-
-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace 'ssl3_get_message()' with 'tls_get_message_body()' #21886
Conversation
CHANGES.md
Outdated
* In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() | ||
* In ssl3_get_key_exchange (ssl/s3_clnt.c), call tls_get_message_body() | ||
with the same message size as in ssl3_get_certificate_request(). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do not edit the CHANGES.md as that should reflect the history as of when the concrete change was done and not the current state of the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You still did not revert this change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am sorry I forgot this one.
Note that there are more references that need updating. One in ssl/record/rec_layer_d1.c and one in ssl/record/rec_layer_s3.c |
ssl/record/rec_layer_s3.c
Outdated
@@ -533,7 +533,7 @@ int ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr, size_t length) | |||
* Return up to 'len' payload bytes received in 'type' records. | |||
* 'type' is one of the following: | |||
* | |||
* - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) | |||
* - SSL3_RT_HANDSHAKE (when tls_get_message_header calls us) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case its tls_get_message_header
or tls_get_message_body
(they both make such a call):
openssl/ssl/statem/statem_lib.c
Lines 1530 to 1546 in 0f9caad
int tls_get_message_header(SSL_CONNECTION *s, int *mt) | |
{ | |
/* s->init_num < SSL3_HM_HEADER_LENGTH */ | |
int skip_message, i; | |
uint8_t recvd_type; | |
unsigned char *p; | |
size_t l, readbytes; | |
SSL *ssl = SSL_CONNECTION_GET_SSL(s); | |
p = (unsigned char *)s->init_buf->data; | |
do { | |
while (s->init_num < SSL3_HM_HEADER_LENGTH) { | |
i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, &recvd_type, | |
&p[s->init_num], | |
SSL3_HM_HEADER_LENGTH - s->init_num, | |
0, &readbytes); |
and
openssl/ssl/statem/statem_lib.c
Lines 1640 to 1657 in 0f9caad
int tls_get_message_body(SSL_CONNECTION *s, size_t *len) | |
{ | |
size_t n, readbytes; | |
unsigned char *p; | |
int i; | |
SSL *ssl = SSL_CONNECTION_GET_SSL(s); | |
if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { | |
/* We've already read everything in */ | |
*len = (unsigned long)s->init_num; | |
return 1; | |
} | |
p = s->init_msg; | |
n = s->s3.tmp.message_size - s->init_num; | |
while (n > 0) { | |
i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, | |
&p[s->init_num], n, 0, &readbytes); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah even I was confused at this point. But I thought that since tls_get_message_header is calling the ssl_read_bytes. I can go for it. But honestly I do not see either of them calling "ssl3" to be specific. It might be deep down in the nested calls. I tried looking for it but didnt find much.
sumitra@sumitra:~/opensource/openssl$ git grep 'ssl3_read_bytes' -- .
CHANGES.md: ssl3_read_bytes() found application data while handshake
CHANGES.md: * Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
CHANGES.md: A 'peek' parameter has also been added to ssl3_read_bytes, which
doc/man3/ERR_put_error.pod:descriptions. For example, the function ssl3_read_bytes() reports a
ssl/record/rec_layer_s3.c:int ssl3_read_bytes(SSL *ssl, uint8_t type, uint8_t *recvd_type,
ssl/record/record.h:__owur int ssl3_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
ssl/s3_lib.c: * ssl3_read_bytes decided to call s->handshake_func, which called
ssl/s3_lib.c: * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
ssl/ssl_local.h: ssl3_read_bytes,
ssl/ssl_local.h: ssl3_read_bytes, \
You can see there is no direct call to ssl3_read_bytes anywhere.
PS: I am new to open source. I apologise for the mistakes made.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can see there is no direct call to ssl3_read_bytes anywhere.
Ah, yes. That is because the call is made via a function pointer. So, in tls_get_message_header
you will see a call to ssl->method->ssl_read_bytes
which (in this case) is a function pointer to ssl3_read_bytes
.
I apologise for the mistakes made.
There is no need to apologise. We don't expect new contributors to know the details of the source code and I hope our review comments help you learn your way around.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay. I got it thanks.
I will then mention both the functions tls_get_message_header and tls_get_message_body in the comments.
ssl/record/rec_layer_d1.c
Outdated
@@ -170,7 +170,7 @@ static void dtls_unbuffer_record(SSL_CONNECTION *s) | |||
* Return up to 'len' payload bytes received in 'type' records. | |||
* 'type' is one of the following: | |||
* | |||
* - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) | |||
* - SSL3_RT_HANDSHAKE (when tls_get_message_header calls us) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case I would just delete the text in parens after SSL3_RT_HANDSHAKE. It actually makes no sense any more. This function is called from quite a number of places with the type set to SSL3_RT_HANDSHAKE, and tls_get_message_header isn't one of them (dtsl1_read_bytes
is only relevant to DTLS, and tls_get_message_header
is only relevant to TLS).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay.
CHANGES.md
Outdated
@@ -4335,7 +4335,7 @@ OpenSSL 1.1.0 | |||
|
|||
*Matt Caswell* | |||
|
|||
* Excessive allocation of memory in tls_get_message_header() and | |||
* Excessive allocation of memory in ssl3_get_message() and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You changed back the wrong entry in CHANGES.md to ssl3_get_message
....this entry was correctly referring to tls_get_message_header()
. You should have changed back the entry on line 15565 :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh I see. Thanks again!
ssl/record/rec_layer_s3.c
Outdated
@@ -533,7 +533,7 @@ int ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr, size_t length) | |||
* Return up to 'len' payload bytes received in 'type' records. | |||
* 'type' is one of the following: | |||
* | |||
* - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) | |||
* - SSL3_RT_HANDSHAKE (when tls_get_message_header and tls_get_message_body calls us) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please split the line so it is not longer than 80 characters
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay.
CHANGES.md
Outdated
@@ -4335,7 +4335,7 @@ OpenSSL 1.1.0 | |||
|
|||
*Matt Caswell* | |||
|
|||
* Excessive allocation of memory in tls_get_message_header() and | |||
* Excessive allocation of memory in tls_get_message_body() and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ahem, this should be kept as is.
Please squash the commits with git rebase -i master
and drop all the changes in CHANGES.md. There should not be any.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @t8m I've encountered significant issues in the ssl3_to_tls_message_comments branch, leading to a complex situation. Considering this, I'm contemplating creating a new branch and reapplying the changes to ensure a cleaner and more manageable state. Will that be fine?
ssl/record/rec_layer_s3.c
Outdated
@@ -533,7 +533,7 @@ int ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr, size_t length) | |||
* Return up to 'len' payload bytes received in 'type' records. | |||
* 'type' is one of the following: | |||
* | |||
* - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) | |||
* - SSL3_RT_HANDSHAKE (when tls_get_message_header and tls_get_message_body calls us) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding a second function makes the subject of the verb "call" plural, so this should be "call us" not "calls us"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay.
@heygauri You need to push your changes to your OpenSSL fork, probably with |
Hello @tom-cosgrove-arm, I'm considering the idea of creating a new branch and reapplying the changes. Unfortunately, I made quite a mess in the ssl3_to_tls_message_comments branch due to my limited knowledge of the process. |
Yes, that's fine. You can close this PR and create a new one |
(do note though, that you could delete your local branch with the problems - or rename it to something like ssl3_to_tls_message_comments-bad - then create a new branch with the original name, and |
Hello @tom-cosgrove-arm, I've followed your instructions to delete the local branch and start fresh. I'd like to highlight that I now need to drop or squash some commits based on the feedback from the maintainers. However, I'm encountering an issue: when I perform the rebase using the command "git rebase -i master," my branch seems to change automatically (as shown in the reference below). How can I ensure that the rebase changes are made in the branch "ssl3_to_tls_message_comments"? Your guidance would be appreciated. sumitra@sumitra:~/opensource/openssl$ git branch
|
Okay, this is what I would do in your situation, including renaming the old branch. There are several ways to do this, some more "git pro user" than this! I don't know if you need to make more changes, but this should give you something to start afresh from. First, get onto the
Now rename the branch
Create a new
Now, there are four commits in your old branch that I see, with most recent first:
Depending what you've done, the commit IDs you have might be different. We don't want the most recent commit, as it only touches
Now, we need the commit message. I'm going to snag it from the most recent commit and put it into a file called
Now, use
We don't want to modify
Now we can commit again
and you can use
will replace the |
(to get out of " |
@tom-cosgrove-arm Thank you for the thorough explanation. I've submitted a pull request (PR). Please review it and let me know if there are any concerns or further adjustments needed. Your feedback is highly appreciated. |
@heygauri It looks like you have merged |
Okay. I will redo this. |
…et_message_body() Update commit messages that previously used ssl3_get_message() to now use tls_get_message_header() and tls_get_message_body() due to the split in OpenSSL 1.1.0. CLA: trivial Fixes openssl#21582 Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
3af3b86
to
cb265ec
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This pull request is ready to merge |
Merged to master. Thank you. |
…et_message_body() Update commit messages that previously used ssl3_get_message() to now use tls_get_message_header() and tls_get_message_body() due to the split in OpenSSL 1.1.0. CLA: trivial Fixes #21582 Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21886)
Update commit messages that previously used ssl3_get_message() to now use tls_get_message_body() due to the split into tls_get_message_header and tls_get_message_body in OpenSSL 1.1.0.
Fixes #21582