зеркало из https://github.com/mozilla/pjs.git
239 строки
7.2 KiB
C
239 строки
7.2 KiB
C
/*
|
|
* Gather (Read) entire SSL3 records from socket into buffer.
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public
|
|
* License Version 1.1 (the "License"); you may not use this file
|
|
* except in compliance with the License. You may obtain a copy of
|
|
* the License at http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS
|
|
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
* implied. See the License for the specific language governing
|
|
* rights and limitations under the License.
|
|
*
|
|
* The Original Code is the Netscape security libraries.
|
|
*
|
|
* The Initial Developer of the Original Code is Netscape
|
|
* Communications Corporation. Portions created by Netscape are
|
|
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
|
* Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
*
|
|
* Alternatively, the contents of this file may be used under the
|
|
* terms of the GNU General Public License Version 2 or later (the
|
|
* "GPL"), in which case the provisions of the GPL are applicable
|
|
* instead of those above. If you wish to allow use of your
|
|
* version of this file only under the terms of the GPL and not to
|
|
* allow others to use your version of this file under the MPL,
|
|
* indicate your decision by deleting the provisions above and
|
|
* replace them with the notice and other provisions required by
|
|
* the GPL. If you do not delete the provisions above, a recipient
|
|
* may use your version of this file under either the MPL or the
|
|
* GPL.
|
|
*
|
|
* $Id: ssl3gthr.c,v 1.3 2000-12-02 00:53:59 nelsonb%netscape.com Exp $
|
|
*/
|
|
|
|
#include "cert.h"
|
|
#include "ssl.h"
|
|
#include "sslimpl.h"
|
|
#include "ssl3prot.h"
|
|
|
|
/*
|
|
* Attempt to read in an entire SSL3 record.
|
|
* Blocks here for blocking sockets, otherwise returns -1 with
|
|
* PR_WOULD_BLOCK_ERROR when socket would block.
|
|
*
|
|
* returns 1 if received a complete SSL3 record.
|
|
* returns 0 if recv returns EOF
|
|
* returns -1 if recv returns <0
|
|
* (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
|
|
*
|
|
* Caller must hold the recv buf lock.
|
|
*
|
|
* The Gather state machine has 3 states: GS_INIT, GS_HEADER, GS_DATA.
|
|
* GS_HEADER: waiting for the 5-byte SSL3 record header to come in.
|
|
* GS_DATA: waiting for the body of the SSL3 record to come in.
|
|
*
|
|
* This loop returns when either (a) an error or EOF occurs,
|
|
* (b) PR_WOULD_BLOCK_ERROR,
|
|
* (c) data (entire SSL3 record) has been received.
|
|
*/
|
|
static int
|
|
ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|
{
|
|
unsigned char *bp;
|
|
unsigned char *lbp;
|
|
int nb;
|
|
int err;
|
|
int rv = 1;
|
|
|
|
PORT_Assert( ssl_HaveRecvBufLock(ss) );
|
|
if (gs->state == GS_INIT) {
|
|
gs->state = GS_HEADER;
|
|
gs->remainder = 5;
|
|
gs->offset = 0;
|
|
gs->writeOffset = 0;
|
|
gs->readOffset = 0;
|
|
gs->inbuf.len = 0;
|
|
}
|
|
|
|
lbp = gs->inbuf.buf;
|
|
for(;;) {
|
|
SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
|
|
SSL_GETPID(), ss->fd, gs->state, gs->remainder));
|
|
bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
|
|
nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
|
|
|
|
if (nb > 0) {
|
|
PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
|
|
} else if (nb == 0) {
|
|
/* EOF */
|
|
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
|
|
rv = 0;
|
|
break;
|
|
} else /* if (nb < 0) */ {
|
|
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
|
|
PR_GetError()));
|
|
rv = SECFailure;
|
|
break;
|
|
}
|
|
|
|
PORT_Assert( nb <= gs->remainder );
|
|
if (nb > gs->remainder) {
|
|
/* ssl_DefRecv is misbehaving! this error is fatal to SSL. */
|
|
gs->state = GS_INIT; /* so we don't crash next time */
|
|
rv = SECFailure;
|
|
break;
|
|
}
|
|
|
|
gs->offset += nb;
|
|
gs->remainder -= nb;
|
|
if (gs->state == GS_DATA)
|
|
gs->inbuf.len += nb;
|
|
|
|
/* if there's more to go, read some more. */
|
|
if (gs->remainder > 0) {
|
|
continue;
|
|
}
|
|
|
|
/* have received entire record header, or entire record. */
|
|
switch (gs->state) {
|
|
case GS_HEADER:
|
|
/*
|
|
** Have received SSL3 record header in gs->hdr.
|
|
** Now extract the length of the following encrypted data,
|
|
** and then read in the rest of the SSL3 record into gs->inbuf.
|
|
*/
|
|
gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
|
|
|
|
/* This is the max fragment length for an encrypted fragment
|
|
** plus the size of the record header.
|
|
*/
|
|
if(gs->remainder > (MAX_FRAGMENT_LENGTH + 2048 + 5)) {
|
|
SSL3_SendAlert(ss, alert_fatal, unexpected_message);
|
|
gs->state = GS_INIT;
|
|
PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
|
|
return SECFailure;
|
|
}
|
|
|
|
gs->state = GS_DATA;
|
|
gs->offset = 0;
|
|
gs->inbuf.len = 0;
|
|
|
|
if (gs->remainder > gs->inbuf.space) {
|
|
err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
|
|
if (err) { /* realloc has set error code to no mem. */
|
|
return err;
|
|
}
|
|
lbp = gs->inbuf.buf;
|
|
}
|
|
break; /* End this case. Continue around the loop. */
|
|
|
|
|
|
case GS_DATA:
|
|
/*
|
|
** SSL3 record has been completely received.
|
|
*/
|
|
gs->state = GS_INIT;
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
return rv;
|
|
}
|
|
|
|
/* Gather in a record and when complete, Handle that record.
|
|
* Repeat this until the handshake is complete,
|
|
* or until application data is available.
|
|
*
|
|
* Returns 1 when the handshake is completed without error, or
|
|
* application data is available.
|
|
* Returns 0 if ssl3_GatherData hits EOF.
|
|
* Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
|
|
* Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
|
|
*
|
|
* Called from ssl_GatherRecord1stHandshake in sslcon.c,
|
|
* and from SSL_ForceHandshake in sslsecur.c
|
|
* and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).
|
|
*
|
|
* Caller must hold the recv buf lock.
|
|
*/
|
|
int
|
|
ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
|
{
|
|
sslGather * gs = ss->gather;
|
|
SSL3Ciphertext cText;
|
|
int rv;
|
|
|
|
PORT_Assert( ssl_HaveRecvBufLock(ss) );
|
|
do {
|
|
/* bring in the next sslv3 record. */
|
|
rv = ssl3_GatherData(ss, gs, flags);
|
|
if (rv <= 0) {
|
|
return rv;
|
|
}
|
|
|
|
/* decipher it, and handle it if it's a handshake.
|
|
* If it's application data, gs->buf will not be empty upon return.
|
|
*/
|
|
cText.type = (SSL3ContentType)gs->hdr[0];
|
|
cText.version = (gs->hdr[1] << 8) | gs->hdr[2];
|
|
cText.buf = &gs->inbuf;
|
|
rv = ssl3_HandleRecord(ss, &cText, &gs->buf);
|
|
if (rv < 0) {
|
|
return ss->recvdCloseNotify ? 0 : rv;
|
|
}
|
|
} while (ss->ssl3->hs.ws != idle_handshake && gs->buf.len == 0);
|
|
|
|
gs->readOffset = 0;
|
|
gs->writeOffset = gs->buf.len;
|
|
return 1;
|
|
}
|
|
|
|
/* Repeatedly gather in a record and when complete, Handle that record.
|
|
* Repeat this until some application data is received.
|
|
*
|
|
* Returns 1 when application data is available.
|
|
* Returns 0 if ssl3_GatherData hits EOF.
|
|
* Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
|
|
* Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
|
|
*
|
|
* Called from DoRecv in sslsecur.c
|
|
* Caller must hold the recv buf lock.
|
|
*/
|
|
int
|
|
ssl3_GatherAppDataRecord(sslSocket *ss, int flags)
|
|
{
|
|
sslGather * gs = ss->gather;
|
|
int rv;
|
|
|
|
PORT_Assert( ssl_HaveRecvBufLock(ss) );
|
|
do {
|
|
rv = ssl3_GatherCompleteHandshake(ss, flags);
|
|
} while (rv > 0 && gs->buf.len == 0);
|
|
|
|
return rv;
|
|
}
|