| blob | cd487c6670a8611244fc6ae8ced8adb9287ac9c9 |
1 /*
2 * Gather (Read) entire SSL3 records from socket into buffer.
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
13 /*
14 * Attempt to read in an entire SSL3 record.
15 * Blocks here for blocking sockets, otherwise returns -1 with
16 * PR_WOULD_BLOCK_ERROR when socket would block.
17 *
18 * returns 1 if received a complete SSL3 record.
19 * returns 0 if recv returns EOF
20 * returns -1 if recv returns < 0
21 * (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
22 *
23 * Caller must hold the recv buf lock.
24 *
25 * The Gather state machine has 3 states: GS_INIT, GS_HEADER, GS_DATA.
26 * GS_HEADER: waiting for the 5-byte SSL3 record header to come in.
27 * GS_DATA: waiting for the body of the SSL3 record to come in.
28 *
29 * This loop returns when either
30 * (a) an error or EOF occurs,
31 * (b) PR_WOULD_BLOCK_ERROR,
32 * (c) data (entire SSL3 record) has been received.
33 */
34 static int
36 {
51 }
63 /* EOF */
72 }
76 /* ssl_DefRecv is misbehaving! this error is fatal to SSL. */
80 }
87 /* if there's more to go, read some more. */
90 }
92 /* have received entire record header, or entire record. */
95 /*
96 ** Have received SSL3 record header in gs->hdr.
97 ** Now extract the length of the following encrypted data,
98 ** and then read in the rest of the SSL3 record into gs->inbuf.
99 */
102 /* This is the max fragment length for an encrypted fragment
103 ** plus the size of the record header.
104 */
110 }
120 }
122 }
127 /*
128 ** SSL3 record has been completely received.
129 */
132 }
133 }
136 }
138 /*
139 * Read in an entire DTLS record.
140 *
141 * Blocks here for blocking sockets, otherwise returns -1 with
142 * PR_WOULD_BLOCK_ERROR when socket would block.
143 *
144 * This is simpler than SSL because we are reading on a datagram socket
145 * and datagrams must contain >=1 complete records.
146 *
147 * returns 1 if received a complete DTLS record.
148 * returns 0 if recv returns EOF
149 * returns -1 if recv returns < 0
150 * (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
151 *
152 * Caller must hold the recv buf lock.
153 *
154 * This loop returns when either
155 * (a) an error or EOF occurs,
156 * (b) PR_WOULD_BLOCK_ERROR,
157 * (c) data (entire DTLS record) has been received.
158 */
159 static int
161 {
177 /* Resize to the maximum possible size so we can fit a full datagram */
178 /* This is the max fragment length for an encrypted fragment
179 ** plus the size of the record header.
180 ** This magic constant is copied from ssl3_GatherData, with 5 changed
181 ** to 13 (the size of the record header).
182 */
188 }
189 }
191 /* recv() needs to read a full datagram at a time */
197 /* EOF */
206 }
209 }
211 /* At this point we should have >=1 complete records lined up in
212 * dtlsPacket. Read off the header.
213 */
222 }
226 /* Have received SSL3 record header in gs->hdr. */
237 }
239 /* OK, we have at least one complete packet, copy into inbuf */
244 }
245 }
255 }
257 /* Gather in a record and when complete, Handle that record.
258 * Repeat this until the handshake is complete,
259 * or until application data is available.
260 *
261 * Returns 1 when the handshake is completed without error, or
262 * application data is available.
263 * Returns 0 if ssl3_GatherData hits EOF.
264 * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
265 * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
266 *
267 * Called from ssl_GatherRecord1stHandshake in sslcon.c,
268 * and from SSL_ForceHandshake in sslsecur.c
269 * and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).
270 *
271 * Caller must hold the recv buf lock.
272 */
273 int
275 {
276 SSL3Ciphertext cText;
282 /* ssl3_HandleRecord may end up eventually calling ssl_FinishHandshake,
283 * which requires the 1stHandshakeLock, which must be acquired before the
284 * RecvBufLock.
285 */
294 /* Without this, we may end up wrongly reporting
295 * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the
296 * peer while we are waiting to be restarted.
297 */
302 }
304 /* Treat an empty msgState like a NULL msgState. (Most of the time
305 * when ssl3_HandleHandshake returns SECWouldBlock, it leaves
306 * behind a non-NULL but zero-length msgState).
307 * Test: async_cert_restart_server_sends_hello_request_first_in_separate_record
308 */
314 }
315 }
320 /* ssl3_HandleHandshake previously returned SECWouldBlock and the
321 * as-yet-unprocessed plaintext of that previous handshake record.
322 * We need to process it now before we overwrite it with the next
323 * handshake record.
324 */
327 /* bring in the next sslv3 record. */
329 /* RFC 5246 Section 7.2.1:
330 * Any data received after a closure alert is ignored.
331 */
333 }
339 /* If we got a would block error, that means that no data was
340 * available, so we check the timer to see if it's time to
341 * retransmit */
347 /* Restore the error in case something succeeded */
349 }
350 }
354 }
356 /* decipher it, and handle it if it's a handshake.
357 * If it's application data, ss->gs.buf will not be empty upon return.
358 * If it's a change cipher spec, alert, or handshake message,
359 * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess.
360 */
368 /* DTLS sequence number */
374 }
375 }
379 }
382 }
384 /* We have application data to return to the application. This
385 * prioritizes returning application data to the application over
386 * completing any renegotiation handshake we may be doing.
387 */
391 }
396 /* We are done with the current handshake so stop trying to
397 * handshake. Note that it would be safe to test ss->firstHsDone
398 * instead of ss->ssl3.hs.ws. By testing ss->ssl3.hs.ws instead,
399 * we prioritize completing a renegotiation handshake over sending
400 * application data.
401 */
406 /* Prioritize sending application data over trying to complete
407 * the handshake if we're false starting.
408 *
409 * If we were to do this check at the beginning of the loop instead
410 * of here, then this function would become be a no-op after
411 * receiving the ServerHelloDone in the false start case, and we
412 * would never complete the handshake.
413 */
420 }
421 }
428 }
430 /* Repeatedly gather in a record and when complete, Handle that record.
431 * Repeat this until some application data is received.
432 *
433 * Returns 1 when application data is available.
434 * Returns 0 if ssl3_GatherData hits EOF.
435 * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
436 * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
437 *
438 * Called from DoRecv in sslsecur.c
439 * Caller must hold the recv buf lock.
440 */
441 int
443 {
446 /* ssl3_GatherCompleteHandshake requires both of these locks. */
455 }