pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:407:   }         //! Do handshake processing. Type is one of HANDSHAKE_*, data is the   //! contents of the packet, and raw is the raw packet received (needed   //! for supporting SSLv2 hello messages).   //!   //! This function returns 0 if handshake is in progress, 1 if handshake   //! is finished, and -1 if a fatal error occurred. It uses the   //! send_packet() function to transmit packets. - int(-1..1) handle_handshake(int type, string(8bit) data, string(8bit) raw); + int(-1..1) handle_handshake(int type, Buffer input, Stdio.Buffer raw);      //! Initialize the connection state.   //!   //! @param ctx   //! The context for the connection.   protected void create(Context ctx)   {    current_read_state = State(this);    current_write_state = State(this);   
pike.git/lib/modules/SSL.pmod/Connection.pike:853: Inside #if defined(SSL3_DEBUG)
   int delta = gethrtime() - a;    SSL3_DEBUG_MSG("SSL.Connection: Heartbeat roundtrip: %dus\n", delta);   #endif    }    break;    default:    break;    }   }    + Stdio.Buffer handshake_buffer = Stdio.Buffer(); // Error mode 0.   string(8bit) alert_buffer = ""; - string(8bit) handshake_buffer = ""; +       //! Main receive handler.   //!   //! @param data   //! String of data received from the peer.   //!   //! @returns   //! Returns one of:   //! @mixed   //! @type string(zero)
pike.git/lib/modules/SSL.pmod/Connection.pike:1001:    // effect is that renegotiation doesn't work all the time.    //    // A side effect is that we are partly invulnerable to the    // renegotiation vulnerability mentioned above. It is however    // not safe to assume that, since there might be routes past    // this, maybe through the use of a version 2 hello message    // below.    COND_FATAL(expect_change_cipher && (version < PROTOCOL_TLS_1_3),    ALERT_unexpected_message, "Expected change cipher.\n");    -  int err, len; -  handshake_buffer += packet->fragment; +  int err; +  handshake_buffer->add( packet->fragment );       while (sizeof(handshake_buffer) >= 4)    { -  sscanf(handshake_buffer, "%*c%3c", len); -  if (sizeof(handshake_buffer) < (len + 4)) +  Stdio.Buffer.RewindKey key = handshake_buffer->rewind_key(); +  int type = handshake_buffer->read_int8(); +  Buffer input = Buffer(handshake_buffer->read_hbuffer(3)); +  if(!input) +  { +  // Not enough data. +  key->rewind();    break; -  +  } +  +  int len = 1+3+sizeof(input); +  key->rewind(); +  Stdio.Buffer raw = handshake_buffer->read_buffer(len); +     mixed exception = catch { -  err = handle_handshake(handshake_buffer[0], -  handshake_buffer[4..len + 3], -  handshake_buffer[.. len + 3]); +  err = handle_handshake(type, input, raw);    };    if( exception )    {    if( objectp(exception) && ([object]exception)->buffer_error )    {    Error.Generic e = [object(Error.Generic)]exception;    COND_FATAL(1, ALERT_decode_error, e->message());    }    throw(exception);    } -  handshake_buffer = handshake_buffer[len + 4..]; +     if (err < 0)    return err;    if (err > 0) {    state &= ~CONNECTION_handshaking;    }    }    break;    }    case PACKET_application_data:    SSL3_DEBUG_MSG("SSL.Connection: APPLICATION_DATA\n");