diff --git a/lib/modules/SSL.pmod/connection.pike b/lib/modules/SSL.pmod/connection.pike
index a9d095b4582d71c5627541c7dc123f7bbc01a4a7..761c0820cdac669c135dd9ac8af86878c9c0ca61 100644
--- a/lib/modules/SSL.pmod/connection.pike
+++ b/lib/modules/SSL.pmod/connection.pike
@@ -1,4 +1,4 @@
-/* $Id: connection.pike,v 1.15 2001/04/18 14:30:41 noy Exp $
+/* $Id: connection.pike,v 1.16 2001/06/14 13:48:48 noy Exp $
*
* SSL packet layer
*/
@@ -48,7 +48,7 @@ void set_alert_callback(function(object,int|object,string:void) callback)
alert_callback = callback;
}
-object recv_packet(string data)
+static object recv_packet(string data)
{
mixed res;
@@ -67,7 +67,7 @@ object recv_packet(string data)
{ /* Finished a packet */
left_over = res;
if (current_read_state) {
- return current_read_state->decrypt_packet(packet);
+ return current_read_state->decrypt_packet(packet,version[1]);
} else {
#ifdef SSL3_DEBUG
werror(sprintf("SSL.connection->recv_packet(): current_read_state is zero!\n"));
@@ -84,6 +84,11 @@ object recv_packet(string data)
* so must application data and close_notifies. */
void send_packet(object packet, int|void priority)
{
+
+
+ #ifdef SSL3_FRAGDEBUG
+ werror(" SSL.connection->send_packet: strlen(packet)="+strlen(packet)+"\n");
+ #endif
if (!priority)
priority = ([ PACKET_alert : PRI_alert,
PACKET_change_cipher_spec : PRI_urgent,
@@ -155,7 +160,7 @@ int handle_alert(string s)
{
int level = s[0];
int description = s[1];
-
+ //FIXME Include the TLS alerts in ALERT_levels and ALERT_descriptopns aswell!!
if (! (ALERT_levels[level] && ALERT_descriptions[description]))
{
send_packet(Alert(ALERT_fatal, ALERT_unexpected_message,
diff --git a/lib/modules/SSL.pmod/handshake.pike b/lib/modules/SSL.pmod/handshake.pike
index 015153a7978e4f5b866ef04efa463cfd4c93ce2d..45dbbeb8c369762cc7facbab7fb1bc14447cf4ce 100644
--- a/lib/modules/SSL.pmod/handshake.pike
+++ b/lib/modules/SSL.pmod/handshake.pike
@@ -1,8 +1,11 @@
-/* $Id: handshake.pike,v 1.22 2001/04/18 14:30:41 noy Exp $
+/* $Id: handshake.pike,v 1.23 2001/06/14 13:48:48 noy Exp $
*
*/
+
+//#define SSL3_PROFILING
+
inherit "cipher";
#ifdef SSL3_DEBUG
@@ -61,6 +64,18 @@ constant Session = SSL.session;
constant Packet = SSL.packet;
constant Alert = SSL.alert;
+
+#ifdef SSL3_PROFILING
+
+
+int timestamp;
+void addRecord(int t,int s) {
+ Stdio.stdout.write(sprintf("time: %.24f type: %d sender: %d\n",time(timestamp),t,s));
+}
+#endif
+
+
+
/* Defined in connection.pike */
void send_packet(object packet, int|void fatal);
@@ -68,6 +83,10 @@ string handshake_messages;
object handshake_packet(int type, string data)
{
+
+#ifdef SSL3_PROFILING
+ addRecord(type,1);
+#endif
/* Perhaps one need to split large packages? */
object packet = Packet();
packet->content_type = PACKET_handshake;
@@ -511,7 +530,9 @@ string describe_type(int i)
int handle_handshake(int type, string data, string raw)
{
object input = Struct(data);
-
+#ifdef SSL3_PROFILING
+ addRecord(type,0);
+#endif
#ifdef SSL3_DEBUG_HANDSHAKE_STATE
werror("SSL.handshake: state %s, type %s\n",
describe_state(handshake_state), describe_type(type));
@@ -924,33 +945,38 @@ int handle_handshake(int type, string data, string raw)
certs += ({ input->get_var_string(3) });
session->server_certificate_chain = certs;
-
- if (catch
+
+ mixed error=catch
{
object public_key = Tools.X509.decode_certificate(
- session->server_certificate_chain[0])->public_key;
+ session->server_certificate_chain[0])->public_key;
+
if(public_key->type == "rsa")
- {
- object rsa = Crypto.rsa();
- rsa->set_public_key(public_key->rsa->get_n(), public_key->rsa->get_e());
- context->rsa = rsa;
- }
+ {
+ object rsa = Crypto.rsa();
+ rsa->set_public_key(public_key->rsa->get_n(), public_key->rsa->get_e());
+ context->rsa = rsa;
+ }
else
+ {
+ werror("Other certificates than rsa not supported!\n");
+ send_packet(Alert(ALERT_fatal, ALERT_unexpected_message,
+ "SSL.session->handle_handshake: unexpected message\n",
+ backtrace()));
+ return -1;
+ }
+ };
+
+ if(error)
+
{
- werror("Other certificates than rsa not supported!\n");
+ werror("Failed to decode certificate!\n");
send_packet(Alert(ALERT_fatal, ALERT_unexpected_message,
"SSL.session->handle_handshake: unexpected message\n",
backtrace()));
return -1;
}
- })
- {
- werror("Failed to decode certificate!\n");
- send_packet(Alert(ALERT_fatal, ALERT_unexpected_message,
- "SSL.session->handle_handshake: unexpected message\n",
- backtrace()));
- return -1;
- }
+
certificate_state = CERT_received;
break;
}
@@ -1057,6 +1083,11 @@ int handle_handshake(int type, string data, string raw)
void create(int is_server)
{
+
+#ifdef SSL3_PROFILING
+ timestamp=time();
+ Stdio.stdout.write(sprintf("New...\n"));
+#endif
version=({0,0});
auth_level = context->auth_level;
if (is_server)
diff --git a/lib/modules/SSL.pmod/packet.pike b/lib/modules/SSL.pmod/packet.pike
index ad8a22f5299fc081b0d5980c80289511813492a5..2cbce5de64f563786189a6836fe40345ceaf0710 100644
--- a/lib/modules/SSL.pmod/packet.pike
+++ b/lib/modules/SSL.pmod/packet.pike
@@ -1,4 +1,4 @@
-/* $Id: packet.pike,v 1.6 2001/04/18 14:30:41 noy Exp $
+/* $Id: packet.pike,v 1.7 2001/06/14 13:48:48 noy Exp $
*
* SSL Record Layer
*/
@@ -45,6 +45,12 @@ object check_size(int|void extra)
object|string recv(string data)
{
+
+#ifdef SSL3_FRAGDEBUG
+ werror(" SSL.packet->recv: strlen(data)="+strlen(data)+"\n");
+#endif
+
+
buffer += data;
while (strlen(buffer) >= needed_chars)
{
@@ -61,7 +67,7 @@ object|string recv(string data)
if (SUPPORT_V2)
{
#ifdef SSL3_DEBUG
-// werror(sprintf("SSL.packet: Receiving SSL2 packet '%s'\n", buffer[..4]));
+ werror(sprintf("SSL.packet: Receiving SSL2 packet '%s'\n", buffer[..4]));
#endif
content_type = PACKET_V2;
@@ -125,3 +131,4 @@ string send()
return sprintf("%c%c%c%2c%s", content_type, @protocol_version,
strlen(fragment), fragment);
}
+
diff --git a/lib/modules/SSL.pmod/session.pike b/lib/modules/SSL.pmod/session.pike
index 9b816a6cc5d55079e02d7a5f382c55322ce672c7..9c0dbee21c0f8edfd192781e85dd0620defc7674 100644
--- a/lib/modules/SSL.pmod/session.pike
+++ b/lib/modules/SSL.pmod/session.pike
@@ -1,4 +1,4 @@
-/* $Id: session.pike,v 1.13 2001/04/18 14:30:41 noy Exp $
+/* $Id: session.pike,v 1.14 2001/06/14 13:48:48 noy Exp $
*
*/
@@ -221,20 +221,4 @@ array new_client_states(string client_random, string server_random,array(int) ve
return ({ read_state, write_state });
}
-#if 0
-void create(int is_s, int|void auth)
-{
- is_server = is_s;
- if (is_server)
- {
- handshake_state = STATE_SERVER_WAIT_FOR_HELLO;
- auth_type = auth || AUTH_none;
- }
- else
- {
- handshake_state = STATE_CLIENT_WAIT_FOR_HELLO;
- auth_type = auth || AUTH_require;
- }
- version={0,0};
-}
-#endif
+
diff --git a/lib/modules/SSL.pmod/state.pike b/lib/modules/SSL.pmod/state.pike
index 1d570545fb3fd7b940e8c47debe2cfa7658b6392..852dd3e67605d99623bdcac15f46382b48e30284 100644
--- a/lib/modules/SSL.pmod/state.pike
+++ b/lib/modules/SSL.pmod/state.pike
@@ -1,4 +1,4 @@
-/* $Id: state.pike,v 1.7 2001/04/18 14:30:41 noy Exp $
+/* $Id: state.pike,v 1.8 2001/06/14 13:48:49 noy Exp $
*
*/
@@ -52,7 +52,7 @@ string tls_unpad(string data ) {
/* Destructively decrypt a packet. Returns an Alert object if
* there was an error, otherwise 0. */
-object decrypt_packet(object packet)
+object decrypt_packet(object packet,int version)
{
#ifdef SSL3_DEBUG_CRYPT
werror(sprintf("SSL.state->decrypt_packet: data = %O\n", packet->fragment));
@@ -68,7 +68,6 @@ object decrypt_packet(object packet)
if (! msg)
return Alert(ALERT_fatal, ALERT_unexpected_message);
if (session->cipher_spec->cipher_type == CIPHER_block)
-
if(version==0) {
if (catch { msg = crypt->unpad(msg); })
return Alert(ALERT_fatal, ALERT_unexpected_message);
@@ -76,7 +75,6 @@ object decrypt_packet(object packet)
if (catch { msg = tls_unpad(msg); })
return Alert(ALERT_fatal, ALERT_unexpected_message);
}
-
packet->fragment = msg;
}