Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(72)

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 7003069: Remove the TLS Snap Start code from NSS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/ssl.def ('k') | net/third_party/nss/ssl/ssl3ext.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
65 #ifdef NSS_ENABLE_ZLIB 65 #ifdef NSS_ENABLE_ZLIB
66 #include "zlib.h" 66 #include "zlib.h"
67 #endif 67 #endif
68 68
69 #ifndef PK11_SETATTRS 69 #ifndef PK11_SETATTRS
70 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ 70 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
71 (x)->pValue=(v); (x)->ulValueLen = (l); 71 (x)->pValue=(v); (x)->ulValueLen = (l);
72 #endif 72 #endif
73 73
74 static void ssl3_CleanupPeerCerts(sslSocket *ss); 74 static void ssl3_CleanupPeerCerts(sslSocket *ss);
75 static void ssl3_CopyPeerCertsToSID(ssl3CertNode *certs, 75 static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid);
76 sslSessionID *sid);
77 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, 76 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
78 PK11SlotInfo * serverKeySlot); 77 PK11SlotInfo * serverKeySlot);
79 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); 78 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
80 static SECStatus ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss); 79 static SECStatus ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss);
81 static SECStatus ssl3_HandshakeFailure( sslSocket *ss); 80 static SECStatus ssl3_HandshakeFailure( sslSocket *ss);
82 static SECStatus ssl3_InitState( sslSocket *ss); 81 static SECStatus ssl3_InitState( sslSocket *ss);
83 static SECStatus ssl3_SendCertificate( sslSocket *ss); 82 static SECStatus ssl3_SendCertificate( sslSocket *ss);
84 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); 83 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
85 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); 84 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
85 static SECStatus ssl3_SendNextProto( sslSocket *ss);
86 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
86 static SECStatus ssl3_SendServerHello( sslSocket *ss); 87 static SECStatus ssl3_SendServerHello( sslSocket *ss);
87 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); 88 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
88 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); 89 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss);
89 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss); 90 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss);
91 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, unsigned char *b,
92 unsigned int l);
90 93
91 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, 94 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
92 int maxOutputLen, const unsigned char *input, 95 int maxOutputLen, const unsigned char *input,
93 int inputLen); 96 int inputLen);
94 97
95 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ 98 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */
96 #define MIN_SEND_BUF_LENGTH 4000 99 #define MIN_SEND_BUF_LENGTH 4000
97 100
98 #define MAX_CIPHER_SUITES 20 101 #define MAX_CIPHER_SUITES 20
99 102
(...skipping 473 matching lines...) Expand 10 before | Expand all | Expand 10 after
573 PR_ATOMIC_INCREMENT((PRInt32 *)x); 576 PR_ATOMIC_INCREMENT((PRInt32 *)x);
574 } else { 577 } else {
575 tooLong * tl = (tooLong *)x; 578 tooLong * tl = (tooLong *)x;
576 if (PR_ATOMIC_INCREMENT(&tl->low) == 0) 579 if (PR_ATOMIC_INCREMENT(&tl->low) == 0)
577 PR_ATOMIC_INCREMENT(&tl->high); 580 PR_ATOMIC_INCREMENT(&tl->high);
578 } 581 }
579 } 582 }
580 583
581 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ 584 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */
582 /* XXX This does a linear search. A binary search would be better. */ 585 /* XXX This does a linear search. A binary search would be better. */
583 const ssl3CipherSuiteDef * 586 static const ssl3CipherSuiteDef *
584 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) 587 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite)
585 { 588 {
586 int cipher_suite_def_len = 589 int cipher_suite_def_len =
587 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]); 590 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]);
588 int i; 591 int i;
589 592
590 for (i = 0; i < cipher_suite_def_len; i++) { 593 for (i = 0; i < cipher_suite_def_len; i++) {
591 if (cipher_suite_defs[i].cipher_suite == suite) 594 if (cipher_suite_defs[i].cipher_suite == suite)
592 return &cipher_suite_defs[i]; 595 return &cipher_suite_defs[i];
593 } 596 }
(...skipping 565 matching lines...) Expand 10 before | Expand all | Expand 10 after
1159 PK11_DestroyContext(mat->write_mac_context, PR_TRUE); 1162 PK11_DestroyContext(mat->write_mac_context, PR_TRUE);
1160 mat->write_mac_context = NULL; 1163 mat->write_mac_context = NULL;
1161 } 1164 }
1162 } 1165 }
1163 1166
1164 /* Called from ssl3_SendChangeCipherSpecs() and 1167 /* Called from ssl3_SendChangeCipherSpecs() and
1165 ** ssl3_HandleChangeCipherSpecs() 1168 ** ssl3_HandleChangeCipherSpecs()
1166 ** ssl3_DestroySSL3Info 1169 ** ssl3_DestroySSL3Info
1167 ** Caller must hold SpecWriteLock. 1170 ** Caller must hold SpecWriteLock.
1168 */ 1171 */
1169 void 1172 static void
1170 ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName) 1173 ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName)
1171 { 1174 {
1172 PRBool freeit = (PRBool)(!spec->bypassCiphers); 1175 PRBool freeit = (PRBool)(!spec->bypassCiphers);
1173 /* PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! * / 1176 /* PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! * /
1174 if (spec->destroy) { 1177 if (spec->destroy) {
1175 spec->destroy(spec->encodeContext, freeit); 1178 spec->destroy(spec->encodeContext, freeit);
1176 spec->destroy(spec->decodeContext, freeit); 1179 spec->destroy(spec->decodeContext, freeit);
1177 spec->encodeContext = NULL; /* paranoia */ 1180 spec->encodeContext = NULL; /* paranoia */
1178 spec->decodeContext = NULL; 1181 spec->decodeContext = NULL;
1179 } 1182 }
(...skipping 21 matching lines...) Expand all
1201 spec->destroyCompressContext = NULL; 1204 spec->destroyCompressContext = NULL;
1202 spec->destroyDecompressContext = NULL; 1205 spec->destroyDecompressContext = NULL;
1203 } 1206 }
1204 1207
1205 /* Fill in the pending cipher spec with info from the selected ciphersuite. 1208 /* Fill in the pending cipher spec with info from the selected ciphersuite.
1206 ** This is as much initialization as we can do without having key material. 1209 ** This is as much initialization as we can do without having key material.
1207 ** Called from ssl3_HandleServerHello(), ssl3_SendServerHello() 1210 ** Called from ssl3_HandleServerHello(), ssl3_SendServerHello()
1208 ** Caller must hold the ssl3 handshake lock. 1211 ** Caller must hold the ssl3 handshake lock.
1209 ** Acquires & releases SpecWriteLock. 1212 ** Acquires & releases SpecWriteLock.
1210 */ 1213 */
1211 SECStatus 1214 static SECStatus
1212 ssl3_SetupPendingCipherSpec(sslSocket *ss) 1215 ssl3_SetupPendingCipherSpec(sslSocket *ss)
1213 { 1216 {
1214 ssl3CipherSpec * pwSpec; 1217 ssl3CipherSpec * pwSpec;
1215 ssl3CipherSpec * cwSpec; 1218 ssl3CipherSpec * cwSpec;
1216 ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite; 1219 ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite;
1217 SSL3MACAlgorithm mac; 1220 SSL3MACAlgorithm mac;
1218 SSL3BulkCipher cipher; 1221 SSL3BulkCipher cipher;
1219 SSL3KeyExchangeAlgorithm kea; 1222 SSL3KeyExchangeAlgorithm kea;
1220 const ssl3CipherSuiteDef *suite_def; 1223 const ssl3CipherSuiteDef *suite_def;
1221 PRBool isTLS; 1224 PRBool isTLS;
(...skipping 811 matching lines...) Expand 10 before | Expand all | Expand 10 after
2033 (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) { 2036 (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) {
2034 isPresent = PR_FALSE; 2037 isPresent = PR_FALSE;
2035 } 2038 }
2036 if (slot) { 2039 if (slot) {
2037 PK11_FreeSlot(slot); 2040 PK11_FreeSlot(slot);
2038 } 2041 }
2039 return isPresent; 2042 return isPresent;
2040 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 2043 #endif /* NSS_PLATFORM_CLIENT_AUTH */
2041 } 2044 }
2042 2045
2043 SECStatus 2046 static SECStatus
2044 ssl3_CompressMACEncryptRecord(sslSocket * ss, 2047 ssl3_CompressMACEncryptRecord(sslSocket * ss,
2045 SSL3ContentType type, 2048 SSL3ContentType type,
2046 const SSL3Opaque * pIn, 2049 const SSL3Opaque * pIn,
2047 PRUint32 contentLen) 2050 PRUint32 contentLen)
2048 { 2051 {
2049 ssl3CipherSpec * cwSpec; 2052 ssl3CipherSpec * cwSpec;
2050 const ssl3BulkCipherDef * cipher_def; 2053 const ssl3BulkCipherDef * cipher_def;
2051 sslBuffer * wrBuf = &ss->sec.writeBuf; 2054 sslBuffer * wrBuf = &ss->sec.writeBuf;
2052 SECStatus rv; 2055 SECStatus rv;
2053 PRUint32 macLen = 0; 2056 PRUint32 macLen = 0;
(...skipping 1041 matching lines...) Expand 10 before | Expand all | Expand 10 after
3095 PK11_FreeSymKey(symKey); 3098 PK11_FreeSymKey(symKey);
3096 return SECSuccess; 3099 return SECSuccess;
3097 3100
3098 3101
3099 loser: 3102 loser:
3100 if (symKey) PK11_FreeSymKey(symKey); 3103 if (symKey) PK11_FreeSymKey(symKey);
3101 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); 3104 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
3102 return SECFailure; 3105 return SECFailure;
3103 } 3106 }
3104 3107
3105 SECStatus 3108 static SECStatus
3106 ssl3_RestartHandshakeHashes(sslSocket *ss) 3109 ssl3_RestartHandshakeHashes(sslSocket *ss)
3107 { 3110 {
3108 SECStatus rv = SECSuccess; 3111 SECStatus rv = SECSuccess;
3109 3112
3110 if (ss->opt.bypassPKCS11) { 3113 if (ss->opt.bypassPKCS11) {
3111 ss->ssl3.hs.messages.len = 0; 3114 ss->ssl3.hs.messages.len = 0;
3112 MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); 3115 MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx);
3113 SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); 3116 SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx);
3114 } else { 3117 } else {
3115 rv = PK11_DigestBegin(ss->ssl3.hs.md5); 3118 rv = PK11_DigestBegin(ss->ssl3.hs.md5);
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after
3173 3176
3174 /* 3177 /*
3175 * Handshake messages 3178 * Handshake messages
3176 */ 3179 */
3177 /* Called from ssl3_AppendHandshake() 3180 /* Called from ssl3_AppendHandshake()
3178 ** ssl3_StartHandshakeHash() 3181 ** ssl3_StartHandshakeHash()
3179 ** ssl3_HandleV2ClientHello() 3182 ** ssl3_HandleV2ClientHello()
3180 ** ssl3_HandleHandshakeMessage() 3183 ** ssl3_HandleHandshakeMessage()
3181 ** Caller must hold the ssl3Handshake lock. 3184 ** Caller must hold the ssl3Handshake lock.
3182 */ 3185 */
3183 SECStatus 3186 static SECStatus
3184 ssl3_UpdateHandshakeHashes(sslSocket *ss, unsigned char *b, unsigned int l) 3187 ssl3_UpdateHandshakeHashes(sslSocket *ss, unsigned char *b, unsigned int l)
3185 { 3188 {
3186 SECStatus rv = SECSuccess; 3189 SECStatus rv = SECSuccess;
3187 3190
3188 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); 3191 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
3189 3192
3190 PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l)); 3193 PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l));
3191 3194
3192 if (ss->opt.bypassPKCS11) { 3195 if (ss->opt.bypassPKCS11) {
3193 MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); 3196 MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l);
(...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after
3432 3435
3433 /* Extract the hashes of handshake messages to this point. 3436 /* Extract the hashes of handshake messages to this point.
3434 * Called from ssl3_SendCertificateVerify 3437 * Called from ssl3_SendCertificateVerify
3435 * ssl3_SendFinished 3438 * ssl3_SendFinished
3436 * ssl3_HandleHandshakeMessage 3439 * ssl3_HandleHandshakeMessage
3437 * 3440 *
3438 * Caller must hold the SSL3HandshakeLock. 3441 * Caller must hold the SSL3HandshakeLock.
3439 * Caller must hold a read or write lock on the Spec R/W lock. 3442 * Caller must hold a read or write lock on the Spec R/W lock.
3440 * (There is presently no way to assert on a Read lock.) 3443 * (There is presently no way to assert on a Read lock.)
3441 */ 3444 */
3442 SECStatus 3445 static SECStatus
3443 ssl3_ComputeHandshakeHashes(sslSocket * ss, 3446 ssl3_ComputeHandshakeHashes(sslSocket * ss,
3444 ssl3CipherSpec *spec, /* uses ->master_secret */ 3447 ssl3CipherSpec *spec, /* uses ->master_secret */
3445 SSL3Hashes * hashes, /* output goes here. */ 3448 SSL3Hashes * hashes, /* output goes here. */
3446 PRUint32 sender) 3449 PRUint32 sender)
3447 { 3450 {
3448 SECStatus rv = SECSuccess; 3451 SECStatus rv = SECSuccess;
3449 PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); 3452 PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0);
3450 unsigned int outLength; 3453 unsigned int outLength;
3451 SSL3Opaque md5_inner[MAX_MAC_LENGTH]; 3454 SSL3Opaque md5_inner[MAX_MAC_LENGTH];
3452 SSL3Opaque sha_inner[MAX_MAC_LENGTH]; 3455 SSL3Opaque sha_inner[MAX_MAC_LENGTH];
(...skipping 577 matching lines...) Expand 10 before | Expand all | Expand 10 after
4030 TLSExtensionData *xtnData = &ss->xtnData; 4033 TLSExtensionData *xtnData = &ss->xtnData;
4031 xtnData->advertised[xtnData->numAdvertised++] = 4034 xtnData->advertised[xtnData->numAdvertised++] =
4032 ssl_renegotiation_info_xtn; 4035 ssl_renegotiation_info_xtn;
4033 } 4036 }
4034 4037
4035 rv = ssl3_FlushHandshake(ss, 0); 4038 rv = ssl3_FlushHandshake(ss, 0);
4036 if (rv != SECSuccess) { 4039 if (rv != SECSuccess) {
4037 return rv; /* error code set by ssl3_FlushHandshake */ 4040 return rv; /* error code set by ssl3_FlushHandshake */
4038 } 4041 }
4039 4042
4040 switch (ss->ssl3.hs.snapStartType) { 4043 ss->ssl3.hs.ws = wait_server_hello;
4041 case snap_start_full:
4042 » ss->ssl3.hs.ws = wait_new_session_ticket;
4043 » break;
4044 case snap_start_resume:
4045 » ss->ssl3.hs.ws = wait_change_cipher;
4046 » break;
4047 default:
4048 » ss->ssl3.hs.ws = wait_server_hello;
4049 » break;
4050 }
4051
4052 return rv; 4044 return rv;
4053 } 4045 }
4054 4046
4055 4047
4056 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete 4048 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
4057 * ssl3 Hello Request. 4049 * ssl3 Hello Request.
4058 * Caller must hold Handshake and RecvBuf locks. 4050 * Caller must hold Handshake and RecvBuf locks.
4059 */ 4051 */
4060 static SECStatus 4052 static SECStatus
4061 ssl3_HandleHelloRequest(sslSocket *ss) 4053 ssl3_HandleHelloRequest(sslSocket *ss)
(...skipping 670 matching lines...) Expand 10 before | Expand all | Expand 10 after
4732 if(privKey) SECKEY_DestroyPrivateKey(privKey); 4724 if(privKey) SECKEY_DestroyPrivateKey(privKey);
4733 if(pubKey) SECKEY_DestroyPublicKey(pubKey); 4725 if(pubKey) SECKEY_DestroyPublicKey(pubKey);
4734 return rv; 4726 return rv;
4735 } 4727 }
4736 4728
4737 4729
4738 4730
4739 4731
4740 4732
4741 /* Called from ssl3_HandleServerHelloDone(). */ 4733 /* Called from ssl3_HandleServerHelloDone(). */
4742 SECStatus 4734 static SECStatus
4743 ssl3_SendClientKeyExchange(sslSocket *ss) 4735 ssl3_SendClientKeyExchange(sslSocket *ss)
4744 { 4736 {
4745 SECKEYPublicKey * serverKey = NULL; 4737 SECKEYPublicKey * serverKey = NULL;
4746 SECStatus rv = SECFailure; 4738 SECStatus rv = SECFailure;
4747 PRBool isTLS; 4739 PRBool isTLS;
4748 4740
4749 SSL_TRC(3, ("%d: SSL3[%d]: send client_key_exchange handshake", 4741 SSL_TRC(3, ("%d: SSL3[%d]: send client_key_exchange handshake",
4750 SSL_GETPID(), ss->fd)); 4742 SSL_GETPID(), ss->fd));
4751 4743
4752 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); 4744 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after
4872 if (rv != SECSuccess) { 4864 if (rv != SECSuccess) {
4873 goto done; /* error code set by AppendHandshake */ 4865 goto done; /* error code set by AppendHandshake */
4874 } 4866 }
4875 4867
4876 done: 4868 done:
4877 if (buf.data) 4869 if (buf.data)
4878 PORT_Free(buf.data); 4870 PORT_Free(buf.data);
4879 return rv; 4871 return rv;
4880 } 4872 }
4881 4873
4882 /* Called from ssl3_HandleServerHello to set up the master secret in
4883 * ss->ssl3.pwSpec and the auth algorithm and kea type in ss->sec in the case
4884 * of a successful session resumption. */
4885 SECStatus ssl3_SetupMasterSecretFromSessionID(sslSocket* ss) {
4886 sslSessionID *sid = ss->sec.ci.sid;
4887 ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
4888 SECItem wrappedMS; /* wrapped master secret. */
4889
4890 ss->sec.authAlgorithm = sid->authAlgorithm;
4891 ss->sec.authKeyBits = sid->authKeyBits;
4892 ss->sec.keaType = sid->keaType;
4893 ss->sec.keaKeyBits = sid->keaKeyBits;
4894
4895 /* 3 cases here:
4896 * a) key is wrapped (implies using PKCS11)
4897 * b) key is unwrapped, but we're still using PKCS11
4898 * c) key is unwrapped, and we're bypassing PKCS11.
4899 */
4900 if (sid->u.ssl3.keys.msIsWrapped) {
4901 PK11SlotInfo *slot;
4902 PK11SymKey * wrapKey; /* wrapping key */
4903 CK_FLAGS keyFlags = 0;
4904
4905 if (ss->opt.bypassPKCS11) {
4906 /* we cannot restart a non-bypass session in a
4907 ** bypass socket.
4908 */
4909 return SECFailure;
4910 }
4911 /* unwrap master secret with PKCS11 */
4912 slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
4913 sid->u.ssl3.masterSlotID);
4914 if (slot == NULL) {
4915 return SECFailure;
4916 }
4917 if (!PK11_IsPresent(slot)) {
4918 PK11_FreeSlot(slot);
4919 return SECFailure;
4920 }
4921 wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex,
4922 sid->u.ssl3.masterWrapMech,
4923 sid->u.ssl3.masterWrapSeries,
4924 ss->pkcs11PinArg);
4925 PK11_FreeSlot(slot);
4926 if (wrapKey == NULL) {
4927 return SECFailure;
4928 }
4929
4930 if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
4931 keyFlags = CKF_SIGN | CKF_VERIFY;
4932 }
4933
4934 wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
4935 wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
4936 pwSpec->master_secret =
4937 PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
4938 NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
4939 CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
4940 PK11_FreeSymKey(wrapKey);
4941 if (pwSpec->master_secret == NULL) {
4942 return SECFailure;
4943 }
4944 } else if (ss->opt.bypassPKCS11) {
4945 /* MS is not wrapped */
4946 wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
4947 wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
4948 memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len);
4949 pwSpec->msItem.data = pwSpec->raw_master_secret;
4950 pwSpec->msItem.len = wrappedMS.len;
4951 } else {
4952 /* We CAN restart a bypass session in a non-bypass socket. */
4953 /* need to import the raw master secret to session object */
4954 PK11SlotInfo *slot = PK11_GetInternalSlot();
4955 wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
4956 wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
4957 pwSpec->master_secret =
4958 PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE,
4959 PK11_OriginUnwrap, CKA_ENCRYPT,
4960 &wrappedMS, NULL);
4961 PK11_FreeSlot(slot);
4962 if (pwSpec->master_secret == NULL) {
4963 return SECFailure;
4964 }
4965 }
4966
4967 return SECSuccess;
4968 }
4969
4970 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete 4874 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
4971 * ssl3 ServerHello message. 4875 * ssl3 ServerHello message.
4972 * Caller must hold Handshake and RecvBuf locks. 4876 * Caller must hold Handshake and RecvBuf locks.
4973 */ 4877 */
4974 static SECStatus 4878 static SECStatus
4975 ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) 4879 ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
4976 { 4880 {
4977 sslSessionID *sid = ss->sec.ci.sid; 4881 sslSessionID *sid = ss->sec.ci.sid;
4978 PRInt32 temp; /* allow for consume number failure */ 4882 PRInt32 temp; /* allow for consume number failure */
4979 PRBool suite_found = PR_FALSE; 4883 PRBool suite_found = PR_FALSE;
4980 int i; 4884 int i;
4981 int errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO; 4885 int errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
4982 SECStatus rv; 4886 SECStatus rv;
4983 SECItem sidBytes = {siBuffer, NULL, 0}; 4887 SECItem sidBytes = {siBuffer, NULL, 0};
4984 PRBool sid_match; 4888 PRBool sid_match;
4985 PRBool isTLS = PR_FALSE; 4889 PRBool isTLS = PR_FALSE;
4986 SSL3AlertDescription desc = illegal_parameter; 4890 SSL3AlertDescription desc = illegal_parameter;
4987 SSL3ProtocolVersion version; 4891 SSL3ProtocolVersion version;
4988 4892
4989 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake", 4893 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake",
4990 SSL_GETPID(), ss->fd)); 4894 SSL_GETPID(), ss->fd));
4991 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); 4895 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
4992 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); 4896 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
4993 4897
4994 if (ss->ssl3.hs.snapStartType == snap_start_full ||
4995 ss->ssl3.hs.snapStartType == snap_start_resume) {
4996 /* Snap Start handshake was rejected. */
4997 rv = ssl3_ResetForSnapStartRecovery(ss, b, length);
4998 if (rv != SECSuccess)
4999 return rv;
5000 }
5001
5002 rv = ssl3_InitState(ss); 4898 rv = ssl3_InitState(ss);
5003 if (rv != SECSuccess) { 4899 if (rv != SECSuccess) {
5004 errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */ 4900 errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */
5005 goto alert_loser; 4901 goto alert_loser;
5006 } 4902 }
5007 if (ss->ssl3.hs.ws != wait_server_hello) { 4903 if (ss->ssl3.hs.ws != wait_server_hello) {
5008 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; 4904 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO;
5009 desc = unexpected_message; 4905 desc = unexpected_message;
5010 goto alert_loser; 4906 goto alert_loser;
5011 } 4907 }
(...skipping 11 matching lines...) Expand all
5023 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); 4919 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
5024 ss->ssl3.clientPrivateKey = NULL; 4920 ss->ssl3.clientPrivateKey = NULL;
5025 } 4921 }
5026 #ifdef NSS_PLATFORM_CLIENT_AUTH 4922 #ifdef NSS_PLATFORM_CLIENT_AUTH
5027 if (ss->ssl3.platformClientKey) { 4923 if (ss->ssl3.platformClientKey) {
5028 ssl_FreePlatformKey(ss->ssl3.platformClientKey); 4924 ssl_FreePlatformKey(ss->ssl3.platformClientKey);
5029 ss->ssl3.platformClientKey = (PlatformKey)NULL; 4925 ss->ssl3.platformClientKey = (PlatformKey)NULL;
5030 } 4926 }
5031 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 4927 #endif /* NSS_PLATFORM_CLIENT_AUTH */
5032 4928
5033 if (ss->ssl3.serverHelloPredictionData.data)
5034 SECITEM_FreeItem(&ss->ssl3.serverHelloPredictionData, PR_FALSE);
5035
5036 /* If this allocation fails it will only stop the application from
5037 * recording the ServerHello information and performing future Snap
5038 * Starts. */
5039 if (SECITEM_AllocItem(NULL, &ss->ssl3.serverHelloPredictionData, length))
5040 memcpy(ss->ssl3.serverHelloPredictionData.data, b, length);
5041 /* ss->ssl3.serverHelloPredictionDataValid is still false at this
5042 * point. We have to record the contents of the ServerHello here
5043 * because we don't have a pointer to the whole message when handling
5044 * the extensions. However, we wait until the Snap Start extension
5045 * handler to recognise that the server supports Snap Start and to set
5046 * serverHelloPredictionDataValid. */
5047
5048 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); 4929 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
5049 if (temp < 0) { 4930 if (temp < 0) {
5050 goto loser; /* alert has been sent */ 4931 goto loser; /* alert has been sent */
5051 } 4932 }
5052 version = (SSL3ProtocolVersion)temp; 4933 version = (SSL3ProtocolVersion)temp;
5053 4934
5054 /* this is appropriate since the negotiation is complete, and we only 4935 /* this is appropriate since the negotiation is complete, and we only
5055 ** know SSL 3.x. 4936 ** know SSL 3.x.
5056 */ 4937 */
5057 if (MSB(version) != MSB(SSL_LIBRARY_VERSION_3_0)) { 4938 if (MSB(version) != MSB(SSL_LIBRARY_VERSION_3_0)) {
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after
5178 * not and if so it may match the one we sent. 5059 * not and if so it may match the one we sent.
5179 * Attempt to restore the master secret to see if this is so... 5060 * Attempt to restore the master secret to see if this is so...
5180 * Don't consider failure to find a matching SID an error. 5061 * Don't consider failure to find a matching SID an error.
5181 */ 5062 */
5182 sid_match = (PRBool)(sidBytes.len > 0 && 5063 sid_match = (PRBool)(sidBytes.len > 0 &&
5183 sidBytes.len == sid->u.ssl3.sessionIDLength && 5064 sidBytes.len == sid->u.ssl3.sessionIDLength &&
5184 !PORT_Memcmp(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len)); 5065 !PORT_Memcmp(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len));
5185 5066
5186 if (sid_match && 5067 if (sid_match &&
5187 sid->version == ss->version && 5068 sid->version == ss->version &&
5188 » sid->u.ssl3.cipherSuite == ss->ssl3.hs.cipher_suite) { 5069 » sid->u.ssl3.cipherSuite == ss->ssl3.hs.cipher_suite) do {
5189 » rv = ssl3_SetupMasterSecretFromSessionID(ss); 5070 » ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
5190 » /* Failure of ssl3_SetupMasterSecretFromSessionID not considered an
5191 » * error. Continue with a full handshake. */
5192 » if (rv == SECSuccess) {
5193 » /* Got a Match */
5194 » SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_hits );
5195 5071
5196 » /* If we sent a session ticket, then this is a stateless resume. */ 5072 » SECItem wrappedMS; /* wrapped master secret. */
5197 » if (sid->version > SSL_LIBRARY_VERSION_3_0 &&
5198 » » sid->u.ssl3.sessionTicket.ticket.data != NULL)
5199 » » SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_stateless_resumes );
5200 5073
5201 » if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) 5074 » ss->sec.authAlgorithm = sid->authAlgorithm;
5202 » » ss->ssl3.hs.ws = wait_new_session_ticket; 5075 » ss->sec.authKeyBits = sid->authKeyBits;
5203 » else 5076 » ss->sec.keaType = sid->keaType;
5204 » » ss->ssl3.hs.ws = wait_change_cipher; 5077 » ss->sec.keaKeyBits = sid->keaKeyBits;
5205 5078
5206 » ss->ssl3.hs.isResuming = PR_TRUE; 5079 » /* 3 cases here:
5080 » * a) key is wrapped (implies using PKCS11)
5081 » * b) key is unwrapped, but we're still using PKCS11
5082 » * c) key is unwrapped, and we're bypassing PKCS11.
5083 » */
5084 » if (sid->u.ssl3.keys.msIsWrapped) {
5085 » PK11SlotInfo *slot;
5086 » PK11SymKey * wrapKey; /* wrapping key */
5087 » CK_FLAGS keyFlags = 0;
5207 5088
5208 » /* copy the peer cert from the SID */ 5089 » if (ss->opt.bypassPKCS11) {
5209 » if (sid->peerCert != NULL) { 5090 » » /* we cannot restart a non-bypass session in a
5210 » » ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); 5091 » » ** bypass socket.
5211 » » ssl3_CopyPeerCertsFromSID(ss, sid); 5092 » » */
5093 » » break;
5094 » }
5095 » /* unwrap master secret with PKCS11 */
5096 » slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
5097 » » » » sid->u.ssl3.masterSlotID);
5098 » if (slot == NULL) {
5099 » » break;» » /* not considered an error. */
5100 » }
5101 » if (!PK11_IsPresent(slot)) {
5102 » » PK11_FreeSlot(slot);
5103 » » break;» » /* not considered an error. */
5104 » }
5105 » wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex,
5106 » » » » sid->u.ssl3.masterWrapMech,
5107 » » » » sid->u.ssl3.masterWrapSeries,
5108 » » » » ss->pkcs11PinArg);
5109 » PK11_FreeSlot(slot);
5110 » if (wrapKey == NULL) {
5111 » » break;» » /* not considered an error. */
5212 } 5112 }
5213 5113
5214 » /* NULL value for PMS signifies re-use of the old MS */ 5114 » if (ss->version > SSL_LIBRARY_VERSION_3_0) {» /* isTLS */
5215 » rv = ssl3_InitPendingCipherSpec(ss, NULL); 5115 » » keyFlags = CKF_SIGN | CKF_VERIFY;
5216 » if (rv != SECSuccess) {
5217 » » goto alert_loser;
5218 } 5116 }
5219 » return SECSuccess; 5117
5118 » wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
5119 » wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
5120 » pwSpec->master_secret =
5121 » » PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
5122 » » » NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
5123 » » » CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
5124 » errCode = PORT_GetError();
5125 » PK11_FreeSymKey(wrapKey);
5126 » if (pwSpec->master_secret == NULL) {
5127 » » break;» /* errorCode set just after call to UnwrapSymKey. */
5128 » }
5129 » } else if (ss->opt.bypassPKCS11) {
5130 » /* MS is not wrapped */
5131 » wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
5132 » wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
5133 » memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len);
5134 » pwSpec->msItem.data = pwSpec->raw_master_secret;
5135 » pwSpec->msItem.len = wrappedMS.len;
5136 » } else {
5137 » /* We CAN restart a bypass session in a non-bypass socket. */
5138 » /* need to import the raw master secret to session object */
5139 » PK11SlotInfo *slot = PK11_GetInternalSlot();
5140 » wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
5141 » wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
5142 » pwSpec->master_secret =
5143 » » PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE,
5144 » » » » PK11_OriginUnwrap, CKA_ENCRYPT,
5145 » » » » &wrappedMS, NULL);
5146 » PK11_FreeSlot(slot);
5147 » if (pwSpec->master_secret == NULL) {
5148 » » break;
5149 » }
5220 } 5150 }
5221 } 5151
5152 » /* Got a Match */
5153 » SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_hits );
5154
5155 » /* If we sent a session ticket, then this is a stateless resume. */
5156 » if (sid->version > SSL_LIBRARY_VERSION_3_0 &&
5157 » sid->u.ssl3.sessionTicket.ticket.data != NULL)
5158 » SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_stateless_resumes );
5159
5160 » if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
5161 » ss->ssl3.hs.ws = wait_new_session_ticket;
5162 » else
5163 » ss->ssl3.hs.ws = wait_change_cipher;
5164
5165 » ss->ssl3.hs.isResuming = PR_TRUE;
5166
5167 » /* copy the peer cert from the SID */
5168 » if (sid->peerCert != NULL) {
5169 » ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
5170 » ssl3_CopyPeerCertsFromSID(ss, sid);
5171 » }
5172
5173
5174 » /* NULL value for PMS signifies re-use of the old MS */
5175 » rv = ssl3_InitPendingCipherSpec(ss, NULL);
5176 » if (rv != SECSuccess) {
5177 » goto alert_loser;» /* err code was set */
5178 » }
5179 » return SECSuccess;
5180 } while (0);
5222 5181
5223 if (sid_match) 5182 if (sid_match)
5224 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_not_ok ); 5183 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_not_ok );
5225 else 5184 else
5226 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_misses ); 5185 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_misses );
5227 5186
5228 /* throw the old one away */ 5187 /* throw the old one away */
5229 sid->u.ssl3.keys.resumable = PR_FALSE; 5188 sid->u.ssl3.keys.resumable = PR_FALSE;
5230 (*ss->sec.uncache)(sid); 5189 (*ss->sec.uncache)(sid);
5231 ssl_FreeSID(sid); 5190 ssl_FreeSID(sid);
(...skipping 1011 matching lines...) Expand 10 before | Expand all | Expand 10 after
6243 errCode = SSL_ERROR_UNSAFE_NEGOTIATION; 6202 errCode = SSL_ERROR_UNSAFE_NEGOTIATION;
6244 goto alert_loser; 6203 goto alert_loser;
6245 } 6204 }
6246 6205
6247 /* We do stateful resumes only if either of the following 6206 /* We do stateful resumes only if either of the following
6248 * conditions are satisfied: (1) the client does not support the 6207 * conditions are satisfied: (1) the client does not support the
6249 * session ticket extension, or (2) the client support the session 6208 * session ticket extension, or (2) the client support the session
6250 * ticket extension, but sent an empty ticket. 6209 * ticket extension, but sent an empty ticket.
6251 */ 6210 */
6252 if (!ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) || 6211 if (!ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) ||
6253 » ss->xtnData.serverReceivedEmptySessionTicket) { 6212 » ss->xtnData.emptySessionTicket) {
6254 if (sidBytes.len > 0 && !ss->opt.noCache) { 6213 if (sidBytes.len > 0 && !ss->opt.noCache) {
6255 SSL_TRC(7, ("%d: SSL3[%d]: server, lookup client session-id for 0x%0 8x%08x%08x%08x", 6214 SSL_TRC(7, ("%d: SSL3[%d]: server, lookup client session-id for 0x%0 8x%08x%08x%08x",
6256 SSL_GETPID(), ss->fd, ss->sec.ci.peer.pr_s6_addr32[0], 6215 SSL_GETPID(), ss->fd, ss->sec.ci.peer.pr_s6_addr32[0],
6257 ss->sec.ci.peer.pr_s6_addr32[1], 6216 ss->sec.ci.peer.pr_s6_addr32[1],
6258 ss->sec.ci.peer.pr_s6_addr32[2], 6217 ss->sec.ci.peer.pr_s6_addr32[2],
6259 ss->sec.ci.peer.pr_s6_addr32[3])); 6218 ss->sec.ci.peer.pr_s6_addr32[3]));
6260 if (ssl_sid_lookup) { 6219 if (ssl_sid_lookup) {
6261 sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sidBytes.data, 6220 sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sidBytes.data,
6262 sidBytes.len, ss->dbHandle); 6221 sidBytes.len, ss->dbHandle);
6263 } else { 6222 } else {
(...skipping 1432 matching lines...) Expand 10 before | Expand all | Expand 10 after
7696 (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length); 7655 (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length);
7697 7656
7698 rv = ssl3_ConsumeHandshakeVariable(ss, &session_ticket.ticket, 2, 7657 rv = ssl3_ConsumeHandshakeVariable(ss, &session_ticket.ticket, 2,
7699 &b, &length); 7658 &b, &length);
7700 if (length != 0 || rv != SECSuccess) { 7659 if (length != 0 || rv != SECSuccess) {
7701 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); 7660 (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
7702 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); 7661 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
7703 return SECFailure; /* malformed */ 7662 return SECFailure; /* malformed */
7704 } 7663 }
7705 7664
7706 if (ss->sec.ci.sid->peerCert == NULL) {
7707 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
7708 ssl3_CopyPeerCertsToSID((ssl3CertNode *)ss->ssl3.peerCertChain,
7709 ss->sec.ci.sid);
7710 }
7711
7712 rv = ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &session_ticket); 7665 rv = ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &session_ticket);
7713 if (rv != SECSuccess) { 7666 if (rv != SECSuccess) {
7714 (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); 7667 (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
7715 PORT_SetError(SSL_ERROR_INTERNAL_ERROR_ALERT); 7668 PORT_SetError(SSL_ERROR_INTERNAL_ERROR_ALERT);
7716 return SECFailure; 7669 return SECFailure;
7717 } 7670 }
7718 ss->ssl3.hs.ws = wait_change_cipher; 7671 ss->ssl3.hs.ws = wait_change_cipher;
7719 return SECSuccess; 7672 return SECSuccess;
7720 } 7673 }
7721 7674
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after
7893 ssl3CertNode *certs = (ssl3CertNode *)ss->ssl3.peerCertChain; 7846 ssl3CertNode *certs = (ssl3CertNode *)ss->ssl3.peerCertChain;
7894 7847
7895 for (; certs; certs = certs->next) { 7848 for (; certs; certs = certs->next) {
7896 CERT_DestroyCertificate(certs->cert); 7849 CERT_DestroyCertificate(certs->cert);
7897 } 7850 }
7898 if (arena) PORT_FreeArena(arena, PR_FALSE); 7851 if (arena) PORT_FreeArena(arena, PR_FALSE);
7899 ss->ssl3.peerCertArena = NULL; 7852 ss->ssl3.peerCertArena = NULL;
7900 ss->ssl3.peerCertChain = NULL; 7853 ss->ssl3.peerCertChain = NULL;
7901 } 7854 }
7902 7855
7903 void 7856 static void
7904 ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid) 7857 ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid)
7905 { 7858 {
7906 PRArenaPool *arena; 7859 PRArenaPool *arena;
7907 ssl3CertNode *lastCert = NULL; 7860 ssl3CertNode *lastCert = NULL;
7908 ssl3CertNode *certs = NULL; 7861 ssl3CertNode *certs = NULL;
7909 int i; 7862 int i;
7910 7863
7911 if (!sid->peerCertChain[0]) 7864 if (!sid->peerCertChain[0])
7912 return; 7865 return;
7913 PORT_Assert(!ss->ssl3.peerCertArena); 7866 PORT_Assert(!ss->ssl3.peerCertArena);
(...skipping 445 matching lines...) Expand 10 before | Expand all | Expand 10 after
8359 ssl_GetRecvBufLock(ss); 8312 ssl_GetRecvBufLock(ss);
8360 if (ss->ssl3.hs.msgState.buf != NULL) { 8313 if (ss->ssl3.hs.msgState.buf != NULL) {
8361 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); 8314 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
8362 } 8315 }
8363 ssl_ReleaseRecvBufLock(ss); 8316 ssl_ReleaseRecvBufLock(ss);
8364 } 8317 }
8365 8318
8366 return rv; 8319 return rv;
8367 } 8320 }
8368 8321
8369 SECStatus 8322 static SECStatus
8370 ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, 8323 ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
8371 PRBool isServer, 8324 PRBool isServer,
8372 const SSL3Finished * hashes, 8325 const SSL3Finished * hashes,
8373 TLSFinished * tlsFinished) 8326 TLSFinished * tlsFinished)
8374 { 8327 {
8375 const char * label; 8328 const char * label;
8376 unsigned int len; 8329 unsigned int len;
8377 SECStatus rv; 8330 SECStatus rv;
8378 8331
8379 label = isServer ? "server finished" : "client finished"; 8332 label = isServer ? "server finished" : "client finished";
(...skipping 27 matching lines...) Expand all
8407 outData.len = sizeof tlsFinished->verify_data; 8360 outData.len = sizeof tlsFinished->verify_data;
8408 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); 8361 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
8409 PORT_Assert(rv != SECSuccess || \ 8362 PORT_Assert(rv != SECSuccess || \
8410 outData.len == sizeof tlsFinished->verify_data); 8363 outData.len == sizeof tlsFinished->verify_data);
8411 } 8364 }
8412 return rv; 8365 return rv;
8413 } 8366 }
8414 8367
8415 /* called from ssl3_HandleServerHelloDone 8368 /* called from ssl3_HandleServerHelloDone
8416 */ 8369 */
8417 SECStatus 8370 static SECStatus
8418 ssl3_SendNextProto(sslSocket *ss) 8371 ssl3_SendNextProto(sslSocket *ss)
8419 { 8372 {
8420 SECStatus rv; 8373 SECStatus rv;
8421 int padding_len; 8374 int padding_len;
8422 static const unsigned char padding[32] = {0}; 8375 static const unsigned char padding[32] = {0};
8423 8376
8424 if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NO_SUPPORT) 8377 if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NO_SUPPORT)
8425 return SECSuccess; 8378 return SECSuccess;
8426 8379
8427 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); 8380 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
(...skipping 15 matching lines...) Expand all
8443 if (rv != SECSuccess) { 8396 if (rv != SECSuccess) {
8444 return rv; /* error code set by AppendHandshake */ 8397 return rv; /* error code set by AppendHandshake */
8445 } 8398 }
8446 return rv; 8399 return rv;
8447 } 8400 }
8448 8401
8449 /* called from ssl3_HandleServerHelloDone 8402 /* called from ssl3_HandleServerHelloDone
8450 * ssl3_HandleClientHello 8403 * ssl3_HandleClientHello
8451 * ssl3_HandleFinished 8404 * ssl3_HandleFinished
8452 */ 8405 */
8453 SECStatus 8406 static SECStatus
8454 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) 8407 ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
8455 { 8408 {
8456 ssl3CipherSpec *cwSpec; 8409 ssl3CipherSpec *cwSpec;
8457 PRBool isTLS; 8410 PRBool isTLS;
8458 PRBool isServer = ss->sec.isServer; 8411 PRBool isServer = ss->sec.isServer;
8459 SECStatus rv; 8412 SECStatus rv;
8460 SSL3Sender sender = isServer ? sender_server : sender_client; 8413 SSL3Sender sender = isServer ? sender_server : sender_client;
8461 SSL3Finished hashes; 8414 SSL3Finished hashes;
8462 TLSFinished tlsFinished; 8415 TLSFinished tlsFinished;
8463 8416
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
8496 else 8449 else
8497 ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes; 8450 ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes;
8498 ss->ssl3.hs.finishedBytes = sizeof hashes; 8451 ss->ssl3.hs.finishedBytes = sizeof hashes;
8499 rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof hashes); 8452 rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof hashes);
8500 if (rv != SECSuccess) 8453 if (rv != SECSuccess)
8501 goto fail; /* err set by AppendHandshake. */ 8454 goto fail; /* err set by AppendHandshake. */
8502 rv = ssl3_AppendHandshake(ss, &hashes, sizeof hashes); 8455 rv = ssl3_AppendHandshake(ss, &hashes, sizeof hashes);
8503 if (rv != SECSuccess) 8456 if (rv != SECSuccess)
8504 goto fail; /* err set by AppendHandshake. */ 8457 goto fail; /* err set by AppendHandshake. */
8505 } 8458 }
8506 if ((flags & ssl_SEND_FLAG_NO_FLUSH) == 0) { 8459 rv = ssl3_FlushHandshake(ss, flags);
8507 » rv = ssl3_FlushHandshake(ss, flags); 8460 if (rv != SECSuccess) {
8508 » if (rv != SECSuccess) { 8461 » goto fail;» /* error code set by ssl3_FlushHandshake */
8509 » goto fail;» /* error code set by ssl3_FlushHandshake */
8510 » }
8511 } 8462 }
8512
8513 return SECSuccess; 8463 return SECSuccess;
8514 8464
8515 fail: 8465 fail:
8516 return rv; 8466 return rv;
8517 } 8467 }
8518 8468
8519 /* wrap the master secret, and put it into the SID. 8469 /* wrap the master secret, and put it into the SID.
8520 * Caller holds the Spec read lock. 8470 * Caller holds the Spec read lock.
8521 */ 8471 */
8522 SECStatus 8472 SECStatus
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after
8619 8569
8620 SSL_TRC(3, ("%d: SSL3[%d]: handle finished handshake", 8570 SSL_TRC(3, ("%d: SSL3[%d]: handle finished handshake",
8621 SSL_GETPID(), ss->fd)); 8571 SSL_GETPID(), ss->fd));
8622 8572
8623 if (ss->ssl3.hs.ws != wait_finished) { 8573 if (ss->ssl3.hs.ws != wait_finished) {
8624 SSL3_SendAlert(ss, alert_fatal, unexpected_message); 8574 SSL3_SendAlert(ss, alert_fatal, unexpected_message);
8625 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_FINISHED); 8575 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_FINISHED);
8626 return SECFailure; 8576 return SECFailure;
8627 } 8577 }
8628 8578
8629 if (ss->ssl3.hs.snapStartType == snap_start_full ||
8630 ss->ssl3.hs.snapStartType == snap_start_resume) {
8631 /* Snap Start handshake was successful. Switch the cipher spec. */
8632 ssl_GetSpecWriteLock(ss);
8633 ssl3_DestroyCipherSpec(ss->ssl3.cwSpec, PR_TRUE/*freeSrvName*/);
8634 ss->ssl3.cwSpec = ss->ssl3.pwSpec;
8635 ss->ssl3.pwSpec = NULL;
8636 ssl_ReleaseSpecWriteLock(ss);
8637 }
8638
8639 isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0); 8579 isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0);
8640 if (isTLS) { 8580 if (isTLS) {
8641 TLSFinished tlsFinished; 8581 TLSFinished tlsFinished;
8642 8582
8643 if (length != sizeof tlsFinished) { 8583 if (length != sizeof tlsFinished) {
8644 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); 8584 (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
8645 PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED); 8585 PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
8646 return SECFailure; 8586 return SECFailure;
8647 } 8587 }
8648 8588 » rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer,
8649 » if (ss->ssl3.hs.snapStartType == snap_start_resume) { 8589 » hashes, &tlsFinished);
8650 » /* In this case we have already advanced the Finished hash past the 8590 » if (!isServer)
8651 » * server's verify_data because we needed to predict the server's 8591 » ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
8652 » * Finished message in order to compute our own (which includes 8592 » else
8653 » * it). When we did this, we stored a copy in tFinished[1]. */ 8593 » ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished;
8654 tlsFinished = ss->ssl3.hs.finishedMsgs.tFinished[1];
8655 » } else {
8656 » rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer,
8657 » » » » » hashes, &tlsFinished);
8658 » if (!isServer)
8659 » » ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
8660 » else
8661 » » ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished;
8662 » }
8663 ss->ssl3.hs.finishedBytes = sizeof tlsFinished; 8594 ss->ssl3.hs.finishedBytes = sizeof tlsFinished;
8664 if (rv != SECSuccess || 8595 if (rv != SECSuccess ||
8665 0 != NSS_SecureMemcmp(&tlsFinished, b, length)) { 8596 0 != NSS_SecureMemcmp(&tlsFinished, b, length)) {
8666 (void)SSL3_SendAlert(ss, alert_fatal, decrypt_error); 8597 (void)SSL3_SendAlert(ss, alert_fatal, decrypt_error);
8667 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); 8598 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
8668 return SECFailure; 8599 return SECFailure;
8669 } 8600 }
8670 } else { 8601 } else {
8671 if (length != sizeof(SSL3Hashes)) { 8602 if (length != sizeof(SSL3Hashes)) {
8672 (void)ssl3_IllegalParameter(ss); 8603 (void)ssl3_IllegalParameter(ss);
(...skipping 10 matching lines...) Expand all
8683 (void)ssl3_HandshakeFailure(ss); 8614 (void)ssl3_HandshakeFailure(ss);
8684 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); 8615 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
8685 return SECFailure; 8616 return SECFailure;
8686 } 8617 }
8687 } 8618 }
8688 8619
8689 doStepUp = (PRBool)(!isServer && ss->ssl3.hs.rehandshake); 8620 doStepUp = (PRBool)(!isServer && ss->ssl3.hs.rehandshake);
8690 8621
8691 ssl_GetXmitBufLock(ss); /*************************************/ 8622 ssl_GetXmitBufLock(ss); /*************************************/
8692 8623
8693 if (ss->ssl3.hs.snapStartType != snap_start_resume && 8624 if ((isServer && !ss->ssl3.hs.isResuming) ||
8694 » ((isServer && !ss->ssl3.hs.isResuming) || 8625 » (!isServer && ss->ssl3.hs.isResuming)) {
8695 » (!isServer && ss->ssl3.hs.isResuming))) {
8696 PRInt32 flags = 0; 8626 PRInt32 flags = 0;
8697 8627
8698 /* Send a NewSessionTicket message if the client sent us 8628 /* Send a NewSessionTicket message if the client sent us
8699 * either an empty session ticket, or one that did not verify. 8629 * either an empty session ticket, or one that did not verify.
8700 * (Note that if either of these conditions was met, then the 8630 * (Note that if either of these conditions was met, then the
8701 * server has sent a SessionTicket extension in the 8631 * server has sent a SessionTicket extension in the
8702 * ServerHello message.) 8632 * ServerHello message.)
8703 */ 8633 */
8704 if (isServer && !ss->ssl3.hs.isResuming && 8634 if (isServer && !ss->ssl3.hs.isResuming &&
8705 ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) { 8635 ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) {
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after
8801 /* If the wrap failed, we don't cache the sid. 8731 /* If the wrap failed, we don't cache the sid.
8802 * The connection continues normally however. 8732 * The connection continues normally however.
8803 */ 8733 */
8804 if (rv == SECSuccess) { 8734 if (rv == SECSuccess) {
8805 (*ss->sec.cache)(sid); 8735 (*ss->sec.cache)(sid);
8806 } 8736 }
8807 } 8737 }
8808 ss->ssl3.hs.ws = idle_handshake; 8738 ss->ssl3.hs.ws = idle_handshake;
8809 8739
8810 /* Do the handshake callback for sslv3 here, if we cannot false start. */ 8740 /* Do the handshake callback for sslv3 here, if we cannot false start. */
8811 if (ss->handshakeCallback != NULL && 8741 if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) {
8812 (!ssl3_CanFalseStart(ss) ||
8813 ss->ssl3.hs.snapStartType == snap_start_full ||
8814 ss->ssl3.hs.snapStartType == snap_start_resume)) {
8815 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); 8742 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
8816 } 8743 }
8817 8744
8818 return SECSuccess; 8745 return SECSuccess;
8819 } 8746 }
8820 8747
8821 /* This function handles any pending Certificate messages. Certificate messages 8748 /* This function handles any pending Certificate messages. Certificate messages
8822 * can be pending if we expect a possible CertificateStatus message to follow. 8749 * can be pending if we expect a possible CertificateStatus message to follow.
8823 * 8750 *
8824 * This function must be called immediately after handling the 8751 * This function must be called immediately after handling the
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
8885 8812
8886 /* Start new handshake hashes when we start a new handshake */ 8813 /* Start new handshake hashes when we start a new handshake */
8887 if (ss->ssl3.hs.msg_type == client_hello) { 8814 if (ss->ssl3.hs.msg_type == client_hello) {
8888 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", 8815 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes",
8889 SSL_GETPID(), ss->fd )); 8816 SSL_GETPID(), ss->fd ));
8890 rv = ssl3_RestartHandshakeHashes(ss); 8817 rv = ssl3_RestartHandshakeHashes(ss);
8891 if (rv != SECSuccess) { 8818 if (rv != SECSuccess) {
8892 return rv; 8819 return rv;
8893 } 8820 }
8894 } 8821 }
8895 /* We should not include hello_request messages in the handshake hashes. 8822 /* We should not include hello_request messages in the handshake hashes */
8896 * Likewise, for Finished messages from the server during a Snap Start 8823 if (ss->ssl3.hs.msg_type != hello_request) {
8897 * resume, we have already predicted and included the message in our
8898 * Finished hash. */
8899 if (ss->ssl3.hs.msg_type != hello_request &&
8900 » !(ss->ssl3.hs.msg_type == finished &&
8901 » ss->ssl3.hs.snapStartType == snap_start_resume)) {
8902 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); 8824 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4);
8903 if (rv != SECSuccess) return rv; /* err code already set. */ 8825 if (rv != SECSuccess) return rv; /* err code already set. */
8904 rv = ssl3_UpdateHandshakeHashes(ss, b, length); 8826 rv = ssl3_UpdateHandshakeHashes(ss, b, length);
8905 if (rv != SECSuccess) return rv; /* err code already set. */ 8827 if (rv != SECSuccess) return rv; /* err code already set. */
8906 } 8828 }
8907 8829
8908 PORT_SetError(0); /* each message starts with no error. */ 8830 PORT_SetError(0); /* each message starts with no error. */
8909 switch (ss->ssl3.hs.msg_type) { 8831 switch (ss->ssl3.hs.msg_type) {
8910 case hello_request: 8832 case hello_request:
8911 if (length != 0) { 8833 if (length != 0) {
(...skipping 918 matching lines...) Expand 10 before | Expand all | Expand 10 after
9830 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 9752 #endif /* NSS_PLATFORM_CLIENT_AUTH */
9831 9753
9832 if (ss->ssl3.peerCertArena != NULL) 9754 if (ss->ssl3.peerCertArena != NULL)
9833 ssl3_CleanupPeerCerts(ss); 9755 ssl3_CleanupPeerCerts(ss);
9834 9756
9835 if (ss->ssl3.clientCertChain != NULL) { 9757 if (ss->ssl3.clientCertChain != NULL) {
9836 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); 9758 CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
9837 ss->ssl3.clientCertChain = NULL; 9759 ss->ssl3.clientCertChain = NULL;
9838 } 9760 }
9839 9761
9840 if (ss->ssl3.predictedCertChain != NULL)
9841 ssl3_CleanupPredictedPeerCertificates(ss);
9842
9843 if (ss->ssl3.serverHelloPredictionData.data)
9844 SECITEM_FreeItem(&ss->ssl3.serverHelloPredictionData, PR_FALSE);
9845
9846 if (ss->ssl3.snapStartApplicationData.data)
9847 SECITEM_FreeItem(&ss->ssl3.snapStartApplicationData, PR_FALSE);
9848
9849 /* clean up handshake */ 9762 /* clean up handshake */
9850 if (ss->opt.bypassPKCS11) { 9763 if (ss->opt.bypassPKCS11) {
9851 SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); 9764 SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE);
9852 MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); 9765 MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE);
9853 } 9766 }
9854 if (ss->ssl3.hs.md5) { 9767 if (ss->ssl3.hs.md5) {
9855 PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); 9768 PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE);
9856 } 9769 }
9857 if (ss->ssl3.hs.sha) { 9770 if (ss->ssl3.hs.sha) {
9858 PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); 9771 PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE);
9859 } 9772 }
9860 if (ss->ssl3.hs.messages.buf) { 9773 if (ss->ssl3.hs.messages.buf) {
9861 PORT_Free(ss->ssl3.hs.messages.buf); 9774 PORT_Free(ss->ssl3.hs.messages.buf);
9862 ss->ssl3.hs.messages.buf = NULL; 9775 ss->ssl3.hs.messages.buf = NULL;
9863 ss->ssl3.hs.messages.len = 0; 9776 ss->ssl3.hs.messages.len = 0;
9864 ss->ssl3.hs.messages.space = 0; 9777 ss->ssl3.hs.messages.space = 0;
9865 } 9778 }
9866 if (ss->ssl3.hs.origClientHello.data) {
9867 SECITEM_FreeItem(&ss->ssl3.hs.origClientHello, PR_FALSE);
9868 }
9869 if (ss->ssl3.hs.pending_cert_msg.data) { 9779 if (ss->ssl3.hs.pending_cert_msg.data) {
9870 SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE); 9780 SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE);
9871 } 9781 }
9872 if (ss->ssl3.hs.cert_status.data) { 9782 if (ss->ssl3.hs.cert_status.data) {
9873 SECITEM_FreeItem(&ss->ssl3.hs.cert_status, PR_FALSE); 9783 SECITEM_FreeItem(&ss->ssl3.hs.cert_status, PR_FALSE);
9874 } 9784 }
9875 9785
9876 /* free the SSL3Buffer (msg_body) */ 9786 /* free the SSL3Buffer (msg_body) */
9877 PORT_Free(ss->ssl3.hs.msg_body.buf); 9787 PORT_Free(ss->ssl3.hs.msg_body.buf);
9878 9788
9879 /* free up the CipherSpecs */ 9789 /* free up the CipherSpecs */
9880 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/); 9790 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/);
9881 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/); 9791 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/);
9882 9792
9883 ss->ssl3.initialized = PR_FALSE; 9793 ss->ssl3.initialized = PR_FALSE;
9884 9794
9885 if (ss->ssl3.nextProto.data) { 9795 if (ss->ssl3.nextProto.data) {
9886 PORT_Free(ss->ssl3.nextProto.data); 9796 PORT_Free(ss->ssl3.nextProto.data);
9887 ss->ssl3.nextProto.data = NULL; 9797 ss->ssl3.nextProto.data = NULL;
9888 } 9798 }
9889 } 9799 }
9890 9800
9891 /* End of ssl3con.c */ 9801 /* End of ssl3con.c */
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/ssl.def ('k') | net/third_party/nss/ssl/ssl3ext.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698