Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1067)

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 3177012: Update to NSS 3.12.7. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/ssl3ecc.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 21 matching lines...) Expand all
32 * in which case the provisions of the GPL or the LGPL are applicable instead 32 * in which case the provisions of the GPL or the LGPL are applicable instead
33 * of those above. If you wish to allow use of your version of this file only 33 * of those above. If you wish to allow use of your version of this file only
34 * under the terms of either the GPL or the LGPL, and not to allow others to 34 * under the terms of either the GPL or the LGPL, and not to allow others to
35 * use your version of this file under the terms of the MPL, indicate your 35 * use your version of this file under the terms of the MPL, indicate your
36 * decision by deleting the provisions above and replace them with the notice 36 * decision by deleting the provisions above and replace them with the notice
37 * and other provisions required by the GPL or the LGPL. If you do not delete 37 * and other provisions required by the GPL or the LGPL. If you do not delete
38 * the provisions above, a recipient may use your version of this file under 38 * the provisions above, a recipient may use your version of this file under
39 * the terms of any one of the MPL, the GPL or the LGPL. 39 * the terms of any one of the MPL, the GPL or the LGPL.
40 * 40 *
41 * ***** END LICENSE BLOCK ***** */ 41 * ***** END LICENSE BLOCK ***** */
42 /* $Id: ssl3con.c,v 1.134 2010/02/03 03:44:29 wtc%google.com Exp $ */ 42 /* $Id: ssl3con.c,v 1.142 2010/06/24 19:53:20 wtc%google.com Exp $ */
43 43
44 #include "cert.h" 44 #include "cert.h"
45 #include "ssl.h" 45 #include "ssl.h"
46 #include "cryptohi.h" /* for DSAU_ stuff */ 46 #include "cryptohi.h" /* for DSAU_ stuff */
47 #include "keyhi.h" 47 #include "keyhi.h"
48 #include "secder.h" 48 #include "secder.h"
49 #include "secitem.h" 49 #include "secitem.h"
50 50
51 #include "sslimpl.h" 51 #include "sslimpl.h"
52 #include "sslproto.h" 52 #include "sslproto.h"
(...skipping 510 matching lines...) Expand 10 before | Expand all | Expand 10 after
563 PRInt32 high; 563 PRInt32 high;
564 #else 564 #else
565 PRInt32 high; 565 PRInt32 high;
566 PRInt32 low; 566 PRInt32 low;
567 #endif 567 #endif
568 } tooLong; 568 } tooLong;
569 569
570 void SSL_AtomicIncrementLong(long * x) 570 void SSL_AtomicIncrementLong(long * x)
571 { 571 {
572 if ((sizeof *x) == sizeof(PRInt32)) { 572 if ((sizeof *x) == sizeof(PRInt32)) {
573 PR_AtomicIncrement((PRInt32 *)x); 573 PR_ATOMIC_INCREMENT((PRInt32 *)x);
574 } else { 574 } else {
575 tooLong * tl = (tooLong *)x; 575 tooLong * tl = (tooLong *)x;
576 » if (PR_AtomicIncrement(&tl->low) == 0) 576 » if (PR_ATOMIC_INCREMENT(&tl->low) == 0)
577 » PR_AtomicIncrement(&tl->high); 577 » PR_ATOMIC_INCREMENT(&tl->high);
578 } 578 }
579 } 579 }
580 580
581 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ 581 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */
582 /* XXX This does a linear search. A binary search would be better. */ 582 /* XXX This does a linear search. A binary search would be better. */
583 const ssl3CipherSuiteDef * 583 const ssl3CipherSuiteDef *
584 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) 584 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite)
585 { 585 {
586 int cipher_suite_def_len = 586 int cipher_suite_def_len =
587 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]); 587 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]);
(...skipping 2019 matching lines...) Expand 10 before | Expand all | Expand 10 after
2607 buf->len = 0; 2607 buf->len = 0;
2608 SSL_TRC(5, ("%d: SSL3[%d] received alert, level = %d, description = %d", 2608 SSL_TRC(5, ("%d: SSL3[%d] received alert, level = %d, description = %d",
2609 SSL_GETPID(), ss->fd, level, desc)); 2609 SSL_GETPID(), ss->fd, level, desc));
2610 2610
2611 switch (desc) { 2611 switch (desc) {
2612 case close_notify: ss->recvdCloseNotify = 1; 2612 case close_notify: ss->recvdCloseNotify = 1;
2613 error = SSL_ERROR_CLOSE_NOTIFY_ALERT; break; 2613 error = SSL_ERROR_CLOSE_NOTIFY_ALERT; break;
2614 case unexpected_message: error = SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT; 2614 case unexpected_message: error = SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT;
2615 break; 2615 break;
2616 case bad_record_mac: error = SSL_ERROR_BAD_MAC_ALERT; break; 2616 case bad_record_mac: error = SSL_ERROR_BAD_MAC_ALERT; break;
2617 case decryption_failed: » error = SSL_ERROR_DECRYPTION_FAILED_ALERT; 2617 case decryption_failed_RESERVED:
2618 error = SSL_ERROR_DECRYPTION_FAILED_ALERT;
2618 break; 2619 break;
2619 case record_overflow: error = SSL_ERROR_RECORD_OVERFLOW_ALERT; break; 2620 case record_overflow: error = SSL_ERROR_RECORD_OVERFLOW_ALERT; break;
2620 case decompression_failure: error = SSL_ERROR_DECOMPRESSION_FAILURE_ALERT; 2621 case decompression_failure: error = SSL_ERROR_DECOMPRESSION_FAILURE_ALERT;
2621 break; 2622 break;
2622 case handshake_failure: error = SSL_ERROR_HANDSHAKE_FAILURE_ALERT; 2623 case handshake_failure: error = SSL_ERROR_HANDSHAKE_FAILURE_ALERT;
2623 break; 2624 break;
2624 case no_certificate: error = SSL_ERROR_NO_CERTIFICATE; break; 2625 case no_certificate: error = SSL_ERROR_NO_CERTIFICATE; break;
2625 case bad_certificate: error = SSL_ERROR_BAD_CERT_ALERT; break; 2626 case bad_certificate: error = SSL_ERROR_BAD_CERT_ALERT; break;
2626 case unsupported_certificate:error = SSL_ERROR_UNSUPPORTED_CERT_ALERT;break; 2627 case unsupported_certificate:error = SSL_ERROR_UNSUPPORTED_CERT_ALERT;break;
2627 case certificate_revoked: error = SSL_ERROR_REVOKED_CERT_ALERT; break; 2628 case certificate_revoked: error = SSL_ERROR_REVOKED_CERT_ALERT; break;
(...skipping 1319 matching lines...) Expand 10 before | Expand all | Expand 10 after
3947 return rv; /* err set by ssl3_AppendHandshake* */ 3948 return rv; /* err set by ssl3_AppendHandshake* */
3948 } 3949 }
3949 3950
3950 rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2); 3951 rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2);
3951 if (rv != SECSuccess) { 3952 if (rv != SECSuccess) {
3952 return rv; /* err set by ssl3_AppendHandshake* */ 3953 return rv; /* err set by ssl3_AppendHandshake* */
3953 } 3954 }
3954 3955
3955 if (ss->ssl3.hs.sendingSCSV) { 3956 if (ss->ssl3.hs.sendingSCSV) {
3956 /* Add the actual SCSV */ 3957 /* Add the actual SCSV */
3957 » rv = ssl3_AppendHandshakeNumber(ss, TLS_RENEGO_PROTECTION_REQUEST, 3958 » rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
3958 sizeof(ssl3CipherSuite)); 3959 sizeof(ssl3CipherSuite));
3959 if (rv != SECSuccess) { 3960 if (rv != SECSuccess) {
3960 return rv; /* err set by ssl3_AppendHandshake* */ 3961 return rv; /* err set by ssl3_AppendHandshake* */
3961 } 3962 }
3962 actual_count++; 3963 actual_count++;
3963 } 3964 }
3964 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { 3965 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
3965 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; 3966 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
3966 if (config_match(suite, ss->ssl3.policy, PR_TRUE)) { 3967 if (config_match(suite, ss->ssl3.policy, PR_TRUE)) {
3967 actual_count++; 3968 actual_count++;
(...skipping 1336 matching lines...) Expand 10 before | Expand all | Expand 10 after
5304 5305
5305 case kt_dh: { 5306 case kt_dh: {
5306 SECItem dh_p = {siBuffer, NULL, 0}; 5307 SECItem dh_p = {siBuffer, NULL, 0};
5307 SECItem dh_g = {siBuffer, NULL, 0}; 5308 SECItem dh_g = {siBuffer, NULL, 0};
5308 SECItem dh_Ys = {siBuffer, NULL, 0}; 5309 SECItem dh_Ys = {siBuffer, NULL, 0};
5309 5310
5310 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); 5311 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
5311 if (rv != SECSuccess) { 5312 if (rv != SECSuccess) {
5312 goto loser; /* malformed. */ 5313 goto loser; /* malformed. */
5313 } 5314 }
5315 if (dh_p.len < 512/8)
5316 goto alert_loser;
5314 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length); 5317 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
5315 if (rv != SECSuccess) { 5318 if (rv != SECSuccess) {
5316 goto loser; /* malformed. */ 5319 goto loser; /* malformed. */
5317 } 5320 }
5321 if (dh_g.len == 0 || dh_g.len > dh_p.len + 1 ||
5322 (dh_g.len == 1 && dh_g.data[0] == 0))
5323 goto alert_loser;
5318 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); 5324 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length);
5319 if (rv != SECSuccess) { 5325 if (rv != SECSuccess) {
5320 goto loser; /* malformed. */ 5326 goto loser; /* malformed. */
5321 } 5327 }
5328 if (dh_Ys.len == 0 || dh_Ys.len > dh_p.len + 1 ||
5329 (dh_Ys.len == 1 && dh_Ys.data[0] == 0))
5330 goto alert_loser;
5322 rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); 5331 rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
5323 if (rv != SECSuccess) { 5332 if (rv != SECSuccess) {
5324 goto loser; /* malformed. */ 5333 goto loser; /* malformed. */
5325 } 5334 }
5326 if (length != 0) { 5335 if (length != 0) {
5327 if (isTLS) 5336 if (isTLS)
5328 desc = decode_error; 5337 desc = decode_error;
5329 goto alert_loser; /* malformed. */ 5338 goto alert_loser; /* malformed. */
5330 } 5339 }
5331 5340
(...skipping 666 matching lines...) Expand 10 before | Expand all | Expand 10 after
5998 return rv; /* ssl3_InitState has set the error code. */ 6007 return rv; /* ssl3_InitState has set the error code. */
5999 } 6008 }
6000 6009
6001 if ((ss->ssl3.hs.ws != wait_client_hello) && 6010 if ((ss->ssl3.hs.ws != wait_client_hello) &&
6002 (ss->ssl3.hs.ws != idle_handshake)) { 6011 (ss->ssl3.hs.ws != idle_handshake)) {
6003 desc = unexpected_message; 6012 desc = unexpected_message;
6004 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; 6013 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO;
6005 goto alert_loser; 6014 goto alert_loser;
6006 } 6015 }
6007 if (ss->ssl3.hs.ws == idle_handshake && 6016 if (ss->ssl3.hs.ws == idle_handshake &&
6008 (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER || 6017 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
6009 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_CLIENT_ONLY)) {
6010 desc = no_renegotiation; 6018 desc = no_renegotiation;
6011 level = alert_warning; 6019 level = alert_warning;
6012 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; 6020 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
6013 goto alert_loser; 6021 goto alert_loser;
6014 } 6022 }
6015 6023
6016 tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); 6024 tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
6017 if (tmp < 0) 6025 if (tmp < 0)
6018 goto loser; /* malformed, alert already sent */ 6026 goto loser; /* malformed, alert already sent */
6019 ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp; 6027 ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp;
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
6075 goto loser; /* malformed */ 6083 goto loser; /* malformed */
6076 } 6084 }
6077 } 6085 }
6078 if (!ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { 6086 if (!ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
6079 /* If we didn't receive an RI extension, look for the SCSV, 6087 /* If we didn't receive an RI extension, look for the SCSV,
6080 * and if found, treat it just like an empty RI extension 6088 * and if found, treat it just like an empty RI extension
6081 * by processing a local copy of an empty RI extension. 6089 * by processing a local copy of an empty RI extension.
6082 */ 6090 */
6083 for (i = 0; i + 1 < suites.len; i += 2) { 6091 for (i = 0; i + 1 < suites.len; i += 2) {
6084 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; 6092 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
6085 » if (suite_i == TLS_RENEGO_PROTECTION_REQUEST) { 6093 » if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) {
6086 SSL3Opaque * b2 = (SSL3Opaque *)emptyRIext; 6094 SSL3Opaque * b2 = (SSL3Opaque *)emptyRIext;
6087 PRUint32 L2 = sizeof emptyRIext; 6095 PRUint32 L2 = sizeof emptyRIext;
6088 (void)ssl3_HandleHelloExtensions(ss, &b2, &L2); 6096 (void)ssl3_HandleHelloExtensions(ss, &b2, &L2);
6089 break; 6097 break;
6090 } 6098 }
6091 } 6099 }
6092 } 6100 }
6093 if (ss->firstHsDone && 6101 if (ss->firstHsDone &&
6094 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_REQUIRES_XTN && 6102 (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_REQUIRES_XTN ||
6103 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_TRANSITIONAL) &&
6095 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { 6104 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
6096 desc = no_renegotiation; 6105 desc = no_renegotiation;
6097 level = alert_warning; 6106 level = alert_warning;
6098 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; 6107 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
6099 goto alert_loser; 6108 goto alert_loser;
6100 } 6109 }
6101 if ((ss->opt.requireSafeNegotiation || 6110 if ((ss->opt.requireSafeNegotiation ||
6102 (ss->firstHsDone && ss->peerRequestedProtection)) && 6111 (ss->firstHsDone && ss->peerRequestedProtection)) &&
6103 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { 6112 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
6104 desc = handshake_failure; 6113 desc = handshake_failure;
(...skipping 685 matching lines...) Expand 10 before | Expand all | Expand 10 after
6790 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; 6799 errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
6791 goto alert_loser; 6800 goto alert_loser;
6792 6801
6793 suite_found: 6802 suite_found:
6794 6803
6795 /* Look for the SCSV, and if found, treat it just like an empty RI 6804 /* Look for the SCSV, and if found, treat it just like an empty RI
6796 * extension by processing a local copy of an empty RI extension. 6805 * extension by processing a local copy of an empty RI extension.
6797 */ 6806 */
6798 for (i = 0; i+2 < suite_length; i += 3) { 6807 for (i = 0; i+2 < suite_length; i += 3) {
6799 PRUint32 suite_i = (suites[i] << 16) | (suites[i+1] << 8) | suites[i+2]; 6808 PRUint32 suite_i = (suites[i] << 16) | (suites[i+1] << 8) | suites[i+2];
6800 » if (suite_i == TLS_RENEGO_PROTECTION_REQUEST) { 6809 » if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) {
6801 SSL3Opaque * b2 = (SSL3Opaque *)emptyRIext; 6810 SSL3Opaque * b2 = (SSL3Opaque *)emptyRIext;
6802 PRUint32 L2 = sizeof emptyRIext; 6811 PRUint32 L2 = sizeof emptyRIext;
6803 (void)ssl3_HandleHelloExtensions(ss, &b2, &L2); 6812 (void)ssl3_HandleHelloExtensions(ss, &b2, &L2);
6804 break; 6813 break;
6805 } 6814 }
6806 } 6815 }
6807 6816
6808 if (ss->opt.requireSafeNegotiation && 6817 if (ss->opt.requireSafeNegotiation &&
6809 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { 6818 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
6810 desc = handshake_failure; 6819 desc = handshake_failure;
(...skipping 780 matching lines...) Expand 10 before | Expand all | Expand 10 after
7591 PRStatus prStatus; 7600 PRStatus prStatus;
7592 PRFileInfo info; 7601 PRFileInfo info;
7593 char cfn[100]; 7602 char cfn[100];
7594 7603
7595 pCertItem->data = 0; 7604 pCertItem->data = 0;
7596 if ((testdir = PR_GetEnv("NISCC_TEST")) == NULL) { 7605 if ((testdir = PR_GetEnv("NISCC_TEST")) == NULL) {
7597 return SECSuccess; 7606 return SECSuccess;
7598 } 7607 }
7599 *pIndex = (NULL != strstr(testdir, "root")); 7608 *pIndex = (NULL != strstr(testdir, "root"));
7600 extension = (strstr(testdir, "simple") ? "" : ".der"); 7609 extension = (strstr(testdir, "simple") ? "" : ".der");
7601 fileNum = PR_AtomicIncrement(&connNum) - 1; 7610 fileNum = PR_ATOMIC_INCREMENT(&connNum) - 1;
7602 if ((startat = PR_GetEnv("START_AT")) != NULL) { 7611 if ((startat = PR_GetEnv("START_AT")) != NULL) {
7603 fileNum += atoi(startat); 7612 fileNum += atoi(startat);
7604 } 7613 }
7605 if ((stopat = PR_GetEnv("STOP_AT")) != NULL && 7614 if ((stopat = PR_GetEnv("STOP_AT")) != NULL &&
7606 fileNum >= atoi(stopat)) { 7615 fileNum >= atoi(stopat)) {
7607 *pIndex = -1; 7616 *pIndex = -1;
7608 return SECSuccess; 7617 return SECSuccess;
7609 } 7618 }
7610 sprintf(cfn, "%s/%08d%s", testdir, fileNum, extension); 7619 sprintf(cfn, "%s/%08d%s", testdir, fileNum, extension);
7611 cf = PR_Open(cfn, PR_RDONLY, 0); 7620 cf = PR_Open(cfn, PR_RDONLY, 0);
(...skipping 1363 matching lines...) Expand 10 before | Expand all | Expand 10 after
8975 return SECFailure; 8984 return SECFailure;
8976 } 8985 }
8977 8986
8978 /* decrypt from cText buf to plaintext. */ 8987 /* decrypt from cText buf to plaintext. */
8979 rv = crSpec->decode( 8988 rv = crSpec->decode(
8980 crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len, 8989 crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
8981 plaintext->space, cText->buf->buf, cText->buf->len); 8990 plaintext->space, cText->buf->buf, cText->buf->len);
8982 8991
8983 PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len)); 8992 PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len));
8984 if (rv != SECSuccess) { 8993 if (rv != SECSuccess) {
8985 » int err = ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE); 8994 /* All decryption failures must be treated like a bad record
8986 » ssl_ReleaseSpecReadLock(ss); 8995 * MAC; see RFC 5246 (TLS 1.2).
8987 » SSL3_SendAlert(ss, alert_fatal, 8996 */
8988 » isTLS ? decryption_failed : bad_record_mac); 8997 padIsBad = PR_TRUE;
8989 » PORT_SetError(err);
8990 » return SECFailure;
8991 } 8998 }
8992 8999
8993 /* If it's a block cipher, check and strip the padding. */ 9000 /* If it's a block cipher, check and strip the padding. */
8994 if (cipher_def->type == type_block) { 9001 if (cipher_def->type == type_block && !padIsBad) {
8995 » padding_length = *(plaintext->buf + plaintext->len - 1); 9002 PRUint8 * pPaddingLen = plaintext->buf + plaintext->len - 1;
9003 » padding_length = *pPaddingLen;
8996 /* TLS permits padding to exceed the block size, up to 255 bytes. */ 9004 /* TLS permits padding to exceed the block size, up to 255 bytes. */
8997 if (padding_length + 1 + crSpec->mac_size > plaintext->len) 9005 if (padding_length + 1 + crSpec->mac_size > plaintext->len)
8998 padIsBad = PR_TRUE; 9006 padIsBad = PR_TRUE;
8999 » /* if TLS, check value of first padding byte. */ 9007 » else {
9000 » else if (padding_length && isTLS && 9008 plaintext->len -= padding_length + 1;
9001 » padding_length != *(plaintext->buf + 9009 /* In TLS all padding bytes must be equal to the padding length. */
9002 » plaintext->len - (padding_length + 1))) 9010 if (isTLS) {
9003 » padIsBad = PR_TRUE; 9011 PRUint8 *p;
9004 » else 9012 for (p = pPaddingLen - padding_length; p < pPaddingLen; ++p) {
9005 » plaintext->len -= padding_length + 1; 9013 padIsBad |= *p ^ padding_length;
9014 }
9015 }
9016 }
9006 } 9017 }
9007 9018
9008 /* Remove the MAC. */ 9019 /* Remove the MAC. */
9009 if (plaintext->len >= crSpec->mac_size) 9020 if (plaintext->len >= crSpec->mac_size)
9010 plaintext->len -= crSpec->mac_size; 9021 plaintext->len -= crSpec->mac_size;
9011 else 9022 else
9012 padIsBad = PR_TRUE; /* really macIsBad */ 9023 padIsBad = PR_TRUE; /* really macIsBad */
9013 9024
9014 /* compute the MAC */ 9025 /* compute the MAC */
9015 rType = cText->type; 9026 rType = cText->type;
9016 rv = ssl3_ComputeRecordMAC( crSpec, (PRBool)(!ss->sec.isServer), 9027 rv = ssl3_ComputeRecordMAC( crSpec, (PRBool)(!ss->sec.isServer),
9017 rType, cText->version, crSpec->read_seq_num, 9028 rType, cText->version, crSpec->read_seq_num,
9018 plaintext->buf, plaintext->len, hash, &hashBytes); 9029 plaintext->buf, plaintext->len, hash, &hashBytes);
9019 if (rv != SECSuccess) { 9030 if (rv != SECSuccess) {
9020 » int err = ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); 9031 padIsBad = PR_TRUE; /* really macIsBad */
9021 » ssl_ReleaseSpecReadLock(ss);
9022 » SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
9023 » PORT_SetError(err);
9024 » return rv;
9025 } 9032 }
9026 9033
9027 /* Check the MAC */ 9034 /* Check the MAC */
9028 if (hashBytes != (unsigned)crSpec->mac_size || padIsBad || 9035 if (hashBytes != (unsigned)crSpec->mac_size || padIsBad ||
9029 NSS_SecureMemcmp(plaintext->buf + plaintext->len, hash, 9036 NSS_SecureMemcmp(plaintext->buf + plaintext->len, hash,
9030 crSpec->mac_size) != 0) { 9037 crSpec->mac_size) != 0) {
9031 /* must not hold spec lock when calling SSL3_SendAlert. */ 9038 /* must not hold spec lock when calling SSL3_SendAlert. */
9032 ssl_ReleaseSpecReadLock(ss); 9039 ssl_ReleaseSpecReadLock(ss);
9033 SSL3_SendAlert(ss, alert_fatal, bad_record_mac); 9040 SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
9034 /* always log mac error, in case attacker can read server logs. */ 9041 /* always log mac error, in case attacker can read server logs. */
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
9113 if (isTLS && databuf->len > (MAX_FRAGMENT_LENGTH + 1024)) { 9120 if (isTLS && databuf->len > (MAX_FRAGMENT_LENGTH + 1024)) {
9114 SSL3_SendAlert(ss, alert_fatal, record_overflow); 9121 SSL3_SendAlert(ss, alert_fatal, record_overflow);
9115 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); 9122 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
9116 return SECFailure; 9123 return SECFailure;
9117 } 9124 }
9118 9125
9119 /* Application data records are processed by the caller of this 9126 /* Application data records are processed by the caller of this
9120 ** function, not by this function. 9127 ** function, not by this function.
9121 */ 9128 */
9122 if (rType == content_application_data) { 9129 if (rType == content_application_data) {
9123 » return SECSuccess; 9130 » if (ss->firstHsDone)
9131 » return SECSuccess;
9132 » (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
9133 » PORT_SetError(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA);
9134 » return SECFailure;
9124 } 9135 }
9125 9136
9126 /* It's a record that must be handled by ssl itself, not the application. 9137 /* It's a record that must be handled by ssl itself, not the application.
9127 */ 9138 */
9128 process_it: 9139 process_it:
9129 /* XXX Get the xmit lock here. Odds are very high that we'll be xmiting 9140 /* XXX Get the xmit lock here. Odds are very high that we'll be xmiting
9130 * data ang getting the xmit lock here prevents deadlocks. 9141 * data ang getting the xmit lock here prevents deadlocks.
9131 */ 9142 */
9132 ssl_GetSSL3HandshakeLock(ss); 9143 ssl_GetSSL3HandshakeLock(ss);
9133 9144
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after
9272 return NULL; /* error code is set. */ 9283 return NULL; /* error code is set. */
9273 pair->refCount = 1; 9284 pair->refCount = 1;
9274 pair->privKey = privKey; 9285 pair->privKey = privKey;
9275 pair->pubKey = pubKey; 9286 pair->pubKey = pubKey;
9276 return pair; /* success */ 9287 return pair; /* success */
9277 } 9288 }
9278 9289
9279 ssl3KeyPair * 9290 ssl3KeyPair *
9280 ssl3_GetKeyPairRef(ssl3KeyPair * keyPair) 9291 ssl3_GetKeyPairRef(ssl3KeyPair * keyPair)
9281 { 9292 {
9282 PR_AtomicIncrement(&keyPair->refCount); 9293 PR_ATOMIC_INCREMENT(&keyPair->refCount);
9283 return keyPair; 9294 return keyPair;
9284 } 9295 }
9285 9296
9286 void 9297 void
9287 ssl3_FreeKeyPair(ssl3KeyPair * keyPair) 9298 ssl3_FreeKeyPair(ssl3KeyPair * keyPair)
9288 { 9299 {
9289 PRInt32 newCount = PR_AtomicDecrement(&keyPair->refCount); 9300 PRInt32 newCount = PR_ATOMIC_DECREMENT(&keyPair->refCount);
9290 if (!newCount) { 9301 if (!newCount) {
9291 if (keyPair->privKey) 9302 if (keyPair->privKey)
9292 SECKEY_DestroyPrivateKey(keyPair->privKey); 9303 SECKEY_DestroyPrivateKey(keyPair->privKey);
9293 if (keyPair->pubKey) 9304 if (keyPair->pubKey)
9294 SECKEY_DestroyPublicKey( keyPair->pubKey); 9305 SECKEY_DestroyPublicKey( keyPair->pubKey);
9295 PORT_Free(keyPair); 9306 PORT_Free(keyPair);
9296 } 9307 }
9297 } 9308 }
9298 9309
9299 9310
(...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after
9495 9506
9496 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); 9507 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
9497 9508
9498 if (!ss->firstHsDone || 9509 if (!ss->firstHsDone ||
9499 ((ss->version >= SSL_LIBRARY_VERSION_3_0) && 9510 ((ss->version >= SSL_LIBRARY_VERSION_3_0) &&
9500 ss->ssl3.initialized && 9511 ss->ssl3.initialized &&
9501 (ss->ssl3.hs.ws != idle_handshake))) { 9512 (ss->ssl3.hs.ws != idle_handshake))) {
9502 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); 9513 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
9503 return SECFailure; 9514 return SECFailure;
9504 } 9515 }
9505 if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER || 9516 if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
9506 (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_CLIENT_ONLY &&
9507 ss->sec.isServer)) {
9508 PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); 9517 PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
9509 return SECFailure; 9518 return SECFailure;
9510 } 9519 }
9511 if (sid && flushCache) { 9520 if (sid && flushCache) {
9512 ss->sec.uncache(sid); /* remove it from whichever cache it's in. */ 9521 ss->sec.uncache(sid); /* remove it from whichever cache it's in. */
9513 ssl_FreeSID(sid); /* dec ref count and free if zero. */ 9522 ssl_FreeSID(sid); /* dec ref count and free if zero. */
9514 ss->sec.ci.sid = NULL; 9523 ss->sec.ci.sid = NULL;
9515 } 9524 }
9516 9525
9517 ssl_GetXmitBufLock(ss); /**************************************/ 9526 ssl_GetXmitBufLock(ss); /**************************************/
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
9570 9579
9571 ss->ssl3.initialized = PR_FALSE; 9580 ss->ssl3.initialized = PR_FALSE;
9572 9581
9573 if (ss->ssl3.nextProto.data) { 9582 if (ss->ssl3.nextProto.data) {
9574 PORT_Free(ss->ssl3.nextProto.data); 9583 PORT_Free(ss->ssl3.nextProto.data);
9575 ss->ssl3.nextProto.data = NULL; 9584 ss->ssl3.nextProto.data = NULL;
9576 } 9585 }
9577 } 9586 }
9578 9587
9579 /* End of ssl3con.c */ 9588 /* End of ssl3con.c */
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/ssl3ecc.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698