| Index: net/third_party/nss/ssl/ssl3con.c
|
| ===================================================================
|
| --- net/third_party/nss/ssl/ssl3con.c (revision 88407)
|
| +++ net/third_party/nss/ssl/ssl3con.c (working copy)
|
| @@ -72,8 +72,7 @@
|
| #endif
|
|
|
| static void ssl3_CleanupPeerCerts(sslSocket *ss);
|
| -static void ssl3_CopyPeerCertsToSID(ssl3CertNode *certs,
|
| - sslSessionID *sid);
|
| +static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid);
|
| static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
|
| PK11SlotInfo * serverKeySlot);
|
| static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
|
| @@ -83,10 +82,14 @@
|
| static SECStatus ssl3_SendCertificate( sslSocket *ss);
|
| static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
|
| static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
|
| +static SECStatus ssl3_SendNextProto( sslSocket *ss);
|
| +static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
|
| static SECStatus ssl3_SendServerHello( sslSocket *ss);
|
| static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
|
| static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss);
|
| static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss);
|
| +static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, unsigned char *b,
|
| + unsigned int l);
|
|
|
| static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
|
| int maxOutputLen, const unsigned char *input,
|
| @@ -580,7 +583,7 @@
|
|
|
| /* return pointer to ssl3CipherSuiteDef for suite, or NULL */
|
| /* XXX This does a linear search. A binary search would be better. */
|
| -const ssl3CipherSuiteDef *
|
| +static const ssl3CipherSuiteDef *
|
| ssl_LookupCipherSuiteDef(ssl3CipherSuite suite)
|
| {
|
| int cipher_suite_def_len =
|
| @@ -1166,7 +1169,7 @@
|
| ** ssl3_DestroySSL3Info
|
| ** Caller must hold SpecWriteLock.
|
| */
|
| -void
|
| +static void
|
| ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName)
|
| {
|
| PRBool freeit = (PRBool)(!spec->bypassCiphers);
|
| @@ -1208,7 +1211,7 @@
|
| ** Caller must hold the ssl3 handshake lock.
|
| ** Acquires & releases SpecWriteLock.
|
| */
|
| -SECStatus
|
| +static SECStatus
|
| ssl3_SetupPendingCipherSpec(sslSocket *ss)
|
| {
|
| ssl3CipherSpec * pwSpec;
|
| @@ -2040,7 +2043,7 @@
|
| #endif /* NSS_PLATFORM_CLIENT_AUTH */
|
| }
|
|
|
| -SECStatus
|
| +static SECStatus
|
| ssl3_CompressMACEncryptRecord(sslSocket * ss,
|
| SSL3ContentType type,
|
| const SSL3Opaque * pIn,
|
| @@ -3102,7 +3105,7 @@
|
| return SECFailure;
|
| }
|
|
|
| -SECStatus
|
| +static SECStatus
|
| ssl3_RestartHandshakeHashes(sslSocket *ss)
|
| {
|
| SECStatus rv = SECSuccess;
|
| @@ -3180,7 +3183,7 @@
|
| ** ssl3_HandleHandshakeMessage()
|
| ** Caller must hold the ssl3Handshake lock.
|
| */
|
| -SECStatus
|
| +static SECStatus
|
| ssl3_UpdateHandshakeHashes(sslSocket *ss, unsigned char *b, unsigned int l)
|
| {
|
| SECStatus rv = SECSuccess;
|
| @@ -3439,7 +3442,7 @@
|
| * Caller must hold a read or write lock on the Spec R/W lock.
|
| * (There is presently no way to assert on a Read lock.)
|
| */
|
| -SECStatus
|
| +static SECStatus
|
| ssl3_ComputeHandshakeHashes(sslSocket * ss,
|
| ssl3CipherSpec *spec, /* uses ->master_secret */
|
| SSL3Hashes * hashes, /* output goes here. */
|
| @@ -4037,18 +4040,7 @@
|
| return rv; /* error code set by ssl3_FlushHandshake */
|
| }
|
|
|
| - switch (ss->ssl3.hs.snapStartType) {
|
| - case snap_start_full:
|
| - ss->ssl3.hs.ws = wait_new_session_ticket;
|
| - break;
|
| - case snap_start_resume:
|
| - ss->ssl3.hs.ws = wait_change_cipher;
|
| - break;
|
| - default:
|
| - ss->ssl3.hs.ws = wait_server_hello;
|
| - break;
|
| - }
|
| -
|
| + ss->ssl3.hs.ws = wait_server_hello;
|
| return rv;
|
| }
|
|
|
| @@ -4739,7 +4731,7 @@
|
|
|
|
|
| /* Called from ssl3_HandleServerHelloDone(). */
|
| -SECStatus
|
| +static SECStatus
|
| ssl3_SendClientKeyExchange(sslSocket *ss)
|
| {
|
| SECKEYPublicKey * serverKey = NULL;
|
| @@ -4879,94 +4871,6 @@
|
| return rv;
|
| }
|
|
|
| -/* Called from ssl3_HandleServerHello to set up the master secret in
|
| - * ss->ssl3.pwSpec and the auth algorithm and kea type in ss->sec in the case
|
| - * of a successful session resumption. */
|
| -SECStatus ssl3_SetupMasterSecretFromSessionID(sslSocket* ss) {
|
| - sslSessionID *sid = ss->sec.ci.sid;
|
| - ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
|
| - SECItem wrappedMS; /* wrapped master secret. */
|
| -
|
| - ss->sec.authAlgorithm = sid->authAlgorithm;
|
| - ss->sec.authKeyBits = sid->authKeyBits;
|
| - ss->sec.keaType = sid->keaType;
|
| - ss->sec.keaKeyBits = sid->keaKeyBits;
|
| -
|
| - /* 3 cases here:
|
| - * a) key is wrapped (implies using PKCS11)
|
| - * b) key is unwrapped, but we're still using PKCS11
|
| - * c) key is unwrapped, and we're bypassing PKCS11.
|
| - */
|
| - if (sid->u.ssl3.keys.msIsWrapped) {
|
| - PK11SlotInfo *slot;
|
| - PK11SymKey * wrapKey; /* wrapping key */
|
| - CK_FLAGS keyFlags = 0;
|
| -
|
| - if (ss->opt.bypassPKCS11) {
|
| - /* we cannot restart a non-bypass session in a
|
| - ** bypass socket.
|
| - */
|
| - return SECFailure;
|
| - }
|
| - /* unwrap master secret with PKCS11 */
|
| - slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
|
| - sid->u.ssl3.masterSlotID);
|
| - if (slot == NULL) {
|
| - return SECFailure;
|
| - }
|
| - if (!PK11_IsPresent(slot)) {
|
| - PK11_FreeSlot(slot);
|
| - return SECFailure;
|
| - }
|
| - wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex,
|
| - sid->u.ssl3.masterWrapMech,
|
| - sid->u.ssl3.masterWrapSeries,
|
| - ss->pkcs11PinArg);
|
| - PK11_FreeSlot(slot);
|
| - if (wrapKey == NULL) {
|
| - return SECFailure;
|
| - }
|
| -
|
| - if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
|
| - keyFlags = CKF_SIGN | CKF_VERIFY;
|
| - }
|
| -
|
| - wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
|
| - wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
|
| - pwSpec->master_secret =
|
| - PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
|
| - NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
|
| - CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
|
| - PK11_FreeSymKey(wrapKey);
|
| - if (pwSpec->master_secret == NULL) {
|
| - return SECFailure;
|
| - }
|
| - } else if (ss->opt.bypassPKCS11) {
|
| - /* MS is not wrapped */
|
| - wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
|
| - wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
|
| - memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len);
|
| - pwSpec->msItem.data = pwSpec->raw_master_secret;
|
| - pwSpec->msItem.len = wrappedMS.len;
|
| - } else {
|
| - /* We CAN restart a bypass session in a non-bypass socket. */
|
| - /* need to import the raw master secret to session object */
|
| - PK11SlotInfo *slot = PK11_GetInternalSlot();
|
| - wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
|
| - wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
|
| - pwSpec->master_secret =
|
| - PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE,
|
| - PK11_OriginUnwrap, CKA_ENCRYPT,
|
| - &wrappedMS, NULL);
|
| - PK11_FreeSlot(slot);
|
| - if (pwSpec->master_secret == NULL) {
|
| - return SECFailure;
|
| - }
|
| - }
|
| -
|
| - return SECSuccess;
|
| -}
|
| -
|
| /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
|
| * ssl3 ServerHello message.
|
| * Caller must hold Handshake and RecvBuf locks.
|
| @@ -4991,14 +4895,6 @@
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
|
|
|
| - if (ss->ssl3.hs.snapStartType == snap_start_full ||
|
| - ss->ssl3.hs.snapStartType == snap_start_resume) {
|
| - /* Snap Start handshake was rejected. */
|
| - rv = ssl3_ResetForSnapStartRecovery(ss, b, length);
|
| - if (rv != SECSuccess)
|
| - return rv;
|
| - }
|
| -
|
| rv = ssl3_InitState(ss);
|
| if (rv != SECSuccess) {
|
| errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */
|
| @@ -5030,21 +4926,6 @@
|
| }
|
| #endif /* NSS_PLATFORM_CLIENT_AUTH */
|
|
|
| - if (ss->ssl3.serverHelloPredictionData.data)
|
| - SECITEM_FreeItem(&ss->ssl3.serverHelloPredictionData, PR_FALSE);
|
| -
|
| - /* If this allocation fails it will only stop the application from
|
| - * recording the ServerHello information and performing future Snap
|
| - * Starts. */
|
| - if (SECITEM_AllocItem(NULL, &ss->ssl3.serverHelloPredictionData, length))
|
| - memcpy(ss->ssl3.serverHelloPredictionData.data, b, length);
|
| - /* ss->ssl3.serverHelloPredictionDataValid is still false at this
|
| - * point. We have to record the contents of the ServerHello here
|
| - * because we don't have a pointer to the whole message when handling
|
| - * the extensions. However, we wait until the Snap Start extension
|
| - * handler to recognise that the server supports Snap Start and to set
|
| - * serverHelloPredictionDataValid. */
|
| -
|
| temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
|
| if (temp < 0) {
|
| goto loser; /* alert has been sent */
|
| @@ -5185,41 +5066,119 @@
|
|
|
| if (sid_match &&
|
| sid->version == ss->version &&
|
| - sid->u.ssl3.cipherSuite == ss->ssl3.hs.cipher_suite) {
|
| - rv = ssl3_SetupMasterSecretFromSessionID(ss);
|
| - /* Failure of ssl3_SetupMasterSecretFromSessionID not considered an
|
| - * error. Continue with a full handshake. */
|
| - if (rv == SECSuccess) {
|
| - /* Got a Match */
|
| - SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_hits );
|
| + sid->u.ssl3.cipherSuite == ss->ssl3.hs.cipher_suite) do {
|
| + ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
|
|
|
| - /* If we sent a session ticket, then this is a stateless resume. */
|
| - if (sid->version > SSL_LIBRARY_VERSION_3_0 &&
|
| - sid->u.ssl3.sessionTicket.ticket.data != NULL)
|
| - SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_stateless_resumes );
|
| + SECItem wrappedMS; /* wrapped master secret. */
|
|
|
| - if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
|
| - ss->ssl3.hs.ws = wait_new_session_ticket;
|
| - else
|
| - ss->ssl3.hs.ws = wait_change_cipher;
|
| + ss->sec.authAlgorithm = sid->authAlgorithm;
|
| + ss->sec.authKeyBits = sid->authKeyBits;
|
| + ss->sec.keaType = sid->keaType;
|
| + ss->sec.keaKeyBits = sid->keaKeyBits;
|
|
|
| - ss->ssl3.hs.isResuming = PR_TRUE;
|
| + /* 3 cases here:
|
| + * a) key is wrapped (implies using PKCS11)
|
| + * b) key is unwrapped, but we're still using PKCS11
|
| + * c) key is unwrapped, and we're bypassing PKCS11.
|
| + */
|
| + if (sid->u.ssl3.keys.msIsWrapped) {
|
| + PK11SlotInfo *slot;
|
| + PK11SymKey * wrapKey; /* wrapping key */
|
| + CK_FLAGS keyFlags = 0;
|
|
|
| - /* copy the peer cert from the SID */
|
| - if (sid->peerCert != NULL) {
|
| - ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
|
| - ssl3_CopyPeerCertsFromSID(ss, sid);
|
| + if (ss->opt.bypassPKCS11) {
|
| + /* we cannot restart a non-bypass session in a
|
| + ** bypass socket.
|
| + */
|
| + break;
|
| }
|
| + /* unwrap master secret with PKCS11 */
|
| + slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
|
| + sid->u.ssl3.masterSlotID);
|
| + if (slot == NULL) {
|
| + break; /* not considered an error. */
|
| + }
|
| + if (!PK11_IsPresent(slot)) {
|
| + PK11_FreeSlot(slot);
|
| + break; /* not considered an error. */
|
| + }
|
| + wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex,
|
| + sid->u.ssl3.masterWrapMech,
|
| + sid->u.ssl3.masterWrapSeries,
|
| + ss->pkcs11PinArg);
|
| + PK11_FreeSlot(slot);
|
| + if (wrapKey == NULL) {
|
| + break; /* not considered an error. */
|
| + }
|
|
|
| - /* NULL value for PMS signifies re-use of the old MS */
|
| - rv = ssl3_InitPendingCipherSpec(ss, NULL);
|
| - if (rv != SECSuccess) {
|
| - goto alert_loser;
|
| + if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
|
| + keyFlags = CKF_SIGN | CKF_VERIFY;
|
| }
|
| - return SECSuccess;
|
| +
|
| + wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
|
| + wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
|
| + pwSpec->master_secret =
|
| + PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
|
| + NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
|
| + CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
|
| + errCode = PORT_GetError();
|
| + PK11_FreeSymKey(wrapKey);
|
| + if (pwSpec->master_secret == NULL) {
|
| + break; /* errorCode set just after call to UnwrapSymKey. */
|
| + }
|
| + } else if (ss->opt.bypassPKCS11) {
|
| + /* MS is not wrapped */
|
| + wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
|
| + wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
|
| + memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len);
|
| + pwSpec->msItem.data = pwSpec->raw_master_secret;
|
| + pwSpec->msItem.len = wrappedMS.len;
|
| + } else {
|
| + /* We CAN restart a bypass session in a non-bypass socket. */
|
| + /* need to import the raw master secret to session object */
|
| + PK11SlotInfo *slot = PK11_GetInternalSlot();
|
| + wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
|
| + wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
|
| + pwSpec->master_secret =
|
| + PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE,
|
| + PK11_OriginUnwrap, CKA_ENCRYPT,
|
| + &wrappedMS, NULL);
|
| + PK11_FreeSlot(slot);
|
| + if (pwSpec->master_secret == NULL) {
|
| + break;
|
| + }
|
| }
|
| - }
|
|
|
| + /* Got a Match */
|
| + SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_hits );
|
| +
|
| + /* If we sent a session ticket, then this is a stateless resume. */
|
| + if (sid->version > SSL_LIBRARY_VERSION_3_0 &&
|
| + sid->u.ssl3.sessionTicket.ticket.data != NULL)
|
| + SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_stateless_resumes );
|
| +
|
| + if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
|
| + ss->ssl3.hs.ws = wait_new_session_ticket;
|
| + else
|
| + ss->ssl3.hs.ws = wait_change_cipher;
|
| +
|
| + ss->ssl3.hs.isResuming = PR_TRUE;
|
| +
|
| + /* copy the peer cert from the SID */
|
| + if (sid->peerCert != NULL) {
|
| + ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
|
| + ssl3_CopyPeerCertsFromSID(ss, sid);
|
| + }
|
| +
|
| +
|
| + /* NULL value for PMS signifies re-use of the old MS */
|
| + rv = ssl3_InitPendingCipherSpec(ss, NULL);
|
| + if (rv != SECSuccess) {
|
| + goto alert_loser; /* err code was set */
|
| + }
|
| + return SECSuccess;
|
| + } while (0);
|
| +
|
| if (sid_match)
|
| SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_not_ok );
|
| else
|
| @@ -6250,7 +6209,7 @@
|
| * ticket extension, but sent an empty ticket.
|
| */
|
| if (!ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) ||
|
| - ss->xtnData.serverReceivedEmptySessionTicket) {
|
| + ss->xtnData.emptySessionTicket) {
|
| if (sidBytes.len > 0 && !ss->opt.noCache) {
|
| SSL_TRC(7, ("%d: SSL3[%d]: server, lookup client session-id for 0x%08x%08x%08x%08x",
|
| SSL_GETPID(), ss->fd, ss->sec.ci.peer.pr_s6_addr32[0],
|
| @@ -7703,12 +7662,6 @@
|
| return SECFailure; /* malformed */
|
| }
|
|
|
| - if (ss->sec.ci.sid->peerCert == NULL) {
|
| - ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
|
| - ssl3_CopyPeerCertsToSID((ssl3CertNode *)ss->ssl3.peerCertChain,
|
| - ss->sec.ci.sid);
|
| - }
|
| -
|
| rv = ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &session_ticket);
|
| if (rv != SECSuccess) {
|
| (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
|
| @@ -7900,7 +7853,7 @@
|
| ss->ssl3.peerCertChain = NULL;
|
| }
|
|
|
| -void
|
| +static void
|
| ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid)
|
| {
|
| PRArenaPool *arena;
|
| @@ -8366,7 +8319,7 @@
|
| return rv;
|
| }
|
|
|
| -SECStatus
|
| +static SECStatus
|
| ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
|
| PRBool isServer,
|
| const SSL3Finished * hashes,
|
| @@ -8414,7 +8367,7 @@
|
|
|
| /* called from ssl3_HandleServerHelloDone
|
| */
|
| -SECStatus
|
| +static SECStatus
|
| ssl3_SendNextProto(sslSocket *ss)
|
| {
|
| SECStatus rv;
|
| @@ -8450,7 +8403,7 @@
|
| * ssl3_HandleClientHello
|
| * ssl3_HandleFinished
|
| */
|
| -SECStatus
|
| +static SECStatus
|
| ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
|
| {
|
| ssl3CipherSpec *cwSpec;
|
| @@ -8503,13 +8456,10 @@
|
| if (rv != SECSuccess)
|
| goto fail; /* err set by AppendHandshake. */
|
| }
|
| - if ((flags & ssl_SEND_FLAG_NO_FLUSH) == 0) {
|
| - rv = ssl3_FlushHandshake(ss, flags);
|
| - if (rv != SECSuccess) {
|
| - goto fail; /* error code set by ssl3_FlushHandshake */
|
| - }
|
| + rv = ssl3_FlushHandshake(ss, flags);
|
| + if (rv != SECSuccess) {
|
| + goto fail; /* error code set by ssl3_FlushHandshake */
|
| }
|
| -
|
| return SECSuccess;
|
|
|
| fail:
|
| @@ -8626,16 +8576,6 @@
|
| return SECFailure;
|
| }
|
|
|
| - if (ss->ssl3.hs.snapStartType == snap_start_full ||
|
| - ss->ssl3.hs.snapStartType == snap_start_resume) {
|
| - /* Snap Start handshake was successful. Switch the cipher spec. */
|
| - ssl_GetSpecWriteLock(ss);
|
| - ssl3_DestroyCipherSpec(ss->ssl3.cwSpec, PR_TRUE/*freeSrvName*/);
|
| - ss->ssl3.cwSpec = ss->ssl3.pwSpec;
|
| - ss->ssl3.pwSpec = NULL;
|
| - ssl_ReleaseSpecWriteLock(ss);
|
| - }
|
| -
|
| isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0);
|
| if (isTLS) {
|
| TLSFinished tlsFinished;
|
| @@ -8645,21 +8585,12 @@
|
| PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
|
| return SECFailure;
|
| }
|
| -
|
| - if (ss->ssl3.hs.snapStartType == snap_start_resume) {
|
| - /* In this case we have already advanced the Finished hash past the
|
| - * server's verify_data because we needed to predict the server's
|
| - * Finished message in order to compute our own (which includes
|
| - * it). When we did this, we stored a copy in tFinished[1]. */
|
| - tlsFinished = ss->ssl3.hs.finishedMsgs.tFinished[1];
|
| - } else {
|
| - rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer,
|
| - hashes, &tlsFinished);
|
| - if (!isServer)
|
| - ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
|
| - else
|
| - ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished;
|
| - }
|
| + rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer,
|
| + hashes, &tlsFinished);
|
| + if (!isServer)
|
| + ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
|
| + else
|
| + ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished;
|
| ss->ssl3.hs.finishedBytes = sizeof tlsFinished;
|
| if (rv != SECSuccess ||
|
| 0 != NSS_SecureMemcmp(&tlsFinished, b, length)) {
|
| @@ -8690,9 +8621,8 @@
|
|
|
| ssl_GetXmitBufLock(ss); /*************************************/
|
|
|
| - if (ss->ssl3.hs.snapStartType != snap_start_resume &&
|
| - ((isServer && !ss->ssl3.hs.isResuming) ||
|
| - (!isServer && ss->ssl3.hs.isResuming))) {
|
| + if ((isServer && !ss->ssl3.hs.isResuming) ||
|
| + (!isServer && ss->ssl3.hs.isResuming)) {
|
| PRInt32 flags = 0;
|
|
|
| /* Send a NewSessionTicket message if the client sent us
|
| @@ -8808,10 +8738,7 @@
|
| ss->ssl3.hs.ws = idle_handshake;
|
|
|
| /* Do the handshake callback for sslv3 here, if we cannot false start. */
|
| - if (ss->handshakeCallback != NULL &&
|
| - (!ssl3_CanFalseStart(ss) ||
|
| - ss->ssl3.hs.snapStartType == snap_start_full ||
|
| - ss->ssl3.hs.snapStartType == snap_start_resume)) {
|
| + if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) {
|
| (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
|
| }
|
|
|
| @@ -8892,13 +8819,8 @@
|
| return rv;
|
| }
|
| }
|
| - /* We should not include hello_request messages in the handshake hashes.
|
| - * Likewise, for Finished messages from the server during a Snap Start
|
| - * resume, we have already predicted and included the message in our
|
| - * Finished hash. */
|
| - if (ss->ssl3.hs.msg_type != hello_request &&
|
| - !(ss->ssl3.hs.msg_type == finished &&
|
| - ss->ssl3.hs.snapStartType == snap_start_resume)) {
|
| + /* We should not include hello_request messages in the handshake hashes */
|
| + if (ss->ssl3.hs.msg_type != hello_request) {
|
| rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4);
|
| if (rv != SECSuccess) return rv; /* err code already set. */
|
| rv = ssl3_UpdateHandshakeHashes(ss, b, length);
|
| @@ -9837,15 +9759,6 @@
|
| ss->ssl3.clientCertChain = NULL;
|
| }
|
|
|
| - if (ss->ssl3.predictedCertChain != NULL)
|
| - ssl3_CleanupPredictedPeerCertificates(ss);
|
| -
|
| - if (ss->ssl3.serverHelloPredictionData.data)
|
| - SECITEM_FreeItem(&ss->ssl3.serverHelloPredictionData, PR_FALSE);
|
| -
|
| - if (ss->ssl3.snapStartApplicationData.data)
|
| - SECITEM_FreeItem(&ss->ssl3.snapStartApplicationData, PR_FALSE);
|
| -
|
| /* clean up handshake */
|
| if (ss->opt.bypassPKCS11) {
|
| SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE);
|
| @@ -9863,9 +9776,6 @@
|
| ss->ssl3.hs.messages.len = 0;
|
| ss->ssl3.hs.messages.space = 0;
|
| }
|
| - if (ss->ssl3.hs.origClientHello.data) {
|
| - SECITEM_FreeItem(&ss->ssl3.hs.origClientHello, PR_FALSE);
|
| - }
|
| if (ss->ssl3.hs.pending_cert_msg.data) {
|
| SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE);
|
| }
|
|
|