pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:108:   #endif      string(8bit) handshake_messages;      Packet handshake_packet(int(8bit) type, string(8bit) data)   {   #ifdef SSL3_PROFILING    addRecord(type,1);   #endif    /* Perhaps one need to split large packages? */ -  Packet packet = Packet(version); -  packet->content_type = PACKET_handshake; -  packet->fragment = sprintf("%1c%3H", type, data); +  Packet packet = Packet(version, PACKET_handshake, +  sprintf("%1c%3H", type, data));    handshake_messages += packet->fragment;    return packet;   }      Packet change_cipher_packet()   { -  Packet packet = Packet(version); -  packet->content_type = PACKET_change_cipher_spec; -  packet->fragment = "\001"; -  return packet; +  return Packet(version, PACKET_change_cipher_spec, "\001");   }      string(8bit) hash_messages(string(8bit) sender)   {    string(8bit) hash;    if(version == PROTOCOL_SSL_3_0) {    hash = .Cipher.MACmd5(session->master_secret)->hash(handshake_messages + sender) +    .Cipher.MACsha(session->master_secret)->hash(handshake_messages + sender);    }    else if(version <= PROTOCOL_TLS_1_1) {
pike.git/lib/modules/SSL.pmod/Connection.pike:153:      Packet certificate_packet(array(string(8bit)) certificates)   {    Buffer struct = Buffer();    struct->add_string_array(certificates, 3, 3);    return handshake_packet(HANDSHAKE_certificate, struct->read());   }      Packet heartbeat_packet(string(8bit) s)   { -  Packet packet = Packet(version); -  packet->content_type = PACKET_heartbeat; -  packet->fragment = s; -  return packet; +  return Packet(version, PACKET_heartbeat, s);   }      protected Crypto.AES heartbeat_encode;   protected Crypto.AES heartbeat_decode;      Packet heartbleed_packet()   {    if (!heartbeat_encode) {    // NB: We encrypt the payload with a random AES key    // to reduce the amount of known plaintext in
pike.git/lib/modules/SSL.pmod/Connection.pike:517:      //! Renegotiate the connection.   void send_renegotiate();      //! Send an application data packet. If the data block is too large   //! then as much as possible of the beginning of it is sent. The size   //! of the sent data is returned.   int send_streaming_data (string(8bit) data)   {    if (!sizeof(data)) return 0; -  Packet packet = Packet(version); -  packet->content_type = PACKET_application_data; +  Packet packet = Packet(version, PACKET_application_data, "");    int max_packet_size = session->max_packet_size;    int size;    if ((!sent) && (version < PROTOCOL_TLS_1_1) &&    (session->cipher_spec->cipher_type ==    CIPHER_block)) {    // Workaround for the BEAST attack.    // This method is known as the 1/(n-1) split:    // Send just one byte of payload in the first packet    // to improve the initialization vectors in TLS 1.0.    size = sizeof((packet->fragment = data[..0]));    if (sizeof(data) > 1) {    // If we have more data, take the opportunity to queue some of it too.    send_packet(packet);    -  packet = Packet(version); -  packet->content_type = PACKET_application_data; +  packet = Packet(version, PACKET_application_data, "");    size += sizeof((packet->fragment = data[1..max_packet_size-1]));    }    } else {    size = sizeof ((packet->fragment = data[..max_packet_size-1]));    }    send_packet (packet);    sent += size;    return size;   }