diff options
Diffstat (limited to 'security/nss/lib/ssl/sslgathr.c')
-rw-r--r-- | security/nss/lib/ssl/sslgathr.c | 481 |
1 files changed, 0 insertions, 481 deletions
diff --git a/security/nss/lib/ssl/sslgathr.c b/security/nss/lib/ssl/sslgathr.c deleted file mode 100644 index 737a55c9b..000000000 --- a/security/nss/lib/ssl/sslgathr.c +++ /dev/null @@ -1,481 +0,0 @@ -/* - * Gather (Read) entire SSL2 records from socket into buffer. - * - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * - * $Id$ - */ -#include "cert.h" -#include "ssl.h" -#include "sslimpl.h" -#include "sslproto.h" - -/* Forward static declarations */ -static SECStatus ssl2_HandleV3HandshakeRecord(sslSocket *ss); - -/* -** Gather a single record of data from the receiving stream. This code -** first gathers the header (2 or 3 bytes long depending on the value of -** the most significant bit in the first byte) then gathers up the data -** for the record into gs->buf. This code handles non-blocking I/O -** and is to be called multiple times until sec->recordLen != 0. -** This function decrypts the gathered record in place, in gs_buf. - * - * Caller must hold RecvBufLock. - * - * Returns +1 when it has gathered a complete SSLV2 record. - * Returns 0 if it hits EOF. - * Returns -1 (SECFailure) on any error - * Returns -2 (SECWouldBlock) when it gathers an SSL v3 client hello header. -** -** The SSL2 Gather State machine has 4 states: -** GS_INIT - Done reading in previous record. Haven't begun to read in -** next record. When ssl2_GatherData is called with the machine -** in this state, the machine will attempt to read the first 3 -** bytes of the SSL2 record header, and will advance the state -** to GS_HEADER. -** -** GS_HEADER - The machine is in this state while waiting for the completion -** of the first 3 bytes of the SSL2 record. When complete, the -** machine will compute the remaining unread length of this record -** and will initiate a read of that many bytes. The machine will -** advance to one of two states, depending on whether the record -** is encrypted (GS_MAC), or unencrypted (GS_DATA). -** -** GS_MAC - The machine is in this state while waiting for the remainder -** of the SSL2 record to be read in. When the read is completed, -** the machine checks the record for valid length, decrypts it, -** and checks and discards the MAC, then advances to GS_INIT. -** -** GS_DATA - The machine is in this state while waiting for the remainder -** of the unencrypted SSL2 record to be read in. Upon completion, -** the machine advances to the GS_INIT state and returns the data. -*/ -int -ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) -{ - sslSecurityInfo *sec = ss->sec; - unsigned char * bp; - unsigned char * pBuf; - int nb, err, rv; - - PORT_Assert( ssl_HaveRecvBufLock(ss) ); - - if (gs->state == GS_INIT) { - /* Initialize gathering engine */ - gs->state = GS_HEADER; - gs->remainder = 3; - gs->count = 3; - gs->offset = 0; - gs->recordLen = 0; - gs->recordPadding = 0; - gs->hdr[2] = 0; - - gs->writeOffset = 0; - gs->readOffset = 0; - } - if (gs->encrypted) { - PORT_Assert(sec != 0); - } - - pBuf = gs->buf.buf; - for (;;) { - SSL_TRC(30, ("%d: SSL[%d]: gather state %d (need %d more)", - SSL_GETPID(), ss->fd, gs->state, gs->remainder)); - bp = ((gs->state != GS_HEADER) ? pBuf : gs->hdr) + gs->offset; - nb = ssl_DefRecv(ss, bp, gs->remainder, flags); - if (nb > 0) { - PRINT_BUF(60, (ss, "raw gather data:", bp, nb)); - } - if (nb == 0) { - /* EOF */ - SSL_TRC(30, ("%d: SSL[%d]: EOF", SSL_GETPID(), ss->fd)); - rv = 0; - break; - } - if (nb < 0) { - SSL_DBG(("%d: SSL[%d]: recv error %d", SSL_GETPID(), ss->fd, - PR_GetError())); - rv = SECFailure; - break; - } - - gs->offset += nb; - gs->remainder -= nb; - - if (gs->remainder > 0) { - continue; - } - - /* Probably finished this piece */ - switch (gs->state) { - case GS_HEADER: - if ((ss->enableSSL3 || ss->enableTLS) && !ss->connected) { - - PORT_Assert( ssl_Have1stHandshakeLock(ss) ); - - /* If this looks like an SSL3 handshake record, - ** and we're expecting an SSL2 Hello message from our peer, - ** handle it here. - */ - if (gs->hdr[0] == content_handshake) { - if ((ss->nextHandshake == ssl2_HandleClientHelloMessage) || - (ss->nextHandshake == ssl2_HandleServerHelloMessage)) { - rv = ssl2_HandleV3HandshakeRecord(ss); - if (rv == SECFailure) { - return SECFailure; - } - } - /* XXX_1 The call stack to here is: - * ssl_Do1stHandshake -> ssl_GatherRecord1stHandshake -> - * ssl2_GatherRecord -> here. - * We want to return all the way out to ssl_Do1stHandshake, - * and have it call ssl_GatherRecord1stHandshake again. - * ssl_GatherRecord1stHandshake will call - * ssl3_GatherCompleteHandshake when it is called again. - * - * Returning SECWouldBlock here causes - * ssl_GatherRecord1stHandshake to return without clearing - * ss->handshake, ensuring that ssl_Do1stHandshake will - * call it again immediately. - * - * If we return 1 here, ssl_GatherRecord1stHandshake will - * clear ss->handshake before returning, and thus will not - * be called again by ssl_Do1stHandshake. - */ - return SECWouldBlock; - } else if (gs->hdr[0] == content_alert) { - if (ss->nextHandshake == ssl2_HandleServerHelloMessage) { - /* XXX This is a hack. We're assuming that any failure - * XXX on the client hello is a failure to match - * XXX ciphers. - */ - PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); - return SECFailure; - } - } - } /* ((ss->enableSSL3 || ss->enableTLS) && !ss->connected) */ - - /* we've got the first 3 bytes. The header may be two or three. */ - if (gs->hdr[0] & 0x80) { - /* This record has a 2-byte header, and no padding */ - gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1]; - gs->recordPadding = 0; - } else { - /* This record has a 3-byte header that is all read in now. */ - gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1]; - /* is_escape = (gs->hdr[0] & 0x40) != 0; */ - gs->recordPadding = gs->hdr[2]; - } - - if (gs->count > gs->buf.space) { - err = sslBuffer_Grow(&gs->buf, gs->count); - if (err) { - return err; - } - pBuf = gs->buf.buf; - } - - - if (gs->hdr[0] & 0x80) { - /* we've already read in the first byte of the body. - ** Put it into the buffer. - */ - pBuf[0] = gs->hdr[2]; - gs->offset = 1; - gs->remainder = gs->count - 1; - } else { - gs->offset = 0; - gs->remainder = gs->count; - } - - if (gs->encrypted) { - gs->state = GS_MAC; - gs->recordLen = gs->count - gs->recordPadding - - sec->hash->length; - } else { - gs->state = GS_DATA; - gs->recordLen = gs->count; - } - - break; - - - case GS_MAC: - /* Have read in entire rest of the ciphertext. - ** Check for valid length. - ** Decrypt it. - ** Check the MAC. - */ - PORT_Assert(gs->encrypted); - - { - unsigned int macLen; - int nout; - unsigned char mac[SSL_MAX_MAC_BYTES]; - - ssl_GetSpecReadLock(ss); /**********************************/ - - /* If this is a stream cipher, blockSize will be 1, - * and this test will always be false. - * If this is a block cipher, this will detect records - * that are not a multiple of the blocksize in length. - */ - if (gs->count & (sec->blockSize - 1)) { - /* This is an error. Sender is misbehaving */ - SSL_DBG(("%d: SSL[%d]: sender, count=%d blockSize=%d", - SSL_GETPID(), ss->fd, gs->count, - sec->blockSize)); - PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); - rv = SECFailure; - goto spec_locked_done; - } - PORT_Assert(gs->count == gs->offset); - - if (gs->offset == 0) { - rv = 0; /* means EOF. */ - goto spec_locked_done; - } - - /* Decrypt the portion of data that we just recieved. - ** Decrypt it in place. - */ - rv = (*sec->dec)(sec->readcx, pBuf, &nout, gs->offset, - pBuf, gs->offset); - if (rv != SECSuccess) { - goto spec_locked_done; - } - - - /* Have read in all the MAC portion of record - ** - ** Prepare MAC by resetting it and feeding it the shared secret - */ - macLen = sec->hash->length; - if (gs->offset >= macLen) { - uint32 sequenceNumber = sec->rcvSequence++; - unsigned char seq[4]; - - seq[0] = (unsigned char) (sequenceNumber >> 24); - seq[1] = (unsigned char) (sequenceNumber >> 16); - seq[2] = (unsigned char) (sequenceNumber >> 8); - seq[3] = (unsigned char) (sequenceNumber); - - (*sec->hash->begin)(sec->hashcx); - (*sec->hash->update)(sec->hashcx, sec->rcvSecret.data, - sec->rcvSecret.len); - (*sec->hash->update)(sec->hashcx, pBuf + macLen, - gs->offset - macLen); - (*sec->hash->update)(sec->hashcx, seq, 4); - (*sec->hash->end)(sec->hashcx, mac, &macLen, macLen); - } - - PORT_Assert(macLen == sec->hash->length); - - ssl_ReleaseSpecReadLock(ss); /******************************/ - - if (PORT_Memcmp(mac, pBuf, macLen) != 0) { - /* MAC's didn't match... */ - SSL_DBG(("%d: SSL[%d]: mac check failed, seq=%d", - SSL_GETPID(), ss->fd, sec->rcvSequence)); - PRINT_BUF(1, (ss, "computed mac:", mac, macLen)); - PRINT_BUF(1, (ss, "received mac:", pBuf, macLen)); - PORT_SetError(SSL_ERROR_BAD_MAC_READ); - rv = SECFailure; - goto cleanup; - } - - - PORT_Assert(gs->recordPadding + macLen <= gs->offset); - if (gs->recordPadding + macLen <= gs->offset) { - gs->recordOffset = macLen; - gs->readOffset = macLen; - gs->writeOffset = gs->offset - gs->recordPadding; - rv = 1; - } else { - PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); -cleanup: - /* nothing in the buffer any more. */ - gs->recordOffset = 0; - gs->readOffset = 0; - gs->writeOffset = 0; - rv = SECFailure; - } - - gs->recordLen = gs->writeOffset - gs->readOffset; - gs->recordPadding = 0; /* forget we did any padding. */ - gs->state = GS_INIT; - - - if (rv > 0) { - PRINT_BUF(50, (ss, "recv clear record:", - pBuf + gs->recordOffset, gs->recordLen)); - } - return rv; - -spec_locked_done: - ssl_ReleaseSpecReadLock(ss); - return rv; - } - - case GS_DATA: - /* Have read in all the DATA portion of record */ - - gs->recordOffset = 0; - gs->readOffset = 0; - gs->writeOffset = gs->offset; - PORT_Assert(gs->recordLen == gs->writeOffset - gs->readOffset); - gs->recordLen = gs->offset; - gs->recordPadding = 0; - gs->state = GS_INIT; - - ++sec->rcvSequence; - - PRINT_BUF(50, (ss, "recv clear record:", - pBuf + gs->recordOffset, gs->recordLen)); - return 1; - - } /* end switch gs->state */ - } /* end gather loop. */ - return rv; -} - -/* -** Gather a single record of data from the receiving stream. This code -** first gathers the header (2 or 3 bytes long depending on the value of -** the most significant bit in the first byte) then gathers up the data -** for the record into the readBuf. This code handles non-blocking I/O -** and is to be called multiple times until sec->recordLen != 0. - * - * Returns +1 when it has gathered a complete SSLV2 record. - * Returns 0 if it hits EOF. - * Returns -1 (SECFailure) on any error - * Returns -2 (SECWouldBlock) - * - * Called by ssl_GatherRecord1stHandshake in sslcon.c, - * and by DoRecv in sslsecur.c - * Caller must hold RecvBufLock. - */ -int -ssl2_GatherRecord(sslSocket *ss, int flags) -{ - return ssl2_GatherData(ss, ss->gather, flags); -} - -/* - * Returns +1 when it has gathered a complete SSLV2 record. - * Returns 0 if it hits EOF. - * Returns -1 (SECFailure) on any error - * Returns -2 (SECWouldBlock) - * - * Called from SocksStartGather in sslsocks.c - * Caller must hold RecvBufLock. - */ -int -ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, unsigned int count) -{ - int rv; - - PORT_Assert( ssl_HaveRecvBufLock(ss) ); - gs->state = GS_DATA; - gs->remainder = count; - gs->count = count; - gs->offset = 0; - if (count > gs->buf.space) { - rv = sslBuffer_Grow(&gs->buf, count); - if (rv) { - return rv; - } - } - return ssl2_GatherData(ss, gs, 0); -} - -/* Caller should hold RecvBufLock. */ -sslGather * -ssl_NewGather(void) -{ - sslGather *gs; - - gs = (sslGather*) PORT_ZAlloc(sizeof(sslGather)); - if (gs) { - gs->state = GS_INIT; - } - return gs; -} - -/* Caller must hold RecvBufLock. */ -void -ssl_DestroyGather(sslGather *gs) -{ - if (gs->inbuf.buf != NULL) { - PORT_ZFree(gs->inbuf.buf, gs->inbuf.len); - } - if (gs) { - PORT_Free(gs->buf.buf); - PORT_Free(gs); - } -} - -/* Caller must hold RecvBufLock. */ -static SECStatus -ssl2_HandleV3HandshakeRecord(sslSocket *ss) -{ - sslGather * gs = ss->gather; - SECStatus rv; - SSL3ProtocolVersion version = (gs->hdr[1] << 8) | gs->hdr[2]; - - PORT_Assert( ssl_HaveRecvBufLock(ss) ); - PORT_Assert( ssl_Have1stHandshakeLock(ss) ); - - /* We've read in 3 bytes, there are 2 more to go in an ssl3 header. */ - gs->remainder = 2; - gs->count = 0; - - /* Clearing these handshake pointers ensures that - * ssl_Do1stHandshake won't call ssl2_HandleMessage when we return. - */ - ss->nextHandshake = 0; - ss->securityHandshake = 0; - - /* Setting ss->version to an SSL 3.x value will cause - ** ssl_GatherRecord1stHandshake to invoke ssl3_GatherCompleteHandshake() - ** the next time it is called. - **/ - rv = ssl3_NegotiateVersion(ss, version); - if (rv != SECSuccess) { - return rv; - } - - ss->sec->send = ssl3_SendApplicationData; - - return SECSuccess; -} |