*** empty log message ***

Rev: lib/modules/SSL.pmod/connection.pike:1.16 Rev: lib/modules/SSL.pmod/handshake.pike:1.23 Rev: lib/modules/SSL.pmod/packet.pike:1.7 Rev: lib/modules/SSL.pmod/session.pike:1.14 Rev: lib/modules/SSL.pmod/state.pike:1.8

* empty log message *
c79dc1e4 · Pär Svensson · b3cca72b · c79dc1e4 · c79dc1e4 · c79dc1e4
Commit c79dc1e4 authored Jun 14, 2001 by Pär Svensson
--- a/lib/modules/SSL.pmod/connection.pike
+++ b/lib/modules/SSL.pmod/connection.pike
-/* $Id: connection.pike,v 1.15 2001/04/18 14:30:41 noy Exp $
+/* $Id: connection.pike,v 1.16 2001/06/14 13:48:48 noy Exp $
 *
 * SSL packet layer
 */
@@ -48,7 +48,7 @@ void set_alert_callback(function(object,int|object,string:void) callback)
  alert_callback = callback;
 }

-object recv_packet(string data)
+static object recv_packet(string data)
 {
  mixed res;

@@ -67,7 +67,7 @@ object recv_packet(string data)
  { /* Finished a packet */
    left_over = res;
    if (current_read_state) {
-      return current_read_state->decrypt_packet(packet);
+      return current_read_state->decrypt_packet(packet,version[1]);
    } else {
 #ifdef SSL3_DEBUG
      werror(sprintf("SSL.connection->recv_packet(): current_read_state is zero!\n"));
@@ -84,6 +84,11 @@ object recv_packet(string data)
 * so must application data and close_notifies. */
 void send_packet(object packet, int|void priority)
 {
+
+
+  #ifdef SSL3_FRAGDEBUG
+  werror(" SSL.connection->send_packet: strlen(packet)="+strlen(packet)+"\n");
+  #endif
  if (!priority)
    priority = ([ PACKET_alert : PRI_alert,
 		  PACKET_change_cipher_spec : PRI_urgent,
@@ -155,7 +160,7 @@ int handle_alert(string s)
 {
  int level = s[0];
  int description = s[1];
-
+  //FIXME  Include the TLS alerts in ALERT_levels and ALERT_descriptopns aswell!!
  if (! (ALERT_levels[level] && ALERT_descriptions[description]))
  {
    send_packet(Alert(ALERT_fatal, ALERT_unexpected_message,

--- a/lib/modules/SSL.pmod/handshake.pike
+++ b/lib/modules/SSL.pmod/handshake.pike
-/* $Id: handshake.pike,v 1.22 2001/04/18 14:30:41 noy Exp $
+/* $Id: handshake.pike,v 1.23 2001/06/14 13:48:48 noy Exp $
 *
 */


+
+//#define SSL3_PROFILING
+
 inherit "cipher";

 #ifdef SSL3_DEBUG
@@ -61,6 +64,18 @@ constant Session = SSL.session;
 constant Packet = SSL.packet;
 constant Alert = SSL.alert;

+
+#ifdef SSL3_PROFILING
+
+
+int timestamp;
+void addRecord(int t,int s) {
+  Stdio.stdout.write(sprintf("time: %.24f  type: %d sender: %d\n",time(timestamp),t,s));
+}
+#endif
+
+
+
 /* Defined in connection.pike */
 void send_packet(object packet, int|void fatal);

@@ -68,6 +83,10 @@ string handshake_messages;

 object handshake_packet(int type, string data)
 {
+
+#ifdef SSL3_PROFILING
+  addRecord(type,1);
+#endif
  /* Perhaps one need to split large packages? */
  object packet = Packet();
  packet->content_type = PACKET_handshake;
@@ -511,7 +530,9 @@ string describe_type(int i)
 int handle_handshake(int type, string data, string raw)
 {
  object input = Struct(data);
-
+#ifdef SSL3_PROFILING
+  addRecord(type,0);
+#endif
 #ifdef SSL3_DEBUG_HANDSHAKE_STATE
  werror("SSL.handshake: state %s, type %s\n",
 	 describe_state(handshake_state), describe_type(type));
@@ -925,10 +946,11 @@ int handle_handshake(int type, string data, string raw)

      session->server_certificate_chain = certs;
      
-      if (catch
+      mixed error=catch
      {
 	object public_key = Tools.X509.decode_certificate(
                session->server_certificate_chain[0])->public_key;
+
 	if(public_key->type == "rsa")
 	  {
 	    object rsa = Crypto.rsa();
@@ -943,7 +965,10 @@ int handle_handshake(int type, string data, string raw)
 			      backtrace()));
 	    return -1;
 	  }
-      })
+      };
+
+      if(error) 
+
 	{
 	  werror("Failed to decode certificate!\n");
 	  send_packet(Alert(ALERT_fatal, ALERT_unexpected_message,
@@ -951,6 +976,7 @@ int handle_handshake(int type, string data, string raw)
 			    backtrace()));
 	  return -1;
 	}
+      
      certificate_state = CERT_received;
      break;
      }
@@ -1057,6 +1083,11 @@ int handle_handshake(int type, string data, string raw)

 void create(int is_server)
 {
+
+#ifdef SSL3_PROFILING
+  timestamp=time();
+  Stdio.stdout.write(sprintf("New...\n"));
+#endif 
  version=({0,0});
  auth_level = context->auth_level;
  if (is_server)

--- a/lib/modules/SSL.pmod/packet.pike
+++ b/lib/modules/SSL.pmod/packet.pike
-/* $Id: packet.pike,v 1.6 2001/04/18 14:30:41 noy Exp $
+/* $Id: packet.pike,v 1.7 2001/06/14 13:48:48 noy Exp $
 *
 * SSL Record Layer
 */
@@ -45,6 +45,12 @@ object check_size(int|void extra)

 object|string recv(string data)
 {
+
+#ifdef SSL3_FRAGDEBUG
+  werror(" SSL.packet->recv: strlen(data)="+strlen(data)+"\n");
+#endif 
+
+
  buffer += data;
  while (strlen(buffer) >= needed_chars)
  {
@@ -61,7 +67,7 @@ object|string recv(string data)
 	if (SUPPORT_V2)
 	{
 #ifdef SSL3_DEBUG
-//	  werror(sprintf("SSL.packet: Receiving SSL2 packet '%s'\n", buffer[..4]));
+	  werror(sprintf("SSL.packet: Receiving SSL2 packet '%s'\n", buffer[..4]));
 #endif

 	  content_type = PACKET_V2;
@@ -125,3 +131,4 @@ string send()
  return sprintf("%c%c%c%2c%s", content_type, @protocol_version,
 		 strlen(fragment), fragment);
 }
+
--- a/lib/modules/SSL.pmod/session.pike
+++ b/lib/modules/SSL.pmod/session.pike
-/* $Id: session.pike,v 1.13 2001/04/18 14:30:41 noy Exp $
+/* $Id: session.pike,v 1.14 2001/06/14 13:48:48 noy Exp $
 *
 */

@@ -221,20 +221,4 @@ array new_client_states(string client_random, string server_random,array(int) ve
  return ({ read_state, write_state });
 }
    
-#if 0
-void create(int is_s, int|void auth)
-{
-  is_server = is_s;
-  if (is_server)
-  {
-    handshake_state = STATE_SERVER_WAIT_FOR_HELLO;
-    auth_type = auth || AUTH_none;
-  }
-  else
-  {
-    handshake_state = STATE_CLIENT_WAIT_FOR_HELLO;
-    auth_type = auth || AUTH_require;
-  }
-  version={0,0};
-}
-#endif
+
--- a/lib/modules/SSL.pmod/state.pike
+++ b/lib/modules/SSL.pmod/state.pike
-/* $Id: state.pike,v 1.7 2001/04/18 14:30:41 noy Exp $
+/* $Id: state.pike,v 1.8 2001/06/14 13:48:49 noy Exp $
 *
 */

@@ -52,7 +52,7 @@ string tls_unpad(string data ) {

 /* Destructively decrypt a packet. Returns an Alert object if
 * there was an error, otherwise 0. */
-object decrypt_packet(object packet)
+object decrypt_packet(object packet,int version)
 {
 #ifdef SSL3_DEBUG_CRYPT
  werror(sprintf("SSL.state->decrypt_packet: data = %O\n", packet->fragment));
@@ -68,7 +68,6 @@ object decrypt_packet(object packet)
    if (! msg)
      return Alert(ALERT_fatal, ALERT_unexpected_message);
    if (session->cipher_spec->cipher_type == CIPHER_block)
-
      if(version==0) {
 	if (catch { msg = crypt->unpad(msg); })
 	  return Alert(ALERT_fatal, ALERT_unexpected_message);
@@ -76,7 +75,6 @@ object decrypt_packet(object packet)
 	if (catch { msg = tls_unpad(msg); })
 	  return Alert(ALERT_fatal, ALERT_unexpected_message);
      }
-    
    packet->fragment = msg;
  }