unconditionally align SSL payloads

Remove support for conditional payload alignment, since we would never want to turn it off. Also, consistently use size_t for calculating the alignment. ok miod@
author: bcook <> 2014-12-14 21:49:29 +0000
committer: bcook <> 2014-12-14 21:49:29 +0000
commit: 02216b57a0ccb0dd187f3ea646c6ae40e827d3ae (patch)
tree: 4192f8b6f420704e7598dbfb017975afb1eebace /src/lib/libssl/s3_pkt.c
parent: 9d7627cb78b8d58f06310b08151767a7309504dc (diff)
download: openbsd-02216b57a0ccb0dd187f3ea646c6ae40e827d3ae.tar.gz
openbsd-02216b57a0ccb0dd187f3ea646c6ae40e827d3ae.tar.bz2
openbsd-02216b57a0ccb0dd187f3ea646c6ae40e827d3ae.zip
1 files changed, 11 insertions, 15 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 9f98e6f540..117e6ec2da 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.53 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -132,7 +132,7 @@ int
 ssl3_read_n(SSL *s, int n, int max, int extend)
 {
        int i, len, left;
-        long align = 0;
+        size_t align;
        unsigned char *pkt;
        SSL3_BUFFER *rb;
@@ -145,10 +145,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
                        return -1;
        left = rb->left;
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
-        align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
+        align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
-        align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);
-#endif
        if (!extend) {
                /* start with empty packet ... */
@@ -572,7 +570,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        int i, mac_size, clear = 0;
        int prefix_len = 0;
        int eivlen;
-        long align = 0;
+        size_t align;
        SSL3_RECORD *wr;
        SSL3_BUFFER *wb = &(s->s3->wbuf);
        SSL_SESSION *sess;
@@ -646,23 +644,21 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        }
        if (create_empty_fragment) {
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
                /* extra fragment would be couple of cipher blocks,
                 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
                 * if we want to align the real payload, then we can
                 * just pretent we simply have two headers. */
-                align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
+                align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH;
-                align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);
+                align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
-#endif
                p = wb->buf + align;
                wb->offset = align;
        } else if (prefix_len) {
                p = wb->buf + wb->offset + prefix_len;
        } else {
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+                align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
-                align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
+                align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
-                align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);
-#endif
                p = wb->buf + align;
                wb->offset = align;
        }
author	bcook <>	2014-12-14 21:49:29 +0000
committer	bcook <>	2014-12-14 21:49:29 +0000
commit	02216b57a0ccb0dd187f3ea646c6ae40e827d3ae (patch)
tree	4192f8b6f420704e7598dbfb017975afb1eebace /src/lib/libssl/s3_pkt.c
parent	9d7627cb78b8d58f06310b08151767a7309504dc (diff)
download	openbsd-02216b57a0ccb0dd187f3ea646c6ae40e827d3ae.tar.gz openbsd-02216b57a0ccb0dd187f3ea646c6ae40e827d3ae.tar.bz2 openbsd-02216b57a0ccb0dd187f3ea646c6ae40e827d3ae.zip

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 9f98e6f540..117e6ec2da 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_pkt.c,v 1.53 2014/12/14 15:30:50 jsing Exp $ */	1	/* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -132,7 +132,7 @@ int
132	ssl3_read_n(SSL *s, int n, int max, int extend)	132	ssl3_read_n(SSL *s, int n, int max, int extend)
133	{	133	{
134	int i, len, left;	134	int i, len, left;
135	long align = 0;	135	size_t align;
136	unsigned char *pkt;	136	unsigned char *pkt;
137	SSL3_BUFFER *rb;	137	SSL3_BUFFER *rb;
138		138
@@ -145,10 +145,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
145	return -1;	145	return -1;
146		146
147	left = rb->left;	147	left = rb->left;
148	#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0	148	align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
149	align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;	149	align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
150	align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);
151	#endif
152		150
153	if (!extend) {	151	if (!extend) {
154	/* start with empty packet ... */	152	/* start with empty packet ... */
@@ -572,7 +570,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
572	int i, mac_size, clear = 0;	570	int i, mac_size, clear = 0;
573	int prefix_len = 0;	571	int prefix_len = 0;
574	int eivlen;	572	int eivlen;
575	long align = 0;	573	size_t align;
576	SSL3_RECORD *wr;	574	SSL3_RECORD *wr;
577	SSL3_BUFFER *wb = &(s->s3->wbuf);	575	SSL3_BUFFER *wb = &(s->s3->wbuf);
578	SSL_SESSION *sess;	576	SSL_SESSION *sess;
@@ -646,23 +644,21 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
646	}	644	}
647		645
648	if (create_empty_fragment) {	646	if (create_empty_fragment) {
649	#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
650	/* extra fragment would be couple of cipher blocks,	647	/* extra fragment would be couple of cipher blocks,
651	* which would be multiple of SSL3_ALIGN_PAYLOAD, so	648	* which would be multiple of SSL3_ALIGN_PAYLOAD, so
652	* if we want to align the real payload, then we can	649	* if we want to align the real payload, then we can
653	* just pretent we simply have two headers. */	650	* just pretent we simply have two headers. */
654	align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;	651	align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH;
655	align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);	652	align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
656	#endif	653
657	p = wb->buf + align;	654	p = wb->buf + align;
658	wb->offset = align;	655	wb->offset = align;
659	} else if (prefix_len) {	656	} else if (prefix_len) {
660	p = wb->buf + wb->offset + prefix_len;	657	p = wb->buf + wb->offset + prefix_len;
661	} else {	658	} else {
662	#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0	659	align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
663	align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;	660	align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
664	align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);	661
665	#endif
666	p = wb->buf + align;	662	p = wb->buf + align;
667	wb->offset = align;	663	wb->offset = align;
668	}	664	}