277 kssl_handle_handshake_message(ssl_t *ssl, mblk_t *mp, int *err,
285 	ASSERT(mp->b_wptr >= mp->b_rptr + ssl->msg.msglen);
310 		kssl_update_handshake_hashes(ssl, mp->b_rptr, msglen);
326 		*err = kssl_handle_client_hello(ssl, mp, msglen);
340 		*err = kssl_handle_client_key_exchange(ssl, mp,
351 		*err = kssl_handle_finished(ssl, mp, msglen);
458 kssl_handle_client_hello(ssl_t *ssl, mblk_t *mp, int msglen)
470 	ASSERT(mp->b_wptr >= mp->b_rptr + msglen);
481 	msgend = mp->b_rptr + msglen;
492 	mp->b_rptr += 2; /* skip the version bytes */
495 	bcopy(mp->b_rptr, ssl->client_random, SSL3_RANDOM_LENGTH);
496 	mp->b_rptr += SSL3_RANDOM_LENGTH;
500 	sidlen = *mp->b_rptr++;
508 		mp->b_rptr += sidlen;
510 		kssl_lookup_sid(&ssl->sid, mp->b_rptr, &ssl->faddr,
512 		mp->b_rptr += SSL3_SESSIONID_BYTES;
516 	cslen = ((uint_t)mp->b_rptr[0] << 8) + (uint_t)mp->b_rptr[1];
517 	mp->b_rptr += 2;
538 	suitesp = mp->b_rptr;
635 	mp->b_rptr += cslen;
641 	cmlen = *mp->b_rptr++;
654 		if (*mp->b_rptr++ == 0)
673 	mp->b_rptr += cmlen - 1;
685 		uint16_t ext_total_len = ((uint_t)mp->b_rptr[0] << 8) +
686 		    (uint_t)mp->b_rptr[1];
695 			    mblk_t *, mp);
704 		mp->b_rptr += 2;
711 		while (mp->b_rptr < msgend) {
724 			ext_type = ((uint_t)mp->b_rptr[0] << 8) +
725 			    (uint_t)mp->b_rptr[1];
726 			mp->b_rptr += 2;
727 			ext_len = ((uint_t)mp->b_rptr[0] << 8) +
728 			    (uint_t)mp->b_rptr[1];
729 			mp->b_rptr += 2;
732 			    uint16_t, ext_len, mblk_t *, mp);
753 				    (*mp->b_rptr != 0)) {
757 					    mblk_t *, mp);
769 			mp->b_rptr += ext_len;
773 	mp->b_rptr = msgend;
972 	mblk_t *mp;
977 	mp = allocb(ssl->tcp_mss, BPRI_HI);
978 	if (mp == NULL) {
982 	ssl->handshake_sendbuf = mp;
983 	buf = mp->b_wptr;
1042 	mp->b_wptr = buf;
1043 	ASSERT(mp->b_wptr < mp->b_datap->db_lim);
1358 	mblk_t *mp;
1375 	mp = ssl->handshake_sendbuf;
1377 	ASSERT(mp != NULL);
1378 	cur_reclen = mp->b_wptr - mp->b_rptr - SSL3_HDR_LEN;
1392 		ASSERT(mp->b_wptr + copylen <= mp->b_datap->db_lim);
1393 		bcopy(msgbuf, mp->b_wptr, copylen);
1395 		mp->b_wptr += copylen;
1406 		mp->b_cont = allocb(copylen, BPRI_HI);
1407 		if (mp->b_cont == NULL) {
1413 		mp = mp->b_cont;
1415 			mp->b_wptr[0] = content_handshake;
1416 			mp->b_wptr[1] = ssl->major_version;
1417 			mp->b_wptr[2] = ssl->minor_version;
1419 			mp->b_wptr[3] = (cur_reclen >> 8) & 0xff;
1420 			mp->b_wptr[4] = (cur_reclen) & 0xff;
1421 			mp->b_wptr += SSL3_HDR_LEN;
1428 	mp = ssl->handshake_sendbuf;
1430 	mp->b_rptr[3] = (cur_reclen >> 8) & 0xff;
1431 	mp->b_rptr[4] = (cur_reclen) & 0xff;
1441 	mblk_t *mp, *newmp;
1444 	mp = ssl->handshake_sendbuf;
1447 	if ((mp != NULL) &&
1448 	    (mp->b_datap->db_lim - mp->b_wptr > KSSL_SSL3_MAX_CCP_FIN_MSGLEN)) {
1449 		buf = mp->b_wptr;
1456 		if (mp == NULL) {
1461 		mp = newmp;
1462 		buf = mp->b_rptr;
1475 	mp->b_wptr = buf + 1;
1476 	ASSERT(mp->b_wptr < mp->b_datap->db_lim);
1620 	mblk_t *mp;
1629 	mp = ssl->handshake_sendbuf;
1630 	ASSERT(mp != NULL);
1631 	buf = mp->b_wptr;
1638 	ASSERT(buf - mp->b_rptr ==
1640 	    buf - mp->b_rptr == SSL3_HDR_LEN + 1);
1690 	mp->b_wptr = buf + finish_len;
1693 	    rstart, mp);
1694 	ASSERT(mp->b_wptr <= mp->b_datap->db_lim);
1704 	mblk_t *mp)
1714 	ASSERT(rstart >= mp->b_rptr);
1715 	ASSERT(rstart < mp->b_wptr);
1720 	rec_sz = (mp->b_wptr - rstart) - SSL3_HDR_LEN;
1724 		ASSERT(mp->b_wptr + mac_sz <= mp->b_datap->db_lim);
1727 		    rstart + SSL3_HDR_LEN, rec_sz, mp->b_wptr);
1730 			mp->b_wptr += mac_sz;
1740 		ASSERT(mp->b_wptr + pad_sz <= mp->b_datap->db_lim);
1742 			mp->b_wptr[i] = pad_sz - 1;
1744 		mp->b_wptr += pad_sz;
1775 	mblk_t *mp;
1805 	ssl->alert_sendbuf = mp = allocb(len + spec->mac_hashsz +
1807 	if (mp == NULL) {
1811 	buf = mp->b_wptr;
1842 	mp->b_wptr = buf;
1847 kssl_handle_client_key_exchange(ssl_t *ssl, mblk_t *mp, int msglen,
1873 		msglen = (mp->b_rptr[0] << 8) | mp->b_rptr[1];
1874 		mp->b_rptr += 2;
1901 	bcopy(mp->b_rptr, wrapped_pms_data->cd_raw.iov_base, msglen);
1902 	mp->b_rptr += msglen;
2009 kssl_handle_finished(ssl_t *ssl, mblk_t *mp, int msglen)
2029 		hashcompare = bcmp(mp->b_rptr, ssl->hs_hashes.tlshash,
2032 		hashcompare = bcmp(mp->b_rptr, &ssl->hs_hashes, finish_len);
2041 	mp->b_rptr += msglen;
2074 kssl_handle_v2client_hello(ssl_t *ssl, mblk_t *mp, int recsz)
2089 	ASSERT(mp->b_wptr >= mp->b_rptr + recsz);
2102 	kssl_update_handshake_hashes(ssl, mp->b_rptr, recsz);
2104 	recend = mp->b_rptr + recsz;
2106 	if (*mp->b_rptr != 1) {
2107 		DTRACE_PROBE1(kssl_err__invalid_version, uint_t, *mp->b_rptr);
2110 	mp->b_rptr += 3;
2112 	cslen = ((uint_t)mp->b_rptr[0] << 8) + (uint_t)mp->b_rptr[1];
2113 	sidlen = ((uint_t)mp->b_rptr[2] << 8) + (uint_t)mp->b_rptr[3];
2114 	randlen = ((uint_t)mp->b_rptr[4] << 8) + (uint_t)mp->b_rptr[5];
2125 	mp->b_rptr += 6;
2132 	suitesp = mp->b_rptr;
2195 	mp->b_rptr = recend;
2323 	mblk_t *mp, *retmp;
2331 	mp = ssl->rec_ass_head;
2332 	if (mp == NULL)
2335 	/* Fast path: when mp has at least a complete record */
2336 	if (MBLKL(mp) < rhsz) {
2338 		    mblk_t *, mp);
2340 		if (msgdsize(mp) < rhsz) {
2344 		if (!pullupmsg(mp, rhsz)) {
2346 			freemsg(mp);
2351 	content_type = (SSL3ContentType)mp->b_rptr[0];
2353 		DTRACE_PROBE1(kssl_mblk__ssl_v2, mblk_t *, mp);
2354 		rec_sz = (uint16_t)mp->b_rptr[1];
2357 		DTRACE_PROBE1(kssl_mblk__ssl_v3, mblk_t *, mp);
2358 		uint8_t *rec_sz_p = (uint8_t *)mp->b_rptr + 3;
2373 	if (MBLKL(mp) < total_size) {
2375 		    mblk_t *, mp, int, total_size);
2377 		if (msgdsize(mp) < total_size) {
2381 		if (!pullupmsg(mp, total_size)) {
2383 			freemsg(mp);
2388 	mpsz = MBLKL(mp);	/* could've changed after the pullup */
2392 		    mblk_t *, mp, int, total_size);
2394 		if ((retmp = dupb(mp)) == NULL) {
2396 			freemsg(mp);
2402 		mp->b_rptr += total_size;
2403 		ssl->rec_ass_head = mp;
2406 		    mblk_t *, mp, int, total_size);
2408 		ssl->rec_ass_head = mp->b_cont;
2409 		mp->b_cont = NULL;
2410 		retmp = mp;
2413 	if ((mp = ssl->rec_ass_tail = ssl->rec_ass_head) != NULL) {
2414 		for (; mp->b_cont != NULL; mp = mp->b_cont) {
2415 			ssl->rec_ass_tail = mp->b_cont;

Indexes created Tue Jul 24 14:28:13 CEST 2018