| OLD | NEW |
| 1 /* | 1 /* |
| 2 * SSL3 Protocol | 2 * SSL3 Protocol |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 21 matching lines...) Expand all Loading... |
| 32 * in which case the provisions of the GPL or the LGPL are applicable instead | 32 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 33 * of those above. If you wish to allow use of your version of this file only | 33 * of those above. If you wish to allow use of your version of this file only |
| 34 * under the terms of either the GPL or the LGPL, and not to allow others to | 34 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 35 * use your version of this file under the terms of the MPL, indicate your | 35 * use your version of this file under the terms of the MPL, indicate your |
| 36 * decision by deleting the provisions above and replace them with the notice | 36 * decision by deleting the provisions above and replace them with the notice |
| 37 * and other provisions required by the GPL or the LGPL. If you do not delete | 37 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 38 * the provisions above, a recipient may use your version of this file under | 38 * the provisions above, a recipient may use your version of this file under |
| 39 * the terms of any one of the MPL, the GPL or the LGPL. | 39 * the terms of any one of the MPL, the GPL or the LGPL. |
| 40 * | 40 * |
| 41 * ***** END LICENSE BLOCK ***** */ | 41 * ***** END LICENSE BLOCK ***** */ |
| 42 /* $Id: ssl3con.c,v 1.134 2010/02/03 03:44:29 wtc%google.com Exp $ */ | 42 /* $Id: ssl3con.c,v 1.142 2010/06/24 19:53:20 wtc%google.com Exp $ */ |
| 43 | 43 |
| 44 #include "cert.h" | 44 #include "cert.h" |
| 45 #include "ssl.h" | 45 #include "ssl.h" |
| 46 #include "cryptohi.h" /* for DSAU_ stuff */ | 46 #include "cryptohi.h" /* for DSAU_ stuff */ |
| 47 #include "keyhi.h" | 47 #include "keyhi.h" |
| 48 #include "secder.h" | 48 #include "secder.h" |
| 49 #include "secitem.h" | 49 #include "secitem.h" |
| 50 | 50 |
| 51 #include "sslimpl.h" | 51 #include "sslimpl.h" |
| 52 #include "sslproto.h" | 52 #include "sslproto.h" |
| (...skipping 510 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 563 PRInt32 high; | 563 PRInt32 high; |
| 564 #else | 564 #else |
| 565 PRInt32 high; | 565 PRInt32 high; |
| 566 PRInt32 low; | 566 PRInt32 low; |
| 567 #endif | 567 #endif |
| 568 } tooLong; | 568 } tooLong; |
| 569 | 569 |
| 570 void SSL_AtomicIncrementLong(long * x) | 570 void SSL_AtomicIncrementLong(long * x) |
| 571 { | 571 { |
| 572 if ((sizeof *x) == sizeof(PRInt32)) { | 572 if ((sizeof *x) == sizeof(PRInt32)) { |
| 573 PR_AtomicIncrement((PRInt32 *)x); | 573 PR_ATOMIC_INCREMENT((PRInt32 *)x); |
| 574 } else { | 574 } else { |
| 575 tooLong * tl = (tooLong *)x; | 575 tooLong * tl = (tooLong *)x; |
| 576 » if (PR_AtomicIncrement(&tl->low) == 0) | 576 » if (PR_ATOMIC_INCREMENT(&tl->low) == 0) |
| 577 » PR_AtomicIncrement(&tl->high); | 577 » PR_ATOMIC_INCREMENT(&tl->high); |
| 578 } | 578 } |
| 579 } | 579 } |
| 580 | 580 |
| 581 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ | 581 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ |
| 582 /* XXX This does a linear search. A binary search would be better. */ | 582 /* XXX This does a linear search. A binary search would be better. */ |
| 583 const ssl3CipherSuiteDef * | 583 const ssl3CipherSuiteDef * |
| 584 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) | 584 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) |
| 585 { | 585 { |
| 586 int cipher_suite_def_len = | 586 int cipher_suite_def_len = |
| 587 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]); | 587 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]); |
| (...skipping 2019 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2607 buf->len = 0; | 2607 buf->len = 0; |
| 2608 SSL_TRC(5, ("%d: SSL3[%d] received alert, level = %d, description = %d", | 2608 SSL_TRC(5, ("%d: SSL3[%d] received alert, level = %d, description = %d", |
| 2609 SSL_GETPID(), ss->fd, level, desc)); | 2609 SSL_GETPID(), ss->fd, level, desc)); |
| 2610 | 2610 |
| 2611 switch (desc) { | 2611 switch (desc) { |
| 2612 case close_notify: ss->recvdCloseNotify = 1; | 2612 case close_notify: ss->recvdCloseNotify = 1; |
| 2613 error = SSL_ERROR_CLOSE_NOTIFY_ALERT; break; | 2613 error = SSL_ERROR_CLOSE_NOTIFY_ALERT; break; |
| 2614 case unexpected_message: error = SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT; | 2614 case unexpected_message: error = SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT; |
| 2615 break; | 2615 break; |
| 2616 case bad_record_mac: error = SSL_ERROR_BAD_MAC_ALERT; break; | 2616 case bad_record_mac: error = SSL_ERROR_BAD_MAC_ALERT; break; |
| 2617 case decryption_failed: » error = SSL_ERROR_DECRYPTION_FAILED_ALERT; | 2617 case decryption_failed_RESERVED: |
| 2618 error = SSL_ERROR_DECRYPTION_FAILED_ALERT; |
| 2618 break; | 2619 break; |
| 2619 case record_overflow: error = SSL_ERROR_RECORD_OVERFLOW_ALERT; break; | 2620 case record_overflow: error = SSL_ERROR_RECORD_OVERFLOW_ALERT; break; |
| 2620 case decompression_failure: error = SSL_ERROR_DECOMPRESSION_FAILURE_ALERT; | 2621 case decompression_failure: error = SSL_ERROR_DECOMPRESSION_FAILURE_ALERT; |
| 2621 break; | 2622 break; |
| 2622 case handshake_failure: error = SSL_ERROR_HANDSHAKE_FAILURE_ALERT; | 2623 case handshake_failure: error = SSL_ERROR_HANDSHAKE_FAILURE_ALERT; |
| 2623 break; | 2624 break; |
| 2624 case no_certificate: error = SSL_ERROR_NO_CERTIFICATE; break; | 2625 case no_certificate: error = SSL_ERROR_NO_CERTIFICATE; break; |
| 2625 case bad_certificate: error = SSL_ERROR_BAD_CERT_ALERT; break; | 2626 case bad_certificate: error = SSL_ERROR_BAD_CERT_ALERT; break; |
| 2626 case unsupported_certificate:error = SSL_ERROR_UNSUPPORTED_CERT_ALERT;break; | 2627 case unsupported_certificate:error = SSL_ERROR_UNSUPPORTED_CERT_ALERT;break; |
| 2627 case certificate_revoked: error = SSL_ERROR_REVOKED_CERT_ALERT; break; | 2628 case certificate_revoked: error = SSL_ERROR_REVOKED_CERT_ALERT; break; |
| (...skipping 1319 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3947 return rv; /* err set by ssl3_AppendHandshake* */ | 3948 return rv; /* err set by ssl3_AppendHandshake* */ |
| 3948 } | 3949 } |
| 3949 | 3950 |
| 3950 rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2); | 3951 rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2); |
| 3951 if (rv != SECSuccess) { | 3952 if (rv != SECSuccess) { |
| 3952 return rv; /* err set by ssl3_AppendHandshake* */ | 3953 return rv; /* err set by ssl3_AppendHandshake* */ |
| 3953 } | 3954 } |
| 3954 | 3955 |
| 3955 if (ss->ssl3.hs.sendingSCSV) { | 3956 if (ss->ssl3.hs.sendingSCSV) { |
| 3956 /* Add the actual SCSV */ | 3957 /* Add the actual SCSV */ |
| 3957 » rv = ssl3_AppendHandshakeNumber(ss, TLS_RENEGO_PROTECTION_REQUEST, | 3958 » rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, |
| 3958 sizeof(ssl3CipherSuite)); | 3959 sizeof(ssl3CipherSuite)); |
| 3959 if (rv != SECSuccess) { | 3960 if (rv != SECSuccess) { |
| 3960 return rv; /* err set by ssl3_AppendHandshake* */ | 3961 return rv; /* err set by ssl3_AppendHandshake* */ |
| 3961 } | 3962 } |
| 3962 actual_count++; | 3963 actual_count++; |
| 3963 } | 3964 } |
| 3964 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 3965 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| 3965 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 3966 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
| 3966 if (config_match(suite, ss->ssl3.policy, PR_TRUE)) { | 3967 if (config_match(suite, ss->ssl3.policy, PR_TRUE)) { |
| 3967 actual_count++; | 3968 actual_count++; |
| (...skipping 1336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5304 | 5305 |
| 5305 case kt_dh: { | 5306 case kt_dh: { |
| 5306 SECItem dh_p = {siBuffer, NULL, 0}; | 5307 SECItem dh_p = {siBuffer, NULL, 0}; |
| 5307 SECItem dh_g = {siBuffer, NULL, 0}; | 5308 SECItem dh_g = {siBuffer, NULL, 0}; |
| 5308 SECItem dh_Ys = {siBuffer, NULL, 0}; | 5309 SECItem dh_Ys = {siBuffer, NULL, 0}; |
| 5309 | 5310 |
| 5310 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); | 5311 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); |
| 5311 if (rv != SECSuccess) { | 5312 if (rv != SECSuccess) { |
| 5312 goto loser; /* malformed. */ | 5313 goto loser; /* malformed. */ |
| 5313 } | 5314 } |
| 5315 if (dh_p.len < 512/8) |
| 5316 goto alert_loser; |
| 5314 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length); | 5317 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length); |
| 5315 if (rv != SECSuccess) { | 5318 if (rv != SECSuccess) { |
| 5316 goto loser; /* malformed. */ | 5319 goto loser; /* malformed. */ |
| 5317 } | 5320 } |
| 5321 if (dh_g.len == 0 || dh_g.len > dh_p.len + 1 || |
| 5322 (dh_g.len == 1 && dh_g.data[0] == 0)) |
| 5323 goto alert_loser; |
| 5318 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); | 5324 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); |
| 5319 if (rv != SECSuccess) { | 5325 if (rv != SECSuccess) { |
| 5320 goto loser; /* malformed. */ | 5326 goto loser; /* malformed. */ |
| 5321 } | 5327 } |
| 5328 if (dh_Ys.len == 0 || dh_Ys.len > dh_p.len + 1 || |
| 5329 (dh_Ys.len == 1 && dh_Ys.data[0] == 0)) |
| 5330 goto alert_loser; |
| 5322 rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); | 5331 rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); |
| 5323 if (rv != SECSuccess) { | 5332 if (rv != SECSuccess) { |
| 5324 goto loser; /* malformed. */ | 5333 goto loser; /* malformed. */ |
| 5325 } | 5334 } |
| 5326 if (length != 0) { | 5335 if (length != 0) { |
| 5327 if (isTLS) | 5336 if (isTLS) |
| 5328 desc = decode_error; | 5337 desc = decode_error; |
| 5329 goto alert_loser; /* malformed. */ | 5338 goto alert_loser; /* malformed. */ |
| 5330 } | 5339 } |
| 5331 | 5340 |
| (...skipping 666 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5998 return rv; /* ssl3_InitState has set the error code. */ | 6007 return rv; /* ssl3_InitState has set the error code. */ |
| 5999 } | 6008 } |
| 6000 | 6009 |
| 6001 if ((ss->ssl3.hs.ws != wait_client_hello) && | 6010 if ((ss->ssl3.hs.ws != wait_client_hello) && |
| 6002 (ss->ssl3.hs.ws != idle_handshake)) { | 6011 (ss->ssl3.hs.ws != idle_handshake)) { |
| 6003 desc = unexpected_message; | 6012 desc = unexpected_message; |
| 6004 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; | 6013 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; |
| 6005 goto alert_loser; | 6014 goto alert_loser; |
| 6006 } | 6015 } |
| 6007 if (ss->ssl3.hs.ws == idle_handshake && | 6016 if (ss->ssl3.hs.ws == idle_handshake && |
| 6008 (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER || | 6017 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { |
| 6009 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_CLIENT_ONLY)) { | |
| 6010 desc = no_renegotiation; | 6018 desc = no_renegotiation; |
| 6011 level = alert_warning; | 6019 level = alert_warning; |
| 6012 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; | 6020 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; |
| 6013 goto alert_loser; | 6021 goto alert_loser; |
| 6014 } | 6022 } |
| 6015 | 6023 |
| 6016 tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); | 6024 tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
| 6017 if (tmp < 0) | 6025 if (tmp < 0) |
| 6018 goto loser; /* malformed, alert already sent */ | 6026 goto loser; /* malformed, alert already sent */ |
| 6019 ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp; | 6027 ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp; |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6075 goto loser; /* malformed */ | 6083 goto loser; /* malformed */ |
| 6076 } | 6084 } |
| 6077 } | 6085 } |
| 6078 if (!ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { | 6086 if (!ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { |
| 6079 /* If we didn't receive an RI extension, look for the SCSV, | 6087 /* If we didn't receive an RI extension, look for the SCSV, |
| 6080 * and if found, treat it just like an empty RI extension | 6088 * and if found, treat it just like an empty RI extension |
| 6081 * by processing a local copy of an empty RI extension. | 6089 * by processing a local copy of an empty RI extension. |
| 6082 */ | 6090 */ |
| 6083 for (i = 0; i + 1 < suites.len; i += 2) { | 6091 for (i = 0; i + 1 < suites.len; i += 2) { |
| 6084 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; | 6092 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; |
| 6085 » if (suite_i == TLS_RENEGO_PROTECTION_REQUEST) { | 6093 » if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { |
| 6086 SSL3Opaque * b2 = (SSL3Opaque *)emptyRIext; | 6094 SSL3Opaque * b2 = (SSL3Opaque *)emptyRIext; |
| 6087 PRUint32 L2 = sizeof emptyRIext; | 6095 PRUint32 L2 = sizeof emptyRIext; |
| 6088 (void)ssl3_HandleHelloExtensions(ss, &b2, &L2); | 6096 (void)ssl3_HandleHelloExtensions(ss, &b2, &L2); |
| 6089 break; | 6097 break; |
| 6090 } | 6098 } |
| 6091 } | 6099 } |
| 6092 } | 6100 } |
| 6093 if (ss->firstHsDone && | 6101 if (ss->firstHsDone && |
| 6094 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_REQUIRES_XTN && | 6102 (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_REQUIRES_XTN || |
| 6103 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_TRANSITIONAL) && |
| 6095 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { | 6104 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { |
| 6096 desc = no_renegotiation; | 6105 desc = no_renegotiation; |
| 6097 level = alert_warning; | 6106 level = alert_warning; |
| 6098 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; | 6107 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; |
| 6099 goto alert_loser; | 6108 goto alert_loser; |
| 6100 } | 6109 } |
| 6101 if ((ss->opt.requireSafeNegotiation || | 6110 if ((ss->opt.requireSafeNegotiation || |
| 6102 (ss->firstHsDone && ss->peerRequestedProtection)) && | 6111 (ss->firstHsDone && ss->peerRequestedProtection)) && |
| 6103 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { | 6112 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { |
| 6104 desc = handshake_failure; | 6113 desc = handshake_failure; |
| (...skipping 685 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6790 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 6799 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
| 6791 goto alert_loser; | 6800 goto alert_loser; |
| 6792 | 6801 |
| 6793 suite_found: | 6802 suite_found: |
| 6794 | 6803 |
| 6795 /* Look for the SCSV, and if found, treat it just like an empty RI | 6804 /* Look for the SCSV, and if found, treat it just like an empty RI |
| 6796 * extension by processing a local copy of an empty RI extension. | 6805 * extension by processing a local copy of an empty RI extension. |
| 6797 */ | 6806 */ |
| 6798 for (i = 0; i+2 < suite_length; i += 3) { | 6807 for (i = 0; i+2 < suite_length; i += 3) { |
| 6799 PRUint32 suite_i = (suites[i] << 16) | (suites[i+1] << 8) | suites[i+2]; | 6808 PRUint32 suite_i = (suites[i] << 16) | (suites[i+1] << 8) | suites[i+2]; |
| 6800 » if (suite_i == TLS_RENEGO_PROTECTION_REQUEST) { | 6809 » if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { |
| 6801 SSL3Opaque * b2 = (SSL3Opaque *)emptyRIext; | 6810 SSL3Opaque * b2 = (SSL3Opaque *)emptyRIext; |
| 6802 PRUint32 L2 = sizeof emptyRIext; | 6811 PRUint32 L2 = sizeof emptyRIext; |
| 6803 (void)ssl3_HandleHelloExtensions(ss, &b2, &L2); | 6812 (void)ssl3_HandleHelloExtensions(ss, &b2, &L2); |
| 6804 break; | 6813 break; |
| 6805 } | 6814 } |
| 6806 } | 6815 } |
| 6807 | 6816 |
| 6808 if (ss->opt.requireSafeNegotiation && | 6817 if (ss->opt.requireSafeNegotiation && |
| 6809 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { | 6818 !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) { |
| 6810 desc = handshake_failure; | 6819 desc = handshake_failure; |
| (...skipping 780 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7591 PRStatus prStatus; | 7600 PRStatus prStatus; |
| 7592 PRFileInfo info; | 7601 PRFileInfo info; |
| 7593 char cfn[100]; | 7602 char cfn[100]; |
| 7594 | 7603 |
| 7595 pCertItem->data = 0; | 7604 pCertItem->data = 0; |
| 7596 if ((testdir = PR_GetEnv("NISCC_TEST")) == NULL) { | 7605 if ((testdir = PR_GetEnv("NISCC_TEST")) == NULL) { |
| 7597 return SECSuccess; | 7606 return SECSuccess; |
| 7598 } | 7607 } |
| 7599 *pIndex = (NULL != strstr(testdir, "root")); | 7608 *pIndex = (NULL != strstr(testdir, "root")); |
| 7600 extension = (strstr(testdir, "simple") ? "" : ".der"); | 7609 extension = (strstr(testdir, "simple") ? "" : ".der"); |
| 7601 fileNum = PR_AtomicIncrement(&connNum) - 1; | 7610 fileNum = PR_ATOMIC_INCREMENT(&connNum) - 1; |
| 7602 if ((startat = PR_GetEnv("START_AT")) != NULL) { | 7611 if ((startat = PR_GetEnv("START_AT")) != NULL) { |
| 7603 fileNum += atoi(startat); | 7612 fileNum += atoi(startat); |
| 7604 } | 7613 } |
| 7605 if ((stopat = PR_GetEnv("STOP_AT")) != NULL && | 7614 if ((stopat = PR_GetEnv("STOP_AT")) != NULL && |
| 7606 fileNum >= atoi(stopat)) { | 7615 fileNum >= atoi(stopat)) { |
| 7607 *pIndex = -1; | 7616 *pIndex = -1; |
| 7608 return SECSuccess; | 7617 return SECSuccess; |
| 7609 } | 7618 } |
| 7610 sprintf(cfn, "%s/%08d%s", testdir, fileNum, extension); | 7619 sprintf(cfn, "%s/%08d%s", testdir, fileNum, extension); |
| 7611 cf = PR_Open(cfn, PR_RDONLY, 0); | 7620 cf = PR_Open(cfn, PR_RDONLY, 0); |
| (...skipping 1363 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8975 return SECFailure; | 8984 return SECFailure; |
| 8976 } | 8985 } |
| 8977 | 8986 |
| 8978 /* decrypt from cText buf to plaintext. */ | 8987 /* decrypt from cText buf to plaintext. */ |
| 8979 rv = crSpec->decode( | 8988 rv = crSpec->decode( |
| 8980 crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len, | 8989 crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len, |
| 8981 plaintext->space, cText->buf->buf, cText->buf->len); | 8990 plaintext->space, cText->buf->buf, cText->buf->len); |
| 8982 | 8991 |
| 8983 PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len)); | 8992 PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len)); |
| 8984 if (rv != SECSuccess) { | 8993 if (rv != SECSuccess) { |
| 8985 » int err = ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE); | 8994 /* All decryption failures must be treated like a bad record |
| 8986 » ssl_ReleaseSpecReadLock(ss); | 8995 * MAC; see RFC 5246 (TLS 1.2). |
| 8987 » SSL3_SendAlert(ss, alert_fatal, | 8996 */ |
| 8988 » isTLS ? decryption_failed : bad_record_mac); | 8997 padIsBad = PR_TRUE; |
| 8989 » PORT_SetError(err); | |
| 8990 » return SECFailure; | |
| 8991 } | 8998 } |
| 8992 | 8999 |
| 8993 /* If it's a block cipher, check and strip the padding. */ | 9000 /* If it's a block cipher, check and strip the padding. */ |
| 8994 if (cipher_def->type == type_block) { | 9001 if (cipher_def->type == type_block && !padIsBad) { |
| 8995 » padding_length = *(plaintext->buf + plaintext->len - 1); | 9002 PRUint8 * pPaddingLen = plaintext->buf + plaintext->len - 1; |
| 9003 » padding_length = *pPaddingLen; |
| 8996 /* TLS permits padding to exceed the block size, up to 255 bytes. */ | 9004 /* TLS permits padding to exceed the block size, up to 255 bytes. */ |
| 8997 if (padding_length + 1 + crSpec->mac_size > plaintext->len) | 9005 if (padding_length + 1 + crSpec->mac_size > plaintext->len) |
| 8998 padIsBad = PR_TRUE; | 9006 padIsBad = PR_TRUE; |
| 8999 » /* if TLS, check value of first padding byte. */ | 9007 » else { |
| 9000 » else if (padding_length && isTLS && | 9008 plaintext->len -= padding_length + 1; |
| 9001 » padding_length != *(plaintext->buf + | 9009 /* In TLS all padding bytes must be equal to the padding length. */ |
| 9002 » plaintext->len - (padding_length + 1))) | 9010 if (isTLS) { |
| 9003 » padIsBad = PR_TRUE; | 9011 PRUint8 *p; |
| 9004 » else | 9012 for (p = pPaddingLen - padding_length; p < pPaddingLen; ++p) { |
| 9005 » plaintext->len -= padding_length + 1; | 9013 padIsBad |= *p ^ padding_length; |
| 9014 } |
| 9015 } |
| 9016 } |
| 9006 } | 9017 } |
| 9007 | 9018 |
| 9008 /* Remove the MAC. */ | 9019 /* Remove the MAC. */ |
| 9009 if (plaintext->len >= crSpec->mac_size) | 9020 if (plaintext->len >= crSpec->mac_size) |
| 9010 plaintext->len -= crSpec->mac_size; | 9021 plaintext->len -= crSpec->mac_size; |
| 9011 else | 9022 else |
| 9012 padIsBad = PR_TRUE; /* really macIsBad */ | 9023 padIsBad = PR_TRUE; /* really macIsBad */ |
| 9013 | 9024 |
| 9014 /* compute the MAC */ | 9025 /* compute the MAC */ |
| 9015 rType = cText->type; | 9026 rType = cText->type; |
| 9016 rv = ssl3_ComputeRecordMAC( crSpec, (PRBool)(!ss->sec.isServer), | 9027 rv = ssl3_ComputeRecordMAC( crSpec, (PRBool)(!ss->sec.isServer), |
| 9017 rType, cText->version, crSpec->read_seq_num, | 9028 rType, cText->version, crSpec->read_seq_num, |
| 9018 plaintext->buf, plaintext->len, hash, &hashBytes); | 9029 plaintext->buf, plaintext->len, hash, &hashBytes); |
| 9019 if (rv != SECSuccess) { | 9030 if (rv != SECSuccess) { |
| 9020 » int err = ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); | 9031 padIsBad = PR_TRUE; /* really macIsBad */ |
| 9021 » ssl_ReleaseSpecReadLock(ss); | |
| 9022 » SSL3_SendAlert(ss, alert_fatal, bad_record_mac); | |
| 9023 » PORT_SetError(err); | |
| 9024 » return rv; | |
| 9025 } | 9032 } |
| 9026 | 9033 |
| 9027 /* Check the MAC */ | 9034 /* Check the MAC */ |
| 9028 if (hashBytes != (unsigned)crSpec->mac_size || padIsBad || | 9035 if (hashBytes != (unsigned)crSpec->mac_size || padIsBad || |
| 9029 NSS_SecureMemcmp(plaintext->buf + plaintext->len, hash, | 9036 NSS_SecureMemcmp(plaintext->buf + plaintext->len, hash, |
| 9030 crSpec->mac_size) != 0) { | 9037 crSpec->mac_size) != 0) { |
| 9031 /* must not hold spec lock when calling SSL3_SendAlert. */ | 9038 /* must not hold spec lock when calling SSL3_SendAlert. */ |
| 9032 ssl_ReleaseSpecReadLock(ss); | 9039 ssl_ReleaseSpecReadLock(ss); |
| 9033 SSL3_SendAlert(ss, alert_fatal, bad_record_mac); | 9040 SSL3_SendAlert(ss, alert_fatal, bad_record_mac); |
| 9034 /* always log mac error, in case attacker can read server logs. */ | 9041 /* always log mac error, in case attacker can read server logs. */ |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9113 if (isTLS && databuf->len > (MAX_FRAGMENT_LENGTH + 1024)) { | 9120 if (isTLS && databuf->len > (MAX_FRAGMENT_LENGTH + 1024)) { |
| 9114 SSL3_SendAlert(ss, alert_fatal, record_overflow); | 9121 SSL3_SendAlert(ss, alert_fatal, record_overflow); |
| 9115 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); | 9122 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); |
| 9116 return SECFailure; | 9123 return SECFailure; |
| 9117 } | 9124 } |
| 9118 | 9125 |
| 9119 /* Application data records are processed by the caller of this | 9126 /* Application data records are processed by the caller of this |
| 9120 ** function, not by this function. | 9127 ** function, not by this function. |
| 9121 */ | 9128 */ |
| 9122 if (rType == content_application_data) { | 9129 if (rType == content_application_data) { |
| 9123 » return SECSuccess; | 9130 » if (ss->firstHsDone) |
| 9131 » return SECSuccess; |
| 9132 » (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); |
| 9133 » PORT_SetError(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA); |
| 9134 » return SECFailure; |
| 9124 } | 9135 } |
| 9125 | 9136 |
| 9126 /* It's a record that must be handled by ssl itself, not the application. | 9137 /* It's a record that must be handled by ssl itself, not the application. |
| 9127 */ | 9138 */ |
| 9128 process_it: | 9139 process_it: |
| 9129 /* XXX Get the xmit lock here. Odds are very high that we'll be xmiting | 9140 /* XXX Get the xmit lock here. Odds are very high that we'll be xmiting |
| 9130 * data ang getting the xmit lock here prevents deadlocks. | 9141 * data ang getting the xmit lock here prevents deadlocks. |
| 9131 */ | 9142 */ |
| 9132 ssl_GetSSL3HandshakeLock(ss); | 9143 ssl_GetSSL3HandshakeLock(ss); |
| 9133 | 9144 |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9272 return NULL; /* error code is set. */ | 9283 return NULL; /* error code is set. */ |
| 9273 pair->refCount = 1; | 9284 pair->refCount = 1; |
| 9274 pair->privKey = privKey; | 9285 pair->privKey = privKey; |
| 9275 pair->pubKey = pubKey; | 9286 pair->pubKey = pubKey; |
| 9276 return pair; /* success */ | 9287 return pair; /* success */ |
| 9277 } | 9288 } |
| 9278 | 9289 |
| 9279 ssl3KeyPair * | 9290 ssl3KeyPair * |
| 9280 ssl3_GetKeyPairRef(ssl3KeyPair * keyPair) | 9291 ssl3_GetKeyPairRef(ssl3KeyPair * keyPair) |
| 9281 { | 9292 { |
| 9282 PR_AtomicIncrement(&keyPair->refCount); | 9293 PR_ATOMIC_INCREMENT(&keyPair->refCount); |
| 9283 return keyPair; | 9294 return keyPair; |
| 9284 } | 9295 } |
| 9285 | 9296 |
| 9286 void | 9297 void |
| 9287 ssl3_FreeKeyPair(ssl3KeyPair * keyPair) | 9298 ssl3_FreeKeyPair(ssl3KeyPair * keyPair) |
| 9288 { | 9299 { |
| 9289 PRInt32 newCount = PR_AtomicDecrement(&keyPair->refCount); | 9300 PRInt32 newCount = PR_ATOMIC_DECREMENT(&keyPair->refCount); |
| 9290 if (!newCount) { | 9301 if (!newCount) { |
| 9291 if (keyPair->privKey) | 9302 if (keyPair->privKey) |
| 9292 SECKEY_DestroyPrivateKey(keyPair->privKey); | 9303 SECKEY_DestroyPrivateKey(keyPair->privKey); |
| 9293 if (keyPair->pubKey) | 9304 if (keyPair->pubKey) |
| 9294 SECKEY_DestroyPublicKey( keyPair->pubKey); | 9305 SECKEY_DestroyPublicKey( keyPair->pubKey); |
| 9295 PORT_Free(keyPair); | 9306 PORT_Free(keyPair); |
| 9296 } | 9307 } |
| 9297 } | 9308 } |
| 9298 | 9309 |
| 9299 | 9310 |
| (...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9495 | 9506 |
| 9496 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 9507 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
| 9497 | 9508 |
| 9498 if (!ss->firstHsDone || | 9509 if (!ss->firstHsDone || |
| 9499 ((ss->version >= SSL_LIBRARY_VERSION_3_0) && | 9510 ((ss->version >= SSL_LIBRARY_VERSION_3_0) && |
| 9500 ss->ssl3.initialized && | 9511 ss->ssl3.initialized && |
| 9501 (ss->ssl3.hs.ws != idle_handshake))) { | 9512 (ss->ssl3.hs.ws != idle_handshake))) { |
| 9502 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); | 9513 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); |
| 9503 return SECFailure; | 9514 return SECFailure; |
| 9504 } | 9515 } |
| 9505 if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER || | 9516 if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { |
| 9506 (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_CLIENT_ONLY && | |
| 9507 ss->sec.isServer)) { | |
| 9508 PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); | 9517 PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); |
| 9509 return SECFailure; | 9518 return SECFailure; |
| 9510 } | 9519 } |
| 9511 if (sid && flushCache) { | 9520 if (sid && flushCache) { |
| 9512 ss->sec.uncache(sid); /* remove it from whichever cache it's in. */ | 9521 ss->sec.uncache(sid); /* remove it from whichever cache it's in. */ |
| 9513 ssl_FreeSID(sid); /* dec ref count and free if zero. */ | 9522 ssl_FreeSID(sid); /* dec ref count and free if zero. */ |
| 9514 ss->sec.ci.sid = NULL; | 9523 ss->sec.ci.sid = NULL; |
| 9515 } | 9524 } |
| 9516 | 9525 |
| 9517 ssl_GetXmitBufLock(ss); /**************************************/ | 9526 ssl_GetXmitBufLock(ss); /**************************************/ |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9570 | 9579 |
| 9571 ss->ssl3.initialized = PR_FALSE; | 9580 ss->ssl3.initialized = PR_FALSE; |
| 9572 | 9581 |
| 9573 if (ss->ssl3.nextProto.data) { | 9582 if (ss->ssl3.nextProto.data) { |
| 9574 PORT_Free(ss->ssl3.nextProto.data); | 9583 PORT_Free(ss->ssl3.nextProto.data); |
| 9575 ss->ssl3.nextProto.data = NULL; | 9584 ss->ssl3.nextProto.data = NULL; |
| 9576 } | 9585 } |
| 9577 } | 9586 } |
| 9578 | 9587 |
| 9579 /* End of ssl3con.c */ | 9588 /* End of ssl3con.c */ |
| OLD | NEW |