提交 585e6919 编写于 作者: M Matt Caswell

Use the read and write buffers in DTLSv1_listen()

Rather than using init_buf we use the record layer read and write buffers
in DTLSv1_listen(). These seem more appropriate anyway and will help with
the next commit.
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7375)

(cherry picked from commit 2fc4c77c3f06443f4c476f6f58d83e5e108d1dce)
上级 6c529877
......@@ -449,11 +449,10 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char seq[SEQ_NUM_SIZE];
const unsigned char *data;
unsigned char *buf;
unsigned char *buf, *wbuf;
size_t fragoff, fraglen, msglen;
unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
BIO *rbio, *wbio;
BUF_MEM *bufm;
BIO_ADDR *tmpclient = NULL;
PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
......@@ -495,34 +494,19 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
return -1;
}
if (s->init_buf == NULL) {
if ((bufm = BUF_MEM_new()) == NULL) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
return -1;
}
if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
BUF_MEM_free(bufm);
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
return -1;
}
s->init_buf = bufm;
if (!ssl3_setup_buffers(s)) {
/* SSLerr already called */
return -1;
}
buf = (unsigned char *)s->init_buf->data;
buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
do {
/* Get a packet */
clear_sys_error();
/*
* Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
* + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store
* the record header as well, but we do here. We've set up init_buf to
* be the standard size for simplicity. In practice we shouldn't ever
* receive a ClientHello as long as this. If we do it will get dropped
* in the record length check below.
*/
n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH
+ DTLS1_RT_HEADER_LENGTH);
if (n <= 0) {
if (BIO_should_retry(rbio)) {
......@@ -732,7 +716,11 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
: s->version;
/* Construct the record and message headers */
if (!WPACKET_init(&wpkt, s->init_buf)
if (!WPACKET_init_static_len(&wpkt,
wbuf,
SSL3_RT_MAX_PLAIN_LENGTH
+ DTLS1_RT_HEADER_LENGTH,
0)
|| !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE)
|| !WPACKET_put_bytes_u16(&wpkt, version)
/*
......@@ -790,8 +778,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* plus one byte for the message content type. The source is the
* last 3 bytes of the message header
*/
memcpy(&buf[DTLS1_RT_HEADER_LENGTH + 1],
&buf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1],
&wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
3);
if (s->msg_callback)
......@@ -815,7 +803,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
tmpclient = NULL;
/* TODO(size_t): convert this call */
if (BIO_write(wbio, buf, wreclen) < (int)wreclen) {
if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) {
if (BIO_should_retry(wbio)) {
/*
* Non-blocking IO...but we're stateless, so we're just
......@@ -865,6 +853,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
if (BIO_dgram_get_peer(rbio, client) <= 0)
BIO_ADDR_clear(client);
ret = 1;
clearpkt = 0;
end:
......
......@@ -188,6 +188,8 @@ typedef struct record_layer_st {
((rl)->d->processed_rcds)
#define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
((rl)->d->unprocessed_rcds)
#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl);
......
......@@ -18,8 +18,6 @@
/* Functions/macros provided by the RECORD_LAYER component */
#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
#define RECORD_LAYER_get_rrec(rl) ((rl)->rrec)
#define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p))
#define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册