *       occurred.
  */
-int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int numpipes, int send)
+int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
 {
     SSL3_RECORD *rec;
     EVP_CIPHER_CTX *ds;
@@ -664,6 +664,11 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int numpipes, int send)
     const EVP_CIPHER *enc;
 
     rec = inrecs;
+    /*
+     * We shouldn't ever be called with more than one record in the SSLv3 case
+     */
+    if (n_recs != 1)
+        return 0;
     if (send) {
         ds = s->enc_write_ctx;
         if (s->enc_write_ctx == NULL)
@@ -719,7 +724,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int numpipes, int send)
 }
 
 /*-
- * tls1_enc encrypts/decrypts |numpipes| in |recs|.
+ * tls1_enc encrypts/decrypts |n_recs| in |recs|.
  *
  * Returns:
  *   0: (in non-constant time) if the record is publically invalid (i.e. too
@@ -728,7 +733,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int numpipes, int send)
  *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
  *       an internal error occurred.
  */
-int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int numpipes, int send)
+int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
 {
     EVP_CIPHER_CTX *ds;
     size_t reclen[SSL_MAX_PIPELINES];
@@ -755,7 +760,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int numpipes, int send)
             else
                 ivlen = 0;
             if (ivlen > 1) {
-                for (ctr = 0; ctr < numpipes; ctr++) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
                     if (recs[ctr].data != recs[ctr].input) {
                         /*
                          * we can't write into the input stream: Can this ever
@@ -783,7 +788,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int numpipes, int send)
     }
 
     if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
-        for (ctr = 0; ctr < numpipes; ctr++) {
+        for (ctr = 0; ctr < n_recs; ctr++) {
             memmove(recs[ctr].data, recs[ctr].input, recs[ctr].length);
             recs[ctr].input = recs[ctr].data;
         }
@@ -791,7 +796,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int numpipes, int send)
     } else {
         bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
 
-        if (numpipes > 1) {
+        if (n_recs > 1) {
             if(!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
                                   & EVP_CIPH_FLAG_PIPELINE)) {
                 /*
@@ -802,7 +807,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int numpipes, int send)
                 return -1;
             }
         }
-        for (ctr = 0; ctr < numpipes; ctr++) {
+        for (ctr = 0; ctr < n_recs; ctr++) {
             reclen[ctr] = recs[ctr].length;
 
             if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
@@ -862,25 +867,25 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int numpipes, int send)
                     return 0;
             }
         }
-        if (numpipes > 1) {
+        if (n_recs > 1) {
             unsigned char *data[SSL_MAX_PIPELINES];
 
             /* Set the output buffers */
-            for(ctr = 0; ctr < numpipes; ctr++) {
+            for(ctr = 0; ctr < n_recs; ctr++) {
                 data[ctr] = recs[ctr].data;
             }
             if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
-                                      numpipes, data) <= 0) {
+                                      n_recs, data) <= 0) {
                 SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
             }
             /* Set the input buffers */
-            for(ctr = 0; ctr < numpipes; ctr++) {
+            for(ctr = 0; ctr < n_recs; ctr++) {
                 data[ctr] = recs[ctr].input;
             }
             if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
-                                      numpipes, data) <= 0
+                                      n_recs, data) <= 0
                 || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,
-                                      numpipes, reclen) <= 0) {
+                                      n_recs, reclen) <= 0) {
                 SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
                 return -1;
             }
@@ -894,13 +899,13 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int numpipes, int send)
             return -1;          /* AEAD can fail to verify MAC */
         if (send == 0) {
             if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
-                for (ctr = 0; ctr < numpipes; ctr++) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
                     recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
                     recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
                     recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
                 }
             } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) {
-                for (ctr = 0; ctr < numpipes; ctr++) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
                     recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
                     recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
                     recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
@@ -913,7 +918,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int numpipes, int send)
             mac_size = EVP_MD_CTX_size(s->read_hash);
         if ((bs != 1) && !send) {
             int tmpret;
-            for (ctr = 0; ctr < numpipes; ctr++) {
+            for (ctr = 0; ctr < n_recs; ctr++) {
                 tmpret = tls1_cbc_remove_padding(s, &recs[ctr], bs, mac_size);
                 if (tmpret == -1)
                     return -1;
@@ -921,7 +926,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int numpipes, int send)
             }
         }
         if (pad && !send) {
-            for (ctr = 0; ctr < numpipes; ctr++) {
+            for (ctr = 0; ctr < n_recs; ctr++) {
                 recs[ctr].length -= pad;
             }
         }