From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- security/nss/lib/ssl/ssldef.c | 226 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 226 insertions(+) create mode 100644 security/nss/lib/ssl/ssldef.c (limited to 'security/nss/lib/ssl/ssldef.c') diff --git a/security/nss/lib/ssl/ssldef.c b/security/nss/lib/ssl/ssldef.c new file mode 100644 index 0000000000..3ed1979507 --- /dev/null +++ b/security/nss/lib/ssl/ssldef.c @@ -0,0 +1,226 @@ +/* + * "Default" SSLSocket methods, used by sockets that do neither SSL nor socks. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "cert.h" +#include "ssl.h" +#include "sslimpl.h" + +#if defined(WIN32) +#define MAP_ERROR(from, to) \ + if (err == from) { \ + PORT_SetError(to); \ + } +#define DEFINE_ERROR PRErrorCode err = PR_GetError(); +#else +#define MAP_ERROR(from, to) +#define DEFINE_ERROR +#endif + +int +ssl_DefConnect(sslSocket *ss, const PRNetAddr *sa) +{ + PRFileDesc *lower = ss->fd->lower; + int rv; + + rv = lower->methods->connect(lower, sa, ss->cTimeout); + return rv; +} + +int +ssl_DefBind(sslSocket *ss, const PRNetAddr *addr) +{ + PRFileDesc *lower = ss->fd->lower; + int rv; + + rv = lower->methods->bind(lower, addr); + return rv; +} + +int +ssl_DefListen(sslSocket *ss, int backlog) +{ + PRFileDesc *lower = ss->fd->lower; + int rv; + + rv = lower->methods->listen(lower, backlog); + return rv; +} + +int +ssl_DefShutdown(sslSocket *ss, int how) +{ + PRFileDesc *lower = ss->fd->lower; + int rv; + + rv = lower->methods->shutdown(lower, how); + return rv; +} + +int +ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags) +{ + PRFileDesc *lower = ss->fd->lower; + int rv; + + PORT_Assert(buf && len > 0); + + rv = lower->methods->recv(lower, (void *)buf, len, flags, ss->rTimeout); + if (rv < 0) { + DEFINE_ERROR + MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR) + } else if (rv > len) { + PORT_Assert(rv <= len); + PORT_SetError(PR_BUFFER_OVERFLOW_ERROR); + rv = SECFailure; + } + return rv; +} + +/* Default (unencrypted) send. + * For blocking sockets, always returns len or SECFailure, no short writes. + * For non-blocking sockets: + * Returns positive count if any data was written, else returns SECFailure. + * Short writes may occur. + */ +int +ssl_DefSend(sslSocket *ss, const unsigned char *buf, int len, int flags) +{ + PRFileDesc *lower = ss->fd->lower; + int sent = 0; + +#if NSS_DISABLE_NAGLE_DELAYS + /* Although this is overkill, we disable Nagle delays completely for + ** SSL sockets. + */ + if (ss->opt.useSecurity && !ss->delayDisabled) { + ssl_EnableNagleDelay(ss, PR_FALSE); /* ignore error */ + ss->delayDisabled = 1; + } +#endif + do { + int rv = lower->methods->send(lower, (const void *)(buf + sent), + len - sent, flags, ss->wTimeout); + if (rv < 0) { + PRErrorCode err = PR_GetError(); + if (err == PR_WOULD_BLOCK_ERROR) { + ss->lastWriteBlocked = 1; + return sent ? sent : SECFailure; + } + ss->lastWriteBlocked = 0; + MAP_ERROR(PR_CONNECT_ABORTED_ERROR, PR_CONNECT_RESET_ERROR) + /* Loser */ + return rv; + } + sent += rv; + + if (IS_DTLS(ss) && (len > sent)) { + /* We got a partial write so just return it */ + return sent; + } + } while (len > sent); + ss->lastWriteBlocked = 0; + return sent; +} + +int +ssl_DefRead(sslSocket *ss, unsigned char *buf, int len) +{ + PRFileDesc *lower = ss->fd->lower; + int rv; + + rv = lower->methods->read(lower, (void *)buf, len); + if (rv < 0) { + DEFINE_ERROR + MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR) + } + return rv; +} + +int +ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len) +{ + PRFileDesc *lower = ss->fd->lower; + int sent = 0; + + do { + int rv = lower->methods->write(lower, (const void *)(buf + sent), + len - sent); + if (rv < 0) { + PRErrorCode err = PR_GetError(); + if (err == PR_WOULD_BLOCK_ERROR) { + ss->lastWriteBlocked = 1; + return sent ? sent : SECFailure; + } + ss->lastWriteBlocked = 0; + MAP_ERROR(PR_CONNECT_ABORTED_ERROR, PR_CONNECT_RESET_ERROR) + /* Loser */ + return rv; + } + sent += rv; + } while (len > sent); + ss->lastWriteBlocked = 0; + return sent; +} + +int +ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name) +{ + PRFileDesc *lower = ss->fd->lower; + int rv; + + rv = lower->methods->getpeername(lower, name); + return rv; +} + +int +ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name) +{ + PRFileDesc *lower = ss->fd->lower; + int rv; + + rv = lower->methods->getsockname(lower, name); + return rv; +} + +int +ssl_DefClose(sslSocket *ss) +{ + PRFileDesc *fd; + PRFileDesc *popped; + int rv; + + fd = ss->fd; + + /* First, remove the SSL layer PRFileDesc from the socket's stack, + ** then invoke the SSL layer's PRFileDesc destructor. + ** This must happen before the next layer down is closed. + */ + PORT_Assert(fd->higher == NULL); + if (fd->higher) { + PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); + return SECFailure; + } + ss->fd = NULL; + + /* PR_PopIOLayer will swap the contents of the top two PRFileDescs on + ** the stack, and then remove the second one. This way, the address + ** of the PRFileDesc on the top of the stack doesn't change. + */ + popped = PR_PopIOLayer(fd, PR_TOP_IO_LAYER); + popped->dtor(popped); + + /* fd is now the PRFileDesc for the next layer down. + ** Now close the underlying socket. + */ + rv = fd->methods->close(fd); + + ssl_FreeSocket(ss); + + SSL_TRC(5, ("%d: SSL[%d]: closing, rv=%d errno=%d", + SSL_GETPID(), fd, rv, PORT_GetError())); + return rv; +} -- cgit v1.2.3