| OLD | NEW |
| 1 /* | 1 /* |
| 2 * SSL3 Protocol | 2 * SSL3 Protocol |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 65 #ifdef NSS_ENABLE_ZLIB | 65 #ifdef NSS_ENABLE_ZLIB |
| 66 #include "zlib.h" | 66 #include "zlib.h" |
| 67 #endif | 67 #endif |
| 68 | 68 |
| 69 #ifndef PK11_SETATTRS | 69 #ifndef PK11_SETATTRS |
| 70 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ | 70 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ |
| 71 (x)->pValue=(v); (x)->ulValueLen = (l); | 71 (x)->pValue=(v); (x)->ulValueLen = (l); |
| 72 #endif | 72 #endif |
| 73 | 73 |
| 74 static void ssl3_CleanupPeerCerts(sslSocket *ss); | 74 static void ssl3_CleanupPeerCerts(sslSocket *ss); |
| 75 static void ssl3_CopyPeerCertsToSID(ssl3CertNode *certs, | 75 static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid); |
| 76 sslSessionID *sid); | |
| 77 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, | 76 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, |
| 78 PK11SlotInfo * serverKeySlot); | 77 PK11SlotInfo * serverKeySlot); |
| 79 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); | 78 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); |
| 80 static SECStatus ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss); | 79 static SECStatus ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss); |
| 81 static SECStatus ssl3_HandshakeFailure( sslSocket *ss); | 80 static SECStatus ssl3_HandshakeFailure( sslSocket *ss); |
| 82 static SECStatus ssl3_InitState( sslSocket *ss); | 81 static SECStatus ssl3_InitState( sslSocket *ss); |
| 83 static SECStatus ssl3_SendCertificate( sslSocket *ss); | 82 static SECStatus ssl3_SendCertificate( sslSocket *ss); |
| 84 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); | 83 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); |
| 85 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); | 84 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); |
| 85 static SECStatus ssl3_SendNextProto( sslSocket *ss); |
| 86 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); |
| 86 static SECStatus ssl3_SendServerHello( sslSocket *ss); | 87 static SECStatus ssl3_SendServerHello( sslSocket *ss); |
| 87 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); | 88 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); |
| 88 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); | 89 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); |
| 89 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss); | 90 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss); |
| 91 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, unsigned char *b, |
| 92 unsigned int l); |
| 90 | 93 |
| 91 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, | 94 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, |
| 92 int maxOutputLen, const unsigned char *input, | 95 int maxOutputLen, const unsigned char *input, |
| 93 int inputLen); | 96 int inputLen); |
| 94 | 97 |
| 95 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ | 98 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ |
| 96 #define MIN_SEND_BUF_LENGTH 4000 | 99 #define MIN_SEND_BUF_LENGTH 4000 |
| 97 | 100 |
| 98 #define MAX_CIPHER_SUITES 20 | 101 #define MAX_CIPHER_SUITES 20 |
| 99 | 102 |
| (...skipping 473 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 573 PR_ATOMIC_INCREMENT((PRInt32 *)x); | 576 PR_ATOMIC_INCREMENT((PRInt32 *)x); |
| 574 } else { | 577 } else { |
| 575 tooLong * tl = (tooLong *)x; | 578 tooLong * tl = (tooLong *)x; |
| 576 if (PR_ATOMIC_INCREMENT(&tl->low) == 0) | 579 if (PR_ATOMIC_INCREMENT(&tl->low) == 0) |
| 577 PR_ATOMIC_INCREMENT(&tl->high); | 580 PR_ATOMIC_INCREMENT(&tl->high); |
| 578 } | 581 } |
| 579 } | 582 } |
| 580 | 583 |
| 581 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ | 584 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ |
| 582 /* XXX This does a linear search. A binary search would be better. */ | 585 /* XXX This does a linear search. A binary search would be better. */ |
| 583 const ssl3CipherSuiteDef * | 586 static const ssl3CipherSuiteDef * |
| 584 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) | 587 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) |
| 585 { | 588 { |
| 586 int cipher_suite_def_len = | 589 int cipher_suite_def_len = |
| 587 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]); | 590 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]); |
| 588 int i; | 591 int i; |
| 589 | 592 |
| 590 for (i = 0; i < cipher_suite_def_len; i++) { | 593 for (i = 0; i < cipher_suite_def_len; i++) { |
| 591 if (cipher_suite_defs[i].cipher_suite == suite) | 594 if (cipher_suite_defs[i].cipher_suite == suite) |
| 592 return &cipher_suite_defs[i]; | 595 return &cipher_suite_defs[i]; |
| 593 } | 596 } |
| (...skipping 565 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1159 PK11_DestroyContext(mat->write_mac_context, PR_TRUE); | 1162 PK11_DestroyContext(mat->write_mac_context, PR_TRUE); |
| 1160 mat->write_mac_context = NULL; | 1163 mat->write_mac_context = NULL; |
| 1161 } | 1164 } |
| 1162 } | 1165 } |
| 1163 | 1166 |
| 1164 /* Called from ssl3_SendChangeCipherSpecs() and | 1167 /* Called from ssl3_SendChangeCipherSpecs() and |
| 1165 ** ssl3_HandleChangeCipherSpecs() | 1168 ** ssl3_HandleChangeCipherSpecs() |
| 1166 ** ssl3_DestroySSL3Info | 1169 ** ssl3_DestroySSL3Info |
| 1167 ** Caller must hold SpecWriteLock. | 1170 ** Caller must hold SpecWriteLock. |
| 1168 */ | 1171 */ |
| 1169 void | 1172 static void |
| 1170 ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName) | 1173 ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName) |
| 1171 { | 1174 { |
| 1172 PRBool freeit = (PRBool)(!spec->bypassCiphers); | 1175 PRBool freeit = (PRBool)(!spec->bypassCiphers); |
| 1173 /* PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! *
/ | 1176 /* PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! *
/ |
| 1174 if (spec->destroy) { | 1177 if (spec->destroy) { |
| 1175 spec->destroy(spec->encodeContext, freeit); | 1178 spec->destroy(spec->encodeContext, freeit); |
| 1176 spec->destroy(spec->decodeContext, freeit); | 1179 spec->destroy(spec->decodeContext, freeit); |
| 1177 spec->encodeContext = NULL; /* paranoia */ | 1180 spec->encodeContext = NULL; /* paranoia */ |
| 1178 spec->decodeContext = NULL; | 1181 spec->decodeContext = NULL; |
| 1179 } | 1182 } |
| (...skipping 21 matching lines...) Expand all Loading... |
| 1201 spec->destroyCompressContext = NULL; | 1204 spec->destroyCompressContext = NULL; |
| 1202 spec->destroyDecompressContext = NULL; | 1205 spec->destroyDecompressContext = NULL; |
| 1203 } | 1206 } |
| 1204 | 1207 |
| 1205 /* Fill in the pending cipher spec with info from the selected ciphersuite. | 1208 /* Fill in the pending cipher spec with info from the selected ciphersuite. |
| 1206 ** This is as much initialization as we can do without having key material. | 1209 ** This is as much initialization as we can do without having key material. |
| 1207 ** Called from ssl3_HandleServerHello(), ssl3_SendServerHello() | 1210 ** Called from ssl3_HandleServerHello(), ssl3_SendServerHello() |
| 1208 ** Caller must hold the ssl3 handshake lock. | 1211 ** Caller must hold the ssl3 handshake lock. |
| 1209 ** Acquires & releases SpecWriteLock. | 1212 ** Acquires & releases SpecWriteLock. |
| 1210 */ | 1213 */ |
| 1211 SECStatus | 1214 static SECStatus |
| 1212 ssl3_SetupPendingCipherSpec(sslSocket *ss) | 1215 ssl3_SetupPendingCipherSpec(sslSocket *ss) |
| 1213 { | 1216 { |
| 1214 ssl3CipherSpec * pwSpec; | 1217 ssl3CipherSpec * pwSpec; |
| 1215 ssl3CipherSpec * cwSpec; | 1218 ssl3CipherSpec * cwSpec; |
| 1216 ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite; | 1219 ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite; |
| 1217 SSL3MACAlgorithm mac; | 1220 SSL3MACAlgorithm mac; |
| 1218 SSL3BulkCipher cipher; | 1221 SSL3BulkCipher cipher; |
| 1219 SSL3KeyExchangeAlgorithm kea; | 1222 SSL3KeyExchangeAlgorithm kea; |
| 1220 const ssl3CipherSuiteDef *suite_def; | 1223 const ssl3CipherSuiteDef *suite_def; |
| 1221 PRBool isTLS; | 1224 PRBool isTLS; |
| (...skipping 811 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2033 (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) { | 2036 (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) { |
| 2034 isPresent = PR_FALSE; | 2037 isPresent = PR_FALSE; |
| 2035 } | 2038 } |
| 2036 if (slot) { | 2039 if (slot) { |
| 2037 PK11_FreeSlot(slot); | 2040 PK11_FreeSlot(slot); |
| 2038 } | 2041 } |
| 2039 return isPresent; | 2042 return isPresent; |
| 2040 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 2043 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 2041 } | 2044 } |
| 2042 | 2045 |
| 2043 SECStatus | 2046 static SECStatus |
| 2044 ssl3_CompressMACEncryptRecord(sslSocket * ss, | 2047 ssl3_CompressMACEncryptRecord(sslSocket * ss, |
| 2045 SSL3ContentType type, | 2048 SSL3ContentType type, |
| 2046 const SSL3Opaque * pIn, | 2049 const SSL3Opaque * pIn, |
| 2047 PRUint32 contentLen) | 2050 PRUint32 contentLen) |
| 2048 { | 2051 { |
| 2049 ssl3CipherSpec * cwSpec; | 2052 ssl3CipherSpec * cwSpec; |
| 2050 const ssl3BulkCipherDef * cipher_def; | 2053 const ssl3BulkCipherDef * cipher_def; |
| 2051 sslBuffer * wrBuf = &ss->sec.writeBuf; | 2054 sslBuffer * wrBuf = &ss->sec.writeBuf; |
| 2052 SECStatus rv; | 2055 SECStatus rv; |
| 2053 PRUint32 macLen = 0; | 2056 PRUint32 macLen = 0; |
| (...skipping 1041 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3095 PK11_FreeSymKey(symKey); | 3098 PK11_FreeSymKey(symKey); |
| 3096 return SECSuccess; | 3099 return SECSuccess; |
| 3097 | 3100 |
| 3098 | 3101 |
| 3099 loser: | 3102 loser: |
| 3100 if (symKey) PK11_FreeSymKey(symKey); | 3103 if (symKey) PK11_FreeSymKey(symKey); |
| 3101 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); | 3104 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); |
| 3102 return SECFailure; | 3105 return SECFailure; |
| 3103 } | 3106 } |
| 3104 | 3107 |
| 3105 SECStatus | 3108 static SECStatus |
| 3106 ssl3_RestartHandshakeHashes(sslSocket *ss) | 3109 ssl3_RestartHandshakeHashes(sslSocket *ss) |
| 3107 { | 3110 { |
| 3108 SECStatus rv = SECSuccess; | 3111 SECStatus rv = SECSuccess; |
| 3109 | 3112 |
| 3110 if (ss->opt.bypassPKCS11) { | 3113 if (ss->opt.bypassPKCS11) { |
| 3111 ss->ssl3.hs.messages.len = 0; | 3114 ss->ssl3.hs.messages.len = 0; |
| 3112 MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); | 3115 MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); |
| 3113 SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); | 3116 SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); |
| 3114 } else { | 3117 } else { |
| 3115 rv = PK11_DigestBegin(ss->ssl3.hs.md5); | 3118 rv = PK11_DigestBegin(ss->ssl3.hs.md5); |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3173 | 3176 |
| 3174 /* | 3177 /* |
| 3175 * Handshake messages | 3178 * Handshake messages |
| 3176 */ | 3179 */ |
| 3177 /* Called from ssl3_AppendHandshake() | 3180 /* Called from ssl3_AppendHandshake() |
| 3178 ** ssl3_StartHandshakeHash() | 3181 ** ssl3_StartHandshakeHash() |
| 3179 ** ssl3_HandleV2ClientHello() | 3182 ** ssl3_HandleV2ClientHello() |
| 3180 ** ssl3_HandleHandshakeMessage() | 3183 ** ssl3_HandleHandshakeMessage() |
| 3181 ** Caller must hold the ssl3Handshake lock. | 3184 ** Caller must hold the ssl3Handshake lock. |
| 3182 */ | 3185 */ |
| 3183 SECStatus | 3186 static SECStatus |
| 3184 ssl3_UpdateHandshakeHashes(sslSocket *ss, unsigned char *b, unsigned int l) | 3187 ssl3_UpdateHandshakeHashes(sslSocket *ss, unsigned char *b, unsigned int l) |
| 3185 { | 3188 { |
| 3186 SECStatus rv = SECSuccess; | 3189 SECStatus rv = SECSuccess; |
| 3187 | 3190 |
| 3188 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 3191 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
| 3189 | 3192 |
| 3190 PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l)); | 3193 PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l)); |
| 3191 | 3194 |
| 3192 if (ss->opt.bypassPKCS11) { | 3195 if (ss->opt.bypassPKCS11) { |
| 3193 MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); | 3196 MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); |
| (...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3432 | 3435 |
| 3433 /* Extract the hashes of handshake messages to this point. | 3436 /* Extract the hashes of handshake messages to this point. |
| 3434 * Called from ssl3_SendCertificateVerify | 3437 * Called from ssl3_SendCertificateVerify |
| 3435 * ssl3_SendFinished | 3438 * ssl3_SendFinished |
| 3436 * ssl3_HandleHandshakeMessage | 3439 * ssl3_HandleHandshakeMessage |
| 3437 * | 3440 * |
| 3438 * Caller must hold the SSL3HandshakeLock. | 3441 * Caller must hold the SSL3HandshakeLock. |
| 3439 * Caller must hold a read or write lock on the Spec R/W lock. | 3442 * Caller must hold a read or write lock on the Spec R/W lock. |
| 3440 * (There is presently no way to assert on a Read lock.) | 3443 * (There is presently no way to assert on a Read lock.) |
| 3441 */ | 3444 */ |
| 3442 SECStatus | 3445 static SECStatus |
| 3443 ssl3_ComputeHandshakeHashes(sslSocket * ss, | 3446 ssl3_ComputeHandshakeHashes(sslSocket * ss, |
| 3444 ssl3CipherSpec *spec, /* uses ->master_secret */ | 3447 ssl3CipherSpec *spec, /* uses ->master_secret */ |
| 3445 SSL3Hashes * hashes, /* output goes here. */ | 3448 SSL3Hashes * hashes, /* output goes here. */ |
| 3446 PRUint32 sender) | 3449 PRUint32 sender) |
| 3447 { | 3450 { |
| 3448 SECStatus rv = SECSuccess; | 3451 SECStatus rv = SECSuccess; |
| 3449 PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); | 3452 PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); |
| 3450 unsigned int outLength; | 3453 unsigned int outLength; |
| 3451 SSL3Opaque md5_inner[MAX_MAC_LENGTH]; | 3454 SSL3Opaque md5_inner[MAX_MAC_LENGTH]; |
| 3452 SSL3Opaque sha_inner[MAX_MAC_LENGTH]; | 3455 SSL3Opaque sha_inner[MAX_MAC_LENGTH]; |
| (...skipping 577 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4030 TLSExtensionData *xtnData = &ss->xtnData; | 4033 TLSExtensionData *xtnData = &ss->xtnData; |
| 4031 xtnData->advertised[xtnData->numAdvertised++] = | 4034 xtnData->advertised[xtnData->numAdvertised++] = |
| 4032 ssl_renegotiation_info_xtn; | 4035 ssl_renegotiation_info_xtn; |
| 4033 } | 4036 } |
| 4034 | 4037 |
| 4035 rv = ssl3_FlushHandshake(ss, 0); | 4038 rv = ssl3_FlushHandshake(ss, 0); |
| 4036 if (rv != SECSuccess) { | 4039 if (rv != SECSuccess) { |
| 4037 return rv; /* error code set by ssl3_FlushHandshake */ | 4040 return rv; /* error code set by ssl3_FlushHandshake */ |
| 4038 } | 4041 } |
| 4039 | 4042 |
| 4040 switch (ss->ssl3.hs.snapStartType) { | 4043 ss->ssl3.hs.ws = wait_server_hello; |
| 4041 case snap_start_full: | |
| 4042 » ss->ssl3.hs.ws = wait_new_session_ticket; | |
| 4043 » break; | |
| 4044 case snap_start_resume: | |
| 4045 » ss->ssl3.hs.ws = wait_change_cipher; | |
| 4046 » break; | |
| 4047 default: | |
| 4048 » ss->ssl3.hs.ws = wait_server_hello; | |
| 4049 » break; | |
| 4050 } | |
| 4051 | |
| 4052 return rv; | 4044 return rv; |
| 4053 } | 4045 } |
| 4054 | 4046 |
| 4055 | 4047 |
| 4056 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | 4048 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
| 4057 * ssl3 Hello Request. | 4049 * ssl3 Hello Request. |
| 4058 * Caller must hold Handshake and RecvBuf locks. | 4050 * Caller must hold Handshake and RecvBuf locks. |
| 4059 */ | 4051 */ |
| 4060 static SECStatus | 4052 static SECStatus |
| 4061 ssl3_HandleHelloRequest(sslSocket *ss) | 4053 ssl3_HandleHelloRequest(sslSocket *ss) |
| (...skipping 670 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4732 if(privKey) SECKEY_DestroyPrivateKey(privKey); | 4724 if(privKey) SECKEY_DestroyPrivateKey(privKey); |
| 4733 if(pubKey) SECKEY_DestroyPublicKey(pubKey); | 4725 if(pubKey) SECKEY_DestroyPublicKey(pubKey); |
| 4734 return rv; | 4726 return rv; |
| 4735 } | 4727 } |
| 4736 | 4728 |
| 4737 | 4729 |
| 4738 | 4730 |
| 4739 | 4731 |
| 4740 | 4732 |
| 4741 /* Called from ssl3_HandleServerHelloDone(). */ | 4733 /* Called from ssl3_HandleServerHelloDone(). */ |
| 4742 SECStatus | 4734 static SECStatus |
| 4743 ssl3_SendClientKeyExchange(sslSocket *ss) | 4735 ssl3_SendClientKeyExchange(sslSocket *ss) |
| 4744 { | 4736 { |
| 4745 SECKEYPublicKey * serverKey = NULL; | 4737 SECKEYPublicKey * serverKey = NULL; |
| 4746 SECStatus rv = SECFailure; | 4738 SECStatus rv = SECFailure; |
| 4747 PRBool isTLS; | 4739 PRBool isTLS; |
| 4748 | 4740 |
| 4749 SSL_TRC(3, ("%d: SSL3[%d]: send client_key_exchange handshake", | 4741 SSL_TRC(3, ("%d: SSL3[%d]: send client_key_exchange handshake", |
| 4750 SSL_GETPID(), ss->fd)); | 4742 SSL_GETPID(), ss->fd)); |
| 4751 | 4743 |
| 4752 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | 4744 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4872 if (rv != SECSuccess) { | 4864 if (rv != SECSuccess) { |
| 4873 goto done; /* error code set by AppendHandshake */ | 4865 goto done; /* error code set by AppendHandshake */ |
| 4874 } | 4866 } |
| 4875 | 4867 |
| 4876 done: | 4868 done: |
| 4877 if (buf.data) | 4869 if (buf.data) |
| 4878 PORT_Free(buf.data); | 4870 PORT_Free(buf.data); |
| 4879 return rv; | 4871 return rv; |
| 4880 } | 4872 } |
| 4881 | 4873 |
| 4882 /* Called from ssl3_HandleServerHello to set up the master secret in | |
| 4883 * ss->ssl3.pwSpec and the auth algorithm and kea type in ss->sec in the case | |
| 4884 * of a successful session resumption. */ | |
| 4885 SECStatus ssl3_SetupMasterSecretFromSessionID(sslSocket* ss) { | |
| 4886 sslSessionID *sid = ss->sec.ci.sid; | |
| 4887 ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec; | |
| 4888 SECItem wrappedMS; /* wrapped master secret. */ | |
| 4889 | |
| 4890 ss->sec.authAlgorithm = sid->authAlgorithm; | |
| 4891 ss->sec.authKeyBits = sid->authKeyBits; | |
| 4892 ss->sec.keaType = sid->keaType; | |
| 4893 ss->sec.keaKeyBits = sid->keaKeyBits; | |
| 4894 | |
| 4895 /* 3 cases here: | |
| 4896 * a) key is wrapped (implies using PKCS11) | |
| 4897 * b) key is unwrapped, but we're still using PKCS11 | |
| 4898 * c) key is unwrapped, and we're bypassing PKCS11. | |
| 4899 */ | |
| 4900 if (sid->u.ssl3.keys.msIsWrapped) { | |
| 4901 PK11SlotInfo *slot; | |
| 4902 PK11SymKey * wrapKey; /* wrapping key */ | |
| 4903 CK_FLAGS keyFlags = 0; | |
| 4904 | |
| 4905 if (ss->opt.bypassPKCS11) { | |
| 4906 /* we cannot restart a non-bypass session in a | |
| 4907 ** bypass socket. | |
| 4908 */ | |
| 4909 return SECFailure; | |
| 4910 } | |
| 4911 /* unwrap master secret with PKCS11 */ | |
| 4912 slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID, | |
| 4913 sid->u.ssl3.masterSlotID); | |
| 4914 if (slot == NULL) { | |
| 4915 return SECFailure; | |
| 4916 } | |
| 4917 if (!PK11_IsPresent(slot)) { | |
| 4918 PK11_FreeSlot(slot); | |
| 4919 return SECFailure; | |
| 4920 } | |
| 4921 wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex, | |
| 4922 sid->u.ssl3.masterWrapMech, | |
| 4923 sid->u.ssl3.masterWrapSeries, | |
| 4924 ss->pkcs11PinArg); | |
| 4925 PK11_FreeSlot(slot); | |
| 4926 if (wrapKey == NULL) { | |
| 4927 return SECFailure; | |
| 4928 } | |
| 4929 | |
| 4930 if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */ | |
| 4931 keyFlags = CKF_SIGN | CKF_VERIFY; | |
| 4932 } | |
| 4933 | |
| 4934 wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; | |
| 4935 wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; | |
| 4936 pwSpec->master_secret = | |
| 4937 PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech, | |
| 4938 NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE, | |
| 4939 CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags); | |
| 4940 PK11_FreeSymKey(wrapKey); | |
| 4941 if (pwSpec->master_secret == NULL) { | |
| 4942 return SECFailure; | |
| 4943 } | |
| 4944 } else if (ss->opt.bypassPKCS11) { | |
| 4945 /* MS is not wrapped */ | |
| 4946 wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; | |
| 4947 wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; | |
| 4948 memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len); | |
| 4949 pwSpec->msItem.data = pwSpec->raw_master_secret; | |
| 4950 pwSpec->msItem.len = wrappedMS.len; | |
| 4951 } else { | |
| 4952 /* We CAN restart a bypass session in a non-bypass socket. */ | |
| 4953 /* need to import the raw master secret to session object */ | |
| 4954 PK11SlotInfo *slot = PK11_GetInternalSlot(); | |
| 4955 wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; | |
| 4956 wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; | |
| 4957 pwSpec->master_secret = | |
| 4958 PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE, | |
| 4959 PK11_OriginUnwrap, CKA_ENCRYPT, | |
| 4960 &wrappedMS, NULL); | |
| 4961 PK11_FreeSlot(slot); | |
| 4962 if (pwSpec->master_secret == NULL) { | |
| 4963 return SECFailure; | |
| 4964 } | |
| 4965 } | |
| 4966 | |
| 4967 return SECSuccess; | |
| 4968 } | |
| 4969 | |
| 4970 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | 4874 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
| 4971 * ssl3 ServerHello message. | 4875 * ssl3 ServerHello message. |
| 4972 * Caller must hold Handshake and RecvBuf locks. | 4876 * Caller must hold Handshake and RecvBuf locks. |
| 4973 */ | 4877 */ |
| 4974 static SECStatus | 4878 static SECStatus |
| 4975 ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) | 4879 ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
| 4976 { | 4880 { |
| 4977 sslSessionID *sid = ss->sec.ci.sid; | 4881 sslSessionID *sid = ss->sec.ci.sid; |
| 4978 PRInt32 temp; /* allow for consume number failure */ | 4882 PRInt32 temp; /* allow for consume number failure */ |
| 4979 PRBool suite_found = PR_FALSE; | 4883 PRBool suite_found = PR_FALSE; |
| 4980 int i; | 4884 int i; |
| 4981 int errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO; | 4885 int errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO; |
| 4982 SECStatus rv; | 4886 SECStatus rv; |
| 4983 SECItem sidBytes = {siBuffer, NULL, 0}; | 4887 SECItem sidBytes = {siBuffer, NULL, 0}; |
| 4984 PRBool sid_match; | 4888 PRBool sid_match; |
| 4985 PRBool isTLS = PR_FALSE; | 4889 PRBool isTLS = PR_FALSE; |
| 4986 SSL3AlertDescription desc = illegal_parameter; | 4890 SSL3AlertDescription desc = illegal_parameter; |
| 4987 SSL3ProtocolVersion version; | 4891 SSL3ProtocolVersion version; |
| 4988 | 4892 |
| 4989 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake", | 4893 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake", |
| 4990 SSL_GETPID(), ss->fd)); | 4894 SSL_GETPID(), ss->fd)); |
| 4991 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 4895 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| 4992 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 4896 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
| 4993 | 4897 |
| 4994 if (ss->ssl3.hs.snapStartType == snap_start_full || | |
| 4995 ss->ssl3.hs.snapStartType == snap_start_resume) { | |
| 4996 /* Snap Start handshake was rejected. */ | |
| 4997 rv = ssl3_ResetForSnapStartRecovery(ss, b, length); | |
| 4998 if (rv != SECSuccess) | |
| 4999 return rv; | |
| 5000 } | |
| 5001 | |
| 5002 rv = ssl3_InitState(ss); | 4898 rv = ssl3_InitState(ss); |
| 5003 if (rv != SECSuccess) { | 4899 if (rv != SECSuccess) { |
| 5004 errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */ | 4900 errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */ |
| 5005 goto alert_loser; | 4901 goto alert_loser; |
| 5006 } | 4902 } |
| 5007 if (ss->ssl3.hs.ws != wait_server_hello) { | 4903 if (ss->ssl3.hs.ws != wait_server_hello) { |
| 5008 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; | 4904 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; |
| 5009 desc = unexpected_message; | 4905 desc = unexpected_message; |
| 5010 goto alert_loser; | 4906 goto alert_loser; |
| 5011 } | 4907 } |
| (...skipping 11 matching lines...) Expand all Loading... |
| 5023 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); | 4919 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); |
| 5024 ss->ssl3.clientPrivateKey = NULL; | 4920 ss->ssl3.clientPrivateKey = NULL; |
| 5025 } | 4921 } |
| 5026 #ifdef NSS_PLATFORM_CLIENT_AUTH | 4922 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 5027 if (ss->ssl3.platformClientKey) { | 4923 if (ss->ssl3.platformClientKey) { |
| 5028 ssl_FreePlatformKey(ss->ssl3.platformClientKey); | 4924 ssl_FreePlatformKey(ss->ssl3.platformClientKey); |
| 5029 ss->ssl3.platformClientKey = (PlatformKey)NULL; | 4925 ss->ssl3.platformClientKey = (PlatformKey)NULL; |
| 5030 } | 4926 } |
| 5031 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 4927 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 5032 | 4928 |
| 5033 if (ss->ssl3.serverHelloPredictionData.data) | |
| 5034 SECITEM_FreeItem(&ss->ssl3.serverHelloPredictionData, PR_FALSE); | |
| 5035 | |
| 5036 /* If this allocation fails it will only stop the application from | |
| 5037 * recording the ServerHello information and performing future Snap | |
| 5038 * Starts. */ | |
| 5039 if (SECITEM_AllocItem(NULL, &ss->ssl3.serverHelloPredictionData, length)) | |
| 5040 memcpy(ss->ssl3.serverHelloPredictionData.data, b, length); | |
| 5041 /* ss->ssl3.serverHelloPredictionDataValid is still false at this | |
| 5042 * point. We have to record the contents of the ServerHello here | |
| 5043 * because we don't have a pointer to the whole message when handling | |
| 5044 * the extensions. However, we wait until the Snap Start extension | |
| 5045 * handler to recognise that the server supports Snap Start and to set | |
| 5046 * serverHelloPredictionDataValid. */ | |
| 5047 | |
| 5048 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); | 4929 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
| 5049 if (temp < 0) { | 4930 if (temp < 0) { |
| 5050 goto loser; /* alert has been sent */ | 4931 goto loser; /* alert has been sent */ |
| 5051 } | 4932 } |
| 5052 version = (SSL3ProtocolVersion)temp; | 4933 version = (SSL3ProtocolVersion)temp; |
| 5053 | 4934 |
| 5054 /* this is appropriate since the negotiation is complete, and we only | 4935 /* this is appropriate since the negotiation is complete, and we only |
| 5055 ** know SSL 3.x. | 4936 ** know SSL 3.x. |
| 5056 */ | 4937 */ |
| 5057 if (MSB(version) != MSB(SSL_LIBRARY_VERSION_3_0)) { | 4938 if (MSB(version) != MSB(SSL_LIBRARY_VERSION_3_0)) { |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5178 * not and if so it may match the one we sent. | 5059 * not and if so it may match the one we sent. |
| 5179 * Attempt to restore the master secret to see if this is so... | 5060 * Attempt to restore the master secret to see if this is so... |
| 5180 * Don't consider failure to find a matching SID an error. | 5061 * Don't consider failure to find a matching SID an error. |
| 5181 */ | 5062 */ |
| 5182 sid_match = (PRBool)(sidBytes.len > 0 && | 5063 sid_match = (PRBool)(sidBytes.len > 0 && |
| 5183 sidBytes.len == sid->u.ssl3.sessionIDLength && | 5064 sidBytes.len == sid->u.ssl3.sessionIDLength && |
| 5184 !PORT_Memcmp(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len)); | 5065 !PORT_Memcmp(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len)); |
| 5185 | 5066 |
| 5186 if (sid_match && | 5067 if (sid_match && |
| 5187 sid->version == ss->version && | 5068 sid->version == ss->version && |
| 5188 » sid->u.ssl3.cipherSuite == ss->ssl3.hs.cipher_suite) { | 5069 » sid->u.ssl3.cipherSuite == ss->ssl3.hs.cipher_suite) do { |
| 5189 » rv = ssl3_SetupMasterSecretFromSessionID(ss); | 5070 » ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec; |
| 5190 » /* Failure of ssl3_SetupMasterSecretFromSessionID not considered an | |
| 5191 » * error. Continue with a full handshake. */ | |
| 5192 » if (rv == SECSuccess) { | |
| 5193 » /* Got a Match */ | |
| 5194 » SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_hits ); | |
| 5195 | 5071 |
| 5196 » /* If we sent a session ticket, then this is a stateless resume. */ | 5072 » SECItem wrappedMS; /* wrapped master secret. */ |
| 5197 » if (sid->version > SSL_LIBRARY_VERSION_3_0 && | |
| 5198 » » sid->u.ssl3.sessionTicket.ticket.data != NULL) | |
| 5199 » » SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_stateless_resumes ); | |
| 5200 | 5073 |
| 5201 » if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) | 5074 » ss->sec.authAlgorithm = sid->authAlgorithm; |
| 5202 » » ss->ssl3.hs.ws = wait_new_session_ticket; | 5075 » ss->sec.authKeyBits = sid->authKeyBits; |
| 5203 » else | 5076 » ss->sec.keaType = sid->keaType; |
| 5204 » » ss->ssl3.hs.ws = wait_change_cipher; | 5077 » ss->sec.keaKeyBits = sid->keaKeyBits; |
| 5205 | 5078 |
| 5206 » ss->ssl3.hs.isResuming = PR_TRUE; | 5079 » /* 3 cases here: |
| 5080 » * a) key is wrapped (implies using PKCS11) |
| 5081 » * b) key is unwrapped, but we're still using PKCS11 |
| 5082 » * c) key is unwrapped, and we're bypassing PKCS11. |
| 5083 » */ |
| 5084 » if (sid->u.ssl3.keys.msIsWrapped) { |
| 5085 » PK11SlotInfo *slot; |
| 5086 » PK11SymKey * wrapKey; /* wrapping key */ |
| 5087 » CK_FLAGS keyFlags = 0; |
| 5207 | 5088 |
| 5208 » /* copy the peer cert from the SID */ | 5089 » if (ss->opt.bypassPKCS11) { |
| 5209 » if (sid->peerCert != NULL) { | 5090 » » /* we cannot restart a non-bypass session in a |
| 5210 » » ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); | 5091 » » ** bypass socket. |
| 5211 » » ssl3_CopyPeerCertsFromSID(ss, sid); | 5092 » » */ |
| 5093 » » break; |
| 5094 » } |
| 5095 » /* unwrap master secret with PKCS11 */ |
| 5096 » slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID, |
| 5097 » » » » sid->u.ssl3.masterSlotID); |
| 5098 » if (slot == NULL) { |
| 5099 » » break;» » /* not considered an error. */ |
| 5100 » } |
| 5101 » if (!PK11_IsPresent(slot)) { |
| 5102 » » PK11_FreeSlot(slot); |
| 5103 » » break;» » /* not considered an error. */ |
| 5104 » } |
| 5105 » wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex, |
| 5106 » » » » sid->u.ssl3.masterWrapMech, |
| 5107 » » » » sid->u.ssl3.masterWrapSeries, |
| 5108 » » » » ss->pkcs11PinArg); |
| 5109 » PK11_FreeSlot(slot); |
| 5110 » if (wrapKey == NULL) { |
| 5111 » » break;» » /* not considered an error. */ |
| 5212 } | 5112 } |
| 5213 | 5113 |
| 5214 » /* NULL value for PMS signifies re-use of the old MS */ | 5114 » if (ss->version > SSL_LIBRARY_VERSION_3_0) {» /* isTLS */ |
| 5215 » rv = ssl3_InitPendingCipherSpec(ss, NULL); | 5115 » » keyFlags = CKF_SIGN | CKF_VERIFY; |
| 5216 » if (rv != SECSuccess) { | |
| 5217 » » goto alert_loser; | |
| 5218 } | 5116 } |
| 5219 » return SECSuccess; | 5117 |
| 5118 » wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; |
| 5119 » wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; |
| 5120 » pwSpec->master_secret = |
| 5121 » » PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech, |
| 5122 » » » NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE, |
| 5123 » » » CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags); |
| 5124 » errCode = PORT_GetError(); |
| 5125 » PK11_FreeSymKey(wrapKey); |
| 5126 » if (pwSpec->master_secret == NULL) { |
| 5127 » » break;» /* errorCode set just after call to UnwrapSymKey. */ |
| 5128 » } |
| 5129 » } else if (ss->opt.bypassPKCS11) { |
| 5130 » /* MS is not wrapped */ |
| 5131 » wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; |
| 5132 » wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; |
| 5133 » memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len); |
| 5134 » pwSpec->msItem.data = pwSpec->raw_master_secret; |
| 5135 » pwSpec->msItem.len = wrappedMS.len; |
| 5136 » } else { |
| 5137 » /* We CAN restart a bypass session in a non-bypass socket. */ |
| 5138 » /* need to import the raw master secret to session object */ |
| 5139 » PK11SlotInfo *slot = PK11_GetInternalSlot(); |
| 5140 » wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; |
| 5141 » wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; |
| 5142 » pwSpec->master_secret = |
| 5143 » » PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE, |
| 5144 » » » » PK11_OriginUnwrap, CKA_ENCRYPT, |
| 5145 » » » » &wrappedMS, NULL); |
| 5146 » PK11_FreeSlot(slot); |
| 5147 » if (pwSpec->master_secret == NULL) { |
| 5148 » » break; |
| 5149 » } |
| 5220 } | 5150 } |
| 5221 } | 5151 |
| 5152 » /* Got a Match */ |
| 5153 » SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_hits ); |
| 5154 |
| 5155 » /* If we sent a session ticket, then this is a stateless resume. */ |
| 5156 » if (sid->version > SSL_LIBRARY_VERSION_3_0 && |
| 5157 » sid->u.ssl3.sessionTicket.ticket.data != NULL) |
| 5158 » SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_stateless_resumes ); |
| 5159 |
| 5160 » if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) |
| 5161 » ss->ssl3.hs.ws = wait_new_session_ticket; |
| 5162 » else |
| 5163 » ss->ssl3.hs.ws = wait_change_cipher; |
| 5164 |
| 5165 » ss->ssl3.hs.isResuming = PR_TRUE; |
| 5166 |
| 5167 » /* copy the peer cert from the SID */ |
| 5168 » if (sid->peerCert != NULL) { |
| 5169 » ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); |
| 5170 » ssl3_CopyPeerCertsFromSID(ss, sid); |
| 5171 » } |
| 5172 |
| 5173 |
| 5174 » /* NULL value for PMS signifies re-use of the old MS */ |
| 5175 » rv = ssl3_InitPendingCipherSpec(ss, NULL); |
| 5176 » if (rv != SECSuccess) { |
| 5177 » goto alert_loser;» /* err code was set */ |
| 5178 » } |
| 5179 » return SECSuccess; |
| 5180 } while (0); |
| 5222 | 5181 |
| 5223 if (sid_match) | 5182 if (sid_match) |
| 5224 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_not_ok ); | 5183 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_not_ok ); |
| 5225 else | 5184 else |
| 5226 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_misses ); | 5185 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_misses ); |
| 5227 | 5186 |
| 5228 /* throw the old one away */ | 5187 /* throw the old one away */ |
| 5229 sid->u.ssl3.keys.resumable = PR_FALSE; | 5188 sid->u.ssl3.keys.resumable = PR_FALSE; |
| 5230 (*ss->sec.uncache)(sid); | 5189 (*ss->sec.uncache)(sid); |
| 5231 ssl_FreeSID(sid); | 5190 ssl_FreeSID(sid); |
| (...skipping 1011 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6243 errCode = SSL_ERROR_UNSAFE_NEGOTIATION; | 6202 errCode = SSL_ERROR_UNSAFE_NEGOTIATION; |
| 6244 goto alert_loser; | 6203 goto alert_loser; |
| 6245 } | 6204 } |
| 6246 | 6205 |
| 6247 /* We do stateful resumes only if either of the following | 6206 /* We do stateful resumes only if either of the following |
| 6248 * conditions are satisfied: (1) the client does not support the | 6207 * conditions are satisfied: (1) the client does not support the |
| 6249 * session ticket extension, or (2) the client support the session | 6208 * session ticket extension, or (2) the client support the session |
| 6250 * ticket extension, but sent an empty ticket. | 6209 * ticket extension, but sent an empty ticket. |
| 6251 */ | 6210 */ |
| 6252 if (!ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) || | 6211 if (!ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) || |
| 6253 » ss->xtnData.serverReceivedEmptySessionTicket) { | 6212 » ss->xtnData.emptySessionTicket) { |
| 6254 if (sidBytes.len > 0 && !ss->opt.noCache) { | 6213 if (sidBytes.len > 0 && !ss->opt.noCache) { |
| 6255 SSL_TRC(7, ("%d: SSL3[%d]: server, lookup client session-id for 0x%0
8x%08x%08x%08x", | 6214 SSL_TRC(7, ("%d: SSL3[%d]: server, lookup client session-id for 0x%0
8x%08x%08x%08x", |
| 6256 SSL_GETPID(), ss->fd, ss->sec.ci.peer.pr_s6_addr32[0], | 6215 SSL_GETPID(), ss->fd, ss->sec.ci.peer.pr_s6_addr32[0], |
| 6257 ss->sec.ci.peer.pr_s6_addr32[1], | 6216 ss->sec.ci.peer.pr_s6_addr32[1], |
| 6258 ss->sec.ci.peer.pr_s6_addr32[2], | 6217 ss->sec.ci.peer.pr_s6_addr32[2], |
| 6259 ss->sec.ci.peer.pr_s6_addr32[3])); | 6218 ss->sec.ci.peer.pr_s6_addr32[3])); |
| 6260 if (ssl_sid_lookup) { | 6219 if (ssl_sid_lookup) { |
| 6261 sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sidBytes.data, | 6220 sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sidBytes.data, |
| 6262 sidBytes.len, ss->dbHandle); | 6221 sidBytes.len, ss->dbHandle); |
| 6263 } else { | 6222 } else { |
| (...skipping 1432 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7696 (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length); | 7655 (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length); |
| 7697 | 7656 |
| 7698 rv = ssl3_ConsumeHandshakeVariable(ss, &session_ticket.ticket, 2, | 7657 rv = ssl3_ConsumeHandshakeVariable(ss, &session_ticket.ticket, 2, |
| 7699 &b, &length); | 7658 &b, &length); |
| 7700 if (length != 0 || rv != SECSuccess) { | 7659 if (length != 0 || rv != SECSuccess) { |
| 7701 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); | 7660 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); |
| 7702 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); | 7661 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); |
| 7703 return SECFailure; /* malformed */ | 7662 return SECFailure; /* malformed */ |
| 7704 } | 7663 } |
| 7705 | 7664 |
| 7706 if (ss->sec.ci.sid->peerCert == NULL) { | |
| 7707 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert); | |
| 7708 ssl3_CopyPeerCertsToSID((ssl3CertNode *)ss->ssl3.peerCertChain, | |
| 7709 ss->sec.ci.sid); | |
| 7710 } | |
| 7711 | |
| 7712 rv = ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &session_ticket); | 7665 rv = ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &session_ticket); |
| 7713 if (rv != SECSuccess) { | 7666 if (rv != SECSuccess) { |
| 7714 (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); | 7667 (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); |
| 7715 PORT_SetError(SSL_ERROR_INTERNAL_ERROR_ALERT); | 7668 PORT_SetError(SSL_ERROR_INTERNAL_ERROR_ALERT); |
| 7716 return SECFailure; | 7669 return SECFailure; |
| 7717 } | 7670 } |
| 7718 ss->ssl3.hs.ws = wait_change_cipher; | 7671 ss->ssl3.hs.ws = wait_change_cipher; |
| 7719 return SECSuccess; | 7672 return SECSuccess; |
| 7720 } | 7673 } |
| 7721 | 7674 |
| (...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7893 ssl3CertNode *certs = (ssl3CertNode *)ss->ssl3.peerCertChain; | 7846 ssl3CertNode *certs = (ssl3CertNode *)ss->ssl3.peerCertChain; |
| 7894 | 7847 |
| 7895 for (; certs; certs = certs->next) { | 7848 for (; certs; certs = certs->next) { |
| 7896 CERT_DestroyCertificate(certs->cert); | 7849 CERT_DestroyCertificate(certs->cert); |
| 7897 } | 7850 } |
| 7898 if (arena) PORT_FreeArena(arena, PR_FALSE); | 7851 if (arena) PORT_FreeArena(arena, PR_FALSE); |
| 7899 ss->ssl3.peerCertArena = NULL; | 7852 ss->ssl3.peerCertArena = NULL; |
| 7900 ss->ssl3.peerCertChain = NULL; | 7853 ss->ssl3.peerCertChain = NULL; |
| 7901 } | 7854 } |
| 7902 | 7855 |
| 7903 void | 7856 static void |
| 7904 ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid) | 7857 ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid) |
| 7905 { | 7858 { |
| 7906 PRArenaPool *arena; | 7859 PRArenaPool *arena; |
| 7907 ssl3CertNode *lastCert = NULL; | 7860 ssl3CertNode *lastCert = NULL; |
| 7908 ssl3CertNode *certs = NULL; | 7861 ssl3CertNode *certs = NULL; |
| 7909 int i; | 7862 int i; |
| 7910 | 7863 |
| 7911 if (!sid->peerCertChain[0]) | 7864 if (!sid->peerCertChain[0]) |
| 7912 return; | 7865 return; |
| 7913 PORT_Assert(!ss->ssl3.peerCertArena); | 7866 PORT_Assert(!ss->ssl3.peerCertArena); |
| (...skipping 445 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8359 ssl_GetRecvBufLock(ss); | 8312 ssl_GetRecvBufLock(ss); |
| 8360 if (ss->ssl3.hs.msgState.buf != NULL) { | 8313 if (ss->ssl3.hs.msgState.buf != NULL) { |
| 8361 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); | 8314 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); |
| 8362 } | 8315 } |
| 8363 ssl_ReleaseRecvBufLock(ss); | 8316 ssl_ReleaseRecvBufLock(ss); |
| 8364 } | 8317 } |
| 8365 | 8318 |
| 8366 return rv; | 8319 return rv; |
| 8367 } | 8320 } |
| 8368 | 8321 |
| 8369 SECStatus | 8322 static SECStatus |
| 8370 ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, | 8323 ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, |
| 8371 PRBool isServer, | 8324 PRBool isServer, |
| 8372 const SSL3Finished * hashes, | 8325 const SSL3Finished * hashes, |
| 8373 TLSFinished * tlsFinished) | 8326 TLSFinished * tlsFinished) |
| 8374 { | 8327 { |
| 8375 const char * label; | 8328 const char * label; |
| 8376 unsigned int len; | 8329 unsigned int len; |
| 8377 SECStatus rv; | 8330 SECStatus rv; |
| 8378 | 8331 |
| 8379 label = isServer ? "server finished" : "client finished"; | 8332 label = isServer ? "server finished" : "client finished"; |
| (...skipping 27 matching lines...) Expand all Loading... |
| 8407 outData.len = sizeof tlsFinished->verify_data; | 8360 outData.len = sizeof tlsFinished->verify_data; |
| 8408 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); | 8361 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); |
| 8409 PORT_Assert(rv != SECSuccess || \ | 8362 PORT_Assert(rv != SECSuccess || \ |
| 8410 outData.len == sizeof tlsFinished->verify_data); | 8363 outData.len == sizeof tlsFinished->verify_data); |
| 8411 } | 8364 } |
| 8412 return rv; | 8365 return rv; |
| 8413 } | 8366 } |
| 8414 | 8367 |
| 8415 /* called from ssl3_HandleServerHelloDone | 8368 /* called from ssl3_HandleServerHelloDone |
| 8416 */ | 8369 */ |
| 8417 SECStatus | 8370 static SECStatus |
| 8418 ssl3_SendNextProto(sslSocket *ss) | 8371 ssl3_SendNextProto(sslSocket *ss) |
| 8419 { | 8372 { |
| 8420 SECStatus rv; | 8373 SECStatus rv; |
| 8421 int padding_len; | 8374 int padding_len; |
| 8422 static const unsigned char padding[32] = {0}; | 8375 static const unsigned char padding[32] = {0}; |
| 8423 | 8376 |
| 8424 if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NO_SUPPORT) | 8377 if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NO_SUPPORT) |
| 8425 return SECSuccess; | 8378 return SECSuccess; |
| 8426 | 8379 |
| 8427 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | 8380 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 8443 if (rv != SECSuccess) { | 8396 if (rv != SECSuccess) { |
| 8444 return rv; /* error code set by AppendHandshake */ | 8397 return rv; /* error code set by AppendHandshake */ |
| 8445 } | 8398 } |
| 8446 return rv; | 8399 return rv; |
| 8447 } | 8400 } |
| 8448 | 8401 |
| 8449 /* called from ssl3_HandleServerHelloDone | 8402 /* called from ssl3_HandleServerHelloDone |
| 8450 * ssl3_HandleClientHello | 8403 * ssl3_HandleClientHello |
| 8451 * ssl3_HandleFinished | 8404 * ssl3_HandleFinished |
| 8452 */ | 8405 */ |
| 8453 SECStatus | 8406 static SECStatus |
| 8454 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) | 8407 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) |
| 8455 { | 8408 { |
| 8456 ssl3CipherSpec *cwSpec; | 8409 ssl3CipherSpec *cwSpec; |
| 8457 PRBool isTLS; | 8410 PRBool isTLS; |
| 8458 PRBool isServer = ss->sec.isServer; | 8411 PRBool isServer = ss->sec.isServer; |
| 8459 SECStatus rv; | 8412 SECStatus rv; |
| 8460 SSL3Sender sender = isServer ? sender_server : sender_client; | 8413 SSL3Sender sender = isServer ? sender_server : sender_client; |
| 8461 SSL3Finished hashes; | 8414 SSL3Finished hashes; |
| 8462 TLSFinished tlsFinished; | 8415 TLSFinished tlsFinished; |
| 8463 | 8416 |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8496 else | 8449 else |
| 8497 ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes; | 8450 ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes; |
| 8498 ss->ssl3.hs.finishedBytes = sizeof hashes; | 8451 ss->ssl3.hs.finishedBytes = sizeof hashes; |
| 8499 rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof hashes); | 8452 rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof hashes); |
| 8500 if (rv != SECSuccess) | 8453 if (rv != SECSuccess) |
| 8501 goto fail; /* err set by AppendHandshake. */ | 8454 goto fail; /* err set by AppendHandshake. */ |
| 8502 rv = ssl3_AppendHandshake(ss, &hashes, sizeof hashes); | 8455 rv = ssl3_AppendHandshake(ss, &hashes, sizeof hashes); |
| 8503 if (rv != SECSuccess) | 8456 if (rv != SECSuccess) |
| 8504 goto fail; /* err set by AppendHandshake. */ | 8457 goto fail; /* err set by AppendHandshake. */ |
| 8505 } | 8458 } |
| 8506 if ((flags & ssl_SEND_FLAG_NO_FLUSH) == 0) { | 8459 rv = ssl3_FlushHandshake(ss, flags); |
| 8507 » rv = ssl3_FlushHandshake(ss, flags); | 8460 if (rv != SECSuccess) { |
| 8508 » if (rv != SECSuccess) { | 8461 » goto fail;» /* error code set by ssl3_FlushHandshake */ |
| 8509 » goto fail;» /* error code set by ssl3_FlushHandshake */ | |
| 8510 » } | |
| 8511 } | 8462 } |
| 8512 | |
| 8513 return SECSuccess; | 8463 return SECSuccess; |
| 8514 | 8464 |
| 8515 fail: | 8465 fail: |
| 8516 return rv; | 8466 return rv; |
| 8517 } | 8467 } |
| 8518 | 8468 |
| 8519 /* wrap the master secret, and put it into the SID. | 8469 /* wrap the master secret, and put it into the SID. |
| 8520 * Caller holds the Spec read lock. | 8470 * Caller holds the Spec read lock. |
| 8521 */ | 8471 */ |
| 8522 SECStatus | 8472 SECStatus |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8619 | 8569 |
| 8620 SSL_TRC(3, ("%d: SSL3[%d]: handle finished handshake", | 8570 SSL_TRC(3, ("%d: SSL3[%d]: handle finished handshake", |
| 8621 SSL_GETPID(), ss->fd)); | 8571 SSL_GETPID(), ss->fd)); |
| 8622 | 8572 |
| 8623 if (ss->ssl3.hs.ws != wait_finished) { | 8573 if (ss->ssl3.hs.ws != wait_finished) { |
| 8624 SSL3_SendAlert(ss, alert_fatal, unexpected_message); | 8574 SSL3_SendAlert(ss, alert_fatal, unexpected_message); |
| 8625 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_FINISHED); | 8575 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_FINISHED); |
| 8626 return SECFailure; | 8576 return SECFailure; |
| 8627 } | 8577 } |
| 8628 | 8578 |
| 8629 if (ss->ssl3.hs.snapStartType == snap_start_full || | |
| 8630 ss->ssl3.hs.snapStartType == snap_start_resume) { | |
| 8631 /* Snap Start handshake was successful. Switch the cipher spec. */ | |
| 8632 ssl_GetSpecWriteLock(ss); | |
| 8633 ssl3_DestroyCipherSpec(ss->ssl3.cwSpec, PR_TRUE/*freeSrvName*/); | |
| 8634 ss->ssl3.cwSpec = ss->ssl3.pwSpec; | |
| 8635 ss->ssl3.pwSpec = NULL; | |
| 8636 ssl_ReleaseSpecWriteLock(ss); | |
| 8637 } | |
| 8638 | |
| 8639 isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0); | 8579 isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0); |
| 8640 if (isTLS) { | 8580 if (isTLS) { |
| 8641 TLSFinished tlsFinished; | 8581 TLSFinished tlsFinished; |
| 8642 | 8582 |
| 8643 if (length != sizeof tlsFinished) { | 8583 if (length != sizeof tlsFinished) { |
| 8644 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); | 8584 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); |
| 8645 PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED); | 8585 PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED); |
| 8646 return SECFailure; | 8586 return SECFailure; |
| 8647 } | 8587 } |
| 8648 | 8588 » rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer, |
| 8649 » if (ss->ssl3.hs.snapStartType == snap_start_resume) { | 8589 » hashes, &tlsFinished); |
| 8650 » /* In this case we have already advanced the Finished hash past the | 8590 » if (!isServer) |
| 8651 » * server's verify_data because we needed to predict the server's | 8591 » ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished; |
| 8652 » * Finished message in order to compute our own (which includes | 8592 » else |
| 8653 » * it). When we did this, we stored a copy in tFinished[1]. */ | 8593 » ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished; |
| 8654 tlsFinished = ss->ssl3.hs.finishedMsgs.tFinished[1]; | |
| 8655 » } else { | |
| 8656 » rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer, | |
| 8657 » » » » » hashes, &tlsFinished); | |
| 8658 » if (!isServer) | |
| 8659 » » ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished; | |
| 8660 » else | |
| 8661 » » ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished; | |
| 8662 » } | |
| 8663 ss->ssl3.hs.finishedBytes = sizeof tlsFinished; | 8594 ss->ssl3.hs.finishedBytes = sizeof tlsFinished; |
| 8664 if (rv != SECSuccess || | 8595 if (rv != SECSuccess || |
| 8665 0 != NSS_SecureMemcmp(&tlsFinished, b, length)) { | 8596 0 != NSS_SecureMemcmp(&tlsFinished, b, length)) { |
| 8666 (void)SSL3_SendAlert(ss, alert_fatal, decrypt_error); | 8597 (void)SSL3_SendAlert(ss, alert_fatal, decrypt_error); |
| 8667 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); | 8598 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); |
| 8668 return SECFailure; | 8599 return SECFailure; |
| 8669 } | 8600 } |
| 8670 } else { | 8601 } else { |
| 8671 if (length != sizeof(SSL3Hashes)) { | 8602 if (length != sizeof(SSL3Hashes)) { |
| 8672 (void)ssl3_IllegalParameter(ss); | 8603 (void)ssl3_IllegalParameter(ss); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 8683 (void)ssl3_HandshakeFailure(ss); | 8614 (void)ssl3_HandshakeFailure(ss); |
| 8684 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); | 8615 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); |
| 8685 return SECFailure; | 8616 return SECFailure; |
| 8686 } | 8617 } |
| 8687 } | 8618 } |
| 8688 | 8619 |
| 8689 doStepUp = (PRBool)(!isServer && ss->ssl3.hs.rehandshake); | 8620 doStepUp = (PRBool)(!isServer && ss->ssl3.hs.rehandshake); |
| 8690 | 8621 |
| 8691 ssl_GetXmitBufLock(ss); /*************************************/ | 8622 ssl_GetXmitBufLock(ss); /*************************************/ |
| 8692 | 8623 |
| 8693 if (ss->ssl3.hs.snapStartType != snap_start_resume && | 8624 if ((isServer && !ss->ssl3.hs.isResuming) || |
| 8694 » ((isServer && !ss->ssl3.hs.isResuming) || | 8625 » (!isServer && ss->ssl3.hs.isResuming)) { |
| 8695 » (!isServer && ss->ssl3.hs.isResuming))) { | |
| 8696 PRInt32 flags = 0; | 8626 PRInt32 flags = 0; |
| 8697 | 8627 |
| 8698 /* Send a NewSessionTicket message if the client sent us | 8628 /* Send a NewSessionTicket message if the client sent us |
| 8699 * either an empty session ticket, or one that did not verify. | 8629 * either an empty session ticket, or one that did not verify. |
| 8700 * (Note that if either of these conditions was met, then the | 8630 * (Note that if either of these conditions was met, then the |
| 8701 * server has sent a SessionTicket extension in the | 8631 * server has sent a SessionTicket extension in the |
| 8702 * ServerHello message.) | 8632 * ServerHello message.) |
| 8703 */ | 8633 */ |
| 8704 if (isServer && !ss->ssl3.hs.isResuming && | 8634 if (isServer && !ss->ssl3.hs.isResuming && |
| 8705 ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) { | 8635 ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) { |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8801 /* If the wrap failed, we don't cache the sid. | 8731 /* If the wrap failed, we don't cache the sid. |
| 8802 * The connection continues normally however. | 8732 * The connection continues normally however. |
| 8803 */ | 8733 */ |
| 8804 if (rv == SECSuccess) { | 8734 if (rv == SECSuccess) { |
| 8805 (*ss->sec.cache)(sid); | 8735 (*ss->sec.cache)(sid); |
| 8806 } | 8736 } |
| 8807 } | 8737 } |
| 8808 ss->ssl3.hs.ws = idle_handshake; | 8738 ss->ssl3.hs.ws = idle_handshake; |
| 8809 | 8739 |
| 8810 /* Do the handshake callback for sslv3 here, if we cannot false start. */ | 8740 /* Do the handshake callback for sslv3 here, if we cannot false start. */ |
| 8811 if (ss->handshakeCallback != NULL && | 8741 if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { |
| 8812 (!ssl3_CanFalseStart(ss) || | |
| 8813 ss->ssl3.hs.snapStartType == snap_start_full || | |
| 8814 ss->ssl3.hs.snapStartType == snap_start_resume)) { | |
| 8815 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | 8742 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
| 8816 } | 8743 } |
| 8817 | 8744 |
| 8818 return SECSuccess; | 8745 return SECSuccess; |
| 8819 } | 8746 } |
| 8820 | 8747 |
| 8821 /* This function handles any pending Certificate messages. Certificate messages | 8748 /* This function handles any pending Certificate messages. Certificate messages |
| 8822 * can be pending if we expect a possible CertificateStatus message to follow. | 8749 * can be pending if we expect a possible CertificateStatus message to follow. |
| 8823 * | 8750 * |
| 8824 * This function must be called immediately after handling the | 8751 * This function must be called immediately after handling the |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8885 | 8812 |
| 8886 /* Start new handshake hashes when we start a new handshake */ | 8813 /* Start new handshake hashes when we start a new handshake */ |
| 8887 if (ss->ssl3.hs.msg_type == client_hello) { | 8814 if (ss->ssl3.hs.msg_type == client_hello) { |
| 8888 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", | 8815 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", |
| 8889 SSL_GETPID(), ss->fd )); | 8816 SSL_GETPID(), ss->fd )); |
| 8890 rv = ssl3_RestartHandshakeHashes(ss); | 8817 rv = ssl3_RestartHandshakeHashes(ss); |
| 8891 if (rv != SECSuccess) { | 8818 if (rv != SECSuccess) { |
| 8892 return rv; | 8819 return rv; |
| 8893 } | 8820 } |
| 8894 } | 8821 } |
| 8895 /* We should not include hello_request messages in the handshake hashes. | 8822 /* We should not include hello_request messages in the handshake hashes */ |
| 8896 * Likewise, for Finished messages from the server during a Snap Start | 8823 if (ss->ssl3.hs.msg_type != hello_request) { |
| 8897 * resume, we have already predicted and included the message in our | |
| 8898 * Finished hash. */ | |
| 8899 if (ss->ssl3.hs.msg_type != hello_request && | |
| 8900 » !(ss->ssl3.hs.msg_type == finished && | |
| 8901 » ss->ssl3.hs.snapStartType == snap_start_resume)) { | |
| 8902 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); | 8824 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); |
| 8903 if (rv != SECSuccess) return rv; /* err code already set. */ | 8825 if (rv != SECSuccess) return rv; /* err code already set. */ |
| 8904 rv = ssl3_UpdateHandshakeHashes(ss, b, length); | 8826 rv = ssl3_UpdateHandshakeHashes(ss, b, length); |
| 8905 if (rv != SECSuccess) return rv; /* err code already set. */ | 8827 if (rv != SECSuccess) return rv; /* err code already set. */ |
| 8906 } | 8828 } |
| 8907 | 8829 |
| 8908 PORT_SetError(0); /* each message starts with no error. */ | 8830 PORT_SetError(0); /* each message starts with no error. */ |
| 8909 switch (ss->ssl3.hs.msg_type) { | 8831 switch (ss->ssl3.hs.msg_type) { |
| 8910 case hello_request: | 8832 case hello_request: |
| 8911 if (length != 0) { | 8833 if (length != 0) { |
| (...skipping 918 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9830 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 9752 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 9831 | 9753 |
| 9832 if (ss->ssl3.peerCertArena != NULL) | 9754 if (ss->ssl3.peerCertArena != NULL) |
| 9833 ssl3_CleanupPeerCerts(ss); | 9755 ssl3_CleanupPeerCerts(ss); |
| 9834 | 9756 |
| 9835 if (ss->ssl3.clientCertChain != NULL) { | 9757 if (ss->ssl3.clientCertChain != NULL) { |
| 9836 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); | 9758 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); |
| 9837 ss->ssl3.clientCertChain = NULL; | 9759 ss->ssl3.clientCertChain = NULL; |
| 9838 } | 9760 } |
| 9839 | 9761 |
| 9840 if (ss->ssl3.predictedCertChain != NULL) | |
| 9841 ssl3_CleanupPredictedPeerCertificates(ss); | |
| 9842 | |
| 9843 if (ss->ssl3.serverHelloPredictionData.data) | |
| 9844 SECITEM_FreeItem(&ss->ssl3.serverHelloPredictionData, PR_FALSE); | |
| 9845 | |
| 9846 if (ss->ssl3.snapStartApplicationData.data) | |
| 9847 SECITEM_FreeItem(&ss->ssl3.snapStartApplicationData, PR_FALSE); | |
| 9848 | |
| 9849 /* clean up handshake */ | 9762 /* clean up handshake */ |
| 9850 if (ss->opt.bypassPKCS11) { | 9763 if (ss->opt.bypassPKCS11) { |
| 9851 SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); | 9764 SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); |
| 9852 MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); | 9765 MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); |
| 9853 } | 9766 } |
| 9854 if (ss->ssl3.hs.md5) { | 9767 if (ss->ssl3.hs.md5) { |
| 9855 PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); | 9768 PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); |
| 9856 } | 9769 } |
| 9857 if (ss->ssl3.hs.sha) { | 9770 if (ss->ssl3.hs.sha) { |
| 9858 PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); | 9771 PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); |
| 9859 } | 9772 } |
| 9860 if (ss->ssl3.hs.messages.buf) { | 9773 if (ss->ssl3.hs.messages.buf) { |
| 9861 PORT_Free(ss->ssl3.hs.messages.buf); | 9774 PORT_Free(ss->ssl3.hs.messages.buf); |
| 9862 ss->ssl3.hs.messages.buf = NULL; | 9775 ss->ssl3.hs.messages.buf = NULL; |
| 9863 ss->ssl3.hs.messages.len = 0; | 9776 ss->ssl3.hs.messages.len = 0; |
| 9864 ss->ssl3.hs.messages.space = 0; | 9777 ss->ssl3.hs.messages.space = 0; |
| 9865 } | 9778 } |
| 9866 if (ss->ssl3.hs.origClientHello.data) { | |
| 9867 SECITEM_FreeItem(&ss->ssl3.hs.origClientHello, PR_FALSE); | |
| 9868 } | |
| 9869 if (ss->ssl3.hs.pending_cert_msg.data) { | 9779 if (ss->ssl3.hs.pending_cert_msg.data) { |
| 9870 SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE); | 9780 SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE); |
| 9871 } | 9781 } |
| 9872 if (ss->ssl3.hs.cert_status.data) { | 9782 if (ss->ssl3.hs.cert_status.data) { |
| 9873 SECITEM_FreeItem(&ss->ssl3.hs.cert_status, PR_FALSE); | 9783 SECITEM_FreeItem(&ss->ssl3.hs.cert_status, PR_FALSE); |
| 9874 } | 9784 } |
| 9875 | 9785 |
| 9876 /* free the SSL3Buffer (msg_body) */ | 9786 /* free the SSL3Buffer (msg_body) */ |
| 9877 PORT_Free(ss->ssl3.hs.msg_body.buf); | 9787 PORT_Free(ss->ssl3.hs.msg_body.buf); |
| 9878 | 9788 |
| 9879 /* free up the CipherSpecs */ | 9789 /* free up the CipherSpecs */ |
| 9880 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/); | 9790 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/); |
| 9881 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/); | 9791 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/); |
| 9882 | 9792 |
| 9883 ss->ssl3.initialized = PR_FALSE; | 9793 ss->ssl3.initialized = PR_FALSE; |
| 9884 | 9794 |
| 9885 if (ss->ssl3.nextProto.data) { | 9795 if (ss->ssl3.nextProto.data) { |
| 9886 PORT_Free(ss->ssl3.nextProto.data); | 9796 PORT_Free(ss->ssl3.nextProto.data); |
| 9887 ss->ssl3.nextProto.data = NULL; | 9797 ss->ssl3.nextProto.data = NULL; |
| 9888 } | 9798 } |
| 9889 } | 9799 } |
| 9890 | 9800 |
| 9891 /* End of ssl3con.c */ | 9801 /* End of ssl3con.c */ |
| OLD | NEW |