| OLD | NEW |
| 1 /* | 1 /* |
| 2 * SSL3 Protocol | 2 * SSL3 Protocol |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 241 | 241 |
| 242 /* These two tables are used by the client, to handle server hello | 242 /* These two tables are used by the client, to handle server hello |
| 243 * extensions. */ | 243 * extensions. */ |
| 244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { | 244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { |
| 245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, | 245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
| 246 /* TODO: add a handler for ssl_ec_point_formats_xtn */ | 246 /* TODO: add a handler for ssl_ec_point_formats_xtn */ |
| 247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, | 247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
| 248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 249 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, | 249 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
| 250 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, | 250 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
| 251 { ssl_snap_start_xtn, &ssl3_ClientHandleSnapStartXtn }, | |
| 252 { -1, NULL } | 251 { -1, NULL } |
| 253 }; | 252 }; |
| 254 | 253 |
| 255 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { | 254 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { |
| 256 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 255 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 257 { -1, NULL } | 256 { -1, NULL } |
| 258 }; | 257 }; |
| 259 | 258 |
| 260 /* Tables of functions to format TLS hello extensions, one function per | 259 /* Tables of functions to format TLS hello extensions, one function per |
| 261 * extension. | 260 * extension. |
| 262 * These static tables are for the formatting of client hello extensions. | 261 * These static tables are for the formatting of client hello extensions. |
| 263 * The server's table of hello senders is dynamic, in the socket struct, | 262 * The server's table of hello senders is dynamic, in the socket struct, |
| 264 * and sender functions are registered there. | 263 * and sender functions are registered there. |
| 265 */ | 264 */ |
| 266 static const | 265 static const |
| 267 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { | 266 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { |
| 268 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, | 267 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, |
| 269 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, | 268 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, |
| 270 #ifdef NSS_ENABLE_ECC | 269 #ifdef NSS_ENABLE_ECC |
| 271 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, | 270 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, |
| 272 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, | 271 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, |
| 273 #endif | 272 #endif |
| 274 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, | 273 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
| 275 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }, | 274 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
| 276 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, | 275 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } |
| 277 { ssl_snap_start_xtn, &ssl3_SendSnapStartXtn } | |
| 278 /* NOTE: The Snap Start sender MUST be the last extension in the list. */ | |
| 279 /* any extra entries will appear as { 0, NULL } */ | 276 /* any extra entries will appear as { 0, NULL } */ |
| 280 }; | 277 }; |
| 281 | 278 |
| 282 static const | 279 static const |
| 283 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { | 280 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { |
| 284 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } | 281 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } |
| 285 /* any extra entries will appear as { 0, NULL } */ | 282 /* any extra entries will appear as { 0, NULL } */ |
| 286 }; | 283 }; |
| 287 | 284 |
| 288 static PRBool | 285 static PRBool |
| 289 arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) | 286 arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) |
| 290 { | 287 { |
| 291 int i; | 288 int i; |
| 292 for (i = 0; i < len; i++) { | 289 for (i = 0; i < len; i++) { |
| 293 if (ex_type == array[i]) | 290 if (ex_type == array[i]) |
| 294 return PR_TRUE; | 291 return PR_TRUE; |
| 295 } | 292 } |
| 296 return PR_FALSE; | 293 return PR_FALSE; |
| 297 } | 294 } |
| 298 | 295 |
| 299 PRBool | 296 PRBool |
| 300 ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) { | 297 ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) { |
| 301 TLSExtensionData *xtnData = &ss->xtnData; | 298 TLSExtensionData *xtnData = &ss->xtnData; |
| 302 return arrayContainsExtension(xtnData->negotiated, | 299 return arrayContainsExtension(xtnData->negotiated, |
| 303 xtnData->numNegotiated, ex_type); | 300 xtnData->numNegotiated, ex_type); |
| 304 } | 301 } |
| 305 | 302 |
| 306 PRBool | 303 static PRBool |
| 307 ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) { | 304 ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) { |
| 308 TLSExtensionData *xtnData = &ss->xtnData; | 305 TLSExtensionData *xtnData = &ss->xtnData; |
| 309 return arrayContainsExtension(xtnData->advertised, | 306 return arrayContainsExtension(xtnData->advertised, |
| 310 xtnData->numAdvertised, ex_type); | 307 xtnData->numAdvertised, ex_type); |
| 311 } | 308 } |
| 312 | 309 |
| 313 /* Format an SNI extension, using the name from the socket's URL, | 310 /* Format an SNI extension, using the name from the socket's URL, |
| 314 * unless that name is a dotted decimal string. | 311 * unless that name is a dotted decimal string. |
| 315 * Used by client and server. | 312 * Used by client and server. |
| 316 */ | 313 */ |
| (...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 513 SECStatus rv; | 510 SECStatus rv; |
| 514 /* extension_type */ | 511 /* extension_type */ |
| 515 rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); | 512 rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); |
| 516 if (rv != SECSuccess) | 513 if (rv != SECSuccess) |
| 517 goto loser; | 514 goto loser; |
| 518 if (session_ticket && session_ticket->ticket.data && | 515 if (session_ticket && session_ticket->ticket.data && |
| 519 ss->xtnData.ticketTimestampVerified) { | 516 ss->xtnData.ticketTimestampVerified) { |
| 520 rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data, | 517 rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data, |
| 521 session_ticket->ticket.len, 2); | 518 session_ticket->ticket.len, 2); |
| 522 ss->xtnData.ticketTimestampVerified = PR_FALSE; | 519 ss->xtnData.ticketTimestampVerified = PR_FALSE; |
| 523 if (!ss->sec.isServer) | |
| 524 ss->xtnData.clientSentNonEmptySessionTicket = PR_TRUE; | |
| 525 } else { | 520 } else { |
| 526 rv = ssl3_AppendHandshakeNumber(ss, 0, 2); | 521 rv = ssl3_AppendHandshakeNumber(ss, 0, 2); |
| 527 } | 522 } |
| 528 if (rv != SECSuccess) | 523 if (rv != SECSuccess) |
| 529 goto loser; | 524 goto loser; |
| 530 | 525 |
| 531 if (!ss->sec.isServer) { | 526 if (!ss->sec.isServer) { |
| 532 TLSExtensionData *xtnData = &ss->xtnData; | 527 TLSExtensionData *xtnData = &ss->xtnData; |
| 533 xtnData->advertised[xtnData->numAdvertised++] = | 528 xtnData->advertised[xtnData->numAdvertised++] = |
| 534 ssl_session_ticket_xtn; | 529 ssl_session_ticket_xtn; |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 573 } | 568 } |
| 574 | 569 |
| 575 if (offset > length) | 570 if (offset > length) |
| 576 return SECFailure; | 571 return SECFailure; |
| 577 | 572 |
| 578 return SECSuccess; | 573 return SECSuccess; |
| 579 } | 574 } |
| 580 | 575 |
| 581 SECStatus | 576 SECStatus |
| 582 ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, | 577 ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, |
| 583 SECItem *data) | 578 SECItem *data) |
| 584 { | 579 { |
| 585 unsigned int i, j; | 580 unsigned int i, j; |
| 586 SECStatus rv; | 581 SECStatus rv; |
| 587 unsigned char *result; | 582 unsigned char *result; |
| 588 | 583 |
| 589 if (data->len == 0) { | 584 if (data->len == 0) { |
| 590 /* The server supports the extension, but doesn't have any | 585 /* The server supports the extension, but doesn't have any |
| 591 * protocols configured. In this case we request our favoured | 586 * protocols configured. In this case we request our favoured |
| 592 * protocol. */ | 587 * protocol. */ |
| 593 goto pick_first; | 588 goto pick_first; |
| (...skipping 501 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1095 return SECSuccess; | 1090 return SECSuccess; |
| 1096 | 1091 |
| 1097 /* Keep track of negotiated extensions. */ | 1092 /* Keep track of negotiated extensions. */ |
| 1098 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 1093 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
| 1099 | 1094 |
| 1100 /* Parse the received ticket sent in by the client. We are | 1095 /* Parse the received ticket sent in by the client. We are |
| 1101 * lenient about some parse errors, falling back to a fullshake | 1096 * lenient about some parse errors, falling back to a fullshake |
| 1102 * instead of terminating the current connection. | 1097 * instead of terminating the current connection. |
| 1103 */ | 1098 */ |
| 1104 if (data->len == 0) { | 1099 if (data->len == 0) { |
| 1105 » ss->xtnData.serverReceivedEmptySessionTicket = PR_TRUE; | 1100 » ss->xtnData.emptySessionTicket = PR_TRUE; |
| 1106 } else { | 1101 } else { |
| 1107 int i; | 1102 int i; |
| 1108 SECItem extension_data; | 1103 SECItem extension_data; |
| 1109 EncryptedSessionTicket enc_session_ticket; | 1104 EncryptedSessionTicket enc_session_ticket; |
| 1110 unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; | 1105 unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; |
| 1111 unsigned int computed_mac_length; | 1106 unsigned int computed_mac_length; |
| 1112 const SECHashObject *hashObj; | 1107 const SECHashObject *hashObj; |
| 1113 const unsigned char *aes_key; | 1108 const unsigned char *aes_key; |
| 1114 const unsigned char *mac_key; | 1109 const unsigned char *mac_key; |
| 1115 PK11SymKey *aes_key_pkcs11; | 1110 PK11SymKey *aes_key_pkcs11; |
| (...skipping 597 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1713 ss->peerRequestedProtection = 1; | 1708 ss->peerRequestedProtection = 1; |
| 1714 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 1709 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
| 1715 if (ss->sec.isServer) { | 1710 if (ss->sec.isServer) { |
| 1716 /* prepare to send back the appropriate response */ | 1711 /* prepare to send back the appropriate response */ |
| 1717 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, | 1712 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, |
| 1718 ssl3_SendRenegotiationInfoXtn); | 1713 ssl3_SendRenegotiationInfoXtn); |
| 1719 } | 1714 } |
| 1720 return rv; | 1715 return rv; |
| 1721 } | 1716 } |
| 1722 | 1717 |
| OLD | NEW |