Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 9733012: Update NSS to NSS 3.13.4 pre-release snapshot 20120319. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Forgot to update the sslerr.h and SSLerrs.h files Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/ssl3ext.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
1 /* 2 /*
2 * SSL3 Protocol 3 * SSL3 Protocol
3 * 4 *
4 * ***** BEGIN LICENSE BLOCK ***** 5 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 7 *
7 * The contents of this file are subject to the Mozilla Public License Version 8 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 9 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 10 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 11 * http://www.mozilla.org/MPL/
(...skipping 21 matching lines...) Expand all
32 * in which case the provisions of the GPL or the LGPL are applicable instead 33 * in which case the provisions of the GPL or the LGPL are applicable instead
33 * of those above. If you wish to allow use of your version of this file only 34 * of those above. If you wish to allow use of your version of this file only
34 * under the terms of either the GPL or the LGPL, and not to allow others to 35 * under the terms of either the GPL or the LGPL, and not to allow others to
35 * use your version of this file under the terms of the MPL, indicate your 36 * use your version of this file under the terms of the MPL, indicate your
36 * decision by deleting the provisions above and replace them with the notice 37 * decision by deleting the provisions above and replace them with the notice
37 * and other provisions required by the GPL or the LGPL. If you do not delete 38 * and other provisions required by the GPL or the LGPL. If you do not delete
38 * the provisions above, a recipient may use your version of this file under 39 * the provisions above, a recipient may use your version of this file under
39 * the terms of any one of the MPL, the GPL or the LGPL. 40 * the terms of any one of the MPL, the GPL or the LGPL.
40 * 41 *
41 * ***** END LICENSE BLOCK ***** */ 42 * ***** END LICENSE BLOCK ***** */
42 /* $Id: ssl3con.c,v 1.164 2012/02/17 09:50:04 kaie%kuix.de Exp $ */ 43 /* $Id: ssl3con.c,v 1.173 2012/03/18 00:31:19 wtc%google.com Exp $ */
43 44
44 #include "cert.h" 45 #include "cert.h"
45 #include "ssl.h" 46 #include "ssl.h"
46 #include "cryptohi.h" /* for DSAU_ stuff */ 47 #include "cryptohi.h" /* for DSAU_ stuff */
47 #include "keyhi.h" 48 #include "keyhi.h"
48 #include "secder.h" 49 #include "secder.h"
49 #include "secitem.h" 50 #include "secitem.h"
50 51
51 #include "sslimpl.h" 52 #include "sslimpl.h"
52 #include "sslproto.h" 53 #include "sslproto.h"
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after
135 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 136 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
136 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 137 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
137 #ifdef NSS_ENABLE_ECC 138 #ifdef NSS_ENABLE_ECC
138 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 139 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
139 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 140 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
140 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 141 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
141 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 142 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
142 #endif /* NSS_ENABLE_ECC */ 143 #endif /* NSS_ENABLE_ECC */
143 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 144 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
144 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 145 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
146 { SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
145 { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, 147 { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
146 { SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
147 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 148 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
148 149
149 #ifdef NSS_ENABLE_ECC 150 #ifdef NSS_ENABLE_ECC
150 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 151 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
151 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 152 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
152 #endif /* NSS_ENABLE_ECC */ 153 #endif /* NSS_ENABLE_ECC */
153 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 154 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
154 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 155 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
155 #ifdef NSS_ENABLE_ECC 156 #ifdef NSS_ENABLE_ECC
156 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 157 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
(...skipping 474 matching lines...) Expand 10 before | Expand all | Expand 10 after
631 int numPresent = 0; 632 int numPresent = 0;
632 int numEnabled = 0; 633 int numEnabled = 0;
633 PRBool isServer; 634 PRBool isServer;
634 sslServerCerts *svrAuth; 635 sslServerCerts *svrAuth;
635 636
636 PORT_Assert(ss); 637 PORT_Assert(ss);
637 if (!ss) { 638 if (!ss) {
638 PORT_SetError(SEC_ERROR_INVALID_ARGS); 639 PORT_SetError(SEC_ERROR_INVALID_ARGS);
639 return 0; 640 return 0;
640 } 641 }
641 if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) { 642 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
642 return 0; 643 return 0;
643 } 644 }
644 isServer = (PRBool)(ss->sec.isServer != 0); 645 isServer = (PRBool)(ss->sec.isServer != 0);
645 646
646 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { 647 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
647 suite = &ss->cipherSuites[i]; 648 suite = &ss->cipherSuites[i];
648 if (suite->enabled) { 649 if (suite->enabled) {
649 ++numEnabled; 650 ++numEnabled;
650 /* We need the cipher defs to see if we have a token that can handle 651 /* We need the cipher defs to see if we have a token that can handle
651 * this cipher. It isn't part of the static definition. 652 * this cipher. It isn't part of the static definition.
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after
735 suite->policy <= policy); 736 suite->policy <= policy);
736 } 737 }
737 738
738 /* return number of cipher suites that match policy and enabled state */ 739 /* return number of cipher suites that match policy and enabled state */
739 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ 740 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */
740 static int 741 static int
741 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) 742 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled)
742 { 743 {
743 int i, count = 0; 744 int i, count = 0;
744 745
745 if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) { 746 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
746 return 0; 747 return 0;
747 } 748 }
748 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { 749 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
749 if (config_match(&ss->cipherSuites[i], policy, enabled)) 750 if (config_match(&ss->cipherSuites[i], policy, enabled))
750 count++; 751 count++;
751 } 752 }
752 if (count <= 0) { 753 if (count <= 0) {
753 PORT_SetError(SSL_ERROR_SSL_DISABLED); 754 PORT_SetError(SSL_ERROR_SSL_DISABLED);
754 } 755 }
755 return count; 756 return count;
756 } 757 }
757 758
758 static PRBool
759 anyRestrictedEnabled(sslSocket *ss)
760 {
761 int i;
762
763 if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) {
764 return PR_FALSE;
765 }
766 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
767 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
768 if (suite->policy == SSL_RESTRICTED &&
769 suite->enabled &&
770 suite->isPresent)
771 return PR_TRUE;
772 }
773 return PR_FALSE;
774 }
775
776 /* 759 /*
777 * Null compression, mac and encryption functions 760 * Null compression, mac and encryption functions
778 */ 761 */
779 762
780 static SECStatus 763 static SECStatus
781 Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen, 764 Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
782 const unsigned char *input, int inputLen) 765 const unsigned char *input, int inputLen)
783 { 766 {
784 *outputLen = inputLen; 767 *outputLen = inputLen;
785 if (input != output) 768 if (input != output)
786 PORT_Memcpy(output, input, inputLen); 769 PORT_Memcpy(output, input, inputLen);
787 return SECSuccess; 770 return SECSuccess;
788 } 771 }
789 772
790 /* 773 /*
791 * SSL3 Utility functions 774 * SSL3 Utility functions
792 */ 775 */
793 776
777 /* allowLargerPeerVersion controls whether the function will select the
778 * highest enabled SSL version or fail when peerVersion is greater than the
779 * highest enabled version.
780 *
781 * If allowLargerPeerVersion is true, peerVersion is the peer's highest
782 * enabled version rather than the peer's selected version.
783 */
794 SECStatus 784 SECStatus
795 ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion) 785 ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion,
786 » » PRBool allowLargerPeerVersion)
796 { 787 {
797 SSL3ProtocolVersion version; 788 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
798 SSL3ProtocolVersion maxVersion;
799
800 if (ss->opt.enableTLS) {
801 » maxVersion = SSL_LIBRARY_VERSION_3_1_TLS;
802 } else if (ss->opt.enableSSL3) {
803 » maxVersion = SSL_LIBRARY_VERSION_3_0;
804 } else {
805 » /* what are we doing here? */
806 » PORT_Assert(ss->opt.enableSSL3 || ss->opt.enableTLS);
807 PORT_SetError(SSL_ERROR_SSL_DISABLED); 789 PORT_SetError(SSL_ERROR_SSL_DISABLED);
808 return SECFailure; 790 return SECFailure;
809 } 791 }
810 792
811 ss->version = version = PR_MIN(maxVersion, peerVersion); 793 if (peerVersion < ss->vrange.min ||
812 794 » (peerVersion > ss->vrange.max && !allowLargerPeerVersion)) {
813 if ((version == SSL_LIBRARY_VERSION_3_1_TLS && ss->opt.enableTLS) || 795 » PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
814 » (version == SSL_LIBRARY_VERSION_3_0 && ss->opt.enableSSL3)) { 796 » return SECFailure;
815 » return SECSuccess;
816 } 797 }
817 798
818 PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); 799 ss->version = PR_MIN(peerVersion, ss->vrange.max);
819 return SECFailure; 800 PORT_Assert(ssl3_VersionIsSupported(ssl_variant_stream, ss->version));
820 801
802 return SECSuccess;
821 } 803 }
822 804
823 static SECStatus 805 static SECStatus
824 ssl3_GetNewRandom(SSL3Random *random) 806 ssl3_GetNewRandom(SSL3Random *random)
825 { 807 {
826 PRUint32 gmt = ssl_Time(); 808 PRUint32 gmt = ssl_Time();
827 SECStatus rv; 809 SECStatus rv;
828 810
829 random->rand[0] = (unsigned char)(gmt >> 24); 811 random->rand[0] = (unsigned char)(gmt >> 24);
830 random->rand[1] = (unsigned char)(gmt >> 16); 812 random->rand[1] = (unsigned char)(gmt >> 16);
(...skipping 595 matching lines...) Expand 10 before | Expand all | Expand 10 after
1426 } 1408 }
1427 1409
1428 /* Initialize encryption and MAC contexts for pending spec. 1410 /* Initialize encryption and MAC contexts for pending spec.
1429 * Master Secret already is derived in spec->msItem 1411 * Master Secret already is derived in spec->msItem
1430 * Caller holds Spec write lock. 1412 * Caller holds Spec write lock.
1431 */ 1413 */
1432 static SECStatus 1414 static SECStatus
1433 ssl3_InitPendingContextsBypass(sslSocket *ss) 1415 ssl3_InitPendingContextsBypass(sslSocket *ss)
1434 { 1416 {
1435 ssl3CipherSpec * pwSpec; 1417 ssl3CipherSpec * pwSpec;
1436 const ssl3BulkCipherDef *cipher_def; 1418 const ssl3BulkCipherDef *cipher_def;
1437 void * serverContext = NULL; 1419 void * serverContext = NULL;
1438 void * clientContext = NULL; 1420 void * clientContext = NULL;
1439 BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL; 1421 BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL;
1440 int mode = 0; 1422 int mode = 0;
1441 unsigned int optArg1 = 0; 1423 unsigned int optArg1 = 0;
1442 unsigned int optArg2 = 0; 1424 unsigned int optArg2 = 0;
1443 PRBool server_encrypts = ss->sec.isServer; 1425 PRBool server_encrypts = ss->sec.isServer;
1444 CK_ULONG macLength; 1426 CK_ULONG macLength;
1445 SSLCipherAlgorithm calg; 1427 SSLCipherAlgorithm calg;
1446 SSLCompressionMethod compression_method; 1428 SSLCompressionMethod compression_method;
(...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after
1615 } 1597 }
1616 1598
1617 /* Initialize encryption and MAC contexts for pending spec. 1599 /* Initialize encryption and MAC contexts for pending spec.
1618 * Master Secret already is derived. 1600 * Master Secret already is derived.
1619 * Caller holds Spec write lock. 1601 * Caller holds Spec write lock.
1620 */ 1602 */
1621 static SECStatus 1603 static SECStatus
1622 ssl3_InitPendingContextsPKCS11(sslSocket *ss) 1604 ssl3_InitPendingContextsPKCS11(sslSocket *ss)
1623 { 1605 {
1624 ssl3CipherSpec * pwSpec; 1606 ssl3CipherSpec * pwSpec;
1625 const ssl3BulkCipherDef *cipher_def; 1607 const ssl3BulkCipherDef *cipher_def;
1626 PK11Context * serverContext = NULL; 1608 PK11Context * serverContext = NULL;
1627 PK11Context * clientContext = NULL; 1609 PK11Context * clientContext = NULL;
1628 SECItem * param; 1610 SECItem * param;
1629 CK_MECHANISM_TYPE mechanism; 1611 CK_MECHANISM_TYPE mechanism;
1630 CK_MECHANISM_TYPE mac_mech; 1612 CK_MECHANISM_TYPE mac_mech;
1631 CK_ULONG macLength; 1613 CK_ULONG macLength;
1632 CK_ULONG effKeyBits; 1614 CK_ULONG effKeyBits;
1633 SECItem iv; 1615 SECItem iv;
1634 SECItem mac_param; 1616 SECItem mac_param;
1635 SSLCipherAlgorithm calg; 1617 SSLCipherAlgorithm calg;
(...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after
2043 static SECStatus 2025 static SECStatus
2044 ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, 2026 ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec,
2045 PRBool isServer, 2027 PRBool isServer,
2046 SSL3ContentType type, 2028 SSL3ContentType type,
2047 const SSL3Opaque * pIn, 2029 const SSL3Opaque * pIn,
2048 PRUint32 contentLen, 2030 PRUint32 contentLen,
2049 sslBuffer * wrBuf) 2031 sslBuffer * wrBuf)
2050 { 2032 {
2051 const ssl3BulkCipherDef * cipher_def; 2033 const ssl3BulkCipherDef * cipher_def;
2052 SECStatus rv; 2034 SECStatus rv;
2053 PRUint32 macLen = 0; 2035 PRUint32 macLen = 0;
2054 PRUint32 fragLen; 2036 PRUint32 fragLen;
2055 PRUint32 p1Len, p2Len, oddLen = 0; 2037 PRUint32 p1Len, p2Len, oddLen = 0;
2056 PRInt32 cipherBytes = 0; 2038 int ivLen = 0;
2039 int cipherBytes = 0;
2057 2040
2058 cipher_def = cwSpec->cipher_def; 2041 cipher_def = cwSpec->cipher_def;
2059 2042
2043 if (cipher_def->type == type_block &&
2044 cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
2045 /* Prepend the per-record explicit IV using technique 2b from
2046 * RFC 4346 section 6.2.3.2: The IV is a cryptographically
2047 * strong random number XORed with the CBC residue from the previous
2048 * record.
2049 */
2050 ivLen = cipher_def->iv_size;
2051 if (ivLen > wrBuf->space - SSL3_RECORD_HEADER_LENGTH) {
2052 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
2053 return SECFailure;
2054 }
2055 rv = PK11_GenerateRandom(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, ivLen);
2056 if (rv != SECSuccess) {
2057 ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
2058 return rv;
2059 }
2060 rv = cwSpec->encode( cwSpec->encodeContext,
2061 wrBuf->buf + SSL3_RECORD_HEADER_LENGTH,
2062 &cipherBytes, /* output and actual outLen */
2063 ivLen, /* max outlen */
2064 wrBuf->buf + SSL3_RECORD_HEADER_LENGTH,
2065 ivLen); /* input and inputLen*/
2066 if (rv != SECSuccess || cipherBytes != ivLen) {
2067 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
2068 return SECFailure;
2069 }
2070 }
2071
2060 if (cwSpec->compressor) { 2072 if (cwSpec->compressor) {
2061 int outlen; 2073 int outlen;
2062 rv = cwSpec->compressor( 2074 rv = cwSpec->compressor(
2063 » cwSpec->compressContext, wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, 2075 » cwSpec->compressContext,
2064 » &outlen, wrBuf->space - SSL3_RECORD_HEADER_LENGTH, pIn, contentLen); 2076 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen, &outlen,
2077 » wrBuf->space - SSL3_RECORD_HEADER_LENGTH - ivLen, pIn, contentLen);
2065 if (rv != SECSuccess) 2078 if (rv != SECSuccess)
2066 return rv; 2079 return rv;
2067 » pIn = wrBuf->buf + SSL3_RECORD_HEADER_LENGTH; 2080 » pIn = wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen;
2068 contentLen = outlen; 2081 contentLen = outlen;
2069 } 2082 }
2070 2083
2071 /* 2084 /*
2072 * Add the MAC 2085 * Add the MAC
2073 */ 2086 */
2074 rv = ssl3_ComputeRecordMAC( cwSpec, isServer, 2087 rv = ssl3_ComputeRecordMAC( cwSpec, isServer,
2075 type, cwSpec->version, cwSpec->write_seq_num, pIn, contentLen, 2088 type, cwSpec->version, cwSpec->write_seq_num, pIn, contentLen,
2076 » wrBuf->buf + contentLen + SSL3_RECORD_HEADER_LENGTH, &macLen); 2089 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + contentLen, &macLen);
2077 if (rv != SECSuccess) { 2090 if (rv != SECSuccess) {
2078 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); 2091 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
2079 return SECFailure; 2092 return SECFailure;
2080 } 2093 }
2081 p1Len = contentLen; 2094 p1Len = contentLen;
2082 p2Len = macLen; 2095 p2Len = macLen;
2083 fragLen = contentLen + macLen; /* needs to be encrypted */ 2096 fragLen = contentLen + macLen; /* needs to be encrypted */
2084 PORT_Assert(fragLen <= MAX_FRAGMENT_LENGTH + 1024); 2097 PORT_Assert(fragLen <= MAX_FRAGMENT_LENGTH + 1024);
2085 2098
2086 /* 2099 /*
2087 * Pad the text (if we're doing a block cipher) 2100 * Pad the text (if we're doing a block cipher)
2088 * then Encrypt it 2101 * then Encrypt it
2089 */ 2102 */
2090 if (cipher_def->type == type_block) { 2103 if (cipher_def->type == type_block) {
2091 unsigned char * pBuf; 2104 unsigned char * pBuf;
2092 int padding_length; 2105 int padding_length;
2093 int i; 2106 int i;
2094 2107
2095 oddLen = contentLen % cipher_def->block_size; 2108 oddLen = contentLen % cipher_def->block_size;
2096 /* Assume blockSize is a power of two */ 2109 /* Assume blockSize is a power of two */
2097 padding_length = cipher_def->block_size - 1 - 2110 padding_length = cipher_def->block_size - 1 -
2098 ((fragLen) & (cipher_def->block_size - 1)); 2111 ((fragLen) & (cipher_def->block_size - 1));
2099 fragLen += padding_length + 1; 2112 fragLen += padding_length + 1;
2100 PORT_Assert((fragLen % cipher_def->block_size) == 0); 2113 PORT_Assert((fragLen % cipher_def->block_size) == 0);
2101 2114
2102 /* Pad according to TLS rules (also acceptable to SSL3). */ 2115 /* Pad according to TLS rules (also acceptable to SSL3). */
2103 » pBuf = &wrBuf->buf[fragLen + SSL3_RECORD_HEADER_LENGTH - 1]; 2116 » pBuf = &wrBuf->buf[SSL3_RECORD_HEADER_LENGTH + ivLen + fragLen - 1];
2104 for (i = padding_length + 1; i > 0; --i) { 2117 for (i = padding_length + 1; i > 0; --i) {
2105 *pBuf-- = padding_length; 2118 *pBuf-- = padding_length;
2106 } 2119 }
2107 /* now, if contentLen is not a multiple of block size, fix it */ 2120 /* now, if contentLen is not a multiple of block size, fix it */
2108 p2Len = fragLen - p1Len; 2121 p2Len = fragLen - p1Len;
2109 } 2122 }
2110 if (p1Len < 256) { 2123 if (p1Len < 256) {
2111 oddLen = p1Len; 2124 oddLen = p1Len;
2112 p1Len = 0; 2125 p1Len = 0;
2113 } else { 2126 } else {
2114 p1Len -= oddLen; 2127 p1Len -= oddLen;
2115 } 2128 }
2116 if (oddLen) { 2129 if (oddLen) {
2117 p2Len += oddLen; 2130 p2Len += oddLen;
2118 PORT_Assert( (cipher_def->block_size < 2) || \ 2131 PORT_Assert( (cipher_def->block_size < 2) || \
2119 (p2Len % cipher_def->block_size) == 0); 2132 (p2Len % cipher_def->block_size) == 0);
2120 » memmove(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len, 2133 » memmove(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len,
2121 pIn + p1Len, oddLen); 2134 pIn + p1Len, oddLen);
2122 } 2135 }
2123 if (p1Len > 0) { 2136 if (p1Len > 0) {
2137 int cipherBytesPart1 = -1;
2124 rv = cwSpec->encode( cwSpec->encodeContext, 2138 rv = cwSpec->encode( cwSpec->encodeContext,
2125 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, /* output */ 2139 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen, /* output */
2126 » &cipherBytes, /* actual outlen */ 2140 » &cipherBytesPart1, /* actual outlen */
2127 p1Len, /* max outlen */ 2141 p1Len, /* max outlen */
2128 pIn, p1Len); /* input, and inputlen */ 2142 pIn, p1Len); /* input, and inputlen */
2129 » PORT_Assert(rv == SECSuccess && cipherBytes == p1Len); 2143 » PORT_Assert(rv == SECSuccess && cipherBytesPart1 == (int) p1Len);
2130 » if (rv != SECSuccess || cipherBytes != p1Len) { 2144 » if (rv != SECSuccess || cipherBytesPart1 != (int) p1Len) {
2131 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); 2145 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
2132 return SECFailure; 2146 return SECFailure;
2133 } 2147 }
2148 cipherBytes += cipherBytesPart1;
2134 } 2149 }
2135 if (p2Len > 0) { 2150 if (p2Len > 0) {
2136 » PRInt32 cipherBytesPart2 = -1; 2151 » int cipherBytesPart2 = -1;
2137 rv = cwSpec->encode( cwSpec->encodeContext, 2152 rv = cwSpec->encode( cwSpec->encodeContext,
2138 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len, 2153 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len,
2139 &cipherBytesPart2, /* output and actual outLen */ 2154 &cipherBytesPart2, /* output and actual outLen */
2140 p2Len, /* max outlen */ 2155 p2Len, /* max outlen */
2141 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len, 2156 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len,
2142 p2Len); /* input and inputLen*/ 2157 p2Len); /* input and inputLen*/
2143 » PORT_Assert(rv == SECSuccess && cipherBytesPart2 == p2Len); 2158 » PORT_Assert(rv == SECSuccess && cipherBytesPart2 == (int) p2Len);
2144 » if (rv != SECSuccess || cipherBytesPart2 != p2Len) { 2159 » if (rv != SECSuccess || cipherBytesPart2 != (int) p2Len) {
2145 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); 2160 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
2146 return SECFailure; 2161 return SECFailure;
2147 } 2162 }
2148 cipherBytes += cipherBytesPart2; 2163 cipherBytes += cipherBytesPart2;
2149 } 2164 }
2150 PORT_Assert(cipherBytes <= MAX_FRAGMENT_LENGTH + 1024); 2165 PORT_Assert(cipherBytes <= MAX_FRAGMENT_LENGTH + 1024);
2151 2166
2152 ssl3_BumpSequenceNumber(&cwSpec->write_seq_num); 2167 ssl3_BumpSequenceNumber(&cwSpec->write_seq_num);
2153 2168
2154 wrBuf->len = cipherBytes + SSL3_RECORD_HEADER_LENGTH; 2169 wrBuf->len = cipherBytes + SSL3_RECORD_HEADER_LENGTH;
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
2218 } 2233 }
2219 2234
2220 while (nIn > 0) { 2235 while (nIn > 0) {
2221 PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH); 2236 PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);
2222 unsigned int spaceNeeded; 2237 unsigned int spaceNeeded;
2223 unsigned int numRecords; 2238 unsigned int numRecords;
2224 2239
2225 ssl_GetSpecReadLock(ss); /********************************/ 2240 ssl_GetSpecReadLock(ss); /********************************/
2226 2241
2227 if (nIn > 1 && ss->opt.cbcRandomIV && 2242 if (nIn > 1 && ss->opt.cbcRandomIV &&
2228 » ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS && 2243 » ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_1 &&
2229 type == content_application_data && 2244 type == content_application_data &&
2230 ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) { 2245 ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) {
2231 /* We will split the first byte of the record into its own record, 2246 /* We will split the first byte of the record into its own record,
2232 * as explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h 2247 * as explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h
2233 */ 2248 */
2234 numRecords = 2; 2249 numRecords = 2;
2235 } else { 2250 } else {
2236 numRecords = 1; 2251 numRecords = 1;
2237 } 2252 }
2238 2253
2239 spaceNeeded = contentLen + (numRecords * SSL3_BUFFER_FUDGE); 2254 spaceNeeded = contentLen + (numRecords * SSL3_BUFFER_FUDGE);
2255 if (ss->ssl3.cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
2256 ss->ssl3.cwSpec->cipher_def->type == type_block) {
2257 spaceNeeded += ss->ssl3.cwSpec->cipher_def->iv_size;
2258 }
2240 if (spaceNeeded > wrBuf->space) { 2259 if (spaceNeeded > wrBuf->space) {
2241 rv = sslBuffer_Grow(wrBuf, spaceNeeded); 2260 rv = sslBuffer_Grow(wrBuf, spaceNeeded);
2242 if (rv != SECSuccess) { 2261 if (rv != SECSuccess) {
2243 SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes", 2262 SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes",
2244 SSL_GETPID(), ss->fd, spaceNeeded)); 2263 SSL_GETPID(), ss->fd, spaceNeeded));
2245 goto spec_locked_loser; /* sslBuffer_Grow set error code. */ 2264 goto spec_locked_loser; /* sslBuffer_Grow set error code. */
2246 } 2265 }
2247 } 2266 }
2248 2267
2249 if (numRecords == 2) { 2268 if (numRecords == 2) {
(...skipping 1633 matching lines...) Expand 10 before | Expand all | Expand 10 after
3883 } 3902 }
3884 } 3903 }
3885 /* If we previously did client-auth, make sure that the token that 3904 /* If we previously did client-auth, make sure that the token that
3886 ** holds the private key still exists, is logged in, hasn't been 3905 ** holds the private key still exists, is logged in, hasn't been
3887 ** removed, etc. 3906 ** removed, etc.
3888 */ 3907 */
3889 if (sidOK && !ssl3_ClientAuthTokenPresent(sid)) { 3908 if (sidOK && !ssl3_ClientAuthTokenPresent(sid)) {
3890 sidOK = PR_FALSE; 3909 sidOK = PR_FALSE;
3891 } 3910 }
3892 3911
3912 if (sidOK && ssl3_NegotiateVersion(ss, sid->version,
3913 PR_FALSE) != SECSuccess) {
3914 sidOK = PR_FALSE;
3915 }
3916
3893 if (!sidOK) { 3917 if (!sidOK) {
3894 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_not_ok ); 3918 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_not_ok );
3895 (*ss->sec.uncache)(sid); 3919 (*ss->sec.uncache)(sid);
3896 ssl_FreeSID(sid); 3920 ssl_FreeSID(sid);
3897 sid = NULL; 3921 sid = NULL;
3898 } 3922 }
3899 } 3923 }
3900 3924
3901 if (sid) { 3925 if (sid) {
3902 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits ); 3926 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits );
3903 3927
3904 /* Are we attempting a stateless session resume? */ 3928 /* Are we attempting a stateless session resume? */
3905 if (sid->version > SSL_LIBRARY_VERSION_3_0 && 3929 if (sid->version > SSL_LIBRARY_VERSION_3_0 &&
3906 sid->u.ssl3.sessionTicket.ticket.data) 3930 sid->u.ssl3.sessionTicket.ticket.data)
3907 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_stateless_resumes ); 3931 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_stateless_resumes );
3908 3932
3909 rv = ssl3_NegotiateVersion(ss, sid->version);
3910 if (rv != SECSuccess)
3911 return rv; /* error code was set */
3912
3913 PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID, 3933 PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
3914 sid->u.ssl3.sessionIDLength)); 3934 sid->u.ssl3.sessionIDLength));
3915 3935
3916 ss->ssl3.policy = sid->u.ssl3.policy; 3936 ss->ssl3.policy = sid->u.ssl3.policy;
3917 } else { 3937 } else {
3918 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses ); 3938 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses );
3919 3939
3920 » rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_3_1_TLS); 3940 » rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED,
3941 » » » » PR_TRUE);
3921 if (rv != SECSuccess) 3942 if (rv != SECSuccess)
3922 return rv; /* error code was set */ 3943 return rv; /* error code was set */
3923 3944
3924 sid = ssl3_NewSessionID(ss, PR_FALSE); 3945 sid = ssl3_NewSessionID(ss, PR_FALSE);
3925 if (!sid) { 3946 if (!sid) {
3926 return SECFailure; /* memory error is set */ 3947 return SECFailure; /* memory error is set */
3927 } 3948 }
3928 } 3949 }
3929 3950
3930 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); 3951 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
3931 ssl_GetSpecWriteLock(ss); 3952 ssl_GetSpecWriteLock(ss);
3932 cwSpec = ss->ssl3.cwSpec; 3953 cwSpec = ss->ssl3.cwSpec;
3933 if (cwSpec->mac_def->mac == mac_null) { 3954 if (cwSpec->mac_def->mac == mac_null) {
3934 /* SSL records are not being MACed. */ 3955 /* SSL records are not being MACed. */
3935 cwSpec->version = ss->version; 3956 cwSpec->version = ss->version;
3936 } 3957 }
3937 ssl_ReleaseSpecWriteLock(ss); 3958 ssl_ReleaseSpecWriteLock(ss);
3938 3959
3939 if (ss->sec.ci.sid != NULL) { 3960 if (ss->sec.ci.sid != NULL) {
3940 ssl_FreeSID(ss->sec.ci.sid); /* decrement ref count, free if zero */ 3961 ssl_FreeSID(ss->sec.ci.sid); /* decrement ref count, free if zero */
3941 } 3962 }
3942 ss->sec.ci.sid = sid; 3963 ss->sec.ci.sid = sid;
3943 3964
3944 ss->sec.send = ssl3_SendApplicationData; 3965 ss->sec.send = ssl3_SendApplicationData;
3945 3966
3946 /* shouldn't get here if SSL3 is disabled, but ... */ 3967 /* shouldn't get here if SSL3 is disabled, but ... */
3947 PORT_Assert(ss->opt.enableSSL3 || ss->opt.enableTLS); 3968 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
3948 if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) { 3969 » PR_NOT_REACHED("No versions of SSL 3.0 or later are enabled");
3949 PORT_SetError(SSL_ERROR_SSL_DISABLED); 3970 PORT_SetError(SSL_ERROR_SSL_DISABLED);
3950 return SECFailure; 3971 return SECFailure;
3951 } 3972 }
3952 3973
3953 /* how many suites does our PKCS11 support (regardless of policy)? */ 3974 /* how many suites does our PKCS11 support (regardless of policy)? */
3954 num_suites = ssl3_config_match_init(ss); 3975 num_suites = ssl3_config_match_init(ss);
3955 if (!num_suites) 3976 if (!num_suites)
3956 return SECFailure; /* ssl3_config_match_init has set error code. */ 3977 return SECFailure; /* ssl3_config_match_init has set error code. */
3957 3978
3958 /* HACK for SCSV in SSL 3.0. On initial handshake, prepend SCSV, 3979 /* HACK for SCSV in SSL 3.0. On initial handshake, prepend SCSV,
(...skipping 1049 matching lines...) Expand 10 before | Expand all | Expand 10 after
5008 ss->ssl3.platformClientKey = (PlatformKey)NULL; 5029 ss->ssl3.platformClientKey = (PlatformKey)NULL;
5009 } 5030 }
5010 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 5031 #endif /* NSS_PLATFORM_CLIENT_AUTH */
5011 5032
5012 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); 5033 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
5013 if (temp < 0) { 5034 if (temp < 0) {
5014 goto loser; /* alert has been sent */ 5035 goto loser; /* alert has been sent */
5015 } 5036 }
5016 version = (SSL3ProtocolVersion)temp; 5037 version = (SSL3ProtocolVersion)temp;
5017 5038
5018 /* this is appropriate since the negotiation is complete, and we only 5039 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE);
5019 ** know SSL 3.x.
5020 */
5021 if (MSB(version) != MSB(SSL_LIBRARY_VERSION_3_0)) {
5022 » desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
5023 » » » » » » : handshake_failure;
5024 » goto alert_loser;
5025 }
5026
5027 rv = ssl3_NegotiateVersion(ss, version);
5028 if (rv != SECSuccess) { 5040 if (rv != SECSuccess) {
5029 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version 5041 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
5030 : handshake_failure; 5042 : handshake_failure;
5031 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; 5043 errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
5032 goto alert_loser; 5044 goto alert_loser;
5033 } 5045 }
5034 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); 5046 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
5035 5047
5036 rv = ssl3_ConsumeHandshake( 5048 rv = ssl3_ConsumeHandshake(
5037 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); 5049 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length);
(...skipping 1253 matching lines...) Expand 10 before | Expand all | Expand 10 after
6291 desc = no_renegotiation; 6303 desc = no_renegotiation;
6292 level = alert_warning; 6304 level = alert_warning;
6293 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; 6305 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
6294 goto alert_loser; 6306 goto alert_loser;
6295 } 6307 }
6296 6308
6297 tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); 6309 tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
6298 if (tmp < 0) 6310 if (tmp < 0)
6299 goto loser; /* malformed, alert already sent */ 6311 goto loser; /* malformed, alert already sent */
6300 ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp; 6312 ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp;
6301 rv = ssl3_NegotiateVersion(ss, version); 6313 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE);
6302 if (rv != SECSuccess) { 6314 if (rv != SECSuccess) {
6303 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version 6315 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
6304 : handshake_failure; 6316 : handshake_failure;
6305 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; 6317 errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
6306 goto alert_loser; 6318 goto alert_loser;
6307 } 6319 }
6308 6320
6309 /* grab the client random data. */ 6321 /* grab the client random data. */
6310 rv = ssl3_ConsumeHandshake( 6322 rv = ssl3_ConsumeHandshake(
6311 ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length); 6323 ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length);
(...skipping 687 matching lines...) Expand 10 before | Expand all | Expand 10 after
6999 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; 7011 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO;
7000 goto loser; /* alert_loser */ 7012 goto loser; /* alert_loser */
7001 } 7013 }
7002 7014
7003 version = (buffer[1] << 8) | buffer[2]; 7015 version = (buffer[1] << 8) | buffer[2];
7004 suite_length = (buffer[3] << 8) | buffer[4]; 7016 suite_length = (buffer[3] << 8) | buffer[4];
7005 sid_length = (buffer[5] << 8) | buffer[6]; 7017 sid_length = (buffer[5] << 8) | buffer[6];
7006 rand_length = (buffer[7] << 8) | buffer[8]; 7018 rand_length = (buffer[7] << 8) | buffer[8];
7007 ss->clientHelloVersion = version; 7019 ss->clientHelloVersion = version;
7008 7020
7009 rv = ssl3_NegotiateVersion(ss, version); 7021 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE);
7010 if (rv != SECSuccess) { 7022 if (rv != SECSuccess) {
7011 /* send back which ever alert client will understand. */ 7023 /* send back which ever alert client will understand. */
7012 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshak e_failure; 7024 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshak e_failure;
7013 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; 7025 errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
7014 goto alert_loser; 7026 goto alert_loser;
7015 } 7027 }
7016 7028
7017 /* if we get a non-zero SID, just ignore it. */ 7029 /* if we get a non-zero SID, just ignore it. */
7018 if (length != 7030 if (length !=
7019 SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) { 7031 SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) {
(...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after
7235 return rv; /* err set by ssl3_SetupPendingCipherSpec */ 7247 return rv; /* err set by ssl3_SetupPendingCipherSpec */
7236 } 7248 }
7237 7249
7238 return SECSuccess; 7250 return SECSuccess;
7239 } 7251 }
7240 7252
7241 7253
7242 static SECStatus 7254 static SECStatus
7243 ssl3_SendServerKeyExchange(sslSocket *ss) 7255 ssl3_SendServerKeyExchange(sslSocket *ss)
7244 { 7256 {
7245 const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; 7257 const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
7246 SECStatus rv = SECFailure; 7258 SECStatus rv = SECFailure;
7247 int length; 7259 int length;
7248 PRBool isTLS; 7260 PRBool isTLS;
7249 SECItem signed_hash = {siBuffer, NULL, 0}; 7261 SECItem signed_hash = {siBuffer, NULL, 0};
7250 SSL3Hashes hashes; 7262 SSL3Hashes hashes;
7251 SECKEYPublicKey * sdPub; /* public key for step-down */ 7263 SECKEYPublicKey * sdPub; /* public key for step-down */
7252 7264
7253 SSL_TRC(3, ("%d: SSL3[%d]: send server_key_exchange handshake", 7265 SSL_TRC(3, ("%d: SSL3[%d]: send server_key_exchange handshake",
7254 SSL_GETPID(), ss->fd)); 7266 SSL_GETPID(), ss->fd));
7255 7267
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
7334 PORT_Free(signed_hash.data); 7346 PORT_Free(signed_hash.data);
7335 return SECFailure; 7347 return SECFailure;
7336 } 7348 }
7337 7349
7338 7350
7339 static SECStatus 7351 static SECStatus
7340 ssl3_SendCertificateRequest(sslSocket *ss) 7352 ssl3_SendCertificateRequest(sslSocket *ss)
7341 { 7353 {
7342 SECItem * name; 7354 SECItem * name;
7343 CERTDistNames *ca_list; 7355 CERTDistNames *ca_list;
7344 const uint8 * certTypes; 7356 const uint8 * certTypes;
7345 SECItem * names = NULL; 7357 SECItem * names = NULL;
7346 SECStatus rv; 7358 SECStatus rv;
7347 int length; 7359 int length;
7348 int i; 7360 int i;
7349 int calen = 0; 7361 int calen = 0;
7350 int nnames = 0; 7362 int nnames = 0;
7351 int certTypesLength; 7363 int certTypesLength;
7352 7364
7353 SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", 7365 SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
7354 SSL_GETPID(), ss->fd)); 7366 SSL_GETPID(), ss->fd));
(...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after
7682 7694
7683 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete 7695 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
7684 * ssl3 ClientKeyExchange message from the remote client 7696 * ssl3 ClientKeyExchange message from the remote client
7685 * Caller must hold Handshake and RecvBuf locks. 7697 * Caller must hold Handshake and RecvBuf locks.
7686 */ 7698 */
7687 static SECStatus 7699 static SECStatus
7688 ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) 7700 ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
7689 { 7701 {
7690 SECKEYPrivateKey *serverKey = NULL; 7702 SECKEYPrivateKey *serverKey = NULL;
7691 SECStatus rv; 7703 SECStatus rv;
7692 const ssl3KEADef * kea_def; 7704 const ssl3KEADef *kea_def;
7693 ssl3KeyPair *serverKeyPair = NULL; 7705 ssl3KeyPair *serverKeyPair = NULL;
7694 #ifdef NSS_ENABLE_ECC 7706 #ifdef NSS_ENABLE_ECC
7695 SECKEYPublicKey *serverPubKey = NULL; 7707 SECKEYPublicKey *serverPubKey = NULL;
7696 #endif /* NSS_ENABLE_ECC */ 7708 #endif /* NSS_ENABLE_ECC */
7697 7709
7698 SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake", 7710 SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
7699 SSL_GETPID(), ss->fd)); 7711 SSL_GETPID(), ss->fd));
7700 7712
7701 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); 7713 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
7702 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); 7714 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
(...skipping 774 matching lines...) Expand 10 before | Expand all | Expand 10 after
8477 rv = SECSuccess; 8489 rv = SECSuccess;
8478 } 8490 }
8479 8491
8480 done: 8492 done:
8481 ssl_ReleaseSSL3HandshakeLock(ss); 8493 ssl_ReleaseSSL3HandshakeLock(ss);
8482 ssl_ReleaseRecvBufLock(ss); 8494 ssl_ReleaseRecvBufLock(ss);
8483 8495
8484 return rv; 8496 return rv;
8485 } 8497 }
8486 8498
8499 static SECStatus
8500 ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
8501 PRBool isServer,
8502 const SSL3Finished * hashes,
8503 TLSFinished * tlsFinished)
8504 {
8505 const char * label;
8506 unsigned int len;
8507 SECStatus rv;
8508
8509 label = isServer ? "server finished" : "client finished";
8510 len = 15;
8511
8512 rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
8513 sizeof *hashes, tlsFinished->verify_data,
8514 sizeof tlsFinished->verify_data);
8515
8516 return rv;
8517 }
8518
8487 /* The calling function must acquire and release the appropriate 8519 /* The calling function must acquire and release the appropriate
8488 * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for 8520 * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for
8489 * ss->ssl3.crSpec). 8521 * ss->ssl3.crSpec).
8490 */ 8522 */
8491 SECStatus 8523 SECStatus
8492 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, 8524 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
8493 unsigned int labelLen, const unsigned char *val, unsigned int valLen, 8525 unsigned int labelLen, const unsigned char *val, unsigned int valLen,
8494 unsigned char *out, unsigned int outLen) 8526 unsigned char *out, unsigned int outLen)
8495 { 8527 {
8496 SECStatus rv = SECSuccess; 8528 SECStatus rv = SECSuccess;
(...skipping 24 matching lines...) Expand all
8521 inData.data = (unsigned char *) val; 8553 inData.data = (unsigned char *) val;
8522 inData.len = valLen; 8554 inData.len = valLen;
8523 outData.data = out; 8555 outData.data = out;
8524 outData.len = outLen; 8556 outData.len = outLen;
8525 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); 8557 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
8526 PORT_Assert(rv != SECSuccess || outData.len == outLen); 8558 PORT_Assert(rv != SECSuccess || outData.len == outLen);
8527 } 8559 }
8528 return rv; 8560 return rv;
8529 } 8561 }
8530 8562
8531 static SECStatus
8532 ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
8533 PRBool isServer,
8534 const SSL3Finished * hashes,
8535 TLSFinished * tlsFinished)
8536 {
8537 const char * label;
8538 unsigned int len;
8539 SECStatus rv;
8540
8541 label = isServer ? "server finished" : "client finished";
8542 len = 15;
8543
8544 rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
8545 sizeof *hashes, tlsFinished->verify_data,
8546 sizeof tlsFinished->verify_data);
8547
8548 return rv;
8549 }
8550
8551 /* called from ssl3_HandleServerHelloDone 8563 /* called from ssl3_HandleServerHelloDone
8552 */ 8564 */
8553 static SECStatus 8565 static SECStatus
8554 ssl3_SendNextProto(sslSocket *ss) 8566 ssl3_SendNextProto(sslSocket *ss)
8555 { 8567 {
8556 SECStatus rv; 8568 SECStatus rv;
8557 int padding_len; 8569 int padding_len;
8558 static const unsigned char padding[32] = {0}; 8570 static const unsigned char padding[32] = {0};
8559 8571
8560 if (ss->ssl3.nextProto.len == 0) 8572 if (ss->ssl3.nextProto.len == 0)
(...skipping 353 matching lines...) Expand 10 before | Expand all | Expand 10 after
8914 return SECWouldBlock; 8926 return SECWouldBlock;
8915 } 8927 }
8916 8928
8917 rv = ssl3_FinishHandshake(ss); 8929 rv = ssl3_FinishHandshake(ss);
8918 return rv; 8930 return rv;
8919 } 8931 }
8920 8932
8921 SECStatus 8933 SECStatus
8922 ssl3_FinishHandshake(sslSocket * ss) 8934 ssl3_FinishHandshake(sslSocket * ss)
8923 { 8935 {
8924 SECStatus rv;
8925
8926 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); 8936 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
8927 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); 8937 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
8928 PORT_Assert( ss->ssl3.hs.restartTarget == NULL ); 8938 PORT_Assert( ss->ssl3.hs.restartTarget == NULL );
8929 8939
8930 /* The first handshake is now completed. */ 8940 /* The first handshake is now completed. */
8931 ss->handshake = NULL; 8941 ss->handshake = NULL;
8932 ss->firstHsDone = PR_TRUE; 8942 ss->firstHsDone = PR_TRUE;
8933 8943
8934 if (ss->sec.ci.sid->cached == never_cached && 8944 if (ss->ssl3.hs.cacheSID) {
8935 » !ss->opt.noCache && ss->sec.cache && ss->ssl3.hs.cacheSID) {
8936 (*ss->sec.cache)(ss->sec.ci.sid); 8945 (*ss->sec.cache)(ss->sec.ci.sid);
8946 ss->ssl3.hs.cacheSID = PR_FALSE;
8937 } 8947 }
8938 8948
8939 ss->ssl3.hs.ws = idle_handshake; 8949 ss->ssl3.hs.ws = idle_handshake;
8940 8950
8941 /* Do the handshake callback for sslv3 here, if we cannot false start. */ 8951 /* Do the handshake callback for sslv3 here, if we cannot false start. */
8942 if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { 8952 if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) {
8943 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); 8953 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
8944 } 8954 }
8945 8955
8946 return SECSuccess; 8956 return SECSuccess;
(...skipping 356 matching lines...) Expand 10 before | Expand all | Expand 10 after
9303 * 9313 *
9304 * Caller must hold the RecvBufLock. 9314 * Caller must hold the RecvBufLock.
9305 * 9315 *
9306 * This function aquires and releases the SSL3Handshake Lock, holding the 9316 * This function aquires and releases the SSL3Handshake Lock, holding the
9307 * lock around any calls to functions that handle records other than 9317 * lock around any calls to functions that handle records other than
9308 * Application Data records. 9318 * Application Data records.
9309 */ 9319 */
9310 SECStatus 9320 SECStatus
9311 ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) 9321 ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
9312 { 9322 {
9313 const ssl3BulkCipherDef *cipher_def; 9323 const ssl3BulkCipherDef *cipher_def;
9314 ssl3CipherSpec * crSpec; 9324 ssl3CipherSpec * crSpec;
9315 SECStatus rv; 9325 SECStatus rv;
9316 unsigned int hashBytes» » = MAX_MAC_LENGTH + 1; 9326 unsigned int hashBytes = MAX_MAC_LENGTH + 1;
9317 unsigned int padding_length; 9327 unsigned int padding_length;
9318 PRBool isTLS; 9328 PRBool isTLS;
9319 PRBool padIsBad = PR_FALSE; 9329 PRBool padIsBad = PR_FALSE;
9320 SSL3ContentType rType; 9330 SSL3ContentType rType;
9321 SSL3Opaque hash[MAX_MAC_LENGTH]; 9331 SSL3Opaque hash[MAX_MAC_LENGTH];
9322 sslBuffer *plaintext; 9332 sslBuffer *plaintext;
9323 sslBuffer temp_buf; 9333 sslBuffer temp_buf;
9334 unsigned int ivLen = 0;
9324 9335
9325 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); 9336 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
9326 9337
9327 if (!ss->ssl3.initialized) { 9338 if (!ss->ssl3.initialized) {
9328 ssl_GetSSL3HandshakeLock(ss); 9339 ssl_GetSSL3HandshakeLock(ss);
9329 rv = ssl3_InitState(ss); 9340 rv = ssl3_InitState(ss);
9330 ssl_ReleaseSSL3HandshakeLock(ss); 9341 ssl_ReleaseSSL3HandshakeLock(ss);
9331 if (rv != SECSuccess) { 9342 if (rv != SECSuccess) {
9332 return rv; /* ssl3_InitState has set the error code. */ 9343 return rv; /* ssl3_InitState has set the error code. */
9333 } 9344 }
(...skipping 12 matching lines...) Expand all
9346 if (cText == NULL) { 9357 if (cText == NULL) {
9347 SSL_DBG(("%d: SSL3[%d]: HandleRecord, resuming handshake", 9358 SSL_DBG(("%d: SSL3[%d]: HandleRecord, resuming handshake",
9348 SSL_GETPID(), ss->fd)); 9359 SSL_GETPID(), ss->fd));
9349 rType = content_handshake; 9360 rType = content_handshake;
9350 goto process_it; 9361 goto process_it;
9351 } 9362 }
9352 9363
9353 ssl_GetSpecReadLock(ss); /******************************************/ 9364 ssl_GetSpecReadLock(ss); /******************************************/
9354 9365
9355 crSpec = ss->ssl3.crSpec; 9366 crSpec = ss->ssl3.crSpec;
9367 cipher_def = crSpec->cipher_def;
9368
9369 if (cipher_def->type == type_block &&
9370 crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
9371 /* Consume the per-record explicit IV. RFC 4346 Section 6.2.3.2 states
9372 * "The receiver decrypts the entire GenericBlockCipher structure and
9373 * then discards the first cipher block corresponding to the IV
9374 * component." Instead, we decrypt the first cipher block and then
9375 * discard it before decrypting the rest.
Ryan Sleevi 2012/03/19 22:15:50 Really? Does this have any timing side-effects?
wtc 2012/03/20 21:15:09 I think the use of "Instead" in this comment is a
9376 */
9377 SSL3Opaque iv[MAX_IV_LENGTH];
9378 int decoded;
9379
9380 ivLen = cipher_def->iv_size;
9381 if (ivLen < 8 || ivLen > sizeof(iv)) {
9382 ssl_ReleaseSpecReadLock(ss);
9383 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
9384 return SECFailure;
9385 }
9386 if (ivLen > cText->buf->len) {
9387 SSL_DBG(("%d: SSL3[%d]: HandleRecord, IV length check failed",
9388 SSL_GETPID(), ss->fd));
9389 /* must not hold spec lock when calling SSL3_SendAlert. */
9390 ssl_ReleaseSpecReadLock(ss);
9391 SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
9392 /* always log mac error, in case attacker can read server logs. */
9393 PORT_SetError(SSL_ERROR_BAD_MAC_READ);
Ryan Sleevi 2012/03/19 22:15:50 Can't they also measure timing?
wtc 2012/03/20 21:15:09 Should I remove this comment? I copied this comme
wtc 2012/03/20 21:36:55 If you could suggest better wording for that comme
9394 return SECFailure;
9395 }
9396
9397 PRINT_BUF(80, (ss, "IV (ciphertext):", cText->buf->buf, ivLen));
9398
9399 /* The decryption result is garbage, but since we just throw away
9400 * the block it doesn't matter. The decryption of the next block
9401 * depends only on the ciphertext of the IV block.
9402 */
9403 rv = crSpec->decode(crSpec->decodeContext, iv, &decoded,
9404 sizeof(iv), cText->buf->buf, ivLen);
9405
9406 if (rv != SECSuccess) {
9407 /* All decryption failures must be treated like a bad record
9408 * MAC; see RFC 5246 (TLS 1.2).
9409 */
9410 padIsBad = PR_TRUE;
9411 }
9412 }
9356 9413
9357 /* If we will be decompressing the buffer we need to decrypt somewhere 9414 /* If we will be decompressing the buffer we need to decrypt somewhere
9358 * other than into databuf */ 9415 * other than into databuf */
9359 if (crSpec->decompressor) { 9416 if (crSpec->decompressor) {
9360 temp_buf.buf = NULL; 9417 temp_buf.buf = NULL;
9361 temp_buf.space = 0; 9418 temp_buf.space = 0;
9362 plaintext = &temp_buf; 9419 plaintext = &temp_buf;
9363 } else { 9420 } else {
9364 plaintext = databuf; 9421 plaintext = databuf;
9365 } 9422 }
9366 9423
9367 plaintext->len = 0; /* filled in by decode call below. */ 9424 plaintext->len = 0; /* filled in by decode call below. */
9368 if (plaintext->space < MAX_FRAGMENT_LENGTH) { 9425 if (plaintext->space < MAX_FRAGMENT_LENGTH) {
9369 rv = sslBuffer_Grow(plaintext, MAX_FRAGMENT_LENGTH + 2048); 9426 rv = sslBuffer_Grow(plaintext, MAX_FRAGMENT_LENGTH + 2048);
9370 if (rv != SECSuccess) { 9427 if (rv != SECSuccess) {
9371 ssl_ReleaseSpecReadLock(ss); 9428 ssl_ReleaseSpecReadLock(ss);
9372 SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes", 9429 SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes",
9373 SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048)); 9430 SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048));
9374 /* sslBuffer_Grow has set a memory error code. */ 9431 /* sslBuffer_Grow has set a memory error code. */
9375 /* Perhaps we should send an alert. (but we have no memory!) */ 9432 /* Perhaps we should send an alert. (but we have no memory!) */
9376 return SECFailure; 9433 return SECFailure;
9377 } 9434 }
9378 } 9435 }
9379 9436
9380 PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf, cText->buf->len)); 9437 PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf + ivLen,
9438 » » » » cText->buf->len - ivLen));
9381 9439
9382 cipher_def = crSpec->cipher_def;
9383 isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0); 9440 isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0);
9384 9441
9385 if (isTLS && cText->buf->len > (MAX_FRAGMENT_LENGTH + 2048)) { 9442 if (isTLS && cText->buf->len - ivLen > (MAX_FRAGMENT_LENGTH + 2048)) {
9386 ssl_ReleaseSpecReadLock(ss); 9443 ssl_ReleaseSpecReadLock(ss);
9387 SSL3_SendAlert(ss, alert_fatal, record_overflow); 9444 SSL3_SendAlert(ss, alert_fatal, record_overflow);
9388 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); 9445 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
9389 return SECFailure; 9446 return SECFailure;
9390 } 9447 }
9391 9448
9392 /* decrypt from cText buf to plaintext. */ 9449 /* decrypt from cText buf to plaintext. */
9393 rv = crSpec->decode( 9450 rv = crSpec->decode(
9394 crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len, 9451 crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
9395 » plaintext->space, cText->buf->buf, cText->buf->len); 9452 » plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen);
9396 9453
9397 PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len)); 9454 PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len));
9398 if (rv != SECSuccess) { 9455 if (rv != SECSuccess) {
9399 /* All decryption failures must be treated like a bad record 9456 /* All decryption failures must be treated like a bad record
9400 * MAC; see RFC 5246 (TLS 1.2). 9457 * MAC; see RFC 5246 (TLS 1.2).
9401 */ 9458 */
9402 padIsBad = PR_TRUE; 9459 padIsBad = PR_TRUE;
9403 } 9460 }
9404 9461
9405 /* If it's a block cipher, check and strip the padding. */ 9462 /* If it's a block cipher, check and strip the padding. */
(...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after
9611 spec->server.write_key = NULL; 9668 spec->server.write_key = NULL;
9612 spec->server.write_mac_key = NULL; 9669 spec->server.write_mac_key = NULL;
9613 spec->server.write_mac_context = NULL; 9670 spec->server.write_mac_context = NULL;
9614 9671
9615 spec->write_seq_num.high = 0; 9672 spec->write_seq_num.high = 0;
9616 spec->write_seq_num.low = 0; 9673 spec->write_seq_num.low = 0;
9617 9674
9618 spec->read_seq_num.high = 0; 9675 spec->read_seq_num.high = 0;
9619 spec->read_seq_num.low = 0; 9676 spec->read_seq_num.low = 0;
9620 9677
9621 spec->version = ss->opt.enableTLS 9678 spec->version = ss->vrange.max;
9622 ? SSL_LIBRARY_VERSION_3_1_TLS
9623 : SSL_LIBRARY_VERSION_3_0;
9624 } 9679 }
9625 9680
9626 /* Called from: ssl3_SendRecord 9681 /* Called from: ssl3_SendRecord
9627 ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake() 9682 ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake()
9628 ** ssl3_SendClientHello() 9683 ** ssl3_SendClientHello()
9629 ** ssl3_HandleServerHello() 9684 ** ssl3_HandleServerHello()
9630 ** ssl3_HandleClientHello() 9685 ** ssl3_HandleClientHello()
9631 ** ssl3_HandleV2ClientHello() 9686 ** ssl3_HandleV2ClientHello()
9632 ** ssl3_HandleRecord() 9687 ** ssl3_HandleRecord()
9633 ** 9688 **
(...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after
9858 SECStatus 9913 SECStatus
9859 ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size) 9914 ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size)
9860 { 9915 {
9861 int i, count = 0; 9916 int i, count = 0;
9862 9917
9863 PORT_Assert(ss != 0); 9918 PORT_Assert(ss != 0);
9864 if (!ss) { 9919 if (!ss) {
9865 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); 9920 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
9866 return SECFailure; 9921 return SECFailure;
9867 } 9922 }
9868 if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) { 9923 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
9869 *size = 0; 9924 *size = 0;
9870 return SECSuccess; 9925 return SECSuccess;
9871 } 9926 }
9872 if (cs == NULL) { 9927 if (cs == NULL) {
9873 *size = count_cipher_suites(ss, SSL_ALLOWED, PR_TRUE); 9928 *size = count_cipher_suites(ss, SSL_ALLOWED, PR_TRUE);
9874 return SECSuccess; 9929 return SECSuccess;
9875 } 9930 }
9876 9931
9877 /* ssl3_config_match_init was called by the caller of this function. */ 9932 /* ssl3_config_match_init was called by the caller of this function. */
9878 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { 9933 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
9986 /* free up the CipherSpecs */ 10041 /* free up the CipherSpecs */
9987 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/); 10042 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/);
9988 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/); 10043 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/);
9989 10044
9990 ss->ssl3.initialized = PR_FALSE; 10045 ss->ssl3.initialized = PR_FALSE;
9991 10046
9992 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); 10047 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
9993 } 10048 }
9994 10049
9995 /* End of ssl3con.c */ 10050 /* End of ssl3con.c */
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/ssl3ext.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698