summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2022-10-17 16:46:02 +0200
committerMatt Caswell <matt@openssl.org>2022-10-20 15:39:33 +0200
commite158ada6a74e5903354fdd5a6f56a32bbbba69fd (patch)
tree7e5df16b6dfdb022af0e0b9aa8fa564196a16274 /ssl
parentRemove some TODO(RECLAYER) comments now that DTLS has been moved (diff)
downloadopenssl-e158ada6a74e5903354fdd5a6f56a32bbbba69fd.tar.xz
openssl-e158ada6a74e5903354fdd5a6f56a32bbbba69fd.zip
Remove the old buffer management code
We no longer use the old buffer management code now that it has all been moved to the new record layer. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/d1_lib.c9
-rw-r--r--ssl/record/build.info2
-rw-r--r--ssl/record/methods/recmethod_local.h16
-rw-r--r--ssl/record/methods/tls_common.c6
-rw-r--r--ssl/record/rec_layer_d1.c13
-rw-r--r--ssl/record/rec_layer_s3.c12
-rw-r--r--ssl/record/record.h12
-rw-r--r--ssl/record/record_local.h24
-rw-r--r--ssl/record/ssl3_buffer.c99
-rw-r--r--ssl/ssl_lib.c3
-rw-r--r--ssl/ssl_local.h2
-rw-r--r--ssl/ssl_utst.c1
-rw-r--r--ssl/statem/extensions.c6
-rw-r--r--ssl/statem/statem.c4
14 files changed, 35 insertions, 174 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index b82ddec517..a4ac629926 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -454,14 +454,12 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
return -1;
}
- if (!ssl3_setup_buffers(s)) {
- /* ERR_raise() already called */
- return -1;
- }
buf = OPENSSL_malloc(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_PLAIN_LENGTH);
if (buf == NULL)
return -1;
- wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
+ wbuf = OPENSSL_malloc(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_PLAIN_LENGTH);
+ if (buf == NULL)
+ return -1;
do {
/* Get a packet */
@@ -836,6 +834,7 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
end:
BIO_ADDR_free(tmpclient);
OPENSSL_free(buf);
+ OPENSSL_free(wbuf);
return ret;
}
#endif
diff --git a/ssl/record/build.info b/ssl/record/build.info
index 15a4f8b386..8dfac91dae 100644
--- a/ssl/record/build.info
+++ b/ssl/record/build.info
@@ -11,7 +11,7 @@ IF[{- !$disabled{asm} -}]
ENDIF
SOURCE[../../libssl]=\
- rec_layer_s3.c rec_layer_d1.c ssl3_buffer.c ssl3_record.c \
+ rec_layer_s3.c rec_layer_d1.c ssl3_record.c \
ssl3_record_tls13.c
# For shared builds we need to include the sources needed in providers
diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h
index 2552a8c0ac..21a8297b08 100644
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -460,3 +460,19 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
int tls_write_records_default(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *templates,
size_t numtempl);
+
+/* Macros/functions provided by the SSL3_BUFFER component */
+
+#define SSL3_BUFFER_get_buf(b) ((b)->buf)
+#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n))
+#define SSL3_BUFFER_get_len(b) ((b)->len)
+#define SSL3_BUFFER_get_left(b) ((b)->left)
+#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l))
+#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l))
+#define SSL3_BUFFER_get_offset(b) ((b)->offset)
+#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o))
+#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o))
+#define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l))
+#define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer)
+
+void SSL3_BUFFER_release(SSL3_BUFFER *b);
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 5c27a6af15..7f1658899d 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -22,6 +22,12 @@
static void tls_int_free(OSSL_RECORD_LAYER *rl);
+void SSL3_BUFFER_release(SSL3_BUFFER *b)
+{
+ OPENSSL_free(b->buf);
+ b->buf = NULL;
+}
+
void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
const char *fmt, ...)
{
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index e8b3242e28..2d74280188 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -639,21 +639,8 @@ int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
int i;
OSSL_RECORD_TEMPLATE tmpl;
SSL *s = SSL_CONNECTION_GET_SSL(sc);
- SSL3_BUFFER *wb;
int ret;
- wb = &sc->rlayer.wbuf[0];
-
- /*
- * DTLS writes whole datagrams, so there can't be anything left in
- * the buffer.
- */
- /* TODO(RECLAYER): Remove me */
- if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
- SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
/* If we have an alert to send, lets send it */
if (sc->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index bc115684b7..301742dba5 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -33,8 +33,6 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
rl->wpend_ret = 0;
rl->wpend_buf = NULL;
- ssl3_release_write_buffer(rl->s);
-
RECORD_LAYER_reset_write_sequence(rl);
if (rl->rrlmethod != NULL)
@@ -54,8 +52,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
void RECORD_LAYER_release(RECORD_LAYER *rl)
{
- if (rl->numwpipes > 0)
- ssl3_release_write_buffer(rl->s);
+ /*
+ * TODO(RECLAYER): Need a way to release the write buffers in the record
+ * layer on demand
+ */
}
/* Checks if we have unprocessed read ahead data pending */
@@ -73,10 +73,6 @@ int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
{
- /* TODO(RECLAYER): Remove me when DTLS is moved to the write record layer */
- if (SSL_CONNECTION_IS_DTLS(rl->s))
- return (rl->numwpipes > 0)
- && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
return rl->wpend_tot > 0;
}
diff --git a/ssl/record/record.h b/ssl/record/record.h
index 501963756b..1cb24b835b 100644
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -21,7 +21,7 @@ typedef struct ssl3_buffer_st SSL3_BUFFER;
*****************************************************************************/
struct ssl3_buffer_st {
- /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
+ /* at least SSL3_RT_MAX_PACKET_SIZE bytes */
unsigned char *buf;
/* default buffer size (or 0 if no default set) */
size_t default_len;
@@ -149,14 +149,7 @@ typedef struct record_layer_st {
* non-blocking reads)
*/
int read_ahead;
- /*
- * TODO(RECLAYER): These next 2 fields can be removed when DTLS is moved to
- * the new write record layer architecture.
- */
- /* How many pipelines can be used to write data */
- size_t numwpipes;
- /* write IO goes into here */
- SSL3_BUFFER wbuf[SSL_MAX_PIPELINES + 1];
+
/* number of bytes sent so far */
size_t wnum;
unsigned char handshake_fragment[4];
@@ -225,7 +218,6 @@ __owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len,
__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, size_t len, int peek,
size_t *readbytes);
-__owur int ssl3_setup_buffers(SSL_CONNECTION *s);
__owur int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs,
int sending, SSL_MAC_BUF *mac, size_t macsize);
__owur int tls1_mac_old(SSL_CONNECTION *s, SSL3_RECORD *rec, unsigned char *md,
diff --git a/ssl/record/record_local.h b/ssl/record/record_local.h
index 04bf2ef6a0..b7535ef004 100644
--- a/ssl/record/record_local.h
+++ b/ssl/record/record_local.h
@@ -27,30 +27,6 @@
int dtls_buffer_record(SSL_CONNECTION *s, TLS_RECORD *rec);
-/* Macros/functions provided by the SSL3_BUFFER component */
-
-#define SSL3_BUFFER_get_buf(b) ((b)->buf)
-#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n))
-#define SSL3_BUFFER_get_len(b) ((b)->len)
-#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l))
-#define SSL3_BUFFER_get_left(b) ((b)->left)
-#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l))
-#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l))
-#define SSL3_BUFFER_get_offset(b) ((b)->offset)
-#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o))
-#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o))
-#define SSL3_BUFFER_is_initialised(b) ((b)->buf != NULL)
-#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l))
-#define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l))
-#define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer)
-
-void SSL3_BUFFER_clear(SSL3_BUFFER *b);
-void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n);
-void SSL3_BUFFER_release(SSL3_BUFFER *b);
-__owur int ssl3_setup_write_buffer(SSL_CONNECTION *s, size_t numwpipes,
- size_t len);
-int ssl3_release_write_buffer(SSL_CONNECTION *s);
-
/* Macros/functions provided by the SSL3_RECORD component */
#define SSL3_RECORD_get_type(r) ((r)->type)
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 1bb4840f88..f165e08705 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -33,102 +33,3 @@ void SSL3_BUFFER_release(SSL3_BUFFER *b)
OPENSSL_free(b->buf);
b->buf = NULL;
}
-
-int ssl3_setup_write_buffer(SSL_CONNECTION *s, size_t numwpipes, size_t len)
-{
- unsigned char *p;
- size_t align = 0, headerlen;
- SSL3_BUFFER *wb;
- size_t currpipe;
-
- /*
- * TODO(RECLAYER): Eventually this function can be removed once everything
- * is moved to the write record layer.
- */
- if (!SSL_CONNECTION_IS_DTLS(s))
- return 1;
-
- s->rlayer.numwpipes = numwpipes;
-
- if (len == 0) {
- if (SSL_CONNECTION_IS_DTLS(s))
- headerlen = DTLS1_RT_HEADER_LENGTH + 1;
- else
- headerlen = SSL3_RT_HEADER_LENGTH;
-
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
- align = SSL3_ALIGN_PAYLOAD - 1;
-#endif
-
- len = ssl_get_max_send_fragment(s)
- + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-#ifndef OPENSSL_NO_COMP
- if (ssl_allow_compression(s))
- len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
-#endif
- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
- len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
- }
-
- wb = RECORD_LAYER_get_wbuf(&s->rlayer);
- for (currpipe = 0; currpipe < numwpipes; currpipe++) {
- SSL3_BUFFER *thiswb = &wb[currpipe];
-
- if (thiswb->len != len) {
- OPENSSL_free(thiswb->buf);
- thiswb->buf = NULL; /* force reallocation */
- }
-
- if (thiswb->buf == NULL) {
- if (s->wbio == NULL || !BIO_get_ktls_send(s->wbio)) {
- p = OPENSSL_malloc(len);
- if (p == NULL) {
- s->rlayer.numwpipes = currpipe;
- /*
- * We've got a malloc failure, and we're still initialising
- * buffers. We assume we're so doomed that we won't even be able
- * to send an alert.
- */
- SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_CRYPTO_LIB);
- return 0;
- }
- } else {
- p = NULL;
- }
- memset(thiswb, 0, sizeof(SSL3_BUFFER));
- thiswb->buf = p;
- thiswb->len = len;
- }
- }
-
- return 1;
-}
-
-int ssl3_setup_buffers(SSL_CONNECTION *s)
-{
- if (!ssl3_setup_write_buffer(s, 1, 0)) {
- /* SSLfatal() already called */
- return 0;
- }
- return 1;
-}
-
-int ssl3_release_write_buffer(SSL_CONNECTION *s)
-{
- SSL3_BUFFER *wb;
- size_t pipes;
-
- pipes = s->rlayer.numwpipes;
- while (pipes > 0) {
- wb = &RECORD_LAYER_get_wbuf(&s->rlayer)[pipes - 1];
-
- if (SSL3_BUFFER_is_app_buffer(wb))
- SSL3_BUFFER_set_app_buffer(wb, 0);
- else
- OPENSSL_free(wb->buf);
- wb->buf = NULL;
- pipes--;
- }
- s->rlayer.numwpipes = 0;
- return 1;
-}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 77b0fcefc3..d47526b6cf 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -6388,7 +6388,8 @@ int SSL_alloc_buffers(SSL *ssl)
if (sc == NULL)
return 0;
- return ssl3_setup_buffers(sc);
+ /* TODO(RECLAYER): Need a way to make this happen in the record layer */
+ return 1;
}
void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index a1f15a712f..6a935760a0 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2447,7 +2447,6 @@ const SSL_METHOD *func_name(void) \
struct openssl_ssl_test_functions {
int (*p_ssl_init_wbio_buffer) (SSL_CONNECTION *s);
- int (*p_ssl3_setup_buffers) (SSL_CONNECTION *s);
};
const char *ssl_protocol_to_string(int version);
@@ -2959,7 +2958,6 @@ void ssl_session_calculate_timeout(SSL_SESSION *ss);
# else /* OPENSSL_UNIT_TEST */
# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
-# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
# endif
diff --git a/ssl/ssl_utst.c b/ssl/ssl_utst.c
index 690db6d497..91be7398ca 100644
--- a/ssl/ssl_utst.c
+++ b/ssl/ssl_utst.c
@@ -13,7 +13,6 @@
static const struct openssl_ssl_test_functions ssl_test_functions = {
ssl_init_wbio_buffer,
- ssl3_setup_buffers,
};
const struct openssl_ssl_test_functions *SSL_test_functions(void)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index b879050c40..601682152a 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1732,12 +1732,6 @@ static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
GET_MAX_FRAGMENT_LENGTH(s->session));
s->rlayer.wrlmethod->set_max_frag_len(s->rlayer.wrl,
ssl_get_max_send_fragment(s));
- /* trigger a larger buffer reallocation */
- /* TODO(RECLAYER): Remove me when DTLS moved to write record layer */
- if (SSL_CONNECTION_IS_DTLS(s) && !ssl3_setup_buffers(s)) {
- /* SSLfatal() already called */
- return 0;
- }
}
return 1;
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 448d655a17..921d7cfb1e 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -439,10 +439,6 @@ static int state_machine(SSL_CONNECTION *s, int server)
buf = NULL;
}
- if (!ssl3_setup_buffers(s)) {
- SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
- goto end;
- }
s->init_num = 0;
/*