pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:767:    }    }   #ifdef SSL3_DEBUG    else    werror("SSL.Connection: Received warning alert %O\n",    ALERT_descriptions[description]);   #endif    return 0;   }    - int handle_change_cipher(int c) + int(-1..0) handle_change_cipher(int c)   {    COND_FATAL(!expect_change_cipher || (c != 1),    ALERT_unexpected_message, "Unexpected change cipher!\n");       if (sizeof(pending_read_state)) {    SSL3_DEBUG_MSG("%O: Changing read state.\n", this);    current_read_state = pending_read_state[0];    pending_read_state = pending_read_state[1..];    } else {    error("No new read state pending!\n");
pike.git/lib/modules/SSL.pmod/Connection.pike:915:   //! The peer has sent an @[Alert] packet, and @[handle_alert()]   //! for it has returned -1.   //! @item   //! The peer has sent an unsupported/illegal sequence of   //! packets, in which case a suitable @[Alert] will have been   //! generated and queued for sending to the peer.   //! @endul   //! @endmixed   //!   //! This function is intended to be called from an i/o read callback. - string(8bit)|int got_data(string(8bit) data) + string(8bit)|int(-1..1) got_data(string(8bit) data)   {    if (state & CONNECTION_peer_closed) {    // The peer has closed the connection.    return 1;    }    // If closing we continue to try to read a remote close message.    // That enables the caller to check for a clean close, and    // to get the leftovers after the SSL connection.       session->last_activity = time(1);
pike.git/lib/modules/SSL.pmod/Connection.pike:968:    packet->content_type);    switch (packet->content_type)    {    case PACKET_alert:    {    SSL3_DEBUG_MSG("SSL.Connection: ALERT\n");       COND_FATAL(!sizeof(packet->fragment), ALERT_unexpected_message,    "Zero length Alert fragments not allowed.\n");    -  int err = 0; +  int(-1..1) err = 0;    alert_buffer->add( packet->fragment );    while(!err && sizeof(alert_buffer)>1)    err = handle_alert(alert_buffer->read(2));       if (err) -  +  {    if (err > 0 && sizeof (res)) -  // If we get a close then we return the data we got so far. +  { +  // If we get a close then we return the data we got so +  // far. state has CONNECTION_peer_closed at this point.    return res; -  else +  }    return err; -  +  }    break;    }    case PACKET_change_cipher_spec:    {    SSL3_DEBUG_MSG("SSL.Connection: CHANGE_CIPHER_SPEC\n");       COND_FATAL(!sizeof(packet->fragment), ALERT_unexpected_message,    "Zero length ChangeCipherSpec fragments not allowed.\n");       COND_FATAL(version >= PROTOCOL_TLS_1_3, ALERT_unexpected_message,    "ChangeCipherSpec not allowed in TLS 1.3 and later.\n");       foreach(packet->fragment;; int c)    { -  int err = handle_change_cipher(c); +  int(-1..0) err = handle_change_cipher(c);    SSL3_DEBUG_MSG("tried change_cipher: %d\n", err);    if (err)    return err;    }    break;    }    case PACKET_handshake:    {    SSL3_DEBUG_MSG("SSL.Connection: HANDSHAKE\n");   
pike.git/lib/modules/SSL.pmod/Connection.pike:1028:    // effect is that renegotiation doesn't work all the time.    //    // A side effect is that we are partly invulnerable to the    // renegotiation vulnerability mentioned above. It is however    // not safe to assume that, since there might be routes past    // this, maybe through the use of a version 2 hello message    // below.    COND_FATAL(expect_change_cipher && (version < PROTOCOL_TLS_1_3),    ALERT_unexpected_message, "Expected change cipher.\n");    -  int err; +  int(-1..1) err;    handshake_buffer->add( packet->fragment );       while (sizeof(handshake_buffer) >= 4)    {    Stdio.Buffer.RewindKey key = handshake_buffer->rewind_key();    int type = handshake_buffer->read_int8();    Buffer input = Buffer(handshake_buffer->read_hbuffer(3));    if(!input)    {    // Not enough data.