* multiple records in one go and buffer them.
*/
int (*read_record)(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
- int *type, unsigned char **data, size_t *datalen,
+ int *type, const unsigned char **data, size_t *datalen,
uint16_t *epoch, unsigned char *seq_num);
/*
* Release a buffer associated with a record previously read with
}
static int quic_read_record(OSSL_RECORD_LAYER *rl, void **rechandle,
- int *rversion, int *type, unsigned char **data,
+ int *rversion, int *type, const unsigned char **data,
size_t *datalen, uint16_t *epoch,
unsigned char *seq_num)
{
BIO_clear_retry_flags(rl->dummybio);
- /*
- * TODO(QUIC): Cast data to const, which should be safe....can read_record
- * be modified to pass this as const to start with?
- */
- if (!rl->qtls->args.crypto_recv_rcd_cb((const unsigned char **)data, datalen,
+ if (!rl->qtls->args.crypto_recv_rcd_cb(data, datalen,
rl->qtls->args.crypto_recv_rcd_cb_arg)) {
QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
int tls_get_alert_code(OSSL_RECORD_LAYER *rl);
int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio);
int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
- int *type, unsigned char **data, size_t *datalen,
+ int *type, const unsigned char **data, size_t *datalen,
uint16_t *epoch, unsigned char *seq_num);
int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle);
int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
}
int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
- int *type, unsigned char **data, size_t *datalen,
+ int *type, const unsigned char **data, size_t *datalen,
uint16_t *epoch, unsigned char *seq_num)
{
TLS_RL_RECORD *rec;
while ((item = pqueue_pop(d->buffered_app_data.q)) != NULL) {
rec = (TLS_RECORD *)item->data;
+
if (rl->s->options & SSL_OP_CLEANSE_PLAINTEXT)
- OPENSSL_cleanse(rec->data, rec->length);
- OPENSSL_free(rec->data);
+ OPENSSL_cleanse(rec->allocdata, rec->length);
+ OPENSSL_free(rec->allocdata);
OPENSSL_free(item->data);
pitem_free(item);
}
* now. Copying data isn't good - but this should be infrequent so we
* accept it here.
*/
- rdata->data = OPENSSL_memdup(rec->data, rec->length);
+ rdata->data = rdata->allocdata = OPENSSL_memdup(rec->data, rec->length);
if (rdata->data == NULL) {
OPENSSL_free(rdata);
pitem_free(item);
if (pqueue_insert(queue->q, item) == NULL) {
/* Must be a duplicate so ignore it */
- OPENSSL_free(rdata->data);
+ OPENSSL_free(rdata->allocdata);
OPENSSL_free(rdata);
pitem_free(item);
}
if (rr->length == 0)
ssl_release_record(sc, rr);
} else {
+ /* TODO(RECLAYER): Casting away the const is wrong! FIX ME */
if (sc->options & SSL_OP_CLEANSE_PLAINTEXT)
- OPENSSL_cleanse(&(rr->data[rr->off]), n);
+ OPENSSL_cleanse((unsigned char *)&(rr->data[rr->off]), n);
rr->length -= n;
rr->off += n;
if (rr->length == 0)
if (rr->type == SSL3_RT_ALERT) {
unsigned int alert_level, alert_descr;
- unsigned char *alert_bytes = rr->data + rr->off;
+ const unsigned char *alert_bytes = rr->data + rr->off;
PACKET alert;
if (!PACKET_buf_init(&alert, alert_bytes, rr->length)
s->rlayer.rrlmethod->release_record(s->rlayer.rrl, rr->rechandle);
} else {
/* We allocated the buffers for this record (only happens with DTLS) */
- OPENSSL_free(rr->data);
+ OPENSSL_free(rr->allocdata);
+ rr->allocdata = NULL;
}
s->rlayer.curr_rec++;
}
if (rr->length == 0)
ssl_release_record(s, rr);
} else {
+ /* TODO(RECLAYER) Casting away the const here is wrong! FIX ME */
if (s->options & SSL_OP_CLEANSE_PLAINTEXT)
- OPENSSL_cleanse(&(rr->data[rr->off]), n);
+ OPENSSL_cleanse((unsigned char *)&(rr->data[rr->off]), n);
rr->length -= n;
rr->off += n;
if (rr->length == 0)
if (rr->type == SSL3_RT_ALERT) {
unsigned int alert_level, alert_descr;
- unsigned char *alert_bytes = rr->data
- + rr->off;
+ const unsigned char *alert_bytes = rr->data + rr->off;
PACKET alert;
if (!PACKET_buf_init(&alert, alert_bytes, rr->length)
int version;
int type;
/* The data buffer containing bytes from the record */
- unsigned char *data;
+ const unsigned char *data;
+ /*
+ * Buffer that we allocated to store data. If non NULL always the same as
+ * data (but non-const)
+ */
+ unsigned char *allocdata;
/* Number of remaining to be read in the data buffer */
size_t length;
/* Offset into the data buffer where to start reading */
int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s);
void dtls1_clear_received_buffer(SSL_CONNECTION *s);
void dtls1_clear_sent_buffer(SSL_CONNECTION *s);
-void dtls1_get_message_header(unsigned char *data,
+void dtls1_get_message_header(const unsigned char *data,
struct hm_header_st *msg_hdr);
__owur OSSL_TIME dtls1_default_timeout(void);
__owur OSSL_TIME *dtls1_get_timeout(SSL_CONNECTION *s, OSSL_TIME *timeleft);
return p;
}
-void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
+void dtls1_get_message_header(const unsigned char *data, struct
+ hm_header_st *msg_hdr)
{
memset(msg_hdr, 0, sizeof(*msg_hdr));
msg_hdr->type = *(data++);
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
- void *zbuf;
+ const unsigned char *zbuf;
SSL_CONNECTION *serversc;
TLS_RECORD *rr;