Skip to content

Commit

Permalink
Collapse ssl3_state_st (s3) into ssl_st
Browse files Browse the repository at this point in the history 
With the removal of SSLv2, the s3 structure is always allocated, so
there is little point in having it be an allocated pointer. Collapse
the ssl3_state_st structure into ssl_st and fixup any references.

This should be faster than going through an indirection and due to
fewer allocations, but I'm not seeing any significant performance
improvement; it seems to be within the margin of error in timing.

Reviewed-by: Paul Yang <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from openssl#7888)
  • Loading branch information
@tmshort @mattcaswell
tmshort authored and mattcaswell committed Apr 29, 2019
1 parent d7fcf1f commit 555cbb3
Show file tree
Hide file tree
Showing 25 changed files with 868 additions and 883 deletions.
14 changes: 7 additions & 7 deletions ssl/d1_msg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,22 +41,22 @@ int dtls1_dispatch_alert(SSL *s)
unsigned char *ptr = &buf[0];
size_t written;

s->s3->alert_dispatch = 0;
s->s3.alert_dispatch = 0;

memset(buf, 0, sizeof(buf));
*ptr++ = s->s3->send_alert[0];
*ptr++ = s->s3->send_alert[1];
*ptr++ = s->s3.send_alert[0];
*ptr++ = s->s3.send_alert[1];

i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written);
if (i <= 0) {
s->s3->alert_dispatch = 1;
s->s3.alert_dispatch = 1;
/* fprintf( stderr, "not done with alert\n" ); */
} else {
if (s->s3->send_alert[0] == SSL3_AL_FATAL)
if (s->s3.send_alert[0] == SSL3_AL_FATAL)
(void)BIO_flush(s->wbio);

if (s->msg_callback)
s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert,
2, s, s->msg_callback_arg);

if (s->info_callback != NULL)
Expand All @@ -65,7 +65,7 @@ int dtls1_dispatch_alert(SSL *s)
cb = s->ctx->info_callback;

if (cb != NULL) {
j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1];
cb(s, SSL_CB_WRITE_ALERT, j);
}
}
Expand Down
24 changes: 12 additions & 12 deletions ssl/record/rec_layer_d1.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -374,10 +374,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rwstate = SSL_NOTHING;

/*-
* s->s3->rrec.type - is the type of record
* s->s3->rrec.data, - data
* s->s3->rrec.off, - offset into 'data' for next read
* s->s3->rrec.length, - number of bytes.
* s->s3.rrec.type - is the type of record
* s->s3.rrec.data, - data
* s->s3.rrec.off, - offset into 'data' for next read
* s->s3.rrec.length, - number of bytes.
*/
rr = s->rlayer.rrec;

Expand Down Expand Up @@ -442,8 +442,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,

/* we now have a packet which can be read and processed */

if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
if (s->s3.change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
&& (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
/*
* We now have application data between CCS and Finished. Most likely
Expand Down Expand Up @@ -574,7 +574,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}

if (alert_level == SSL3_AL_WARNING) {
s->s3->warn_alert = alert_descr;
s->s3.warn_alert = alert_descr;
SSL3_RECORD_set_read(rr);

s->rlayer.alert_count++;
Expand Down Expand Up @@ -607,7 +607,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
char tmp[16];

s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr;
s->s3.fatal_alert = alert_descr;
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES,
SSL_AD_REASON_OFFSET + alert_descr);
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
Expand Down Expand Up @@ -761,10 +761,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* application data at this point (session renegotiation not yet
* started), we will indulge it.
*/
if (s->s3->in_read_app_data &&
(s->s3->total_renegotiations != 0) &&
if (s->s3.in_read_app_data &&
(s->s3.total_renegotiations != 0) &&
ossl_statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2;
s->s3.in_read_app_data = 2;
return -1;
} else {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
Expand Down Expand Up @@ -818,7 +818,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
}

/* If we have an alert to send, lets send it */
if (s->s3->alert_dispatch) {
if (s->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
if (i <= 0)
return i;
Expand Down
28 changes: 14 additions & 14 deletions ssl/record/rec_layer_s3.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
/*
* If extend == 0, obtain new n-byte packet; if extend == 1, increase
* packet by another n bytes. The packet will be in the sub-array of
* s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
* s->s3.rbuf.buf specified by s->packet and s->packet_length. (If
* s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
* s->packet_length bytes if extend == 1].)
* if clearold == 1, move the packet to the start of the buffer; if
Expand Down Expand Up @@ -288,7 +288,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
int ret;

/*
* Now we have len+left bytes at the front of s->s3->rbuf.buf and
* Now we have len+left bytes at the front of s->s3.rbuf.buf and
* need to read in more until we have len+n (up to len+max if
* possible)
*/
Expand Down Expand Up @@ -461,7 +461,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
break;
}

if (s->s3->alert_dispatch) {
if (s->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
if (i <= 0) {
/* SSLfatal() already called if appropriate */
Expand Down Expand Up @@ -630,7 +630,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
* next chunk of data should get another prepended empty fragment
* in ciphersuites with known-IV weakness:
*/
s->s3->empty_fragment_done = 0;
s->s3.empty_fragment_done = 0;

if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS &&
!SSL_IS_DTLS(s))
Expand Down Expand Up @@ -675,7 +675,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
}

/* If we have an alert to send, lets send it */
if (s->s3->alert_dispatch) {
if (s->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
if (i <= 0) {
/* SSLfatal() already called if appropriate */
Expand Down Expand Up @@ -713,13 +713,13 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/*
* 'create_empty_fragment' is true only when this function calls itself
*/
if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
if (!clear && !create_empty_fragment && !s->s3.empty_fragment_done) {
/*
* countermeasure against known-IV weakness in CBC ciphersuites (see
* http://www.openssl.org/~bodo/tls-cbc.txt)
*/

if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
if (s->s3.need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
/*
* recursive function call with 'create_empty_fragment' set; this
* prepares and buffers the data for an empty fragment (these
Expand All @@ -744,7 +744,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
}
}

s->s3->empty_fragment_done = 1;
s->s3.empty_fragment_done = 1;
}

if (BIO_get_ktls_send(s->wbio)) {
Expand Down Expand Up @@ -1148,7 +1148,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
return -1;
}

/* if s->s3->wbuf.left != 0, we need to call this
/* if s->s3.wbuf.left != 0, we need to call this
*
* Return values are as per SSL_write()
*/
Expand Down Expand Up @@ -1385,8 +1385,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,

/* we now have a packet which can be read and processed */

if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
if (s->s3.change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
&& (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
Expand Down Expand Up @@ -1558,7 +1558,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,

if (alert_level == SSL3_AL_WARNING
|| (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) {
s->s3->warn_alert = alert_descr;
s->s3.warn_alert = alert_descr;
SSL3_RECORD_set_read(rr);

s->rlayer.alert_count++;
Expand All @@ -1583,7 +1583,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
char tmp[16];

s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr;
s->s3.fatal_alert = alert_descr;
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
SSL_AD_REASON_OFFSET + alert_descr);
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
Expand Down Expand Up @@ -1767,7 +1767,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* started), we will indulge it.
*/
if (ossl_statem_app_data_allowed(s)) {
s->s3->in_read_app_data = 2;
s->s3.in_read_app_data = 2;
return -1;
} else if (ossl_statem_skip_early_data(s)) {
/*
Expand Down
24 changes: 12 additions & 12 deletions ssl/record/ssl3_record.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1224,11 +1224,11 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
int t;

if (sending) {
mac_sec = &(ssl->s3->write_mac_secret[0]);
mac_sec = &(ssl->s3.write_mac_secret[0]);
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
} else {
mac_sec = &(ssl->s3->read_mac_secret[0]);
mac_sec = &(ssl->s3.read_mac_secret[0]);
seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
hash = ssl->read_hash;
}
Expand Down Expand Up @@ -1377,8 +1377,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
md, &md_size,
header, rec->input,
rec->length + md_size, rec->orig_len,
ssl->s3->read_mac_secret,
ssl->s3->read_mac_secret_size, 0) <= 0) {
ssl->s3.read_mac_secret,
ssl->s3.read_mac_secret_size, 0) <= 0) {
EVP_MD_CTX_free(hmac);
return 0;
}
Expand Down Expand Up @@ -1805,11 +1805,11 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
rr->off = 0;
/*-
* So at this point the following is true
* ssl->s3->rrec.type is the type of record
* ssl->s3->rrec.length == number of bytes in record
* ssl->s3->rrec.off == offset to first valid byte
* ssl->s3->rrec.data == where to take bytes from, increment
* after use :-).
* ssl->s3.rrec.type is the type of record
* ssl->s3.rrec.length == number of bytes in record
* ssl->s3.rrec.off == offset to first valid byte
* ssl->s3.rrec.data == where to take bytes from, increment
* after use :-).
*/

/* we have pulled in a full packet so zero things */
Expand All @@ -1833,9 +1833,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
* It will return <= 0 if more data is needed, normally due to an error
* or non-blocking IO.
* When it finishes, one packet has been decoded and can be found in
* ssl->s3->rrec.type - is the type of record
* ssl->s3->rrec.data, - data
* ssl->s3->rrec.length, - number of bytes
* ssl->s3.rrec.type - is the type of record
* ssl->s3.rrec.data - data
* ssl->s3.rrec.length - number of bytes
*/
/* used only by dtls1_read_bytes */
int dtls1_get_record(SSL *s)
Expand Down
4 changes: 2 additions & 2 deletions ssl/record/ssl3_record_tls13.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,12 +84,12 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
* To get here we must have selected a ciphersuite - otherwise ctx would
* be NULL
*/
if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) {
if (!ossl_assert(s->s3.tmp.new_cipher != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
}
alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
alg_enc = s->s3.tmp.new_cipher->algorithm_enc;
}

if (alg_enc & SSL_AESCCM) {
Expand Down
Loading

0 comments on commit 555cbb3

Please sign in to comment.