SECStatus
sslBuffer_Append(sslBuffer *b, const void * data, unsigned int len)
{
unsigned int newLen = b->len + len;
SECStatus rv;
rv = sslBuffer_Grow(b, newLen);
if (rv != SECSuccess)
return rv;
PORT_Memcpy(b->buf + b->len, data, len);
b->len += len;
return SECSuccess;
}
SECStatus
ssl_CreateSecurityInfo(sslSocket *ss)
{
SECStatus status;
/* initialize sslv2 socket to send data in the clear. */
ssl2_UseClearSendFunc(ss);
ss->sec.blockSize = 1;
ss->sec.blockShift = 0;
ssl_GetXmitBufLock(ss);
status = sslBuffer_Grow(&ss->sec.writeBuf, 4096);
ssl_ReleaseXmitBufLock(ss);
return status;
}
/* ssl3_SendPaddingExtension possibly adds an extension which ensures that a
* ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
* that we don't trigger bugs in F5 products.
*
* This takes an existing extension buffer, |buf|, and the length of the
* remainder of the ClientHello, |prefixLen|. It modifies the extension buffer
* to insert padding at the right place.
*/
SECStatus
ssl_InsertPaddingExtension(const sslSocket *ss, unsigned int prefixLen,
sslBuffer *buf)
{
static unsigned char padding[252] = { 0 };
unsigned int paddingLen;
unsigned int tailLen;
SECStatus rv;
/* Account for the size of the header, the length field of the extensions
* block and the size of the existing extensions. */
paddingLen = ssl_CalculatePaddingExtLen(ss, prefixLen + 2 + buf->len);
if (!paddingLen) {
return SECSuccess;
}
/* Move the tail if there is one. This only happens if we are sending the
* TLS 1.3 PSK extension, which needs to be at the end. */
if (ss->xtnData.lastXtnOffset) {
PORT_Assert(buf->len > ss->xtnData.lastXtnOffset);
tailLen = buf->len - ss->xtnData.lastXtnOffset;
rv = sslBuffer_Grow(buf, buf->len + 4 + paddingLen);
if (rv != SECSuccess) {
return SECFailure;
}
PORT_Memmove(buf->buf + ss->xtnData.lastXtnOffset + 4 + paddingLen,
buf->buf + ss->xtnData.lastXtnOffset,
tailLen);
buf->len = ss->xtnData.lastXtnOffset;
} else {
tailLen = 0;
}
rv = sslBuffer_AppendNumber(buf, ssl_padding_xtn, 2);
if (rv != SECSuccess) {
return SECFailure; /* Code already set. */
}
rv = sslBuffer_AppendVariable(buf, padding, paddingLen, 2);
if (rv != SECSuccess) {
return SECFailure; /* Code already set. */
}
buf->len += tailLen;
return SECSuccess;
}
SECStatus
ssl_CreateSecurityInfo(sslSocket *ss)
{
SECStatus status;
ssl2_UseClearSendFunc(ss);
ss->sec.blockSize = 1;
ss->sec.blockShift = 0;
ssl_GetXmitBufLock(ss);
status = sslBuffer_Grow(&ss->sec.writeBuf, 4096);
ssl_ReleaseXmitBufLock(ss);
return status;
}
/*
* Attempt to read in an entire SSL3 record.
* Blocks here for blocking sockets, otherwise returns -1 with
* PR_WOULD_BLOCK_ERROR when socket would block.
*
* returns 1 if received a complete SSL3 record.
* returns 0 if recv returns EOF
* returns -1 if recv returns < 0
* (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
*
* Caller must hold the recv buf lock.
*
* The Gather state machine has 3 states: GS_INIT, GS_HEADER, GS_DATA.
* GS_HEADER: waiting for the 5-byte SSL3 record header to come in.
* GS_DATA: waiting for the body of the SSL3 record to come in.
*
* This loop returns when either
* (a) an error or EOF occurs,
* (b) PR_WOULD_BLOCK_ERROR,
* (c) data (entire SSL3 record) has been received.
*/
static int
ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
{
unsigned char *bp;
unsigned char *lbp;
int nb;
int err;
int rv = 1;
PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
if (gs->state == GS_INIT) {
gs->state = GS_HEADER;
gs->remainder = 5;
gs->offset = 0;
gs->writeOffset = 0;
gs->readOffset = 0;
gs->inbuf.len = 0;
}
lbp = gs->inbuf.buf;
for (;;) {
SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
SSL_GETPID(), ss->fd, gs->state, gs->remainder));
bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
if (nb > 0) {
PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
} else if (nb == 0) {
/* EOF */
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
rv = 0;
break;
} else /* if (nb < 0) */ {
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
PR_GetError()));
rv = SECFailure;
break;
}
PORT_Assert((unsigned int)nb <= gs->remainder);
if ((unsigned int)nb > gs->remainder) {
/* ssl_DefRecv is misbehaving! this error is fatal to SSL. */
gs->state = GS_INIT; /* so we don't crash next time */
rv = SECFailure;
break;
}
gs->offset += nb;
gs->remainder -= nb;
if (gs->state == GS_DATA)
gs->inbuf.len += nb;
/* if there's more to go, read some more. */
if (gs->remainder > 0) {
continue;
}
/* have received entire record header, or entire record. */
switch (gs->state) {
case GS_HEADER:
/*
** Have received SSL3 record header in gs->hdr.
** Now extract the length of the following encrypted data,
** and then read in the rest of the SSL3 record into gs->inbuf.
*/
gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
/* This is the max fragment length for an encrypted fragment
** plus the size of the record header.
*/
if (gs->remainder > (MAX_FRAGMENT_LENGTH + 2048 + 5)) {
SSL3_SendAlert(ss, alert_fatal, unexpected_message);
gs->state = GS_INIT;
PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
return SECFailure;
}
gs->state = GS_DATA;
gs->offset = 0;
gs->inbuf.len = 0;
if (gs->remainder > gs->inbuf.space) {
err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
if (err) { /* realloc has set error code to no mem. */
return err;
}
lbp = gs->inbuf.buf;
}
break; /* End this case. Continue around the loop. */
case GS_DATA:
/*
** SSL3 record has been completely received.
*/
gs->state = GS_INIT;
return 1;
}
}
return rv;
}
/*
* Read in an entire DTLS record.
*
* Blocks here for blocking sockets, otherwise returns -1 with
* PR_WOULD_BLOCK_ERROR when socket would block.
*
* This is simpler than SSL because we are reading on a datagram socket
* and datagrams must contain >=1 complete records.
*
* returns 1 if received a complete DTLS record.
* returns 0 if recv returns EOF
* returns -1 if recv returns < 0
* (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
*
* Caller must hold the recv buf lock.
*
* This loop returns when either
* (a) an error or EOF occurs,
* (b) PR_WOULD_BLOCK_ERROR,
* (c) data (entire DTLS record) has been received.
*/
static int
dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
{
int nb;
int err;
int rv = 1;
SSL_TRC(30, ("dtls_GatherData"));
PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
gs->state = GS_HEADER;
gs->offset = 0;
if (gs->dtlsPacketOffset == gs->dtlsPacket.len) { /* No data left */
gs->dtlsPacketOffset = 0;
gs->dtlsPacket.len = 0;
/* Resize to the maximum possible size so we can fit a full datagram */
/* This is the max fragment length for an encrypted fragment
** plus the size of the record header.
** This magic constant is copied from ssl3_GatherData, with 5 changed
** to 13 (the size of the record header).
*/
if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 13) {
err = sslBuffer_Grow(&gs->dtlsPacket,
MAX_FRAGMENT_LENGTH + 2048 + 13);
if (err) { /* realloc has set error code to no mem. */
return err;
}
}
/* recv() needs to read a full datagram at a time */
nb = ssl_DefRecv(ss, gs->dtlsPacket.buf, gs->dtlsPacket.space, flags);
if (nb > 0) {
PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));
} else if (nb == 0) {
/* EOF */
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
rv = 0;
return rv;
} else /* if (nb < 0) */ {
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
PR_GetError()));
rv = SECFailure;
return rv;
}
gs->dtlsPacket.len = nb;
}
/* At this point we should have >=1 complete records lined up in
* dtlsPacket. Read off the header.
*/
if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) {
SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet "
"too short to contain header",
SSL_GETPID(), ss->fd));
PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
gs->dtlsPacketOffset = 0;
gs->dtlsPacket.len = 0;
rv = SECFailure;
return rv;
}
memcpy(gs->hdr, gs->dtlsPacket.buf + gs->dtlsPacketOffset, 13);
gs->dtlsPacketOffset += 13;
/* Have received SSL3 record header in gs->hdr. */
gs->remainder = (gs->hdr[11] << 8) | gs->hdr[12];
if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) {
SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short "
"to contain rest of body",
SSL_GETPID(), ss->fd));
PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
gs->dtlsPacketOffset = 0;
gs->dtlsPacket.len = 0;
rv = SECFailure;
return rv;
}
/* OK, we have at least one complete packet, copy into inbuf */
if (gs->remainder > gs->inbuf.space) {
err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
if (err) { /* realloc has set error code to no mem. */
return err;
}
}
memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset,
gs->remainder);
gs->inbuf.len = gs->remainder;
gs->offset = gs->remainder;
gs->dtlsPacketOffset += gs->remainder;
gs->state = GS_INIT;
return 1;
}
static SECStatus
ssl_CallCustomExtensionSenders(sslSocket *ss, sslBuffer *buf,
SSLHandshakeType message)
{
sslBuffer tail = SSL_BUFFER_EMPTY;
SECStatus rv;
PRCList *cursor;
/* Save any extensions that want to be last. */
if (ss->xtnData.lastXtnOffset) {
rv = sslBuffer_Append(&tail, buf->buf + ss->xtnData.lastXtnOffset,
buf->len - ss->xtnData.lastXtnOffset);
if (rv != SECSuccess) {
return SECFailure;
}
buf->len = ss->xtnData.lastXtnOffset;
}
/* Reserve the maximum amount of space possible. */
rv = sslBuffer_Grow(buf, 65535);
if (rv != SECSuccess) {
return SECFailure;
}
for (cursor = PR_NEXT_LINK(&ss->extensionHooks);
cursor != &ss->extensionHooks;
cursor = PR_NEXT_LINK(cursor)) {
sslCustomExtensionHooks *hook =
(sslCustomExtensionHooks *)cursor;
PRBool append = PR_FALSE;
unsigned int len = 0;
if (hook->writer) {
/* The writer writes directly into |buf|. Provide space that allows
* for the existing extensions, any tail, plus type and length. */
unsigned int space = buf->space - (buf->len + tail.len + 4);
append = (*hook->writer)(ss->fd, message,
buf->buf + buf->len + 4, &len, space,
hook->writerArg);
if (len > space) {
PORT_SetError(SEC_ERROR_APPLICATION_CALLBACK_ERROR);
goto loser;
}
}
if (!append) {
continue;
}
rv = sslBuffer_AppendNumber(buf, hook->type, 2);
if (rv != SECSuccess) {
goto loser; /* Code already set. */
}
rv = sslBuffer_AppendNumber(buf, len, 2);
if (rv != SECSuccess) {
goto loser; /* Code already set. */
}
buf->len += len;
if (message == ssl_hs_client_hello ||
message == ssl_hs_certificate_request) {
ss->xtnData.advertised[ss->xtnData.numAdvertised++] = hook->type;
}
}
rv = sslBuffer_Append(buf, tail.buf, tail.len);
if (rv != SECSuccess) {
goto loser; /* Code already set. */
}
sslBuffer_Clear(&tail);
return SECSuccess;
loser:
sslBuffer_Clear(&tail);
return SECFailure;
}
static int
ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
{
unsigned char *bp;
unsigned char *lbp;
int nb;
int err;
int rv = 1;
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
if (gs->state == GS_INIT) {
gs->state = GS_HEADER;
gs->remainder = 5;
gs->offset = 0;
gs->writeOffset = 0;
gs->readOffset = 0;
gs->inbuf.len = 0;
}
lbp = gs->inbuf.buf;
for(;;) {
SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
SSL_GETPID(), ss->fd, gs->state, gs->remainder));
bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
if (nb > 0) {
PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
} else if (nb == 0) {
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
rv = 0;
break;
} else {
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
PR_GetError()));
rv = SECFailure;
break;
}
PORT_Assert( nb <= gs->remainder );
if (nb > gs->remainder) {
gs->state = GS_INIT;
rv = SECFailure;
break;
}
gs->offset += nb;
gs->remainder -= nb;
if (gs->state == GS_DATA)
gs->inbuf.len += nb;
if (gs->remainder > 0) {
continue;
}
switch (gs->state) {
case GS_HEADER:
gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
if(gs->remainder > (MAX_FRAGMENT_LENGTH + 2048 + 5)) {
SSL3_SendAlert(ss, alert_fatal, unexpected_message);
gs->state = GS_INIT;
PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
return SECFailure;
}
gs->state = GS_DATA;
gs->offset = 0;
gs->inbuf.len = 0;
if (gs->remainder > gs->inbuf.space) {
err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
if (err) {
return err;
}
lbp = gs->inbuf.buf;
}
break;
case GS_DATA:
gs->state = GS_INIT;
return 1;
}
}
return rv;
}
static int
dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
{
int nb;
int err;
int rv = 1;
SSL_TRC(30, ("dtls_GatherData"));
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
gs->state = GS_HEADER;
gs->offset = 0;
if (gs->dtlsPacketOffset == gs->dtlsPacket.len) {
gs->dtlsPacketOffset = 0;
gs->dtlsPacket.len = 0;
if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 13) {
err = sslBuffer_Grow(&gs->dtlsPacket,
MAX_FRAGMENT_LENGTH + 2048 + 13);
if (err) {
return err;
}
}
nb = ssl_DefRecv(ss, gs->dtlsPacket.buf, gs->dtlsPacket.space, flags);
if (nb > 0) {
PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));
} else if (nb == 0) {
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
rv = 0;
return rv;
} else {
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
PR_GetError()));
rv = SECFailure;
return rv;
}
gs->dtlsPacket.len = nb;
}
if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) {
SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet "
"too short to contain header", SSL_GETPID(), ss->fd));
PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
gs->dtlsPacketOffset = 0;
gs->dtlsPacket.len = 0;
rv = SECFailure;
return rv;
}
memcpy(gs->hdr, gs->dtlsPacket.buf + gs->dtlsPacketOffset, 13);
gs->dtlsPacketOffset += 13;
gs->remainder = (gs->hdr[11] << 8) | gs->hdr[12];
if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) {
SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short "
"to contain rest of body", SSL_GETPID(), ss->fd));
PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
gs->dtlsPacketOffset = 0;
gs->dtlsPacket.len = 0;
rv = SECFailure;
return rv;
}
if (gs->remainder > gs->inbuf.space) {
err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
if (err) {
return err;
}
}
memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset,
gs->remainder);
gs->inbuf.len = gs->remainder;
gs->offset = gs->remainder;
gs->dtlsPacketOffset += gs->remainder;
gs->state = GS_INIT;
return 1;
}
