Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(231)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/ssl3gthr.c

Issue 9764001: Add DTLS support to NSS, contributed by Eric Rescorla. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/ssl3prot.h » ('j') | net/third_party/nss/ssl/sslimpl.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Gather (Read) entire SSL3 records from socket into buffer. 2 * Gather (Read) entire SSL3 records from socket into buffer.
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) 67 ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
68 { 68 {
69 unsigned char *bp; 69 unsigned char *bp;
70 unsigned char *lbp; 70 unsigned char *lbp;
71 int nb; 71 int nb;
72 int err; 72 int err;
73 int rv = 1; 73 int rv = 1;
74 74
75 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); 75 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
76 if (gs->state == GS_INIT) { 76 if (gs->state == GS_INIT) {
77 » gs->state = GS_HEADER; 77 gs->state = GS_HEADER;
78 » gs->remainder = 5; 78 gs->remainder = 5;
79 » gs->offset = 0; 79 gs->offset = 0;
80 » gs->writeOffset = 0; 80 gs->writeOffset = 0;
81 » gs->readOffset = 0; 81 gs->readOffset = 0;
82 » gs->inbuf.len = 0; 82 gs->inbuf.len = 0;
83 } 83 }
84 84
85 lbp = gs->inbuf.buf; 85 lbp = gs->inbuf.buf;
86 for(;;) { 86 for(;;) {
87 SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)", 87 SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
88 SSL_GETPID(), ss->fd, gs->state, gs->remainder)); 88 SSL_GETPID(), ss->fd, gs->state, gs->remainder));
89 bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset; 89 bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
90 nb = ssl_DefRecv(ss, bp, gs->remainder, flags); 90 nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
91 91
92 if (nb > 0) { 92 if (nb > 0) {
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
160 ** SSL3 record has been completely received. 160 ** SSL3 record has been completely received.
161 */ 161 */
162 gs->state = GS_INIT; 162 gs->state = GS_INIT;
163 return 1; 163 return 1;
164 } 164 }
165 } 165 }
166 166
167 return rv; 167 return rv;
168 } 168 }
169 169
170 /*
171 * Read in an entire DTLS record.
172 *
173 * Blocks here for blocking sockets, otherwise returns -1 with
174 * PR_WOULD_BLOCK_ERROR when socket would block.
175 *
176 * This is simpler than SSL because we are reading on a datagram
177 * socket and datagrams must contain >=1 complete records.
178 *
179 * returns 1 if received a complete DTLS record.
180 * returns 0 if recv returns EOF
181 * returns -1 if recv returns <0
182 * (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
183 *
184 * Caller must hold the recv buf lock.
185 *
186 *
187 * This loop returns when either (a) an error or EOF occurs,
188 * (b) PR_WOULD_BLOCK_ERROR,
189 * (c) data (entire DTLS record) has been received.
190 */
191 static int
192 dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
193 {
194 int nb;
195 int err;
196 int rv = 1;
197
198 SSL_TRC(30, ("dtls_GatherData"));
199
200 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
201
202 gs->state = GS_HEADER;
203 gs->offset = 0;
204
205 if (gs->dtlsPacketOffset == gs->dtlsPacket.len) { /* No data left */
206 gs->dtlsPacketOffset = 0;
207 gs->dtlsPacket.len = 0;
208
209 /* Resize to the maximum possible size so we can fit a full datagram */
210 if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 5) {
211 err = sslBuffer_Grow(&gs->dtlsPacket,
212 MAX_FRAGMENT_LENGTH + 2048 + 5);
213 if (err) { /* realloc has set error code to no mem. */
214 return err;
215 }
216 }
217
218 /* recv() needs to read a full datagram at a time */
219 nb = ssl_DefRecv(ss, gs->dtlsPacket.buf, gs->dtlsPacket.space, flags);
220
221 if (nb > 0) {
222 PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));
223 } else if (nb == 0) {
224 /* EOF */
225 SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
226 rv = 0;
227 return rv;
228 } else /* if (nb < 0) */ {
229 SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
230 PR_GetError()));
231 rv = SECFailure;
232 return rv;
233 }
234
235 gs->dtlsPacket.len = nb;
236 }
237
238 /* At this point we should have >=1 complete records lined up in
239 dtlsPacket. Read off the header
240 */
241
242 if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) {
243 SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet "
244 "too short to contain header", SSL_GETPID(), ss->fd));
245 PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
246 gs->dtlsPacketOffset = 0;
247 gs->dtlsPacket.len = 0;
248 rv = SECFailure;
249 return rv;
250 }
251 memcpy(gs->hdr, gs->dtlsPacket.buf + gs->dtlsPacketOffset, 13);
252 gs->dtlsPacketOffset += 13;
253
254
255 /*
256 ** Have received SSL3 record header in gs->hdr.
257 */
258 gs->remainder = (gs->hdr[11] << 8) | gs->hdr[12];
259
260 if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) {
261 SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short "
262 "to contain rest of body", SSL_GETPID(), ss->fd));
263 PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
264 gs->dtlsPacketOffset = 0;
265 gs->dtlsPacket.len = 0;
266 rv = SECFailure;
267 return rv;
268 }
269
270 /* OK, we have at least one complete packet, copy into inbuf */
271 if (gs->remainder > gs->inbuf.space) {
272 err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
273 if (err) { /* realloc has set error code to no mem. */
274 return err;
275 }
276 }
277
278 memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset,
279 gs->remainder);
280 gs->inbuf.len = gs->remainder;
281 gs->offset = gs->remainder;
282 gs->dtlsPacketOffset += gs->remainder;
283 gs->state = GS_INIT;
284
285 return 1;
286 }
287
288
289
290
170 /* Gather in a record and when complete, Handle that record. 291 /* Gather in a record and when complete, Handle that record.
171 * Repeat this until the handshake is complete, 292 * Repeat this until the handshake is complete,
172 * or until application data is available. 293 * or until application data is available.
173 * 294 *
174 * Returns 1 when the handshake is completed without error, or 295 * Returns 1 when the handshake is completed without error, or
175 * application data is available. 296 * application data is available.
176 * Returns 0 if ssl3_GatherData hits EOF. 297 * Returns 0 if ssl3_GatherData hits EOF.
177 * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error. 298 * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
178 * Returns -2 on SECWouldBlock return from ssl3_HandleRecord. 299 * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
179 * 300 *
180 * Called from ssl_GatherRecord1stHandshake in sslcon.c, 301 * Called from ssl_GatherRecord1stHandshake in sslcon.c,
181 * and from SSL_ForceHandshake in sslsecur.c 302 * and from SSL_ForceHandshake in sslsecur.c
182 * and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c). 303 * and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).
183 * 304 *
184 * Caller must hold the recv buf lock. 305 * Caller must hold the recv buf lock.
185 */ 306 */
186 int 307 int
187 ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) 308 ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
188 { 309 {
189 SSL3Ciphertext cText; 310 SSL3Ciphertext cText;
190 int rv; 311 int rv;
191 PRBool canFalseStart = PR_FALSE; 312 PRBool canFalseStart = PR_FALSE;
192 313
314 SSL_TRC(30, ("ssl3_GatherCompleteHandshake"));
315
193 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); 316 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
194 do { 317 do {
195 /* Without this, we may end up wrongly reporting 318 /* Without this, we may end up wrongly reporting
196 * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the 319 * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the
197 * peer while we are waiting to be restarted. 320 * peer while we are waiting to be restarted.
198 */ 321 */
199 ssl_GetSSL3HandshakeLock(ss); 322 ssl_GetSSL3HandshakeLock(ss);
200 rv = ss->ssl3.hs.restartTarget == NULL ? SECSuccess : SECFailure; 323 rv = ss->ssl3.hs.restartTarget == NULL ? SECSuccess : SECFailure;
201 ssl_ReleaseSSL3HandshakeLock(ss); 324 ssl_ReleaseSSL3HandshakeLock(ss);
202 if (rv != SECSuccess) { 325 if (rv != SECSuccess) {
(...skipping 14 matching lines...) Expand all
217 340
218 if (ss->ssl3.hs.msgState.buf != NULL) { 341 if (ss->ssl3.hs.msgState.buf != NULL) {
219 /* ssl3_HandleHandshake previously returned SECWouldBlock and the 342 /* ssl3_HandleHandshake previously returned SECWouldBlock and the
220 * as-yet-unprocessed plaintext of that previous handshake record. 343 * as-yet-unprocessed plaintext of that previous handshake record.
221 * We need to process it now before we overwrite it with the next 344 * We need to process it now before we overwrite it with the next
222 * handshake record. 345 * handshake record.
223 */ 346 */
224 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); 347 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
225 } else { 348 } else {
226 /* bring in the next sslv3 record. */ 349 /* bring in the next sslv3 record. */
227 » rv = ssl3_GatherData(ss, &ss->gs, flags); 350 » if (IS_DTLS(ss)) {
351 » » rv = dtls_GatherData(ss, &ss->gs, flags);
352 » »
353 » » /* If we got a would block error, that means that no data was
354 » » * available, so we check the timer to see if it's time to
355 » » * retransmit */
356 » » if (rv == SECFailure && (PORT_GetError() == PR_WOULD_BLOCK_ERROR )) {
357 » » ssl_GetSSL3HandshakeLock(ss);
358 » » dtls_CheckTimer(ss);
359 » » /* Restore the error in case something succeeded */
360 » » PORT_SetError(PR_WOULD_BLOCK_ERROR);
361 » » ssl_ReleaseSSL3HandshakeLock(ss);
362 » » }
363 » } else {
364 » » rv = ssl3_GatherData(ss, &ss->gs, flags);
365 » }
366
228 if (rv <= 0) { 367 if (rv <= 0) {
229 return rv; 368 return rv;
230 } 369 }
231 370
232 /* decipher it, and handle it if it's a handshake. 371 /* decipher it, and handle it if it's a handshake.
233 * If it's application data, ss->gs.buf will not be empty upon retur n. 372 * If it's application data, ss->gs.buf will not be empty upon retur n.
234 * If it's a change cipher spec, alert, or handshake message, 373 * If it's a change cipher spec, alert, or handshake message,
235 * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSucces s. 374 * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSucces s.
236 */ 375 */
237 cText.type = (SSL3ContentType)ss->gs.hdr[0]; 376 cText.type = (SSL3ContentType)ss->gs.hdr[0];
238 » cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2]; 377
378 » /* As above, we need to test ss->opt.dgramMode */
379 » if (IS_DTLS(ss)) {
380 » » cText.version =
381 » » dtls_DTLSVersionToTLSVersion((((unsigned char)ss->gs.hdr[1]) << 8) |
382 » » » » » » (unsigned char )ss->gs.hdr[2]);
383 » } else {
384 » » cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
385 » }
386 » cText.buf = &ss->gs.inbuf;
387
388 » /* DTLS sequence number */
389 » if (IS_DTLS(ss)) {
390 » » int i;
391
392 » » cText.seq_num.high = 0; cText.seq_num.low = 0;
393 » » for (i = 0; i < 4; i++) {
394 » » cText.seq_num.high <<= 8; cText.seq_num.low <<= 8;
395 » » cText.seq_num.high |= ss->gs.hdr[3+i];
396 » » cText.seq_num.low |= ss->gs.hdr[7+i];
397 » » }
398 » }
399
239 cText.buf = &ss->gs.inbuf; 400 cText.buf = &ss->gs.inbuf;
240 rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf); 401 rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);
241 } 402 }
242 if (rv < 0) { 403 if (rv < 0) {
243 return ss->recvdCloseNotify ? 0 : rv; 404 return ss->recvdCloseNotify ? 0 : rv;
244 } 405 }
245 406
246 /* If we kicked off a false start in ssl3_HandleServerHelloDone, break 407 /* If we kicked off a false start in ssl3_HandleServerHelloDone, break
247 * out of this loop early without finishing the handshake. 408 * out of this loop early without finishing the handshake.
248 */ 409 */
(...skipping 29 matching lines...) Expand all
278 { 439 {
279 int rv; 440 int rv;
280 441
281 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); 442 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
282 do { 443 do {
283 rv = ssl3_GatherCompleteHandshake(ss, flags); 444 rv = ssl3_GatherCompleteHandshake(ss, flags);
284 } while (rv > 0 && ss->gs.buf.len == 0); 445 } while (rv > 0 && ss->gs.buf.len == 0);
285 446
286 return rv; 447 return rv;
287 } 448 }
449
OLDNEW
« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/ssl3prot.h » ('j') | net/third_party/nss/ssl/sslimpl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698