schannel: Don't treat encrypted partial record as pending data

- Track when the cached encrypted data contains only a partial record that can't be decrypted without more data (SEC_E_INCOMPLETE_MESSAGE). - Change Curl_schannel_data_pending to return false in such a case. Other SSL libraries have pending data functions that behave similarly. Ref: https://github.com/curl/curl/pull/1387 Closes https://github.com/curl/curl/pull/1392
author: Jay Satiro <raysatiro@yahoo.com> 2017-04-06 03:27:28 -0400
committer: Jay Satiro <raysatiro@yahoo.com> 2017-04-22 22:39:40 -0400
commit: 6b39f9c87e48f17533b139b2ddb829aa21227c3d (patch)
tree: 6d7d22d5412d0b9bdad130f07b1b3e0b5b31fbea /lib/urldata.h
parent: be299a4dba0362940062f7f07c76862ecf226522 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/urldata.h b/lib/urldata.h
index 34e18ecde..d4a4a2306 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -333,6 +333,11 @@ struct ssl_connect_data {
   size_t encdata_length, decdata_length;
   size_t encdata_offset, decdata_offset;
   unsigned char *encdata_buffer, *decdata_buffer;
+  /* encdata_is_incomplete: if encdata contains only a partial record that
+     can't be decrypted without another Curl_read_plain (that is, status is
+     SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes
+     more bytes into encdata then set this back to false. */
+  bool encdata_is_incomplete;
   unsigned long req_flags, ret_flags;
   CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */
   bool recv_sspi_close_notify; /* true if connection closed by close_notify */
author	Jay Satiro <raysatiro@yahoo.com>	2017-04-06 03:27:28 -0400
committer	Jay Satiro <raysatiro@yahoo.com>	2017-04-22 22:39:40 -0400
commit	6b39f9c87e48f17533b139b2ddb829aa21227c3d (patch)
tree	6d7d22d5412d0b9bdad130f07b1b3e0b5b31fbea /lib/urldata.h
parent	be299a4dba0362940062f7f07c76862ecf226522 (diff)