Back to index

lightning-sunbird  0.9+nobinonly
ssl3gthr.c
Go to the documentation of this file.
00001 /*
00002  * Gather (Read) entire SSL3 records from socket into buffer.  
00003  *
00004  * ***** BEGIN LICENSE BLOCK *****
00005  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00006  *
00007  * The contents of this file are subject to the Mozilla Public License Version
00008  * 1.1 (the "License"); you may not use this file except in compliance with
00009  * the License. You may obtain a copy of the License at
00010  * http://www.mozilla.org/MPL/
00011  *
00012  * Software distributed under the License is distributed on an "AS IS" basis,
00013  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00014  * for the specific language governing rights and limitations under the
00015  * License.
00016  *
00017  * The Original Code is the Netscape security libraries.
00018  *
00019  * The Initial Developer of the Original Code is
00020  * Netscape Communications Corporation.
00021  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00022  * the Initial Developer. All Rights Reserved.
00023  *
00024  * Contributor(s):
00025  *
00026  * Alternatively, the contents of this file may be used under the terms of
00027  * either the GNU General Public License Version 2 or later (the "GPL"), or
00028  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00029  * in which case the provisions of the GPL or the LGPL are applicable instead
00030  * of those above. If you wish to allow use of your version of this file only
00031  * under the terms of either the GPL or the LGPL, and not to allow others to
00032  * use your version of this file under the terms of the MPL, indicate your
00033  * decision by deleting the provisions above and replace them with the notice
00034  * and other provisions required by the GPL or the LGPL. If you do not delete
00035  * the provisions above, a recipient may use your version of this file under
00036  * the terms of any one of the MPL, the GPL or the LGPL.
00037  *
00038  * ***** END LICENSE BLOCK ***** */
00039 /* $Id: ssl3gthr.c,v 1.7 2005/09/09 03:02:16 nelsonb%netscape.com Exp $ */
00040 
00041 #include "cert.h"
00042 #include "ssl.h"
00043 #include "sslimpl.h"
00044 #include "ssl3prot.h"
00045 
00046 /* 
00047  * Attempt to read in an entire SSL3 record.
00048  * Blocks here for blocking sockets, otherwise returns -1 with 
00049  *     PR_WOULD_BLOCK_ERROR when socket would block.
00050  *
00051  * returns  1 if received a complete SSL3 record.
00052  * returns  0 if recv returns EOF
00053  * returns -1 if recv returns <0  
00054  *     (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
00055  *
00056  * Caller must hold the recv buf lock.
00057  *
00058  * The Gather state machine has 3 states:  GS_INIT, GS_HEADER, GS_DATA.
00059  * GS_HEADER: waiting for the 5-byte SSL3 record header to come in.
00060  * GS_DATA:   waiting for the body of the SSL3 record   to come in.
00061  *
00062  * This loop returns when either (a) an error or EOF occurs, 
00063  *     (b) PR_WOULD_BLOCK_ERROR,
00064  *     (c) data (entire SSL3 record) has been received.
00065  */
00066 static int
00067 ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
00068 {
00069     unsigned char *bp;
00070     unsigned char *lbp;
00071     int            nb;
00072     int            err;
00073     int            rv              = 1;
00074 
00075     PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
00076     if (gs->state == GS_INIT) {
00077        gs->state       = GS_HEADER;
00078        gs->remainder   = 5;
00079        gs->offset      = 0;
00080        gs->writeOffset = 0;
00081        gs->readOffset  = 0;
00082        gs->inbuf.len   = 0;
00083     }
00084     
00085     lbp = gs->inbuf.buf;
00086     for(;;) {
00087        SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
00088               SSL_GETPID(), ss->fd, gs->state, gs->remainder));
00089        bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
00090        nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
00091 
00092        if (nb > 0) {
00093            PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
00094        } else if (nb == 0) {
00095            /* EOF */
00096            SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
00097            rv = 0;
00098            break;
00099        } else /* if (nb < 0) */ {
00100            SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
00101                    PR_GetError()));
00102            rv = SECFailure;
00103            break;
00104        }
00105 
00106        PORT_Assert( nb <= gs->remainder );
00107        if (nb > gs->remainder) {
00108            /* ssl_DefRecv is misbehaving!  this error is fatal to SSL. */
00109            gs->state = GS_INIT;         /* so we don't crash next time */
00110            rv = SECFailure;
00111            break;
00112        }
00113 
00114        gs->offset    += nb;
00115        gs->remainder -= nb;
00116        if (gs->state == GS_DATA)
00117            gs->inbuf.len += nb;
00118 
00119        /* if there's more to go, read some more. */
00120        if (gs->remainder > 0) {
00121            continue;
00122        }
00123 
00124        /* have received entire record header, or entire record. */
00125        switch (gs->state) {
00126        case GS_HEADER:
00127            /*
00128            ** Have received SSL3 record header in gs->hdr.
00129            ** Now extract the length of the following encrypted data, 
00130            ** and then read in the rest of the SSL3 record into gs->inbuf.
00131            */
00132            gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
00133 
00134            /* This is the max fragment length for an encrypted fragment
00135            ** plus the size of the record header.
00136            */
00137            if(gs->remainder > (MAX_FRAGMENT_LENGTH + 2048 + 5)) {
00138               SSL3_SendAlert(ss, alert_fatal, unexpected_message);
00139               gs->state = GS_INIT;
00140               PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
00141               return SECFailure;
00142            }
00143 
00144            gs->state     = GS_DATA;
00145            gs->offset    = 0;
00146            gs->inbuf.len = 0;
00147 
00148            if (gs->remainder > gs->inbuf.space) {
00149               err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
00150               if (err) {    /* realloc has set error code to no mem. */
00151                   return err;
00152               }
00153               lbp = gs->inbuf.buf;
00154            }
00155            break;    /* End this case.  Continue around the loop. */
00156 
00157 
00158        case GS_DATA:
00159            /* 
00160            ** SSL3 record has been completely received.
00161            */
00162            gs->state = GS_INIT;
00163            return 1;
00164        }
00165     }
00166 
00167     return rv;
00168 }
00169 
00170 /* Gather in a record and when complete, Handle that record.
00171  * Repeat this until the handshake is complete, 
00172  * or until application data is available.
00173  *
00174  * Returns  1 when the handshake is completed without error, or 
00175  *                 application data is available.
00176  * Returns  0 if ssl3_GatherData hits EOF.
00177  * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
00178  * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
00179  *
00180  * Called from ssl_GatherRecord1stHandshake       in sslcon.c, 
00181  *    and from SSL_ForceHandshake in sslsecur.c
00182  *    and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).
00183  *
00184  * Caller must hold the recv buf lock.
00185  */
00186 int
00187 ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
00188 {
00189     SSL3Ciphertext cText;
00190     int            rv;
00191 
00192     PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
00193     do {
00194        /* bring in the next sslv3 record. */
00195        rv = ssl3_GatherData(ss, &ss->gs, flags);
00196        if (rv <= 0) {
00197            return rv;
00198        }
00199        
00200        /* decipher it, and handle it if it's a handshake. 
00201         * If it's application data, ss->gs.buf will not be empty upon return. 
00202         */
00203        cText.type    = (SSL3ContentType)ss->gs.hdr[0];
00204        cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
00205        cText.buf     = &ss->gs.inbuf;
00206        rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);
00207        if (rv < 0) {
00208            return ss->recvdCloseNotify ? 0 : rv;
00209        }
00210     } while (ss->ssl3.hs.ws != idle_handshake && ss->gs.buf.len == 0);
00211 
00212     ss->gs.readOffset = 0;
00213     ss->gs.writeOffset = ss->gs.buf.len;
00214     return 1;
00215 }
00216 
00217 /* Repeatedly gather in a record and when complete, Handle that record.
00218  * Repeat this until some application data is received.
00219  *
00220  * Returns  1 when application data is available.
00221  * Returns  0 if ssl3_GatherData hits EOF.
00222  * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
00223  * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
00224  *
00225  * Called from DoRecv in sslsecur.c
00226  * Caller must hold the recv buf lock.
00227  */
00228 int
00229 ssl3_GatherAppDataRecord(sslSocket *ss, int flags)
00230 {
00231     int            rv;
00232 
00233     PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
00234     do {
00235        rv = ssl3_GatherCompleteHandshake(ss, flags);
00236     } while (rv > 0 && ss->gs.buf.len == 0);
00237 
00238     return rv;
00239 }