OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
7 * | 7 * |
8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
(...skipping 24 matching lines...) Expand all Loading... | |
35 * under the terms of either the GPL or the LGPL, and not to allow others to | 35 * under the terms of either the GPL or the LGPL, and not to allow others to |
36 * use your version of this file under the terms of the MPL, indicate your | 36 * use your version of this file under the terms of the MPL, indicate your |
37 * decision by deleting the provisions above and replace them with the notice | 37 * decision by deleting the provisions above and replace them with the notice |
38 * and other provisions required by the GPL or the LGPL. If you do not delete | 38 * and other provisions required by the GPL or the LGPL. If you do not delete |
39 * the provisions above, a recipient may use your version of this file under | 39 * the provisions above, a recipient may use your version of this file under |
40 * the terms of any one of the MPL, the GPL or the LGPL. | 40 * the terms of any one of the MPL, the GPL or the LGPL. |
41 * | 41 * |
42 * ***** END LICENSE BLOCK ***** */ | 42 * ***** END LICENSE BLOCK ***** */ |
43 /* $Id: ssl3con.c,v 1.173 2012/03/18 00:31:19 wtc%google.com Exp $ */ | 43 /* $Id: ssl3con.c,v 1.173 2012/03/18 00:31:19 wtc%google.com Exp $ */ |
44 | 44 |
45 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | |
46 | |
45 #include "cert.h" | 47 #include "cert.h" |
46 #include "ssl.h" | 48 #include "ssl.h" |
47 #include "cryptohi.h" /* for DSAU_ stuff */ | 49 #include "cryptohi.h" /* for DSAU_ stuff */ |
48 #include "keyhi.h" | 50 #include "keyhi.h" |
49 #include "secder.h" | 51 #include "secder.h" |
50 #include "secitem.h" | 52 #include "secitem.h" |
51 | 53 |
52 #include "sslimpl.h" | 54 #include "sslimpl.h" |
53 #include "sslproto.h" | 55 #include "sslproto.h" |
54 #include "sslerr.h" | 56 #include "sslerr.h" |
(...skipping 30 matching lines...) Expand all Loading... | |
85 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); | 87 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); |
86 static SECStatus ssl3_SendNextProto( sslSocket *ss); | 88 static SECStatus ssl3_SendNextProto( sslSocket *ss); |
87 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); | 89 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); |
88 static SECStatus ssl3_SendServerHello( sslSocket *ss); | 90 static SECStatus ssl3_SendServerHello( sslSocket *ss); |
89 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); | 91 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); |
90 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); | 92 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); |
91 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss); | 93 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss); |
92 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, | 94 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, |
93 const unsigned char *b, | 95 const unsigned char *b, |
94 unsigned int l); | 96 unsigned int l); |
97 static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); | |
95 | 98 |
96 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, | 99 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, |
97 int maxOutputLen, const unsigned char *input, | 100 int maxOutputLen, const unsigned char *input, |
98 int inputLen); | 101 int inputLen); |
99 | 102 |
100 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ | 103 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ |
101 #define MIN_SEND_BUF_LENGTH 4000 | 104 #define MIN_SEND_BUF_LENGTH 4000 |
102 | 105 |
103 #define MAX_CIPHER_SUITES 20 | 106 #define MAX_CIPHER_SUITES 20 |
104 | 107 |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
214 } | 217 } |
215 | 218 |
216 static const /*SSL3ClientCertificateType */ uint8 certificate_types [] = { | 219 static const /*SSL3ClientCertificateType */ uint8 certificate_types [] = { |
217 ct_RSA_sign, | 220 ct_RSA_sign, |
218 ct_DSS_sign, | 221 ct_DSS_sign, |
219 #ifdef NSS_ENABLE_ECC | 222 #ifdef NSS_ENABLE_ECC |
220 ct_ECDSA_sign, | 223 ct_ECDSA_sign, |
221 #endif /* NSS_ENABLE_ECC */ | 224 #endif /* NSS_ENABLE_ECC */ |
222 }; | 225 }; |
223 | 226 |
224 #ifdef NSS_ENABLE_ZLIB | |
225 /* | |
226 * The DEFLATE algorithm can result in an expansion of 0.1% + 12 bytes. For a | |
227 * maximum TLS record payload of 2**14 bytes, that's 29 bytes. | |
228 */ | |
229 #define SSL3_COMPRESSION_MAX_EXPANSION 29 | |
230 #else /* !NSS_ENABLE_ZLIB */ | |
231 #define SSL3_COMPRESSION_MAX_EXPANSION 0 | |
232 #endif | |
233 | |
234 /* | |
235 * make sure there is room in the write buffer for padding and | |
236 * other compression and cryptographic expansions. | |
237 */ | |
238 #define SSL3_BUFFER_FUDGE 100 + SSL3_COMPRESSION_MAX_EXPANSION | |
239 | |
240 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ | 227 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ |
241 | 228 |
242 | 229 |
243 /* This global item is used only in servers. It is is initialized by | 230 /* This global item is used only in servers. It is is initialized by |
244 ** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest(). | 231 ** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest(). |
245 */ | 232 */ |
246 CERTDistNames *ssl3_server_ca_list = NULL; | 233 CERTDistNames *ssl3_server_ca_list = NULL; |
247 static SSL3Statistics ssl3stats; | 234 static SSL3Statistics ssl3stats; |
248 | 235 |
249 /* indexed by SSL3BulkCipher */ | 236 /* indexed by SSL3BulkCipher */ |
(...skipping 260 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
510 static char * | 497 static char * |
511 ssl3_DecodeHandshakeType(int msgType) | 498 ssl3_DecodeHandshakeType(int msgType) |
512 { | 499 { |
513 char * rv; | 500 char * rv; |
514 static char line[40]; | 501 static char line[40]; |
515 | 502 |
516 switch(msgType) { | 503 switch(msgType) { |
517 case hello_request: rv = "hello_request (0)"; break; | 504 case hello_request: rv = "hello_request (0)"; break; |
518 case client_hello: rv = "client_hello (1)"; break; | 505 case client_hello: rv = "client_hello (1)"; break; |
519 case server_hello: rv = "server_hello (2)"; break; | 506 case server_hello: rv = "server_hello (2)"; break; |
507 case hello_verify_request: rv = "hello_verify_request (3)"; break; | |
520 case certificate: rv = "certificate (11)"; break; | 508 case certificate: rv = "certificate (11)"; break; |
521 case server_key_exchange: rv = "server_key_exchange (12)"; break; | 509 case server_key_exchange: rv = "server_key_exchange (12)"; break; |
522 case certificate_request: rv = "certificate_request (13)"; break; | 510 case certificate_request: rv = "certificate_request (13)"; break; |
523 case server_hello_done: rv = "server_hello_done (14)"; break; | 511 case server_hello_done: rv = "server_hello_done (14)"; break; |
524 case certificate_verify: rv = "certificate_verify (15)"; break; | 512 case certificate_verify: rv = "certificate_verify (15)"; break; |
525 case client_key_exchange: rv = "client_key_exchange (16)"; break; | 513 case client_key_exchange: rv = "client_key_exchange (16)"; break; |
526 case finished: rv = "finished (20)"; break; | 514 case finished: rv = "finished (20)"; break; |
527 default: | 515 default: |
528 sprintf(line, "*UNKNOWN* handshake type! (%d)", msgType); | 516 sprintf(line, "*UNKNOWN* handshake type! (%d)", msgType); |
529 rv = line; | 517 rv = line; |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
575 PR_ATOMIC_INCREMENT((PRInt32 *)x); | 563 PR_ATOMIC_INCREMENT((PRInt32 *)x); |
576 } else { | 564 } else { |
577 tooLong * tl = (tooLong *)x; | 565 tooLong * tl = (tooLong *)x; |
578 if (PR_ATOMIC_INCREMENT(&tl->low) == 0) | 566 if (PR_ATOMIC_INCREMENT(&tl->low) == 0) |
579 PR_ATOMIC_INCREMENT(&tl->high); | 567 PR_ATOMIC_INCREMENT(&tl->high); |
580 } | 568 } |
581 } | 569 } |
582 | 570 |
583 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ | 571 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ |
584 /* XXX This does a linear search. A binary search would be better. */ | 572 /* XXX This does a linear search. A binary search would be better. */ |
585 static const ssl3CipherSuiteDef * | 573 const ssl3CipherSuiteDef * |
586 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) | 574 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) |
587 { | 575 { |
588 int cipher_suite_def_len = | 576 int cipher_suite_def_len = |
589 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]); | 577 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]); |
590 int i; | 578 int i; |
591 | 579 |
592 for (i = 0; i < cipher_suite_def_len; i++) { | 580 for (i = 0; i < cipher_suite_def_len; i++) { |
593 if (cipher_suite_defs[i].cipher_suite == suite) | 581 if (cipher_suite_defs[i].cipher_suite == suite) |
594 return &cipher_suite_defs[i]; | 582 return &cipher_suite_defs[i]; |
595 } | 583 } |
(...skipping 545 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1141 PK11_DestroyContext(mat->write_mac_context, PR_TRUE); | 1129 PK11_DestroyContext(mat->write_mac_context, PR_TRUE); |
1142 mat->write_mac_context = NULL; | 1130 mat->write_mac_context = NULL; |
1143 } | 1131 } |
1144 } | 1132 } |
1145 | 1133 |
1146 /* Called from ssl3_SendChangeCipherSpecs() and | 1134 /* Called from ssl3_SendChangeCipherSpecs() and |
1147 ** ssl3_HandleChangeCipherSpecs() | 1135 ** ssl3_HandleChangeCipherSpecs() |
1148 ** ssl3_DestroySSL3Info | 1136 ** ssl3_DestroySSL3Info |
1149 ** Caller must hold SpecWriteLock. | 1137 ** Caller must hold SpecWriteLock. |
1150 */ | 1138 */ |
1151 static void | 1139 void |
1152 ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName) | 1140 ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName) |
1153 { | 1141 { |
1154 PRBool freeit = (PRBool)(!spec->bypassCiphers); | 1142 PRBool freeit = (PRBool)(!spec->bypassCiphers); |
1155 /* PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! * / | 1143 /* PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! * / |
1156 if (spec->destroy) { | 1144 if (spec->destroy) { |
1157 spec->destroy(spec->encodeContext, freeit); | 1145 spec->destroy(spec->encodeContext, freeit); |
1158 spec->destroy(spec->decodeContext, freeit); | 1146 spec->destroy(spec->decodeContext, freeit); |
1159 spec->encodeContext = NULL; /* paranoia */ | 1147 spec->encodeContext = NULL; /* paranoia */ |
1160 spec->decodeContext = NULL; | 1148 spec->decodeContext = NULL; |
1161 } | 1149 } |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1221 | 1209 |
1222 SSL_TRC(3, ("%d: SSL3[%d]: Set XXX Pending Cipher Suite to 0x%04x", | 1210 SSL_TRC(3, ("%d: SSL3[%d]: Set XXX Pending Cipher Suite to 0x%04x", |
1223 SSL_GETPID(), ss->fd, suite)); | 1211 SSL_GETPID(), ss->fd, suite)); |
1224 | 1212 |
1225 suite_def = ssl_LookupCipherSuiteDef(suite); | 1213 suite_def = ssl_LookupCipherSuiteDef(suite); |
1226 if (suite_def == NULL) { | 1214 if (suite_def == NULL) { |
1227 ssl_ReleaseSpecWriteLock(ss); | 1215 ssl_ReleaseSpecWriteLock(ss); |
1228 return SECFailure; /* error code set by ssl_LookupCipherSuiteDef */ | 1216 return SECFailure; /* error code set by ssl_LookupCipherSuiteDef */ |
1229 } | 1217 } |
1230 | 1218 |
1219 if (IS_DTLS(ss)) { | |
1220 /* Double-check that we did not pick an RC4 suite */ | |
1221 PORT_Assert( (suite_def->bulk_cipher_alg != cipher_rc4) && | |
1222 (suite_def->bulk_cipher_alg != cipher_rc4_40) && | |
1223 (suite_def->bulk_cipher_alg != cipher_rc4_56)); | |
1224 } | |
1231 | 1225 |
1232 cipher = suite_def->bulk_cipher_alg; | 1226 cipher = suite_def->bulk_cipher_alg; |
1233 kea = suite_def->key_exchange_alg; | 1227 kea = suite_def->key_exchange_alg; |
1234 mac = suite_def->mac_alg; | 1228 mac = suite_def->mac_alg; |
1235 if (isTLS) | 1229 if (isTLS) |
1236 mac += 2; | 1230 mac += 2; |
1237 | 1231 |
1238 ss->ssl3.hs.suite_def = suite_def; | 1232 ss->ssl3.hs.suite_def = suite_def; |
1239 ss->ssl3.hs.kea_def = &kea_defs[kea]; | 1233 ss->ssl3.hs.kea_def = &kea_defs[kea]; |
1240 PORT_Assert(ss->ssl3.hs.kea_def->kea == kea); | 1234 PORT_Assert(ss->ssl3.hs.kea_def->kea == kea); |
1241 | 1235 |
1242 pwSpec->cipher_def = &bulk_cipher_defs[cipher]; | 1236 pwSpec->cipher_def = &bulk_cipher_defs[cipher]; |
1243 PORT_Assert(pwSpec->cipher_def->cipher == cipher); | 1237 PORT_Assert(pwSpec->cipher_def->cipher == cipher); |
1244 | 1238 |
1245 pwSpec->mac_def = &mac_defs[mac]; | 1239 pwSpec->mac_def = &mac_defs[mac]; |
1246 PORT_Assert(pwSpec->mac_def->mac == mac); | 1240 PORT_Assert(pwSpec->mac_def->mac == mac); |
1247 | 1241 |
1248 ss->sec.keyBits = pwSpec->cipher_def->key_size * BPB; | 1242 ss->sec.keyBits = pwSpec->cipher_def->key_size * BPB; |
1249 ss->sec.secretKeyBits = pwSpec->cipher_def->secret_key_size * BPB; | 1243 ss->sec.secretKeyBits = pwSpec->cipher_def->secret_key_size * BPB; |
1250 ss->sec.cipherType = cipher; | 1244 ss->sec.cipherType = cipher; |
1251 | 1245 |
1252 pwSpec->encodeContext = NULL; | 1246 pwSpec->encodeContext = NULL; |
1253 pwSpec->decodeContext = NULL; | 1247 pwSpec->decodeContext = NULL; |
1254 | 1248 |
1255 pwSpec->mac_size = pwSpec->mac_def->mac_size; | 1249 pwSpec->mac_size = pwSpec->mac_def->mac_size; |
1256 | 1250 |
1257 pwSpec->compression_method = ss->ssl3.hs.compression; | 1251 pwSpec->compression_method = ss->ssl3.hs.compression; |
1258 pwSpec->compressContext = NULL; | 1252 pwSpec->compressContext = NULL; |
1259 pwSpec->decompressContext = NULL; | 1253 pwSpec->decompressContext = NULL; |
1254 | |
1255 /* Note: pwSpec == prSpec here so we're really doing the read side. | |
1256 * The epoch is set up in InitPendingCipherSpec */ | |
1257 dtls_InitRecvdRecords(&pwSpec->recvdRecords); | |
1260 | 1258 |
1261 ssl_ReleaseSpecWriteLock(ss); /*******************************/ | 1259 ssl_ReleaseSpecWriteLock(ss); /*******************************/ |
1262 return SECSuccess; | 1260 return SECSuccess; |
1263 } | 1261 } |
1264 | 1262 |
1265 #ifdef NSS_ENABLE_ZLIB | 1263 #ifdef NSS_ENABLE_ZLIB |
1266 #define SSL3_DEFLATE_CONTEXT_SIZE sizeof(z_stream) | 1264 #define SSL3_DEFLATE_CONTEXT_SIZE sizeof(z_stream) |
1267 | 1265 |
1268 static SECStatus | 1266 static SECStatus |
1269 ssl3_MapZlibError(int zlib_error) | 1267 ssl3_MapZlibError(int zlib_error) |
(...skipping 477 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1747 * Sets error code, but caller probably should override to disambiguate. | 1745 * Sets error code, but caller probably should override to disambiguate. |
1748 * NULL pms means re-use old master_secret. | 1746 * NULL pms means re-use old master_secret. |
1749 * | 1747 * |
1750 * This code is common to the bypass and PKCS11 execution paths. | 1748 * This code is common to the bypass and PKCS11 execution paths. |
1751 * For the bypass case, pms is NULL. | 1749 * For the bypass case, pms is NULL. |
1752 */ | 1750 */ |
1753 SECStatus | 1751 SECStatus |
1754 ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms) | 1752 ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms) |
1755 { | 1753 { |
1756 ssl3CipherSpec * pwSpec; | 1754 ssl3CipherSpec * pwSpec; |
1755 ssl3CipherSpec * cwSpec; | |
1757 SECStatus rv; | 1756 SECStatus rv; |
1758 | 1757 |
1759 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 1758 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
1760 | 1759 |
1761 ssl_GetSpecWriteLock(ss); /**************************************/ | 1760 ssl_GetSpecWriteLock(ss); /**************************************/ |
1762 | 1761 |
1763 PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); | 1762 PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); |
1764 | 1763 |
1765 pwSpec = ss->ssl3.pwSpec; | 1764 pwSpec = ss->ssl3.pwSpec; |
1765 cwSpec = ss->ssl3.cwSpec; | |
1766 | 1766 |
1767 if (pms || (!pwSpec->msItem.len && !pwSpec->master_secret)) { | 1767 if (pms || (!pwSpec->msItem.len && !pwSpec->master_secret)) { |
1768 rv = ssl3_DeriveMasterSecret(ss, pms); | 1768 rv = ssl3_DeriveMasterSecret(ss, pms); |
1769 if (rv != SECSuccess) { | 1769 if (rv != SECSuccess) { |
1770 goto done; /* err code set by ssl3_DeriveMasterSecret */ | 1770 goto done; /* err code set by ssl3_DeriveMasterSecret */ |
1771 } | 1771 } |
1772 } | 1772 } |
1773 if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) { | 1773 if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) { |
1774 /* Double Bypass succeeded in extracting the master_secret */ | 1774 /* Double Bypass succeeded in extracting the master_secret */ |
1775 const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; | 1775 const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; |
(...skipping 11 matching lines...) Expand all Loading... | |
1787 } else if (pwSpec->master_secret) { | 1787 } else if (pwSpec->master_secret) { |
1788 rv = ssl3_DeriveConnectionKeysPKCS11(ss); | 1788 rv = ssl3_DeriveConnectionKeysPKCS11(ss); |
1789 if (rv == SECSuccess) { | 1789 if (rv == SECSuccess) { |
1790 rv = ssl3_InitPendingContextsPKCS11(ss); | 1790 rv = ssl3_InitPendingContextsPKCS11(ss); |
1791 } | 1791 } |
1792 } else { | 1792 } else { |
1793 PORT_Assert(pwSpec->master_secret); | 1793 PORT_Assert(pwSpec->master_secret); |
1794 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 1794 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
1795 rv = SECFailure; | 1795 rv = SECFailure; |
1796 } | 1796 } |
1797 | 1797 |
wtc
2012/03/21 23:12:16
IMPORTANT: I think we need to add
if (rv != SE
ekr
2012/03/22 15:07:17
I concur.
| |
1798 /* Generic behaviors -- common to all crypto methods */ | |
1799 if (!IS_DTLS(ss)) { | |
1800 pwSpec->read_seq_num.high = pwSpec->write_seq_num.high = 0; | |
1801 } else { | |
1802 if (cwSpec->epoch == 65535) { | |
1803 /* The problem here is that we have rehandshaked too many | |
1804 * times (you are not allowed to wrap the epoch). The | |
1805 * spec says you should be discarding the connection | |
1806 * and start over, so not much we can do here. */ | |
1807 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | |
1808 rv = SECFailure; | |
wtc
2012/03/21 23:12:16
IMPORTANT: Should we add 'goto done' here?
ekr
2012/03/22 15:07:17
Yes, I agree.
| |
1809 } | |
1810 /* We only need to modify pwSpec since there is only one | |
1811 * "pending" spec object being pointed to by pwSpec and | |
1812 * cwSpec at different times. | |
wtc
2012/03/21 23:12:16
Did you mean prSpec or cwSpec here? cwSpec is not
ekr
2012/03/22 15:07:17
I assume we're just talking about the comment here
wtc
2012/03/22 20:09:20
Yes, I was just asking about the comment here. I
| |
1813 * | |
1814 * The sequence number has the high 16 bits as the epoch. | |
1815 */ | |
1816 pwSpec->epoch = cwSpec->epoch + 1; | |
1817 pwSpec->read_seq_num.high = pwSpec->write_seq_num.high = | |
1818 pwSpec->epoch << 16; | |
1819 } | |
1820 pwSpec->read_seq_num.low = pwSpec->write_seq_num.low = 0; | |
1821 | |
1798 done: | 1822 done: |
1799 ssl_ReleaseSpecWriteLock(ss); /******************************/ | 1823 ssl_ReleaseSpecWriteLock(ss); /******************************/ |
1800 if (rv != SECSuccess) | 1824 if (rv != SECSuccess) |
1801 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); | 1825 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); |
1802 return rv; | 1826 return rv; |
1803 } | 1827 } |
1804 | 1828 |
1805 /* | 1829 /* |
1806 * 60 bytes is 3 times the maximum length MAC size that is supported. | 1830 * 60 bytes is 3 times the maximum length MAC size that is supported. |
1807 */ | 1831 */ |
(...skipping 19 matching lines...) Expand all Loading... | |
1827 }; | 1851 }; |
1828 | 1852 |
1829 /* Called from: ssl3_SendRecord() | 1853 /* Called from: ssl3_SendRecord() |
1830 ** ssl3_HandleRecord() | 1854 ** ssl3_HandleRecord() |
1831 ** Caller must already hold the SpecReadLock. (wish we could assert that!) | 1855 ** Caller must already hold the SpecReadLock. (wish we could assert that!) |
1832 */ | 1856 */ |
1833 static SECStatus | 1857 static SECStatus |
1834 ssl3_ComputeRecordMAC( | 1858 ssl3_ComputeRecordMAC( |
1835 ssl3CipherSpec * spec, | 1859 ssl3CipherSpec * spec, |
1836 PRBool useServerMacKey, | 1860 PRBool useServerMacKey, |
1861 PRBool isDTLS, | |
1837 SSL3ContentType type, | 1862 SSL3ContentType type, |
1838 SSL3ProtocolVersion version, | 1863 SSL3ProtocolVersion version, |
1839 SSL3SequenceNumber seq_num, | 1864 SSL3SequenceNumber seq_num, |
1840 const SSL3Opaque * input, | 1865 const SSL3Opaque * input, |
1841 int inputLength, | 1866 int inputLength, |
1842 unsigned char * outbuf, | 1867 unsigned char * outbuf, |
1843 unsigned int * outLength) | 1868 unsigned int * outLength) |
1844 { | 1869 { |
1845 const ssl3MACDef * mac_def; | 1870 const ssl3MACDef * mac_def; |
1846 SECStatus rv; | 1871 SECStatus rv; |
(...skipping 17 matching lines...) Expand all Loading... | |
1864 ** NOT based on the version value in the record itself. | 1889 ** NOT based on the version value in the record itself. |
1865 ** But, we use the record'v version value in the computation. | 1890 ** But, we use the record'v version value in the computation. |
1866 */ | 1891 */ |
1867 if (spec->version <= SSL_LIBRARY_VERSION_3_0) { | 1892 if (spec->version <= SSL_LIBRARY_VERSION_3_0) { |
1868 temp[9] = MSB(inputLength); | 1893 temp[9] = MSB(inputLength); |
1869 temp[10] = LSB(inputLength); | 1894 temp[10] = LSB(inputLength); |
1870 tempLen = 11; | 1895 tempLen = 11; |
1871 isTLS = PR_FALSE; | 1896 isTLS = PR_FALSE; |
1872 } else { | 1897 } else { |
1873 /* New TLS hash includes version. */ | 1898 /* New TLS hash includes version. */ |
1874 » temp[9] = MSB(version); | 1899 » if (isDTLS) { |
1875 » temp[10] = LSB(version); | 1900 » SSL3ProtocolVersion dtls_version; |
1901 | |
1902 » dtls_version = dtls_TLSVersionToDTLSVersion(version); | |
1903 » temp[9] = MSB(dtls_version); | |
1904 » temp[10] = LSB(dtls_version); | |
1905 } else { | |
1906 » temp[9] = MSB(version); | |
1907 » temp[10] = LSB(version); | |
1908 } | |
1876 temp[11] = MSB(inputLength); | 1909 temp[11] = MSB(inputLength); |
1877 temp[12] = LSB(inputLength); | 1910 temp[12] = LSB(inputLength); |
1878 tempLen = 13; | 1911 tempLen = 13; |
1879 isTLS = PR_TRUE; | 1912 isTLS = PR_TRUE; |
1880 } | 1913 } |
1881 | 1914 |
1882 PRINT_BUF(95, (NULL, "frag hash1: temp", temp, tempLen)); | 1915 PRINT_BUF(95, (NULL, "frag hash1: temp", temp, tempLen)); |
1883 PRINT_BUF(95, (NULL, "frag hash1: input", input, inputLength)); | 1916 PRINT_BUF(95, (NULL, "frag hash1: input", input, inputLength)); |
1884 | 1917 |
1885 mac_def = spec->mac_def; | 1918 mac_def = spec->mac_def; |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2015 (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) { | 2048 (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) { |
2016 isPresent = PR_FALSE; | 2049 isPresent = PR_FALSE; |
2017 } | 2050 } |
2018 if (slot) { | 2051 if (slot) { |
2019 PK11_FreeSlot(slot); | 2052 PK11_FreeSlot(slot); |
2020 } | 2053 } |
2021 return isPresent; | 2054 return isPresent; |
2022 } | 2055 } |
2023 | 2056 |
2024 /* Caller must hold the spec read lock. */ | 2057 /* Caller must hold the spec read lock. */ |
2025 static SECStatus | 2058 SECStatus |
2026 ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, | 2059 ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, |
2027 PRBool isServer, | 2060 PRBool isServer, |
2061 PRBool isDTLS, | |
2028 SSL3ContentType type, | 2062 SSL3ContentType type, |
2029 const SSL3Opaque * pIn, | 2063 const SSL3Opaque * pIn, |
2030 PRUint32 contentLen, | 2064 PRUint32 contentLen, |
2031 sslBuffer * wrBuf) | 2065 sslBuffer * wrBuf) |
2032 { | 2066 { |
2033 const ssl3BulkCipherDef * cipher_def; | 2067 const ssl3BulkCipherDef * cipher_def; |
2034 SECStatus rv; | 2068 SECStatus rv; |
2035 PRUint32 macLen = 0; | 2069 PRUint32 macLen = 0; |
2036 PRUint32 fragLen; | 2070 PRUint32 fragLen; |
2037 PRUint32 p1Len, p2Len, oddLen = 0; | 2071 PRUint32 p1Len, p2Len, oddLen = 0; |
2072 PRUint16 headerLen; | |
2038 int ivLen = 0; | 2073 int ivLen = 0; |
2039 int cipherBytes = 0; | 2074 int cipherBytes = 0; |
2040 | 2075 |
2041 cipher_def = cwSpec->cipher_def; | 2076 cipher_def = cwSpec->cipher_def; |
2077 headerLen = isDTLS ? DTLS_RECORD_HEADER_LENGTH : SSL3_RECORD_HEADER_LENGTH; | |
2042 | 2078 |
2043 if (cipher_def->type == type_block && | 2079 if (cipher_def->type == type_block && |
2044 cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) { | 2080 cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) { |
2045 /* Prepend the per-record explicit IV using technique 2b from | 2081 /* Prepend the per-record explicit IV using technique 2b from |
2046 * RFC 4346 section 6.2.3.2: The IV is a cryptographically | 2082 * RFC 4346 section 6.2.3.2: The IV is a cryptographically |
2047 * strong random number XORed with the CBC residue from the previous | 2083 * strong random number XORed with the CBC residue from the previous |
2048 * record. | 2084 * record. |
2049 */ | 2085 */ |
2050 ivLen = cipher_def->iv_size; | 2086 ivLen = cipher_def->iv_size; |
2051 » if (ivLen > wrBuf->space - SSL3_RECORD_HEADER_LENGTH) { | 2087 » if (ivLen > wrBuf->space - headerLen) { |
2052 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 2088 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
2053 return SECFailure; | 2089 return SECFailure; |
2054 } | 2090 } |
2055 » rv = PK11_GenerateRandom(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, ivLen); | 2091 » rv = PK11_GenerateRandom(wrBuf->buf + headerLen, ivLen); |
2056 if (rv != SECSuccess) { | 2092 if (rv != SECSuccess) { |
2057 ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE); | 2093 ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE); |
2058 return rv; | 2094 return rv; |
2059 } | 2095 } |
2060 rv = cwSpec->encode( cwSpec->encodeContext, | 2096 rv = cwSpec->encode( cwSpec->encodeContext, |
2061 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, | 2097 » wrBuf->buf + headerLen, |
2062 &cipherBytes, /* output and actual outLen */ | 2098 &cipherBytes, /* output and actual outLen */ |
2063 ivLen, /* max outlen */ | 2099 ivLen, /* max outlen */ |
2064 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, | 2100 » wrBuf->buf + headerLen, |
2065 ivLen); /* input and inputLen*/ | 2101 ivLen); /* input and inputLen*/ |
2066 if (rv != SECSuccess || cipherBytes != ivLen) { | 2102 if (rv != SECSuccess || cipherBytes != ivLen) { |
2067 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); | 2103 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); |
2068 return SECFailure; | 2104 return SECFailure; |
2069 } | 2105 } |
2070 } | 2106 } |
2071 | 2107 |
2072 if (cwSpec->compressor) { | 2108 if (cwSpec->compressor) { |
2073 int outlen; | 2109 int outlen; |
2074 rv = cwSpec->compressor( | 2110 rv = cwSpec->compressor( |
2075 cwSpec->compressContext, | 2111 cwSpec->compressContext, |
2076 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen, &outlen, | 2112 » wrBuf->buf + headerLen + ivLen, &outlen, |
2077 » wrBuf->space - SSL3_RECORD_HEADER_LENGTH - ivLen, pIn, contentLen); | 2113 » wrBuf->space - headerLen - ivLen, pIn, contentLen); |
2078 if (rv != SECSuccess) | 2114 if (rv != SECSuccess) |
2079 return rv; | 2115 return rv; |
2080 » pIn = wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen; | 2116 » pIn = wrBuf->buf + headerLen + ivLen; |
2081 contentLen = outlen; | 2117 contentLen = outlen; |
2082 } | 2118 } |
2083 | 2119 |
2084 /* | 2120 /* |
2085 * Add the MAC | 2121 * Add the MAC |
2086 */ | 2122 */ |
2087 rv = ssl3_ComputeRecordMAC( cwSpec, isServer, | 2123 rv = ssl3_ComputeRecordMAC( cwSpec, isServer, isDTLS, |
2088 type, cwSpec->version, cwSpec->write_seq_num, pIn, contentLen, | 2124 type, cwSpec->version, cwSpec->write_seq_num, pIn, contentLen, |
2089 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + contentLen, &macLen); | 2125 » wrBuf->buf + headerLen + ivLen + contentLen, &macLen); |
2090 if (rv != SECSuccess) { | 2126 if (rv != SECSuccess) { |
2091 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); | 2127 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); |
2092 return SECFailure; | 2128 return SECFailure; |
2093 } | 2129 } |
2094 p1Len = contentLen; | 2130 p1Len = contentLen; |
2095 p2Len = macLen; | 2131 p2Len = macLen; |
2096 fragLen = contentLen + macLen; /* needs to be encrypted */ | 2132 fragLen = contentLen + macLen; /* needs to be encrypted */ |
2097 PORT_Assert(fragLen <= MAX_FRAGMENT_LENGTH + 1024); | 2133 PORT_Assert(fragLen <= MAX_FRAGMENT_LENGTH + 1024); |
2098 | 2134 |
2099 /* | 2135 /* |
2100 * Pad the text (if we're doing a block cipher) | 2136 * Pad the text (if we're doing a block cipher) |
2101 * then Encrypt it | 2137 * then Encrypt it |
2102 */ | 2138 */ |
2103 if (cipher_def->type == type_block) { | 2139 if (cipher_def->type == type_block) { |
2104 unsigned char * pBuf; | 2140 unsigned char * pBuf; |
2105 int padding_length; | 2141 int padding_length; |
2106 int i; | 2142 int i; |
2107 | 2143 |
2108 oddLen = contentLen % cipher_def->block_size; | 2144 oddLen = contentLen % cipher_def->block_size; |
2109 /* Assume blockSize is a power of two */ | 2145 /* Assume blockSize is a power of two */ |
2110 padding_length = cipher_def->block_size - 1 - | 2146 padding_length = cipher_def->block_size - 1 - |
2111 ((fragLen) & (cipher_def->block_size - 1)); | 2147 ((fragLen) & (cipher_def->block_size - 1)); |
2112 fragLen += padding_length + 1; | 2148 fragLen += padding_length + 1; |
2113 PORT_Assert((fragLen % cipher_def->block_size) == 0); | 2149 PORT_Assert((fragLen % cipher_def->block_size) == 0); |
2114 | 2150 |
2115 /* Pad according to TLS rules (also acceptable to SSL3). */ | 2151 /* Pad according to TLS rules (also acceptable to SSL3). */ |
2116 » pBuf = &wrBuf->buf[SSL3_RECORD_HEADER_LENGTH + ivLen + fragLen - 1]; | 2152 » pBuf = &wrBuf->buf[headerLen + ivLen + fragLen - 1]; |
2117 for (i = padding_length + 1; i > 0; --i) { | 2153 for (i = padding_length + 1; i > 0; --i) { |
2118 *pBuf-- = padding_length; | 2154 *pBuf-- = padding_length; |
2119 } | 2155 } |
2120 /* now, if contentLen is not a multiple of block size, fix it */ | 2156 /* now, if contentLen is not a multiple of block size, fix it */ |
2121 p2Len = fragLen - p1Len; | 2157 p2Len = fragLen - p1Len; |
2122 } | 2158 } |
2123 if (p1Len < 256) { | 2159 if (p1Len < 256) { |
2124 oddLen = p1Len; | 2160 oddLen = p1Len; |
2125 p1Len = 0; | 2161 p1Len = 0; |
2126 } else { | 2162 } else { |
2127 p1Len -= oddLen; | 2163 p1Len -= oddLen; |
2128 } | 2164 } |
2129 if (oddLen) { | 2165 if (oddLen) { |
2130 p2Len += oddLen; | 2166 p2Len += oddLen; |
2131 PORT_Assert( (cipher_def->block_size < 2) || \ | 2167 PORT_Assert( (cipher_def->block_size < 2) || \ |
2132 (p2Len % cipher_def->block_size) == 0); | 2168 (p2Len % cipher_def->block_size) == 0); |
2133 » memmove(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len, | 2169 » memmove(wrBuf->buf + headerLen + ivLen + p1Len, pIn + p1Len, oddLen); |
2134 » pIn + p1Len, oddLen); | |
2135 } | 2170 } |
2136 if (p1Len > 0) { | 2171 if (p1Len > 0) { |
2137 int cipherBytesPart1 = -1; | 2172 int cipherBytesPart1 = -1; |
2138 rv = cwSpec->encode( cwSpec->encodeContext, | 2173 rv = cwSpec->encode( cwSpec->encodeContext, |
2139 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen, /* output */ | 2174 » wrBuf->buf + headerLen + ivLen, /* output */ |
2140 &cipherBytesPart1, /* actual outlen */ | 2175 &cipherBytesPart1, /* actual outlen */ |
2141 p1Len, /* max outlen */ | 2176 p1Len, /* max outlen */ |
2142 pIn, p1Len); /* input, and inputlen */ | 2177 pIn, p1Len); /* input, and inputlen */ |
2143 PORT_Assert(rv == SECSuccess && cipherBytesPart1 == (int) p1Len); | 2178 PORT_Assert(rv == SECSuccess && cipherBytesPart1 == (int) p1Len); |
2144 if (rv != SECSuccess || cipherBytesPart1 != (int) p1Len) { | 2179 if (rv != SECSuccess || cipherBytesPart1 != (int) p1Len) { |
2145 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); | 2180 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); |
2146 return SECFailure; | 2181 return SECFailure; |
2147 } | 2182 } |
2148 cipherBytes += cipherBytesPart1; | 2183 cipherBytes += cipherBytesPart1; |
2149 } | 2184 } |
2150 if (p2Len > 0) { | 2185 if (p2Len > 0) { |
2151 int cipherBytesPart2 = -1; | 2186 int cipherBytesPart2 = -1; |
2152 rv = cwSpec->encode( cwSpec->encodeContext, | 2187 rv = cwSpec->encode( cwSpec->encodeContext, |
2153 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len, | 2188 » wrBuf->buf + headerLen + ivLen + p1Len, |
2154 &cipherBytesPart2, /* output and actual outLen */ | 2189 &cipherBytesPart2, /* output and actual outLen */ |
2155 p2Len, /* max outlen */ | 2190 p2Len, /* max outlen */ |
2156 » wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len, | 2191 » wrBuf->buf + headerLen + ivLen + p1Len, |
2157 p2Len); /* input and inputLen*/ | 2192 p2Len); /* input and inputLen*/ |
2158 PORT_Assert(rv == SECSuccess && cipherBytesPart2 == (int) p2Len); | 2193 PORT_Assert(rv == SECSuccess && cipherBytesPart2 == (int) p2Len); |
2159 if (rv != SECSuccess || cipherBytesPart2 != (int) p2Len) { | 2194 if (rv != SECSuccess || cipherBytesPart2 != (int) p2Len) { |
2160 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); | 2195 PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); |
2161 return SECFailure; | 2196 return SECFailure; |
2162 } | 2197 } |
2163 cipherBytes += cipherBytesPart2; | 2198 cipherBytes += cipherBytesPart2; |
2164 } | 2199 } |
2200 | |
2165 PORT_Assert(cipherBytes <= MAX_FRAGMENT_LENGTH + 1024); | 2201 PORT_Assert(cipherBytes <= MAX_FRAGMENT_LENGTH + 1024); |
2166 | 2202 |
2203 wrBuf->len = cipherBytes + headerLen; | |
2204 wrBuf->buf[0] = type; | |
2205 if (isDTLS) { | |
2206 SSL3ProtocolVersion version; | |
2207 | |
2208 version = dtls_TLSVersionToDTLSVersion(cwSpec->version); | |
2209 wrBuf->buf[1] = MSB(version); | |
2210 wrBuf->buf[2] = LSB(version); | |
2211 wrBuf->buf[3] = (unsigned char)(cwSpec->write_seq_num.high >> 24); | |
2212 wrBuf->buf[4] = (unsigned char)(cwSpec->write_seq_num.high >> 16); | |
2213 wrBuf->buf[5] = (unsigned char)(cwSpec->write_seq_num.high >> 8); | |
2214 wrBuf->buf[6] = (unsigned char)(cwSpec->write_seq_num.high >> 0); | |
2215 wrBuf->buf[7] = (unsigned char)(cwSpec->write_seq_num.low >> 24); | |
2216 wrBuf->buf[8] = (unsigned char)(cwSpec->write_seq_num.low >> 16); | |
2217 wrBuf->buf[9] = (unsigned char)(cwSpec->write_seq_num.low >> 8); | |
2218 wrBuf->buf[10] = (unsigned char)(cwSpec->write_seq_num.low >> 0); | |
2219 wrBuf->buf[11] = MSB(cipherBytes); | |
2220 wrBuf->buf[12] = LSB(cipherBytes); | |
2221 } else { | |
2222 wrBuf->buf[1] = MSB(cwSpec->version); | |
2223 wrBuf->buf[2] = LSB(cwSpec->version); | |
2224 wrBuf->buf[3] = MSB(cipherBytes); | |
2225 wrBuf->buf[4] = LSB(cipherBytes); | |
2226 } | |
2227 | |
2167 ssl3_BumpSequenceNumber(&cwSpec->write_seq_num); | 2228 ssl3_BumpSequenceNumber(&cwSpec->write_seq_num); |
2168 | 2229 |
2169 wrBuf->len = cipherBytes + SSL3_RECORD_HEADER_LENGTH; | |
2170 wrBuf->buf[0] = type; | |
2171 wrBuf->buf[1] = MSB(cwSpec->version); | |
2172 wrBuf->buf[2] = LSB(cwSpec->version); | |
2173 wrBuf->buf[3] = MSB(cipherBytes); | |
2174 wrBuf->buf[4] = LSB(cipherBytes); | |
2175 | |
2176 return SECSuccess; | 2230 return SECSuccess; |
2177 } | 2231 } |
2178 | 2232 |
2179 /* Process the plain text before sending it. | 2233 /* Process the plain text before sending it. |
2180 * Returns the number of bytes of plaintext that were successfully sent | 2234 * Returns the number of bytes of plaintext that were successfully sent |
2181 * plus the number of bytes of plaintext that were copied into the | 2235 * plus the number of bytes of plaintext that were copied into the |
2182 * output (write) buffer. | 2236 * output (write) buffer. |
2183 * Returns SECFailure on a hard IO error, memory error, or crypto error. | 2237 * Returns SECFailure on a hard IO error, memory error, or crypto error. |
2184 * Does NOT return SECWouldBlock. | 2238 * Does NOT return SECWouldBlock. |
2185 * | 2239 * |
2186 * Notes on the use of the private ssl flags: | 2240 * Notes on the use of the private ssl flags: |
2187 * (no private SSL flags) | 2241 * (no private SSL flags) |
2188 * Attempt to make and send SSL records for all plaintext | 2242 * Attempt to make and send SSL records for all plaintext |
2189 * If non-blocking and a send gets WOULD_BLOCK, | 2243 * If non-blocking and a send gets WOULD_BLOCK, |
2190 * or if the pending (ciphertext) buffer is not empty, | 2244 * or if the pending (ciphertext) buffer is not empty, |
2191 * then buffer remaining bytes of ciphertext into pending buf, | 2245 * then buffer remaining bytes of ciphertext into pending buf, |
2192 * and continue to do that for all succssive records until all | 2246 * and continue to do that for all succssive records until all |
2193 * bytes are used. | 2247 * bytes are used. |
2194 * ssl_SEND_FLAG_FORCE_INTO_BUFFER | 2248 * ssl_SEND_FLAG_FORCE_INTO_BUFFER |
2195 * As above, except this suppresses all write attempts, and forces | 2249 * As above, except this suppresses all write attempts, and forces |
2196 * all ciphertext into the pending ciphertext buffer. | 2250 * all ciphertext into the pending ciphertext buffer. |
2251 * ssl_SEND_FLAG_USE_EPOCH (for DTLS) | |
2252 * Forces the use of the provided epoch | |
2197 * | 2253 * |
2198 */ | 2254 */ |
2199 static PRInt32 | 2255 PRInt32 |
2200 ssl3_SendRecord( sslSocket * ss, | 2256 ssl3_SendRecord( sslSocket * ss, |
2257 DTLSEpoch epoch, /* DTLS only */ | |
2201 SSL3ContentType type, | 2258 SSL3ContentType type, |
2202 const SSL3Opaque * pIn, /* input buffer */ | 2259 const SSL3Opaque * pIn, /* input buffer */ |
2203 PRInt32 nIn, /* bytes of input */ | 2260 PRInt32 nIn, /* bytes of input */ |
2204 PRInt32 flags) | 2261 PRInt32 flags) |
2205 { | 2262 { |
2206 sslBuffer * wrBuf = &ss->sec.writeBuf; | 2263 sslBuffer * wrBuf = &ss->sec.writeBuf; |
2207 SECStatus rv; | 2264 SECStatus rv; |
2208 PRInt32 totalSent = 0; | 2265 PRInt32 totalSent = 0; |
2209 | 2266 |
2210 SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d", | 2267 SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d", |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2262 SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes", | 2319 SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes", |
2263 SSL_GETPID(), ss->fd, spaceNeeded)); | 2320 SSL_GETPID(), ss->fd, spaceNeeded)); |
2264 goto spec_locked_loser; /* sslBuffer_Grow set error code. */ | 2321 goto spec_locked_loser; /* sslBuffer_Grow set error code. */ |
2265 } | 2322 } |
2266 } | 2323 } |
2267 | 2324 |
2268 if (numRecords == 2) { | 2325 if (numRecords == 2) { |
2269 sslBuffer secondRecord; | 2326 sslBuffer secondRecord; |
2270 | 2327 |
2271 rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, | 2328 rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, |
2272 » ss->sec.isServer, type, pIn, 1, | 2329 » ss->sec.isServer, |
2330 » » » » » IS_DTLS(ss), | |
2331 » » » » » type, pIn, 1, | |
2273 wrBuf); | 2332 wrBuf); |
2274 if (rv != SECSuccess) | 2333 if (rv != SECSuccess) |
2275 goto spec_locked_loser; | 2334 goto spec_locked_loser; |
2276 | 2335 |
2277 PRINT_BUF(50, (ss, "send (encrypted) record data [1/2]:", | 2336 PRINT_BUF(50, (ss, "send (encrypted) record data [1/2]:", |
2278 wrBuf->buf, wrBuf->len)); | 2337 wrBuf->buf, wrBuf->len)); |
2279 | 2338 |
2280 secondRecord.buf = wrBuf->buf + wrBuf->len; | 2339 secondRecord.buf = wrBuf->buf + wrBuf->len; |
2281 secondRecord.len = 0; | 2340 secondRecord.len = 0; |
2282 secondRecord.space = wrBuf->space - wrBuf->len; | 2341 secondRecord.space = wrBuf->space - wrBuf->len; |
2283 | 2342 |
2284 rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, | 2343 rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, |
2285 » ss->sec.isServer, type, pIn + 1, | 2344 » ss->sec.isServer, |
2345 » » » » » IS_DTLS(ss), | |
2346 » » » » » type, pIn + 1, | |
2286 contentLen - 1, &secondRecord); | 2347 contentLen - 1, &secondRecord); |
2287 if (rv == SECSuccess) { | 2348 if (rv == SECSuccess) { |
2288 PRINT_BUF(50, (ss, "send (encrypted) record data [2/2]:", | 2349 PRINT_BUF(50, (ss, "send (encrypted) record data [2/2]:", |
2289 secondRecord.buf, secondRecord.len)); | 2350 secondRecord.buf, secondRecord.len)); |
2290 wrBuf->len += secondRecord.len; | 2351 wrBuf->len += secondRecord.len; |
2291 } | 2352 } |
2292 } else { | 2353 } else { |
2293 » rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, | 2354 » if (!IS_DTLS(ss)) { |
2294 » ss->sec.isServer, type, pIn, | 2355 » » rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, |
2295 » contentLen, wrBuf); | 2356 » » » » » » ss->sec.isServer, |
2357 » » » » » » IS_DTLS(ss), | |
2358 » » » » » » type, pIn, | |
2359 » » » » » » contentLen, wrBuf); | |
2360 » } | |
2361 » else { | |
2362 » » rv = dtls_CompressMACEncryptRecord(ss, epoch, | |
2363 » » » » » » !!(flags & ssl_SEND_FLAG_USE_ EPOCH), | |
2364 » » » » » » type, pIn, | |
2365 » » » » » » contentLen, wrBuf); | |
2366 » } | |
2367 » | |
2296 if (rv == SECSuccess) { | 2368 if (rv == SECSuccess) { |
2297 PRINT_BUF(50, (ss, "send (encrypted) record data:", | 2369 PRINT_BUF(50, (ss, "send (encrypted) record data:", |
2298 wrBuf->buf, wrBuf->len)); | 2370 wrBuf->buf, wrBuf->len)); |
2299 } | 2371 } |
2300 } | 2372 } |
2301 | 2373 |
2302 spec_locked_loser: | 2374 spec_locked_loser: |
2303 ssl_ReleaseSpecReadLock(ss); /************************************/ | 2375 ssl_ReleaseSpecReadLock(ss); /************************************/ |
2304 | 2376 |
2305 if (rv != SECSuccess) | 2377 if (rv != SECSuccess) |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2343 if (sent < 0) { | 2415 if (sent < 0) { |
2344 if (PR_GetError() != PR_WOULD_BLOCK_ERROR) { | 2416 if (PR_GetError() != PR_WOULD_BLOCK_ERROR) { |
2345 ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE); | 2417 ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE); |
2346 return SECFailure; | 2418 return SECFailure; |
2347 } | 2419 } |
2348 /* we got PR_WOULD_BLOCK_ERROR, which means none was sent. */ | 2420 /* we got PR_WOULD_BLOCK_ERROR, which means none was sent. */ |
2349 sent = 0; | 2421 sent = 0; |
2350 } | 2422 } |
2351 wrBuf->len -= sent; | 2423 wrBuf->len -= sent; |
2352 if (wrBuf->len) { | 2424 if (wrBuf->len) { |
2425 if (IS_DTLS(ss)) { | |
2426 /* DTLS just says no in this case. No buffering */ | |
2427 PR_SetError(PR_WOULD_BLOCK_ERROR, 0); | |
2428 return SECFailure; | |
2429 } | |
2353 /* now take all the remaining unsent new ciphertext and | 2430 /* now take all the remaining unsent new ciphertext and |
2354 * append it to the buffer of previously unsent ciphertext. | 2431 * append it to the buffer of previously unsent ciphertext. |
2355 */ | 2432 */ |
2356 rv = ssl_SaveWriteData(ss, wrBuf->buf + sent, wrBuf->len); | 2433 rv = ssl_SaveWriteData(ss, wrBuf->buf + sent, wrBuf->len); |
2357 if (rv != SECSuccess) { | 2434 if (rv != SECSuccess) { |
2358 /* presumably a memory error, SEC_ERROR_NO_MEMORY */ | 2435 /* presumably a memory error, SEC_ERROR_NO_MEMORY */ |
2359 return SECFailure; | 2436 return SECFailure; |
2360 } | 2437 } |
2361 } | 2438 } |
2362 } | 2439 } |
2363 totalSent += contentLen; | 2440 totalSent += contentLen; |
2364 } | 2441 } |
2365 return totalSent; | 2442 return totalSent; |
2366 } | 2443 } |
2367 | 2444 |
2368 #define SSL3_PENDING_HIGH_WATER 1024 | 2445 #define SSL3_PENDING_HIGH_WATER 1024 |
2369 | 2446 |
2370 /* Attempt to send the content of "in" in an SSL application_data record. | 2447 /* Attempt to send the content of "in" in an SSL application_data record. |
2371 * Returns "len" or SECFailure, never SECWouldBlock, nor SECSuccess. | 2448 * Returns "len" or SECFailure, never SECWouldBlock, nor SECSuccess. |
2372 */ | 2449 */ |
2373 int | 2450 int |
2374 ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in, | 2451 ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in, |
2375 PRInt32 len, PRInt32 flags) | 2452 PRInt32 len, PRInt32 flags) |
2376 { | 2453 { |
2377 PRInt32 totalSent = 0; | 2454 PRInt32 totalSent = 0; |
2378 PRInt32 discarded = 0; | 2455 PRInt32 discarded = 0; |
2379 | 2456 |
2380 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | 2457 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
2458 /* These flags for internal use only */ | |
2459 PORT_Assert( !(flags & (ssl_SEND_FLAG_USE_EPOCH | | |
2460 ssl_SEND_FLAG_NO_RETRANSMIT))); | |
2381 if (len < 0 || !in) { | 2461 if (len < 0 || !in) { |
2382 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); | 2462 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); |
2383 return SECFailure; | 2463 return SECFailure; |
2384 } | 2464 } |
2385 | 2465 |
2386 if (ss->pendingBuf.len > SSL3_PENDING_HIGH_WATER && | 2466 if (ss->pendingBuf.len > SSL3_PENDING_HIGH_WATER && |
2387 !ssl_SocketIsBlocking(ss)) { | 2467 !ssl_SocketIsBlocking(ss)) { |
2388 PORT_Assert(!ssl_SocketIsBlocking(ss)); | 2468 PORT_Assert(!ssl_SocketIsBlocking(ss)); |
2389 PORT_SetError(PR_WOULD_BLOCK_ERROR); | 2469 PORT_SetError(PR_WOULD_BLOCK_ERROR); |
2390 return SECFailure; | 2470 return SECFailure; |
(...skipping 17 matching lines...) Expand all Loading... | |
2408 * The thread yield is intended to give the reader thread a | 2488 * The thread yield is intended to give the reader thread a |
2409 * chance to get some cycles while the writer thread is in | 2489 * chance to get some cycles while the writer thread is in |
2410 * the middle of a large application data write. (See | 2490 * the middle of a large application data write. (See |
2411 * Bugzilla bug 127740, comment #1.) | 2491 * Bugzilla bug 127740, comment #1.) |
2412 */ | 2492 */ |
2413 ssl_ReleaseXmitBufLock(ss); | 2493 ssl_ReleaseXmitBufLock(ss); |
2414 PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield(); */ | 2494 PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield(); */ |
2415 ssl_GetXmitBufLock(ss); | 2495 ssl_GetXmitBufLock(ss); |
2416 } | 2496 } |
2417 toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH); | 2497 toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH); |
2418 » sent = ssl3_SendRecord(ss, content_application_data, | 2498 » /* |
2499 » * Note that the 0 epoch is OK because flags will never | |
2500 » * require its use, as guaranteed by the PORT_Assert | |
2501 » * above | |
2502 » */ | |
2503 » sent = ssl3_SendRecord(ss, 0, content_application_data, | |
2419 in + totalSent, toSend, flags); | 2504 in + totalSent, toSend, flags); |
2420 if (sent < 0) { | 2505 if (sent < 0) { |
2421 if (totalSent > 0 && PR_GetError() == PR_WOULD_BLOCK_ERROR) { | 2506 if (totalSent > 0 && PR_GetError() == PR_WOULD_BLOCK_ERROR) { |
2422 PORT_Assert(ss->lastWriteBlocked); | 2507 PORT_Assert(ss->lastWriteBlocked); |
2423 break; | 2508 break; |
2424 } | 2509 } |
2425 return SECFailure; /* error code set by ssl3_SendRecord */ | 2510 return SECFailure; /* error code set by ssl3_SendRecord */ |
2426 } | 2511 } |
2427 totalSent += sent; | 2512 totalSent += sent; |
2428 if (ss->pendingBuf.len) { | 2513 if (ss->pendingBuf.len) { |
(...skipping 14 matching lines...) Expand all Loading... | |
2443 if (totalSent <= 0) { | 2528 if (totalSent <= 0) { |
2444 PORT_SetError(PR_WOULD_BLOCK_ERROR); | 2529 PORT_SetError(PR_WOULD_BLOCK_ERROR); |
2445 totalSent = SECFailure; | 2530 totalSent = SECFailure; |
2446 } | 2531 } |
2447 return totalSent; | 2532 return totalSent; |
2448 } | 2533 } |
2449 ss->appDataBuffered = 0; | 2534 ss->appDataBuffered = 0; |
2450 return totalSent + discarded; | 2535 return totalSent + discarded; |
2451 } | 2536 } |
2452 | 2537 |
2453 /* Attempt to send the content of sendBuf buffer in an SSL handshake record. | 2538 /* Attempt to send buffered handshake messages. |
2454 * This function returns SECSuccess or SECFailure, never SECWouldBlock. | 2539 * This function returns SECSuccess or SECFailure, never SECWouldBlock. |
2455 * Always set sendBuf.len to 0, even when returning SECFailure. | 2540 * Always set sendBuf.len to 0, even when returning SECFailure. |
2456 * | 2541 * |
2542 * Depending on whether we are doing DTLS or not, this either calls | |
2543 * | |
2544 * - ssl3_FlushHandshake if non-DTLS | |
2545 * - dtls_FlushHandshake if DTLS | |
2546 * | |
2457 * Called from SSL3_SendAlert(), ssl3_SendChangeCipherSpecs(), | 2547 * Called from SSL3_SendAlert(), ssl3_SendChangeCipherSpecs(), |
2458 * ssl3_AppendHandshake(), ssl3_SendClientHello(), | 2548 * ssl3_AppendHandshake(), ssl3_SendClientHello(), |
2459 * ssl3_SendHelloRequest(), ssl3_SendServerHelloDone(), | 2549 * ssl3_SendHelloRequest(), ssl3_SendServerHelloDone(), |
2460 * ssl3_SendFinished(), | 2550 * ssl3_SendFinished(), |
2461 */ | 2551 */ |
2462 static SECStatus | 2552 static SECStatus |
2463 ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags) | 2553 ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags) |
2464 { | 2554 { |
2555 if (IS_DTLS(ss)) { | |
2556 return dtls_FlushHandshakeMessages(ss, flags); | |
2557 } else { | |
2558 return ssl3_FlushHandshakeMessages(ss, flags); | |
2559 } | |
2560 } | |
2561 | |
2562 /* Attempt to send the content of sendBuf buffer in an SSL handshake record. | |
2563 * This function returns SECSuccess or SECFailure, never SECWouldBlock. | |
2564 * Always set sendBuf.len to 0, even when returning SECFailure. | |
2565 * | |
2566 * Called from ssl3_FlushHandshake | |
2567 */ | |
2568 static SECStatus | |
2569 ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) | |
2570 { | |
2465 PRInt32 rv = SECSuccess; | 2571 PRInt32 rv = SECSuccess; |
2466 | 2572 |
2467 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 2573 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
2468 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | 2574 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
2469 | 2575 |
2470 if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len) | 2576 if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len) |
2471 return rv; | 2577 return rv; |
2472 | 2578 |
2473 /* only this flag is allowed */ | 2579 /* only this flag is allowed */ |
2474 PORT_Assert(!(flags & ~ssl_SEND_FLAG_FORCE_INTO_BUFFER)); | 2580 PORT_Assert(!(flags & ~ssl_SEND_FLAG_FORCE_INTO_BUFFER)); |
2475 if ((flags & ~ssl_SEND_FLAG_FORCE_INTO_BUFFER) != 0) { | 2581 if ((flags & ~ssl_SEND_FLAG_FORCE_INTO_BUFFER) != 0) { |
2476 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 2582 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
2477 rv = SECFailure; | 2583 rv = SECFailure; |
2478 } else { | 2584 } else { |
2479 » rv = ssl3_SendRecord(ss, content_handshake, ss->sec.ci.sendBuf.buf, | 2585 » rv = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, |
2480 ss->sec.ci.sendBuf.len, flags); | 2586 ss->sec.ci.sendBuf.len, flags); |
2481 } | 2587 } |
2482 if (rv < 0) { | 2588 if (rv < 0) { |
2483 int err = PORT_GetError(); | 2589 int err = PORT_GetError(); |
2484 PORT_Assert(err != PR_WOULD_BLOCK_ERROR); | 2590 PORT_Assert(err != PR_WOULD_BLOCK_ERROR); |
2485 if (err == PR_WOULD_BLOCK_ERROR) { | 2591 if (err == PR_WOULD_BLOCK_ERROR) { |
2486 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 2592 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
2487 } | 2593 } |
2488 } else if (rv < ss->sec.ci.sendBuf.len) { | 2594 } else if (rv < ss->sec.ci.sendBuf.len) { |
2489 /* short write should never happen */ | 2595 /* short write should never happen */ |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2586 ssl_GetSSL3HandshakeLock(ss); | 2692 ssl_GetSSL3HandshakeLock(ss); |
2587 if (level == alert_fatal) { | 2693 if (level == alert_fatal) { |
2588 if (ss->sec.ci.sid) { | 2694 if (ss->sec.ci.sid) { |
2589 ss->sec.uncache(ss->sec.ci.sid); | 2695 ss->sec.uncache(ss->sec.ci.sid); |
2590 } | 2696 } |
2591 } | 2697 } |
2592 ssl_GetXmitBufLock(ss); | 2698 ssl_GetXmitBufLock(ss); |
2593 rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER); | 2699 rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER); |
2594 if (rv == SECSuccess) { | 2700 if (rv == SECSuccess) { |
2595 PRInt32 sent; | 2701 PRInt32 sent; |
2596 » sent = ssl3_SendRecord(ss, content_alert, bytes, 2, | 2702 » sent = ssl3_SendRecord(ss, 0, content_alert, bytes, 2, |
2597 desc == no_certificate | 2703 desc == no_certificate |
2598 ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0); | 2704 ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0); |
2599 rv = (sent >= 0) ? SECSuccess : (SECStatus)sent; | 2705 rv = (sent >= 0) ? SECSuccess : (SECStatus)sent; |
2600 } | 2706 } |
2601 ssl_ReleaseXmitBufLock(ss); | 2707 ssl_ReleaseXmitBufLock(ss); |
2602 ssl_ReleaseSSL3HandshakeLock(ss); | 2708 ssl_ReleaseSSL3HandshakeLock(ss); |
2603 return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */ | 2709 return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */ |
2604 } | 2710 } |
2605 | 2711 |
2606 /* | 2712 /* |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2660 SSL_DBG(("%d: SSL3[%d]: peer certificate is no good: error=%d", | 2766 SSL_DBG(("%d: SSL3[%d]: peer certificate is no good: error=%d", |
2661 SSL_GETPID(), ss->fd, errCode)); | 2767 SSL_GETPID(), ss->fd, errCode)); |
2662 | 2768 |
2663 (void) SSL3_SendAlert(ss, alert_fatal, desc); | 2769 (void) SSL3_SendAlert(ss, alert_fatal, desc); |
2664 } | 2770 } |
2665 | 2771 |
2666 | 2772 |
2667 /* | 2773 /* |
2668 * Send handshake_Failure alert. Set generic error number. | 2774 * Send handshake_Failure alert. Set generic error number. |
2669 */ | 2775 */ |
2670 static SECStatus | 2776 SECStatus |
2671 ssl3_DecodeError(sslSocket *ss) | 2777 ssl3_DecodeError(sslSocket *ss) |
2672 { | 2778 { |
2673 (void)SSL3_SendAlert(ss, alert_fatal, | 2779 (void)SSL3_SendAlert(ss, alert_fatal, |
2674 ss->version > SSL_LIBRARY_VERSION_3_0 ? decode_error | 2780 ss->version > SSL_LIBRARY_VERSION_3_0 ? decode_error |
2675 : illegal_parameter); | 2781 : illegal_parameter); |
2676 PORT_SetError( ss->sec.isServer ? SSL_ERROR_BAD_CLIENT | 2782 PORT_SetError( ss->sec.isServer ? SSL_ERROR_BAD_CLIENT |
2677 : SSL_ERROR_BAD_SERVER ); | 2783 : SSL_ERROR_BAD_SERVER ); |
2678 return SECFailure; | 2784 return SECFailure; |
2679 } | 2785 } |
2680 | 2786 |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2748 error = SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT; break; | 2854 error = SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT; break; |
2749 case unrecognized_name: | 2855 case unrecognized_name: |
2750 error = SSL_ERROR_UNRECOGNIZED_NAME_ALERT; break; | 2856 error = SSL_ERROR_UNRECOGNIZED_NAME_ALERT; break; |
2751 case bad_certificate_status_response: | 2857 case bad_certificate_status_response: |
2752 error = SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT; break; | 2858 error = SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT; break; |
2753 case bad_certificate_hash_value: | 2859 case bad_certificate_hash_value: |
2754 error = SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT; break; | 2860 error = SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT; break; |
2755 default: error = SSL_ERROR_RX_UNKNOWN_ALERT; break; | 2861 default: error = SSL_ERROR_RX_UNKNOWN_ALERT; break; |
2756 } | 2862 } |
2757 if (level == alert_fatal) { | 2863 if (level == alert_fatal) { |
2758 » ss->sec.uncache(ss->sec.ci.sid); | 2864 » if (!ss->opt.noCache) |
2865 » ss->sec.uncache(ss->sec.ci.sid); | |
2759 if ((ss->ssl3.hs.ws == wait_server_hello) && | 2866 if ((ss->ssl3.hs.ws == wait_server_hello) && |
2760 (desc == handshake_failure)) { | 2867 (desc == handshake_failure)) { |
2761 /* XXX This is a hack. We're assuming that any handshake failure | 2868 /* XXX This is a hack. We're assuming that any handshake failure |
2762 * XXX on the client hello is a failure to match ciphers. | 2869 * XXX on the client hello is a failure to match ciphers. |
2763 */ | 2870 */ |
2764 error = SSL_ERROR_NO_CYPHER_OVERLAP; | 2871 error = SSL_ERROR_NO_CYPHER_OVERLAP; |
2765 } | 2872 } |
2766 PORT_SetError(error); | 2873 PORT_SetError(error); |
2767 return SECFailure; | 2874 return SECFailure; |
2768 } | 2875 } |
(...skipping 30 matching lines...) Expand all Loading... | |
2799 SSL_TRC(3, ("%d: SSL3[%d]: send change_cipher_spec record", | 2906 SSL_TRC(3, ("%d: SSL3[%d]: send change_cipher_spec record", |
2800 SSL_GETPID(), ss->fd)); | 2907 SSL_GETPID(), ss->fd)); |
2801 | 2908 |
2802 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | 2909 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
2803 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 2910 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
2804 | 2911 |
2805 rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER); | 2912 rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER); |
2806 if (rv != SECSuccess) { | 2913 if (rv != SECSuccess) { |
2807 return rv; /* error code set by ssl3_FlushHandshake */ | 2914 return rv; /* error code set by ssl3_FlushHandshake */ |
2808 } | 2915 } |
2809 sent = ssl3_SendRecord(ss, content_change_cipher_spec, &change, 1, | 2916 if (!IS_DTLS(ss)) { |
2810 ssl_SEND_FLAG_FORCE_INTO_BUFFER); | 2917 sent = ssl3_SendRecord(ss, 0, content_change_cipher_spec, &change, 1, |
2811 if (sent < 0) { | 2918 ssl_SEND_FLAG_FORCE_INTO_BUFFER); |
2812 » return (SECStatus)sent;»/* error code set by ssl3_SendRecord */ | 2919 if (sent < 0) { |
2920 return (SECStatus)sent;» /* error code set by ssl3_SendRecord */ | |
2921 } | |
2922 } else { | |
2923 rv = dtls_QueueMessage(ss, content_change_cipher_spec, &change, 1); | |
2924 if (rv != SECSuccess) | |
2925 return rv; | |
2813 } | 2926 } |
2814 | 2927 |
2815 /* swap the pending and current write specs. */ | 2928 /* swap the pending and current write specs. */ |
2816 ssl_GetSpecWriteLock(ss); /**************************************/ | 2929 ssl_GetSpecWriteLock(ss); /**************************************/ |
2817 pwSpec = ss->ssl3.pwSpec; | 2930 pwSpec = ss->ssl3.pwSpec; |
2818 pwSpec->write_seq_num.high = 0; | |
2819 pwSpec->write_seq_num.low = 0; | |
wtc
2012/03/21 23:12:16
IMPORTANT: Where did this go? Same question for l
ekr
2012/03/22 15:07:17
I claim that I moved these to ssl_InitPendingSpec:
wtc
2012/03/22 20:09:20
Thank you for confirming this.
| |
2820 | 2931 |
2821 ss->ssl3.pwSpec = ss->ssl3.cwSpec; | 2932 ss->ssl3.pwSpec = ss->ssl3.cwSpec; |
2822 ss->ssl3.cwSpec = pwSpec; | 2933 ss->ssl3.cwSpec = pwSpec; |
2823 | 2934 |
2824 SSL_TRC(3, ("%d: SSL3[%d] Set Current Write Cipher Suite to Pending", | 2935 SSL_TRC(3, ("%d: SSL3[%d] Set Current Write Cipher Suite to Pending", |
2825 SSL_GETPID(), ss->fd )); | 2936 SSL_GETPID(), ss->fd )); |
2826 | 2937 |
2827 /* We need to free up the contexts, keys and certs ! */ | 2938 /* We need to free up the contexts, keys and certs ! */ |
2828 /* If we are really through with the old cipher spec | 2939 /* If we are really through with the old cipher spec |
2829 * (Both the read and write sides have changed) destroy it. | 2940 * (Both the read and write sides have changed) destroy it. |
2830 */ | 2941 */ |
2831 if (ss->ssl3.prSpec == ss->ssl3.pwSpec) { | 2942 if ( ss->ssl3.prSpec == ss->ssl3.pwSpec ) { |
2832 » ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE/*freeSrvName*/); | 2943 » if (!IS_DTLS(ss)) { |
2944 » ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE/*freeSrvName*/); | |
2945 » } else { | |
2946 » /* With DTLS, we need to set a holddown timer in case the final | |
2947 » * message got lost */ | |
2948 » ss->ssl3.hs.rtTimeoutMs = DTLS_FINISHED_TIMER_MS; | |
2949 » dtls_StartTimer(ss, dtls_FinishedTimerCb); | |
2950 » } | |
2833 } | 2951 } |
2834 ssl_ReleaseSpecWriteLock(ss); /**************************************/ | 2952 ssl_ReleaseSpecWriteLock(ss); /**************************************/ |
2835 | 2953 |
2836 return SECSuccess; | 2954 return SECSuccess; |
2837 } | 2955 } |
2838 | 2956 |
2839 /* Called from ssl3_HandleRecord. | 2957 /* Called from ssl3_HandleRecord. |
2840 ** Caller must hold both RecvBuf and Handshake locks. | 2958 ** Caller must hold both RecvBuf and Handshake locks. |
2841 * | 2959 * |
2842 * Acquires and releases spec write lock, to protect switching the current | 2960 * Acquires and releases spec write lock, to protect switching the current |
(...skipping 28 matching lines...) Expand all Loading... | |
2871 /* illegal_parameter is correct here for both SSL3 and TLS. */ | 2989 /* illegal_parameter is correct here for both SSL3 and TLS. */ |
2872 (void)ssl3_IllegalParameter(ss); | 2990 (void)ssl3_IllegalParameter(ss); |
2873 PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); | 2991 PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); |
2874 return SECFailure; | 2992 return SECFailure; |
2875 } | 2993 } |
2876 buf->len = 0; | 2994 buf->len = 0; |
2877 | 2995 |
2878 /* Swap the pending and current read specs. */ | 2996 /* Swap the pending and current read specs. */ |
2879 ssl_GetSpecWriteLock(ss); /*************************************/ | 2997 ssl_GetSpecWriteLock(ss); /*************************************/ |
2880 prSpec = ss->ssl3.prSpec; | 2998 prSpec = ss->ssl3.prSpec; |
2881 prSpec->read_seq_num.high = prSpec->read_seq_num.low = 0; | |
2882 | 2999 |
2883 ss->ssl3.prSpec = ss->ssl3.crSpec; | 3000 ss->ssl3.prSpec = ss->ssl3.crSpec; |
2884 ss->ssl3.crSpec = prSpec; | 3001 ss->ssl3.crSpec = prSpec; |
2885 | 3002 |
2886 if (ss->sec.isServer && | 3003 if (ss->sec.isServer && |
2887 ss->opt.requestCertificate && | 3004 ss->opt.requestCertificate && |
2888 ssl3_ExtensionNegotiated(ss, ssl_encrypted_client_certs)) { | 3005 ssl3_ExtensionNegotiated(ss, ssl_encrypted_client_certs)) { |
2889 ss->ssl3.hs.ws = wait_client_cert; | 3006 ss->ssl3.hs.ws = wait_client_cert; |
2890 } else { | 3007 } else { |
2891 ss->ssl3.hs.ws = wait_finished; | 3008 ss->ssl3.hs.ws = wait_finished; |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2974 keyData->data, keyData->len); | 3091 keyData->data, keyData->len); |
2975 } | 3092 } |
2976 } | 3093 } |
2977 } | 3094 } |
2978 #endif | 3095 #endif |
2979 pwSpec->master_secret = PK11_DeriveWithFlags(pms, master_derive, | 3096 pwSpec->master_secret = PK11_DeriveWithFlags(pms, master_derive, |
2980 ¶ms, key_derive, CKA_DERIVE, 0, keyFlags); | 3097 ¶ms, key_derive, CKA_DERIVE, 0, keyFlags); |
2981 if (!isDH && pwSpec->master_secret && ss->opt.detectRollBack) { | 3098 if (!isDH && pwSpec->master_secret && ss->opt.detectRollBack) { |
2982 SSL3ProtocolVersion client_version; | 3099 SSL3ProtocolVersion client_version; |
2983 client_version = pms_version.major << 8 | pms_version.minor; | 3100 client_version = pms_version.major << 8 | pms_version.minor; |
3101 | |
3102 if (IS_DTLS(ss)) { | |
3103 client_version = dtls_DTLSVersionToTLSVersion(client_version); | |
3104 } | |
3105 | |
2984 if (client_version != ss->clientHelloVersion) { | 3106 if (client_version != ss->clientHelloVersion) { |
2985 /* Destroy it. Version roll-back detected. */ | 3107 /* Destroy it. Version roll-back detected. */ |
2986 PK11_FreeSymKey(pwSpec->master_secret); | 3108 PK11_FreeSymKey(pwSpec->master_secret); |
2987 pwSpec->master_secret = NULL; | 3109 pwSpec->master_secret = NULL; |
2988 } | 3110 } |
2989 } | 3111 } |
2990 if (pwSpec->master_secret == NULL) { | 3112 if (pwSpec->master_secret == NULL) { |
2991 /* Generate a faux master secret in the same slot as the old one. */ | 3113 /* Generate a faux master secret in the same slot as the old one. */ |
2992 PK11SlotInfo * slot = PK11_GetSlotFromKey((PK11SymKey *)pms); | 3114 PK11SlotInfo * slot = PK11_GetSlotFromKey((PK11SymKey *)pms); |
2993 PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot); | 3115 PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot); |
(...skipping 404 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3398 SSL_TRC(60, ("data:")); | 3520 SSL_TRC(60, ("data:")); |
3399 rv = ssl3_AppendHandshake(ss, src, bytes); | 3521 rv = ssl3_AppendHandshake(ss, src, bytes); |
3400 return rv; /* error code set by AppendHandshake, if applicable. */ | 3522 return rv; /* error code set by AppendHandshake, if applicable. */ |
3401 } | 3523 } |
3402 | 3524 |
3403 SECStatus | 3525 SECStatus |
3404 ssl3_AppendHandshakeHeader(sslSocket *ss, SSL3HandshakeType t, PRUint32 length) | 3526 ssl3_AppendHandshakeHeader(sslSocket *ss, SSL3HandshakeType t, PRUint32 length) |
3405 { | 3527 { |
3406 SECStatus rv; | 3528 SECStatus rv; |
3407 | 3529 |
3530 /* If we already have a message in place, we need to enqueue it. | |
3531 * This empties the buffer | |
3532 */ | |
3533 if (IS_DTLS(ss)) { | |
3534 rv = dtls_StageHandshakeMessage(ss); | |
3535 if (rv != SECSuccess) | |
3536 return rv; | |
3537 } | |
3538 | |
3408 SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s", | 3539 SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s", |
3409 SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t))); | 3540 SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t))); |
3410 PRINT_BUF(60, (ss, "MD5 handshake hash:", | 3541 PRINT_BUF(60, (ss, "MD5 handshake hash:", |
3411 (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH)); | 3542 (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH)); |
3412 PRINT_BUF(95, (ss, "SHA handshake hash:", | 3543 PRINT_BUF(95, (ss, "SHA handshake hash:", |
3413 (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH)); | 3544 (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH)); |
3414 | 3545 |
3415 rv = ssl3_AppendHandshakeNumber(ss, t, 1); | 3546 rv = ssl3_AppendHandshakeNumber(ss, t, 1); |
3416 if (rv != SECSuccess) { | 3547 if (rv != SECSuccess) { |
3417 return rv; /* error code set by AppendHandshake, if applicable. */ | 3548 return rv; /* error code set by AppendHandshake, if applicable. */ |
3418 } | 3549 } |
3419 rv = ssl3_AppendHandshakeNumber(ss, length, 3); | 3550 rv = ssl3_AppendHandshakeNumber(ss, length, 3); |
3551 if (rv != SECSuccess) { | |
3552 return rv; /* error code set by AppendHandshake, if applicable. */ | |
3553 } | |
3554 | |
3555 if (IS_DTLS(ss)) { | |
3556 /* Note that we make an unfragmented message here. We fragment in the | |
3557 * transmission code, if necessary */ | |
3558 rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.sendMessageSeq, 2); | |
3559 if (rv != SECSuccess) { | |
3560 return rv; /* error code set by AppendHandshake, if applicable. */ | |
3561 } | |
3562 ss->ssl3.hs.sendMessageSeq++; | |
3563 | |
3564 /* 0 is the fragment offset, because it's not fragmented yet */ | |
3565 rv = ssl3_AppendHandshakeNumber(ss, 0, 3); | |
3566 if (rv != SECSuccess) { | |
3567 return rv; /* error code set by AppendHandshake, if applicable. */ | |
3568 } | |
3569 | |
3570 /* Fragment length -- set to the packet length because not fragmented */ | |
3571 rv = ssl3_AppendHandshakeNumber(ss, length, 3); | |
3572 if (rv != SECSuccess) { | |
3573 return rv; /* error code set by AppendHandshake, if applicable. */ | |
3574 } | |
3575 } | |
3576 | |
3420 return rv; /* error code set by AppendHandshake, if applicable. */ | 3577 return rv; /* error code set by AppendHandshake, if applicable. */ |
3421 } | 3578 } |
3422 | 3579 |
3423 /************************************************************************** | 3580 /************************************************************************** |
3424 * Consume Handshake functions. | 3581 * Consume Handshake functions. |
3425 * | 3582 * |
3426 * All data used in these functions is protected by two locks, | 3583 * All data used in these functions is protected by two locks, |
3427 * the RecvBufLock and the SSL3HandshakeLock | 3584 * the RecvBufLock and the SSL3HandshakeLock |
3428 **************************************************************************/ | 3585 **************************************************************************/ |
3429 | 3586 |
(...skipping 386 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3816 } | 3973 } |
3817 | 3974 |
3818 /************************************************************************** | 3975 /************************************************************************** |
3819 * end of Handshake Hash functions. | 3976 * end of Handshake Hash functions. |
3820 * Begin Send and Handle functions for handshakes. | 3977 * Begin Send and Handle functions for handshakes. |
3821 **************************************************************************/ | 3978 **************************************************************************/ |
3822 | 3979 |
3823 /* Called from ssl3_HandleHelloRequest(), | 3980 /* Called from ssl3_HandleHelloRequest(), |
3824 * ssl3_RedoHandshake() | 3981 * ssl3_RedoHandshake() |
3825 * ssl2_BeginClientHandshake (when resuming ssl3 session) | 3982 * ssl2_BeginClientHandshake (when resuming ssl3 session) |
3983 * dtls_HandleHelloVerifyRequest(with resending=PR_TRUE) | |
3826 */ | 3984 */ |
3827 SECStatus | 3985 SECStatus |
3828 ssl3_SendClientHello(sslSocket *ss) | 3986 ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
3829 { | 3987 { |
3830 sslSessionID * sid; | 3988 sslSessionID * sid; |
3831 ssl3CipherSpec * cwSpec; | 3989 ssl3CipherSpec * cwSpec; |
3832 SECStatus rv; | 3990 SECStatus rv; |
3833 int i; | 3991 int i; |
3834 int length; | 3992 int length; |
3835 int num_suites; | 3993 int num_suites; |
3836 int actual_count = 0; | 3994 int actual_count = 0; |
3837 PRBool isTLS = PR_FALSE; | 3995 PRBool isTLS = PR_FALSE; |
3838 PRInt32 total_exten_len = 0; | 3996 PRInt32 total_exten_len = 0; |
3839 unsigned numCompressionMethods; | 3997 unsigned numCompressionMethods; |
3840 | 3998 |
3841 SSL_TRC(3, ("%d: SSL3[%d]: send client_hello handshake", SSL_GETPID(), | 3999 SSL_TRC(3, ("%d: SSL3[%d]: send client_hello handshake", SSL_GETPID(), |
3842 ss->fd)); | 4000 ss->fd)); |
3843 | 4001 |
3844 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 4002 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
3845 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | 4003 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
3846 | 4004 |
3847 rv = ssl3_InitState(ss); | 4005 rv = ssl3_InitState(ss); |
3848 if (rv != SECSuccess) { | 4006 if (rv != SECSuccess) { |
3849 return rv; /* ssl3_InitState has set the error code. */ | 4007 return rv; /* ssl3_InitState has set the error code. */ |
3850 } | 4008 } |
3851 ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ | 4009 ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ |
4010 PORT_Assert(IS_DTLS(ss) || !resending); | |
3852 | 4011 |
3853 /* We might be starting a session renegotiation in which case we should | 4012 /* We might be starting a session renegotiation in which case we should |
3854 * clear previous state. | 4013 * clear previous state. |
3855 */ | 4014 */ |
3856 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 4015 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
3857 | 4016 |
3858 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", | 4017 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", |
3859 SSL_GETPID(), ss->fd )); | 4018 SSL_GETPID(), ss->fd )); |
3860 rv = ssl3_RestartHandshakeHashes(ss); | 4019 rv = ssl3_RestartHandshakeHashes(ss); |
3861 if (rv != SECSuccess) { | 4020 if (rv != SECSuccess) { |
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4001 total_exten_len += 2; | 4160 total_exten_len += 2; |
4002 } | 4161 } |
4003 | 4162 |
4004 #if defined(NSS_ENABLE_ECC) && !defined(NSS_ECC_MORE_THAN_SUITE_B) | 4163 #if defined(NSS_ENABLE_ECC) && !defined(NSS_ECC_MORE_THAN_SUITE_B) |
4005 if (!total_exten_len || !isTLS) { | 4164 if (!total_exten_len || !isTLS) { |
4006 /* not sending the elliptic_curves and ec_point_formats extensions */ | 4165 /* not sending the elliptic_curves and ec_point_formats extensions */ |
4007 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ | 4166 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ |
4008 } | 4167 } |
4009 #endif | 4168 #endif |
4010 | 4169 |
4170 if (IS_DTLS(ss)) { | |
4171 ssl3_DisableNonDTLSSuites(ss); | |
4172 } | |
4173 | |
4011 /* how many suites are permitted by policy and user preference? */ | 4174 /* how many suites are permitted by policy and user preference? */ |
4012 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); | 4175 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); |
4013 if (!num_suites) | 4176 if (!num_suites) |
4014 return SECFailure; /* count_cipher_suites has set error code. */ | 4177 return SECFailure; /* count_cipher_suites has set error code. */ |
4015 if (ss->ssl3.hs.sendingSCSV) { | 4178 if (ss->ssl3.hs.sendingSCSV) { |
4016 ++num_suites; /* make room for SCSV */ | 4179 ++num_suites; /* make room for SCSV */ |
4017 } | 4180 } |
4018 | 4181 |
4019 /* count compression methods */ | 4182 /* count compression methods */ |
4020 numCompressionMethods = 0; | 4183 numCompressionMethods = 0; |
4021 for (i = 0; i < compressionMethodsCount; i++) { | 4184 for (i = 0; i < compressionMethodsCount; i++) { |
4022 if (compressionEnabled(ss, compressions[i])) | 4185 if (compressionEnabled(ss, compressions[i])) |
4023 numCompressionMethods++; | 4186 numCompressionMethods++; |
4024 } | 4187 } |
4025 | 4188 |
4026 length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH + | 4189 length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH + |
4027 1 + ((sid == NULL) ? 0 : sid->u.ssl3.sessionIDLength) + | 4190 1 + ((sid == NULL) ? 0 : sid->u.ssl3.sessionIDLength) + |
4028 2 + num_suites*sizeof(ssl3CipherSuite) + | 4191 2 + num_suites*sizeof(ssl3CipherSuite) + |
4029 1 + numCompressionMethods + total_exten_len; | 4192 1 + numCompressionMethods + total_exten_len; |
4193 if (IS_DTLS(ss)) { | |
4194 length += 1 + ss->ssl3.hs.cookieLen; | |
4195 } | |
4030 | 4196 |
4031 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); | 4197 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); |
4032 if (rv != SECSuccess) { | 4198 if (rv != SECSuccess) { |
4033 return rv; /* err set by ssl3_AppendHandshake* */ | 4199 return rv; /* err set by ssl3_AppendHandshake* */ |
4034 } | 4200 } |
4035 | 4201 |
4036 ss->clientHelloVersion = ss->version; | 4202 ss->clientHelloVersion = ss->version; |
4037 rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2); | 4203 if (IS_DTLS(ss)) { |
4204 » /* One's complement */ | |
4205 » PRUint16 version; | |
4206 | |
4207 » version = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion); | |
4208 » rv = ssl3_AppendHandshakeNumber(ss, version, 2); | |
4209 } else { | |
4210 » rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2); | |
4211 } | |
4038 if (rv != SECSuccess) { | 4212 if (rv != SECSuccess) { |
4039 return rv; /* err set by ssl3_AppendHandshake* */ | 4213 return rv; /* err set by ssl3_AppendHandshake* */ |
4040 } | 4214 } |
4041 rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random); | 4215 |
4042 if (rv != SECSuccess) { | 4216 if (!resending) { /* Don't re-generate if we are in DTLS re-sending mode */ |
4043 » return rv;» /* err set by GetNewRandom. */ | 4217 » rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random); |
4218 » if (rv != SECSuccess) { | |
4219 » return rv;» /* err set by GetNewRandom. */ | |
4220 » } | |
4044 } | 4221 } |
4045 rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random, | 4222 rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random, |
4046 SSL3_RANDOM_LENGTH); | 4223 SSL3_RANDOM_LENGTH); |
4047 if (rv != SECSuccess) { | 4224 if (rv != SECSuccess) { |
4048 return rv; /* err set by ssl3_AppendHandshake* */ | 4225 return rv; /* err set by ssl3_AppendHandshake* */ |
4049 } | 4226 } |
4050 | 4227 |
4051 if (sid) | 4228 if (sid) |
4052 rv = ssl3_AppendHandshakeVariable( | 4229 rv = ssl3_AppendHandshakeVariable( |
4053 ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); | 4230 ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); |
4054 else | 4231 else |
4055 rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); | 4232 rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); |
4056 if (rv != SECSuccess) { | 4233 if (rv != SECSuccess) { |
4057 return rv; /* err set by ssl3_AppendHandshake* */ | 4234 return rv; /* err set by ssl3_AppendHandshake* */ |
4058 } | 4235 } |
4059 | 4236 |
4237 if (IS_DTLS(ss)) { | |
4238 rv = ssl3_AppendHandshakeVariable( | |
4239 ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1); | |
4240 } | |
4241 if (rv != SECSuccess) { | |
4242 return rv; /* err set by ssl3_AppendHandshake* */ | |
4243 } | |
4244 | |
4060 rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2); | 4245 rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2); |
4061 if (rv != SECSuccess) { | 4246 if (rv != SECSuccess) { |
4062 return rv; /* err set by ssl3_AppendHandshake* */ | 4247 return rv; /* err set by ssl3_AppendHandshake* */ |
4063 } | 4248 } |
4064 | 4249 |
4065 if (ss->ssl3.hs.sendingSCSV) { | 4250 if (ss->ssl3.hs.sendingSCSV) { |
4066 /* Add the actual SCSV */ | 4251 /* Add the actual SCSV */ |
4067 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, | 4252 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, |
4068 sizeof(ssl3CipherSuite)); | 4253 sizeof(ssl3CipherSuite)); |
4069 if (rv != SECSuccess) { | 4254 if (rv != SECSuccess) { |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4173 PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); | 4358 PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); |
4174 return SECFailure; | 4359 return SECFailure; |
4175 } | 4360 } |
4176 | 4361 |
4177 if (sid) { | 4362 if (sid) { |
4178 ss->sec.uncache(sid); | 4363 ss->sec.uncache(sid); |
4179 ssl_FreeSID(sid); | 4364 ssl_FreeSID(sid); |
4180 ss->sec.ci.sid = NULL; | 4365 ss->sec.ci.sid = NULL; |
4181 } | 4366 } |
4182 | 4367 |
4368 if (IS_DTLS(ss)) { | |
4369 dtls_RehandshakeCleanup(ss); | |
4370 } | |
4371 | |
4183 ssl_GetXmitBufLock(ss); | 4372 ssl_GetXmitBufLock(ss); |
4184 rv = ssl3_SendClientHello(ss); | 4373 rv = ssl3_SendClientHello(ss, PR_FALSE); |
4185 ssl_ReleaseXmitBufLock(ss); | 4374 ssl_ReleaseXmitBufLock(ss); |
4186 | 4375 |
4187 return rv; | 4376 return rv; |
4188 } | 4377 } |
4189 | 4378 |
4190 #define UNKNOWN_WRAP_MECHANISM 0x7fffffff | 4379 #define UNKNOWN_WRAP_MECHANISM 0x7fffffff |
4191 | 4380 |
4192 static const CK_MECHANISM_TYPE wrapMechanismList[SSL_NUM_WRAP_MECHS] = { | 4381 static const CK_MECHANISM_TYPE wrapMechanismList[SSL_NUM_WRAP_MECHS] = { |
4193 CKM_DES3_ECB, | 4382 CKM_DES3_ECB, |
4194 CKM_CAST5_ECB, | 4383 CKM_CAST5_ECB, |
(...skipping 832 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5027 if (ss->ssl3.platformClientKey) { | 5216 if (ss->ssl3.platformClientKey) { |
5028 ssl_FreePlatformKey(ss->ssl3.platformClientKey); | 5217 ssl_FreePlatformKey(ss->ssl3.platformClientKey); |
5029 ss->ssl3.platformClientKey = (PlatformKey)NULL; | 5218 ss->ssl3.platformClientKey = (PlatformKey)NULL; |
5030 } | 5219 } |
5031 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 5220 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
5032 | 5221 |
5033 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); | 5222 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
5034 if (temp < 0) { | 5223 if (temp < 0) { |
5035 goto loser; /* alert has been sent */ | 5224 goto loser; /* alert has been sent */ |
5036 } | 5225 } |
5037 version = (SSL3ProtocolVersion)temp; | 5226 |
5227 if (!IS_DTLS(ss)) { | |
5228 » /* this is appropriate since the negotiation is complete, and we only | |
5229 » * know SSL 3.x. | |
5230 » */ | |
5231 version = (SSL3ProtocolVersion)temp; | |
5232 if (MSB(version) != MSB(SSL_LIBRARY_VERSION_3_0)) { | |
5233 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | |
5234 : handshake_failure; | |
5235 goto alert_loser; | |
5236 } | |
wtc
2012/03/21 23:12:16
Lines 5228-5230 and 5232-5236 have been removed by
| |
5237 } else { | |
5238 » /* RFC 4347 required that you verify that the server versions | |
5239 » * match (S 4.2.1) in the HelloVerifyRequest and the ServerHello | |
5240 » * | |
5241 » * RFC 6347 suggests (SHOULD) that servers always use 1.0 | |
5242 » * in HelloVerifyRequest and allows the versions not to match, | |
5243 » * esp. when 1.2 is being negotiated. | |
5244 » * | |
5245 » * Therefore we do not check for matching here. | |
5246 » */ | |
5247 version = dtls_DTLSVersionToTLSVersion(temp); | |
5248 if (version == 0) /* Insane version number */ | |
5249 goto alert_loser; | |
5250 } | |
5038 | 5251 |
5039 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); | 5252 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); |
5040 if (rv != SECSuccess) { | 5253 if (rv != SECSuccess) { |
5041 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | 5254 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
5042 : handshake_failure; | 5255 : handshake_failure; |
5043 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 5256 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
5044 goto alert_loser; | 5257 goto alert_loser; |
5045 } | 5258 } |
5046 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); | 5259 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); |
5047 | 5260 |
(...skipping 1209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6257 sslSessionID * sid = NULL; | 6470 sslSessionID * sid = NULL; |
6258 PRInt32 tmp; | 6471 PRInt32 tmp; |
6259 unsigned int i; | 6472 unsigned int i; |
6260 int j; | 6473 int j; |
6261 SECStatus rv; | 6474 SECStatus rv; |
6262 int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO; | 6475 int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO; |
6263 SSL3AlertDescription desc = illegal_parameter; | 6476 SSL3AlertDescription desc = illegal_parameter; |
6264 SSL3AlertLevel level = alert_fatal; | 6477 SSL3AlertLevel level = alert_fatal; |
6265 SSL3ProtocolVersion version; | 6478 SSL3ProtocolVersion version; |
6266 SECItem sidBytes = {siBuffer, NULL, 0}; | 6479 SECItem sidBytes = {siBuffer, NULL, 0}; |
6480 SECItem cookieBytes = {siBuffer, NULL, 0}; | |
6267 SECItem suites = {siBuffer, NULL, 0}; | 6481 SECItem suites = {siBuffer, NULL, 0}; |
6268 SECItem comps = {siBuffer, NULL, 0}; | 6482 SECItem comps = {siBuffer, NULL, 0}; |
6269 PRBool haveSpecWriteLock = PR_FALSE; | 6483 PRBool haveSpecWriteLock = PR_FALSE; |
6270 PRBool haveXmitBufLock = PR_FALSE; | 6484 PRBool haveXmitBufLock = PR_FALSE; |
6271 | 6485 |
6272 SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", | 6486 SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", |
6273 SSL_GETPID(), ss->fd)); | 6487 SSL_GETPID(), ss->fd)); |
6274 | 6488 |
6275 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 6489 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
6276 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 6490 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
6277 | 6491 |
6278 /* Get peer name of client */ | 6492 /* Get peer name of client */ |
6279 rv = ssl_GetPeerInfo(ss); | 6493 rv = ssl_GetPeerInfo(ss); |
6280 if (rv != SECSuccess) { | 6494 if (rv != SECSuccess) { |
6281 return rv; /* error code is set. */ | 6495 return rv; /* error code is set. */ |
6282 } | 6496 } |
6283 | 6497 |
6498 /* Clearing the handshake pointers so that | |
6499 * ssl_Do1stHandshake won't call ssl2_HandleMessage. | |
6500 * | |
6501 * The issue here is that TLS ordinarily starts out | |
6502 * in ssl2_HandleV3HandshakeRecord() because of the | |
6503 * backward-compatibility code paths. That function | |
6504 * zeroes these next pointers. But with DTLS, we | |
6505 * don't even try to do the v2 ClientHello so we | |
6506 * skip that function and need to reset these | |
6507 * values here. | |
6508 */ | |
6509 ss->nextHandshake = NULL; | |
6510 ss->securityHandshake = NULL; | |
6511 | |
6284 /* We might be starting session renegotiation in which case we should | 6512 /* We might be starting session renegotiation in which case we should |
6285 * clear previous state. | 6513 * clear previous state. |
6286 */ | 6514 */ |
6287 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 6515 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
6288 ss->statelessResume = PR_FALSE; | 6516 ss->statelessResume = PR_FALSE; |
6289 | 6517 |
6290 rv = ssl3_InitState(ss); | 6518 rv = ssl3_InitState(ss); |
6291 if (rv != SECSuccess) { | 6519 if (rv != SECSuccess) { |
6292 return rv; /* ssl3_InitState has set the error code. */ | 6520 return rv; /* ssl3_InitState has set the error code. */ |
6293 } | 6521 } |
6294 | 6522 |
6295 if ((ss->ssl3.hs.ws != wait_client_hello) && | 6523 if ((ss->ssl3.hs.ws != wait_client_hello) && |
6296 (ss->ssl3.hs.ws != idle_handshake)) { | 6524 (ss->ssl3.hs.ws != idle_handshake)) { |
6297 desc = unexpected_message; | 6525 desc = unexpected_message; |
6298 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; | 6526 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; |
6299 goto alert_loser; | 6527 goto alert_loser; |
6300 } | 6528 } |
6301 if (ss->ssl3.hs.ws == idle_handshake && | 6529 if (ss->ssl3.hs.ws == idle_handshake && |
6302 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { | 6530 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { |
6303 desc = no_renegotiation; | 6531 desc = no_renegotiation; |
6304 level = alert_warning; | 6532 level = alert_warning; |
6305 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; | 6533 errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; |
6306 goto alert_loser; | 6534 goto alert_loser; |
6307 } | 6535 } |
6308 | 6536 |
6537 if (IS_DTLS(ss)) { | |
6538 dtls_RehandshakeCleanup(ss); | |
6539 } | |
6540 | |
6309 tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); | 6541 tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
6310 if (tmp < 0) | 6542 if (tmp < 0) |
6311 goto loser; /* malformed, alert already sent */ | 6543 goto loser; /* malformed, alert already sent */ |
6312 ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp; | 6544 |
6545 /* Translate the version */ | |
6546 if (IS_DTLS(ss)) { | |
6547 ss->clientHelloVersion = version = | |
6548 dtls_DTLSVersionToTLSVersion((SSL3ProtocolVersion)tmp); | |
6549 } else { | |
6550 ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp; | |
6551 } | |
6552 | |
6313 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); | 6553 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); |
6314 if (rv != SECSuccess) { | 6554 if (rv != SECSuccess) { |
6315 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | 6555 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
6316 : handshake_failure; | 6556 : handshake_failure; |
6317 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 6557 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
6318 goto alert_loser; | 6558 goto alert_loser; |
6319 } | 6559 } |
6320 | 6560 |
6321 /* grab the client random data. */ | 6561 /* grab the client random data. */ |
6322 rv = ssl3_ConsumeHandshake( | 6562 rv = ssl3_ConsumeHandshake( |
6323 ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length); | 6563 ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length); |
6324 if (rv != SECSuccess) { | 6564 if (rv != SECSuccess) { |
6325 goto loser; /* malformed */ | 6565 goto loser; /* malformed */ |
6326 } | 6566 } |
6327 | 6567 |
6328 /* grab the client's SID, if present. */ | 6568 /* grab the client's SID, if present. */ |
6329 rv = ssl3_ConsumeHandshakeVariable(ss, &sidBytes, 1, &b, &length); | 6569 rv = ssl3_ConsumeHandshakeVariable(ss, &sidBytes, 1, &b, &length); |
6330 if (rv != SECSuccess) { | 6570 if (rv != SECSuccess) { |
6331 goto loser; /* malformed */ | 6571 goto loser; /* malformed */ |
6332 } | 6572 } |
6333 | 6573 |
6574 /* grab the client's cookie, if present. */ | |
6575 if (IS_DTLS(ss)) { | |
6576 rv = ssl3_ConsumeHandshakeVariable(ss, &cookieBytes, 1, &b, &length); | |
6577 if (rv != SECSuccess) { | |
6578 goto loser; /* malformed */ | |
6579 } | |
6580 } | |
6581 | |
6334 /* grab the list of cipher suites. */ | 6582 /* grab the list of cipher suites. */ |
6335 rv = ssl3_ConsumeHandshakeVariable(ss, &suites, 2, &b, &length); | 6583 rv = ssl3_ConsumeHandshakeVariable(ss, &suites, 2, &b, &length); |
6336 if (rv != SECSuccess) { | 6584 if (rv != SECSuccess) { |
6337 goto loser; /* malformed */ | 6585 goto loser; /* malformed */ |
6338 } | 6586 } |
6339 | 6587 |
6340 /* grab the list of compression methods. */ | 6588 /* grab the list of compression methods. */ |
6341 rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length); | 6589 rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length); |
6342 if (rv != SECSuccess) { | 6590 if (rv != SECSuccess) { |
6343 goto loser; /* malformed */ | 6591 goto loser; /* malformed */ |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6472 ssl_FreeSID(sid); | 6720 ssl_FreeSID(sid); |
6473 sid = NULL; | 6721 sid = NULL; |
6474 } | 6722 } |
6475 } | 6723 } |
6476 | 6724 |
6477 #ifdef NSS_ENABLE_ECC | 6725 #ifdef NSS_ENABLE_ECC |
6478 /* Disable any ECC cipher suites for which we have no cert. */ | 6726 /* Disable any ECC cipher suites for which we have no cert. */ |
6479 ssl3_FilterECCipherSuitesByServerCerts(ss); | 6727 ssl3_FilterECCipherSuitesByServerCerts(ss); |
6480 #endif | 6728 #endif |
6481 | 6729 |
6730 if (IS_DTLS(ss)) { | |
6731 ssl3_DisableNonDTLSSuites(ss); | |
6732 } | |
6733 | |
6482 #ifdef PARANOID | 6734 #ifdef PARANOID |
6483 /* Look for a matching cipher suite. */ | 6735 /* Look for a matching cipher suite. */ |
6484 j = ssl3_config_match_init(ss); | 6736 j = ssl3_config_match_init(ss); |
6485 if (j <= 0) { /* no ciphers are working/supported by PK11 */ | 6737 if (j <= 0) { /* no ciphers are working/supported by PK11 */ |
6486 errCode = PORT_GetError(); /* error code is already set. */ | 6738 errCode = PORT_GetError(); /* error code is already set. */ |
6487 goto alert_loser; | 6739 goto alert_loser; |
6488 } | 6740 } |
6489 #endif | 6741 #endif |
6490 | 6742 |
6491 /* If we already have a session for this client, be sure to pick the | 6743 /* If we already have a session for this client, be sure to pick the |
(...skipping 667 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7159 ** ssl3_SendServerHelloSequence <- ssl3_HandleV2ClientHello (new session) | 7411 ** ssl3_SendServerHelloSequence <- ssl3_HandleV2ClientHello (new session) |
7160 */ | 7412 */ |
7161 static SECStatus | 7413 static SECStatus |
7162 ssl3_SendServerHello(sslSocket *ss) | 7414 ssl3_SendServerHello(sslSocket *ss) |
7163 { | 7415 { |
7164 sslSessionID *sid; | 7416 sslSessionID *sid; |
7165 SECStatus rv; | 7417 SECStatus rv; |
7166 PRUint32 maxBytes = 65535; | 7418 PRUint32 maxBytes = 65535; |
7167 PRUint32 length; | 7419 PRUint32 length; |
7168 PRInt32 extensions_len = 0; | 7420 PRInt32 extensions_len = 0; |
7421 SSL3ProtocolVersion version; | |
7169 | 7422 |
7170 SSL_TRC(3, ("%d: SSL3[%d]: send server_hello handshake", SSL_GETPID(), | 7423 SSL_TRC(3, ("%d: SSL3[%d]: send server_hello handshake", SSL_GETPID(), |
7171 ss->fd)); | 7424 ss->fd)); |
7172 | 7425 |
7173 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | 7426 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
7174 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 7427 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
7175 PORT_Assert( MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_3_0)); | |
7176 | 7428 |
7177 if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_3_0)) { | 7429 if (!IS_DTLS(ss)) { |
7178 » PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); | 7430 » PORT_Assert( MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_3_0)); |
7179 » return SECFailure; | 7431 |
7432 » if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_3_0)) { | |
7433 » PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); | |
7434 » return SECFailure; | |
7435 » } | |
7436 } else { | |
7437 » PORT_Assert(MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_DTLS_1_0)); | |
7438 | |
7439 » if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_DTLS_1_0)) { | |
7440 » PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); | |
7441 » return SECFailure; | |
7442 » } | |
7180 } | 7443 } |
7181 | 7444 |
7182 sid = ss->sec.ci.sid; | 7445 sid = ss->sec.ci.sid; |
7183 | 7446 |
7184 extensions_len = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, | 7447 extensions_len = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, |
7185 &ss->xtnData.serverSenders[0]); | 7448 &ss->xtnData.serverSenders[0]); |
7186 if (extensions_len > 0) | 7449 if (extensions_len > 0) |
7187 extensions_len += 2; /* Add sizeof total extension length */ | 7450 extensions_len += 2; /* Add sizeof total extension length */ |
7188 | 7451 |
7189 length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH + 1 + | 7452 length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH + 1 + |
7190 ((sid == NULL) ? 0: sid->u.ssl3.sessionIDLength) + | 7453 ((sid == NULL) ? 0: sid->u.ssl3.sessionIDLength) + |
7191 sizeof(ssl3CipherSuite) + 1 + extensions_len; | 7454 sizeof(ssl3CipherSuite) + 1 + extensions_len; |
7192 rv = ssl3_AppendHandshakeHeader(ss, server_hello, length); | 7455 rv = ssl3_AppendHandshakeHeader(ss, server_hello, length); |
7193 if (rv != SECSuccess) { | 7456 if (rv != SECSuccess) { |
7194 return rv; /* err set by AppendHandshake. */ | 7457 return rv; /* err set by AppendHandshake. */ |
7195 } | 7458 } |
7196 | 7459 |
7197 rv = ssl3_AppendHandshakeNumber(ss, ss->version, 2); | 7460 if (IS_DTLS(ss)) { |
7461 version = dtls_TLSVersionToDTLSVersion(ss->version); | |
7462 } else { | |
7463 version = ss->version; | |
7464 } | |
7465 | |
7466 rv = ssl3_AppendHandshakeNumber(ss, version, 2); | |
7198 if (rv != SECSuccess) { | 7467 if (rv != SECSuccess) { |
7199 return rv; /* err set by AppendHandshake. */ | 7468 return rv; /* err set by AppendHandshake. */ |
7200 } | 7469 } |
7201 rv = ssl3_GetNewRandom(&ss->ssl3.hs.server_random); | 7470 rv = ssl3_GetNewRandom(&ss->ssl3.hs.server_random); |
7202 if (rv != SECSuccess) { | 7471 if (rv != SECSuccess) { |
7203 ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE); | 7472 ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE); |
7204 return rv; | 7473 return rv; |
7205 } | 7474 } |
7206 rv = ssl3_AppendHandshake( | 7475 rv = ssl3_AppendHandshake( |
7207 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH); | 7476 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH); |
(...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7372 ca_list = ss->ssl3.ca_list; | 7641 ca_list = ss->ssl3.ca_list; |
7373 if (!ca_list) { | 7642 if (!ca_list) { |
7374 ca_list = ssl3_server_ca_list; | 7643 ca_list = ssl3_server_ca_list; |
7375 } | 7644 } |
7376 | 7645 |
7377 if (ca_list != NULL) { | 7646 if (ca_list != NULL) { |
7378 names = ca_list->names; | 7647 names = ca_list->names; |
7379 nnames = ca_list->nnames; | 7648 nnames = ca_list->nnames; |
7380 } | 7649 } |
7381 | 7650 |
7382 if (!nnames) { | 7651 /* There used to be a test here to require a CA, but there |
7383 » PORT_SetError(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA); | 7652 * are cases where you want to have no CAs offered. */ |
7384 » return SECFailure; | |
7385 } | |
7386 | |
7387 for (i = 0, name = names; i < nnames; i++, name++) { | 7653 for (i = 0, name = names; i < nnames; i++, name++) { |
7388 calen += 2 + name->len; | 7654 calen += 2 + name->len; |
7389 } | 7655 } |
7390 | 7656 |
7391 certTypes = certificate_types; | 7657 certTypes = certificate_types; |
7392 certTypesLength = sizeof certificate_types; | 7658 certTypesLength = sizeof certificate_types; |
7393 | 7659 |
7394 length = 1 + certTypesLength + 2 + calen; | 7660 length = 1 + certTypesLength + 2 + calen; |
7395 | 7661 |
7396 rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length); | 7662 rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length); |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7544 /* can't find a slot with all three, find a slot with the minimum */ | 7810 /* can't find a slot with all three, find a slot with the minimum */ |
7545 slot = PK11_GetBestSlotMultiple(mechanism_array, 2, pwArg); | 7811 slot = PK11_GetBestSlotMultiple(mechanism_array, 2, pwArg); |
7546 if (slot == NULL) { | 7812 if (slot == NULL) { |
7547 PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND); | 7813 PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND); |
7548 return pms; /* which is NULL */ | 7814 return pms; /* which is NULL */ |
7549 } | 7815 } |
7550 } | 7816 } |
7551 } | 7817 } |
7552 | 7818 |
7553 /* Generate the pre-master secret ... */ | 7819 /* Generate the pre-master secret ... */ |
7554 version.major = MSB(ss->clientHelloVersion); | 7820 if (IS_DTLS(ss)) { |
7555 version.minor = LSB(ss->clientHelloVersion); | 7821 » SSL3ProtocolVersion temp; |
7822 | |
7823 » temp = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion); | |
7824 » version.major = MSB(temp); | |
7825 » version.minor = LSB(temp); | |
7826 } else { | |
7827 » version.major = MSB(ss->clientHelloVersion); | |
7828 » version.minor = LSB(ss->clientHelloVersion); | |
7829 } | |
7556 | 7830 |
7557 param.data = (unsigned char *)&version; | 7831 param.data = (unsigned char *)&version; |
7558 param.len = sizeof version; | 7832 param.len = sizeof version; |
7559 | 7833 |
7560 pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN, ¶m, 0, pwArg); | 7834 pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN, ¶m, 0, pwArg); |
7561 if (!serverKeySlot) | 7835 if (!serverKeySlot) |
7562 PK11_FreeSlot(slot); | 7836 PK11_FreeSlot(slot); |
7563 if (pms == NULL) { | 7837 if (pms == NULL) { |
7564 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); | 7838 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); |
7565 } | 7839 } |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7628 */ | 7902 */ |
7629 | 7903 |
7630 rv = PK11_PrivDecryptPKCS1(serverKey, rsaPmsBuf, &outLen, | 7904 rv = PK11_PrivDecryptPKCS1(serverKey, rsaPmsBuf, &outLen, |
7631 sizeof rsaPmsBuf, enc_pms.data, enc_pms.len); | 7905 sizeof rsaPmsBuf, enc_pms.data, enc_pms.len); |
7632 if (rv != SECSuccess) { | 7906 if (rv != SECSuccess) { |
7633 /* triple bypass failed. Let's try for a double bypass. */ | 7907 /* triple bypass failed. Let's try for a double bypass. */ |
7634 goto double_bypass; | 7908 goto double_bypass; |
7635 } else if (ss->opt.detectRollBack) { | 7909 } else if (ss->opt.detectRollBack) { |
7636 SSL3ProtocolVersion client_version = | 7910 SSL3ProtocolVersion client_version = |
7637 (rsaPmsBuf[0] << 8) | rsaPmsBuf[1]; | 7911 (rsaPmsBuf[0] << 8) | rsaPmsBuf[1]; |
7912 | |
7913 if (IS_DTLS(ss)) { | |
7914 client_version = dtls_DTLSVersionToTLSVersion(client_version); | |
7915 } | |
7916 | |
7638 if (client_version != ss->clientHelloVersion) { | 7917 if (client_version != ss->clientHelloVersion) { |
7639 /* Version roll-back detected. ensure failure. */ | 7918 /* Version roll-back detected. ensure failure. */ |
7640 rv = PK11_GenerateRandom(rsaPmsBuf, sizeof rsaPmsBuf); | 7919 rv = PK11_GenerateRandom(rsaPmsBuf, sizeof rsaPmsBuf); |
7641 } | 7920 } |
7642 } | 7921 } |
7643 /* have PMS, build MS without PKCS11 */ | 7922 /* have PMS, build MS without PKCS11 */ |
7644 rv = ssl3_MasterKeyDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, | 7923 rv = ssl3_MasterKeyDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, |
7645 PR_TRUE); | 7924 PR_TRUE); |
7646 if (rv != SECSuccess) { | 7925 if (rv != SECSuccess) { |
7647 pwSpec->msItem.data = pwSpec->raw_master_secret; | 7926 pwSpec->msItem.data = pwSpec->raw_master_secret; |
(...skipping 1196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8844 flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER; | 9123 flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER; |
8845 } | 9124 } |
8846 | 9125 |
8847 if (!isServer && !ss->firstHsDone) { | 9126 if (!isServer && !ss->firstHsDone) { |
8848 rv = ssl3_SendNextProto(ss); | 9127 rv = ssl3_SendNextProto(ss); |
8849 if (rv != SECSuccess) { | 9128 if (rv != SECSuccess) { |
8850 goto xmit_loser; /* err code was set. */ | 9129 goto xmit_loser; /* err code was set. */ |
8851 } | 9130 } |
8852 } | 9131 } |
8853 | 9132 |
9133 if (IS_DTLS(ss)) { | |
9134 flags |= ssl_SEND_FLAG_NO_RETRANSMIT; | |
9135 } | |
9136 | |
8854 rv = ssl3_SendFinished(ss, flags); | 9137 rv = ssl3_SendFinished(ss, flags); |
8855 if (rv != SECSuccess) { | 9138 if (rv != SECSuccess) { |
8856 goto xmit_loser; /* err is set. */ | 9139 goto xmit_loser; /* err is set. */ |
8857 } | 9140 } |
8858 } | 9141 } |
8859 | 9142 |
8860 xmit_loser: | 9143 xmit_loser: |
8861 ssl_ReleaseXmitBufLock(ss); /*************************************/ | 9144 ssl_ReleaseXmitBufLock(ss); /*************************************/ |
8862 if (rv != SECSuccess) { | 9145 if (rv != SECSuccess) { |
8863 return rv; | 9146 return rv; |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8973 ss->ssl3.hs.pending_cert_msg.len); | 9256 ss->ssl3.hs.pending_cert_msg.len); |
8974 SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE); | 9257 SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE); |
8975 } | 9258 } |
8976 return rv; | 9259 return rv; |
8977 } | 9260 } |
8978 | 9261 |
8979 /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3 | 9262 /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3 |
8980 * hanshake message. | 9263 * hanshake message. |
8981 * Caller must hold Handshake and RecvBuf locks. | 9264 * Caller must hold Handshake and RecvBuf locks. |
8982 */ | 9265 */ |
8983 static SECStatus | 9266 SECStatus |
8984 ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) | 9267 ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
8985 { | 9268 { |
8986 SECStatus rv = SECSuccess; | 9269 SECStatus rv = SECSuccess; |
8987 SSL3HandshakeType type = ss->ssl3.hs.msg_type; | 9270 SSL3HandshakeType type = ss->ssl3.hs.msg_type; |
8988 SSL3Hashes hashes; /* computed hashes are put here. */ | 9271 SSL3Hashes hashes; /* computed hashes are put here. */ |
8989 PRUint8 hdr[4]; | 9272 PRUint8 hdr[4]; |
9273 PRUint8 dtlsData[8]; | |
8990 | 9274 |
8991 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 9275 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
8992 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 9276 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
8993 /* | 9277 /* |
8994 * We have to compute the hashes before we update them with the | 9278 * We have to compute the hashes before we update them with the |
8995 * current message. | 9279 * current message. |
8996 */ | 9280 */ |
8997 ssl_GetSpecReadLock(ss); /************************************/ | 9281 ssl_GetSpecReadLock(ss); /************************************/ |
8998 if((type == finished) || (type == certificate_verify)) { | 9282 if((type == finished) || (type == certificate_verify)) { |
8999 SSL3Sender sender = (SSL3Sender)0; | 9283 SSL3Sender sender = (SSL3Sender)0; |
(...skipping 26 matching lines...) Expand all Loading... | |
9026 /* Start new handshake hashes when we start a new handshake */ | 9310 /* Start new handshake hashes when we start a new handshake */ |
9027 if (ss->ssl3.hs.msg_type == client_hello) { | 9311 if (ss->ssl3.hs.msg_type == client_hello) { |
9028 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", | 9312 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", |
9029 SSL_GETPID(), ss->fd )); | 9313 SSL_GETPID(), ss->fd )); |
9030 rv = ssl3_RestartHandshakeHashes(ss); | 9314 rv = ssl3_RestartHandshakeHashes(ss); |
9031 if (rv != SECSuccess) { | 9315 if (rv != SECSuccess) { |
9032 return rv; | 9316 return rv; |
9033 } | 9317 } |
9034 } | 9318 } |
9035 /* We should not include hello_request messages in the handshake hashes */ | 9319 /* We should not include hello_request messages in the handshake hashes */ |
9036 if (ss->ssl3.hs.msg_type != hello_request) { | 9320 if ((ss->ssl3.hs.msg_type != hello_request) && |
9321 » (ss->ssl3.hs.msg_type != hello_verify_request)) { | |
9037 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); | 9322 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); |
9038 if (rv != SECSuccess) return rv; /* err code already set. */ | 9323 if (rv != SECSuccess) return rv; /* err code already set. */ |
9324 | |
9325 /* Extra data to simulate a complete DTLS handshake fragment */ | |
9326 if (IS_DTLS(ss)) { | |
9327 /* Sequence number */ | |
9328 dtlsData[0] = MSB(ss->ssl3.hs.recvMessageSeq); | |
9329 dtlsData[1] = LSB(ss->ssl3.hs.recvMessageSeq); | |
9330 | |
9331 /* Fragment offset */ | |
9332 dtlsData[2] = 0; | |
9333 dtlsData[3] = 0; | |
9334 dtlsData[4] = 0; | |
9335 | |
9336 /* Fragment length */ | |
9337 dtlsData[5] = (PRUint8)(length >> 16); | |
9338 dtlsData[6] = (PRUint8)(length >> 8); | |
9339 dtlsData[7] = (PRUint8)(length ); | |
9340 | |
9341 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) dtlsData, | |
9342 sizeof(dtlsData)); | |
9343 if (rv != SECSuccess) return rv; /* err code already set. */ | |
9344 | |
9345 } | |
9346 | |
9347 /* The message body */ | |
9039 rv = ssl3_UpdateHandshakeHashes(ss, b, length); | 9348 rv = ssl3_UpdateHandshakeHashes(ss, b, length); |
9040 if (rv != SECSuccess) return rv; /* err code already set. */ | 9349 if (rv != SECSuccess) return rv; /* err code already set. */ |
9041 } | 9350 } |
9042 | 9351 |
9043 PORT_SetError(0); /* each message starts with no error. */ | 9352 PORT_SetError(0); /* each message starts with no error. */ |
9044 switch (ss->ssl3.hs.msg_type) { | 9353 switch (ss->ssl3.hs.msg_type) { |
9045 case hello_request: | 9354 case hello_request: |
9046 if (length != 0) { | 9355 if (length != 0) { |
9047 (void)ssl3_DecodeError(ss); | 9356 (void)ssl3_DecodeError(ss); |
9048 PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST); | 9357 PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST); |
(...skipping 15 matching lines...) Expand all Loading... | |
9064 rv = ssl3_HandleClientHello(ss, b, length); | 9373 rv = ssl3_HandleClientHello(ss, b, length); |
9065 break; | 9374 break; |
9066 case server_hello: | 9375 case server_hello: |
9067 if (ss->sec.isServer) { | 9376 if (ss->sec.isServer) { |
9068 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); | 9377 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); |
9069 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO); | 9378 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO); |
9070 return SECFailure; | 9379 return SECFailure; |
9071 } | 9380 } |
9072 rv = ssl3_HandleServerHello(ss, b, length); | 9381 rv = ssl3_HandleServerHello(ss, b, length); |
9073 break; | 9382 break; |
9383 case hello_verify_request: | |
9384 if (!IS_DTLS(ss) || ss->sec.isServer) { | |
9385 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); | |
9386 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST); | |
9387 return SECFailure; | |
9388 } | |
9389 rv = dtls_HandleHelloVerifyRequest(ss, b, length); | |
9390 break; | |
9074 case certificate: | 9391 case certificate: |
9075 if (ss->ssl3.hs.may_get_cert_status) { | 9392 if (ss->ssl3.hs.may_get_cert_status) { |
9076 /* If we might get a CertificateStatus then we want to postpone the | 9393 /* If we might get a CertificateStatus then we want to postpone the |
9077 * processing of the Certificate message until after we have | 9394 * processing of the Certificate message until after we have |
9078 * processed the CertificateStatus */ | 9395 * processed the CertificateStatus */ |
9079 if (ss->ssl3.hs.pending_cert_msg.data || | 9396 if (ss->ssl3.hs.pending_cert_msg.data || |
9080 ss->ssl3.hs.ws != wait_server_cert) { | 9397 ss->ssl3.hs.ws != wait_server_cert) { |
9081 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); | 9398 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); |
9082 (void)ssl_MapLowLevelError(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE); | 9399 (void)ssl_MapLowLevelError(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE); |
9083 return SECFailure; | 9400 return SECFailure; |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9162 rv = ssl3_HandleNewSessionTicket(ss, b, length); | 9479 rv = ssl3_HandleNewSessionTicket(ss, b, length); |
9163 break; | 9480 break; |
9164 case finished: | 9481 case finished: |
9165 rv = ssl3_HandleFinished(ss, b, length, &hashes); | 9482 rv = ssl3_HandleFinished(ss, b, length, &hashes); |
9166 break; | 9483 break; |
9167 default: | 9484 default: |
9168 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); | 9485 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); |
9169 PORT_SetError(SSL_ERROR_RX_UNKNOWN_HANDSHAKE); | 9486 PORT_SetError(SSL_ERROR_RX_UNKNOWN_HANDSHAKE); |
9170 rv = SECFailure; | 9487 rv = SECFailure; |
9171 } | 9488 } |
9489 | |
9490 if (IS_DTLS(ss) && (rv == SECSuccess)) { | |
9491 /* Increment the expected sequence number */ | |
9492 ss->ssl3.hs.recvMessageSeq++; | |
9493 } | |
9494 | |
9172 return rv; | 9495 return rv; |
9173 } | 9496 } |
9174 | 9497 |
9175 /* Called only from ssl3_HandleRecord, for each (deciphered) ssl3 record. | 9498 /* Called only from ssl3_HandleRecord, for each (deciphered) ssl3 record. |
9176 * origBuf is the decrypted ssl record content. | 9499 * origBuf is the decrypted ssl record content. |
9177 * Caller must hold the handshake and RecvBuf locks. | 9500 * Caller must hold the handshake and RecvBuf locks. |
9178 */ | 9501 */ |
9179 static SECStatus | 9502 static SECStatus |
9180 ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) | 9503 ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) |
9181 { | 9504 { |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9324 ssl3CipherSpec * crSpec; | 9647 ssl3CipherSpec * crSpec; |
9325 SECStatus rv; | 9648 SECStatus rv; |
9326 unsigned int hashBytes = MAX_MAC_LENGTH + 1; | 9649 unsigned int hashBytes = MAX_MAC_LENGTH + 1; |
9327 unsigned int padding_length; | 9650 unsigned int padding_length; |
9328 PRBool isTLS; | 9651 PRBool isTLS; |
9329 PRBool padIsBad = PR_FALSE; | 9652 PRBool padIsBad = PR_FALSE; |
9330 SSL3ContentType rType; | 9653 SSL3ContentType rType; |
9331 SSL3Opaque hash[MAX_MAC_LENGTH]; | 9654 SSL3Opaque hash[MAX_MAC_LENGTH]; |
9332 sslBuffer *plaintext; | 9655 sslBuffer *plaintext; |
9333 sslBuffer temp_buf; | 9656 sslBuffer temp_buf; |
9657 PRUint64 dtls_seq_num; | |
9334 unsigned int ivLen = 0; | 9658 unsigned int ivLen = 0; |
9335 | 9659 |
9336 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 9660 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
9337 | 9661 |
9338 if (!ss->ssl3.initialized) { | 9662 if (!ss->ssl3.initialized) { |
9339 ssl_GetSSL3HandshakeLock(ss); | 9663 ssl_GetSSL3HandshakeLock(ss); |
9340 rv = ssl3_InitState(ss); | 9664 rv = ssl3_InitState(ss); |
9341 ssl_ReleaseSSL3HandshakeLock(ss); | 9665 ssl_ReleaseSSL3HandshakeLock(ss); |
9342 if (rv != SECSuccess) { | 9666 if (rv != SECSuccess) { |
9343 return rv; /* ssl3_InitState has set the error code. */ | 9667 return rv; /* ssl3_InitState has set the error code. */ |
(...skipping 15 matching lines...) Expand all Loading... | |
9359 SSL_GETPID(), ss->fd)); | 9683 SSL_GETPID(), ss->fd)); |
9360 rType = content_handshake; | 9684 rType = content_handshake; |
9361 goto process_it; | 9685 goto process_it; |
9362 } | 9686 } |
9363 | 9687 |
9364 ssl_GetSpecReadLock(ss); /******************************************/ | 9688 ssl_GetSpecReadLock(ss); /******************************************/ |
9365 | 9689 |
9366 crSpec = ss->ssl3.crSpec; | 9690 crSpec = ss->ssl3.crSpec; |
9367 cipher_def = crSpec->cipher_def; | 9691 cipher_def = crSpec->cipher_def; |
9368 | 9692 |
9693 /* If we will be decompressing the buffer we need to decrypt somewhere | |
9694 * other than into databuf */ | |
9695 if (crSpec->decompressor) { | |
9696 temp_buf.buf = NULL; | |
9697 temp_buf.space = 0; | |
9698 plaintext = &temp_buf; | |
9699 } else { | |
9700 plaintext = databuf; | |
9701 } | |
9702 | |
9703 plaintext->len = 0; /* filled in by decode call below. */ | |
wtc
2012/03/21 23:12:16
I moved this block of code (lines 9693-9703) back
ekr
2012/03/22 15:07:17
It may be an error but it was intentional. :)
The
wtc
2012/03/22 20:09:20
I see. I suggest that we set databuf->len to 0 be
| |
9704 | |
9705 /* | |
9706 * DTLS relevance checks: | |
9707 * Note that this code currently ignores all out-of-epoch packets, | |
9708 * which means we lose some in the case of rehandshake + | |
9709 * loss/reordering. Since DTLS is explicitly unreliable, this | |
9710 * seems like a good tradeoff for implementation effort and is | |
9711 * consistent with the guidance of RFC 6347 S 4.1 and S 4.2.4.1 | |
9712 */ | |
9713 if (IS_DTLS(ss)) { | |
9714 DTLSEpoch epoch = (cText->seq_num.high >> 16) & 0xffff; | |
9715 | |
9716 if (crSpec->epoch != epoch) { | |
9717 ssl_ReleaseSpecReadLock(ss); | |
9718 SSL_DBG(("%d: SSL3[%d]: HandleRecord, received packet " | |
9719 "from irrelevant epoch %d", SSL_GETPID(), ss->fd, epoch)); | |
9720 return SECSuccess; | |
9721 } | |
9722 | |
9723 dtls_seq_num = (((PRUint64)(cText->seq_num.high & 0xffff)) << 32) | | |
9724 ((PRUint64)cText->seq_num.low); | |
9725 | |
9726 if (dtls_RecordGetRecvd(&crSpec->recvdRecords, dtls_seq_num)) { | |
9727 ssl_ReleaseSpecReadLock(ss); | |
9728 SSL_DBG(("%d: SSL3[%d]: HandleRecord, rejecting " | |
9729 "potentially replayed packet", SSL_GETPID(), ss->fd)); | |
9730 return SECSuccess; | |
9731 } | |
9732 } | |
9733 | |
9369 if (cipher_def->type == type_block && | 9734 if (cipher_def->type == type_block && |
9370 crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) { | 9735 crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) { |
9371 /* Consume the per-record explicit IV. RFC 4346 Section 6.2.3.2 states | 9736 /* Consume the per-record explicit IV. RFC 4346 Section 6.2.3.2 states |
9372 * "The receiver decrypts the entire GenericBlockCipher structure and | 9737 * "The receiver decrypts the entire GenericBlockCipher structure and |
9373 * then discards the first cipher block corresponding to the IV | 9738 * then discards the first cipher block corresponding to the IV |
9374 * component." Instead, we decrypt the first cipher block and then | 9739 * component." Instead, we decrypt the first cipher block and then |
9375 * discard it before decrypting the rest. | 9740 * discard it before decrypting the rest. |
9376 */ | 9741 */ |
9377 SSL3Opaque iv[MAX_IV_LENGTH]; | 9742 SSL3Opaque iv[MAX_IV_LENGTH]; |
9378 int decoded; | 9743 int decoded; |
(...skipping 25 matching lines...) Expand all Loading... | |
9404 sizeof(iv), cText->buf->buf, ivLen); | 9769 sizeof(iv), cText->buf->buf, ivLen); |
9405 | 9770 |
9406 if (rv != SECSuccess) { | 9771 if (rv != SECSuccess) { |
9407 /* All decryption failures must be treated like a bad record | 9772 /* All decryption failures must be treated like a bad record |
9408 * MAC; see RFC 5246 (TLS 1.2). | 9773 * MAC; see RFC 5246 (TLS 1.2). |
9409 */ | 9774 */ |
9410 padIsBad = PR_TRUE; | 9775 padIsBad = PR_TRUE; |
9411 } | 9776 } |
9412 } | 9777 } |
9413 | 9778 |
9414 /* If we will be decompressing the buffer we need to decrypt somewhere | |
9415 * other than into databuf */ | |
9416 if (crSpec->decompressor) { | |
9417 temp_buf.buf = NULL; | |
9418 temp_buf.space = 0; | |
9419 plaintext = &temp_buf; | |
9420 } else { | |
9421 plaintext = databuf; | |
9422 } | |
9423 | |
9424 plaintext->len = 0; /* filled in by decode call below. */ | |
9425 if (plaintext->space < MAX_FRAGMENT_LENGTH) { | 9779 if (plaintext->space < MAX_FRAGMENT_LENGTH) { |
9426 rv = sslBuffer_Grow(plaintext, MAX_FRAGMENT_LENGTH + 2048); | 9780 rv = sslBuffer_Grow(plaintext, MAX_FRAGMENT_LENGTH + 2048); |
9427 if (rv != SECSuccess) { | 9781 if (rv != SECSuccess) { |
9428 ssl_ReleaseSpecReadLock(ss); | 9782 ssl_ReleaseSpecReadLock(ss); |
9429 SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes", | 9783 SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes", |
9430 SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048)); | 9784 SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048)); |
9431 /* sslBuffer_Grow has set a memory error code. */ | 9785 /* sslBuffer_Grow has set a memory error code. */ |
9432 /* Perhaps we should send an alert. (but we have no memory!) */ | 9786 /* Perhaps we should send an alert. (but we have no memory!) */ |
9433 return SECFailure; | 9787 return SECFailure; |
9434 } | 9788 } |
9435 } | 9789 } |
9436 | 9790 |
9437 PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf + ivLen, | 9791 PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf + ivLen, |
9438 cText->buf->len - ivLen)); | 9792 cText->buf->len - ivLen)); |
9439 | 9793 |
9794 cipher_def = crSpec->cipher_def; | |
9440 isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0); | 9795 isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0); |
9441 | 9796 |
9442 if (isTLS && cText->buf->len - ivLen > (MAX_FRAGMENT_LENGTH + 2048)) { | 9797 if (isTLS && cText->buf->len - ivLen > (MAX_FRAGMENT_LENGTH + 2048)) { |
9443 ssl_ReleaseSpecReadLock(ss); | 9798 ssl_ReleaseSpecReadLock(ss); |
9444 SSL3_SendAlert(ss, alert_fatal, record_overflow); | 9799 SSL3_SendAlert(ss, alert_fatal, record_overflow); |
9445 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); | 9800 PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); |
9446 return SECFailure; | 9801 return SECFailure; |
9447 } | 9802 } |
9448 | 9803 |
9449 /* decrypt from cText buf to plaintext. */ | 9804 /* decrypt from cText buf to plaintext. */ |
(...skipping 30 matching lines...) Expand all Loading... | |
9480 | 9835 |
9481 /* Remove the MAC. */ | 9836 /* Remove the MAC. */ |
9482 if (plaintext->len >= crSpec->mac_size) | 9837 if (plaintext->len >= crSpec->mac_size) |
9483 plaintext->len -= crSpec->mac_size; | 9838 plaintext->len -= crSpec->mac_size; |
9484 else | 9839 else |
9485 padIsBad = PR_TRUE; /* really macIsBad */ | 9840 padIsBad = PR_TRUE; /* really macIsBad */ |
9486 | 9841 |
9487 /* compute the MAC */ | 9842 /* compute the MAC */ |
9488 rType = cText->type; | 9843 rType = cText->type; |
9489 rv = ssl3_ComputeRecordMAC( crSpec, (PRBool)(!ss->sec.isServer), | 9844 rv = ssl3_ComputeRecordMAC( crSpec, (PRBool)(!ss->sec.isServer), |
9490 » rType, cText->version, crSpec->read_seq_num, | 9845 IS_DTLS(ss), rType, cText->version, |
9846 IS_DTLS(ss) ? cText->seq_num : crSpec->read_seq_num, | |
9491 plaintext->buf, plaintext->len, hash, &hashBytes); | 9847 plaintext->buf, plaintext->len, hash, &hashBytes); |
9492 if (rv != SECSuccess) { | 9848 if (rv != SECSuccess) { |
9493 padIsBad = PR_TRUE; /* really macIsBad */ | 9849 padIsBad = PR_TRUE; /* really macIsBad */ |
9494 } | 9850 } |
9495 | 9851 |
9496 /* Check the MAC */ | 9852 /* Check the MAC */ |
9497 if (hashBytes != (unsigned)crSpec->mac_size || padIsBad || | 9853 if (hashBytes != (unsigned)crSpec->mac_size || padIsBad || |
9498 NSS_SecureMemcmp(plaintext->buf + plaintext->len, hash, | 9854 NSS_SecureMemcmp(plaintext->buf + plaintext->len, hash, |
9499 crSpec->mac_size) != 0) { | 9855 crSpec->mac_size) != 0) { |
9500 /* must not hold spec lock when calling SSL3_SendAlert. */ | 9856 /* must not hold spec lock when calling SSL3_SendAlert. */ |
9501 ssl_ReleaseSpecReadLock(ss); | 9857 ssl_ReleaseSpecReadLock(ss); |
9502 SSL3_SendAlert(ss, alert_fatal, bad_record_mac); | |
9503 /* always log mac error, in case attacker can read server logs. */ | |
9504 PORT_SetError(SSL_ERROR_BAD_MAC_READ); | |
9505 | 9858 |
9506 SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd)); | 9859 SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd)); |
9507 | 9860 |
9508 » return SECFailure; | 9861 » if (!IS_DTLS(ss)) { |
9862 » SSL3_SendAlert(ss, alert_fatal, bad_record_mac); | |
9863 » /* always log mac error, in case attacker can read server logs. */ | |
9864 » PORT_SetError(SSL_ERROR_BAD_MAC_READ); | |
9865 » return SECFailure; | |
9866 » } else { | |
9867 » /* Silently drop the packet */ | |
9868 plaintext->len = 0; /* Needed to ensure data not left around */ | |
9869 » return SECSuccess; | |
9870 » } | |
9509 } | 9871 } |
9510 | 9872 |
9511 | 9873 if (!IS_DTLS(ss)) { |
9512 | 9874 » ssl3_BumpSequenceNumber(&crSpec->read_seq_num); |
9513 ssl3_BumpSequenceNumber(&crSpec->read_seq_num); | 9875 } else { |
9876 » dtls_RecordSetRecvd(&crSpec->recvdRecords, dtls_seq_num); | |
9877 } | |
9514 | 9878 |
9515 ssl_ReleaseSpecReadLock(ss); /*****************************************/ | 9879 ssl_ReleaseSpecReadLock(ss); /*****************************************/ |
9516 | 9880 |
9517 /* | 9881 /* |
9518 * The decrypted data is now in plaintext. | 9882 * The decrypted data is now in plaintext. |
9519 */ | 9883 */ |
9520 | 9884 |
9521 /* possibly decompress the record. If we aren't using compression then | 9885 /* possibly decompress the record. If we aren't using compression then |
9522 * plaintext == databuf and so the uncompressed data is already in | 9886 * plaintext == databuf and so the uncompressed data is already in |
9523 * databuf. */ | 9887 * databuf. */ |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9608 ** they return SECFailure or SECWouldBlock. | 9972 ** they return SECFailure or SECWouldBlock. |
9609 */ | 9973 */ |
9610 switch (rType) { | 9974 switch (rType) { |
9611 case content_change_cipher_spec: | 9975 case content_change_cipher_spec: |
9612 rv = ssl3_HandleChangeCipherSpecs(ss, databuf); | 9976 rv = ssl3_HandleChangeCipherSpecs(ss, databuf); |
9613 break; | 9977 break; |
9614 case content_alert: | 9978 case content_alert: |
9615 rv = ssl3_HandleAlert(ss, databuf); | 9979 rv = ssl3_HandleAlert(ss, databuf); |
9616 break; | 9980 break; |
9617 case content_handshake: | 9981 case content_handshake: |
9618 » rv = ssl3_HandleHandshake(ss, databuf); | 9982 » if (!IS_DTLS(ss)) { |
9983 » rv = ssl3_HandleHandshake(ss, databuf); | |
9984 » } else { | |
9985 » rv = dtls_HandleHandshake(ss, databuf); | |
9986 » } | |
9619 break; | 9987 break; |
9620 /* | 9988 /* |
9621 case content_application_data is handled before this switch | 9989 case content_application_data is handled before this switch |
9622 */ | 9990 */ |
9623 default: | 9991 default: |
9624 SSL_DBG(("%d: SSL3[%d]: bogus content type=%d", | 9992 SSL_DBG(("%d: SSL3[%d]: bogus content type=%d", |
9625 SSL_GETPID(), ss->fd, cText->type)); | 9993 SSL_GETPID(), ss->fd, cText->type)); |
9626 /* XXX Send an alert ??? */ | 9994 /* XXX Send an alert ??? */ |
9627 PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE); | 9995 PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE); |
9628 rv = SECFailure; | 9996 rv = SECFailure; |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9668 spec->server.write_key = NULL; | 10036 spec->server.write_key = NULL; |
9669 spec->server.write_mac_key = NULL; | 10037 spec->server.write_mac_key = NULL; |
9670 spec->server.write_mac_context = NULL; | 10038 spec->server.write_mac_context = NULL; |
9671 | 10039 |
9672 spec->write_seq_num.high = 0; | 10040 spec->write_seq_num.high = 0; |
9673 spec->write_seq_num.low = 0; | 10041 spec->write_seq_num.low = 0; |
9674 | 10042 |
9675 spec->read_seq_num.high = 0; | 10043 spec->read_seq_num.high = 0; |
9676 spec->read_seq_num.low = 0; | 10044 spec->read_seq_num.low = 0; |
9677 | 10045 |
10046 spec->epoch = 0; | |
10047 dtls_InitRecvdRecords(&spec->recvdRecords); | |
10048 | |
9678 spec->version = ss->vrange.max; | 10049 spec->version = ss->vrange.max; |
9679 } | 10050 } |
9680 | 10051 |
9681 /* Called from: ssl3_SendRecord | 10052 /* Called from: ssl3_SendRecord |
9682 ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake() | 10053 ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake() |
9683 ** ssl3_SendClientHello() | 10054 ** ssl3_SendClientHello() |
9684 ** ssl3_HandleServerHello() | 10055 ** ssl3_HandleServerHello() |
9685 ** ssl3_HandleClientHello() | 10056 ** ssl3_HandleClientHello() |
9686 ** ssl3_HandleV2ClientHello() | 10057 ** ssl3_HandleV2ClientHello() |
9687 ** ssl3_HandleRecord() | 10058 ** ssl3_HandleRecord() |
(...skipping 21 matching lines...) Expand all Loading... | |
9709 ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); | 10080 ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); |
9710 | 10081 |
9711 ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; | 10082 ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; |
9712 #ifdef NSS_ENABLE_ECC | 10083 #ifdef NSS_ENABLE_ECC |
9713 ss->ssl3.hs.negotiatedECCurves = SSL3_SUPPORTED_CURVES_MASK; | 10084 ss->ssl3.hs.negotiatedECCurves = SSL3_SUPPORTED_CURVES_MASK; |
9714 #endif | 10085 #endif |
9715 ssl_ReleaseSpecWriteLock(ss); | 10086 ssl_ReleaseSpecWriteLock(ss); |
9716 | 10087 |
9717 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 10088 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
9718 | 10089 |
10090 if (IS_DTLS(ss)) { | |
10091 ss->ssl3.hs.sendMessageSeq = 0; | |
10092 ss->ssl3.hs.recvMessageSeq = 0; | |
10093 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; | |
10094 ss->ssl3.hs.rtRetries = 0; | |
10095 | |
10096 /* Have to allocate this because ssl_FreeSocket relocates | |
10097 * this structure in DEBUG mode */ | |
10098 if (!(ss->ssl3.hs.lastMessageFlight = PORT_Alloc(sizeof(PRCList)))) | |
10099 return SECFailure; | |
10100 ss->ssl3.hs.recvdHighWater = -1; | |
10101 PR_INIT_CLIST(ss->ssl3.hs.lastMessageFlight); | |
10102 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */ | |
10103 } | |
10104 | |
9719 rv = ssl3_NewHandshakeHashes(ss); | 10105 rv = ssl3_NewHandshakeHashes(ss); |
9720 if (rv == SECSuccess) { | 10106 if (rv == SECSuccess) { |
9721 ss->ssl3.initialized = PR_TRUE; | 10107 ss->ssl3.initialized = PR_TRUE; |
9722 } | 10108 } |
9723 | 10109 |
9724 return rv; | 10110 return rv; |
9725 } | 10111 } |
9726 | 10112 |
9727 /* Returns a reference counted object that contains a key pair. | 10113 /* Returns a reference counted object that contains a key pair. |
9728 * Or NULL on failure. Initial ref count is 1. | 10114 * Or NULL on failure. Initial ref count is 1. |
(...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9961 | 10347 |
9962 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 10348 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
9963 | 10349 |
9964 if (!ss->firstHsDone || | 10350 if (!ss->firstHsDone || |
9965 ((ss->version >= SSL_LIBRARY_VERSION_3_0) && | 10351 ((ss->version >= SSL_LIBRARY_VERSION_3_0) && |
9966 ss->ssl3.initialized && | 10352 ss->ssl3.initialized && |
9967 (ss->ssl3.hs.ws != idle_handshake))) { | 10353 (ss->ssl3.hs.ws != idle_handshake))) { |
9968 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); | 10354 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); |
9969 return SECFailure; | 10355 return SECFailure; |
9970 } | 10356 } |
10357 | |
10358 if (IS_DTLS(ss)) { | |
10359 dtls_RehandshakeCleanup(ss); | |
10360 } | |
10361 | |
9971 if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { | 10362 if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { |
9972 PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); | 10363 PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); |
9973 return SECFailure; | 10364 return SECFailure; |
9974 } | 10365 } |
9975 if (sid && flushCache) { | 10366 if (sid && flushCache) { |
9976 ss->sec.uncache(sid); /* remove it from whichever cache it's in. */ | 10367 ss->sec.uncache(sid); /* remove it from whichever cache it's in. */ |
9977 ssl_FreeSID(sid); /* dec ref count and free if zero. */ | 10368 ssl_FreeSID(sid); /* dec ref count and free if zero. */ |
9978 ss->sec.ci.sid = NULL; | 10369 ss->sec.ci.sid = NULL; |
9979 } | 10370 } |
9980 | 10371 |
9981 ssl_GetXmitBufLock(ss); /**************************************/ | 10372 ssl_GetXmitBufLock(ss); /**************************************/ |
9982 | 10373 |
9983 /* start off a new handshake. */ | 10374 /* start off a new handshake. */ |
9984 rv = (ss->sec.isServer) ? ssl3_SendHelloRequest(ss) | 10375 rv = (ss->sec.isServer) ? ssl3_SendHelloRequest(ss) |
9985 : ssl3_SendClientHello(ss); | 10376 : ssl3_SendClientHello(ss, PR_FALSE); |
9986 | 10377 |
9987 ssl_ReleaseXmitBufLock(ss); /**************************************/ | 10378 ssl_ReleaseXmitBufLock(ss); /**************************************/ |
9988 return rv; | 10379 return rv; |
9989 } | 10380 } |
9990 | 10381 |
9991 /* Called from ssl_DestroySocketContents() in sslsock.c */ | 10382 /* Called from ssl_DestroySocketContents() in sslsock.c */ |
9992 void | 10383 void |
9993 ssl3_DestroySSL3Info(sslSocket *ss) | 10384 ssl3_DestroySSL3Info(sslSocket *ss) |
9994 { | 10385 { |
9995 | 10386 |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10035 SECITEM_FreeItem(&ss->ssl3.hs.cert_status, PR_FALSE); | 10426 SECITEM_FreeItem(&ss->ssl3.hs.cert_status, PR_FALSE); |
10036 } | 10427 } |
10037 | 10428 |
10038 /* free the SSL3Buffer (msg_body) */ | 10429 /* free the SSL3Buffer (msg_body) */ |
10039 PORT_Free(ss->ssl3.hs.msg_body.buf); | 10430 PORT_Free(ss->ssl3.hs.msg_body.buf); |
10040 | 10431 |
10041 /* free up the CipherSpecs */ | 10432 /* free up the CipherSpecs */ |
10042 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/); | 10433 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/); |
10043 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/); | 10434 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/); |
10044 | 10435 |
10436 /* Destroy the DTLS data */ | |
10437 if (IS_DTLS(ss)) { | |
10438 if (ss->ssl3.hs.lastMessageFlight) { | |
10439 dtls_FreeHandshakeMessages(ss->ssl3.hs.lastMessageFlight); | |
10440 PORT_Free(ss->ssl3.hs.lastMessageFlight); | |
10441 } | |
10442 if (ss->ssl3.hs.recvdFragments.buf) { | |
10443 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | |
10444 } | |
10445 } | |
10446 | |
10045 ss->ssl3.initialized = PR_FALSE; | 10447 ss->ssl3.initialized = PR_FALSE; |
10046 | 10448 |
10047 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 10449 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
10048 } | 10450 } |
10049 | 10451 |
10050 /* End of ssl3con.c */ | 10452 /* End of ssl3con.c */ |
OLD | NEW |