| Index: net/third_party/nss/ssl/ssl3gthr.c
|
| diff --git a/net/third_party/nss/ssl/ssl3gthr.c b/net/third_party/nss/ssl/ssl3gthr.c
|
| index 23b9755b6000e682187650798c1f9307430e3f1a..ea277135d4a73bafc36c5fd93470839a7e821108 100644
|
| --- a/net/third_party/nss/ssl/ssl3gthr.c
|
| +++ b/net/third_party/nss/ssl/ssl3gthr.c
|
| @@ -1,5 +1,5 @@
|
| /*
|
| - * Gather (Read) entire SSL3 records from socket into buffer.
|
| + * Gather (Read) entire SSL3 records from socket into buffer.
|
| *
|
| * This Source Code Form is subject to the terms of the Mozilla Public
|
| * License, v. 2.0. If a copy of the MPL was not distributed with this
|
| @@ -10,15 +10,15 @@
|
| #include "sslimpl.h"
|
| #include "ssl3prot.h"
|
|
|
| -/*
|
| +/*
|
| * Attempt to read in an entire SSL3 record.
|
| - * Blocks here for blocking sockets, otherwise returns -1 with
|
| - * PR_WOULD_BLOCK_ERROR when socket would block.
|
| + * Blocks here for blocking sockets, otherwise returns -1 with
|
| + * PR_WOULD_BLOCK_ERROR when socket would block.
|
| *
|
| * returns 1 if received a complete SSL3 record.
|
| * returns 0 if recv returns EOF
|
| - * returns -1 if recv returns < 0
|
| - * (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
|
| + * returns -1 if recv returns < 0
|
| + * (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
|
| *
|
| * Caller must hold the recv buf lock.
|
| *
|
| @@ -28,108 +28,107 @@
|
| *
|
| * This loop returns when either
|
| * (a) an error or EOF occurs,
|
| - * (b) PR_WOULD_BLOCK_ERROR,
|
| - * (c) data (entire SSL3 record) has been received.
|
| + * (b) PR_WOULD_BLOCK_ERROR,
|
| + * (c) data (entire SSL3 record) has been received.
|
| */
|
| static int
|
| ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
| {
|
| unsigned char *bp;
|
| unsigned char *lbp;
|
| - int nb;
|
| - int err;
|
| - int rv = 1;
|
| + int nb;
|
| + int err;
|
| + int rv = 1;
|
|
|
| - PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
| + PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
|
| if (gs->state == GS_INIT) {
|
| - gs->state = GS_HEADER;
|
| - gs->remainder = 5;
|
| - gs->offset = 0;
|
| - gs->writeOffset = 0;
|
| - gs->readOffset = 0;
|
| - gs->inbuf.len = 0;
|
| + gs->state = GS_HEADER;
|
| + gs->remainder = 5;
|
| + gs->offset = 0;
|
| + gs->writeOffset = 0;
|
| + gs->readOffset = 0;
|
| + gs->inbuf.len = 0;
|
| }
|
| -
|
| +
|
| lbp = gs->inbuf.buf;
|
| - for(;;) {
|
| - SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
|
| - SSL_GETPID(), ss->fd, gs->state, gs->remainder));
|
| - bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
|
| - nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
|
| -
|
| - if (nb > 0) {
|
| - PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
|
| - } else if (nb == 0) {
|
| - /* EOF */
|
| - SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
|
| - rv = 0;
|
| - break;
|
| - } else /* if (nb < 0) */ {
|
| - SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
|
| - PR_GetError()));
|
| - rv = SECFailure;
|
| - break;
|
| - }
|
| -
|
| - PORT_Assert( (unsigned int)nb <= gs->remainder );
|
| - if ((unsigned int)nb > gs->remainder) {
|
| - /* ssl_DefRecv is misbehaving! this error is fatal to SSL. */
|
| - gs->state = GS_INIT; /* so we don't crash next time */
|
| - rv = SECFailure;
|
| - break;
|
| - }
|
| -
|
| - gs->offset += nb;
|
| - gs->remainder -= nb;
|
| - if (gs->state == GS_DATA)
|
| - gs->inbuf.len += nb;
|
| -
|
| - /* if there's more to go, read some more. */
|
| - if (gs->remainder > 0) {
|
| - continue;
|
| - }
|
| -
|
| - /* have received entire record header, or entire record. */
|
| - switch (gs->state) {
|
| - case GS_HEADER:
|
| - /*
|
| - ** Have received SSL3 record header in gs->hdr.
|
| - ** Now extract the length of the following encrypted data,
|
| - ** and then read in the rest of the SSL3 record into gs->inbuf.
|
| - */
|
| - gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
|
| -
|
| - /* This is the max fragment length for an encrypted fragment
|
| - ** plus the size of the record header.
|
| - */
|
| - if(gs->remainder > (MAX_FRAGMENT_LENGTH + 2048 + 5)) {
|
| - SSL3_SendAlert(ss, alert_fatal, unexpected_message);
|
| - gs->state = GS_INIT;
|
| - PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
|
| - return SECFailure;
|
| - }
|
| -
|
| - gs->state = GS_DATA;
|
| - gs->offset = 0;
|
| - gs->inbuf.len = 0;
|
| -
|
| - if (gs->remainder > gs->inbuf.space) {
|
| - err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
|
| - if (err) { /* realloc has set error code to no mem. */
|
| - return err;
|
| - }
|
| - lbp = gs->inbuf.buf;
|
| - }
|
| - break; /* End this case. Continue around the loop. */
|
| -
|
| -
|
| - case GS_DATA:
|
| - /*
|
| - ** SSL3 record has been completely received.
|
| - */
|
| - gs->state = GS_INIT;
|
| - return 1;
|
| - }
|
| + for (;;) {
|
| + SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
|
| + SSL_GETPID(), ss->fd, gs->state, gs->remainder));
|
| + bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
|
| + nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
|
| +
|
| + if (nb > 0) {
|
| + PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
|
| + } else if (nb == 0) {
|
| + /* EOF */
|
| + SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
|
| + rv = 0;
|
| + break;
|
| + } else /* if (nb < 0) */ {
|
| + SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
|
| + PR_GetError()));
|
| + rv = SECFailure;
|
| + break;
|
| + }
|
| +
|
| + PORT_Assert((unsigned int)nb <= gs->remainder);
|
| + if ((unsigned int)nb > gs->remainder) {
|
| + /* ssl_DefRecv is misbehaving! this error is fatal to SSL. */
|
| + gs->state = GS_INIT; /* so we don't crash next time */
|
| + rv = SECFailure;
|
| + break;
|
| + }
|
| +
|
| + gs->offset += nb;
|
| + gs->remainder -= nb;
|
| + if (gs->state == GS_DATA)
|
| + gs->inbuf.len += nb;
|
| +
|
| + /* if there's more to go, read some more. */
|
| + if (gs->remainder > 0) {
|
| + continue;
|
| + }
|
| +
|
| + /* have received entire record header, or entire record. */
|
| + switch (gs->state) {
|
| + case GS_HEADER:
|
| + /*
|
| + ** Have received SSL3 record header in gs->hdr.
|
| + ** Now extract the length of the following encrypted data,
|
| + ** and then read in the rest of the SSL3 record into gs->inbuf.
|
| + */
|
| + gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
|
| +
|
| + /* This is the max fragment length for an encrypted fragment
|
| + ** plus the size of the record header.
|
| + */
|
| + if (gs->remainder > (MAX_FRAGMENT_LENGTH + 2048 + 5)) {
|
| + SSL3_SendAlert(ss, alert_fatal, unexpected_message);
|
| + gs->state = GS_INIT;
|
| + PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
|
| + return SECFailure;
|
| + }
|
| +
|
| + gs->state = GS_DATA;
|
| + gs->offset = 0;
|
| + gs->inbuf.len = 0;
|
| +
|
| + if (gs->remainder > gs->inbuf.space) {
|
| + err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
|
| + if (err) { /* realloc has set error code to no mem. */
|
| + return err;
|
| + }
|
| + lbp = gs->inbuf.buf;
|
| + }
|
| + break; /* End this case. Continue around the loop. */
|
| +
|
| + case GS_DATA:
|
| + /*
|
| + ** SSL3 record has been completely received.
|
| + */
|
| + gs->state = GS_INIT;
|
| + return 1;
|
| + }
|
| }
|
|
|
| return rv;
|
| @@ -139,7 +138,7 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
| * Read in an entire DTLS record.
|
| *
|
| * Blocks here for blocking sockets, otherwise returns -1 with
|
| - * PR_WOULD_BLOCK_ERROR when socket would block.
|
| + * PR_WOULD_BLOCK_ERROR when socket would block.
|
| *
|
| * This is simpler than SSL because we are reading on a datagram socket
|
| * and datagrams must contain >=1 complete records.
|
| @@ -147,43 +146,43 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
| * returns 1 if received a complete DTLS record.
|
| * returns 0 if recv returns EOF
|
| * returns -1 if recv returns < 0
|
| - * (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
|
| + * (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
|
| *
|
| * Caller must hold the recv buf lock.
|
| *
|
| * This loop returns when either
|
| * (a) an error or EOF occurs,
|
| - * (b) PR_WOULD_BLOCK_ERROR,
|
| - * (c) data (entire DTLS record) has been received.
|
| + * (b) PR_WOULD_BLOCK_ERROR,
|
| + * (c) data (entire DTLS record) has been received.
|
| */
|
| static int
|
| dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
| {
|
| - int nb;
|
| - int err;
|
| - int rv = 1;
|
| + int nb;
|
| + int err;
|
| + int rv = 1;
|
|
|
| SSL_TRC(30, ("dtls_GatherData"));
|
|
|
| - PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
| + PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
|
|
|
| gs->state = GS_HEADER;
|
| gs->offset = 0;
|
|
|
| - if (gs->dtlsPacketOffset == gs->dtlsPacket.len) { /* No data left */
|
| + if (gs->dtlsPacketOffset == gs->dtlsPacket.len) { /* No data left */
|
| gs->dtlsPacketOffset = 0;
|
| gs->dtlsPacket.len = 0;
|
|
|
| /* Resize to the maximum possible size so we can fit a full datagram */
|
| - /* This is the max fragment length for an encrypted fragment
|
| - ** plus the size of the record header.
|
| - ** This magic constant is copied from ssl3_GatherData, with 5 changed
|
| - ** to 13 (the size of the record header).
|
| - */
|
| + /* This is the max fragment length for an encrypted fragment
|
| + ** plus the size of the record header.
|
| + ** This magic constant is copied from ssl3_GatherData, with 5 changed
|
| + ** to 13 (the size of the record header).
|
| + */
|
| if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 13) {
|
| err = sslBuffer_Grow(&gs->dtlsPacket,
|
| - MAX_FRAGMENT_LENGTH + 2048 + 13);
|
| - if (err) { /* realloc has set error code to no mem. */
|
| + MAX_FRAGMENT_LENGTH + 2048 + 13);
|
| + if (err) { /* realloc has set error code to no mem. */
|
| return err;
|
| }
|
| }
|
| @@ -213,7 +212,8 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
| */
|
| if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) {
|
| SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet "
|
| - "too short to contain header", SSL_GETPID(), ss->fd));
|
| + "too short to contain header",
|
| + SSL_GETPID(), ss->fd));
|
| PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
|
| gs->dtlsPacketOffset = 0;
|
| gs->dtlsPacket.len = 0;
|
| @@ -228,7 +228,8 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|
|
| if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) {
|
| SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short "
|
| - "to contain rest of body", SSL_GETPID(), ss->fd));
|
| + "to contain rest of body",
|
| + SSL_GETPID(), ss->fd));
|
| PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
|
| gs->dtlsPacketOffset = 0;
|
| gs->dtlsPacket.len = 0;
|
| @@ -238,14 +239,14 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|
|
| /* OK, we have at least one complete packet, copy into inbuf */
|
| if (gs->remainder > gs->inbuf.space) {
|
| - err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
|
| - if (err) { /* realloc has set error code to no mem. */
|
| - return err;
|
| - }
|
| + err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
|
| + if (err) { /* realloc has set error code to no mem. */
|
| + return err;
|
| + }
|
| }
|
|
|
| memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset,
|
| - gs->remainder);
|
| + gs->remainder);
|
| gs->inbuf.len = gs->remainder;
|
| gs->offset = gs->remainder;
|
| gs->dtlsPacketOffset += gs->remainder;
|
| @@ -255,16 +256,16 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
| }
|
|
|
| /* Gather in a record and when complete, Handle that record.
|
| - * Repeat this until the handshake is complete,
|
| + * Repeat this until the handshake is complete,
|
| * or until application data is available.
|
| *
|
| - * Returns 1 when the handshake is completed without error, or
|
| + * Returns 1 when the handshake is completed without error, or
|
| * application data is available.
|
| * Returns 0 if ssl3_GatherData hits EOF.
|
| * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
|
| * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
|
| *
|
| - * Called from ssl_GatherRecord1stHandshake in sslcon.c,
|
| + * Called from ssl_GatherRecord1stHandshake in sslcon.c,
|
| * and from SSL_ForceHandshake in sslsecur.c
|
| * and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).
|
| *
|
| @@ -274,8 +275,8 @@ int
|
| ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
| {
|
| SSL3Ciphertext cText;
|
| - int rv;
|
| - PRBool keepGoing = PR_TRUE;
|
| + int rv;
|
| + PRBool keepGoing = PR_TRUE;
|
|
|
| SSL_TRC(30, ("ssl3_GatherCompleteHandshake"));
|
|
|
| @@ -283,143 +284,145 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
| * which requires the 1stHandshakeLock, which must be acquired before the
|
| * RecvBufLock.
|
| */
|
| - PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
|
| - PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
| + PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
|
| + PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
|
|
|
| do {
|
| - PRBool handleRecordNow = PR_FALSE;
|
| -
|
| - ssl_GetSSL3HandshakeLock(ss);
|
| -
|
| - /* Without this, we may end up wrongly reporting
|
| - * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the
|
| - * peer while we are waiting to be restarted.
|
| - */
|
| - if (ss->ssl3.hs.restartTarget) {
|
| - ssl_ReleaseSSL3HandshakeLock(ss);
|
| - PORT_SetError(PR_WOULD_BLOCK_ERROR);
|
| - return (int) SECFailure;
|
| - }
|
| -
|
| - /* Treat an empty msgState like a NULL msgState. (Most of the time
|
| - * when ssl3_HandleHandshake returns SECWouldBlock, it leaves
|
| - * behind a non-NULL but zero-length msgState).
|
| - * Test: async_cert_restart_server_sends_hello_request_first_in_separate_record
|
| - */
|
| - if (ss->ssl3.hs.msgState.buf) {
|
| - if (ss->ssl3.hs.msgState.len == 0) {
|
| - ss->ssl3.hs.msgState.buf = NULL;
|
| - } else {
|
| - handleRecordNow = PR_TRUE;
|
| - }
|
| - }
|
| -
|
| - ssl_ReleaseSSL3HandshakeLock(ss);
|
| -
|
| - if (handleRecordNow) {
|
| - /* ssl3_HandleHandshake previously returned SECWouldBlock and the
|
| - * as-yet-unprocessed plaintext of that previous handshake record.
|
| - * We need to process it now before we overwrite it with the next
|
| - * handshake record.
|
| - */
|
| - rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
|
| - } else {
|
| - /* bring in the next sslv3 record. */
|
| - if (ss->recvdCloseNotify) {
|
| - /* RFC 5246 Section 7.2.1:
|
| - * Any data received after a closure alert is ignored.
|
| - */
|
| - return 0;
|
| - }
|
| - if (!IS_DTLS(ss)) {
|
| - rv = ssl3_GatherData(ss, &ss->gs, flags);
|
| - } else {
|
| - rv = dtls_GatherData(ss, &ss->gs, flags);
|
| -
|
| - /* If we got a would block error, that means that no data was
|
| - * available, so we check the timer to see if it's time to
|
| - * retransmit */
|
| - if (rv == SECFailure &&
|
| - (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) {
|
| - ssl_GetSSL3HandshakeLock(ss);
|
| - dtls_CheckTimer(ss);
|
| - ssl_ReleaseSSL3HandshakeLock(ss);
|
| - /* Restore the error in case something succeeded */
|
| - PORT_SetError(PR_WOULD_BLOCK_ERROR);
|
| - }
|
| - }
|
| -
|
| - if (rv <= 0) {
|
| - return rv;
|
| - }
|
| -
|
| - /* decipher it, and handle it if it's a handshake.
|
| - * If it's application data, ss->gs.buf will not be empty upon return.
|
| - * If it's a change cipher spec, alert, or handshake message,
|
| - * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess.
|
| - */
|
| - cText.type = (SSL3ContentType)ss->gs.hdr[0];
|
| - cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
|
| -
|
| - if (IS_DTLS(ss)) {
|
| - int i;
|
| -
|
| - cText.version = dtls_DTLSVersionToTLSVersion(cText.version);
|
| - /* DTLS sequence number */
|
| - cText.seq_num.high = 0; cText.seq_num.low = 0;
|
| - for (i = 0; i < 4; i++) {
|
| - cText.seq_num.high <<= 8; cText.seq_num.low <<= 8;
|
| - cText.seq_num.high |= ss->gs.hdr[3 + i];
|
| - cText.seq_num.low |= ss->gs.hdr[7 + i];
|
| - }
|
| - }
|
| -
|
| - cText.buf = &ss->gs.inbuf;
|
| - rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);
|
| - }
|
| - if (rv < 0) {
|
| - return ss->recvdCloseNotify ? 0 : rv;
|
| - }
|
| - if (ss->gs.buf.len > 0) {
|
| - /* We have application data to return to the application. This
|
| - * prioritizes returning application data to the application over
|
| - * completing any renegotiation handshake we may be doing.
|
| - */
|
| - PORT_Assert(ss->firstHsDone);
|
| - PORT_Assert(cText.type == content_application_data);
|
| - break;
|
| - }
|
| -
|
| - PORT_Assert(keepGoing);
|
| - ssl_GetSSL3HandshakeLock(ss);
|
| - if (ss->ssl3.hs.ws == idle_handshake) {
|
| - /* We are done with the current handshake so stop trying to
|
| - * handshake. Note that it would be safe to test ss->firstHsDone
|
| - * instead of ss->ssl3.hs.ws. By testing ss->ssl3.hs.ws instead,
|
| - * we prioritize completing a renegotiation handshake over sending
|
| - * application data.
|
| - */
|
| - PORT_Assert(ss->firstHsDone);
|
| - PORT_Assert(!ss->ssl3.hs.canFalseStart);
|
| - keepGoing = PR_FALSE;
|
| - } else if (ss->ssl3.hs.canFalseStart) {
|
| - /* Prioritize sending application data over trying to complete
|
| - * the handshake if we're false starting.
|
| - *
|
| - * If we were to do this check at the beginning of the loop instead
|
| - * of here, then this function would become be a no-op after
|
| - * receiving the ServerHelloDone in the false start case, and we
|
| - * would never complete the handshake.
|
| - */
|
| - PORT_Assert(!ss->firstHsDone);
|
| -
|
| - if (ssl3_WaitingForStartOfServerSecondRound(ss)) {
|
| - keepGoing = PR_FALSE;
|
| - } else {
|
| - ss->ssl3.hs.canFalseStart = PR_FALSE;
|
| - }
|
| - }
|
| - ssl_ReleaseSSL3HandshakeLock(ss);
|
| + PRBool handleRecordNow = PR_FALSE;
|
| +
|
| + ssl_GetSSL3HandshakeLock(ss);
|
| +
|
| + /* Without this, we may end up wrongly reporting
|
| + * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the
|
| + * peer while we are waiting to be restarted.
|
| + */
|
| + if (ss->ssl3.hs.restartTarget) {
|
| + ssl_ReleaseSSL3HandshakeLock(ss);
|
| + PORT_SetError(PR_WOULD_BLOCK_ERROR);
|
| + return (int)SECFailure;
|
| + }
|
| +
|
| + /* Treat an empty msgState like a NULL msgState. (Most of the time
|
| + * when ssl3_HandleHandshake returns SECWouldBlock, it leaves
|
| + * behind a non-NULL but zero-length msgState).
|
| + * Test: async_cert_restart_server_sends_hello_request_first_in_separate_record
|
| + */
|
| + if (ss->ssl3.hs.msgState.buf) {
|
| + if (ss->ssl3.hs.msgState.len == 0) {
|
| + ss->ssl3.hs.msgState.buf = NULL;
|
| + } else {
|
| + handleRecordNow = PR_TRUE;
|
| + }
|
| + }
|
| +
|
| + ssl_ReleaseSSL3HandshakeLock(ss);
|
| +
|
| + if (handleRecordNow) {
|
| + /* ssl3_HandleHandshake previously returned SECWouldBlock and the
|
| + * as-yet-unprocessed plaintext of that previous handshake record.
|
| + * We need to process it now before we overwrite it with the next
|
| + * handshake record.
|
| + */
|
| + rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
|
| + } else {
|
| + /* bring in the next sslv3 record. */
|
| + if (ss->recvdCloseNotify) {
|
| + /* RFC 5246 Section 7.2.1:
|
| + * Any data received after a closure alert is ignored.
|
| + */
|
| + return 0;
|
| + }
|
| + if (!IS_DTLS(ss)) {
|
| + rv = ssl3_GatherData(ss, &ss->gs, flags);
|
| + } else {
|
| + rv = dtls_GatherData(ss, &ss->gs, flags);
|
| +
|
| + /* If we got a would block error, that means that no data was
|
| + * available, so we check the timer to see if it's time to
|
| + * retransmit */
|
| + if (rv == SECFailure &&
|
| + (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) {
|
| + ssl_GetSSL3HandshakeLock(ss);
|
| + dtls_CheckTimer(ss);
|
| + ssl_ReleaseSSL3HandshakeLock(ss);
|
| + /* Restore the error in case something succeeded */
|
| + PORT_SetError(PR_WOULD_BLOCK_ERROR);
|
| + }
|
| + }
|
| +
|
| + if (rv <= 0) {
|
| + return rv;
|
| + }
|
| +
|
| + /* decipher it, and handle it if it's a handshake.
|
| + * If it's application data, ss->gs.buf will not be empty upon return.
|
| + * If it's a change cipher spec, alert, or handshake message,
|
| + * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess.
|
| + */
|
| + cText.type = (SSL3ContentType)ss->gs.hdr[0];
|
| + cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
|
| +
|
| + if (IS_DTLS(ss)) {
|
| + int i;
|
| +
|
| + cText.version = dtls_DTLSVersionToTLSVersion(cText.version);
|
| + /* DTLS sequence number */
|
| + cText.seq_num.high = 0;
|
| + cText.seq_num.low = 0;
|
| + for (i = 0; i < 4; i++) {
|
| + cText.seq_num.high <<= 8;
|
| + cText.seq_num.low <<= 8;
|
| + cText.seq_num.high |= ss->gs.hdr[3 + i];
|
| + cText.seq_num.low |= ss->gs.hdr[7 + i];
|
| + }
|
| + }
|
| +
|
| + cText.buf = &ss->gs.inbuf;
|
| + rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);
|
| + }
|
| + if (rv < 0) {
|
| + return ss->recvdCloseNotify ? 0 : rv;
|
| + }
|
| + if (ss->gs.buf.len > 0) {
|
| + /* We have application data to return to the application. This
|
| + * prioritizes returning application data to the application over
|
| + * completing any renegotiation handshake we may be doing.
|
| + */
|
| + PORT_Assert(ss->firstHsDone);
|
| + PORT_Assert(cText.type == content_application_data);
|
| + break;
|
| + }
|
| +
|
| + PORT_Assert(keepGoing);
|
| + ssl_GetSSL3HandshakeLock(ss);
|
| + if (ss->ssl3.hs.ws == idle_handshake) {
|
| + /* We are done with the current handshake so stop trying to
|
| + * handshake. Note that it would be safe to test ss->firstHsDone
|
| + * instead of ss->ssl3.hs.ws. By testing ss->ssl3.hs.ws instead,
|
| + * we prioritize completing a renegotiation handshake over sending
|
| + * application data.
|
| + */
|
| + PORT_Assert(ss->firstHsDone);
|
| + PORT_Assert(!ss->ssl3.hs.canFalseStart);
|
| + keepGoing = PR_FALSE;
|
| + } else if (ss->ssl3.hs.canFalseStart) {
|
| + /* Prioritize sending application data over trying to complete
|
| + * the handshake if we're false starting.
|
| + *
|
| + * If we were to do this check at the beginning of the loop instead
|
| + * of here, then this function would become be a no-op after
|
| + * receiving the ServerHelloDone in the false start case, and we
|
| + * would never complete the handshake.
|
| + */
|
| + PORT_Assert(!ss->firstHsDone);
|
| +
|
| + if (ssl3_WaitingForServerSecondRound(ss)) {
|
| + keepGoing = PR_FALSE;
|
| + } else {
|
| + ss->ssl3.hs.canFalseStart = PR_FALSE;
|
| + }
|
| + }
|
| + ssl_ReleaseSSL3HandshakeLock(ss);
|
| } while (keepGoing);
|
|
|
| ss->gs.readOffset = 0;
|
| @@ -441,14 +444,14 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
| int
|
| ssl3_GatherAppDataRecord(sslSocket *ss, int flags)
|
| {
|
| - int rv;
|
| + int rv;
|
|
|
| /* ssl3_GatherCompleteHandshake requires both of these locks. */
|
| - PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
|
| - PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
| + PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
|
| + PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
|
|
|
| do {
|
| - rv = ssl3_GatherCompleteHandshake(ss, flags);
|
| + rv = ssl3_GatherCompleteHandshake(ss, flags);
|
| } while (rv > 0 && ss->gs.buf.len == 0);
|
|
|
| return rv;
|
|
|
Chromium Code Reviews
Issue 1844813002:
Uprev NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master