| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Gather (Read) entire SSL2 records from socket into buffer. | 2 * Gather (Read) entire SSL2 records from socket into buffer. |
| 3 * | 3 * |
| 4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
| 5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 7 #include "cert.h" | 7 #include "cert.h" |
| 8 #include "ssl.h" | 8 #include "ssl.h" |
| 9 #include "sslimpl.h" | 9 #include "sslimpl.h" |
| 10 #include "sslproto.h" | 10 #include "sslproto.h" |
| 11 | 11 |
| 12 /* Forward static declarations */ | 12 /* Forward static declarations */ |
| 13 static SECStatus ssl2_HandleV3HandshakeRecord(sslSocket *ss); | 13 static SECStatus ssl2_HandleV3HandshakeRecord(sslSocket *ss); |
| 14 | 14 |
| 15 /* | 15 /* |
| 16 ** Gather a single record of data from the receiving stream. This code | 16 ** Gather a single record of data from the receiving stream. This code |
| 17 ** first gathers the header (2 or 3 bytes long depending on the value of | 17 ** first gathers the header (2 or 3 bytes long depending on the value of |
| 18 ** the most significant bit in the first byte) then gathers up the data | 18 ** the most significant bit in the first byte) then gathers up the data |
| 19 ** for the record into gs->buf. This code handles non-blocking I/O | 19 ** for the record into gs->buf. This code handles non-blocking I/O |
| 20 ** and is to be called multiple times until ss->sec.recordLen != 0. | 20 ** and is to be called multiple times until ss->sec.recordLen != 0. |
| 21 ** This function decrypts the gathered record in place, in gs_buf. | 21 ** This function decrypts the gathered record in place, in gs_buf. |
| 22 * | 22 * |
| 23 * Caller must hold RecvBufLock. | 23 * Caller must hold RecvBufLock. |
| 24 * | 24 * |
| 25 * Returns +1 when it has gathered a complete SSLV2 record. | 25 * Returns +1 when it has gathered a complete SSLV2 record. |
| 26 * Returns 0 if it hits EOF. | 26 * Returns 0 if it hits EOF. |
| 27 * Returns -1 (SECFailure) on any error | 27 * Returns -1 (SECFailure) on any error |
| 28 * Returns -2 (SECWouldBlock) when it gathers an SSL v3 client hello header. | 28 * Returns -2 (SECWouldBlock) when it gathers an SSL v3 client hello header. |
| 29 ** | 29 ** |
| 30 ** The SSL2 Gather State machine has 4 states: | 30 ** The SSL2 Gather State machine has 4 states: |
| 31 ** GS_INIT - Done reading in previous record. Haven't begun to read in | 31 ** GS_INIT - Done reading in previous record. Haven't begun to read in |
| 32 ** next record. When ssl2_GatherData is called with the machine | 32 ** next record. When ssl2_GatherData is called with the machine |
| 33 ** in this state, the machine will attempt to read the first 3 | 33 ** in this state, the machine will attempt to read the first 3 |
| 34 ** bytes of the SSL2 record header, and will advance the state | 34 ** bytes of the SSL2 record header, and will advance the state |
| 35 ** to GS_HEADER. | 35 ** to GS_HEADER. |
| 36 ** | 36 ** |
| 37 ** GS_HEADER - The machine is in this state while waiting for the completion | 37 ** GS_HEADER - The machine is in this state while waiting for the completion |
| 38 ** of the first 3 bytes of the SSL2 record. When complete, the | 38 ** of the first 3 bytes of the SSL2 record. When complete, the |
| 39 ** machine will compute the remaining unread length of this record | 39 ** machine will compute the remaining unread length of this record |
| 40 ** and will initiate a read of that many bytes. The machine will | 40 ** and will initiate a read of that many bytes. The machine will |
| 41 ** advance to one of two states, depending on whether the record | 41 ** advance to one of two states, depending on whether the record |
| 42 ** is encrypted (GS_MAC), or unencrypted (GS_DATA). | 42 ** is encrypted (GS_MAC), or unencrypted (GS_DATA). |
| 43 ** | 43 ** |
| 44 ** GS_MAC - The machine is in this state while waiting for the remainder | 44 ** GS_MAC - The machine is in this state while waiting for the remainder |
| 45 ** of the SSL2 record to be read in. When the read is completed, | 45 ** of the SSL2 record to be read in. When the read is completed, |
| 46 ** the machine checks the record for valid length, decrypts it, | 46 ** the machine checks the record for valid length, decrypts it, |
| 47 ** and checks and discards the MAC, then advances to GS_INIT. | 47 ** and checks and discards the MAC, then advances to GS_INIT. |
| 48 ** | 48 ** |
| 49 ** GS_DATA - The machine is in this state while waiting for the remainder | 49 ** GS_DATA - The machine is in this state while waiting for the remainder |
| 50 ** of the unencrypted SSL2 record to be read in. Upon completion, | 50 ** of the unencrypted SSL2 record to be read in. Upon completion, |
| 51 ** the machine advances to the GS_INIT state and returns the data. | 51 ** the machine advances to the GS_INIT state and returns the data. |
| 52 */ | 52 */ |
| 53 int | 53 int |
| 54 ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) | 54 ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) |
| 55 { | 55 { |
| 56 unsigned char * bp; | 56 unsigned char *bp; |
| 57 unsigned char * pBuf; | 57 unsigned char *pBuf; |
| 58 int nb, err, rv; | 58 int nb, err, rv; |
| 59 | 59 |
| 60 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 60 PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss)); |
| 61 | 61 |
| 62 if (gs->state == GS_INIT) { | 62 if (gs->state == GS_INIT) { |
| 63 » /* Initialize gathering engine */ | 63 /* Initialize gathering engine */ |
| 64 » gs->state = GS_HEADER; | 64 gs->state = GS_HEADER; |
| 65 » gs->remainder = 3; | 65 gs->remainder = 3; |
| 66 » gs->count = 3; | 66 gs->count = 3; |
| 67 » gs->offset = 0; | 67 gs->offset = 0; |
| 68 » gs->recordLen = 0; | 68 gs->recordLen = 0; |
| 69 » gs->recordPadding = 0; | 69 gs->recordPadding = 0; |
| 70 » gs->hdr[2] = 0; | 70 gs->hdr[2] = 0; |
| 71 | 71 |
| 72 » gs->writeOffset = 0; | 72 gs->writeOffset = 0; |
| 73 » gs->readOffset = 0; | 73 gs->readOffset = 0; |
| 74 } | 74 } |
| 75 if (gs->encrypted) { | 75 if (gs->encrypted) { |
| 76 » PORT_Assert(ss->sec.hash != 0); | 76 PORT_Assert(ss->sec.hash != 0); |
| 77 } | 77 } |
| 78 | 78 |
| 79 pBuf = gs->buf.buf; | 79 pBuf = gs->buf.buf; |
| 80 for (;;) { | 80 for (;;) { |
| 81 SSL_TRC(30, ("%d: SSL[%d]: gather state %d (need %d more)", | 81 SSL_TRC(30, ("%d: SSL[%d]: gather state %d (need %d more)", |
| 82 SSL_GETPID(), ss->fd, gs->state, gs->remainder)); | 82 SSL_GETPID(), ss->fd, gs->state, gs->remainder)); |
| 83 bp = ((gs->state != GS_HEADER) ? pBuf : gs->hdr) + gs->offset; | 83 bp = ((gs->state != GS_HEADER) ? pBuf : gs->hdr) + gs->offset; |
| 84 nb = ssl_DefRecv(ss, bp, gs->remainder, flags); | 84 nb = ssl_DefRecv(ss, bp, gs->remainder, flags); |
| 85 if (nb > 0) { | 85 if (nb > 0) { |
| 86 PRINT_BUF(60, (ss, "raw gather data:", bp, nb)); | 86 PRINT_BUF(60, (ss, "raw gather data:", bp, nb)); |
| 87 } | 87 } |
| 88 if (nb == 0) { | 88 if (nb == 0) { |
| 89 /* EOF */ | 89 /* EOF */ |
| 90 SSL_TRC(30, ("%d: SSL[%d]: EOF", SSL_GETPID(), ss->fd)); | 90 SSL_TRC(30, ("%d: SSL[%d]: EOF", SSL_GETPID(), ss->fd)); |
| 91 rv = 0; | 91 rv = 0; |
| 92 break; | 92 break; |
| 93 } | 93 } |
| 94 if (nb < 0) { | 94 if (nb < 0) { |
| 95 SSL_DBG(("%d: SSL[%d]: recv error %d", SSL_GETPID(), ss->fd, | 95 SSL_DBG(("%d: SSL[%d]: recv error %d", SSL_GETPID(), ss->fd, |
| 96 PR_GetError())); | 96 PR_GetError())); |
| 97 rv = SECFailure; | 97 rv = SECFailure; |
| 98 break; | 98 break; |
| 99 } | 99 } |
| 100 | 100 |
| 101 gs->offset += nb; | 101 gs->offset += nb; |
| 102 gs->remainder -= nb; | 102 gs->remainder -= nb; |
| 103 | 103 |
| 104 if (gs->remainder > 0) { | 104 if (gs->remainder > 0) { |
| 105 continue; | 105 continue; |
| 106 } | 106 } |
| 107 | 107 |
| 108 /* Probably finished this piece */ | 108 /* Probably finished this piece */ |
| 109 switch (gs->state) { | 109 switch (gs->state) { |
| 110 case GS_HEADER: | 110 case GS_HEADER: |
| 111 if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) && !ss->firstHsDone) { | 111 if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) && !ss->firstHsDone
) { |
| 112 | 112 |
| 113 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | 113 PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss))
; |
| 114 | 114 |
| 115 /* If this looks like an SSL3 handshake record, | 115 /* If this looks like an SSL3 handshake record, |
| 116 ** and we're expecting an SSL2 Hello message from our peer, | 116 ** and we're expecting an SSL2 Hello message from our peer, |
| 117 ** handle it here. | 117 ** handle it here. |
| 118 */ | 118 */ |
| 119 if (gs->hdr[0] == content_handshake) { | 119 if (gs->hdr[0] == content_handshake) { |
| 120 if ((ss->nextHandshake == ssl2_HandleClientHelloMessage) || | 120 if ((ss->nextHandshake == ssl2_HandleClientHelloMessage)
|| |
| 121 (ss->nextHandshake == ssl2_HandleServerHelloMessage)) { | 121 (ss->nextHandshake == ssl2_HandleServerHelloMessage)
) { |
| 122 rv = ssl2_HandleV3HandshakeRecord(ss); | 122 rv = ssl2_HandleV3HandshakeRecord(ss); |
| 123 if (rv == SECFailure) { | 123 if (rv == SECFailure) { |
| 124 return SECFailure; | 124 return SECFailure; |
| 125 } | 125 } |
| 126 } | 126 } |
| 127 /* XXX_1 The call stack to here is: | 127 /* XXX_1 The call stack to here is: |
| 128 * ssl_Do1stHandshake -> ssl_GatherRecord1stHandshake -> | 128 * ssl_Do1stHandshake -> ssl_GatherRecord1stHandshake -> |
| 129 * ssl2_GatherRecord -> here. | 129 * ssl2_GatherRecord -> here. |
| 130 * We want to return all the way out to ssl_Do1stHandshake, | 130 * We want to return all the way out to ssl_Do1stHandsha
ke, |
| 131 * and have it call ssl_GatherRecord1stHandshake again. | 131 * and have it call ssl_GatherRecord1stHandshake again. |
| 132 * ssl_GatherRecord1stHandshake will call | 132 * ssl_GatherRecord1stHandshake will call |
| 133 * ssl3_GatherCompleteHandshake when it is called again. | 133 * ssl3_GatherCompleteHandshake when it is called again. |
| 134 * | 134 * |
| 135 * Returning SECWouldBlock here causes | 135 * Returning SECWouldBlock here causes |
| 136 * ssl_GatherRecord1stHandshake to return without clearing | 136 * ssl_GatherRecord1stHandshake to return without cleari
ng |
| 137 * ss->handshake, ensuring that ssl_Do1stHandshake will | 137 * ss->handshake, ensuring that ssl_Do1stHandshake will |
| 138 * call it again immediately. | 138 * call it again immediately. |
| 139 * | 139 * |
| 140 * If we return 1 here, ssl_GatherRecord1stHandshake will | 140 * If we return 1 here, ssl_GatherRecord1stHandshake wil
l |
| 141 * clear ss->handshake before returning, and thus will not | 141 * clear ss->handshake before returning, and thus will n
ot |
| 142 * be called again by ssl_Do1stHandshake. | 142 * be called again by ssl_Do1stHandshake. |
| 143 */ | 143 */ |
| 144 return SECWouldBlock; | 144 return SECWouldBlock; |
| 145 } else if (gs->hdr[0] == content_alert) { | 145 } else if (gs->hdr[0] == content_alert) { |
| 146 if (ss->nextHandshake == ssl2_HandleServerHelloMessage) { | 146 if (ss->nextHandshake == ssl2_HandleServerHelloMessage)
{ |
| 147 /* XXX This is a hack. We're assuming that any failure | 147 /* XXX This is a hack. We're assuming that any fail
ure |
| 148 * XXX on the client hello is a failure to match | 148 * XXX on the client hello is a failure to match |
| 149 * XXX ciphers. | 149 * XXX ciphers. |
| 150 */ | 150 */ |
| 151 PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); | 151 PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); |
| 152 return SECFailure; | 152 return SECFailure; |
| 153 } | 153 } |
| 154 } | 154 } |
| 155 } | 155 } |
| 156 | 156 |
| 157 /* we've got the first 3 bytes. The header may be two or three. */ | 157 /* we've got the first 3 bytes. The header may be two or three.
*/ |
| 158 if (gs->hdr[0] & 0x80) { | 158 if (gs->hdr[0] & 0x80) { |
| 159 /* This record has a 2-byte header, and no padding */ | 159 /* This record has a 2-byte header, and no padding */ |
| 160 gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1]; | 160 gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1]; |
| 161 gs->recordPadding = 0; | 161 gs->recordPadding = 0; |
| 162 } else { | 162 } else { |
| 163 /* This record has a 3-byte header that is all read in now. */ | 163 /* This record has a 3-byte header that is all read in now.
*/ |
| 164 gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1]; | 164 gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1]; |
| 165 /* is_escape = (gs->hdr[0] & 0x40) != 0; */ | 165 /* is_escape = (gs->hdr[0] & 0x40) != 0; */ |
| 166 gs->recordPadding = gs->hdr[2]; | 166 gs->recordPadding = gs->hdr[2]; |
| 167 } | 167 } |
| 168 if (!gs->count) { | 168 if (!gs->count) { |
| 169 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); | 169 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); |
| 170 goto cleanup; | 170 goto cleanup; |
| 171 } | 171 } |
| 172 | 172 |
| 173 if (gs->count > gs->buf.space) { | 173 if (gs->count > gs->buf.space) { |
| 174 err = sslBuffer_Grow(&gs->buf, gs->count); | 174 err = sslBuffer_Grow(&gs->buf, gs->count); |
| 175 if (err) { | 175 if (err) { |
| 176 return err; | 176 return err; |
| 177 } | 177 } |
| 178 pBuf = gs->buf.buf; | 178 pBuf = gs->buf.buf; |
| 179 } | 179 } |
| 180 | 180 |
| 181 | 181 if (gs->hdr[0] & 0x80) { |
| 182 if (gs->hdr[0] & 0x80) { | 182 /* we've already read in the first byte of the body. |
| 183 /* we've already read in the first byte of the body. | 183 ** Put it into the buffer. |
| 184 ** Put it into the buffer. | 184 */ |
| 185 */ | 185 pBuf[0] = gs->hdr[2]; |
| 186 pBuf[0] = gs->hdr[2]; | 186 gs->offset = 1; |
| 187 gs->offset = 1; | 187 gs->remainder = gs->count - 1; |
| 188 gs->remainder = gs->count - 1; | 188 } else { |
| 189 } else { | 189 gs->offset = 0; |
| 190 gs->offset = 0; | 190 gs->remainder = gs->count; |
| 191 gs->remainder = gs->count; | 191 } |
| 192 } | 192 |
| 193 | 193 if (gs->encrypted) { |
| 194 if (gs->encrypted) { | 194 gs->state = GS_MAC; |
| 195 gs->state = GS_MAC; | 195 gs->recordLen = gs->count - gs->recordPadding - |
| 196 gs->recordLen = gs->count - gs->recordPadding | 196 ss->sec.hash->length; |
| 197 - ss->sec.hash->length; | 197 } else { |
| 198 } else { | 198 gs->state = GS_DATA; |
| 199 gs->state = GS_DATA; | 199 gs->recordLen = gs->count; |
| 200 gs->recordLen = gs->count; | 200 } |
| 201 } | 201 |
| 202 | 202 break; |
| 203 break; | 203 |
| 204 | 204 case GS_MAC: |
| 205 | 205 /* Have read in entire rest of the ciphertext. |
| 206 case GS_MAC: | 206 ** Check for valid length. |
| 207 /* Have read in entire rest of the ciphertext. | 207 ** Decrypt it. |
| 208 ** Check for valid length. | 208 ** Check the MAC. |
| 209 ** Decrypt it. | 209 */ |
| 210 ** Check the MAC. | 210 PORT_Assert(gs->encrypted); |
| 211 */ | 211 |
| 212 PORT_Assert(gs->encrypted); | 212 { |
| 213 | 213 unsigned int macLen; |
| 214 { | 214 int nout; |
| 215 unsigned int macLen; | 215 unsigned char mac[SSL_MAX_MAC_BYTES]; |
| 216 int nout; | 216 |
| 217 unsigned char mac[SSL_MAX_MAC_BYTES]; | 217 ssl_GetSpecReadLock(ss); /**********************************
/ |
| 218 | 218 |
| 219 ssl_GetSpecReadLock(ss); /**********************************/ | 219 /* If this is a stream cipher, blockSize will be 1, |
| 220 | 220 * and this test will always be false. |
| 221 /* If this is a stream cipher, blockSize will be 1, | 221 * If this is a block cipher, this will detect records |
| 222 * and this test will always be false. | 222 * that are not a multiple of the blocksize in length. |
| 223 * If this is a block cipher, this will detect records | 223 */ |
| 224 * that are not a multiple of the blocksize in length. | 224 if (gs->count & (ss->sec.blockSize - 1)) { |
| 225 */ | 225 /* This is an error. Sender is misbehaving */ |
| 226 if (gs->count & (ss->sec.blockSize - 1)) { | 226 SSL_DBG(("%d: SSL[%d]: sender, count=%d blockSize=%d", |
| 227 /* This is an error. Sender is misbehaving */ | 227 SSL_GETPID(), ss->fd, gs->count, |
| 228 SSL_DBG(("%d: SSL[%d]: sender, count=%d blockSize=%d", | 228 ss->sec.blockSize)); |
| 229 SSL_GETPID(), ss->fd, gs->count, | 229 PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); |
| 230 ss->sec.blockSize)); | 230 rv = SECFailure; |
| 231 PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); | 231 goto spec_locked_done; |
| 232 rv = SECFailure; | 232 } |
| 233 goto spec_locked_done; | 233 PORT_Assert(gs->count == gs->offset); |
| 234 } | 234 |
| 235 PORT_Assert(gs->count == gs->offset); | 235 if (gs->offset == 0) { |
| 236 | 236 rv = 0; /* means EOF. */ |
| 237 if (gs->offset == 0) { | 237 goto spec_locked_done; |
| 238 rv = 0; /* means EOF. */ | 238 } |
| 239 goto spec_locked_done; | 239 |
| 240 } | 240 /* Decrypt the portion of data that we just received. |
| 241 | 241 ** Decrypt it in place. |
| 242 /* Decrypt the portion of data that we just received. | 242 */ |
| 243 ** Decrypt it in place. | 243 rv = (*ss->sec.dec)(ss->sec.readcx, pBuf, &nout, gs->offset, |
| 244 */ | 244 pBuf, gs->offset); |
| 245 rv = (*ss->sec.dec)(ss->sec.readcx, pBuf, &nout, gs->offset, | 245 if (rv != SECSuccess) { |
| 246 pBuf, gs->offset); | 246 goto spec_locked_done; |
| 247 if (rv != SECSuccess) { | 247 } |
| 248 goto spec_locked_done; | 248 |
| 249 } | 249 /* Have read in all the MAC portion of record |
| 250 | 250 ** |
| 251 | 251 ** Prepare MAC by resetting it and feeding it the shared sec
ret |
| 252 /* Have read in all the MAC portion of record | 252 */ |
| 253 ** | 253 macLen = ss->sec.hash->length; |
| 254 ** Prepare MAC by resetting it and feeding it the shared secret | 254 if (gs->offset >= macLen) { |
| 255 */ | 255 PRUint32 sequenceNumber = ss->sec.rcvSequence++; |
| 256 macLen = ss->sec.hash->length; | 256 unsigned char seq[4]; |
| 257 if (gs->offset >= macLen) { | 257 |
| 258 PRUint32 sequenceNumber = ss->sec.rcvSequence++; | 258 seq[0] = (unsigned char)(sequenceNumber >> 24); |
| 259 unsigned char seq[4]; | 259 seq[1] = (unsigned char)(sequenceNumber >> 16); |
| 260 | 260 seq[2] = (unsigned char)(sequenceNumber >> 8); |
| 261 seq[0] = (unsigned char) (sequenceNumber >> 24); | 261 seq[3] = (unsigned char)(sequenceNumber); |
| 262 seq[1] = (unsigned char) (sequenceNumber >> 16); | 262 |
| 263 seq[2] = (unsigned char) (sequenceNumber >> 8); | 263 (*ss->sec.hash->begin)(ss->sec.hashcx); |
| 264 seq[3] = (unsigned char) (sequenceNumber); | 264 (*ss->sec.hash->update)(ss->sec.hashcx, ss->sec.rcvSecre
t.data, |
| 265 | 265 ss->sec.rcvSecret.len); |
| 266 (*ss->sec.hash->begin)(ss->sec.hashcx); | 266 (*ss->sec.hash->update)(ss->sec.hashcx, pBuf + macLen, |
| 267 (*ss->sec.hash->update)(ss->sec.hashcx, ss->sec.rcvSecret.data, | 267 gs->offset - macLen); |
| 268 ss->sec.rcvSecret.len); | 268 (*ss->sec.hash->update)(ss->sec.hashcx, seq, 4); |
| 269 (*ss->sec.hash->update)(ss->sec.hashcx, pBuf + macLen, | 269 (*ss->sec.hash->end)(ss->sec.hashcx, mac, &macLen, macLe
n); |
| 270 gs->offset - macLen); | 270 |
| 271 (*ss->sec.hash->update)(ss->sec.hashcx, seq, 4); | 271 PORT_Assert(macLen == ss->sec.hash->length); |
| 272 (*ss->sec.hash->end)(ss->sec.hashcx, mac, &macLen, macLen); | 272 |
| 273 | 273 ssl_ReleaseSpecReadLock(ss); /**************************
****/ |
| 274 PORT_Assert(macLen == ss->sec.hash->length); | 274 |
| 275 | 275 if (NSS_SecureMemcmp(mac, pBuf, macLen) != 0) { |
| 276 ssl_ReleaseSpecReadLock(ss); /******************************/ | 276 /* MAC's didn't match... */ |
| 277 | 277 SSL_DBG(("%d: SSL[%d]: mac check failed, seq=%d", |
| 278 if (NSS_SecureMemcmp(mac, pBuf, macLen) != 0) { | 278 SSL_GETPID(), ss->fd, ss->sec.rcvSequence))
; |
| 279 /* MAC's didn't match... */ | 279 PRINT_BUF(1, (ss, "computed mac:", mac, macLen)); |
| 280 SSL_DBG(("%d: SSL[%d]: mac check failed, seq=%d", | 280 PRINT_BUF(1, (ss, "received mac:", pBuf, macLen)); |
| 281 SSL_GETPID(), ss->fd, ss->sec.rcvSequence)); | 281 PORT_SetError(SSL_ERROR_BAD_MAC_READ); |
| 282 PRINT_BUF(1, (ss, "computed mac:", mac, macLen)); | 282 rv = SECFailure; |
| 283 PRINT_BUF(1, (ss, "received mac:", pBuf, macLen)); | 283 goto cleanup; |
| 284 PORT_SetError(SSL_ERROR_BAD_MAC_READ); | 284 } |
| 285 rv = SECFailure; | 285 } else { |
| 286 goto cleanup; | 286 ssl_ReleaseSpecReadLock(ss); /**************************
****/ |
| 287 } | 287 } |
| 288 } else { | 288 |
| 289 ssl_ReleaseSpecReadLock(ss); /******************************/ | 289 if (gs->recordPadding + macLen <= gs->offset) { |
| 290 } | 290 gs->recordOffset = macLen; |
| 291 | 291 gs->readOffset = macLen; |
| 292 if (gs->recordPadding + macLen <= gs->offset) { | 292 gs->writeOffset = gs->offset - gs->recordPadding; |
| 293 gs->recordOffset = macLen; | 293 rv = 1; |
| 294 gs->readOffset = macLen; | 294 } else { |
| 295 gs->writeOffset = gs->offset - gs->recordPadding; | 295 PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); |
| 296 rv = 1; | 296 cleanup: |
| 297 } else { | 297 /* nothing in the buffer any more. */ |
| 298 PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); | 298 gs->recordOffset = 0; |
| 299 cleanup: | 299 gs->readOffset = 0; |
| 300 /* nothing in the buffer any more. */ | 300 gs->writeOffset = 0; |
| 301 gs->recordOffset = 0; | 301 rv = SECFailure; |
| 302 gs->readOffset = 0; | 302 } |
| 303 gs->writeOffset = 0; | 303 |
| 304 rv = SECFailure; | 304 gs->recordLen = gs->writeOffset - gs->readOffset; |
| 305 } | 305 gs->recordPadding = 0; /* forget we did any padding. */ |
| 306 | 306 gs->state = GS_INIT; |
| 307 gs->recordLen = gs->writeOffset - gs->readOffset; | 307 |
| 308 gs->recordPadding = 0; /* forget we did any padding. */ | 308 if (rv > 0) { |
| 309 gs->state = GS_INIT; | 309 PRINT_BUF(50, (ss, "recv clear record:", |
| 310 | 310 pBuf + gs->recordOffset, gs->recordLen)); |
| 311 | 311 } |
| 312 if (rv > 0) { | 312 return rv; |
| 313 PRINT_BUF(50, (ss, "recv clear record:", | 313 |
| 314 pBuf + gs->recordOffset, gs->recordLen)); | 314 spec_locked_done: |
| 315 } | 315 ssl_ReleaseSpecReadLock(ss); |
| 316 return rv; | 316 return rv; |
| 317 | 317 } |
| 318 spec_locked_done: | 318 |
| 319 ssl_ReleaseSpecReadLock(ss); | 319 case GS_DATA: |
| 320 return rv; | 320 /* Have read in all the DATA portion of record */ |
| 321 } | 321 |
| 322 | 322 gs->recordOffset = 0; |
| 323 case GS_DATA: | 323 gs->readOffset = 0; |
| 324 /* Have read in all the DATA portion of record */ | 324 gs->writeOffset = gs->offset; |
| 325 | 325 PORT_Assert(gs->recordLen == gs->writeOffset - gs->readOffset); |
| 326 gs->recordOffset = 0; | 326 gs->recordLen = gs->offset; |
| 327 gs->readOffset = 0; | 327 gs->recordPadding = 0; |
| 328 gs->writeOffset = gs->offset; | 328 gs->state = GS_INIT; |
| 329 PORT_Assert(gs->recordLen == gs->writeOffset - gs->readOffset); | 329 |
| 330 gs->recordLen = gs->offset; | 330 ++ss->sec.rcvSequence; |
| 331 gs->recordPadding = 0; | 331 |
| 332 gs->state = GS_INIT; | 332 PRINT_BUF(50, (ss, "recv clear record:", |
| 333 | 333 pBuf + gs->recordOffset, gs->recordLen)); |
| 334 ++ss->sec.rcvSequence; | 334 return 1; |
| 335 | 335 |
| 336 PRINT_BUF(50, (ss, "recv clear record:", | 336 } /* end switch gs->state */ |
| 337 pBuf + gs->recordOffset, gs->recordLen)); | 337 } /* end gather loop. */ |
| 338 return 1; | |
| 339 | |
| 340 } /* end switch gs->state */ | |
| 341 } /* end gather loop. */ | |
| 342 return rv; | 338 return rv; |
| 343 } | 339 } |
| 344 | 340 |
| 345 /* | 341 /* |
| 346 ** Gather a single record of data from the receiving stream. This code | 342 ** Gather a single record of data from the receiving stream. This code |
| 347 ** first gathers the header (2 or 3 bytes long depending on the value of | 343 ** first gathers the header (2 or 3 bytes long depending on the value of |
| 348 ** the most significant bit in the first byte) then gathers up the data | 344 ** the most significant bit in the first byte) then gathers up the data |
| 349 ** for the record into the readBuf. This code handles non-blocking I/O | 345 ** for the record into the readBuf. This code handles non-blocking I/O |
| 350 ** and is to be called multiple times until ss->sec.recordLen != 0. | 346 ** and is to be called multiple times until ss->sec.recordLen != 0. |
| 351 * | 347 * |
| 352 * Returns +1 when it has gathered a complete SSLV2 record. | 348 * Returns +1 when it has gathered a complete SSLV2 record. |
| 353 * Returns 0 if it hits EOF. | 349 * Returns 0 if it hits EOF. |
| 354 * Returns -1 (SECFailure) on any error | 350 * Returns -1 (SECFailure) on any error |
| 355 * Returns -2 (SECWouldBlock) | 351 * Returns -2 (SECWouldBlock) |
| 356 * | 352 * |
| 357 * Called by ssl_GatherRecord1stHandshake in sslcon.c, | 353 * Called by ssl_GatherRecord1stHandshake in sslcon.c, |
| 358 * and by DoRecv in sslsecur.c | 354 * and by DoRecv in sslsecur.c |
| 359 * Caller must hold RecvBufLock. | 355 * Caller must hold RecvBufLock. |
| 360 */ | 356 */ |
| 361 int | 357 int |
| 362 ssl2_GatherRecord(sslSocket *ss, int flags) | 358 ssl2_GatherRecord(sslSocket *ss, int flags) |
| 363 { | 359 { |
| 364 return ssl2_GatherData(ss, &ss->gs, flags); | 360 return ssl2_GatherData(ss, &ss->gs, flags); |
| 365 } | 361 } |
| 366 | 362 |
| 367 /* Caller should hold RecvBufLock. */ | 363 /* Caller should hold RecvBufLock. */ |
| 368 SECStatus | 364 SECStatus |
| 369 ssl_InitGather(sslGather *gs) | 365 ssl_InitGather(sslGather *gs) |
| 370 { | 366 { |
| 371 SECStatus status; | 367 SECStatus status; |
| 372 | 368 |
| 373 gs->state = GS_INIT; | 369 gs->state = GS_INIT; |
| 374 gs->writeOffset = 0; | 370 gs->writeOffset = 0; |
| 375 gs->readOffset = 0; | 371 gs->readOffset = 0; |
| 376 gs->dtlsPacketOffset = 0; | 372 gs->dtlsPacketOffset = 0; |
| 377 gs->dtlsPacket.len = 0; | 373 gs->dtlsPacket.len = 0; |
| 378 status = sslBuffer_Grow(&gs->buf, 4096); | 374 status = sslBuffer_Grow(&gs->buf, 4096); |
| 379 return status; | 375 return status; |
| 380 } | 376 } |
| 381 | 377 |
| 382 /* Caller must hold RecvBufLock. */ | 378 /* Caller must hold RecvBufLock. */ |
| 383 void | 379 void |
| 384 ssl_DestroyGather(sslGather *gs) | 380 ssl_DestroyGather(sslGather *gs) |
| 385 { | 381 { |
| 386 if (gs) {» /* the PORT_*Free functions check for NULL pointers. */ | 382 if (gs) { /* the PORT_*Free functions check for NULL pointers. */ |
| 387 » PORT_ZFree(gs->buf.buf, gs->buf.space); | 383 PORT_ZFree(gs->buf.buf, gs->buf.space); |
| 388 » PORT_Free(gs->inbuf.buf); | 384 PORT_Free(gs->inbuf.buf); |
| 389 » PORT_Free(gs->dtlsPacket.buf); | 385 PORT_Free(gs->dtlsPacket.buf); |
| 390 } | 386 } |
| 391 } | 387 } |
| 392 | 388 |
| 393 /* Caller must hold RecvBufLock. */ | 389 /* Caller must hold RecvBufLock. */ |
| 394 static SECStatus | 390 static SECStatus |
| 395 ssl2_HandleV3HandshakeRecord(sslSocket *ss) | 391 ssl2_HandleV3HandshakeRecord(sslSocket *ss) |
| 396 { | 392 { |
| 397 SECStatus rv; | 393 SECStatus rv; |
| 398 | 394 |
| 399 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 395 PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss)); |
| 400 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | 396 PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss)); |
| 401 | 397 |
| 402 /* We've read in 3 bytes, there are 2 more to go in an ssl3 header. */ | 398 /* We've read in 3 bytes, there are 2 more to go in an ssl3 header. */ |
| 403 ss->gs.remainder = 2; | 399 ss->gs.remainder = 2; |
| 404 ss->gs.count = 0; | 400 ss->gs.count = 0; |
| 405 | 401 |
| 406 /* Clearing these handshake pointers ensures that | 402 /* Clearing these handshake pointers ensures that |
| 407 * ssl_Do1stHandshake won't call ssl2_HandleMessage when we return. | 403 * ssl_Do1stHandshake won't call ssl2_HandleMessage when we return. |
| 408 */ | 404 */ |
| 409 ss->nextHandshake = 0; | 405 ss->nextHandshake = 0; |
| 410 ss->securityHandshake = 0; | 406 ss->securityHandshake = 0; |
| 411 | 407 |
| 412 /* Setting ss->version to an SSL 3.x value will cause | 408 /* Setting ss->version to an SSL 3.x value will cause |
| 413 ** ssl_GatherRecord1stHandshake to invoke ssl3_GatherCompleteHandshake() | 409 ** ssl_GatherRecord1stHandshake to invoke ssl3_GatherCompleteHandshake() |
| 414 ** the next time it is called. | 410 ** the next time it is called. |
| 415 **/ | 411 **/ |
| 416 rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, | 412 rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, |
| 417 » » » PR_TRUE); | 413 PR_TRUE); |
| 418 if (rv != SECSuccess) { | 414 if (rv != SECSuccess) { |
| 419 » return rv; | 415 return rv; |
| 420 } | 416 } |
| 421 | 417 |
| 422 ss->sec.send = ssl3_SendApplicationData; | 418 ss->sec.send = ssl3_SendApplicationData; |
| 423 | 419 |
| 424 return SECSuccess; | 420 return SECSuccess; |
| 425 } | 421 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1844813002:
Uprev NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master