pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:102: Inside #if defined(SSL3_PROFILING)
  #ifdef SSL3_PROFILING   System.Timer timer = System.Timer();   void addRecord(int t,int s) {    Stdio.stdout.write("time: %.6f sender: %d type: %s\n", timer->get(), s,    fmt_constant(t, "HANDSHAKE"));   }   #endif      string(8bit) handshake_messages;    - Packet handshake_packet(int(8bit) type, string(8bit) data) + Packet handshake_packet(int(8bit) type, string(8bit)|Buffer data)   {   #ifdef SSL3_PROFILING    addRecord(type,1);   #endif -  +  string(8bit) str; +  if(stringp(data)) +  str = [string(8bit)]data; +  else +  str = ([object(Buffer)]data)->read(); +  str = sprintf("%1c%3H", type, str); +  handshake_messages += str; +     /* Perhaps one need to split large packages? */ -  Packet packet = Packet(version, PACKET_handshake, -  sprintf("%1c%3H", type, data)); -  handshake_messages += packet->fragment; +  Packet packet = Packet(version, PACKET_handshake, str);    return packet;   }      Packet change_cipher_packet()   {    return Packet(version, PACKET_change_cipher_spec, "\001");   }      string(8bit) hash_messages(string(8bit) sender)   {
pike.git/lib/modules/SSL.pmod/Connection.pike:144:    ->hash(handshake_messages), 12);    }       // Handshake hash is only calculated once.    handshake_messages = 0;    return hash;   }      Packet certificate_packet(array(string(8bit)) certificates)   { -  Buffer struct = Buffer(); -  struct->add_string_array(certificates, 3, 3); -  return handshake_packet(HANDSHAKE_certificate, struct->read()); +  return handshake_packet(HANDSHAKE_certificate, +  Buffer()->add_string_array(certificates, 3, 3));   }    - Packet heartbeat_packet(string(8bit) s) + Packet heartbeat_packet(Buffer s)   { -  return Packet(version, PACKET_heartbeat, s); +  return Packet(version, PACKET_heartbeat, s->read());   }      protected Crypto.AES heartbeat_encode;   protected Crypto.AES heartbeat_decode;      Packet heartbleed_packet()   {    if (!heartbeat_encode) {    // NB: We encrypt the payload with a random AES key    // to reduce the amount of known plaintext in
pike.git/lib/modules/SSL.pmod/Connection.pike:190:    // to avoid actually stealing information from the peer.    //    // Note that we detect the packet on return by it having all zeros    // in the second field.    Buffer hb_msg = Buffer();    hb_msg->add_int(HEARTBEAT_MESSAGE_request, 1);    hb_msg->add_int(16, 2);    int now = gethrtime();    hb_msg->add(heartbeat_encode->crypt(sprintf("%8c%8c", now, 0)));    // No padding. -  return heartbeat_packet((string(8bit))hb_msg); +  return heartbeat_packet(hb_msg);   }      // verify that a certificate chain is acceptable   //   int verify_certificate_chain(array(string) certs)   {    // do we need to verify the certificate chain?    if(!context->verify_certificates)    return 1;   
pike.git/lib/modules/SSL.pmod/Connection.pike:615:    return;    }       Buffer hb_msg = Buffer();    hb_msg->add_int(HEARTBEAT_MESSAGE_request, 1);    hb_msg->add_int(16, 2);    int now = gethrtime();    hb_msg->add(heartbeat_encode->crypt(sprintf("%8c%8c", now, now)));    // We pad to an even 64 bytes.    hb_msg->add(random_string(64 - sizeof(hb_msg))); -  send_packet(heartbeat_packet((string(8bit))hb_msg)); +  send_packet(heartbeat_packet(hb_msg));   }      void handle_heartbeat(string(8bit) s)   {    if (sizeof(s) < 19) return; // Minimum size for valid heartbeats.    Buffer hb_msg = Buffer(s);    int hb_type = hb_msg->read_int(1);    int hb_len = hb_msg->read_int(2);       SSL3_DEBUG_MSG("SSL.Connection: Heartbeat %s (%d bytes)",
pike.git/lib/modules/SSL.pmod/Connection.pike:663:    // When a HeartbeatRequest message is received and sending a    // HeartbeatResponse is not prohibited as described elsewhere in    // this document, the receiver MUST send a corresponding    // HeartbeatResponse message carrying an exact copy of the payload    // of the received HeartbeatRequest.    hb_msg = Buffer();    hb_msg->add_int(HEARTBEAT_MESSAGE_response, 1);    hb_msg->add_int(hb_len, 2);    hb_msg->add(payload);    hb_msg->add(random_string(pad_len)); -  send_packet(heartbeat_packet((string(8bit))hb_msg)); +  send_packet(heartbeat_packet(hb_msg));    break;    case HEARTBEAT_MESSAGE_response:    // RFC 6520 4:    // If a received HeartbeatResponse message does not contain the    // expected payload, the message MUST be discarded silently.    if ((sizeof(payload) == 16) && heartbeat_decode) {    hb_msg = Buffer(heartbeat_decode->crypt(payload));    int a = hb_msg->read_int(8);    int b = hb_msg->read_int(8);    if (a != b) {