48 static kssl_status_t kssl_build_single_record(ssl_t *ssl, mblk_t *mp);
62  * 2. in_port is a proxy port for another ssl port. The ssl port is then
299 	ssl_t *ssl = (ssl_t *)ksslctx;
301 	mutex_enter(&ssl->kssl_lock);
302 	if (--ssl->async_ops_pending == 0)
303 		cv_signal(&ssl->async_cv);
304 	mutex_exit(&ssl->kssl_lock);
329 	ssl_t *ssl;
341 	ssl = (ssl_t *)(ctx);
346 	mutex_enter(&ssl->kssl_lock);
348 	if (ssl->close_notify_clnt == B_TRUE) {
354 	if (ssl->activeinput) {
356 			KSSL_ENQUEUE_MP(ssl, mp);
358 		mutex_exit(&ssl->kssl_lock);
368 	if ((!ssl->activeinput) && (ssl->rec_ass_head == NULL) &&
375 		    (ssl->hs_waitstate == idle_handshake)) {
382 				mutex_exit(&ssl->kssl_lock);
388 	ssl->activeinput = B_TRUE;
391 		KSSL_ENQUEUE_MP(ssl, mp);
394 	recmp = kssl_get_next_record(ssl);
397 		ssl->activeinput = B_FALSE;
398 		if (ssl->alert_sendbuf != NULL) {
403 		mutex_exit(&ssl->kssl_lock);
421 			ssl->activeinput = B_FALSE;
422 			if (ssl->hs_waitstate != idle_handshake) {
441 			if (ssl->hs_waitstate == idle_handshake) {
442 				ssl->activeinput = B_FALSE;
446 				kssl_cmd = kssl_handle_any_record(ssl, recmp,
451 			ssl->activeinput = B_FALSE;
457 		if (ssl->alert_sendbuf != NULL) {
463 		if (ssl->handshake_sendbuf) {
465 				linkb(*decrmp, ssl->handshake_sendbuf);
467 				*decrmp = ssl->handshake_sendbuf;
469 			ssl->handshake_sendbuf = NULL;
471 			*more = ((ssl->rec_ass_head != NULL) &&
472 			    (!ssl->activeinput));
473 			mutex_exit(&ssl->kssl_lock);
477 		if (ssl->hs_waitstate == idle_handshake) {
478 			*more = ((ssl->rec_ass_head != NULL) &&
479 			    (!ssl->activeinput));
489 			mutex_exit(&ssl->kssl_lock);
495 		if (ssl->activeinput) {
496 			mutex_exit(&ssl->kssl_lock);
499 	} while ((recmp = kssl_get_next_record(ssl)) != NULL);
501 	mutex_exit(&ssl->kssl_lock);
505 	kssl_send_alert(ssl, alert_fatal, unexpected_message);
511 	*decrmp = ssl->alert_sendbuf;
512 	ssl->alert_sendbuf = NULL;
513 	mutex_exit(&ssl->kssl_lock);
532 	ssl_t *ssl;
541 	ssl = (ssl_t *)(ctx);
593 			mutex_enter(&ssl->kssl_lock);
595 			kssl_cmd = kssl_handle_any_record(ssl, mp, outmp,
598 			if (ssl->alert_sendbuf != NULL) {
603 			mutex_exit(&ssl->kssl_lock);
639 		spec = &ssl->spec[KSSL_READ];
699 			ret = kssl_compute_record_mac(ssl, KSSL_READ,
700 			    ssl->seq_num[KSSL_READ], content_type,
712 			ssl->seq_num[KSSL_READ]++;
715 		if (ssl->hs_waitstate != idle_handshake) {
717 			    SSL3WaitState, ssl->hs_waitstate);
737 	mutex_enter(&ssl->kssl_lock);
738 	kssl_send_alert(ssl, alert_fatal, desc);
740 	if (ssl->alert_sendbuf == NULL) {
743 		mutex_exit(&ssl->kssl_lock);
755 		*outmp = ssl->alert_sendbuf;
757 		linkb(*outmp, ssl->alert_sendbuf);
759 	ssl->alert_sendbuf = NULL;
760 	mutex_exit(&ssl->kssl_lock);
795 	ssl_t *ssl;
801 	ssl = (ssl_t *)(ctx);
808 	ASSERT(MUTEX_HELD(&ssl->kssl_lock));
812 		if (ssl->hs_waitstate == wait_client_hello) {
817 				ssl->major_version = version[0] = mp->b_rptr[3];
818 				ssl->minor_version = version[1] = mp->b_rptr[4];
822 				ssl->major_version = mp->b_rptr[3];
823 				ssl->minor_version = mp->b_rptr[4];
831 		ssl->major_version = version[0] = mp->b_rptr[1];
832 		ssl->minor_version = version[1] = mp->b_rptr[2];
855 	spec = &ssl->spec[KSSL_READ];
910 		ret = kssl_compute_record_mac(ssl, KSSL_READ,
911 		    ssl->seq_num[KSSL_READ], content_type,
923 		ssl->seq_num[KSSL_READ]++;
935 			    ssl->hs_waitstate == idle_handshake) {
946 				if (ssl->hs_waitstate == wait_client_key_done)
949 				return ((ssl->handshake_sendbuf != NULL) ?
952 			if (ssl->msg.state < MSG_BODY) {
953 				if (ssl->msg.state == MSG_INIT) {
954 					ssl->msg.type =
956 					ssl->msg.state = MSG_INIT_LEN;
958 				if (ssl->msg.state == MSG_INIT_LEN) {
960 					    ssl->msg.msglen_bytes;
961 					int msglen = ssl->msg.msglen;
968 					ssl->msg.msglen_bytes = msglenb;
969 					ssl->msg.msglen = msglen;
971 						ssl->msg.state = MSG_BODY;
980 			ASSERT(ssl->msg.state == MSG_BODY);
984 			if (ssl->msg.head == NULL &&
985 			    ssl->msg.msglen <= sz) {
988 			if (ssl->msg.head != NULL) {
989 				sz += msgdsize(ssl->msg.head);
990 				if (ssl->msg.msglen <= sz) {
991 					ssl->msg.tail->b_cont = mp;
992 					mp = ssl->msg.head;
993 					ssl->sslcnt = 100;
994 					ssl->msg.head = NULL;
995 					ssl->msg.tail = NULL;
1010 			if (ssl->msg.head == NULL) {
1011 				ssl->msg.head = mp;
1012 				ssl->msg.tail = mp;
1015 				ssl->msg.tail->b_cont = mp;
1016 				ssl->msg.tail = mp;
1019 		} while (kssl_handle_handshake_message(ssl, mp, &error, cbfn,
1027 		if (ssl->hs_waitstate == wait_client_key_done) {
1044 				if (ssl->sid.cached == B_TRUE) {
1045 					kssl_uncache_sid(&ssl->sid,
1046 					    ssl->kssl_entry);
1051 				ssl->fatal_alert = B_TRUE;
1055 				ssl->close_notify_clnt = B_TRUE;
1056 				ssl->activeinput = B_FALSE;
1064 		if (ssl->hs_waitstate != wait_change_cipher) {
1070 			ssl->hs_waitstate = wait_finished;
1071 			ssl->seq_num[KSSL_READ] = 0;
1072 			if ((error = kssl_spec_init(ssl, KSSL_READ)) != 0) {
1077 			ssl->activeinput = B_FALSE;
1088 		if (ssl->hs_waitstate != idle_handshake) {
1096 		ssl->activeinput = B_FALSE;
1102 		error = kssl_handle_v2client_hello(ssl, mp, rec_sz);
1123 	kssl_send_alert(ssl, alert_fatal, desc);
1124 	*decrmp = ssl->alert_sendbuf;
1125 	ssl->alert_sendbuf = NULL;
1135  * address. The ssl structure is returned held.
1141 	ssl_t *ssl = kmem_cache_alloc(kssl_cache, KM_NOSLEEP);
1144 	if (ssl == NULL) {
1148 	bzero(ssl, sizeof (ssl_t));
1150 	ssl->kssl_entry = (kssl_entry_t *)kssl_ent;
1151 	KSSL_ENTRY_REFHOLD(ssl->kssl_entry);
1154 		IN6_IPADDR_TO_V4MAPPED(sin->sin_addr.s_addr, &ssl->faddr);
1157 		ssl->faddr = ((struct sockaddr_in6 *)addr)->sin6_addr;
1159 	ssl->tcp_mss = mss;
1160 	ssl->sendalert_level = alert_warning;
1161 	ssl->sendalert_desc = close_notify;
1162 	ssl->sid.cached = B_FALSE;
1164 	*kssl_ctxp = (kssl_ctx_t)ssl;
1171 	ssl_t *ssl = (ssl_t *)ctx;
1172 	ssl->tcp_mss = mss;
1186 	ssl_t *ssl = (ssl_t *)ctx;
1189 	ASSERT(ssl != NULL);
1204 	if (mp == NULL && !ssl->close_notify_srvr) {
1205 		kssl_send_alert(ssl, alert_warning, close_notify);
1206 		if (ssl->alert_sendbuf == NULL)
1208 		mp = bp = retmp = prevbp = ssl->alert_sendbuf;
1209 		ssl->alert_sendbuf = NULL;
1210 		ssl->close_notify_srvr = B_TRUE;
1236 		if (kssl_build_single_record(ssl, bp) != KSSL_STS_OK)
1257 kssl_build_single_record(ssl_t *ssl, mblk_t *mp)
1266 	spec = &ssl->spec[KSSL_WRITE];
1274 	if (!ssl->close_notify_srvr)
1281 	mutex_enter(&ssl->kssl_lock);
1284 	if (!ssl->close_notify_srvr) {
1289 		recstart[1] = ssl->major_version;
1290 		recstart[2] = ssl->minor_version;
1305 	if (kssl_mac_encrypt_record(ssl, recstart[0], versionp,
1308 		mutex_exit(&ssl->kssl_lock);
1315 	mutex_exit(&ssl->kssl_lock);

Indexes created Tue Jul 24 14:28:13 CEST 2018