Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
c7c42022
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
c7c42022
编写于
11月 18, 2016
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Convert TLS record construction to use WPACKET
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
3171bad6
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
122 addition
and
43 deletion
+122
-43
ssl/record/rec_layer_s3.c
ssl/record/rec_layer_s3.c
+121
-42
ssl/record/ssl3_record.c
ssl/record/ssl3_record.c
+1
-1
未找到文件。
ssl/record/rec_layer_s3.c
浏览文件 @
c7c42022
...
...
@@ -633,15 +633,16 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
size_t
*
pipelens
,
size_t
numpipes
,
int
create_empty_fragment
,
size_t
*
written
)
{
unsigned
char
*
outbuf
[
SSL_MAX_PIPELINES
],
*
plen
[
SSL_MAX_PIPELINES
];
WPACKET
pkt
[
SSL_MAX_PIPELINES
];
SSL3_RECORD
wr
[
SSL_MAX_PIPELINES
];
unsigned
char
*
recordstart
;
int
i
,
mac_size
,
clear
=
0
;
size_t
prefix_len
=
0
;
int
eivlen
;
size_t
align
=
0
;
SSL3_BUFFER
*
wb
;
SSL_SESSION
*
sess
;
size_t
totlen
=
0
;
size_t
totlen
=
0
,
len
,
wpinited
=
0
;
size_t
j
;
for
(
j
=
0
;
j
<
numpipes
;
j
++
)
...
...
@@ -726,12 +727,24 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
align
=
(
size_t
)
SSL3_BUFFER_get_buf
(
wb
)
+
2
*
SSL3_RT_HEADER_LENGTH
;
align
=
SSL3_ALIGN_PAYLOAD
-
1
-
((
align
-
1
)
%
SSL3_ALIGN_PAYLOAD
);
#endif
outbuf
[
0
]
=
SSL3_BUFFER_get_buf
(
wb
)
+
align
;
SSL3_BUFFER_set_offset
(
wb
,
align
);
if
(
!
WPACKET_init_static_len
(
&
pkt
[
0
],
SSL3_BUFFER_get_buf
(
wb
),
SSL3_BUFFER_get_len
(
wb
),
0
)
||
!
WPACKET_allocate_bytes
(
&
pkt
[
0
],
align
,
NULL
))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
wpinited
=
1
;
}
else
if
(
prefix_len
)
{
wb
=
&
s
->
rlayer
.
wbuf
[
0
];
outbuf
[
0
]
=
SSL3_BUFFER_get_buf
(
wb
)
+
SSL3_BUFFER_get_offset
(
wb
)
+
prefix_len
;
if
(
!
WPACKET_init_static_len
(
&
pkt
[
0
],
SSL3_BUFFER_get_buf
(
wb
),
SSL3_BUFFER_get_len
(
wb
),
0
)
||
!
WPACKET_allocate_bytes
(
&
pkt
[
0
],
SSL3_BUFFER_get_offset
(
wb
)
+
prefix_len
,
NULL
))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
wpinited
=
1
;
}
else
{
for
(
j
=
0
;
j
<
numpipes
;
j
++
)
{
wb
=
&
s
->
rlayer
.
wbuf
[
j
];
...
...
@@ -739,8 +752,14 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
align
=
(
size_t
)
SSL3_BUFFER_get_buf
(
wb
)
+
SSL3_RT_HEADER_LENGTH
;
align
=
SSL3_ALIGN_PAYLOAD
-
1
-
((
align
-
1
)
%
SSL3_ALIGN_PAYLOAD
);
#endif
outbuf
[
j
]
=
SSL3_BUFFER_get_buf
(
wb
)
+
align
;
SSL3_BUFFER_set_offset
(
wb
,
align
);
if
(
!
WPACKET_init_static_len
(
&
pkt
[
j
],
SSL3_BUFFER_get_buf
(
wb
),
SSL3_BUFFER_get_len
(
wb
),
0
)
||
!
WPACKET_allocate_bytes
(
&
pkt
[
j
],
align
,
NULL
))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
wpinited
++
;
}
}
...
...
@@ -752,42 +771,52 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
eivlen
=
EVP_CIPHER_CTX_iv_length
(
s
->
enc_write_ctx
);
if
(
eivlen
<=
1
)
eivlen
=
0
;
}
/* Need explicit part of IV for GCM mode */
else
if
(
mode
==
EVP_CIPH_GCM_MODE
)
}
else
if
(
mode
==
EVP_CIPH_GCM_MODE
)
{
/* Need explicit part of IV for GCM mode */
eivlen
=
EVP_GCM_TLS_EXPLICIT_IV_LEN
;
else
if
(
mode
==
EVP_CIPH_CCM_MODE
)
}
else
if
(
mode
==
EVP_CIPH_CCM_MODE
)
{
eivlen
=
EVP_CCM_TLS_EXPLICIT_IV_LEN
;
else
}
else
{
eivlen
=
0
;
}
else
}
}
else
{
eivlen
=
0
;
}
totlen
=
0
;
/* Clear our SSL3_RECORD structures */
memset
(
wr
,
0
,
sizeof
wr
);
for
(
j
=
0
;
j
<
numpipes
;
j
++
)
{
/* write the header */
*
(
outbuf
[
j
]
++
)
=
type
&
0xff
;
SSL3_RECORD_set_type
(
&
wr
[
j
],
type
)
;
unsigned
int
version
=
s
->
version
;
unsigned
char
*
compressdata
;
size_t
maxcomplen
;
*
(
outbuf
[
j
]
++
)
=
(
s
->
version
>>
8
);
SSL3_RECORD_set_type
(
&
wr
[
j
],
type
);
/*
* Some servers hang if initial client hello is larger than 256 bytes
* and record version number > TLS 1.0
*/
if
(
SSL_get_state
(
s
)
==
TLS_ST_CW_CLNT_HELLO
&&
!
s
->
renegotiate
&&
TLS1_get_version
(
s
)
>
TLS1_VERSION
)
*
(
outbuf
[
j
]
++
)
=
0x1
;
else
*
(
outbuf
[
j
]
++
)
=
s
->
version
&
0xff
;
version
=
TLS1_VERSION
;
/* field where we are to write out packet length */
plen
[
j
]
=
outbuf
[
j
];
outbuf
[
j
]
+=
2
;
maxcomplen
=
pipelens
[
j
]
+
(
ssl_allow_compression
(
s
)
?
SSL3_RT_MAX_COMPRESSED_OVERHEAD
:
0
);
/* write the header */
if
(
!
WPACKET_put_bytes_u8
(
&
pkt
[
j
],
type
)
||
!
WPACKET_put_bytes_u16
(
&
pkt
[
j
],
version
)
||
!
WPACKET_start_sub_packet_u16
(
&
pkt
[
j
])
||
(
eivlen
>
0
&&
!
WPACKET_allocate_bytes
(
&
pkt
[
j
],
eivlen
,
NULL
))
||
(
maxcomplen
>
0
&&
!
WPACKET_reserve_bytes
(
&
pkt
[
j
],
maxcomplen
,
&
compressdata
)))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
/* lets setup the record stuff. */
SSL3_RECORD_set_data
(
&
wr
[
j
],
outbuf
[
j
]
+
eivlen
);
SSL3_RECORD_set_data
(
&
wr
[
j
],
compressdata
);
SSL3_RECORD_set_length
(
&
wr
[
j
],
pipelens
[
j
]);
SSL3_RECORD_set_input
(
&
wr
[
j
],
(
unsigned
char
*
)
&
buf
[
totlen
]);
totlen
+=
pipelens
[
j
];
...
...
@@ -798,12 +827,16 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* first we compress */
if
(
s
->
compress
!=
NULL
)
{
if
(
!
ssl3_do_compress
(
s
,
&
wr
[
j
]))
{
if
(
!
ssl3_do_compress
(
s
,
&
wr
[
j
])
||
!
WPACKET_allocate_bytes
(
&
pkt
[
j
],
wr
[
j
].
length
,
NULL
))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
SSL_R_COMPRESSION_FAILURE
);
goto
err
;
}
}
else
{
memcpy
(
wr
[
j
].
data
,
wr
[
j
].
input
,
wr
[
j
].
length
);
if
(
!
WPACKET_memcpy
(
&
pkt
[
j
],
wr
[
j
].
input
,
wr
[
j
].
length
))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
SSL3_RECORD_reset_input
(
&
wr
[
j
]);
}
...
...
@@ -814,41 +847,85 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
*/
if
(
!
SSL_USE_ETM
(
s
)
&&
mac_size
!=
0
)
{
if
(
!
s
->
method
->
ssl3_enc
->
mac
(
s
,
&
wr
[
j
],
&
(
outbuf
[
j
][
wr
[
j
].
length
+
eivlen
]),
1
))
unsigned
char
*
mac
;
if
(
!
WPACKET_allocate_bytes
(
&
pkt
[
j
],
mac_size
,
&
mac
)
||
!
s
->
method
->
ssl3_enc
->
mac
(
s
,
&
wr
[
j
],
mac
,
1
))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
SSL3_RECORD_add_length
(
&
wr
[
j
],
mac_size
);
}
}
/*
* Reserve some bytes for any growth that may occur during encryption.
* This will be at most one cipher block or the tag length if using
* AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case.
*/
if
(
!
WPACKET_reserve_bytes
(
&
pkt
[
j
],
SSL_RT_MAX_CIPHER_BLOCK_SIZE
,
NULL
)
/*
* We also need next the amount of bytes written to this
* sub-packet
*/
||
!
WPACKET_get_length
(
&
pkt
[
j
],
&
len
))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
SSL3_RECORD_set_data
(
&
wr
[
j
],
outbuf
[
j
]);
/* Get a pointer to the start of this record excluding header */
recordstart
=
WPACKET_get_curr
(
&
pkt
[
j
])
-
len
;
SSL3_RECORD_set_data
(
&
wr
[
j
],
recordstart
);
SSL3_RECORD_reset_input
(
&
wr
[
j
]);
SSL3_RECORD_set_length
(
&
wr
[
j
],
len
);
if
(
eivlen
)
{
/*
* if (RAND_pseudo_bytes(p, eivlen) <= 0) goto err;
*/
SSL3_RECORD_add_length
(
&
wr
[
j
],
eivlen
);
}
}
if
(
s
->
method
->
ssl3_enc
->
enc
(
s
,
wr
,
numpipes
,
1
)
<
1
)
goto
err
;
for
(
j
=
0
;
j
<
numpipes
;
j
++
)
{
size_t
origlen
;
/* Allocate bytes for the encryption overhead */
if
(
!
WPACKET_get_length
(
&
pkt
[
j
],
&
origlen
)
/* Encryption should never shrink the data! */
||
origlen
>
wr
[
j
].
length
||
(
wr
[
j
].
length
>
origlen
&&
!
WPACKET_allocate_bytes
(
&
pkt
[
j
],
wr
[
j
].
length
-
origlen
,
NULL
)))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
if
(
SSL_USE_ETM
(
s
)
&&
mac_size
!=
0
)
{
if
(
!
s
->
method
->
ssl3_enc
->
mac
(
s
,
&
wr
[
j
],
outbuf
[
j
]
+
wr
[
j
].
length
,
1
))
unsigned
char
*
mac
;
if
(
!
WPACKET_allocate_bytes
(
&
pkt
[
j
],
mac_size
,
&
mac
)
||
!
s
->
method
->
ssl3_enc
->
mac
(
s
,
&
wr
[
j
],
mac
,
1
))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
SSL3_RECORD_add_length
(
&
wr
[
j
],
mac_size
);
}
/* record length after mac and block padding */
s2n
(
SSL3_RECORD_get_length
(
&
wr
[
j
]),
plen
[
j
]);
if
(
!
WPACKET_get_length
(
&
pkt
[
j
],
&
len
)
||
!
WPACKET_close
(
&
pkt
[
j
]))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
if
(
s
->
msg_callback
)
s
->
msg_callback
(
1
,
0
,
SSL3_RT_HEADER
,
plen
[
j
]
-
5
,
5
,
s
,
if
(
s
->
msg_callback
)
{
recordstart
=
WPACKET_get_curr
(
&
pkt
[
j
])
-
len
-
SSL3_RT_HEADER_LENGTH
;
s
->
msg_callback
(
1
,
0
,
SSL3_RT_HEADER
,
recordstart
,
SSL3_RT_HEADER_LENGTH
,
s
,
s
->
msg_callback_arg
);
}
if
(
!
WPACKET_finish
(
&
pkt
[
j
]))
{
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
/*
* we should now have wr->data pointing to the encrypted data, which is
...
...
@@ -889,6 +966,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* we now just need to write the buffer */
return
ssl3_write_pending
(
s
,
type
,
buf
,
totlen
,
written
);
err:
for
(
j
=
0
;
j
<
wpinited
;
j
++
)
WPACKET_cleanup
(
&
pkt
[
j
]);
return
-
1
;
}
...
...
ssl/record/ssl3_record.c
浏览文件 @
c7c42022
...
...
@@ -553,7 +553,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
/* TODO(size_t): Convert this call */
i
=
COMP_compress_block
(
ssl
->
compress
,
wr
->
data
,
SSL3_RT_MAX_COMPRESSED_LENGTH
,
(
int
)(
wr
->
length
+
SSL3_RT_MAX_COMPRESSED_OVERHEAD
)
,
wr
->
input
,
(
int
)
wr
->
length
);
if
(
i
<
0
)
return
(
0
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
