| blob | bdf470b0cf0f1a9672d400da13152e9ca6f89872 |
1 /*
2 * Gather (Read) entire SSL2 records from socket into buffer.
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
12 /* Forward static declarations */
15 /*
16 ** Gather a single record of data from the receiving stream. This code
17 ** first gathers the header (2 or 3 bytes long depending on the value of
18 ** the most significant bit in the first byte) then gathers up the data
19 ** for the record into gs->buf. This code handles non-blocking I/O
20 ** and is to be called multiple times until ss->sec.recordLen != 0.
21 ** This function decrypts the gathered record in place, in gs_buf.
22 *
23 * Caller must hold RecvBufLock.
24 *
25 * Returns +1 when it has gathered a complete SSLV2 record.
26 * Returns 0 if it hits EOF.
27 * Returns -1 (SECFailure) on any error
28 * Returns -2 (SECWouldBlock) when it gathers an SSL v3 client hello header.
29 **
30 ** The SSL2 Gather State machine has 4 states:
31 ** GS_INIT - Done reading in previous record. Haven't begun to read in
32 ** next record. When ssl2_GatherData is called with the machine
33 ** in this state, the machine will attempt to read the first 3
34 ** bytes of the SSL2 record header, and will advance the state
35 ** to GS_HEADER.
36 **
37 ** GS_HEADER - The machine is in this state while waiting for the completion
38 ** of the first 3 bytes of the SSL2 record. When complete, the
39 ** machine will compute the remaining unread length of this record
40 ** and will initiate a read of that many bytes. The machine will
41 ** advance to one of two states, depending on whether the record
42 ** is encrypted (GS_MAC), or unencrypted (GS_DATA).
43 **
44 ** GS_MAC - The machine is in this state while waiting for the remainder
45 ** of the SSL2 record to be read in. When the read is completed,
46 ** the machine checks the record for valid length, decrypts it,
47 ** and checks and discards the MAC, then advances to GS_INIT.
48 **
49 ** GS_DATA - The machine is in this state while waiting for the remainder
50 ** of the unencrypted SSL2 record to be read in. Upon completion,
51 ** the machine advances to the GS_INIT state and returns the data.
52 */
53 int
55 {
63 /* Initialize gathering engine */
74 }
77 }
87 }
89 /* EOF */
93 }
99 }
106 }
108 /* Probably finished this piece */
115 /* If this looks like an SSL3 handshake record,
116 ** and we're expecting an SSL2 Hello message from our peer,
117 ** handle it here.
118 */
125 }
126 }
127 /* XXX_1 The call stack to here is:
128 * ssl_Do1stHandshake -> ssl_GatherRecord1stHandshake ->
129 * ssl2_GatherRecord -> here.
130 * We want to return all the way out to ssl_Do1stHandshake,
131 * and have it call ssl_GatherRecord1stHandshake again.
132 * ssl_GatherRecord1stHandshake will call
133 * ssl3_GatherCompleteHandshake when it is called again.
134 *
135 * Returning SECWouldBlock here causes
136 * ssl_GatherRecord1stHandshake to return without clearing
137 * ss->handshake, ensuring that ssl_Do1stHandshake will
138 * call it again immediately.
139 *
140 * If we return 1 here, ssl_GatherRecord1stHandshake will
141 * clear ss->handshake before returning, and thus will not
142 * be called again by ssl_Do1stHandshake.
143 */
147 /* XXX This is a hack. We're assuming that any failure
148 * XXX on the client hello is a failure to match
149 * XXX ciphers.
150 */
153 }
154 }
155 }
157 /* we've got the first 3 bytes. The header may be two or three. */
159 /* This record has a 2-byte header, and no padding */
163 /* This record has a 3-byte header that is all read in now. */
165 /* is_escape = (gs->hdr[0] & 0x40) != 0; */
167 }
171 }
177 }
179 }
183 /* we've already read in the first byte of the body.
184 ** Put it into the buffer.
185 */
192 }
201 }
207 /* Have read in entire rest of the ciphertext.
208 ** Check for valid length.
209 ** Decrypt it.
210 ** Check the MAC.
211 */
214 {
221 /* If this is a stream cipher, blockSize will be 1,
222 * and this test will always be false.
223 * If this is a block cipher, this will detect records
224 * that are not a multiple of the blocksize in length.
225 */
227 /* This is an error. Sender is misbehaving */
234 }
240 }
242 /* Decrypt the portion of data that we just received.
243 ** Decrypt it in place.
244 */
249 }
252 /* Have read in all the MAC portion of record
253 **
254 ** Prepare MAC by resetting it and feeding it the shared secret
255 */
279 /* MAC's didn't match... */
287 }
290 }
299 cleanup:
300 /* nothing in the buffer any more. */
305 }
315 }
318 spec_locked_done:
321 }
324 /* Have read in all the DATA portion of record */
343 }
345 /*
346 ** Gather a single record of data from the receiving stream. This code
347 ** first gathers the header (2 or 3 bytes long depending on the value of
348 ** the most significant bit in the first byte) then gathers up the data
349 ** for the record into the readBuf. This code handles non-blocking I/O
350 ** and is to be called multiple times until ss->sec.recordLen != 0.
351 *
352 * Returns +1 when it has gathered a complete SSLV2 record.
353 * Returns 0 if it hits EOF.
354 * Returns -1 (SECFailure) on any error
355 * Returns -2 (SECWouldBlock)
356 *
357 * Called by ssl_GatherRecord1stHandshake in sslcon.c,
358 * and by DoRecv in sslsecur.c
359 * Caller must hold RecvBufLock.
360 */
361 int
363 {
365 }
367 /* Caller should hold RecvBufLock. */
368 SECStatus
370 {
371 SECStatus status;
380 }
382 /* Caller must hold RecvBufLock. */
383 void
385 {
390 }
391 }
393 /* Caller must hold RecvBufLock. */
394 static SECStatus
396 {
397 SECStatus rv;
402 /* We've read in 3 bytes, there are 2 more to go in an ssl3 header. */
406 /* Clearing these handshake pointers ensures that
407 * ssl_Do1stHandshake won't call ssl2_HandleMessage when we return.
408 */
412 /* Setting ss->version to an SSL 3.x value will cause
413 ** ssl_GatherRecord1stHandshake to invoke ssl3_GatherCompleteHandshake()
414 ** the next time it is called.
415 **/
417 PR_TRUE);
420 }
425 }