diff options
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/rec_read.cpp | 57 | ||||
-rw-r--r-- | src/tls/rec_wri.cpp | 9 | ||||
-rw-r--r-- | src/tls/tls_channel.cpp | 9 | ||||
-rw-r--r-- | src/tls/tls_channel.h | 5 | ||||
-rw-r--r-- | src/tls/tls_record.h | 12 |
5 files changed, 31 insertions, 61 deletions
diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index cb7e7a2fa..59401e26c 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -66,15 +66,6 @@ void Record_Reader::set_version(Version_Code version) } /* -* Get the version in use -*/ -Version_Code Record_Reader::get_version() const - { - return static_cast<Version_Code>( - (static_cast<u16bit>(m_major) << 8) | m_minor); - } - -/* * Set the keys for reading */ void Record_Reader::activate(const TLS_Cipher_Suite& suite, @@ -143,13 +134,16 @@ void Record_Reader::activate(const TLS_Cipher_Suite& suite, throw Invalid_Argument("Record_Reader: Unknown hash " + mac_algo); } -void Record_Reader::consume_input(const byte*& input, - size_t& input_size, - size_t& input_consumed, - size_t desired) +size_t Record_Reader::fill_buffer_to(const byte*& input, + size_t& input_size, + size_t& input_consumed, + size_t desired) { + if(desired <= m_readbuf_pos) + return 0; // already have it + const size_t space_available = (m_readbuf.size() - m_readbuf_pos); - const size_t taken = std::min(input_size, desired); + const size_t taken = std::min(input_size, desired - m_readbuf_pos); if(taken > space_available) throw TLS_Exception(RECORD_OVERFLOW, @@ -160,28 +154,28 @@ void Record_Reader::consume_input(const byte*& input, input_consumed += taken; input_size -= taken; input += taken; + + return (desired - m_readbuf_pos); // how many bytes do we still need? } /* * Retrieve the next record */ -size_t Record_Reader::add_input(const byte input_array[], size_t input_size, - size_t& input_consumed, +size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, + size_t& consumed, byte& msg_type, MemoryVector<byte>& msg) { const byte* input = &input_array[0]; - input_consumed = 0; + consumed = 0; const size_t HEADER_SIZE = 5; if(m_readbuf_pos < HEADER_SIZE) // header incomplete? { - consume_input(input, input_size, input_consumed, HEADER_SIZE - m_readbuf_pos); - - if(m_readbuf_pos < HEADER_SIZE) - return (HEADER_SIZE - m_readbuf_pos); // header still incomplete + if(size_t needed = fill_buffer_to(input, input_sz, consumed, HEADER_SIZE)) + return needed; BOTAN_ASSERT_EQUAL(m_readbuf_pos, HEADER_SIZE, "Buffer error in SSL header"); @@ -192,10 +186,8 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_size, { size_t record_len = make_u16bit(m_readbuf[0], m_readbuf[1]) & 0x7FFF; - consume_input(input, input_size, input_consumed, (record_len + 2) - m_readbuf_pos); - - if(m_readbuf_pos < (record_len + 2)) - return ((record_len + 2) - m_readbuf_pos); + if(size_t needed = fill_buffer_to(input, input_sz, consumed, record_len + 2)) + return needed; BOTAN_ASSERT_EQUAL(m_readbuf_pos, (record_len + 2), "Buffer error in SSLv2 hello"); @@ -235,11 +227,9 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_size, throw TLS_Exception(RECORD_OVERFLOW, "Got message that exceeds maximum size"); - consume_input(input, input_size, input_consumed, - (HEADER_SIZE + record_len) - m_readbuf_pos); - - if(m_readbuf_pos < (HEADER_SIZE + record_len)) - return ((HEADER_SIZE + record_len) - m_readbuf_pos); + if(size_t needed = fill_buffer_to(input, input_sz, consumed, + HEADER_SIZE + record_len)) + return needed; BOTAN_ASSERT_EQUAL(HEADER_SIZE + record_len, m_readbuf_pos, "Bad buffer handling in record body"); @@ -264,11 +254,14 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_size, // Otherwise, decrypt, check MAC, return plaintext - // FIXME: process in-place + // FIXME: avoid memory allocation by processing in place m_cipher.process_msg(&m_readbuf[HEADER_SIZE], record_len); size_t got_back = m_cipher.read(&m_readbuf[HEADER_SIZE], record_len, Pipe::LAST_MESSAGE); BOTAN_ASSERT_EQUAL(got_back, record_len, "Cipher didn't decrypt full amount"); + BOTAN_ASSERT_EQUAL(m_cipher.remaining(Pipe::LAST_MESSAGE), 0, + "Cipher produced extra output"); + size_t pad_size = 0; if(m_block_size) @@ -279,7 +272,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_size, /* * Check the padding; if it is wrong, then say we have 0 bytes of * padding, which should ensure that the MAC check below does not - * suceed. This hides a timing channel. + * succeed. This hides a timing channel. * * This particular countermeasure is recommended in the TLS 1.2 * spec (RFC 5246) in section 6.2.3.2 diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 4ccec58d9..e9097f813 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -68,15 +68,6 @@ void Record_Writer::set_version(Version_Code version) } /* -* Get the version in use -*/ -Version_Code Record_Writer::get_version() const - { - return static_cast<Version_Code>( - (static_cast<u16bit>(m_major) << 8) | m_minor); - } - -/* * Set the keys for writing */ void Record_Writer::activate(const TLS_Cipher_Suite& suite, diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index 7fda4bc86..6d554e425 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -32,13 +32,6 @@ TLS_Channel::~TLS_Channel() state = 0; } -Version_Code TLS_Channel::protocol_version() const - { - if(!handshake_completed) - throw std::logic_error("Version not known until handshake complete"); - return writer.get_version(); - } - size_t TLS_Channel::received_data(const byte buf[], size_t buf_size) { try @@ -56,6 +49,8 @@ size_t TLS_Channel::received_data(const byte buf[], size_t buf_size) buf += consumed; buf_size -= consumed; + BOTAN_ASSERT_IMPLICATAION(needed, buf_size == 0); + if(buf_size == 0 && needed != 0) return needed; // need more data to complete record diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index bf9665ef8..af56e8fed 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -58,11 +58,6 @@ class BOTAN_DLL TLS_Channel bool is_closed() const { return connection_closed; } /** - * @return negotiated version (if session is currently active) - */ - Version_Code protocol_version() const; - - /** * Attempt to renegotiate the session */ virtual void renegotiate() = 0; diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index f4f3e697f..9428474b3 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -49,8 +49,6 @@ class BOTAN_DLL Record_Writer void set_version(Version_Code version); - Version_Code get_version() const; - void reset(); void set_maximum_fragment_size(size_t max_fragment); @@ -105,8 +103,6 @@ class BOTAN_DLL Record_Reader void set_version(Version_Code version); - Version_Code get_version() const; - void reset(); void set_maximum_fragment_size(size_t max_fragment); @@ -118,10 +114,10 @@ class BOTAN_DLL Record_Reader Record_Reader(const Record_Reader&) {} Record_Reader& operator=(const Record_Reader&) { return (*this); } - void consume_input(const byte*& input, - size_t& input_size, - size_t& input_consumed, - size_t desired); + size_t fill_buffer_to(const byte*& input, + size_t& input_size, + size_t& input_consumed, + size_t desired); MemoryVector<byte> m_readbuf; size_t m_readbuf_pos; |