1 --- openssl-1.0.0a.orig/ssl/d1_pkt.c 2010-04-14 00:09:55.000000000 +0000 2 +++ openssl-1.0.0a/ssl/d1_pkt.c 2010-08-25 21:12:39.000000000 +0000 3 @@ -608,6 +608,24 @@ again: 4 goto again; 5 } 6 7 + /* If we receive a valid record larger than the current buffer size, 8 + * allocate some memory for it. 9 + */ 10 + if (rr->length > s->s3->rbuf.len - DTLS1_RT_HEADER_LENGTH) 11 + { 12 + unsigned char *pp; 13 + unsigned int newlen = rr->length + DTLS1_RT_HEADER_LENGTH; 14 + if ((pp=OPENSSL_realloc(s->s3->rbuf.buf, newlen))==NULL) 15 + { 16 + SSLerr(SSL_F_DTLS1_GET_RECORD,ERR_R_MALLOC_FAILURE); 17 + return(-1); 18 + } 19 + p = pp + (p - s->s3->rbuf.buf); 20 + s->s3->rbuf.buf=pp; 21 + s->s3->rbuf.len=newlen; 22 + s->packet= &(s->s3->rbuf.buf[0]); 23 + } 24 + 25 /* now s->rstate == SSL_ST_READ_BODY */ 26 } 27 28 @@ -1342,6 +1360,7 @@ int do_dtls1_write(SSL *s, int type, con 29 SSL3_BUFFER *wb; 30 SSL_SESSION *sess; 31 int bs; 32 + unsigned int len_with_overhead = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD; 33 34 /* first check if there is a SSL3_BUFFER still being written 35 * out. This will happen with non blocking IO */ 36 @@ -1351,6 +1370,16 @@ int do_dtls1_write(SSL *s, int type, con 37 return(ssl3_write_pending(s,type,buf,len)); 38 } 39 40 + if (s->s3->wbuf.len < len_with_overhead) 41 + { 42 + if ((p=OPENSSL_realloc(s->s3->wbuf.buf, len_with_overhead)) == NULL) { 43 + SSLerr(SSL_F_DO_DTLS1_WRITE,ERR_R_MALLOC_FAILURE); 44 + goto err; 45 + } 46 + s->s3->wbuf.buf = p; 47 + s->s3->wbuf.len = len_with_overhead; 48 + } 49 + 50 /* If we have an alert to send, lets send it */ 51 if (s->s3->alert_dispatch) 52 { 53 --- openssl-1.0.0a.orig/ssl/s23_srvr.c 2010-02-16 14:20:40.000000000 +0000 54 +++ openssl-1.0.0a/ssl/s23_srvr.c 2010-08-25 21:12:39.000000000 +0000 55 @@ -403,8 +403,13 @@ int ssl23_get_client_hello(SSL *s) 56 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ 57 v[1] = p[4]; 58 59 +/* The SSL2 protocol allows n to be larger, just pick 60 + * a reasonable buffer size. */ 61 +#if SSL3_RT_DEFAULT_PACKET_SIZE < 1024*4 - SSL3_RT_DEFAULT_WRITE_OVERHEAD 62 +#error "SSL3_RT_DEFAULT_PACKET_SIZE is too small." 63 +#endif 64 n=((p[0]&0x7f)<<8)|p[1]; 65 - if (n > (1024*4)) 66 + if (n > SSL3_RT_DEFAULT_PACKET_SIZE - 2) 67 { 68 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); 69 goto err; 70 --- openssl-1.0.0a.orig/ssl/s3_both.c 2010-03-24 23:16:49.000000000 +0000 71 +++ openssl-1.0.0a/ssl/s3_both.c 2010-08-25 21:12:39.000000000 +0000 72 @@ -715,13 +722,20 @@ int ssl3_setup_read_buffer(SSL *s) 73 74 if (s->s3->rbuf.buf == NULL) 75 { 76 - len = SSL3_RT_MAX_PLAIN_LENGTH 77 - + SSL3_RT_MAX_ENCRYPTED_OVERHEAD 78 - + headerlen + align; 79 - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 80 + if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) 81 { 82 - s->s3->init_extra = 1; 83 - len += SSL3_RT_MAX_EXTRA; 84 + len = SSL3_RT_DEFAULT_PACKET_SIZE; 85 + } 86 + else 87 + { 88 + len = SSL3_RT_MAX_PLAIN_LENGTH 89 + + SSL3_RT_MAX_ENCRYPTED_OVERHEAD 90 + + headerlen + align; 91 + if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 92 + { 93 + s->s3->init_extra = 1; 94 + len += SSL3_RT_MAX_EXTRA; 95 + } 96 } 97 #ifndef OPENSSL_NO_COMP 98 if (!(s->options & SSL_OP_NO_COMPRESSION)) 99 @@ -757,7 +771,15 @@ int ssl3_setup_write_buffer(SSL *s) 100 101 if (s->s3->wbuf.buf == NULL) 102 { 103 - len = s->max_send_fragment 104 + if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) 105 + { 106 + len = SSL3_RT_DEFAULT_PACKET_SIZE; 107 + } 108 + else 109 + { 110 + len = s->max_send_fragment; 111 + } 112 + len += 0 113 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD 114 + headerlen + align; 115 #ifndef OPENSSL_NO_COMP 116 @@ -767,7 +789,6 @@ int ssl3_setup_write_buffer(SSL *s) 117 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 118 len += headerlen + align 119 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 120 - 121 if ((p=freelist_extract(s->ctx, 0, len)) == NULL) 122 goto err; 123 s->s3->wbuf.buf = p; 124 @@ -810,4 +831,3 @@ int ssl3_release_read_buffer(SSL *s) 125 } 126 return 1; 127 } 128 - 129 --- openssl-1.0.0a.orig/ssl/s3_pkt.c 2010-03-25 11:22:42.000000000 +0000 130 +++ openssl-1.0.0a/ssl/s3_pkt.c 2010-08-25 21:12:39.000000000 +0000 131 @@ -293,6 +293,11 @@ static int ssl3_get_record(SSL *s) 132 size_t extra; 133 int decryption_failed_or_bad_record_mac = 0; 134 unsigned char *mac = NULL; 135 +#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 136 + long align=SSL3_ALIGN_PAYLOAD; 137 +#else 138 + long align=0; 139 +#endif 140 141 rr= &(s->s3->rrec); 142 sess=s->session; 143 @@ -301,7 +306,8 @@ static int ssl3_get_record(SSL *s) 144 extra=SSL3_RT_MAX_EXTRA; 145 else 146 extra=0; 147 - if (extra && !s->s3->init_extra) 148 + if (!(SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) && 149 + extra && !s->s3->init_extra) 150 { 151 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER 152 * set after ssl3_setup_buffers() was done */ 153 @@ -350,6 +356,21 @@ fprintf(stderr, "Record type=%d, Length= 154 goto err; 155 } 156 157 + /* If we receive a valid record larger than the current buffer size, 158 + * allocate some memory for it. 159 + */ 160 + if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH - align) 161 + { 162 + if ((p=OPENSSL_realloc(s->s3->rbuf.buf, rr->length + SSL3_RT_HEADER_LENGTH + align))==NULL) 163 + { 164 + SSLerr(SSL_F_SSL3_GET_RECORD,ERR_R_MALLOC_FAILURE); 165 + goto err; 166 + } 167 + s->s3->rbuf.buf=p; 168 + s->s3->rbuf.len=rr->length + SSL3_RT_HEADER_LENGTH + align; 169 + s->packet= &(s->s3->rbuf.buf[0]); 170 + } 171 + 172 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) 173 { 174 al=SSL_AD_RECORD_OVERFLOW; 175 @@ -576,6 +597,7 @@ int ssl3_write_bytes(SSL *s, int type, c 176 const unsigned char *buf=buf_; 177 unsigned int tot,n,nw; 178 int i; 179 + unsigned int max_plain_length; 180 181 s->rwstate=SSL_NOTHING; 182 tot=s->s3->wnum; 183 @@ -595,8 +617,13 @@ int ssl3_write_bytes(SSL *s, int type, c 184 n=(len-tot); 185 for (;;) 186 { 187 - if (n > s->max_send_fragment) 188 - nw=s->max_send_fragment; 189 + if (type == SSL3_RT_APPLICATION_DATA && (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS)) 190 + max_plain_length = SSL3_RT_DEFAULT_PLAIN_LENGTH; 191 + else 192 + max_plain_length = s->max_send_fragment; 193 + 194 + if (n > max_plain_length) 195 + nw = max_plain_length; 196 else 197 nw=n; 198 199 @@ -727,6 +727,18 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 200 s->s3->empty_fragment_done = 1; 201 } 202 203 + /* resize if necessary to hold the data. */ 204 + if (len + SSL3_RT_DEFAULT_WRITE_OVERHEAD > wb->len) 205 + { 206 + if ((p=OPENSSL_realloc(wb->buf, len + SSL3_RT_DEFAULT_WRITE_OVERHEAD))==NULL) 207 + { 208 + SSLerr(SSL_F_DO_SSL3_WRITE,ERR_R_MALLOC_FAILURE); 209 + goto err; 210 + } 211 + wb->buf = p; 212 + wb->len = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD; 213 + } 214 + 215 if (create_empty_fragment) 216 { 217 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 218 --- openssl-1.0.0a.orig/ssl/ssl.h 2010-01-06 17:37:38.000000000 +0000 219 +++ openssl-1.0.0a/ssl/ssl.h 2010-08-25 21:12:39.000000000 +0000 220 @@ -602,6 +602,9 @@ typedef struct ssl_session_st 221 * TLS only.) "Released" buffers are put onto a free-list in the context 222 * or just freed (depending on the context's setting for freelist_max_len). */ 223 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L 224 +/* Use small read and write buffers: (a) lazy allocate read buffers for 225 + * large incoming records, and (b) limit the size of outgoing records. */ 226 +#define SSL_MODE_SMALL_BUFFERS 0x00000020L 227 228 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, 229 * they cannot be used to clear bits. */ 230 --- openssl-1.0.0a.orig/ssl/ssl3.h 2010-01-06 17:37:38.000000000 +0000 231 +++ openssl-1.0.0a/ssl/ssl3.h 2010-08-25 21:12:39.000000000 +0000 232 @@ -280,6 +280,9 @@ extern "C" { 233 234 #define SSL3_RT_MAX_EXTRA (16384) 235 236 +/* Default buffer length used for writen records. Thus a generated record 237 + * will contain plaintext no larger than this value. */ 238 +#define SSL3_RT_DEFAULT_PLAIN_LENGTH 2048 239 /* Maximum plaintext length: defined by SSL/TLS standards */ 240 #define SSL3_RT_MAX_PLAIN_LENGTH 16384 241 /* Maximum compression overhead: defined by SSL/TLS standards */ 242 @@ -311,6 +314,13 @@ extern "C" { 243 #define SSL3_RT_MAX_PACKET_SIZE \ 244 (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) 245 246 +/* Extra space for empty fragment, headers, MAC, and padding. */ 247 +#define SSL3_RT_DEFAULT_WRITE_OVERHEAD 256 248 +#define SSL3_RT_DEFAULT_PACKET_SIZE 4096 - SSL3_RT_DEFAULT_WRITE_OVERHEAD 249 +#if SSL3_RT_DEFAULT_PLAIN_LENGTH + SSL3_RT_DEFAULT_WRITE_OVERHEAD > SSL3_RT_DEFAULT_PACKET_SIZE 250 +#error "Insufficient space allocated for write buffers." 251 +#endif 252 + 253 #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" 254 #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" 255 256 @@ -634,4 +645,3 @@ typedef struct ssl3_state_st 257 } 258 #endif 259 #endif 260 - 261 --- openssl-1.0.0a.orig/ssl/ssltest.c 2010-01-24 16:57:38.000000000 +0000 262 +++ openssl-1.0.0a/ssl/ssltest.c 2010-08-25 21:12:39.000000000 +0000 263 @@ -316,6 +316,8 @@ static void sv_usage(void) 264 " (default is sect163r2).\n"); 265 #endif 266 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); 267 + fprintf(stderr," -c_small_records - enable client side use of small SSL record buffers\n"); 268 + fprintf(stderr," -s_small_records - enable server side use of small SSL record buffers\n"); 269 } 270 271 static void print_details(SSL *c_ssl, const char *prefix) 272 @@ -444,6 +447,9 @@ int opaque_prf_input_cb(SSL *ssl, void * 273 return arg->ret; 274 } 275 #endif 276 + int ssl_mode = 0; 277 + int c_small_records=0; 278 + int s_small_records=0; 279 280 int main(int argc, char *argv[]) 281 { 282 @@ -680,6 +687,14 @@ int main(int argc, char *argv[]) 283 { 284 test_cipherlist = 1; 285 } 286 + else if (strcmp(*argv, "-c_small_records") == 0) 287 + { 288 + c_small_records = 1; 289 + } 290 + else if (strcmp(*argv, "-s_small_records") == 0) 291 + { 292 + s_small_records = 1; 293 + } 294 else 295 { 296 fprintf(stderr,"unknown option %s\n",*argv); 297 @@ -802,6 +821,21 @@ bad: 298 SSL_CTX_set_cipher_list(s_ctx,cipher); 299 } 300 301 + ssl_mode = 0; 302 + if (c_small_records) 303 + { 304 + ssl_mode = SSL_CTX_get_mode(c_ctx); 305 + ssl_mode |= SSL_MODE_SMALL_BUFFERS; 306 + SSL_CTX_set_mode(c_ctx, ssl_mode); 307 + } 308 + ssl_mode = 0; 309 + if (s_small_records) 310 + { 311 + ssl_mode = SSL_CTX_get_mode(s_ctx); 312 + ssl_mode |= SSL_MODE_SMALL_BUFFERS; 313 + SSL_CTX_set_mode(s_ctx, ssl_mode); 314 + } 315 + 316 #ifndef OPENSSL_NO_DH 317 if (!no_dhe) 318 { 319 --- openssl-1.0.0.orig/test/testssl 2006-03-10 15:06:27.000000000 -0800 320 +++ openssl-1.0.0/test/testssl 2010-04-26 10:24:55.000000000 -0700 321 @@ -70,6 +70,16 @@ $ssltest -client_auth $CA $extra || exit 322 echo test sslv2/sslv3 with both client and server authentication 323 $ssltest -server_auth -client_auth $CA $extra || exit 1 324 325 +echo test sslv2/sslv3 with both client and server authentication and small client buffers 326 +$ssltest -server_auth -client_auth -c_small_records $CA $extra || exit 1 327 + 328 +echo test sslv2/sslv3 with both client and server authentication and small server buffers 329 +$ssltest -server_auth -client_auth -s_small_records $CA $extra || exit 1 330 + 331 +echo test sslv2/sslv3 with both client and server authentication and small client and server buffers 332 +$ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1 333 + 334 + 335 echo test sslv2 via BIO pair 336 $ssltest -bio_pair -ssl2 $extra || exit 1 337 338
