OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
112 * precedence (desirability). It only includes cipher suites we implement. | 112 * precedence (desirability). It only includes cipher suites we implement. |
113 * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites | 113 * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites |
114 * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c) | 114 * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c) |
115 * | 115 * |
116 * Important: See bug 946147 before enabling, reordering, or adding any cipher | 116 * Important: See bug 946147 before enabling, reordering, or adding any cipher |
117 * suites to this list. | 117 * suites to this list. |
118 */ | 118 */ |
119 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { | 119 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { |
120 /* cipher_suite policy enabled isPresent */ | 120 /* cipher_suite policy enabled isPresent */ |
121 | 121 |
122 #ifdef NSS_ENABLE_ECC | 122 #ifndef NSS_DISABLE_ECC |
123 { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 123 { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
124 { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 124 { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
125 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 125 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
126 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 126 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
127 /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around | 127 /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around |
128 * bug 946147. | 128 * bug 946147. |
129 */ | 129 */ |
130 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 130 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
131 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 131 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
132 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 132 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
133 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 133 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
134 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 134 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
135 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 135 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
136 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 136 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
137 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 137 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
138 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 138 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
139 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 139 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
140 #endif /* NSS_ENABLE_ECC */ | 140 #endif /* NSS_DISABLE_ECC */ |
141 | 141 |
142 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 142 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
143 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 143 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
144 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 144 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
145 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 145 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
146 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 146 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
147 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 147 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
148 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 148 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
149 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 149 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
150 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 150 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
151 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 151 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
152 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 152 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
153 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 153 { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
154 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 154 { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
155 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 155 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
156 | 156 |
157 #ifdef NSS_ENABLE_ECC | 157 #ifndef NSS_DISABLE_ECC |
158 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 158 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
159 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 159 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
160 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 160 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
161 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 161 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
162 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 162 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
163 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 163 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
164 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 164 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
165 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 165 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
166 #endif /* NSS_ENABLE_ECC */ | 166 #endif /* NSS_DISABLE_ECC */ |
167 | 167 |
168 /* RSA */ | 168 /* RSA */ |
169 { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 169 { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
170 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 170 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
171 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 171 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
172 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 172 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
173 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 173 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
174 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 174 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
175 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 175 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
176 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 176 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
177 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 177 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
178 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 178 { TLS_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
179 { SSL_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 179 { TLS_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
180 { SSL_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE}, | 180 { TLS_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
181 | 181 |
182 /* 56-bit DES "domestic" cipher suites */ | 182 /* 56-bit DES "domestic" cipher suites */ |
183 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 183 { TLS_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
184 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 184 { TLS_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
185 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 185 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
186 { SSL_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 186 { TLS_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
187 | 187 |
188 /* export ciphersuites with 1024-bit public key exchange keys */ | 188 /* export ciphersuites with 1024-bit public key exchange keys */ |
189 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 189 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
190 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 190 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
191 | 191 |
192 /* export ciphersuites with 512-bit public key exchange keys */ | 192 /* export ciphersuites with 512-bit public key exchange keys */ |
193 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 193 { TLS_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
194 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 194 { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
195 | 195 |
196 /* ciphersuites with no encryption */ | 196 /* ciphersuites with no encryption */ |
197 #ifdef NSS_ENABLE_ECC | 197 #ifndef NSS_DISABLE_ECC |
198 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 198 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
199 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 199 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
200 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 200 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
201 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 201 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
202 #endif /* NSS_ENABLE_ECC */ | 202 #endif /* NSS_DISABLE_ECC */ |
203 { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 203 { TLS_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
204 { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 204 { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
205 { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, | 205 { TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
206 }; | 206 }; |
207 | 207 |
208 /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order. | 208 /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order. |
209 */ | 209 */ |
210 #ifdef DEBUG | 210 #ifdef DEBUG |
211 void ssl3_CheckCipherSuiteOrderConsistency() | 211 void ssl3_CheckCipherSuiteOrderConsistency() |
212 { | 212 { |
213 unsigned int i; | 213 unsigned int i; |
214 | 214 |
215 /* Note that SSL_ImplementedCiphers has more elements than cipherSuites | 215 /* Note that SSL_ImplementedCiphers has more elements than cipherSuites |
(...skipping 24 matching lines...) Expand all Loading... |
240 /* compressionEnabled returns true iff the compression algorithm is enabled | 240 /* compressionEnabled returns true iff the compression algorithm is enabled |
241 * for the given SSL socket. */ | 241 * for the given SSL socket. */ |
242 static PRBool | 242 static PRBool |
243 compressionEnabled(sslSocket *ss, SSLCompressionMethod compression) | 243 compressionEnabled(sslSocket *ss, SSLCompressionMethod compression) |
244 { | 244 { |
245 switch (compression) { | 245 switch (compression) { |
246 case ssl_compression_null: | 246 case ssl_compression_null: |
247 return PR_TRUE; /* Always enabled */ | 247 return PR_TRUE; /* Always enabled */ |
248 #ifdef NSS_ENABLE_ZLIB | 248 #ifdef NSS_ENABLE_ZLIB |
249 case ssl_compression_deflate: | 249 case ssl_compression_deflate: |
250 » return ss->opt.enableDeflate; | 250 if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { |
| 251 return ss->opt.enableDeflate; |
| 252 } |
| 253 return PR_FALSE; |
251 #endif | 254 #endif |
252 default: | 255 default: |
253 return PR_FALSE; | 256 return PR_FALSE; |
254 } | 257 } |
255 } | 258 } |
256 | 259 |
257 static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { | 260 static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { |
258 ct_RSA_sign, | 261 ct_RSA_sign, |
259 #ifdef NSS_ENABLE_ECC | 262 #ifndef NSS_DISABLE_ECC |
260 ct_ECDSA_sign, | 263 ct_ECDSA_sign, |
261 #endif /* NSS_ENABLE_ECC */ | 264 #endif /* NSS_DISABLE_ECC */ |
262 ct_DSS_sign, | 265 ct_DSS_sign, |
263 }; | 266 }; |
264 | 267 |
265 /* This block is the contents of the supported_signature_algorithms field of | 268 /* This block is the contents of the supported_signature_algorithms field of |
266 * our TLS 1.2 CertificateRequest message, in wire format. See | 269 * our TLS 1.2 CertificateRequest message, in wire format. See |
267 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | 270 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 |
268 * | 271 * |
269 * This block contains only sha256 entries because we only support TLS 1.2 | 272 * This block contains only sha256 entries because we only support TLS 1.2 |
270 * CertificateVerify messages that use the handshake hash. */ | 273 * CertificateVerify messages that use the handshake hash. */ |
271 static const PRUint8 supported_signature_algorithms[] = { | 274 static const PRUint8 supported_signature_algorithms[] = { |
272 tls_hash_sha256, tls_sig_rsa, | 275 tls_hash_sha256, tls_sig_rsa, |
273 #ifdef NSS_ENABLE_ECC | 276 #ifndef NSS_DISABLE_ECC |
274 tls_hash_sha256, tls_sig_ecdsa, | 277 tls_hash_sha256, tls_sig_ecdsa, |
275 #endif | 278 #endif |
276 tls_hash_sha256, tls_sig_dsa, | 279 tls_hash_sha256, tls_sig_dsa, |
277 }; | 280 }; |
278 | 281 |
279 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ | 282 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ |
280 | 283 |
281 | 284 |
282 /* This global item is used only in servers. It is is initialized by | 285 /* This global item is used only in servers. It is is initialized by |
283 ** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest(). | 286 ** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest(). |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
325 {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, | 328 {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, |
326 {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, | 329 {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, |
327 {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, | 330 {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, |
328 {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE}, | 331 {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE}, |
329 {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, | 332 {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, |
330 {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, | 333 {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, |
331 {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, | 334 {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, |
332 {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE}, | 335 {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE}, |
333 {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE}, | 336 {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE}, |
334 {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE }, | 337 {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE }, |
335 #ifdef NSS_ENABLE_ECC | 338 #ifndef NSS_DISABLE_ECC |
336 {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, | 339 {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, |
337 {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, | 340 {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, |
338 {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, | 341 {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, |
339 {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, | 342 {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, |
340 {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE}, | 343 {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE}, |
341 #endif /* NSS_ENABLE_ECC */ | 344 #endif /* NSS_DISABLE_ECC */ |
342 }; | 345 }; |
343 | 346 |
344 /* must use ssl_LookupCipherSuiteDef to access */ | 347 /* must use ssl_LookupCipherSuiteDef to access */ |
345 static const ssl3CipherSuiteDef cipher_suite_defs[] = | 348 static const ssl3CipherSuiteDef cipher_suite_defs[] = |
346 { | 349 { |
347 /* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */ | 350 /* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */ |
348 | 351 |
349 {SSL_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null}, | 352 {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null}, |
350 {SSL_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa}, | 353 {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa}, |
351 {SSL_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa}, | 354 {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa}, |
352 {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa}, | 355 {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa}, |
353 {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export}, | 356 {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export}, |
354 {SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa}, | 357 {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa}, |
355 {SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa}, | 358 {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa}, |
356 {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, | 359 {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, |
357 cipher_rc2_40, mac_md5, kea_rsa_export}, | 360 cipher_rc2_40, mac_md5, kea_rsa_export}, |
358 #if 0 /* not implemented */ | 361 #if 0 /* not implemented */ |
359 {SSL_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa}, | 362 {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa}, |
360 {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, | 363 {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, |
361 cipher_des40, mac_sha, kea_rsa_export}, | 364 cipher_des40, mac_sha, kea_rsa_export}, |
362 #endif | 365 #endif |
363 {SSL_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa}, | 366 {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa}, |
364 {SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa}, | 367 {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa}, |
365 {SSL_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss}, | 368 {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss}, |
366 {SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, | 369 {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, |
367 cipher_3des, mac_sha, kea_dhe_dss}, | 370 cipher_3des, mac_sha, kea_dhe_dss}, |
368 {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss}, | 371 {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss}, |
369 #if 0 /* not implemented */ | 372 #if 0 /* not implemented */ |
370 {SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, | 373 {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, |
371 cipher_des40, mac_sha, kea_dh_dss_export}, | 374 cipher_des40, mac_sha, kea_dh_dss_export}, |
372 {SSL_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss}, | 375 {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss}, |
373 {SSL_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss}, | 376 {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss}, |
374 {SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, | 377 {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, |
375 cipher_des40, mac_sha, kea_dh_rsa_export}, | 378 cipher_des40, mac_sha, kea_dh_rsa_export}, |
376 {SSL_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa}, | 379 {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa}, |
377 {SSL_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa}, | 380 {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa}, |
378 {SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, | 381 {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, |
379 cipher_des40, mac_sha, kea_dh_dss_export}, | 382 cipher_des40, mac_sha, kea_dh_dss_export}, |
380 {SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, | 383 {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, |
381 cipher_des40, mac_sha, kea_dh_rsa_export}, | 384 cipher_des40, mac_sha, kea_dh_rsa_export}, |
382 #endif | 385 #endif |
383 {SSL_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa}, | 386 {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa}, |
384 {SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, | 387 {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, |
385 cipher_3des, mac_sha, kea_dhe_rsa}, | 388 cipher_3des, mac_sha, kea_dhe_rsa}, |
386 #if 0 | 389 #if 0 |
387 {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export}, | 390 {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export}, |
388 {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, | 391 {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, |
389 cipher_des40, mac_sha, kea_dh_anon_export}, | 392 cipher_des40, mac_sha, kea_dh_anon_export}, |
390 {SSL_DH_ANON_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon}, | 393 {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon}, |
391 {SSL_DH_ANON_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon}, | 394 {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon}, |
392 #endif | 395 #endif |
393 | 396 |
394 | 397 |
395 /* New TLS cipher suites */ | 398 /* New TLS cipher suites */ |
396 {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa}, | 399 {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa}, |
397 {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa}, | 400 {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa}, |
398 {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss}, | 401 {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss}, |
399 {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa}, | 402 {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa}, |
400 {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_r
sa}, | 403 {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_r
sa}, |
401 {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa}, | 404 {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa}, |
402 {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa}, | 405 {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa}, |
403 {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss}, | 406 {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss}, |
404 {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa}, | 407 {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa}, |
405 {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_r
sa}, | 408 {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_r
sa}, |
406 #if 0 | 409 #if 0 |
407 {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss}, | 410 {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss}, |
408 {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa}, | 411 {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa}, |
409 {TLS_DH_ANON_WITH_AES_128_CBC_SHA, »cipher_aes_128, mac_sha, kea_dh_anon}, | 412 {TLS_DH_anon_WITH_AES_128_CBC_SHA, »cipher_aes_128, mac_sha, kea_dh_anon}, |
410 {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss}, | 413 {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss}, |
411 {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa}, | 414 {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa}, |
412 {TLS_DH_ANON_WITH_AES_256_CBC_SHA, »cipher_aes_256, mac_sha, kea_dh_anon}, | 415 {TLS_DH_anon_WITH_AES_256_CBC_SHA, »cipher_aes_256, mac_sha, kea_dh_anon}, |
413 #endif | 416 #endif |
414 | 417 |
415 {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa}, | 418 {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa}, |
416 | 419 |
417 {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa}, | 420 {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa}, |
418 {TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | 421 {TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
419 cipher_camellia_128, mac_sha, kea_dhe_dss}, | 422 cipher_camellia_128, mac_sha, kea_dhe_dss}, |
420 {TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | 423 {TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
421 cipher_camellia_128, mac_sha, kea_dhe_rsa}, | 424 cipher_camellia_128, mac_sha, kea_dhe_rsa}, |
422 {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa}, | 425 {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa}, |
(...skipping 10 matching lines...) Expand all Loading... |
433 {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips}, | 436 {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips}, |
434 {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips}, | 437 {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips}, |
435 | 438 |
436 {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_
rsa}, | 439 {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_
rsa}, |
437 {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa}, | 440 {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa}, |
438 {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ec
dhe_rsa}, | 441 {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ec
dhe_rsa}, |
439 {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_
ecdhe_ecdsa}, | 442 {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_
ecdhe_ecdsa}, |
440 {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_
rsa}, | 443 {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_
rsa}, |
441 {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdh
e_ecdsa}, | 444 {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdh
e_ecdsa}, |
442 | 445 |
443 #ifdef NSS_ENABLE_ECC | 446 #ifndef NSS_DISABLE_ECC |
444 {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, | 447 {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, |
445 {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, | 448 {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, |
446 {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa}
, | 449 {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa}
, |
447 {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecds
a}, | 450 {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecds
a}, |
448 {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecds
a}, | 451 {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecds
a}, |
449 | 452 |
450 {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa
}, | 453 {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa
}, |
451 {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa
}, | 454 {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa
}, |
452 {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecds
a}, | 455 {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecds
a}, |
453 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ec
dsa}, | 456 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ec
dsa}, |
(...skipping 13 matching lines...) Expand all Loading... |
467 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecd
he_rsa}, | 470 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecd
he_rsa}, |
468 {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa
}, | 471 {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa
}, |
469 | 472 |
470 #if 0 | 473 #if 0 |
471 {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon
}, | 474 {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon
}, |
472 {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon
}, | 475 {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon
}, |
473 {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon
}, | 476 {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon
}, |
474 {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon
}, | 477 {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon
}, |
475 {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon
}, | 478 {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon
}, |
476 #endif | 479 #endif |
477 #endif /* NSS_ENABLE_ECC */ | 480 #endif /* NSS_DISABLE_ECC */ |
478 }; | 481 }; |
479 | 482 |
480 static const CK_MECHANISM_TYPE kea_alg_defs[] = { | 483 static const CK_MECHANISM_TYPE kea_alg_defs[] = { |
481 0x80000000L, | 484 0x80000000L, |
482 CKM_RSA_PKCS, | 485 CKM_RSA_PKCS, |
483 CKM_DH_PKCS_DERIVE, | 486 CKM_DH_PKCS_DERIVE, |
484 CKM_KEA_KEY_DERIVE, | 487 CKM_KEA_KEY_DERIVE, |
485 CKM_ECDH1_DERIVE | 488 CKM_ECDH1_DERIVE |
486 }; | 489 }; |
487 | 490 |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
541 "IDEA-CBC", | 544 "IDEA-CBC", |
542 "AES-128", | 545 "AES-128", |
543 "AES-256", | 546 "AES-256", |
544 "Camellia-128", | 547 "Camellia-128", |
545 "Camellia-256", | 548 "Camellia-256", |
546 "SEED-CBC", | 549 "SEED-CBC", |
547 "AES-128-GCM", | 550 "AES-128-GCM", |
548 "missing" | 551 "missing" |
549 }; | 552 }; |
550 | 553 |
551 #ifdef NSS_ENABLE_ECC | 554 #ifndef NSS_DISABLE_ECC |
552 /* The ECCWrappedKeyInfo structure defines how various pieces of | 555 /* The ECCWrappedKeyInfo structure defines how various pieces of |
553 * information are laid out within wrappedSymmetricWrappingkey | 556 * information are laid out within wrappedSymmetricWrappingkey |
554 * for ECDH key exchange. Since wrappedSymmetricWrappingkey is | 557 * for ECDH key exchange. Since wrappedSymmetricWrappingkey is |
555 * a 512-byte buffer (see sslimpl.h), the variable length field | 558 * a 512-byte buffer (see sslimpl.h), the variable length field |
556 * in ECCWrappedKeyInfo can be at most (512 - 8) = 504 bytes. | 559 * in ECCWrappedKeyInfo can be at most (512 - 8) = 504 bytes. |
557 * | 560 * |
558 * XXX For now, NSS only supports named elliptic curves of size 571 bits | 561 * XXX For now, NSS only supports named elliptic curves of size 571 bits |
559 * or smaller. The public value will fit within 145 bytes and EC params | 562 * or smaller. The public value will fit within 145 bytes and EC params |
560 * will fit within 12 bytes. We'll need to revisit this when NSS | 563 * will fit within 12 bytes. We'll need to revisit this when NSS |
561 * supports arbitrary curves. | 564 * supports arbitrary curves. |
562 */ | 565 */ |
563 #define MAX_EC_WRAPPED_KEY_BUFLEN 504 | 566 #define MAX_EC_WRAPPED_KEY_BUFLEN 504 |
564 | 567 |
565 typedef struct ECCWrappedKeyInfoStr { | 568 typedef struct ECCWrappedKeyInfoStr { |
566 PRUint16 size; /* EC public key size in bits */ | 569 PRUint16 size; /* EC public key size in bits */ |
567 PRUint16 encodedParamLen; /* length (in bytes) of DER encoded EC params */ | 570 PRUint16 encodedParamLen; /* length (in bytes) of DER encoded EC params */ |
568 PRUint16 pubValueLen; /* length (in bytes) of EC public value */ | 571 PRUint16 pubValueLen; /* length (in bytes) of EC public value */ |
569 PRUint16 wrappedKeyLen; /* length (in bytes) of the wrapped key */ | 572 PRUint16 wrappedKeyLen; /* length (in bytes) of the wrapped key */ |
570 PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */ | 573 PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */ |
571 /* EC public-key params, the EC public value and the wrapped key */ | 574 /* EC public-key params, the EC public value and the wrapped key */ |
572 } ECCWrappedKeyInfo; | 575 } ECCWrappedKeyInfo; |
573 #endif /* NSS_ENABLE_ECC */ | 576 #endif /* NSS_DISABLE_ECC */ |
574 | 577 |
575 #if defined(TRACE) | 578 #if defined(TRACE) |
576 | 579 |
577 static char * | 580 static char * |
578 ssl3_DecodeHandshakeType(int msgType) | 581 ssl3_DecodeHandshakeType(int msgType) |
579 { | 582 { |
580 char * rv; | 583 char * rv; |
581 static char line[40]; | 584 static char line[40]; |
582 | 585 |
583 switch(msgType) { | 586 switch(msgType) { |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
651 static PRBool | 654 static PRBool |
652 ssl3_CipherSuiteAllowedForVersionRange( | 655 ssl3_CipherSuiteAllowedForVersionRange( |
653 ssl3CipherSuite cipherSuite, | 656 ssl3CipherSuite cipherSuite, |
654 const SSLVersionRange *vrange) | 657 const SSLVersionRange *vrange) |
655 { | 658 { |
656 switch (cipherSuite) { | 659 switch (cipherSuite) { |
657 /* See RFC 4346 A.5. Export cipher suites must not be used in TLS 1.1 or | 660 /* See RFC 4346 A.5. Export cipher suites must not be used in TLS 1.1 or |
658 * later. This set of cipher suites is similar to, but different from, the | 661 * later. This set of cipher suites is similar to, but different from, the |
659 * set of cipher suites considered exportable by SSL_IsExportCipherSuite. | 662 * set of cipher suites considered exportable by SSL_IsExportCipherSuite. |
660 */ | 663 */ |
661 case SSL_RSA_EXPORT_WITH_RC4_40_MD5: | 664 case TLS_RSA_EXPORT_WITH_RC4_40_MD5: |
662 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: | 665 case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: |
663 /* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented | 666 /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented |
664 * SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented | 667 * TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented |
665 * SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented | 668 * TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented |
666 * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented | 669 * TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented |
667 * SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented | 670 * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented |
668 * SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented | 671 * TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: never implemented |
669 * SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented | 672 * TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: never implemented |
670 */ | 673 */ |
671 return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0; | 674 return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0; |
672 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305: | 675 |
673 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305: | |
674 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: | 676 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: |
675 case TLS_RSA_WITH_AES_256_CBC_SHA256: | 677 case TLS_RSA_WITH_AES_256_CBC_SHA256: |
676 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: | 678 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: |
677 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: | |
678 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: | 679 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: |
679 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: | |
680 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: | 680 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: |
681 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: | |
682 case TLS_RSA_WITH_AES_128_CBC_SHA256: | 681 case TLS_RSA_WITH_AES_128_CBC_SHA256: |
683 case TLS_RSA_WITH_AES_128_GCM_SHA256: | 682 case TLS_RSA_WITH_AES_128_GCM_SHA256: |
684 case TLS_RSA_WITH_NULL_SHA256: | 683 case TLS_RSA_WITH_NULL_SHA256: |
| 684 return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2; |
| 685 |
| 686 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305: |
| 687 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305: |
| 688 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: |
| 689 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: |
| 690 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: |
685 return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; | 691 return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; |
| 692 |
| 693 /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and |
| 694 * point formats.*/ |
| 695 case TLS_ECDH_ECDSA_WITH_NULL_SHA: |
| 696 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: |
| 697 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: |
| 698 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: |
| 699 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: |
| 700 case TLS_ECDHE_ECDSA_WITH_NULL_SHA: |
| 701 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: |
| 702 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: |
| 703 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: |
| 704 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: |
| 705 case TLS_ECDH_RSA_WITH_NULL_SHA: |
| 706 case TLS_ECDH_RSA_WITH_RC4_128_SHA: |
| 707 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: |
| 708 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: |
| 709 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: |
| 710 case TLS_ECDHE_RSA_WITH_NULL_SHA: |
| 711 case TLS_ECDHE_RSA_WITH_RC4_128_SHA: |
| 712 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: |
| 713 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: |
| 714 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: |
| 715 return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0 && |
| 716 vrange->min < SSL_LIBRARY_VERSION_TLS_1_3; |
| 717 |
686 default: | 718 default: |
687 » return PR_TRUE; | 719 return vrange->min < SSL_LIBRARY_VERSION_TLS_1_3; |
688 } | 720 } |
689 } | 721 } |
690 | 722 |
691 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ | 723 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ |
692 /* XXX This does a linear search. A binary search would be better. */ | 724 /* XXX This does a linear search. A binary search would be better. */ |
693 static const ssl3CipherSuiteDef * | 725 static const ssl3CipherSuiteDef * |
694 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) | 726 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) |
695 { | 727 { |
696 int cipher_suite_def_len = | 728 int cipher_suite_def_len = |
697 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]); | 729 sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]); |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
762 cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite); | 794 cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite); |
763 if (!cipher_def) { | 795 if (!cipher_def) { |
764 suite->isPresent = PR_FALSE; | 796 suite->isPresent = PR_FALSE; |
765 continue; | 797 continue; |
766 } | 798 } |
767 cipher_alg = bulk_cipher_defs[cipher_def->bulk_cipher_alg].calg; | 799 cipher_alg = bulk_cipher_defs[cipher_def->bulk_cipher_alg].calg; |
768 PORT_Assert( alg2Mech[cipher_alg].calg == cipher_alg); | 800 PORT_Assert( alg2Mech[cipher_alg].calg == cipher_alg); |
769 cipher_mech = alg2Mech[cipher_alg].cmech; | 801 cipher_mech = alg2Mech[cipher_alg].cmech; |
770 exchKeyType = | 802 exchKeyType = |
771 kea_defs[cipher_def->key_exchange_alg].exchKeyType; | 803 kea_defs[cipher_def->key_exchange_alg].exchKeyType; |
772 #ifndef NSS_ENABLE_ECC | 804 #ifdef NSS_DISABLE_ECC |
773 svrAuth = ss->serverCerts + exchKeyType; | 805 svrAuth = ss->serverCerts + exchKeyType; |
774 #else | 806 #else |
775 /* XXX SSLKEAType isn't really a good choice for | 807 /* XXX SSLKEAType isn't really a good choice for |
776 * indexing certificates. It doesn't work for | 808 * indexing certificates. It doesn't work for |
777 * (EC)DHE-* ciphers. Here we use a hack to ensure | 809 * (EC)DHE-* ciphers. Here we use a hack to ensure |
778 * that the server uses an RSA cert for (EC)DHE-RSA. | 810 * that the server uses an RSA cert for (EC)DHE-RSA. |
779 */ | 811 */ |
780 switch (cipher_def->key_exchange_alg) { | 812 switch (cipher_def->key_exchange_alg) { |
781 case kea_ecdhe_rsa: | 813 case kea_ecdhe_rsa: |
782 #if NSS_SERVER_DHE_IMPLEMENTED | 814 #if NSS_SERVER_DHE_IMPLEMENTED |
(...skipping 13 matching lines...) Expand all Loading... |
796 * XXX We ought to have different indices for | 828 * XXX We ought to have different indices for |
797 * ECDSA- and RSA-signed EC certificates so | 829 * ECDSA- and RSA-signed EC certificates so |
798 * we could support both key exchange mechanisms | 830 * we could support both key exchange mechanisms |
799 * simultaneously. For now, both of them use | 831 * simultaneously. For now, both of them use |
800 * whatever is in the certificate slot for kt_ecdh | 832 * whatever is in the certificate slot for kt_ecdh |
801 */ | 833 */ |
802 default: | 834 default: |
803 svrAuth = ss->serverCerts + exchKeyType; | 835 svrAuth = ss->serverCerts + exchKeyType; |
804 break; | 836 break; |
805 } | 837 } |
806 #endif /* NSS_ENABLE_ECC */ | 838 #endif /* NSS_DISABLE_ECC */ |
807 | 839 |
808 /* Mark the suites that are backed by real tokens, certs and keys */ | 840 /* Mark the suites that are backed by real tokens, certs and keys */ |
809 suite->isPresent = (PRBool) | 841 suite->isPresent = (PRBool) |
810 (((exchKeyType == kt_null) || | 842 (((exchKeyType == kt_null) || |
811 ((!isServer || (svrAuth->serverKeyPair && | 843 ((!isServer || (svrAuth->serverKeyPair && |
812 svrAuth->SERVERKEY && | 844 svrAuth->SERVERKEY && |
813 svrAuth->serverCertChain)) && | 845 svrAuth->serverCertChain)) && |
814 PK11_TokenExists(kea_alg_defs[exchKeyType]))) && | 846 PK11_TokenExists(kea_alg_defs[exchKeyType]))) && |
815 ((cipher_alg == calg_null) || PK11_TokenExists(cipher_mech))); | 847 ((cipher_alg == calg_null) || PK11_TokenExists(cipher_mech))); |
816 if (suite->isPresent) | 848 if (suite->isPresent) |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
903 ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion, | 935 ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion, |
904 PRBool allowLargerPeerVersion) | 936 PRBool allowLargerPeerVersion) |
905 { | 937 { |
906 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { | 938 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
907 PORT_SetError(SSL_ERROR_SSL_DISABLED); | 939 PORT_SetError(SSL_ERROR_SSL_DISABLED); |
908 return SECFailure; | 940 return SECFailure; |
909 } | 941 } |
910 | 942 |
911 if (peerVersion < ss->vrange.min || | 943 if (peerVersion < ss->vrange.min || |
912 (peerVersion > ss->vrange.max && !allowLargerPeerVersion)) { | 944 (peerVersion > ss->vrange.max && !allowLargerPeerVersion)) { |
913 » PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); | 945 » PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); |
914 return SECFailure; | 946 return SECFailure; |
915 } | 947 } |
916 | 948 |
917 ss->version = PR_MIN(peerVersion, ss->vrange.max); | 949 ss->version = PR_MIN(peerVersion, ss->vrange.max); |
918 PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, ss->version)); | 950 PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, ss->version)); |
919 | 951 |
920 return SECSuccess; | 952 return SECSuccess; |
921 } | 953 } |
922 | 954 |
923 static SECStatus | 955 static SECStatus |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
955 /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. | 987 /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. |
956 * In that case, we use just the SHA1 part. */ | 988 * In that case, we use just the SHA1 part. */ |
957 if (hash->hashAlg == SEC_OID_UNKNOWN) { | 989 if (hash->hashAlg == SEC_OID_UNKNOWN) { |
958 hashItem.data = hash->u.s.sha; | 990 hashItem.data = hash->u.s.sha; |
959 hashItem.len = sizeof(hash->u.s.sha); | 991 hashItem.len = sizeof(hash->u.s.sha); |
960 } else { | 992 } else { |
961 hashItem.data = hash->u.raw; | 993 hashItem.data = hash->u.raw; |
962 hashItem.len = hash->len; | 994 hashItem.len = hash->len; |
963 } | 995 } |
964 break; | 996 break; |
965 #ifdef NSS_ENABLE_ECC | 997 #ifndef NSS_DISABLE_ECC |
966 case ecKey: | 998 case ecKey: |
967 doDerEncode = PR_TRUE; | 999 doDerEncode = PR_TRUE; |
968 /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. | 1000 /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. |
969 * In that case, we use just the SHA1 part. */ | 1001 * In that case, we use just the SHA1 part. */ |
970 if (hash->hashAlg == SEC_OID_UNKNOWN) { | 1002 if (hash->hashAlg == SEC_OID_UNKNOWN) { |
971 hashItem.data = hash->u.s.sha; | 1003 hashItem.data = hash->u.s.sha; |
972 hashItem.len = sizeof(hash->u.s.sha); | 1004 hashItem.len = sizeof(hash->u.s.sha); |
973 } else { | 1005 } else { |
974 hashItem.data = hash->u.raw; | 1006 hashItem.data = hash->u.raw; |
975 hashItem.len = hash->len; | 1007 hashItem.len = hash->len; |
976 } | 1008 } |
977 break; | 1009 break; |
978 #endif /* NSS_ENABLE_ECC */ | 1010 #endif /* NSS_DISABLE_ECC */ |
979 default: | 1011 default: |
980 PORT_SetError(SEC_ERROR_INVALID_KEY); | 1012 PORT_SetError(SEC_ERROR_INVALID_KEY); |
981 goto done; | 1013 goto done; |
982 } | 1014 } |
983 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); | 1015 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); |
984 | 1016 |
985 if (hash->hashAlg == SEC_OID_UNKNOWN) { | 1017 if (hash->hashAlg == SEC_OID_UNKNOWN) { |
986 signatureLen = PK11_SignatureLen(key); | 1018 signatureLen = PK11_SignatureLen(key); |
987 if (signatureLen <= 0) { | 1019 if (signatureLen <= 0) { |
988 PORT_SetError(SEC_ERROR_INVALID_KEY); | 1020 PORT_SetError(SEC_ERROR_INVALID_KEY); |
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1066 if (isTLS || buf->len != SECKEY_SignatureLen(key)) { | 1098 if (isTLS || buf->len != SECKEY_SignatureLen(key)) { |
1067 signature = DSAU_DecodeDerSigToLen(buf, SECKEY_SignatureLen(key)); | 1099 signature = DSAU_DecodeDerSigToLen(buf, SECKEY_SignatureLen(key)); |
1068 if (!signature) { | 1100 if (!signature) { |
1069 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); | 1101 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); |
1070 return SECFailure; | 1102 return SECFailure; |
1071 } | 1103 } |
1072 buf = signature; | 1104 buf = signature; |
1073 } | 1105 } |
1074 break; | 1106 break; |
1075 | 1107 |
1076 #ifdef NSS_ENABLE_ECC | 1108 #ifndef NSS_DISABLE_ECC |
1077 case ecKey: | 1109 case ecKey: |
1078 encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; | 1110 encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; |
1079 /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. | 1111 /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. |
1080 * In that case, we use just the SHA1 part. | 1112 * In that case, we use just the SHA1 part. |
1081 * ECDSA signatures always encode the integers r and s using ASN.1 | 1113 * ECDSA signatures always encode the integers r and s using ASN.1 |
1082 * (unlike DSA where ASN.1 encoding is used with TLS but not with | 1114 * (unlike DSA where ASN.1 encoding is used with TLS but not with |
1083 * SSL3). So we can use VFY_VerifyDigestDirect for ECDSA. | 1115 * SSL3). So we can use VFY_VerifyDigestDirect for ECDSA. |
1084 */ | 1116 */ |
1085 if (hash->hashAlg == SEC_OID_UNKNOWN) { | 1117 if (hash->hashAlg == SEC_OID_UNKNOWN) { |
1086 hashAlg = SEC_OID_SHA1; | 1118 hashAlg = SEC_OID_SHA1; |
1087 hashItem.data = hash->u.s.sha; | 1119 hashItem.data = hash->u.s.sha; |
1088 hashItem.len = sizeof(hash->u.s.sha); | 1120 hashItem.len = sizeof(hash->u.s.sha); |
1089 } else { | 1121 } else { |
1090 hashItem.data = hash->u.raw; | 1122 hashItem.data = hash->u.raw; |
1091 hashItem.len = hash->len; | 1123 hashItem.len = hash->len; |
1092 } | 1124 } |
1093 break; | 1125 break; |
1094 #endif /* NSS_ENABLE_ECC */ | 1126 #endif /* NSS_DISABLE_ECC */ |
1095 | 1127 |
1096 default: | 1128 default: |
1097 SECKEY_DestroyPublicKey(key); | 1129 SECKEY_DestroyPublicKey(key); |
1098 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); | 1130 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); |
1099 return SECFailure; | 1131 return SECFailure; |
1100 } | 1132 } |
1101 | 1133 |
1102 PRINT_BUF(60, (NULL, "hash(es) to be verified", | 1134 PRINT_BUF(60, (NULL, "hash(es) to be verified", |
1103 hashItem.data, hashItem.len)); | 1135 hashItem.data, hashItem.len)); |
1104 | 1136 |
(...skipping 4114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5219 | 5251 |
5220 if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) { | 5252 if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) { |
5221 PRUint32 maxBytes = 65535; /* 2^16 - 1 */ | 5253 PRUint32 maxBytes = 65535; /* 2^16 - 1 */ |
5222 PRInt32 extLen; | 5254 PRInt32 extLen; |
5223 | 5255 |
5224 extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL); | 5256 extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL); |
5225 if (extLen < 0) { | 5257 if (extLen < 0) { |
5226 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } | 5258 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
5227 return SECFailure; | 5259 return SECFailure; |
5228 } | 5260 } |
5229 maxBytes -= extLen; | |
5230 total_exten_len += extLen; | 5261 total_exten_len += extLen; |
5231 | 5262 |
5232 if (total_exten_len > 0) | 5263 if (total_exten_len > 0) |
5233 total_exten_len += 2; | 5264 total_exten_len += 2; |
5234 } | 5265 } |
5235 | 5266 |
5236 #if defined(NSS_ENABLE_ECC) | 5267 #ifndef NSS_DISABLE_ECC |
5237 if (!total_exten_len || !isTLS) { | 5268 if (!total_exten_len || !isTLS) { |
5238 /* not sending the elliptic_curves and ec_point_formats extensions */ | 5269 /* not sending the elliptic_curves and ec_point_formats extensions */ |
5239 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ | 5270 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ |
5240 } | 5271 } |
5241 #endif | 5272 #endif /* NSS_DISABLE_ECC */ |
5242 | 5273 |
5243 if (IS_DTLS(ss)) { | 5274 if (IS_DTLS(ss)) { |
5244 ssl3_DisableNonDTLSSuites(ss); | 5275 ssl3_DisableNonDTLSSuites(ss); |
5245 } | 5276 } |
5246 | 5277 |
5247 if (!ssl3_HasGCMSupport()) { | 5278 if (!ssl3_HasGCMSupport()) { |
5248 ssl3_DisableGCMSuites(ss); | 5279 ssl3_DisableGCMSuites(ss); |
5249 } | 5280 } |
5250 | 5281 |
5251 /* how many suites are permitted by policy and user preference? */ | 5282 /* how many suites are permitted by policy and user preference? */ |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5330 SSL3_RANDOM_LENGTH); | 5361 SSL3_RANDOM_LENGTH); |
5331 if (rv != SECSuccess) { | 5362 if (rv != SECSuccess) { |
5332 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } | 5363 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
5333 return rv; /* err set by ssl3_AppendHandshake* */ | 5364 return rv; /* err set by ssl3_AppendHandshake* */ |
5334 } | 5365 } |
5335 | 5366 |
5336 if (sid) | 5367 if (sid) |
5337 rv = ssl3_AppendHandshakeVariable( | 5368 rv = ssl3_AppendHandshakeVariable( |
5338 ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); | 5369 ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); |
5339 else | 5370 else |
5340 » rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); | 5371 » rv = ssl3_AppendHandshakeNumber(ss, 0, 1); |
5341 if (rv != SECSuccess) { | 5372 if (rv != SECSuccess) { |
5342 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } | 5373 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
5343 return rv; /* err set by ssl3_AppendHandshake* */ | 5374 return rv; /* err set by ssl3_AppendHandshake* */ |
5344 } | 5375 } |
5345 | 5376 |
5346 if (IS_DTLS(ss)) { | 5377 if (IS_DTLS(ss)) { |
5347 rv = ssl3_AppendHandshakeVariable( | 5378 rv = ssl3_AppendHandshakeVariable( |
5348 ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1); | 5379 ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1); |
5349 if (rv != SECSuccess) { | 5380 if (rv != SECSuccess) { |
5350 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } | 5381 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
(...skipping 10 matching lines...) Expand all Loading... |
5361 if (ss->ssl3.hs.sendingSCSV) { | 5392 if (ss->ssl3.hs.sendingSCSV) { |
5362 /* Add the actual SCSV */ | 5393 /* Add the actual SCSV */ |
5363 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, | 5394 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, |
5364 sizeof(ssl3CipherSuite)); | 5395 sizeof(ssl3CipherSuite)); |
5365 if (rv != SECSuccess) { | 5396 if (rv != SECSuccess) { |
5366 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } | 5397 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
5367 return rv; /* err set by ssl3_AppendHandshake* */ | 5398 return rv; /* err set by ssl3_AppendHandshake* */ |
5368 } | 5399 } |
5369 actual_count++; | 5400 actual_count++; |
5370 } | 5401 } |
5371 | 5402 if (fallbackSCSV) { |
| 5403 » rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV, |
| 5404 » » » » » sizeof(ssl3CipherSuite)); |
| 5405 » if (rv != SECSuccess) { |
| 5406 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5407 » return rv;» /* err set by ssl3_AppendHandshake* */ |
| 5408 » } |
| 5409 » actual_count++; |
| 5410 } |
5372 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 5411 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
5373 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 5412 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
5374 if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { | 5413 if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { |
5375 actual_count++; | 5414 actual_count++; |
5376 if (actual_count > num_suites) { | 5415 if (actual_count > num_suites) { |
5377 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock);
} | 5416 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock);
} |
5378 /* set error card removal/insertion error */ | 5417 /* set error card removal/insertion error */ |
5379 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); | 5418 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); |
5380 return SECFailure; | 5419 return SECFailure; |
5381 } | 5420 } |
5382 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, | 5421 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, |
5383 sizeof(ssl3CipherSuite)); | 5422 sizeof(ssl3CipherSuite)); |
5384 if (rv != SECSuccess) { | 5423 if (rv != SECSuccess) { |
5385 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock);
} | 5424 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock);
} |
5386 return rv; /* err set by ssl3_AppendHandshake* */ | 5425 return rv; /* err set by ssl3_AppendHandshake* */ |
5387 } | 5426 } |
5388 } | 5427 } |
5389 } | 5428 } |
5390 | 5429 |
5391 if (fallbackSCSV) { | |
5392 rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV, | |
5393 sizeof(ssl3CipherSuite)); | |
5394 if (rv != SECSuccess) { | |
5395 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } | |
5396 return rv; /* err set by ssl3_AppendHandshake* */ | |
5397 } | |
5398 actual_count++; | |
5399 } | |
5400 | |
5401 /* if cards were removed or inserted between count_cipher_suites and | 5430 /* if cards were removed or inserted between count_cipher_suites and |
5402 * generating our list, detect the error here rather than send it off to | 5431 * generating our list, detect the error here rather than send it off to |
5403 * the server.. */ | 5432 * the server.. */ |
5404 if (actual_count != num_suites) { | 5433 if (actual_count != num_suites) { |
5405 /* Card removal/insertion error */ | 5434 /* Card removal/insertion error */ |
5406 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } | 5435 if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
5407 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); | 5436 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); |
5408 return SECFailure; | 5437 return SECFailure; |
5409 } | 5438 } |
5410 | 5439 |
(...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5564 static PK11SymKey * | 5593 static PK11SymKey * |
5565 ssl_UnwrapSymWrappingKey( | 5594 ssl_UnwrapSymWrappingKey( |
5566 SSLWrappedSymWrappingKey *pWswk, | 5595 SSLWrappedSymWrappingKey *pWswk, |
5567 SECKEYPrivateKey * svrPrivKey, | 5596 SECKEYPrivateKey * svrPrivKey, |
5568 SSL3KEAType exchKeyType, | 5597 SSL3KEAType exchKeyType, |
5569 CK_MECHANISM_TYPE masterWrapMech, | 5598 CK_MECHANISM_TYPE masterWrapMech, |
5570 void * pwArg) | 5599 void * pwArg) |
5571 { | 5600 { |
5572 PK11SymKey * unwrappedWrappingKey = NULL; | 5601 PK11SymKey * unwrappedWrappingKey = NULL; |
5573 SECItem wrappedKey; | 5602 SECItem wrappedKey; |
5574 #ifdef NSS_ENABLE_ECC | 5603 #ifndef NSS_DISABLE_ECC |
5575 PK11SymKey * Ks; | 5604 PK11SymKey * Ks; |
5576 SECKEYPublicKey pubWrapKey; | 5605 SECKEYPublicKey pubWrapKey; |
5577 ECCWrappedKeyInfo *ecWrapped; | 5606 ECCWrappedKeyInfo *ecWrapped; |
5578 #endif /* NSS_ENABLE_ECC */ | 5607 #endif /* NSS_DISABLE_ECC */ |
5579 | 5608 |
5580 /* found the wrapping key on disk. */ | 5609 /* found the wrapping key on disk. */ |
5581 PORT_Assert(pWswk->symWrapMechanism == masterWrapMech); | 5610 PORT_Assert(pWswk->symWrapMechanism == masterWrapMech); |
5582 PORT_Assert(pWswk->exchKeyType == exchKeyType); | 5611 PORT_Assert(pWswk->exchKeyType == exchKeyType); |
5583 if (pWswk->symWrapMechanism != masterWrapMech || | 5612 if (pWswk->symWrapMechanism != masterWrapMech || |
5584 pWswk->exchKeyType != exchKeyType) { | 5613 pWswk->exchKeyType != exchKeyType) { |
5585 goto loser; | 5614 goto loser; |
5586 } | 5615 } |
5587 wrappedKey.type = siBuffer; | 5616 wrappedKey.type = siBuffer; |
5588 wrappedKey.data = pWswk->wrappedSymmetricWrappingkey; | 5617 wrappedKey.data = pWswk->wrappedSymmetricWrappingkey; |
5589 wrappedKey.len = pWswk->wrappedSymKeyLen; | 5618 wrappedKey.len = pWswk->wrappedSymKeyLen; |
5590 PORT_Assert(wrappedKey.len <= sizeof pWswk->wrappedSymmetricWrappingkey); | 5619 PORT_Assert(wrappedKey.len <= sizeof pWswk->wrappedSymmetricWrappingkey); |
5591 | 5620 |
5592 switch (exchKeyType) { | 5621 switch (exchKeyType) { |
5593 | 5622 |
5594 case kt_rsa: | 5623 case kt_rsa: |
5595 unwrappedWrappingKey = | 5624 unwrappedWrappingKey = |
5596 PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey, | 5625 PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey, |
5597 masterWrapMech, CKA_UNWRAP, 0); | 5626 masterWrapMech, CKA_UNWRAP, 0); |
5598 break; | 5627 break; |
5599 | 5628 |
5600 #ifdef NSS_ENABLE_ECC | 5629 #ifndef NSS_DISABLE_ECC |
5601 case kt_ecdh: | 5630 case kt_ecdh: |
5602 /* | 5631 /* |
5603 * For kt_ecdh, we first create an EC public key based on | 5632 * For kt_ecdh, we first create an EC public key based on |
5604 * data stored with the wrappedSymmetricWrappingkey. Next, | 5633 * data stored with the wrappedSymmetricWrappingkey. Next, |
5605 * we do an ECDH computation involving this public key and | 5634 * we do an ECDH computation involving this public key and |
5606 * the SSL server's (long-term) EC private key. The resulting | 5635 * the SSL server's (long-term) EC private key. The resulting |
5607 * shared secret is treated the same way as Fortezza's Ks, i.e., | 5636 * shared secret is treated the same way as Fortezza's Ks, i.e., |
5608 * it is used to recover the symmetric wrapping key. | 5637 * it is used to recover the symmetric wrapping key. |
5609 * | 5638 * |
5610 * The data in wrappedSymmetricWrappingkey is laid out as defined | 5639 * The data in wrappedSymmetricWrappingkey is laid out as defined |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5728 SECKEYPrivateKey * svrPrivKey; | 5757 SECKEYPrivateKey * svrPrivKey; |
5729 SECKEYPublicKey * svrPubKey = NULL; | 5758 SECKEYPublicKey * svrPubKey = NULL; |
5730 PK11SymKey * unwrappedWrappingKey = NULL; | 5759 PK11SymKey * unwrappedWrappingKey = NULL; |
5731 PK11SymKey ** pSymWrapKey; | 5760 PK11SymKey ** pSymWrapKey; |
5732 CK_MECHANISM_TYPE asymWrapMechanism = CKM_INVALID_MECHANISM; | 5761 CK_MECHANISM_TYPE asymWrapMechanism = CKM_INVALID_MECHANISM; |
5733 int length; | 5762 int length; |
5734 int symWrapMechIndex; | 5763 int symWrapMechIndex; |
5735 SECStatus rv; | 5764 SECStatus rv; |
5736 SECItem wrappedKey; | 5765 SECItem wrappedKey; |
5737 SSLWrappedSymWrappingKey wswk; | 5766 SSLWrappedSymWrappingKey wswk; |
5738 #ifdef NSS_ENABLE_ECC | 5767 #ifndef NSS_DISABLE_ECC |
5739 PK11SymKey * Ks = NULL; | 5768 PK11SymKey * Ks = NULL; |
5740 SECKEYPublicKey *pubWrapKey = NULL; | 5769 SECKEYPublicKey *pubWrapKey = NULL; |
5741 SECKEYPrivateKey *privWrapKey = NULL; | 5770 SECKEYPrivateKey *privWrapKey = NULL; |
5742 ECCWrappedKeyInfo *ecWrapped; | 5771 ECCWrappedKeyInfo *ecWrapped; |
5743 #endif /* NSS_ENABLE_ECC */ | 5772 #endif /* NSS_DISABLE_ECC */ |
5744 | 5773 |
5745 svrPrivKey = ss->serverCerts[exchKeyType].SERVERKEY; | 5774 svrPrivKey = ss->serverCerts[exchKeyType].SERVERKEY; |
5746 PORT_Assert(svrPrivKey != NULL); | 5775 PORT_Assert(svrPrivKey != NULL); |
5747 if (!svrPrivKey) { | 5776 if (!svrPrivKey) { |
5748 return NULL; /* why are we here?!? */ | 5777 return NULL; /* why are we here?!? */ |
5749 } | 5778 } |
5750 | 5779 |
5751 symWrapMechIndex = ssl_FindIndexByWrapMechanism(masterWrapMech); | 5780 symWrapMechIndex = ssl_FindIndexByWrapMechanism(masterWrapMech); |
5752 PORT_Assert(symWrapMechIndex >= 0); | 5781 PORT_Assert(symWrapMechIndex >= 0); |
5753 if (symWrapMechIndex < 0) | 5782 if (symWrapMechIndex < 0) |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5816 goto loser; | 5845 goto loser; |
5817 | 5846 |
5818 /* wrap symmetric wrapping key in server's public key. */ | 5847 /* wrap symmetric wrapping key in server's public key. */ |
5819 switch (exchKeyType) { | 5848 switch (exchKeyType) { |
5820 case kt_rsa: | 5849 case kt_rsa: |
5821 asymWrapMechanism = CKM_RSA_PKCS; | 5850 asymWrapMechanism = CKM_RSA_PKCS; |
5822 rv = PK11_PubWrapSymKey(asymWrapMechanism, svrPubKey, | 5851 rv = PK11_PubWrapSymKey(asymWrapMechanism, svrPubKey, |
5823 unwrappedWrappingKey, &wrappedKey); | 5852 unwrappedWrappingKey, &wrappedKey); |
5824 break; | 5853 break; |
5825 | 5854 |
5826 #ifdef NSS_ENABLE_ECC | 5855 #ifndef NSS_DISABLE_ECC |
5827 case kt_ecdh: | 5856 case kt_ecdh: |
5828 /* | 5857 /* |
5829 * We generate an ephemeral EC key pair. Perform an ECDH | 5858 * We generate an ephemeral EC key pair. Perform an ECDH |
5830 * computation involving this ephemeral EC public key and | 5859 * computation involving this ephemeral EC public key and |
5831 * the SSL server's (long-term) EC private key. The resulting | 5860 * the SSL server's (long-term) EC private key. The resulting |
5832 * shared secret is treated in the same way as Fortezza's Ks, | 5861 * shared secret is treated in the same way as Fortezza's Ks, |
5833 * i.e., it is used to wrap the wrapping key. To facilitate | 5862 * i.e., it is used to wrap the wrapping key. To facilitate |
5834 * unwrapping in ssl_UnwrapWrappingKey, we also store all | 5863 * unwrapping in ssl_UnwrapWrappingKey, we also store all |
5835 * relevant info about the ephemeral EC public key in | 5864 * relevant info about the ephemeral EC public key in |
5836 * wswk.wrappedSymmetricWrappingkey and lay it out as | 5865 * wswk.wrappedSymmetricWrappingkey and lay it out as |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5902 * wswk.wrappedSymmetricWrappingkey at the appropriate offset | 5931 * wswk.wrappedSymmetricWrappingkey at the appropriate offset |
5903 */ | 5932 */ |
5904 ecWrapped->wrappedKeyLen = wrappedKey.len; | 5933 ecWrapped->wrappedKeyLen = wrappedKey.len; |
5905 | 5934 |
5906 ec_cleanup: | 5935 ec_cleanup: |
5907 if (privWrapKey) SECKEY_DestroyPrivateKey(privWrapKey); | 5936 if (privWrapKey) SECKEY_DestroyPrivateKey(privWrapKey); |
5908 if (pubWrapKey) SECKEY_DestroyPublicKey(pubWrapKey); | 5937 if (pubWrapKey) SECKEY_DestroyPublicKey(pubWrapKey); |
5909 if (Ks) PK11_FreeSymKey(Ks); | 5938 if (Ks) PK11_FreeSymKey(Ks); |
5910 asymWrapMechanism = masterWrapMech; | 5939 asymWrapMechanism = masterWrapMech; |
5911 break; | 5940 break; |
5912 #endif /* NSS_ENABLE_ECC */ | 5941 #endif /* NSS_DISABLE_ECC */ |
5913 | 5942 |
5914 default: | 5943 default: |
5915 rv = SECFailure; | 5944 rv = SECFailure; |
5916 break; | 5945 break; |
5917 } | 5946 } |
5918 | 5947 |
5919 if (rv != SECSuccess) { | 5948 if (rv != SECSuccess) { |
5920 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); | 5949 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); |
5921 goto loser; | 5950 goto loser; |
5922 } | 5951 } |
(...skipping 292 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6215 | 6244 |
6216 switch (ss->ssl3.hs.kea_def->exchKeyType) { | 6245 switch (ss->ssl3.hs.kea_def->exchKeyType) { |
6217 case kt_rsa: | 6246 case kt_rsa: |
6218 rv = sendRSAClientKeyExchange(ss, serverKey); | 6247 rv = sendRSAClientKeyExchange(ss, serverKey); |
6219 break; | 6248 break; |
6220 | 6249 |
6221 case kt_dh: | 6250 case kt_dh: |
6222 rv = sendDHClientKeyExchange(ss, serverKey); | 6251 rv = sendDHClientKeyExchange(ss, serverKey); |
6223 break; | 6252 break; |
6224 | 6253 |
6225 #ifdef NSS_ENABLE_ECC | 6254 #ifndef NSS_DISABLE_ECC |
6226 case kt_ecdh: | 6255 case kt_ecdh: |
6227 rv = ssl3_SendECDHClientKeyExchange(ss, serverKey); | 6256 rv = ssl3_SendECDHClientKeyExchange(ss, serverKey); |
6228 break; | 6257 break; |
6229 #endif /* NSS_ENABLE_ECC */ | 6258 #endif /* NSS_DISABLE_ECC */ |
6230 | 6259 |
6231 default: | 6260 default: |
6232 /* got an unknown or unsupported Key Exchange Algorithm. */ | 6261 /* got an unknown or unsupported Key Exchange Algorithm. */ |
6233 SEND_ALERT | 6262 SEND_ALERT |
6234 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); | 6263 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); |
6235 break; | 6264 break; |
6236 } | 6265 } |
6237 | 6266 |
6238 SSL_TRC(3, ("%d: SSL3[%d]: DONE sending client_key_exchange", | 6267 SSL_TRC(3, ("%d: SSL3[%d]: DONE sending client_key_exchange", |
6239 SSL_GETPID(), ss->fd)); | 6268 SSL_GETPID(), ss->fd)); |
(...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6422 version = dtls_DTLSVersionToTLSVersion(version); | 6451 version = dtls_DTLSVersionToTLSVersion(version); |
6423 if (version == 0) { /* Insane version number */ | 6452 if (version == 0) { /* Insane version number */ |
6424 goto alert_loser; | 6453 goto alert_loser; |
6425 } | 6454 } |
6426 } | 6455 } |
6427 | 6456 |
6428 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); | 6457 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); |
6429 if (rv != SECSuccess) { | 6458 if (rv != SECSuccess) { |
6430 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | 6459 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
6431 : handshake_failure; | 6460 : handshake_failure; |
6432 » errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 6461 » errCode = SSL_ERROR_UNSUPPORTED_VERSION; |
6433 goto alert_loser; | 6462 goto alert_loser; |
6434 } | 6463 } |
6435 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); | 6464 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); |
6436 | 6465 |
6437 rv = ssl3_InitHandshakeHashes(ss); | 6466 rv = ssl3_InitHandshakeHashes(ss); |
6438 if (rv != SECSuccess) { | 6467 if (rv != SECSuccess) { |
6439 desc = internal_error; | 6468 desc = internal_error; |
6440 errCode = PORT_GetError(); | 6469 errCode = PORT_GetError(); |
6441 goto alert_loser; | 6470 goto alert_loser; |
6442 } | 6471 } |
(...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7010 SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys)) | 7039 SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys)) |
7011 { | 7040 { |
7012 PORT_FreeArena(arena, PR_FALSE); | 7041 PORT_FreeArena(arena, PR_FALSE); |
7013 goto no_memory; | 7042 goto no_memory; |
7014 } | 7043 } |
7015 ss->sec.peerKey = peerKey; | 7044 ss->sec.peerKey = peerKey; |
7016 ss->ssl3.hs.ws = wait_cert_request; | 7045 ss->ssl3.hs.ws = wait_cert_request; |
7017 return SECSuccess; | 7046 return SECSuccess; |
7018 } | 7047 } |
7019 | 7048 |
7020 #ifdef NSS_ENABLE_ECC | 7049 #ifndef NSS_DISABLE_ECC |
7021 case kt_ecdh: | 7050 case kt_ecdh: |
7022 rv = ssl3_HandleECDHServerKeyExchange(ss, b, length); | 7051 rv = ssl3_HandleECDHServerKeyExchange(ss, b, length); |
7023 return rv; | 7052 return rv; |
7024 #endif /* NSS_ENABLE_ECC */ | 7053 #endif /* NSS_DISABLE_ECC */ |
7025 | 7054 |
7026 default: | 7055 default: |
7027 desc = handshake_failure; | 7056 desc = handshake_failure; |
7028 errCode = SEC_ERROR_UNSUPPORTED_KEYALG; | 7057 errCode = SEC_ERROR_UNSUPPORTED_KEYALG; |
7029 break; /* goto alert_loser; */ | 7058 break; /* goto alert_loser; */ |
7030 } | 7059 } |
7031 | 7060 |
7032 alert_loser: | 7061 alert_loser: |
7033 (void)SSL3_SendAlert(ss, alert_fatal, desc); | 7062 (void)SSL3_SendAlert(ss, alert_fatal, desc); |
7034 loser: | 7063 loser: |
(...skipping 911 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7946 rv = ssl3_SendServerKeyExchange(ss); | 7975 rv = ssl3_SendServerKeyExchange(ss); |
7947 if (rv != SECSuccess) { | 7976 if (rv != SECSuccess) { |
7948 return rv; /* err code was set. */ | 7977 return rv; /* err code was set. */ |
7949 } | 7978 } |
7950 } else { | 7979 } else { |
7951 #ifndef HACKED_EXPORT_SERVER | 7980 #ifndef HACKED_EXPORT_SERVER |
7952 PORT_SetError(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED); | 7981 PORT_SetError(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED); |
7953 return rv; | 7982 return rv; |
7954 #endif | 7983 #endif |
7955 } | 7984 } |
7956 #ifdef NSS_ENABLE_ECC | 7985 #ifndef NSS_DISABLE_ECC |
7957 } else if ((kea_def->kea == kea_ecdhe_rsa) || | 7986 } else if ((kea_def->kea == kea_ecdhe_rsa) || |
7958 (kea_def->kea == kea_ecdhe_ecdsa)) { | 7987 (kea_def->kea == kea_ecdhe_ecdsa)) { |
7959 rv = ssl3_SendServerKeyExchange(ss); | 7988 rv = ssl3_SendServerKeyExchange(ss); |
7960 if (rv != SECSuccess) { | 7989 if (rv != SECSuccess) { |
7961 return rv; /* err code was set. */ | 7990 return rv; /* err code was set. */ |
7962 } | 7991 } |
7963 #endif /* NSS_ENABLE_ECC */ | 7992 #endif /* NSS_DISABLE_ECC */ |
7964 } | 7993 } |
7965 | 7994 |
7966 if (ss->opt.requestCertificate) { | 7995 if (ss->opt.requestCertificate) { |
7967 rv = ssl3_SendCertificateRequest(ss); | 7996 rv = ssl3_SendCertificateRequest(ss); |
7968 if (rv != SECSuccess) { | 7997 if (rv != SECSuccess) { |
7969 return rv; /* err code is set. */ | 7998 return rv; /* err code is set. */ |
7970 } | 7999 } |
7971 } | 8000 } |
7972 rv = ssl3_SendServerHelloDone(ss); | 8001 rv = ssl3_SendServerHelloDone(ss); |
7973 if (rv != SECSuccess) { | 8002 if (rv != SECSuccess) { |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8065 ss->clientHelloVersion = version = | 8094 ss->clientHelloVersion = version = |
8066 dtls_DTLSVersionToTLSVersion((SSL3ProtocolVersion)tmp); | 8095 dtls_DTLSVersionToTLSVersion((SSL3ProtocolVersion)tmp); |
8067 } else { | 8096 } else { |
8068 ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp; | 8097 ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp; |
8069 } | 8098 } |
8070 | 8099 |
8071 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); | 8100 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); |
8072 if (rv != SECSuccess) { | 8101 if (rv != SECSuccess) { |
8073 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | 8102 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
8074 : handshake_failure; | 8103 : handshake_failure; |
8075 » errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 8104 » errCode = SSL_ERROR_UNSUPPORTED_VERSION; |
8076 goto alert_loser; | 8105 goto alert_loser; |
8077 } | 8106 } |
8078 | 8107 |
8079 rv = ssl3_InitHandshakeHashes(ss); | 8108 rv = ssl3_InitHandshakeHashes(ss); |
8080 if (rv != SECSuccess) { | 8109 if (rv != SECSuccess) { |
8081 desc = internal_error; | 8110 desc = internal_error; |
8082 errCode = PORT_GetError(); | 8111 errCode = PORT_GetError(); |
8083 goto alert_loser; | 8112 goto alert_loser; |
8084 } | 8113 } |
8085 | 8114 |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8122 goto alert_loser; | 8151 goto alert_loser; |
8123 } | 8152 } |
8124 } | 8153 } |
8125 | 8154 |
8126 /* grab the list of compression methods. */ | 8155 /* grab the list of compression methods. */ |
8127 rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length); | 8156 rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length); |
8128 if (rv != SECSuccess) { | 8157 if (rv != SECSuccess) { |
8129 goto loser; /* malformed */ | 8158 goto loser; /* malformed */ |
8130 } | 8159 } |
8131 | 8160 |
| 8161 /* TLS 1.3 requires that compression be empty */ |
| 8162 if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) { |
| 8163 if (comps.len != 1 || comps.data[0] != ssl_compression_null) { |
| 8164 goto loser; |
| 8165 } |
| 8166 } |
8132 desc = handshake_failure; | 8167 desc = handshake_failure; |
8133 | 8168 |
8134 /* Handle TLS hello extensions for SSL3 & TLS. We do not know if | 8169 /* Handle TLS hello extensions for SSL3 & TLS. We do not know if |
8135 * we are restarting a previous session until extensions have been | 8170 * we are restarting a previous session until extensions have been |
8136 * parsed, since we might have received a SessionTicket extension. | 8171 * parsed, since we might have received a SessionTicket extension. |
8137 * Note: we allow extensions even when negotiating SSL3 for the sake | 8172 * Note: we allow extensions even when negotiating SSL3 for the sake |
8138 * of interoperability (and backwards compatibility). | 8173 * of interoperability (and backwards compatibility). |
8139 */ | 8174 */ |
8140 | 8175 |
8141 if (length) { | 8176 if (length) { |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8254 && !ss->firstHsDone))) { | 8289 && !ss->firstHsDone))) { |
8255 | 8290 |
8256 SSL_AtomicIncrementLong(& ssl3stats.hch_sid_cache_not_ok ); | 8291 SSL_AtomicIncrementLong(& ssl3stats.hch_sid_cache_not_ok ); |
8257 if (ss->sec.uncache) | 8292 if (ss->sec.uncache) |
8258 ss->sec.uncache(sid); | 8293 ss->sec.uncache(sid); |
8259 ssl_FreeSID(sid); | 8294 ssl_FreeSID(sid); |
8260 sid = NULL; | 8295 sid = NULL; |
8261 } | 8296 } |
8262 } | 8297 } |
8263 | 8298 |
8264 #ifdef NSS_ENABLE_ECC | 8299 #ifndef NSS_DISABLE_ECC |
8265 /* Disable any ECC cipher suites for which we have no cert. */ | 8300 /* Disable any ECC cipher suites for which we have no cert. */ |
8266 ssl3_FilterECCipherSuitesByServerCerts(ss); | 8301 ssl3_FilterECCipherSuitesByServerCerts(ss); |
8267 #endif | 8302 #endif |
8268 | 8303 |
8269 if (IS_DTLS(ss)) { | 8304 if (IS_DTLS(ss)) { |
8270 ssl3_DisableNonDTLSSuites(ss); | 8305 ssl3_DisableNonDTLSSuites(ss); |
8271 } | 8306 } |
8272 | 8307 |
8273 if (!ssl3_HasGCMSupport()) { | 8308 if (!ssl3_HasGCMSupport()) { |
8274 ssl3_DisableGCMSuites(ss); | 8309 ssl3_DisableGCMSuites(ss); |
(...skipping 562 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8837 | 8872 |
8838 version = (buffer[1] << 8) | buffer[2]; | 8873 version = (buffer[1] << 8) | buffer[2]; |
8839 suite_length = (buffer[3] << 8) | buffer[4]; | 8874 suite_length = (buffer[3] << 8) | buffer[4]; |
8840 sid_length = (buffer[5] << 8) | buffer[6]; | 8875 sid_length = (buffer[5] << 8) | buffer[6]; |
8841 rand_length = (buffer[7] << 8) | buffer[8]; | 8876 rand_length = (buffer[7] << 8) | buffer[8]; |
8842 ss->clientHelloVersion = version; | 8877 ss->clientHelloVersion = version; |
8843 | 8878 |
8844 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); | 8879 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); |
8845 if (rv != SECSuccess) { | 8880 if (rv != SECSuccess) { |
8846 /* send back which ever alert client will understand. */ | 8881 /* send back which ever alert client will understand. */ |
8847 » desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshak
e_failure; | 8882 » desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
8848 » errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 8883 » : handshake_failure; |
| 8884 » errCode = SSL_ERROR_UNSUPPORTED_VERSION; |
8849 goto alert_loser; | 8885 goto alert_loser; |
8850 } | 8886 } |
8851 | 8887 |
8852 rv = ssl3_InitHandshakeHashes(ss); | 8888 rv = ssl3_InitHandshakeHashes(ss); |
8853 if (rv != SECSuccess) { | 8889 if (rv != SECSuccess) { |
8854 desc = internal_error; | 8890 desc = internal_error; |
8855 errCode = PORT_GetError(); | 8891 errCode = PORT_GetError(); |
8856 goto alert_loser; | 8892 goto alert_loser; |
8857 } | 8893 } |
8858 | 8894 |
(...skipping 17 matching lines...) Expand all Loading... |
8876 | 8912 |
8877 PORT_Assert(SSL_MAX_CHALLENGE_BYTES == SSL3_RANDOM_LENGTH); | 8913 PORT_Assert(SSL_MAX_CHALLENGE_BYTES == SSL3_RANDOM_LENGTH); |
8878 | 8914 |
8879 PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH); | 8915 PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH); |
8880 PORT_Memcpy( | 8916 PORT_Memcpy( |
8881 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length], | 8917 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length], |
8882 random, rand_length); | 8918 random, rand_length); |
8883 | 8919 |
8884 PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0], | 8920 PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0], |
8885 SSL3_RANDOM_LENGTH)); | 8921 SSL3_RANDOM_LENGTH)); |
8886 #ifdef NSS_ENABLE_ECC | 8922 #ifndef NSS_DISABLE_ECC |
8887 /* Disable any ECC cipher suites for which we have no cert. */ | 8923 /* Disable any ECC cipher suites for which we have no cert. */ |
8888 ssl3_FilterECCipherSuitesByServerCerts(ss); | 8924 ssl3_FilterECCipherSuitesByServerCerts(ss); |
8889 #endif | 8925 #endif |
8890 i = ssl3_config_match_init(ss); | 8926 i = ssl3_config_match_init(ss); |
8891 if (i <= 0) { | 8927 if (i <= 0) { |
8892 errCode = PORT_GetError(); /* error code is already set. */ | 8928 errCode = PORT_GetError(); /* error code is already set. */ |
8893 goto alert_loser; | 8929 goto alert_loser; |
8894 } | 8930 } |
8895 | 8931 |
8896 /* Select a cipher suite. | 8932 /* Select a cipher suite. |
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9058 rv = ssl3_AppendHandshake( | 9094 rv = ssl3_AppendHandshake( |
9059 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH); | 9095 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH); |
9060 if (rv != SECSuccess) { | 9096 if (rv != SECSuccess) { |
9061 return rv; /* err set by AppendHandshake. */ | 9097 return rv; /* err set by AppendHandshake. */ |
9062 } | 9098 } |
9063 | 9099 |
9064 if (sid) | 9100 if (sid) |
9065 rv = ssl3_AppendHandshakeVariable( | 9101 rv = ssl3_AppendHandshakeVariable( |
9066 ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); | 9102 ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); |
9067 else | 9103 else |
9068 » rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); | 9104 » rv = ssl3_AppendHandshakeNumber(ss, 0, 1); |
9069 if (rv != SECSuccess) { | 9105 if (rv != SECSuccess) { |
9070 return rv; /* err set by AppendHandshake. */ | 9106 return rv; /* err set by AppendHandshake. */ |
9071 } | 9107 } |
9072 | 9108 |
9073 rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.cipher_suite, 2); | 9109 rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.cipher_suite, 2); |
9074 if (rv != SECSuccess) { | 9110 if (rv != SECSuccess) { |
9075 return rv; /* err set by AppendHandshake. */ | 9111 return rv; /* err set by AppendHandshake. */ |
9076 } | 9112 } |
9077 rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.compression, 1); | 9113 rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.compression, 1); |
9078 if (rv != SECSuccess) { | 9114 if (rv != SECSuccess) { |
(...skipping 29 matching lines...) Expand all Loading... |
9108 * used. With TLS 1.2, a client may advertise its support for signature and | 9144 * used. With TLS 1.2, a client may advertise its support for signature and |
9109 * hash combinations. */ | 9145 * hash combinations. */ |
9110 static SECStatus | 9146 static SECStatus |
9111 ssl3_PickSignatureHashAlgorithm(sslSocket *ss, | 9147 ssl3_PickSignatureHashAlgorithm(sslSocket *ss, |
9112 SSL3SignatureAndHashAlgorithm* out) | 9148 SSL3SignatureAndHashAlgorithm* out) |
9113 { | 9149 { |
9114 TLSSignatureAlgorithm sigAlg; | 9150 TLSSignatureAlgorithm sigAlg; |
9115 unsigned int i, j; | 9151 unsigned int i, j; |
9116 /* hashPreference expresses our preferences for hash algorithms, most | 9152 /* hashPreference expresses our preferences for hash algorithms, most |
9117 * preferable first. */ | 9153 * preferable first. */ |
9118 static const PRUint8 hashPreference[] = { | 9154 static const SECOidTag hashPreference[] = { |
9119 » tls_hash_sha256, | 9155 SEC_OID_SHA256, |
9120 » tls_hash_sha384, | 9156 SEC_OID_SHA384, |
9121 » tls_hash_sha512, | 9157 SEC_OID_SHA512, |
9122 » tls_hash_sha1, | 9158 SEC_OID_SHA1, |
9123 }; | 9159 }; |
9124 | 9160 |
9125 switch (ss->ssl3.hs.kea_def->kea) { | 9161 switch (ss->ssl3.hs.kea_def->kea) { |
9126 case kea_rsa: | 9162 case kea_rsa: |
9127 case kea_rsa_export: | 9163 case kea_rsa_export: |
9128 case kea_rsa_export_1024: | 9164 case kea_rsa_export_1024: |
9129 case kea_dh_rsa: | 9165 case kea_dh_rsa: |
9130 case kea_dh_rsa_export: | 9166 case kea_dh_rsa_export: |
9131 case kea_dhe_rsa: | 9167 case kea_dhe_rsa: |
9132 case kea_dhe_rsa_export: | 9168 case kea_dhe_rsa_export: |
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9265 } | 9301 } |
9266 | 9302 |
9267 rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data, | 9303 rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data, |
9268 signed_hash.len, 2); | 9304 signed_hash.len, 2); |
9269 if (rv != SECSuccess) { | 9305 if (rv != SECSuccess) { |
9270 goto loser; /* err set by AppendHandshake. */ | 9306 goto loser; /* err set by AppendHandshake. */ |
9271 } | 9307 } |
9272 PORT_Free(signed_hash.data); | 9308 PORT_Free(signed_hash.data); |
9273 return SECSuccess; | 9309 return SECSuccess; |
9274 | 9310 |
9275 #ifdef NSS_ENABLE_ECC | 9311 #ifndef NSS_DISABLE_ECC |
9276 case kt_ecdh: { | 9312 case kt_ecdh: { |
9277 rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash); | 9313 rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash); |
9278 return rv; | 9314 return rv; |
9279 } | 9315 } |
9280 #endif /* NSS_ENABLE_ECC */ | 9316 #endif /* NSS_DISABLE_ECC */ |
9281 | 9317 |
9282 case kt_dh: | 9318 case kt_dh: |
9283 case kt_null: | 9319 case kt_null: |
9284 default: | 9320 default: |
9285 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); | 9321 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); |
9286 break; | 9322 break; |
9287 } | 9323 } |
9288 loser: | 9324 loser: |
9289 if (signed_hash.data != NULL) | 9325 if (signed_hash.data != NULL) |
9290 PORT_Free(signed_hash.data); | 9326 PORT_Free(signed_hash.data); |
(...skipping 402 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9693 * ssl3 ClientKeyExchange message from the remote client | 9729 * ssl3 ClientKeyExchange message from the remote client |
9694 * Caller must hold Handshake and RecvBuf locks. | 9730 * Caller must hold Handshake and RecvBuf locks. |
9695 */ | 9731 */ |
9696 static SECStatus | 9732 static SECStatus |
9697 ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) | 9733 ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
9698 { | 9734 { |
9699 SECKEYPrivateKey *serverKey = NULL; | 9735 SECKEYPrivateKey *serverKey = NULL; |
9700 SECStatus rv; | 9736 SECStatus rv; |
9701 const ssl3KEADef *kea_def; | 9737 const ssl3KEADef *kea_def; |
9702 ssl3KeyPair *serverKeyPair = NULL; | 9738 ssl3KeyPair *serverKeyPair = NULL; |
9703 #ifdef NSS_ENABLE_ECC | 9739 #ifndef NSS_DISABLE_ECC |
9704 SECKEYPublicKey *serverPubKey = NULL; | 9740 SECKEYPublicKey *serverPubKey = NULL; |
9705 #endif /* NSS_ENABLE_ECC */ | 9741 #endif /* NSS_DISABLE_ECC */ |
9706 | 9742 |
9707 SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake", | 9743 SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake", |
9708 SSL_GETPID(), ss->fd)); | 9744 SSL_GETPID(), ss->fd)); |
9709 | 9745 |
9710 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 9746 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
9711 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 9747 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
9712 | 9748 |
9713 if (ss->ssl3.hs.ws != wait_client_key) { | 9749 if (ss->ssl3.hs.ws != wait_client_key) { |
9714 SSL3_SendAlert(ss, alert_fatal, unexpected_message); | 9750 SSL3_SendAlert(ss, alert_fatal, unexpected_message); |
9715 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH); | 9751 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH); |
9716 return SECFailure; | 9752 return SECFailure; |
9717 } | 9753 } |
9718 | 9754 |
9719 kea_def = ss->ssl3.hs.kea_def; | 9755 kea_def = ss->ssl3.hs.kea_def; |
9720 | 9756 |
9721 if (ss->ssl3.hs.usedStepDownKey) { | 9757 if (ss->ssl3.hs.usedStepDownKey) { |
9722 PORT_Assert(kea_def->is_limited /* XXX OR cert is signing only */ | 9758 PORT_Assert(kea_def->is_limited /* XXX OR cert is signing only */ |
9723 && kea_def->exchKeyType == kt_rsa | 9759 && kea_def->exchKeyType == kt_rsa |
9724 && ss->stepDownKeyPair != NULL); | 9760 && ss->stepDownKeyPair != NULL); |
9725 if (!kea_def->is_limited || | 9761 if (!kea_def->is_limited || |
9726 kea_def->exchKeyType != kt_rsa || | 9762 kea_def->exchKeyType != kt_rsa || |
9727 ss->stepDownKeyPair == NULL) { | 9763 ss->stepDownKeyPair == NULL) { |
9728 /* shouldn't happen, don't use step down if it does */ | 9764 /* shouldn't happen, don't use step down if it does */ |
9729 goto skip; | 9765 goto skip; |
9730 } | 9766 } |
9731 serverKeyPair = ss->stepDownKeyPair; | 9767 serverKeyPair = ss->stepDownKeyPair; |
9732 ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB; | 9768 ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB; |
9733 } else | 9769 } else |
9734 skip: | 9770 skip: |
9735 #ifdef NSS_ENABLE_ECC | 9771 #ifndef NSS_DISABLE_ECC |
9736 /* XXX Using SSLKEAType to index server certifiates | 9772 /* XXX Using SSLKEAType to index server certifiates |
9737 * does not work for (EC)DHE ciphers. Until we have | 9773 * does not work for (EC)DHE ciphers. Until we have |
9738 * an indexing mechanism general enough for all key | 9774 * an indexing mechanism general enough for all key |
9739 * exchange algorithms, we'll need to deal with each | 9775 * exchange algorithms, we'll need to deal with each |
9740 * one seprately. | 9776 * one seprately. |
9741 */ | 9777 */ |
9742 if ((kea_def->kea == kea_ecdhe_rsa) || | 9778 if ((kea_def->kea == kea_ecdhe_rsa) || |
9743 (kea_def->kea == kea_ecdhe_ecdsa)) { | 9779 (kea_def->kea == kea_ecdhe_ecdsa)) { |
9744 if (ss->ephemeralECDHKeyPair != NULL) { | 9780 if (ss->ephemeralECDHKeyPair != NULL) { |
9745 serverKeyPair = ss->ephemeralECDHKeyPair; | 9781 serverKeyPair = ss->ephemeralECDHKeyPair; |
(...skipping 25 matching lines...) Expand all Loading... |
9771 switch (kea_def->exchKeyType) { | 9807 switch (kea_def->exchKeyType) { |
9772 case kt_rsa: | 9808 case kt_rsa: |
9773 rv = ssl3_HandleRSAClientKeyExchange(ss, b, length, serverKey); | 9809 rv = ssl3_HandleRSAClientKeyExchange(ss, b, length, serverKey); |
9774 if (rv != SECSuccess) { | 9810 if (rv != SECSuccess) { |
9775 SEND_ALERT | 9811 SEND_ALERT |
9776 return SECFailure; /* error code set */ | 9812 return SECFailure; /* error code set */ |
9777 } | 9813 } |
9778 break; | 9814 break; |
9779 | 9815 |
9780 | 9816 |
9781 #ifdef NSS_ENABLE_ECC | 9817 #ifndef NSS_DISABLE_ECC |
9782 case kt_ecdh: | 9818 case kt_ecdh: |
9783 /* XXX We really ought to be able to store multiple | 9819 /* XXX We really ought to be able to store multiple |
9784 * EC certs (a requirement if we wish to support both | 9820 * EC certs (a requirement if we wish to support both |
9785 * ECDH-RSA and ECDH-ECDSA key exchanges concurrently). | 9821 * ECDH-RSA and ECDH-ECDSA key exchanges concurrently). |
9786 * When we make that change, we'll need an index other | 9822 * When we make that change, we'll need an index other |
9787 * than kt_ecdh to pick the right EC certificate. | 9823 * than kt_ecdh to pick the right EC certificate. |
9788 */ | 9824 */ |
9789 if (serverKeyPair) { | 9825 if (serverKeyPair) { |
9790 serverPubKey = serverKeyPair->pubKey; | 9826 serverPubKey = serverKeyPair->pubKey; |
9791 } | 9827 } |
9792 if (serverPubKey == NULL) { | 9828 if (serverPubKey == NULL) { |
9793 /* XXX Is this the right error code? */ | 9829 /* XXX Is this the right error code? */ |
9794 PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); | 9830 PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); |
9795 return SECFailure; | 9831 return SECFailure; |
9796 } | 9832 } |
9797 rv = ssl3_HandleECDHClientKeyExchange(ss, b, length, | 9833 rv = ssl3_HandleECDHClientKeyExchange(ss, b, length, |
9798 serverPubKey, serverKey); | 9834 serverPubKey, serverKey); |
| 9835 if (ss->ephemeralECDHKeyPair) { |
| 9836 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); |
| 9837 ss->ephemeralECDHKeyPair = NULL; |
| 9838 } |
9799 if (rv != SECSuccess) { | 9839 if (rv != SECSuccess) { |
9800 return SECFailure; /* error code set */ | 9840 return SECFailure; /* error code set */ |
9801 } | 9841 } |
9802 break; | 9842 break; |
9803 #endif /* NSS_ENABLE_ECC */ | 9843 #endif /* NSS_DISABLE_ECC */ |
9804 | 9844 |
9805 default: | 9845 default: |
9806 (void) ssl3_HandshakeFailure(ss); | 9846 (void) ssl3_HandshakeFailure(ss); |
9807 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); | 9847 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); |
9808 return SECFailure; | 9848 return SECFailure; |
9809 } | 9849 } |
9810 ss->ssl3.hs.ws = ss->sec.peerCert ? wait_cert_verify : wait_change_cipher; | 9850 ss->ssl3.hs.ws = ss->sec.peerCert ? wait_cert_verify : wait_change_cipher; |
9811 return SECSuccess; | 9851 return SECSuccess; |
9812 | 9852 |
9813 } | 9853 } |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9853 ss->ssl3.hs.newSessionTicket.received_timestamp = ssl_Time(); | 9893 ss->ssl3.hs.newSessionTicket.received_timestamp = ssl_Time(); |
9854 if (length < 4) { | 9894 if (length < 4) { |
9855 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); | 9895 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); |
9856 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); | 9896 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); |
9857 return SECFailure; | 9897 return SECFailure; |
9858 } | 9898 } |
9859 ss->ssl3.hs.newSessionTicket.ticket_lifetime_hint = | 9899 ss->ssl3.hs.newSessionTicket.ticket_lifetime_hint = |
9860 (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length); | 9900 (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length); |
9861 | 9901 |
9862 rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length); | 9902 rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length); |
9863 if (length != 0 || rv != SECSuccess) { | 9903 if (rv != SECSuccess || length != 0) { |
9864 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); | 9904 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); |
9865 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); | 9905 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); |
9866 return SECFailure; /* malformed */ | 9906 return SECFailure; /* malformed */ |
9867 } | 9907 } |
9868 rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket, | 9908 /* If the server sent a zero-length ticket, ignore it and keep the |
9869 » » » &ticketData); | 9909 * existing ticket. */ |
9870 if (rv != SECSuccess) { | 9910 if (ticketData.len != 0) { |
9871 » return rv; | 9911 » rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket, |
| 9912 » » » &ticketData); |
| 9913 » if (rv != SECSuccess) { |
| 9914 » return rv; |
| 9915 » } |
| 9916 » ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE; |
9872 } | 9917 } |
9873 ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE; | |
9874 | 9918 |
9875 ss->ssl3.hs.ws = wait_change_cipher; | 9919 ss->ssl3.hs.ws = wait_change_cipher; |
9876 return SECSuccess; | 9920 return SECSuccess; |
9877 } | 9921 } |
9878 | 9922 |
9879 #ifdef NISCC_TEST | 9923 #ifdef NISCC_TEST |
9880 static PRInt32 connNum = 0; | 9924 static PRInt32 connNum = 0; |
9881 | 9925 |
9882 static SECStatus | 9926 static SECStatus |
9883 get_fake_cert(SECItem *pCertItem, int *pIndex) | 9927 get_fake_cert(SECItem *pCertItem, int *pIndex) |
(...skipping 553 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
10437 /* set the server authentication and key exchange types and sizes | 10481 /* set the server authentication and key exchange types and sizes |
10438 ** from the value in the cert. If the key exchange key is different, | 10482 ** from the value in the cert. If the key exchange key is different, |
10439 ** it will get fixed when we handle the server key exchange message. | 10483 ** it will get fixed when we handle the server key exchange message. |
10440 */ | 10484 */ |
10441 SECKEYPublicKey * pubKey = CERT_ExtractPublicKey(cert); | 10485 SECKEYPublicKey * pubKey = CERT_ExtractPublicKey(cert); |
10442 ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType; | 10486 ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType; |
10443 ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType; | 10487 ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType; |
10444 if (pubKey) { | 10488 if (pubKey) { |
10445 ss->sec.keaKeyBits = ss->sec.authKeyBits = | 10489 ss->sec.keaKeyBits = ss->sec.authKeyBits = |
10446 SECKEY_PublicKeyStrengthInBits(pubKey); | 10490 SECKEY_PublicKeyStrengthInBits(pubKey); |
10447 #ifdef NSS_ENABLE_ECC | 10491 #ifndef NSS_DISABLE_ECC |
10448 if (ss->sec.keaType == kt_ecdh) { | 10492 if (ss->sec.keaType == kt_ecdh) { |
10449 /* Get authKeyBits from signing key. | 10493 /* Get authKeyBits from signing key. |
10450 * XXX The code below uses a quick approximation of | 10494 * XXX The code below uses a quick approximation of |
10451 * key size based on cert->signatureWrap.signature.data | 10495 * key size based on cert->signatureWrap.signature.data |
10452 * (which contains the DER encoded signature). The field | 10496 * (which contains the DER encoded signature). The field |
10453 * cert->signatureWrap.signature.len contains the | 10497 * cert->signatureWrap.signature.len contains the |
10454 * length of the encoded signature in bits. | 10498 * length of the encoded signature in bits. |
10455 */ | 10499 */ |
10456 if (ss->ssl3.hs.kea_def->kea == kea_ecdh_ecdsa) { | 10500 if (ss->ssl3.hs.kea_def->kea == kea_ecdh_ecdsa) { |
10457 ss->sec.authKeyBits = | 10501 ss->sec.authKeyBits = |
10458 cert->signatureWrap.signature.data[3]*8; | 10502 cert->signatureWrap.signature.data[3]*8; |
10459 if (cert->signatureWrap.signature.data[4] == 0x00) | 10503 if (cert->signatureWrap.signature.data[4] == 0x00) |
10460 ss->sec.authKeyBits -= 8; | 10504 ss->sec.authKeyBits -= 8; |
10461 /* | 10505 /* |
10462 * XXX: if cert is not signed by ecdsa we should | 10506 * XXX: if cert is not signed by ecdsa we should |
10463 * destroy pubKey and goto bad_cert | 10507 * destroy pubKey and goto bad_cert |
10464 */ | 10508 */ |
10465 } else if (ss->ssl3.hs.kea_def->kea == kea_ecdh_rsa) { | 10509 } else if (ss->ssl3.hs.kea_def->kea == kea_ecdh_rsa) { |
10466 ss->sec.authKeyBits = cert->signatureWrap.signature.len; | 10510 ss->sec.authKeyBits = cert->signatureWrap.signature.len; |
10467 /* | 10511 /* |
10468 * XXX: if cert is not signed by rsa we should | 10512 * XXX: if cert is not signed by rsa we should |
10469 * destroy pubKey and goto bad_cert | 10513 * destroy pubKey and goto bad_cert |
10470 */ | 10514 */ |
10471 } | 10515 } |
10472 } | 10516 } |
10473 #endif /* NSS_ENABLE_ECC */ | 10517 #endif /* NSS_DISABLE_ECC */ |
10474 SECKEY_DestroyPublicKey(pubKey); | 10518 SECKEY_DestroyPublicKey(pubKey); |
10475 pubKey = NULL; | 10519 pubKey = NULL; |
10476 } | 10520 } |
10477 | 10521 |
10478 ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ | 10522 ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ |
10479 if (ss->ssl3.hs.kea_def->is_limited || | 10523 if (ss->ssl3.hs.kea_def->is_limited || |
10480 /* XXX OR server cert is signing only. */ | 10524 /* XXX OR server cert is signing only. */ |
10481 #ifdef NSS_ENABLE_ECC | 10525 #ifndef NSS_DISABLE_ECC |
10482 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || | 10526 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || |
10483 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || | 10527 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || |
10484 #endif /* NSS_ENABLE_ECC */ | 10528 #endif /* NSS_DISABLE_ECC */ |
10485 ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { | 10529 ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { |
10486 ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ | 10530 ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ |
10487 } | 10531 } |
10488 } else { | 10532 } else { |
10489 ss->ssl3.hs.ws = wait_client_key; | 10533 ss->ssl3.hs.ws = wait_client_key; |
10490 } | 10534 } |
10491 | 10535 |
10492 PORT_Assert(rv == SECSuccess); | 10536 PORT_Assert(rv == SECSuccess); |
10493 if (rv != SECSuccess) { | 10537 if (rv != SECSuccess) { |
10494 errCode = SEC_ERROR_LIBRARY_FAILURE; | 10538 errCode = SEC_ERROR_LIBRARY_FAILURE; |
(...skipping 736 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
11231 effectiveExchKeyType = kt_rsa; | 11275 effectiveExchKeyType = kt_rsa; |
11232 } else { | 11276 } else { |
11233 effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; | 11277 effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; |
11234 } | 11278 } |
11235 | 11279 |
11236 if (sid->cached == never_cached && !ss->opt.noCache && ss->sec.cache) { | 11280 if (sid->cached == never_cached && !ss->opt.noCache && ss->sec.cache) { |
11237 /* fill in the sid */ | 11281 /* fill in the sid */ |
11238 sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; | 11282 sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; |
11239 sid->u.ssl3.compression = ss->ssl3.hs.compression; | 11283 sid->u.ssl3.compression = ss->ssl3.hs.compression; |
11240 sid->u.ssl3.policy = ss->ssl3.policy; | 11284 sid->u.ssl3.policy = ss->ssl3.policy; |
11241 #ifdef NSS_ENABLE_ECC | 11285 #ifndef NSS_DISABLE_ECC |
11242 sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves; | 11286 sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves; |
11243 #endif | 11287 #endif |
11244 sid->u.ssl3.exchKeyType = effectiveExchKeyType; | 11288 sid->u.ssl3.exchKeyType = effectiveExchKeyType; |
11245 sid->version = ss->version; | 11289 sid->version = ss->version; |
11246 sid->authAlgorithm = ss->sec.authAlgorithm; | 11290 sid->authAlgorithm = ss->sec.authAlgorithm; |
11247 sid->authKeyBits = ss->sec.authKeyBits; | 11291 sid->authKeyBits = ss->sec.authKeyBits; |
11248 sid->keaType = ss->sec.keaType; | 11292 sid->keaType = ss->sec.keaType; |
11249 sid->keaKeyBits = ss->sec.keaKeyBits; | 11293 sid->keaKeyBits = ss->sec.keaKeyBits; |
11250 sid->lastAccessTime = sid->creationTime = ssl_Time(); | 11294 sid->lastAccessTime = sid->creationTime = ssl_Time(); |
11251 sid->expirationTime = sid->creationTime + ssl3_sid_timeout; | 11295 sid->expirationTime = sid->creationTime + ssl3_sid_timeout; |
(...skipping 1115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
12367 ss->ssl3.policy = SSL_ALLOWED; | 12411 ss->ssl3.policy = SSL_ALLOWED; |
12368 | 12412 |
12369 ssl_GetSpecWriteLock(ss); | 12413 ssl_GetSpecWriteLock(ss); |
12370 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; | 12414 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; |
12371 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; | 12415 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; |
12372 ss->ssl3.hs.sendingSCSV = PR_FALSE; | 12416 ss->ssl3.hs.sendingSCSV = PR_FALSE; |
12373 ssl3_InitCipherSpec(ss, ss->ssl3.crSpec); | 12417 ssl3_InitCipherSpec(ss, ss->ssl3.crSpec); |
12374 ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); | 12418 ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); |
12375 | 12419 |
12376 ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; | 12420 ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; |
12377 #ifdef NSS_ENABLE_ECC | 12421 #ifndef NSS_DISABLE_ECC |
12378 ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); | 12422 ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); |
12379 #endif | 12423 #endif |
12380 ssl_ReleaseSpecWriteLock(ss); | 12424 ssl_ReleaseSpecWriteLock(ss); |
12381 | 12425 |
12382 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 12426 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
12383 | 12427 |
12384 if (IS_DTLS(ss)) { | 12428 if (IS_DTLS(ss)) { |
12385 ss->ssl3.hs.sendMessageSeq = 0; | 12429 ss->ssl3.hs.sendMessageSeq = 0; |
12386 ss->ssl3.hs.recvMessageSeq = 0; | 12430 ss->ssl3.hs.recvMessageSeq = 0; |
12387 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; | 12431 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; |
(...skipping 458 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
12846 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12890 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
12847 } | 12891 } |
12848 } | 12892 } |
12849 | 12893 |
12850 ss->ssl3.initialized = PR_FALSE; | 12894 ss->ssl3.initialized = PR_FALSE; |
12851 | 12895 |
12852 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12896 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
12853 } | 12897 } |
12854 | 12898 |
12855 /* End of ssl3con.c */ | 12899 /* End of ssl3con.c */ |
OLD | NEW |