| OLD | NEW |
| 1 /* | 1 /* |
| 2 * Gather (Read) entire SSL2 records from socket into buffer. | 2 * Gather (Read) entire SSL2 records from socket into buffer. |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 * in which case the provisions of the GPL or the LGPL are applicable instead | 29 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 30 * of those above. If you wish to allow use of your version of this file only | 30 * of those above. If you wish to allow use of your version of this file only |
| 31 * under the terms of either the GPL or the LGPL, and not to allow others to | 31 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 32 * use your version of this file under the terms of the MPL, indicate your | 32 * use your version of this file under the terms of the MPL, indicate your |
| 33 * decision by deleting the provisions above and replace them with the notice | 33 * decision by deleting the provisions above and replace them with the notice |
| 34 * and other provisions required by the GPL or the LGPL. If you do not delete | 34 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 35 * the provisions above, a recipient may use your version of this file under | 35 * the provisions above, a recipient may use your version of this file under |
| 36 * the terms of any one of the MPL, the GPL or the LGPL. | 36 * the terms of any one of the MPL, the GPL or the LGPL. |
| 37 * | 37 * |
| 38 * ***** END LICENSE BLOCK ***** */ | 38 * ***** END LICENSE BLOCK ***** */ |
| 39 /* $Id: sslgathr.c,v 1.10 2009/10/16 17:45:35 wtc%google.com Exp $ */ | 39 /* $Id: sslgathr.c,v 1.12 2010/04/25 23:37:38 nelson%bolyard.com Exp $ */ |
| 40 #include "cert.h" | 40 #include "cert.h" |
| 41 #include "ssl.h" | 41 #include "ssl.h" |
| 42 #include "sslimpl.h" | 42 #include "sslimpl.h" |
| 43 #include "sslproto.h" | 43 #include "sslproto.h" |
| 44 | 44 |
| 45 /* Forward static declarations */ | 45 /* Forward static declarations */ |
| 46 static SECStatus ssl2_HandleV3HandshakeRecord(sslSocket *ss); | 46 static SECStatus ssl2_HandleV3HandshakeRecord(sslSocket *ss); |
| 47 | 47 |
| 48 /* | 48 /* |
| 49 ** Gather a single record of data from the receiving stream. This code | 49 ** Gather a single record of data from the receiving stream. This code |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 265 rv = SECFailure; | 265 rv = SECFailure; |
| 266 goto spec_locked_done; | 266 goto spec_locked_done; |
| 267 } | 267 } |
| 268 PORT_Assert(gs->count == gs->offset); | 268 PORT_Assert(gs->count == gs->offset); |
| 269 | 269 |
| 270 if (gs->offset == 0) { | 270 if (gs->offset == 0) { |
| 271 rv = 0; /* means EOF. */ | 271 rv = 0; /* means EOF. */ |
| 272 goto spec_locked_done; | 272 goto spec_locked_done; |
| 273 } | 273 } |
| 274 | 274 |
| 275 » /* Decrypt the portion of data that we just recieved. | 275 » /* Decrypt the portion of data that we just received. |
| 276 ** Decrypt it in place. | 276 ** Decrypt it in place. |
| 277 */ | 277 */ |
| 278 rv = (*ss->sec.dec)(ss->sec.readcx, pBuf, &nout, gs->offset, | 278 rv = (*ss->sec.dec)(ss->sec.readcx, pBuf, &nout, gs->offset, |
| 279 pBuf, gs->offset); | 279 pBuf, gs->offset); |
| 280 if (rv != SECSuccess) { | 280 if (rv != SECSuccess) { |
| 281 goto spec_locked_done; | 281 goto spec_locked_done; |
| 282 } | 282 } |
| 283 | 283 |
| 284 | 284 |
| 285 /* Have read in all the MAC portion of record | 285 /* Have read in all the MAC portion of record |
| (...skipping 10 matching lines...) Expand all Loading... |
| 296 seq[2] = (unsigned char) (sequenceNumber >> 8); | 296 seq[2] = (unsigned char) (sequenceNumber >> 8); |
| 297 seq[3] = (unsigned char) (sequenceNumber); | 297 seq[3] = (unsigned char) (sequenceNumber); |
| 298 | 298 |
| 299 (*ss->sec.hash->begin)(ss->sec.hashcx); | 299 (*ss->sec.hash->begin)(ss->sec.hashcx); |
| 300 (*ss->sec.hash->update)(ss->sec.hashcx, ss->sec.rcvSecret.data, | 300 (*ss->sec.hash->update)(ss->sec.hashcx, ss->sec.rcvSecret.data, |
| 301 ss->sec.rcvSecret.len); | 301 ss->sec.rcvSecret.len); |
| 302 (*ss->sec.hash->update)(ss->sec.hashcx, pBuf + macLen, | 302 (*ss->sec.hash->update)(ss->sec.hashcx, pBuf + macLen, |
| 303 gs->offset - macLen); | 303 gs->offset - macLen); |
| 304 (*ss->sec.hash->update)(ss->sec.hashcx, seq, 4); | 304 (*ss->sec.hash->update)(ss->sec.hashcx, seq, 4); |
| 305 (*ss->sec.hash->end)(ss->sec.hashcx, mac, &macLen, macLen); | 305 (*ss->sec.hash->end)(ss->sec.hashcx, mac, &macLen, macLen); |
| 306 |
| 307 PORT_Assert(macLen == ss->sec.hash->length); |
| 308 |
| 309 ssl_ReleaseSpecReadLock(ss); /******************************/ |
| 310 |
| 311 if (NSS_SecureMemcmp(mac, pBuf, macLen) != 0) { |
| 312 /* MAC's didn't match... */ |
| 313 SSL_DBG(("%d: SSL[%d]: mac check failed, seq=%d", |
| 314 SSL_GETPID(), ss->fd, ss->sec.rcvSequence)); |
| 315 PRINT_BUF(1, (ss, "computed mac:", mac, macLen)); |
| 316 PRINT_BUF(1, (ss, "received mac:", pBuf, macLen)); |
| 317 PORT_SetError(SSL_ERROR_BAD_MAC_READ); |
| 318 rv = SECFailure; |
| 319 goto cleanup; |
| 320 } |
| 321 } else { |
| 322 ssl_ReleaseSpecReadLock(ss); /******************************/ |
| 306 } | 323 } |
| 307 | 324 |
| 308 PORT_Assert(macLen == ss->sec.hash->length); | |
| 309 | |
| 310 ssl_ReleaseSpecReadLock(ss); /******************************/ | |
| 311 | |
| 312 if (NSS_SecureMemcmp(mac, pBuf, macLen) != 0) { | |
| 313 /* MAC's didn't match... */ | |
| 314 SSL_DBG(("%d: SSL[%d]: mac check failed, seq=%d", | |
| 315 SSL_GETPID(), ss->fd, ss->sec.rcvSequence)); | |
| 316 PRINT_BUF(1, (ss, "computed mac:", mac, macLen)); | |
| 317 PRINT_BUF(1, (ss, "received mac:", pBuf, macLen)); | |
| 318 PORT_SetError(SSL_ERROR_BAD_MAC_READ); | |
| 319 rv = SECFailure; | |
| 320 goto cleanup; | |
| 321 } | |
| 322 | |
| 323 | |
| 324 PORT_Assert(gs->recordPadding + macLen <= gs->offset); | |
| 325 if (gs->recordPadding + macLen <= gs->offset) { | 325 if (gs->recordPadding + macLen <= gs->offset) { |
| 326 gs->recordOffset = macLen; | 326 gs->recordOffset = macLen; |
| 327 gs->readOffset = macLen; | 327 gs->readOffset = macLen; |
| 328 gs->writeOffset = gs->offset - gs->recordPadding; | 328 gs->writeOffset = gs->offset - gs->recordPadding; |
| 329 rv = 1; | 329 rv = 1; |
| 330 } else { | 330 } else { |
| 331 PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); | 331 PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); |
| 332 cleanup: | 332 cleanup: |
| 333 /* nothing in the buffer any more. */ | 333 /* nothing in the buffer any more. */ |
| 334 gs->recordOffset = 0; | 334 gs->recordOffset = 0; |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 474 **/ | 474 **/ |
| 475 rv = ssl3_NegotiateVersion(ss, version); | 475 rv = ssl3_NegotiateVersion(ss, version); |
| 476 if (rv != SECSuccess) { | 476 if (rv != SECSuccess) { |
| 477 return rv; | 477 return rv; |
| 478 } | 478 } |
| 479 | 479 |
| 480 ss->sec.send = ssl3_SendApplicationData; | 480 ss->sec.send = ssl3_SendApplicationData; |
| 481 | 481 |
| 482 return SECSuccess; | 482 return SECSuccess; |
| 483 } | 483 } |
| OLD | NEW |