pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:106:   #endif      string(8bit) handshake_messages;      Packet handshake_packet(int(8bit) type, string data)   {   #ifdef SSL3_PROFILING    addRecord(type,1);   #endif    /* Perhaps one need to split large packages? */ -  Packet packet = Packet(); +  Packet packet = Packet(version);    packet->content_type = PACKET_handshake;    packet->fragment = sprintf("%1c%3H", type, [string(8bit)]data);    handshake_messages += packet->fragment;    return packet;   }      Packet change_cipher_packet()   { -  Packet packet = Packet(); +  Packet packet = Packet(version);    packet->content_type = PACKET_change_cipher_spec;    packet->fragment = "\001";    return packet;   }      string(8bit) hash_messages(string(8bit) sender)   {    if(version == PROTOCOL_SSL_3_0) {    return .Cipher.MACmd5(session->master_secret)->hash(handshake_messages + sender) +    .Cipher.MACsha(session->master_secret)->hash(handshake_messages + sender);
pike.git/lib/modules/SSL.pmod/Connection.pike:146:      Packet certificate_packet(array(string(8bit)) certificates)   {    ADT.struct struct = ADT.struct();    struct->put_var_string_array(certificates, 3, 3);    return handshake_packet(HANDSHAKE_certificate, struct->pop_data());   }      Packet heartbeat_packet(string(8bit) s)   { -  Packet packet = Packet(); +  Packet packet = Packet(version);    packet->content_type = PACKET_heartbeat;    packet->fragment = s;    return packet;   }      protected Crypto.AES heartbeat_encode;   protected Crypto.AES heartbeat_decode;      Packet heartbleed_packet()   {
pike.git/lib/modules/SSL.pmod/Connection.pike:360:      //! Low-level receive handler. Returns a packet, an alert, or zero if   //! more data is needed to get a complete packet.   protected Packet recv_packet(string(8bit) data)   {    string(8bit)|Packet res;       // SSL3_DEBUG_MSG("SSL.Connection->recv_packet(%O)\n", data);    if (left_over || !packet)    { -  packet = Packet(2048); -  res = packet->recv( (left_over || "") + data, version); +  packet = Packet(version, 2048); +  res = packet->recv( (left_over || "") + data);    }    else -  res = packet->recv(data, version); +  res = packet->recv(data);       if (stringp(res))    { /* Finished a packet */    left_over = [string]res;    if (current_read_state) {    SSL3_DEBUG_MSG("SSL.Connection->recv_packet(): version=0x%x\n",    version); -  return current_read_state->decrypt_packet(packet, version); +  return current_read_state->decrypt_packet(packet);    } else {    SSL3_DEBUG_MSG("SSL.Connection->recv_packet(): current_read_state is zero!\n");    return 0;    }    }    else /* Partial packet read, or error */    left_over = 0;       return [object]res;   }
pike.git/lib/modules/SSL.pmod/Connection.pike:476:    // connections corresponding to the session may continue, but    // the session identifier must be invalidated, preventing the    // failed session from being used to establish new connections.    if (session) {    context->purge_session(session);    }    } else if (packet->description == ALERT_close_notify) {    state = [int(0..0)|ConnectionState](state | CONNECTION_local_closed);    }    } -  string res = current_write_state->encrypt_packet(packet, version)->send(); +  string res = current_write_state->encrypt_packet(packet)->send();    if (packet->content_type == PACKET_change_cipher_spec)    current_write_state = pending_write_state;    return res;   }      //! Initiate close.   void send_close()   {    send_packet(alert(ALERT_warning, ALERT_close_notify,    "Closing connection.\n"), PRI_application);   }      //! Send an application data packet. If the data block is too large   //! then as much as possible of the beginning of it is sent. The size   //! of the sent data is returned.   int send_streaming_data (string(8bit) data)   {    if (!sizeof(data)) return 0; -  Packet packet = Packet(); +  Packet packet = Packet(version);    packet->content_type = PACKET_application_data;    int max_packet_size = session->max_packet_size;    int size;    if ((!sent) && (version < PROTOCOL_TLS_1_1) &&    (session->cipher_spec->cipher_type ==    CIPHER_block)) {    // Workaround for the BEAST attack.    // This method is known as the 1/(n-1) split:    // Send just one byte of payload in the first packet    // to improve the initialization vectors in TLS 1.0.    size = sizeof((packet->fragment = data[..0]));    if (sizeof(data) > 1) {    // If we have more data, take the opportunity to queue some of it too.    send_packet(packet);    -  packet = Packet(); +  packet = Packet(version);    packet->content_type = PACKET_application_data;    size += sizeof((packet->fragment = data[1..max_packet_size-1]));    }    } else {    size = sizeof ((packet->fragment = data[..max_packet_size-1]));    }    send_packet (packet);    sent += size;    return size;   }