OLD | NEW |
1 /* | 1 /* |
2 * SSL3 Protocol | 2 * SSL3 Protocol |
3 * | 3 * |
4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
6 * | 6 * |
7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
78 static void ssl3_CleanupPeerCerts(sslSocket *ss); | 78 static void ssl3_CleanupPeerCerts(sslSocket *ss); |
79 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, | 79 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, |
80 PK11SlotInfo * serverKeySlot); | 80 PK11SlotInfo * serverKeySlot); |
81 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); | 81 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); |
82 static SECStatus ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss); | 82 static SECStatus ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss); |
83 static SECStatus ssl3_HandshakeFailure( sslSocket *ss); | 83 static SECStatus ssl3_HandshakeFailure( sslSocket *ss); |
84 static SECStatus ssl3_InitState( sslSocket *ss); | 84 static SECStatus ssl3_InitState( sslSocket *ss); |
85 static SECStatus ssl3_SendCertificate( sslSocket *ss); | 85 static SECStatus ssl3_SendCertificate( sslSocket *ss); |
86 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); | 86 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); |
87 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); | 87 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); |
| 88 static SECStatus ssl3_SendNextProto( sslSocket *ss); |
88 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); | 89 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); |
89 static SECStatus ssl3_SendServerHello( sslSocket *ss); | 90 static SECStatus ssl3_SendServerHello( sslSocket *ss); |
90 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); | 91 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); |
91 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); | 92 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); |
92 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss); | 93 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss); |
93 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, unsigned char *b, | 94 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, unsigned char *b, |
94 unsigned int l); | 95 unsigned int l); |
95 | 96 |
96 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, | 97 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, |
97 int maxOutputLen, const unsigned char *input, | 98 int maxOutputLen, const unsigned char *input, |
(...skipping 5514 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5612 if (send_verify) { | 5613 if (send_verify) { |
5613 rv = ssl3_SendCertificateVerify(ss); | 5614 rv = ssl3_SendCertificateVerify(ss); |
5614 if (rv != SECSuccess) { | 5615 if (rv != SECSuccess) { |
5615 goto loser; /* err is set. */ | 5616 goto loser; /* err is set. */ |
5616 } | 5617 } |
5617 } | 5618 } |
5618 rv = ssl3_SendChangeCipherSpecs(ss); | 5619 rv = ssl3_SendChangeCipherSpecs(ss); |
5619 if (rv != SECSuccess) { | 5620 if (rv != SECSuccess) { |
5620 goto loser; /* err code was set. */ | 5621 goto loser; /* err code was set. */ |
5621 } | 5622 } |
| 5623 |
| 5624 rv = ssl3_SendNextProto(ss); |
| 5625 if (rv != SECSuccess) { |
| 5626 goto loser; /* err code was set. */ |
| 5627 } |
| 5628 |
5622 rv = ssl3_SendFinished(ss, 0); | 5629 rv = ssl3_SendFinished(ss, 0); |
5623 if (rv != SECSuccess) { | 5630 if (rv != SECSuccess) { |
5624 goto loser; /* err code was set. */ | 5631 goto loser; /* err code was set. */ |
5625 } | 5632 } |
5626 | 5633 |
5627 ssl_ReleaseXmitBufLock(ss); /*******************************/ | 5634 ssl_ReleaseXmitBufLock(ss); /*******************************/ |
5628 | 5635 |
5629 if (ssl3_ExtensionNegotiated(ss, session_ticket_xtn)) | 5636 if (ssl3_ExtensionNegotiated(ss, session_ticket_xtn)) |
5630 ss->ssl3.hs.ws = wait_new_session_ticket; | 5637 ss->ssl3.hs.ws = wait_new_session_ticket; |
5631 else | 5638 else |
(...skipping 2158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7790 outData.data = tlsFinished->verify_data; | 7797 outData.data = tlsFinished->verify_data; |
7791 outData.len = sizeof tlsFinished->verify_data; | 7798 outData.len = sizeof tlsFinished->verify_data; |
7792 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); | 7799 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); |
7793 PORT_Assert(rv != SECSuccess || \ | 7800 PORT_Assert(rv != SECSuccess || \ |
7794 outData.len == sizeof tlsFinished->verify_data); | 7801 outData.len == sizeof tlsFinished->verify_data); |
7795 } | 7802 } |
7796 return rv; | 7803 return rv; |
7797 } | 7804 } |
7798 | 7805 |
7799 /* called from ssl3_HandleServerHelloDone | 7806 /* called from ssl3_HandleServerHelloDone |
| 7807 */ |
| 7808 static SECStatus |
| 7809 ssl3_SendNextProto(sslSocket *ss) |
| 7810 { |
| 7811 SECStatus rv; |
| 7812 int padding_len; |
| 7813 static const unsigned char padding[32] = {0}; |
| 7814 |
| 7815 if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NO_SUPPORT) |
| 7816 return SECSuccess; |
| 7817 |
| 7818 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
| 7819 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
| 7820 |
| 7821 padding_len = 32 - ((ss->ssl3.nextProto.len + 2) % 32); |
| 7822 |
| 7823 rv = ssl3_AppendHandshakeHeader(ss, next_proto, ss->ssl3.nextProto.len + |
| 7824 2 + padding_len); |
| 7825 if (rv != SECSuccess) { |
| 7826 return rv; /* error code set by AppendHandshakeHeader */ |
| 7827 } |
| 7828 rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.nextProto.data, |
| 7829 ss->ssl3.nextProto.len, 1); |
| 7830 if (rv != SECSuccess) { |
| 7831 return rv; /* error code set by AppendHandshake */ |
| 7832 } |
| 7833 rv = ssl3_AppendHandshakeVariable(ss, padding, padding_len, 1); |
| 7834 if (rv != SECSuccess) { |
| 7835 return rv; /* error code set by AppendHandshake */ |
| 7836 } |
| 7837 return rv; |
| 7838 } |
| 7839 |
| 7840 /* called from ssl3_HandleServerHelloDone |
7800 * ssl3_HandleClientHello | 7841 * ssl3_HandleClientHello |
7801 * ssl3_HandleFinished | 7842 * ssl3_HandleFinished |
7802 */ | 7843 */ |
7803 static SECStatus | 7844 static SECStatus |
7804 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) | 7845 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) |
7805 { | 7846 { |
7806 ssl3CipherSpec *cwSpec; | 7847 ssl3CipherSpec *cwSpec; |
7807 PRBool isTLS; | 7848 PRBool isTLS; |
7808 PRBool isServer = ss->sec.isServer; | 7849 PRBool isServer = ss->sec.isServer; |
7809 SECStatus rv; | 7850 SECStatus rv; |
(...skipping 1255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9065 } | 9106 } |
9066 | 9107 |
9067 /* free the SSL3Buffer (msg_body) */ | 9108 /* free the SSL3Buffer (msg_body) */ |
9068 PORT_Free(ss->ssl3.hs.msg_body.buf); | 9109 PORT_Free(ss->ssl3.hs.msg_body.buf); |
9069 | 9110 |
9070 /* free up the CipherSpecs */ | 9111 /* free up the CipherSpecs */ |
9071 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0]); | 9112 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0]); |
9072 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1]); | 9113 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1]); |
9073 | 9114 |
9074 ss->ssl3.initialized = PR_FALSE; | 9115 ss->ssl3.initialized = PR_FALSE; |
| 9116 |
| 9117 if (ss->ssl3.nextProto.data) { |
| 9118 PORT_Free(ss->ssl3.nextProto.data); |
| 9119 ss->ssl3.nextProto.data = NULL; |
| 9120 } |
9075 } | 9121 } |
9076 | 9122 |
9077 /* End of ssl3con.c */ | 9123 /* End of ssl3con.c */ |
OLD | NEW |