pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:103: Inside #if defined(SSL3_PROFILING)
  void addRecord(int t,int s) {    addRecord(sprintf("sender: %d type: %s", s, fmt_constant(t, "HANDSHAKE")));   }   variant void addRecord(string label) {    float stamp = timer->peek();    Stdio.stdout.write("time: %.6f (%.6f) %s\n", stamp, stamp-last_time, label);    last_time = stamp;   }   #endif    - string(8bit) handshake_messages = ""; + Buffer handshake_messages = Buffer(); + protected void add_handshake_message(Buffer|Stdio.Buffer|string(8bit) data) + { +  handshake_messages->add(data); + }      Packet handshake_packet(int(8bit) type,    string(8bit)|Buffer|object(Stdio.Buffer) data)   {   #ifdef SSL3_PROFILING    addRecord(type,1);   #endif    string(8bit) str;    if(stringp(data))    str = [string(8bit)]data;    else    str = (string(8bit))data;    str = sprintf("%1c%3H", type, str); -  handshake_messages += str; +  add_handshake_message(str);       /* Perhaps one need to split large packages? */    Packet packet = Packet(version, PACKET_handshake, str);    return packet;   }      Packet change_cipher_packet()   {    expect_change_cipher++;    return Packet(version, PACKET_change_cipher_spec, "\001");   }      string(8bit) hash_messages(string(8bit) sender, int|void len)   {    if(version == PROTOCOL_SSL_3_0) { -  string(8bit) data = handshake_messages + sender; +  string(8bit) data = (string(8bit))handshake_messages + sender;    return .Cipher.MACmd5(session->master_secret)->hash(data) +    .Cipher.MACsha(session->master_secret)->hash(data);    }    else if(version <= PROTOCOL_TLS_1_1) {    return session->cipher_spec->prf(session->master_secret, sender,    Crypto.MD5.hash(handshake_messages)+    Crypto.SHA1.hash(handshake_messages), 12);    }    return session->cipher_spec->prf(session->master_secret, sender,    session->cipher_spec->hash -  ->hash(handshake_messages), +  ->hash((string(8bit))handshake_messages),    len || 12);   }      Packet certificate_packet(array(string(8bit)) certificates)   {    return handshake_packet(HANDSHAKE_certificate,    Buffer()->add_string_array(certificates, 3, 3));   }      Packet certificate_verify_packet(string(8bit)|void signature_context)
pike.git/lib/modules/SSL.pmod/Connection.pike:166:    SSL3_DEBUG_MSG("SSL.Connection: CERTIFICATE_VERIFY\n"    "%O: handshake_messages: %d bytes.\n",    this_object(), sizeof(handshake_messages));    Buffer struct = Buffer();       if (signature_context) {    // TLS 1.3 and later.    session->cipher_spec->sign(session,    signature_context +    session->cipher_spec->hash -  ->hash(handshake_messages), +  ->hash((string(8bit))handshake_messages),    struct);    } else { -  session->cipher_spec->sign(session, handshake_messages, struct); +  session->cipher_spec->sign(session, (string(8bit))handshake_messages, struct);    }       return handshake_packet(HANDSHAKE_certificate_verify, struct);   }      int(-1..0) validate_certificate_verify(Buffer input,    string(8bit) signature_context)   {    int(0..1) verification_ok; -  string(8bit) signed = handshake_messages; +  string(8bit) signed = (string(8bit))handshake_messages;    if (version >= PROTOCOL_TLS_1_3)    signed = signature_context + session->cipher_spec->hash->hash(signed);       mixed err = catch {    verification_ok = session->cipher_spec->verify(    session, signed, input);    };   #ifdef SSL3_DEBUG    if (err) {    master()->handle_error(err);