From 3994116b136fe7bd8dabca284c67a63c436a0595 Mon Sep 17 00:00:00 2001 From: bcook Date: Sun, 14 Dec 2014 21:49:29 +0000 Subject: [PATCH] unconditionally align SSL payloads Remove support for conditional payload alignment, since we would never want to turn it off. Also, consistently use size_t for calculating the alignment. ok miod@ --- lib/libssl/s3_both.c | 14 +++++--------- lib/libssl/s3_pkt.c | 26 +++++++++++--------------- lib/libssl/src/ssl/s3_both.c | 14 +++++--------- lib/libssl/src/ssl/s3_pkt.c | 26 +++++++++++--------------- lib/libssl/src/ssl/ssl3.h | 17 ++--------------- lib/libssl/ssl3.h | 17 ++--------------- 6 files changed, 36 insertions(+), 78 deletions(-) diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index 2180a24d4cb..a2ce9e9fa3a 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.36 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: s3_both.c,v 1.37 2014/12/14 21:49:29 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -610,16 +610,14 @@ int ssl3_setup_read_buffer(SSL *s) { unsigned char *p; - size_t len, align = 0, headerlen; + size_t len, align, headerlen; if (SSL_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH; else headerlen = SSL3_RT_HEADER_LENGTH; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); -#endif + align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); if (s->s3->rbuf.buf == NULL) { len = SSL3_RT_MAX_PLAIN_LENGTH + @@ -646,16 +644,14 @@ int ssl3_setup_write_buffer(SSL *s) { unsigned char *p; - size_t len, align = 0, headerlen; + size_t len, align, headerlen; if (SSL_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH + 1; else headerlen = SSL3_RT_HEADER_LENGTH; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); -#endif + align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); if (s->s3->wbuf.buf == NULL) { len = s->max_send_fragment + diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index 9f98e6f5402..117e6ec2daf 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_pkt.c,v 1.53 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -132,7 +132,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) { int i, len, left; - long align = 0; + size_t align; unsigned char *pkt; SSL3_BUFFER *rb; @@ -145,10 +145,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend) return -1; left = rb->left; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); -#endif + align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH; + align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); if (!extend) { /* start with empty packet ... */ @@ -572,7 +570,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, int i, mac_size, clear = 0; int prefix_len = 0; int eivlen; - long align = 0; + size_t align; SSL3_RECORD *wr; SSL3_BUFFER *wb = &(s->s3->wbuf); SSL_SESSION *sess; @@ -646,23 +644,21 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, } if (create_empty_fragment) { -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 /* extra fragment would be couple of cipher blocks, * which would be multiple of SSL3_ALIGN_PAYLOAD, so * if we want to align the real payload, then we can * just pretent we simply have two headers. */ - align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); -#endif + align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH; + align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); + p = wb->buf + align; wb->offset = align; } else if (prefix_len) { p = wb->buf + wb->offset + prefix_len; } else { -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); -#endif + align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH; + align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); + p = wb->buf + align; wb->offset = align; } diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c index 2180a24d4cb..a2ce9e9fa3a 100644 --- a/lib/libssl/src/ssl/s3_both.c +++ b/lib/libssl/src/ssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.36 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: s3_both.c,v 1.37 2014/12/14 21:49:29 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -610,16 +610,14 @@ int ssl3_setup_read_buffer(SSL *s) { unsigned char *p; - size_t len, align = 0, headerlen; + size_t len, align, headerlen; if (SSL_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH; else headerlen = SSL3_RT_HEADER_LENGTH; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); -#endif + align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); if (s->s3->rbuf.buf == NULL) { len = SSL3_RT_MAX_PLAIN_LENGTH + @@ -646,16 +644,14 @@ int ssl3_setup_write_buffer(SSL *s) { unsigned char *p; - size_t len, align = 0, headerlen; + size_t len, align, headerlen; if (SSL_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH + 1; else headerlen = SSL3_RT_HEADER_LENGTH; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); -#endif + align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); if (s->s3->wbuf.buf == NULL) { len = s->max_send_fragment + diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index 9f98e6f5402..117e6ec2daf 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_pkt.c,v 1.53 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -132,7 +132,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) { int i, len, left; - long align = 0; + size_t align; unsigned char *pkt; SSL3_BUFFER *rb; @@ -145,10 +145,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend) return -1; left = rb->left; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); -#endif + align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH; + align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); if (!extend) { /* start with empty packet ... */ @@ -572,7 +570,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, int i, mac_size, clear = 0; int prefix_len = 0; int eivlen; - long align = 0; + size_t align; SSL3_RECORD *wr; SSL3_BUFFER *wb = &(s->s3->wbuf); SSL_SESSION *sess; @@ -646,23 +644,21 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, } if (create_empty_fragment) { -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 /* extra fragment would be couple of cipher blocks, * which would be multiple of SSL3_ALIGN_PAYLOAD, so * if we want to align the real payload, then we can * just pretent we simply have two headers. */ - align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); -#endif + align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH; + align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); + p = wb->buf + align; wb->offset = align; } else if (prefix_len) { p = wb->buf + wb->offset + prefix_len; } else { -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); -#endif + align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH; + align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); + p = wb->buf + align; wb->offset = align; } diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h index b5df1056abc..5f59e18eb45 100644 --- a/lib/libssl/src/ssl/ssl3.h +++ b/lib/libssl/src/ssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.32 2014/12/14 16:07:26 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.33 2014/12/14 21:49:29 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -236,20 +236,7 @@ extern "C" { #define SSL3_RT_HEADER_LENGTH 5 #define SSL3_HM_HEADER_LENGTH 4 -#ifndef SSL3_ALIGN_PAYLOAD - /* Some will argue that this increases memory footprint, but it's - * not actually true. Point is that malloc has to return at least - * 64-bit aligned pointers, meaning that allocating 5 bytes wastes - * 3 bytes in either case. Suggested pre-gaping simply moves these - * wasted bytes from the end of allocated region to its front, - * but makes data payload aligned, which improves performance:-) */ -# define SSL3_ALIGN_PAYLOAD 8 -#else -# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 -# error "insane SSL3_ALIGN_PAYLOAD" -# undef SSL3_ALIGN_PAYLOAD -# endif -#endif +#define SSL3_ALIGN_PAYLOAD 8 /* This is the maximum MAC (digest) size used by the SSL library. * Currently maximum of 20 is used by SHA1, but we reserve for diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index b5df1056abc..5f59e18eb45 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.32 2014/12/14 16:07:26 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.33 2014/12/14 21:49:29 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -236,20 +236,7 @@ extern "C" { #define SSL3_RT_HEADER_LENGTH 5 #define SSL3_HM_HEADER_LENGTH 4 -#ifndef SSL3_ALIGN_PAYLOAD - /* Some will argue that this increases memory footprint, but it's - * not actually true. Point is that malloc has to return at least - * 64-bit aligned pointers, meaning that allocating 5 bytes wastes - * 3 bytes in either case. Suggested pre-gaping simply moves these - * wasted bytes from the end of allocated region to its front, - * but makes data payload aligned, which improves performance:-) */ -# define SSL3_ALIGN_PAYLOAD 8 -#else -# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 -# error "insane SSL3_ALIGN_PAYLOAD" -# undef SSL3_ALIGN_PAYLOAD -# endif -#endif +#define SSL3_ALIGN_PAYLOAD 8 /* This is the maximum MAC (digest) size used by the SSL library. * Currently maximum of 20 is used by SHA1, but we reserve for -- 2.20.1