Crypt-Bear
view release on metacpan or search on metacpan
src/ssl/ssl_engine.c view on Meta::CPAN
return rc->oxa == rc->oxb && rc->oxa != rc->oxc;
}
/*
* The "no encryption" mode has no overhead. It limits the payload size
* to the maximum size allowed by the standard (16384 bytes); the caller
* is responsible for possibly enforcing a smaller fragment length.
*/
static void
clear_max_plaintext(const br_sslrec_out_clear_context *cc,
size_t *start, size_t *end)
{
size_t len;
(void)cc;
len = *end - *start;
if (len > 16384) {
*end = *start + 16384;
}
}
/*
* In "no encryption" mode, encryption is trivial (a no-operation) so
* we just have to encode the header.
*/
static unsigned char *
clear_encrypt(br_sslrec_out_clear_context *cc,
int record_type, unsigned version, void *data, size_t *data_len)
{
unsigned char *buf;
(void)cc;
buf = (unsigned char *)data - 5;
buf[0] = record_type;
br_enc16be(buf + 1, version);
br_enc16be(buf + 3, *data_len);
*data_len += 5;
return buf;
}
/* see bearssl_ssl.h */
const br_sslrec_out_class br_sslrec_out_clear_vtable = {
sizeof(br_sslrec_out_clear_context),
(void (*)(const br_sslrec_out_class *const *, size_t *, size_t *))
&clear_max_plaintext,
(unsigned char *(*)(const br_sslrec_out_class **,
int, unsigned, void *, size_t *))
&clear_encrypt
};
/* ==================================================================== */
/*
* In this part of the file, we handle the various record types, and
* communications with the handshake processor.
*/
/*
* IMPLEMENTATION NOTES
* ====================
*
* The handshake processor is written in T0 and runs as a coroutine.
* It receives the contents of all records except application data, and
* is responsible for producing the contents of all records except
* application data.
*
* A state flag is maintained, which specifies whether application data
* is acceptable or not. When it is set:
*
* -- Application data can be injected as payload data (provided that
* the output buffer is ready for that).
*
* -- Incoming application data records are accepted, and yield data
* that the caller may retrieve.
*
* When the flag is cleared, application data is not accepted from the
* application, and incoming application data records trigger an error.
*
*
* Records of type handshake, alert or change-cipher-spec are handled
* by the handshake processor. The handshake processor is written in T0
* and runs as a coroutine; it gets invoked whenever one of the following
* situations is reached:
*
* -- An incoming record has type handshake, alert or change-cipher-spec,
* and yields data that can be read (zero-length records are thus
* ignored).
*
* -- An outgoing record has just finished being sent, and the "application
* data" flag is cleared.
*
* -- The caller wishes to perform a close (call to br_ssl_engine_close()).
*
* -- The caller wishes to perform a renegotiation (call to
* br_ssl_engine_renegotiate()).
*
* Whenever the handshake processor is entered, access to the payload
* buffers is provided, along with some information about explicit
* closures or renegotiations.
*/
/* see bearssl_ssl.h */
void
br_ssl_engine_set_suites(br_ssl_engine_context *cc,
const uint16_t *suites, size_t suites_num)
{
if ((suites_num * sizeof *suites) > sizeof cc->suites_buf) {
br_ssl_engine_fail(cc, BR_ERR_BAD_PARAM);
return;
}
memcpy(cc->suites_buf, suites, suites_num * sizeof *suites);
cc->suites_num = suites_num;
}
/*
* Give control to handshake processor. 'action' is 1 for a close,
* 2 for a renegotiation, or 0 for a jump due to I/O completion.
*/
static void
jump_handshake(br_ssl_engine_context *cc, int action)
{
/*
* We use a loop because the handshake processor actions may
* allow for more actions; namely, if the processor reads all
* input data, then it may allow for output data to be produced,
* in case of a shared in/out buffer.
*/
for (;;) {
size_t hlen_in, hlen_out;
/*
* Get input buffer. We do not want to provide
* application data to the handshake processor (we could
* get called with an explicit close or renegotiation
* while there is application data ready to be read).
*/
cc->hbuf_in = recvpld_buf(cc, &hlen_in);
if (cc->hbuf_in != NULL
&& cc->record_type_in == BR_SSL_APPLICATION_DATA)
{
hlen_in = 0;
}
( run in 1.561 second using v1.01-cache-2.11-cpan-df04353d9ac )