aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/rec_read.cpp57
-rw-r--r--src/tls/rec_wri.cpp9
-rw-r--r--src/tls/tls_channel.cpp9
-rw-r--r--src/tls/tls_channel.h5
-rw-r--r--src/tls/tls_record.h12
5 files changed, 31 insertions, 61 deletions
diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp
index cb7e7a2fa..59401e26c 100644
--- a/src/tls/rec_read.cpp
+++ b/src/tls/rec_read.cpp
@@ -66,15 +66,6 @@ void Record_Reader::set_version(Version_Code version)
}
/*
-* Get the version in use
-*/
-Version_Code Record_Reader::get_version() const
- {
- return static_cast<Version_Code>(
- (static_cast<u16bit>(m_major) << 8) | m_minor);
- }
-
-/*
* Set the keys for reading
*/
void Record_Reader::activate(const TLS_Cipher_Suite& suite,
@@ -143,13 +134,16 @@ void Record_Reader::activate(const TLS_Cipher_Suite& suite,
throw Invalid_Argument("Record_Reader: Unknown hash " + mac_algo);
}
-void Record_Reader::consume_input(const byte*& input,
- size_t& input_size,
- size_t& input_consumed,
- size_t desired)
+size_t Record_Reader::fill_buffer_to(const byte*& input,
+ size_t& input_size,
+ size_t& input_consumed,
+ size_t desired)
{
+ if(desired <= m_readbuf_pos)
+ return 0; // already have it
+
const size_t space_available = (m_readbuf.size() - m_readbuf_pos);
- const size_t taken = std::min(input_size, desired);
+ const size_t taken = std::min(input_size, desired - m_readbuf_pos);
if(taken > space_available)
throw TLS_Exception(RECORD_OVERFLOW,
@@ -160,28 +154,28 @@ void Record_Reader::consume_input(const byte*& input,
input_consumed += taken;
input_size -= taken;
input += taken;
+
+ return (desired - m_readbuf_pos); // how many bytes do we still need?
}
/*
* Retrieve the next record
*/
-size_t Record_Reader::add_input(const byte input_array[], size_t input_size,
- size_t& input_consumed,
+size_t Record_Reader::add_input(const byte input_array[], size_t input_sz,
+ size_t& consumed,
byte& msg_type,
MemoryVector<byte>& msg)
{
const byte* input = &input_array[0];
- input_consumed = 0;
+ consumed = 0;
const size_t HEADER_SIZE = 5;
if(m_readbuf_pos < HEADER_SIZE) // header incomplete?
{
- consume_input(input, input_size, input_consumed, HEADER_SIZE - m_readbuf_pos);
-
- if(m_readbuf_pos < HEADER_SIZE)
- return (HEADER_SIZE - m_readbuf_pos); // header still incomplete
+ if(size_t needed = fill_buffer_to(input, input_sz, consumed, HEADER_SIZE))
+ return needed;
BOTAN_ASSERT_EQUAL(m_readbuf_pos, HEADER_SIZE,
"Buffer error in SSL header");
@@ -192,10 +186,8 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_size,
{
size_t record_len = make_u16bit(m_readbuf[0], m_readbuf[1]) & 0x7FFF;
- consume_input(input, input_size, input_consumed, (record_len + 2) - m_readbuf_pos);
-
- if(m_readbuf_pos < (record_len + 2))
- return ((record_len + 2) - m_readbuf_pos);
+ if(size_t needed = fill_buffer_to(input, input_sz, consumed, record_len + 2))
+ return needed;
BOTAN_ASSERT_EQUAL(m_readbuf_pos, (record_len + 2),
"Buffer error in SSLv2 hello");
@@ -235,11 +227,9 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_size,
throw TLS_Exception(RECORD_OVERFLOW,
"Got message that exceeds maximum size");
- consume_input(input, input_size, input_consumed,
- (HEADER_SIZE + record_len) - m_readbuf_pos);
-
- if(m_readbuf_pos < (HEADER_SIZE + record_len))
- return ((HEADER_SIZE + record_len) - m_readbuf_pos);
+ if(size_t needed = fill_buffer_to(input, input_sz, consumed,
+ HEADER_SIZE + record_len))
+ return needed;
BOTAN_ASSERT_EQUAL(HEADER_SIZE + record_len, m_readbuf_pos,
"Bad buffer handling in record body");
@@ -264,11 +254,14 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_size,
// Otherwise, decrypt, check MAC, return plaintext
- // FIXME: process in-place
+ // FIXME: avoid memory allocation by processing in place
m_cipher.process_msg(&m_readbuf[HEADER_SIZE], record_len);
size_t got_back = m_cipher.read(&m_readbuf[HEADER_SIZE], record_len, Pipe::LAST_MESSAGE);
BOTAN_ASSERT_EQUAL(got_back, record_len, "Cipher didn't decrypt full amount");
+ BOTAN_ASSERT_EQUAL(m_cipher.remaining(Pipe::LAST_MESSAGE), 0,
+ "Cipher produced extra output");
+
size_t pad_size = 0;
if(m_block_size)
@@ -279,7 +272,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_size,
/*
* Check the padding; if it is wrong, then say we have 0 bytes of
* padding, which should ensure that the MAC check below does not
- * suceed. This hides a timing channel.
+ * succeed. This hides a timing channel.
*
* This particular countermeasure is recommended in the TLS 1.2
* spec (RFC 5246) in section 6.2.3.2
diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp
index 4ccec58d9..e9097f813 100644
--- a/src/tls/rec_wri.cpp
+++ b/src/tls/rec_wri.cpp
@@ -68,15 +68,6 @@ void Record_Writer::set_version(Version_Code version)
}
/*
-* Get the version in use
-*/
-Version_Code Record_Writer::get_version() const
- {
- return static_cast<Version_Code>(
- (static_cast<u16bit>(m_major) << 8) | m_minor);
- }
-
-/*
* Set the keys for writing
*/
void Record_Writer::activate(const TLS_Cipher_Suite& suite,
diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp
index 7fda4bc86..6d554e425 100644
--- a/src/tls/tls_channel.cpp
+++ b/src/tls/tls_channel.cpp
@@ -32,13 +32,6 @@ TLS_Channel::~TLS_Channel()
state = 0;
}
-Version_Code TLS_Channel::protocol_version() const
- {
- if(!handshake_completed)
- throw std::logic_error("Version not known until handshake complete");
- return writer.get_version();
- }
-
size_t TLS_Channel::received_data(const byte buf[], size_t buf_size)
{
try
@@ -56,6 +49,8 @@ size_t TLS_Channel::received_data(const byte buf[], size_t buf_size)
buf += consumed;
buf_size -= consumed;
+ BOTAN_ASSERT_IMPLICATAION(needed, buf_size == 0);
+
if(buf_size == 0 && needed != 0)
return needed; // need more data to complete record
diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h
index bf9665ef8..af56e8fed 100644
--- a/src/tls/tls_channel.h
+++ b/src/tls/tls_channel.h
@@ -58,11 +58,6 @@ class BOTAN_DLL TLS_Channel
bool is_closed() const { return connection_closed; }
/**
- * @return negotiated version (if session is currently active)
- */
- Version_Code protocol_version() const;
-
- /**
* Attempt to renegotiate the session
*/
virtual void renegotiate() = 0;
diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h
index f4f3e697f..9428474b3 100644
--- a/src/tls/tls_record.h
+++ b/src/tls/tls_record.h
@@ -49,8 +49,6 @@ class BOTAN_DLL Record_Writer
void set_version(Version_Code version);
- Version_Code get_version() const;
-
void reset();
void set_maximum_fragment_size(size_t max_fragment);
@@ -105,8 +103,6 @@ class BOTAN_DLL Record_Reader
void set_version(Version_Code version);
- Version_Code get_version() const;
-
void reset();
void set_maximum_fragment_size(size_t max_fragment);
@@ -118,10 +114,10 @@ class BOTAN_DLL Record_Reader
Record_Reader(const Record_Reader&) {}
Record_Reader& operator=(const Record_Reader&) { return (*this); }
- void consume_input(const byte*& input,
- size_t& input_size,
- size_t& input_consumed,
- size_t desired);
+ size_t fill_buffer_to(const byte*& input,
+ size_t& input_size,
+ size_t& input_consumed,
+ size_t desired);
MemoryVector<byte> m_readbuf;
size_t m_readbuf_pos;