Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1082)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 111853013: Update net/third_party/nss to NSS 3.15.4. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Add CT TLS extension bug number Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/ssl3ecc.c » ('j') | net/third_party/nss/ssl/sslenum.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /* 2 /*
3 * SSL3 Protocol 3 * SSL3 Protocol
4 * 4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public 5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8 8
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
10 10
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after
104 int additionalDataLen); 104 int additionalDataLen);
105 #endif 105 #endif
106 106
107 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ 107 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */
108 #define MIN_SEND_BUF_LENGTH 4000 108 #define MIN_SEND_BUF_LENGTH 4000
109 109
110 /* This list of SSL3 cipher suites is sorted in descending order of 110 /* This list of SSL3 cipher suites is sorted in descending order of
111 * precedence (desirability). It only includes cipher suites we implement. 111 * precedence (desirability). It only includes cipher suites we implement.
112 * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites 112 * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites
113 * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c) 113 * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c)
114 *
115 * Important: See bug 946147 before enabling, reordering, or adding any cipher
116 * suites to this list.
114 */ 117 */
115 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { 118 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
116 /* cipher_suite policy enabled is_present*/ 119 /* cipher_suite policy enabled isPresent */
117 #ifdef NSS_ENABLE_ECC
118 { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
119 { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
120 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
121 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
122 #endif /* NSS_ENABLE_ECC */
123 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE},
124 { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE},
125 120
126 #ifdef NSS_ENABLE_ECC 121 #ifdef NSS_ENABLE_ECC
127 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 122 { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
128 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 123 { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
124 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
125 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
126 /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
127 * bug 946147.
128 */
129 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
130 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
131 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
132 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
133 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
134 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
135 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
136 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
137 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
138 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
129 #endif /* NSS_ENABLE_ECC */ 139 #endif /* NSS_ENABLE_ECC */
130 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 140
131 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 141 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
132 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 142 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
133 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 143 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
134 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 144 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
135 #ifdef NSS_ENABLE_ECC 145 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
136 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 146 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
137 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 147 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
138 #endif /* NSS_ENABLE_ECC */ 148 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
139 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 149 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
140 { TLS_RSA_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 150 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
141 { TLS_RSA_WITH_AES_256_CBC_SHA256,» SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 151 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
152 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
153 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
154 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
142 155
143 #ifdef NSS_ENABLE_ECC 156 #ifdef NSS_ENABLE_ECC
144 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 157 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
145 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 158 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
146 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 159 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
147 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 160 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
148 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 161 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
149 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 162 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
163 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
164 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
150 #endif /* NSS_ENABLE_ECC */ 165 #endif /* NSS_ENABLE_ECC */
151 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 166
152 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 167 /* RSA */
153 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 168 { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
154 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 169 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
155 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 170 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
156 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 171 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
172 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
173 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
174 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
175 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
176 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
177 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
178 { SSL_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
179 { SSL_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE},
180
181 /* 56-bit DES "domestic" cipher suites */
182 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
183 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
184 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
185 { SSL_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
186
187 /* export ciphersuites with 1024-bit public key exchange keys */
188 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
189 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
190
191 /* export ciphersuites with 512-bit public key exchange keys */
192 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
193 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
194
195 /* ciphersuites with no encryption */
157 #ifdef NSS_ENABLE_ECC 196 #ifdef NSS_ENABLE_ECC
158 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 197 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
159 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 198 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
160 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 199 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
161 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 200 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
162 #endif /* NSS_ENABLE_ECC */ 201 #endif /* NSS_ENABLE_ECC */
163 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 202 { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
164 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 203 { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
165 { SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 204 { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
166 { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, 205 };
167 { TLS_RSA_WITH_AES_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE},
168 { TLS_RSA_WITH_AES_128_CBC_SHA256,» SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE},
169 206
170 #ifdef NSS_ENABLE_ECC 207 /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
171 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 208 */
172 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 209 #ifdef DEBUG
173 #endif /* NSS_ENABLE_ECC */ 210 void ssl3_CheckCipherSuiteOrderConsistency()
174 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 211 {
175 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, 212 unsigned int i;
176 #ifdef NSS_ENABLE_ECC
177 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
178 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
179 #endif /* NSS_ENABLE_ECC */
180 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE},
181 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
182 213
214 /* Note that SSL_ImplementedCiphers has more elements than cipherSuites
215 * because it SSL_ImplementedCiphers includes SSL 2.0 cipher suites.
216 */
217 PORT_Assert(SSL_NumImplementedCiphers >= PR_ARRAY_SIZE(cipherSuites));
183 218
184 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 219 for (i = 0; i < PR_ARRAY_SIZE(cipherSuites); ++i) {
185 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, 220 PORT_Assert(SSL_ImplementedCiphers[i] == cipherSuites[i].cipher_suite);
186 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, 221 }
187 { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, 222 }
188 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, 223 #endif
189 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE},
190
191 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE},
192 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE},
193
194 #ifdef NSS_ENABLE_ECC
195 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE},
196 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE},
197 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE},
198 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE},
199 #endif /* NSS_ENABLE_ECC */
200 { SSL_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
201 { TLS_RSA_WITH_NULL_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
202 { SSL_RSA_WITH_NULL_MD5, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
203
204 };
205 224
206 /* This list of SSL3 compression methods is sorted in descending order of 225 /* This list of SSL3 compression methods is sorted in descending order of
207 * precedence (desirability). It only includes compression methods we 226 * precedence (desirability). It only includes compression methods we
208 * implement. 227 * implement.
209 */ 228 */
210 static const /*SSLCompressionMethod*/ PRUint8 compressions [] = { 229 static const /*SSLCompressionMethod*/ PRUint8 compressions [] = {
211 #ifdef NSS_ENABLE_ZLIB 230 #ifdef NSS_ENABLE_ZLIB
212 ssl_compression_deflate, 231 ssl_compression_deflate,
213 #endif 232 #endif
214 ssl_compression_null 233 ssl_compression_null
(...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after
487 { calg_chacha20 , CKM_NSS_CHACHA20_POLY1305 }, 506 { calg_chacha20 , CKM_NSS_CHACHA20_POLY1305 },
488 /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */ 507 /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */
489 }; 508 };
490 509
491 #define mmech_invalid (CK_MECHANISM_TYPE)0x80000000L 510 #define mmech_invalid (CK_MECHANISM_TYPE)0x80000000L
492 #define mmech_md5 CKM_SSL3_MD5_MAC 511 #define mmech_md5 CKM_SSL3_MD5_MAC
493 #define mmech_sha CKM_SSL3_SHA1_MAC 512 #define mmech_sha CKM_SSL3_SHA1_MAC
494 #define mmech_md5_hmac CKM_MD5_HMAC 513 #define mmech_md5_hmac CKM_MD5_HMAC
495 #define mmech_sha_hmac CKM_SHA_1_HMAC 514 #define mmech_sha_hmac CKM_SHA_1_HMAC
496 #define mmech_sha256_hmac CKM_SHA256_HMAC 515 #define mmech_sha256_hmac CKM_SHA256_HMAC
497 #define mmech_sha384_hmac CKM_SHA384_HMAC
498 #define mmech_sha512_hmac CKM_SHA512_HMAC
499 516
500 static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */ 517 static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
501 /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */ 518 /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
502 /* mac mmech pad_size mac_size */ 519 /* mac mmech pad_size mac_size */
503 { mac_null, mmech_invalid, 0, 0 }, 520 { mac_null, mmech_invalid, 0, 0 },
504 { mac_md5, mmech_md5, 48, MD5_LENGTH }, 521 { mac_md5, mmech_md5, 48, MD5_LENGTH },
505 { mac_sha, mmech_sha, 40, SHA1_LENGTH}, 522 { mac_sha, mmech_sha, 40, SHA1_LENGTH},
506 {hmac_md5, mmech_md5_hmac, 0, MD5_LENGTH }, 523 {hmac_md5, mmech_md5_hmac, 0, MD5_LENGTH },
507 {hmac_sha, mmech_sha_hmac, 0, SHA1_LENGTH}, 524 {hmac_sha, mmech_sha_hmac, 0, SHA1_LENGTH},
508 {hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH}, 525 {hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH},
(...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after
832 849
833 /* return number of cipher suites that match policy, enabled state and are 850 /* return number of cipher suites that match policy, enabled state and are
834 * applicable for the configured protocol version range. */ 851 * applicable for the configured protocol version range. */
835 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ 852 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */
836 static int 853 static int
837 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) 854 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled)
838 { 855 {
839 int i, count = 0; 856 int i, count = 0;
840 857
841 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { 858 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
842 » return 0; 859 » return 0;
843 } 860 }
844 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { 861 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
845 if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange)) 862 if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange))
846 count++; 863 count++;
847 } 864 }
848 if (count <= 0) { 865 if (count <= 0) {
849 PORT_SetError(SSL_ERROR_SSL_DISABLED); 866 PORT_SetError(SSL_ERROR_SSL_DISABLED);
850 } 867 }
851 return count; 868 return count;
852 } 869 }
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
898 915
899 ss->version = PR_MIN(peerVersion, ss->vrange.max); 916 ss->version = PR_MIN(peerVersion, ss->vrange.max);
900 PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, ss->version)); 917 PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, ss->version));
901 918
902 return SECSuccess; 919 return SECSuccess;
903 } 920 }
904 921
905 static SECStatus 922 static SECStatus
906 ssl3_GetNewRandom(SSL3Random *random) 923 ssl3_GetNewRandom(SSL3Random *random)
907 { 924 {
908 PRUint32 gmt = ssl_Time();
909 SECStatus rv; 925 SECStatus rv;
910 926
911 random->rand[0] = (unsigned char)(gmt >> 24);
912 random->rand[1] = (unsigned char)(gmt >> 16);
913 random->rand[2] = (unsigned char)(gmt >> 8);
914 random->rand[3] = (unsigned char)(gmt);
915
916 /* first 4 bytes are reserverd for time */ 927 /* first 4 bytes are reserverd for time */
917 rv = PK11_GenerateRandom(&random->rand[4], SSL3_RANDOM_LENGTH - 4); 928 rv = PK11_GenerateRandom(random->rand, SSL3_RANDOM_LENGTH);
918 if (rv != SECSuccess) { 929 if (rv != SECSuccess) {
919 ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE); 930 ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
920 } 931 }
921 return rv; 932 return rv;
922 } 933 }
923 934
924 /* Called by ssl3_SendServerKeyExchange and ssl3_SendCertificateVerify */ 935 /* Called by ssl3_SendServerKeyExchange and ssl3_SendCertificateVerify */
925 SECStatus 936 SECStatus
926 ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, 937 ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
927 PRBool isTLS) 938 PRBool isTLS)
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after
1045 * In that case, we use just the SHA1 part. */ 1056 * In that case, we use just the SHA1 part. */
1046 if (hash->hashAlg == SEC_OID_UNKNOWN) { 1057 if (hash->hashAlg == SEC_OID_UNKNOWN) {
1047 hashItem.data = hash->u.s.sha; 1058 hashItem.data = hash->u.s.sha;
1048 hashItem.len = sizeof(hash->u.s.sha); 1059 hashItem.len = sizeof(hash->u.s.sha);
1049 } else { 1060 } else {
1050 hashItem.data = hash->u.raw; 1061 hashItem.data = hash->u.raw;
1051 hashItem.len = hash->len; 1062 hashItem.len = hash->len;
1052 } 1063 }
1053 /* Allow DER encoded DSA signatures in SSL 3.0 */ 1064 /* Allow DER encoded DSA signatures in SSL 3.0 */
1054 if (isTLS || buf->len != SECKEY_SignatureLen(key)) { 1065 if (isTLS || buf->len != SECKEY_SignatureLen(key)) {
1055 » signature = DSAU_DecodeDerSig(buf); 1066 » signature = DSAU_DecodeDerSigToLen(buf, SECKEY_SignatureLen(key));
1056 if (!signature) { 1067 if (!signature) {
1057 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); 1068 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
1058 return SECFailure; 1069 return SECFailure;
1059 } 1070 }
1060 buf = signature; 1071 buf = signature;
1061 } 1072 }
1062 break; 1073 break;
1063 1074
1064 #ifdef NSS_ENABLE_ECC 1075 #ifdef NSS_ENABLE_ECC
1065 case ecKey: 1076 case ecKey:
(...skipping 564 matching lines...) Expand 10 before | Expand all | Expand 10 after
1630 1641
1631 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); 1642 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
1632 PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); 1643 PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
1633 PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); 1644 PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
1634 1645
1635 pwSpec = ss->ssl3.pwSpec; 1646 pwSpec = ss->ssl3.pwSpec;
1636 cipher_def = pwSpec->cipher_def; 1647 cipher_def = pwSpec->cipher_def;
1637 1648
1638 calg = cipher_def->calg; 1649 calg = cipher_def->calg;
1639 1650
1640 if (calg == calg_aes_gcm) { 1651 if (calg == ssl_calg_aes_gcm) {
1641 pwSpec->encode = NULL; 1652 pwSpec->encode = NULL;
1642 pwSpec->decode = NULL; 1653 pwSpec->decode = NULL;
1643 pwSpec->destroy = NULL; 1654 pwSpec->destroy = NULL;
1644 pwSpec->encodeContext = NULL; 1655 pwSpec->encodeContext = NULL;
1645 pwSpec->decodeContext = NULL; 1656 pwSpec->decodeContext = NULL;
1646 pwSpec->aead = ssl3_AESGCMBypass; 1657 pwSpec->aead = ssl3_AESGCMBypass;
1647 ssl3_InitCompressionContext(pwSpec); 1658 ssl3_InitCompressionContext(pwSpec);
1648 return SECSuccess; 1659 return SECSuccess;
1649 } 1660 }
1650 1661
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after
1746 * is decrypting, and vice versa. 1757 * is decrypting, and vice versa.
1747 */ 1758 */
1748 optArg1 = !optArg1; 1759 optArg1 = !optArg1;
1749 break; 1760 break;
1750 /* kill warnings. */ 1761 /* kill warnings. */
1751 case ssl_calg_null: 1762 case ssl_calg_null:
1752 case ssl_calg_rc4: 1763 case ssl_calg_rc4:
1753 case ssl_calg_rc2: 1764 case ssl_calg_rc2:
1754 case ssl_calg_idea: 1765 case ssl_calg_idea:
1755 case ssl_calg_fortezza: 1766 case ssl_calg_fortezza:
1767 case ssl_calg_aes_gcm:
1756 break; 1768 break;
1757 } 1769 }
1758 1770
1759 rv = (*initFn)(clientContext, 1771 rv = (*initFn)(clientContext,
1760 pwSpec->client.write_key_item.data, 1772 pwSpec->client.write_key_item.data,
1761 pwSpec->client.write_key_item.len, 1773 pwSpec->client.write_key_item.len,
1762 pwSpec->client.write_iv_item.data, 1774 pwSpec->client.write_iv_item.data,
1763 mode, optArg1, optArg2); 1775 mode, optArg1, optArg2);
1764 if (rv != SECSuccess) { 1776 if (rv != SECSuccess) {
1765 PORT_Assert(0); 1777 PORT_Assert(0);
(...skipping 733 matching lines...) Expand 10 before | Expand all | Expand 10 after
2499 2511
2500 PRINT_BUF(95, (NULL, "frag hash2: result", outbuf, *outLength)); 2512 PRINT_BUF(95, (NULL, "frag hash2: result", outbuf, *outLength));
2501 2513
2502 if (rv != SECSuccess) { 2514 if (rv != SECSuccess) {
2503 rv = SECFailure; 2515 rv = SECFailure;
2504 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); 2516 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
2505 } 2517 }
2506 return rv; 2518 return rv;
2507 } 2519 }
2508 2520
2509 /* This is a bodge to allow this code to be compiled against older NSS headers
agl 2014/01/06 18:19:28 Is this no longer needed then? Even for Linux buil
wtc 2014/01/06 23:22:59 Correct. These types were added in NSS 3.14.3, and
2510 * that don't contain the CBC constant-time changes. */
2511 #ifndef CKM_NSS_HMAC_CONSTANT_TIME
2512 #define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
2513 #define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
2514
2515 typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
2516 CK_MECHANISM_TYPE macAlg; /* in */
2517 CK_ULONG ulBodyTotalLen; /* in */
2518 CK_BYTE * pHeader; /* in */
2519 CK_ULONG ulHeaderLen; /* in */
2520 } CK_NSS_MAC_CONSTANT_TIME_PARAMS;
2521 #endif
2522
2523 /* Called from: ssl3_HandleRecord() 2521 /* Called from: ssl3_HandleRecord()
2524 * Caller must already hold the SpecReadLock. (wish we could assert that!) 2522 * Caller must already hold the SpecReadLock. (wish we could assert that!)
2525 * 2523 *
2526 * On entry: 2524 * On entry:
2527 * originalLen >= inputLen >= MAC size 2525 * originalLen >= inputLen >= MAC size
2528 */ 2526 */
2529 static SECStatus 2527 static SECStatus
2530 ssl3_ComputeRecordMACConstantTime( 2528 ssl3_ComputeRecordMACConstantTime(
2531 ssl3CipherSpec * spec, 2529 ssl3CipherSpec * spec,
2532 PRBool useServerMacKey, 2530 PRBool useServerMacKey,
2533 const unsigned char *header, 2531 const unsigned char *header,
2534 unsigned int headerLen, 2532 unsigned int headerLen,
2535 const SSL3Opaque * input, 2533 const SSL3Opaque * input,
2536 int inputLen, 2534 int inputLen,
2537 int originalLen, 2535 int originalLen,
2538 unsigned char * outbuf, 2536 unsigned char * outbuf,
2539 unsigned int * outLen) 2537 unsigned int * outLen)
2540 { 2538 {
2541 CK_MECHANISM_TYPE macType; 2539 CK_MECHANISM_TYPE macType;
2542 CK_NSS_MAC_CONSTANT_TIME_PARAMS params; 2540 CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
2543 PK11Context * mac_context; 2541 SECItem param, inputItem, outputItem;
2544 SECItem param;
2545 SECStatus rv; 2542 SECStatus rv;
2546 PK11SymKey * key; 2543 PK11SymKey * key;
2547 2544
2548 PORT_Assert(inputLen >= spec->mac_size); 2545 PORT_Assert(inputLen >= spec->mac_size);
2549 PORT_Assert(originalLen >= inputLen); 2546 PORT_Assert(originalLen >= inputLen);
2550 2547
2551 if (spec->bypassCiphers) { 2548 if (spec->bypassCiphers) {
2552 /* This function doesn't support PKCS#11 bypass. We fallback on the 2549 /* This function doesn't support PKCS#11 bypass. We fallback on the
2553 * non-constant time version. */ 2550 * non-constant time version. */
2554 goto fallback; 2551 goto fallback;
(...skipping 11 matching lines...) Expand all
2566 2563
2567 params.macAlg = spec->mac_def->mmech; 2564 params.macAlg = spec->mac_def->mmech;
2568 params.ulBodyTotalLen = originalLen; 2565 params.ulBodyTotalLen = originalLen;
2569 params.pHeader = (unsigned char *) header; /* const cast */ 2566 params.pHeader = (unsigned char *) header; /* const cast */
2570 params.ulHeaderLen = headerLen; 2567 params.ulHeaderLen = headerLen;
2571 2568
2572 param.data = (unsigned char*) &params; 2569 param.data = (unsigned char*) &params;
2573 param.len = sizeof(params); 2570 param.len = sizeof(params);
2574 param.type = 0; 2571 param.type = 0;
2575 2572
2573 inputItem.data = (unsigned char *) input;
2574 inputItem.len = inputLen;
2575 inputItem.type = 0;
2576
2577 outputItem.data = outbuf;
2578 outputItem.len = *outLen;
2579 outputItem.type = 0;
2580
2576 key = spec->server.write_mac_key; 2581 key = spec->server.write_mac_key;
2577 if (!useServerMacKey) { 2582 if (!useServerMacKey) {
2578 key = spec->client.write_mac_key; 2583 key = spec->client.write_mac_key;
2579 } 2584 }
2580 mac_context = PK11_CreateContextBySymKey(macType, CKA_SIGN, key, &param); 2585
2581 if (mac_context == NULL) { 2586 rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
2582 » /* Older versions of NSS may not support constant-time MAC. */ 2587 if (rv != SECSuccess) {
2583 » goto fallback; 2588 » if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
2589 » goto fallback;
2590 » }
2591
2592 » *outLen = 0;
2593 » rv = SECFailure;
2594 » ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
2595 » return rv;
2584 } 2596 }
2585 2597
2586 rv = PK11_DigestBegin(mac_context); 2598 PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
2587 rv |= PK11_DigestOp(mac_context, input, inputLen); 2599 *outLen = outputItem.len;
2588 rv |= PK11_DigestFinal(mac_context, outbuf, outLen, spec->mac_size);
2589 PK11_DestroyContext(mac_context, PR_TRUE);
2590 2600
2591 PORT_Assert(rv != SECSuccess || *outLen == (unsigned)spec->mac_size);
2592
2593 if (rv != SECSuccess) {
2594 rv = SECFailure;
2595 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
2596 }
2597 return rv; 2601 return rv;
2598 2602
2599 fallback: 2603 fallback:
2600 /* ssl3_ComputeRecordMAC expects the MAC to have been removed from the 2604 /* ssl3_ComputeRecordMAC expects the MAC to have been removed from the
2601 * length already. */ 2605 * length already. */
2602 inputLen -= spec->mac_size; 2606 inputLen -= spec->mac_size;
2603 return ssl3_ComputeRecordMAC(spec, useServerMacKey, header, headerLen, 2607 return ssl3_ComputeRecordMAC(spec, useServerMacKey, header, headerLen,
2604 input, inputLen, outbuf, outLen); 2608 input, inputLen, outbuf, outLen);
2605 } 2609 }
2606 2610
(...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after
2869 * ssl_SEND_FLAG_USE_EPOCH (for DTLS) 2873 * ssl_SEND_FLAG_USE_EPOCH (for DTLS)
2870 * Forces the use of the provided epoch 2874 * Forces the use of the provided epoch
2871 * ssl_SEND_FLAG_CAP_RECORD_VERSION 2875 * ssl_SEND_FLAG_CAP_RECORD_VERSION
2872 * Caps the record layer version number of TLS ClientHello to { 3, 1 } 2876 * Caps the record layer version number of TLS ClientHello to { 3, 1 }
2873 * (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore 2877 * (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore
2874 * ClientHello.client_version and use the record layer version number 2878 * ClientHello.client_version and use the record layer version number
2875 * (TLSPlaintext.version) instead when negotiating protocol versions. In 2879 * (TLSPlaintext.version) instead when negotiating protocol versions. In
2876 * addition, if the record layer version number of ClientHello is { 3, 2 } 2880 * addition, if the record layer version number of ClientHello is { 3, 2 }
2877 * (TLS 1.1) or higher, these servers reset the TCP connections. Lastly, 2881 * (TLS 1.1) or higher, these servers reset the TCP connections. Lastly,
2878 * some F5 BIG-IP servers hang if a record containing a ClientHello has a 2882 * some F5 BIG-IP servers hang if a record containing a ClientHello has a
2879 * version greater than 0x0301 and a length greater than 255. Set this flag 2883 * version greater than { 3, 1 } and a length greater than 255. Set this
2880 * to work around such servers. 2884 * flag to work around such servers.
2881 */ 2885 */
2882 PRInt32 2886 PRInt32
2883 ssl3_SendRecord( sslSocket * ss, 2887 ssl3_SendRecord( sslSocket * ss,
2884 DTLSEpoch epoch, /* DTLS only */ 2888 DTLSEpoch epoch, /* DTLS only */
2885 SSL3ContentType type, 2889 SSL3ContentType type,
2886 const SSL3Opaque * pIn, /* input buffer */ 2890 const SSL3Opaque * pIn, /* input buffer */
2887 PRInt32 nIn, /* bytes of input */ 2891 PRInt32 nIn, /* bytes of input */
2888 PRInt32 flags) 2892 PRInt32 flags)
2889 { 2893 {
2890 sslBuffer * wrBuf = &ss->sec.writeBuf; 2894 sslBuffer * wrBuf = &ss->sec.writeBuf;
(...skipping 1119 matching lines...) Expand 10 before | Expand all | Expand 10 after
4010 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); 4014 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
4011 return SECFailure; 4015 return SECFailure;
4012 } 4016 }
4013 ss->ssl3.hs.hashType = handshake_hash_single; 4017 ss->ssl3.hs.hashType = handshake_hash_single;
4014 4018
4015 if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { 4019 if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {
4016 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); 4020 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
4017 return SECFailure; 4021 return SECFailure;
4018 } 4022 }
4019 4023
4020 » /* A backup SHA-1 hash for a potential client auth signature. */ 4024 » /* Create a backup SHA-1 hash for a potential client auth
4025 » * signature.
4026 » *
4027 » * In TLS 1.2, ssl3_ComputeHandshakeHashes always uses the
4028 » * handshake hash function (SHA-256). If the server or the client
4029 » * does not support SHA-256 as a signature hash, we can either
4030 » * maintain a backup SHA-1 handshake hash or buffer all handshake
4031 » * messages.
4032 » */
4021 if (!ss->sec.isServer) { 4033 if (!ss->sec.isServer) {
4022 » » ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_SHA1); 4034 » » ss->ssl3.hs.backupHash = PK11_CreateDigestContext(SEC_OID_SHA1);
4023 » » if (ss->ssl3.hs.md5 == NULL) { 4035 » » if (ss->ssl3.hs.backupHash == NULL) {
4024 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); 4036 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
4025 return SECFailure; 4037 return SECFailure;
4026 } 4038 }
4027 4039
4028 » » if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) { 4040 » » if (PK11_DigestBegin(ss->ssl3.hs.backupHash) != SECSuccess) {
4029 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); 4041 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
4030 return SECFailure; 4042 return SECFailure;
4031 } 4043 }
4032 } 4044 }
4033 } else { 4045 } else {
4034 /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or 4046 /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or
4035 * created successfully. */ 4047 * created successfully. */
4036 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5); 4048 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5);
4037 if (ss->ssl3.hs.md5 == NULL) { 4049 if (ss->ssl3.hs.md5 == NULL) {
4038 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); 4050 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after
4133 } 4145 }
4134 return rv; 4146 return rv;
4135 } 4147 }
4136 #endif 4148 #endif
4137 if (ss->ssl3.hs.hashType == handshake_hash_single) { 4149 if (ss->ssl3.hs.hashType == handshake_hash_single) {
4138 rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l); 4150 rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l);
4139 if (rv != SECSuccess) { 4151 if (rv != SECSuccess) {
4140 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); 4152 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
4141 return rv; 4153 return rv;
4142 } 4154 }
4143 » if (ss->ssl3.hs.md5) { 4155 » if (ss->ssl3.hs.backupHash) {
4144 » rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); 4156 » rv = PK11_DigestOp(ss->ssl3.hs.backupHash, b, l);
4145 if (rv != SECSuccess) { 4157 if (rv != SECSuccess) {
4146 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); 4158 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
4147 return rv; 4159 return rv;
4148 } 4160 }
4149 } 4161 }
4150 } else { 4162 } else {
4151 rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); 4163 rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l);
4152 if (rv != SECSuccess) { 4164 if (rv != SECSuccess) {
4153 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); 4165 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
4154 return rv; 4166 return rv;
(...skipping 740 matching lines...) Expand 10 before | Expand all | Expand 10 after
4895 return rv; 4907 return rv;
4896 } 4908 }
4897 4909
4898 static SECStatus 4910 static SECStatus
4899 ssl3_ComputeBackupHandshakeHashes(sslSocket * ss, 4911 ssl3_ComputeBackupHandshakeHashes(sslSocket * ss,
4900 SSL3Hashes * hashes) /* output goes here. */ 4912 SSL3Hashes * hashes) /* output goes here. */
4901 { 4913 {
4902 SECStatus rv = SECSuccess; 4914 SECStatus rv = SECSuccess;
4903 4915
4904 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); 4916 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
4917 PORT_Assert( !ss->sec.isServer );
4905 PORT_Assert( ss->ssl3.hs.hashType == handshake_hash_single ); 4918 PORT_Assert( ss->ssl3.hs.hashType == handshake_hash_single );
4906 4919
4907 rv = PK11_DigestFinal(ss->ssl3.hs.md5, hashes->u.raw, &hashes->len, 4920 rv = PK11_DigestFinal(ss->ssl3.hs.backupHash, hashes->u.raw, &hashes->len,
4908 sizeof(hashes->u.raw)); 4921 sizeof(hashes->u.raw));
4909 if (rv != SECSuccess) { 4922 if (rv != SECSuccess) {
4910 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); 4923 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
4911 rv = SECFailure; 4924 rv = SECFailure;
4912 goto loser; 4925 goto loser;
4913 } 4926 }
4914 hashes->hashAlg = SEC_OID_SHA1; 4927 hashes->hashAlg = SEC_OID_SHA1;
4915 4928
4916 loser: 4929 loser:
4917 PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE); 4930 PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE);
4918 ss->ssl3.hs.md5 = NULL; 4931 ss->ssl3.hs.backupHash = NULL;
4919 return rv; 4932 return rv;
4920 } 4933 }
4921 4934
4922 /* 4935 /*
4923 * SSL 2 based implementations pass in the initial outbound buffer 4936 * SSL 2 based implementations pass in the initial outbound buffer
4924 * so that the handshake hash can contain the included information. 4937 * so that the handshake hash can contain the included information.
4925 * 4938 *
4926 * Called from ssl2_BeginClientHandshake() in sslcon.c 4939 * Called from ssl2_BeginClientHandshake() in sslcon.c
4927 */ 4940 */
4928 SECStatus 4941 SECStatus
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
4988 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); 5001 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
4989 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); 5002 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
4990 5003
4991 rv = ssl3_InitState(ss); 5004 rv = ssl3_InitState(ss);
4992 if (rv != SECSuccess) { 5005 if (rv != SECSuccess) {
4993 return rv; /* ssl3_InitState has set the error code. */ 5006 return rv; /* ssl3_InitState has set the error code. */
4994 } 5007 }
4995 ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ 5008 ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */
4996 PORT_Assert(IS_DTLS(ss) || !resending); 5009 PORT_Assert(IS_DTLS(ss) || !resending);
4997 5010
5011 SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE);
5012 ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
5013
4998 /* We might be starting a session renegotiation in which case we should 5014 /* We might be starting a session renegotiation in which case we should
4999 * clear previous state. 5015 * clear previous state.
5000 */ 5016 */
5001 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); 5017 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData));
5002 5018
5003 rv = ssl3_RestartHandshakeHashes(ss); 5019 rv = ssl3_RestartHandshakeHashes(ss);
5004 if (rv != SECSuccess) { 5020 if (rv != SECSuccess) {
5005 return rv; 5021 return rv;
5006 } 5022 }
5007 5023
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after
5112 (*ss->sec.uncache)(sid); 5128 (*ss->sec.uncache)(sid);
5113 ssl_FreeSID(sid); 5129 ssl_FreeSID(sid);
5114 sid = NULL; 5130 sid = NULL;
5115 } 5131 }
5116 } 5132 }
5117 5133
5118 if (sid) { 5134 if (sid) {
5119 requestingResume = PR_TRUE; 5135 requestingResume = PR_TRUE;
5120 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits ); 5136 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits );
5121 5137
5122 /* Are we attempting a stateless session resume? */
5123 if (sid->version > SSL_LIBRARY_VERSION_3_0 &&
5124 sid->u.ssl3.sessionTicket.ticket.data)
5125 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_stateless_resumes );
5126
5127 PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID, 5138 PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
5128 sid->u.ssl3.sessionIDLength)); 5139 sid->u.ssl3.sessionIDLength));
5129 5140
5130 ss->ssl3.policy = sid->u.ssl3.policy; 5141 ss->ssl3.policy = sid->u.ssl3.policy;
5131 } else { 5142 } else {
5132 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses ); 5143 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses );
5133 5144
5134 /* 5145 /*
5135 * Windows SChannel compares the client_version inside the RSA 5146 * Windows SChannel compares the client_version inside the RSA
5136 * EncryptedPreMasterSecret of a renegotiation with the 5147 * EncryptedPreMasterSecret of a renegotiation with the
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
5185 /* HACK for SCSV in SSL 3.0. On initial handshake, prepend SCSV, 5196 /* HACK for SCSV in SSL 3.0. On initial handshake, prepend SCSV,
5186 * only if TLS is disabled. 5197 * only if TLS is disabled.
5187 */ 5198 */
5188 if (!ss->firstHsDone && !isTLS) { 5199 if (!ss->firstHsDone && !isTLS) {
5189 /* Must set this before calling Hello Extension Senders, 5200 /* Must set this before calling Hello Extension Senders,
5190 * to suppress sending of empty RI extension. 5201 * to suppress sending of empty RI extension.
5191 */ 5202 */
5192 ss->ssl3.hs.sendingSCSV = PR_TRUE; 5203 ss->ssl3.hs.sendingSCSV = PR_TRUE;
5193 } 5204 }
5194 5205
5206 /* When we attempt session resumption (only), we must lock the sid to
5207 * prevent races with other resumption connections that receive a
5208 * NewSessionTicket that will cause the ticket in the sid to be replaced.
5209 * Once we've copied the session ticket into our ClientHello message, it
5210 * is OK for the ticket to change, so we just need to make sure we hold
5211 * the lock across the calls to ssl3_CallHelloExtensionSenders.
5212 */
5213 if (sid->u.ssl3.lock) {
5214 PR_RWLock_Rlock(sid->u.ssl3.lock);
5215 }
5216
5195 if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) { 5217 if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) {
5196 PRUint32 maxBytes = 65535; /* 2^16 - 1 */ 5218 PRUint32 maxBytes = 65535; /* 2^16 - 1 */
5197 PRInt32 extLen; 5219 PRInt32 extLen;
5198 5220
5199 extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL); 5221 extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL);
5200 if (extLen < 0) { 5222 if (extLen < 0) {
5223 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5201 return SECFailure; 5224 return SECFailure;
5202 } 5225 }
5203 maxBytes -= extLen; 5226 maxBytes -= extLen;
5204 total_exten_len += extLen; 5227 total_exten_len += extLen;
5205 5228
5206 if (total_exten_len > 0) 5229 if (total_exten_len > 0)
5207 total_exten_len += 2; 5230 total_exten_len += 2;
5208 } 5231 }
5209 5232
5210 #if defined(NSS_ENABLE_ECC) 5233 #if defined(NSS_ENABLE_ECC)
5211 if (!total_exten_len || !isTLS) { 5234 if (!total_exten_len || !isTLS) {
5212 /* not sending the elliptic_curves and ec_point_formats extensions */ 5235 /* not sending the elliptic_curves and ec_point_formats extensions */
5213 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ 5236 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
5214 } 5237 }
5215 #endif 5238 #endif
5216 5239
5217 if (IS_DTLS(ss)) { 5240 if (IS_DTLS(ss)) {
5218 ssl3_DisableNonDTLSSuites(ss); 5241 ssl3_DisableNonDTLSSuites(ss);
5219 } 5242 }
5220 5243
5221 if (!ssl3_HasGCMSupport()) { 5244 if (!ssl3_HasGCMSupport()) {
5222 ssl3_DisableGCMSuites(ss); 5245 ssl3_DisableGCMSuites(ss);
5223 } 5246 }
5224 5247
5225 /* how many suites are permitted by policy and user preference? */ 5248 /* how many suites are permitted by policy and user preference? */
5226 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); 5249 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
5227 if (!num_suites) 5250 if (!num_suites) {
5251 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5228 return SECFailure; /* count_cipher_suites has set error code. */ 5252 return SECFailure; /* count_cipher_suites has set error code. */
5253 }
5229 5254
5230 fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume || 5255 fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume ||
5231 ss->version < sid->version); 5256 ss->version < sid->version);
5232 /* make room for SCSV */ 5257 /* make room for SCSV */
5233 if (ss->ssl3.hs.sendingSCSV) { 5258 if (ss->ssl3.hs.sendingSCSV) {
5234 ++num_suites; 5259 ++num_suites;
5235 } 5260 }
5236 if (fallbackSCSV) { 5261 if (fallbackSCSV) {
5237 ++num_suites; 5262 ++num_suites;
5238 } 5263 }
(...skipping 22 matching lines...) Expand all
5261 if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) { 5286 if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) {
5262 paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length); 5287 paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
5263 total_exten_len += paddingExtensionLen; 5288 total_exten_len += paddingExtensionLen;
5264 length += paddingExtensionLen; 5289 length += paddingExtensionLen;
5265 } else { 5290 } else {
5266 paddingExtensionLen = 0; 5291 paddingExtensionLen = 0;
5267 } 5292 }
5268 5293
5269 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); 5294 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
5270 if (rv != SECSuccess) { 5295 if (rv != SECSuccess) {
5296 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
agl 2014/01/06 18:19:28 seems like these could have been a "goto loser", b
wtc 2014/01/06 23:22:59 I also suggested that while reviewing the upstream
5271 return rv; /* err set by ssl3_AppendHandshake* */ 5297 return rv; /* err set by ssl3_AppendHandshake* */
5272 } 5298 }
5273 5299
5274 if (ss->firstHsDone) { 5300 if (ss->firstHsDone) {
5275 /* The client hello version must stay unchanged to work around 5301 /* The client hello version must stay unchanged to work around
5276 * the Windows SChannel bug described above. */ 5302 * the Windows SChannel bug described above. */
5277 PORT_Assert(ss->version == ss->clientHelloVersion); 5303 PORT_Assert(ss->version == ss->clientHelloVersion);
5278 } 5304 }
5279 ss->clientHelloVersion = ss->version; 5305 ss->clientHelloVersion = ss->version;
5280 if (IS_DTLS(ss)) { 5306 if (IS_DTLS(ss)) {
5281 PRUint16 version; 5307 PRUint16 version;
5282 5308
5283 version = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion); 5309 version = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion);
5284 rv = ssl3_AppendHandshakeNumber(ss, version, 2); 5310 rv = ssl3_AppendHandshakeNumber(ss, version, 2);
5285 } else { 5311 } else {
5286 rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2); 5312 rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
5287 } 5313 }
5288 if (rv != SECSuccess) { 5314 if (rv != SECSuccess) {
5315 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5289 return rv; /* err set by ssl3_AppendHandshake* */ 5316 return rv; /* err set by ssl3_AppendHandshake* */
5290 } 5317 }
5291 5318
5292 if (!resending) { /* Don't re-generate if we are in DTLS re-sending mode */ 5319 if (!resending) { /* Don't re-generate if we are in DTLS re-sending mode */
5293 rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random); 5320 rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random);
5294 if (rv != SECSuccess) { 5321 if (rv != SECSuccess) {
5322 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5295 return rv; /* err set by GetNewRandom. */ 5323 return rv; /* err set by GetNewRandom. */
5296 } 5324 }
5297 } 5325 }
5298 rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random, 5326 rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random,
5299 SSL3_RANDOM_LENGTH); 5327 SSL3_RANDOM_LENGTH);
5300 if (rv != SECSuccess) { 5328 if (rv != SECSuccess) {
5329 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5301 return rv; /* err set by ssl3_AppendHandshake* */ 5330 return rv; /* err set by ssl3_AppendHandshake* */
5302 } 5331 }
5303 5332
5304 if (sid) 5333 if (sid)
5305 rv = ssl3_AppendHandshakeVariable( 5334 rv = ssl3_AppendHandshakeVariable(
5306 ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); 5335 ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
5307 else 5336 else
5308 rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); 5337 rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
5309 if (rv != SECSuccess) { 5338 if (rv != SECSuccess) {
5339 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5310 return rv; /* err set by ssl3_AppendHandshake* */ 5340 return rv; /* err set by ssl3_AppendHandshake* */
5311 } 5341 }
5312 5342
5313 if (IS_DTLS(ss)) { 5343 if (IS_DTLS(ss)) {
5314 rv = ssl3_AppendHandshakeVariable( 5344 rv = ssl3_AppendHandshakeVariable(
5315 ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1); 5345 ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1);
5316 if (rv != SECSuccess) { 5346 if (rv != SECSuccess) {
5347 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5317 return rv; /* err set by ssl3_AppendHandshake* */ 5348 return rv; /* err set by ssl3_AppendHandshake* */
5318 } 5349 }
5319 } 5350 }
5320 5351
5321 rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2); 5352 rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2);
5322 if (rv != SECSuccess) { 5353 if (rv != SECSuccess) {
5354 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5323 return rv; /* err set by ssl3_AppendHandshake* */ 5355 return rv; /* err set by ssl3_AppendHandshake* */
5324 } 5356 }
5325 5357
5326 if (ss->ssl3.hs.sendingSCSV) { 5358 if (ss->ssl3.hs.sendingSCSV) {
5327 /* Add the actual SCSV */ 5359 /* Add the actual SCSV */
5328 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, 5360 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
5329 sizeof(ssl3CipherSuite)); 5361 sizeof(ssl3CipherSuite));
5330 if (rv != SECSuccess) { 5362 if (rv != SECSuccess) {
5363 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5331 return rv; /* err set by ssl3_AppendHandshake* */ 5364 return rv; /* err set by ssl3_AppendHandshake* */
5332 } 5365 }
5333 actual_count++; 5366 actual_count++;
5334 } 5367 }
5335 if (fallbackSCSV) { 5368 if (fallbackSCSV) {
5336 rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV, 5369 rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
5337 sizeof(ssl3CipherSuite)); 5370 sizeof(ssl3CipherSuite));
5338 if (rv != SECSuccess) { 5371 if (rv != SECSuccess) {
5372 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5339 return rv; /* err set by ssl3_AppendHandshake* */ 5373 return rv; /* err set by ssl3_AppendHandshake* */
5340 } 5374 }
5341 actual_count++; 5375 actual_count++;
5342 } 5376 }
5343 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { 5377 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
5344 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; 5378 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
5345 if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { 5379 if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
5346 actual_count++; 5380 actual_count++;
5347 if (actual_count > num_suites) { 5381 if (actual_count > num_suites) {
5382 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5348 /* set error card removal/insertion error */ 5383 /* set error card removal/insertion error */
5349 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); 5384 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
5350 return SECFailure; 5385 return SECFailure;
5351 } 5386 }
5352 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, 5387 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
5353 sizeof(ssl3CipherSuite)); 5388 sizeof(ssl3CipherSuite));
5354 if (rv != SECSuccess) { 5389 if (rv != SECSuccess) {
5390 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5355 return rv; /* err set by ssl3_AppendHandshake* */ 5391 return rv; /* err set by ssl3_AppendHandshake* */
5356 } 5392 }
5357 } 5393 }
5358 } 5394 }
5359 5395
5360 /* if cards were removed or inserted between count_cipher_suites and 5396 /* if cards were removed or inserted between count_cipher_suites and
5361 * generating our list, detect the error here rather than send it off to 5397 * generating our list, detect the error here rather than send it off to
5362 * the server.. */ 5398 * the server.. */
5363 if (actual_count != num_suites) { 5399 if (actual_count != num_suites) {
5364 /* Card removal/insertion error */ 5400 /* Card removal/insertion error */
5401 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5365 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); 5402 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
5366 return SECFailure; 5403 return SECFailure;
5367 } 5404 }
5368 5405
5369 rv = ssl3_AppendHandshakeNumber(ss, numCompressionMethods, 1); 5406 rv = ssl3_AppendHandshakeNumber(ss, numCompressionMethods, 1);
5370 if (rv != SECSuccess) { 5407 if (rv != SECSuccess) {
5408 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5371 return rv; /* err set by ssl3_AppendHandshake* */ 5409 return rv; /* err set by ssl3_AppendHandshake* */
5372 } 5410 }
5373 for (i = 0; i < compressionMethodsCount; i++) { 5411 for (i = 0; i < compressionMethodsCount; i++) {
5374 if (!compressionEnabled(ss, compressions[i])) 5412 if (!compressionEnabled(ss, compressions[i]))
5375 continue; 5413 continue;
5376 rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1); 5414 rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1);
5377 if (rv != SECSuccess) { 5415 if (rv != SECSuccess) {
5416 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5378 return rv; /* err set by ssl3_AppendHandshake* */ 5417 return rv; /* err set by ssl3_AppendHandshake* */
5379 } 5418 }
5380 } 5419 }
5381 5420
5382 if (total_exten_len) { 5421 if (total_exten_len) {
5383 PRUint32 maxBytes = total_exten_len - 2; 5422 PRUint32 maxBytes = total_exten_len - 2;
5384 PRInt32 extLen; 5423 PRInt32 extLen;
5385 5424
5386 rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2); 5425 rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2);
5387 if (rv != SECSuccess) { 5426 if (rv != SECSuccess) {
5427 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5388 return rv; /* err set by AppendHandshake. */ 5428 return rv; /* err set by AppendHandshake. */
5389 } 5429 }
5390 5430
5391 extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL); 5431 extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL);
5392 if (extLen < 0) { 5432 if (extLen < 0) {
5433 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5393 return SECFailure; 5434 return SECFailure;
5394 } 5435 }
5395 maxBytes -= extLen; 5436 maxBytes -= extLen;
5396 5437
5397 extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes); 5438 extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
5398 if (extLen < 0) { 5439 if (extLen < 0) {
5440 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
5399 return SECFailure; 5441 return SECFailure;
5400 } 5442 }
5401 maxBytes -= extLen; 5443 maxBytes -= extLen;
5402 5444
5403 PORT_Assert(!maxBytes); 5445 PORT_Assert(!maxBytes);
5404 } 5446 }
5447
5448 if (sid->u.ssl3.lock) {
5449 PR_RWLock_Unlock(sid->u.ssl3.lock);
5450 }
5451
5452 if (ss->xtnData.sentSessionTicketInClientHello) {
5453 SSL_AtomicIncrementLong(&ssl3stats.sch_sid_stateless_resumes);
5454 }
5455
5405 if (ss->ssl3.hs.sendingSCSV) { 5456 if (ss->ssl3.hs.sendingSCSV) {
5406 /* Since we sent the SCSV, pretend we sent empty RI extension. */ 5457 /* Since we sent the SCSV, pretend we sent empty RI extension. */
5407 TLSExtensionData *xtnData = &ss->xtnData; 5458 TLSExtensionData *xtnData = &ss->xtnData;
5408 xtnData->advertised[xtnData->numAdvertised++] = 5459 xtnData->advertised[xtnData->numAdvertised++] =
5409 ssl_renegotiation_info_xtn; 5460 ssl_renegotiation_info_xtn;
5410 } 5461 }
5411 5462
5412 flags = 0; 5463 flags = 0;
5413 if (!ss->firstHsDone && !IS_DTLS(ss)) { 5464 if (!ss->firstHsDone && !IS_DTLS(ss)) {
5414 flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION; 5465 flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION;
(...skipping 786 matching lines...) Expand 10 before | Expand all | Expand 10 after
6201 unsigned int len; 6252 unsigned int len;
6202 SSL3SignatureAndHashAlgorithm sigAndHash; 6253 SSL3SignatureAndHashAlgorithm sigAndHash;
6203 6254
6204 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); 6255 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
6205 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); 6256 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
6206 6257
6207 SSL_TRC(3, ("%d: SSL3[%d]: send certificate_verify handshake", 6258 SSL_TRC(3, ("%d: SSL3[%d]: send certificate_verify handshake",
6208 SSL_GETPID(), ss->fd)); 6259 SSL_GETPID(), ss->fd));
6209 6260
6210 ssl_GetSpecReadLock(ss); 6261 ssl_GetSpecReadLock(ss);
6211 /* In TLS 1.2, ssl3_ComputeHandshakeHashes always uses the handshake hash 6262 if (ss->ssl3.hs.hashType == handshake_hash_single &&
6212 * function (SHA-256). If the server or the client does not support SHA-256 6263 » ss->ssl3.hs.backupHash) {
6213 * as a signature hash, we can either maintain a backup SHA-1 handshake
6214 * hash or buffer all handshake messages.
6215 */
6216 if (ss->ssl3.hs.hashType == handshake_hash_single && ss->ssl3.hs.md5) {
6217 rv = ssl3_ComputeBackupHandshakeHashes(ss, &hashes); 6264 rv = ssl3_ComputeBackupHandshakeHashes(ss, &hashes);
6218 » PORT_Assert(ss->ssl3.hs.md5 == NULL); 6265 » PORT_Assert(!ss->ssl3.hs.backupHash);
6219 } else { 6266 } else {
6220 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.pwSpec, &hashes, 0); 6267 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.pwSpec, &hashes, 0);
6221 } 6268 }
6222 ssl_ReleaseSpecReadLock(ss); 6269 ssl_ReleaseSpecReadLock(ss);
6223 if (rv != SECSuccess) { 6270 if (rv != SECSuccess) {
6224 goto done; /* err code was set by ssl3_ComputeHandshakeHashes */ 6271 goto done; /* err code was set by ssl3_ComputeHandshakeHashes */
6225 } 6272 }
6226 6273
6227 isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); 6274 isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
6228 isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); 6275 isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
(...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after
6604 PK11_FreeSlot(slot); 6651 PK11_FreeSlot(slot);
6605 if (pwSpec->master_secret == NULL) { 6652 if (pwSpec->master_secret == NULL) {
6606 break; 6653 break;
6607 } 6654 }
6608 } 6655 }
6609 6656
6610 /* Got a Match */ 6657 /* Got a Match */
6611 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_hits ); 6658 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_hits );
6612 6659
6613 /* If we sent a session ticket, then this is a stateless resume. */ 6660 /* If we sent a session ticket, then this is a stateless resume. */
6614 » if (sid->version > SSL_LIBRARY_VERSION_3_0 && 6661 » if (ss->xtnData.sentSessionTicketInClientHello)
6615 » sid->u.ssl3.sessionTicket.ticket.data != NULL)
6616 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_stateless_resumes ); 6662 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_stateless_resumes );
6617 6663
6618 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) 6664 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
6619 ss->ssl3.hs.ws = wait_new_session_ticket; 6665 ss->ssl3.hs.ws = wait_new_session_ticket;
6620 else 6666 else
6621 ss->ssl3.hs.ws = wait_change_cipher; 6667 ss->ssl3.hs.ws = wait_change_cipher;
6622 6668
6623 ss->ssl3.hs.isResuming = PR_TRUE; 6669 ss->ssl3.hs.isResuming = PR_TRUE;
6624 6670
6625 /* copy the peer cert from the SID */ 6671 /* copy the peer cert from the SID */
(...skipping 404 matching lines...) Expand 10 before | Expand all | Expand 10 after
7030 * Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and 7076 * Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and
7031 * older, DSA key size is at most 1024 bits and the hash function must 7077 * older, DSA key size is at most 1024 bits and the hash function must
7032 * be SHA-1. 7078 * be SHA-1.
7033 */ 7079 */
7034 if (pubk->keyType == rsaKey || pubk->keyType == dsaKey) { 7080 if (pubk->keyType == rsaKey || pubk->keyType == dsaKey) {
7035 *preferSha1 = SECKEY_PublicKeyStrength(pubk) <= 128; 7081 *preferSha1 = SECKEY_PublicKeyStrength(pubk) <= 128;
7036 } else { 7082 } else {
7037 *preferSha1 = PR_FALSE; 7083 *preferSha1 = PR_FALSE;
7038 } 7084 }
7039 7085
7040 done: 7086 done:
7041 if (pubk) 7087 if (pubk)
7042 SECKEY_DestroyPublicKey(pubk); 7088 SECKEY_DestroyPublicKey(pubk);
7043 return rv; 7089 return rv;
7044 } 7090 }
7045 7091
7046 /* Destroys the backup handshake hash context if we don't need it. Note that 7092 /* Destroys the backup handshake hash context if we don't need it. Note that
7047 * this function selects the hash algorithm for client authentication 7093 * this function selects the hash algorithm for client authentication
7048 * signatures; ssl3_SendCertificateVerify uses the presence of the backup hash 7094 * signatures; ssl3_SendCertificateVerify uses the presence of the backup hash
7049 * to determine whether to use SHA-1 or SHA-256. */ 7095 * to determine whether to use SHA-1 or SHA-256. */
7050 static void 7096 static void
7051 ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, 7097 ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss,
7052 const SECItem *algorithms) 7098 const SECItem *algorithms)
7053 { 7099 {
7054 SECStatus rv; 7100 SECStatus rv;
7055 TLSSignatureAlgorithm sigAlg; 7101 TLSSignatureAlgorithm sigAlg;
7056 PRBool preferSha1; 7102 PRBool preferSha1;
7057 PRBool supportsSha1 = PR_FALSE; 7103 PRBool supportsSha1 = PR_FALSE;
7058 PRBool supportsSha256 = PR_FALSE; 7104 PRBool supportsSha256 = PR_FALSE;
7059 PRBool needBackupHash = PR_FALSE; 7105 PRBool needBackupHash = PR_FALSE;
7060 unsigned int i; 7106 unsigned int i;
7061 7107
7062 PORT_Assert(ss->ssl3.hs.md5); 7108 #ifndef NO_PKCS11_BYPASS
7109 /* Backup handshake hash is not supported in PKCS #11 bypass mode. */
7110 if (ss->opt.bypassPKCS11) {
7111 » PORT_Assert(!ss->ssl3.hs.backupHash);
7112 » return;
7113 }
7114 #endif
7115 PORT_Assert(ss->ssl3.hs.backupHash);
7063 7116
7064 /* Determine the key's signature algorithm and whether it prefers SHA-1. */ 7117 /* Determine the key's signature algorithm and whether it prefers SHA-1. */
7065 rv = ssl3_ExtractClientKeyInfo(ss, &sigAlg, &preferSha1); 7118 rv = ssl3_ExtractClientKeyInfo(ss, &sigAlg, &preferSha1);
7066 if (rv != SECSuccess) { 7119 if (rv != SECSuccess) {
7067 goto done; 7120 goto done;
7068 } 7121 }
7069 7122
7070 /* Determine the server's hash support for that signature algorithm. */ 7123 /* Determine the server's hash support for that signature algorithm. */
7071 for (i = 0; i < algorithms->len; i += 2) { 7124 for (i = 0; i < algorithms->len; i += 2) {
7072 if (algorithms->data[i+1] == sigAlg) { 7125 if (algorithms->data[i+1] == sigAlg) {
7073 if (algorithms->data[i] == tls_hash_sha1) { 7126 if (algorithms->data[i] == tls_hash_sha1) {
7074 supportsSha1 = PR_TRUE; 7127 supportsSha1 = PR_TRUE;
7075 } else if (algorithms->data[i] == tls_hash_sha256) { 7128 } else if (algorithms->data[i] == tls_hash_sha256) {
7076 supportsSha256 = PR_TRUE; 7129 supportsSha256 = PR_TRUE;
7077 } 7130 }
7078 } 7131 }
7079 } 7132 }
7080 7133
7081 /* If either the server does not support SHA-256 or the client key prefers 7134 /* If either the server does not support SHA-256 or the client key prefers
7082 * SHA-1, leave the backup hash. */ 7135 * SHA-1, leave the backup hash. */
7083 if (supportsSha1 && (preferSha1 || !supportsSha256)) { 7136 if (supportsSha1 && (preferSha1 || !supportsSha256)) {
7084 needBackupHash = PR_TRUE; 7137 needBackupHash = PR_TRUE;
7085 } 7138 }
7086 7139
7087 done: 7140 done:
7088 if (!needBackupHash) { 7141 if (!needBackupHash) {
7089 » PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE); 7142 » PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE);
7090 » ss->ssl3.hs.md5 = NULL; 7143 » ss->ssl3.hs.backupHash = NULL;
7091 } 7144 }
7092 } 7145 }
7093 7146
7094 typedef struct dnameNode { 7147 typedef struct dnameNode {
7095 struct dnameNode *next; 7148 struct dnameNode *next;
7096 SECItem name; 7149 SECItem name;
7097 } dnameNode; 7150 } dnameNode;
7098 7151
7099 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete 7152 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
7100 * ssl3 Certificate Request message. 7153 * ssl3 Certificate Request message.
(...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after
7276 if (ss->ssl3.clientCertificate != NULL) { 7329 if (ss->ssl3.clientCertificate != NULL) {
7277 CERT_DestroyCertificate(ss->ssl3.clientCertificate); 7330 CERT_DestroyCertificate(ss->ssl3.clientCertificate);
7278 ss->ssl3.clientCertificate = NULL; 7331 ss->ssl3.clientCertificate = NULL;
7279 } 7332 }
7280 if (ss->ssl3.platformClientKey) { 7333 if (ss->ssl3.platformClientKey) {
7281 ssl_FreePlatformKey(ss->ssl3.platformClientKey); 7334 ssl_FreePlatformKey(ss->ssl3.platformClientKey);
7282 ss->ssl3.platformClientKey = (PlatformKey)NULL; 7335 ss->ssl3.platformClientKey = (PlatformKey)NULL;
7283 } 7336 }
7284 goto send_no_certificate; 7337 goto send_no_certificate;
7285 } 7338 }
7286 » if (isTLS12) { 7339 » if (ss->ssl3.hs.hashType == handshake_hash_single) {
7287 ssl3_DestroyBackupHandshakeHashIfNotNeeded(ss, &algorithms); 7340 ssl3_DestroyBackupHandshakeHashIfNotNeeded(ss, &algorithms);
7288 } 7341 }
7289 break; /* not an error */ 7342 break; /* not an error */
7290 } 7343 }
7291 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 7344 #endif /* NSS_PLATFORM_CLIENT_AUTH */
7292 /* check what the callback function returned */ 7345 /* check what the callback function returned */
7293 if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) { 7346 if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) {
7294 /* we are missing either the key or cert */ 7347 /* we are missing either the key or cert */
7295 if (ss->ssl3.clientCertificate) { 7348 if (ss->ssl3.clientCertificate) {
7296 /* got a cert, but no key - free it */ 7349 /* got a cert, but no key - free it */
7297 CERT_DestroyCertificate(ss->ssl3.clientCertificate); 7350 CERT_DestroyCertificate(ss->ssl3.clientCertificate);
7298 ss->ssl3.clientCertificate = NULL; 7351 ss->ssl3.clientCertificate = NULL;
7299 } 7352 }
7300 if (ss->ssl3.clientPrivateKey) { 7353 if (ss->ssl3.clientPrivateKey) {
7301 /* got a key, but no cert - free it */ 7354 /* got a key, but no cert - free it */
7302 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); 7355 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
7303 ss->ssl3.clientPrivateKey = NULL; 7356 ss->ssl3.clientPrivateKey = NULL;
7304 } 7357 }
7305 goto send_no_certificate; 7358 goto send_no_certificate;
7306 } 7359 }
7307 /* Setting ssl3.clientCertChain non-NULL will cause 7360 /* Setting ssl3.clientCertChain non-NULL will cause
7308 * ssl3_HandleServerHelloDone to call SendCertificate. 7361 * ssl3_HandleServerHelloDone to call SendCertificate.
7309 */ 7362 */
7310 ss->ssl3.clientCertChain = CERT_CertChainFromCert( 7363 ss->ssl3.clientCertChain = CERT_CertChainFromCert(
7311 ss->ssl3.clientCertificate, 7364 ss->ssl3.clientCertificate,
7312 certUsageSSLClient, PR_FALSE); 7365 certUsageSSLClient, PR_FALSE);
7313 if (ss->ssl3.clientCertChain == NULL) { 7366 if (ss->ssl3.clientCertChain == NULL) {
7314 » if (ss->ssl3.clientCertificate != NULL) { 7367 » CERT_DestroyCertificate(ss->ssl3.clientCertificate);
7315 » » CERT_DestroyCertificate(ss->ssl3.clientCertificate); 7368 » ss->ssl3.clientCertificate = NULL;
7316 » » ss->ssl3.clientCertificate = NULL; 7369 » SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
7317 » } 7370 » ss->ssl3.clientPrivateKey = NULL;
7318 » if (ss->ssl3.clientPrivateKey != NULL) {
7319 » » SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
7320 » » ss->ssl3.clientPrivateKey = NULL;
7321 » }
7322 goto send_no_certificate; 7371 goto send_no_certificate;
7323 } 7372 }
7324 » if (isTLS12) { 7373 » if (ss->ssl3.hs.hashType == handshake_hash_single) {
7325 ssl3_DestroyBackupHandshakeHashIfNotNeeded(ss, &algorithms); 7374 ssl3_DestroyBackupHandshakeHashIfNotNeeded(ss, &algorithms);
7326 } 7375 }
7327 break; /* not an error */ 7376 break; /* not an error */
7328 7377
7329 case SECFailure: 7378 case SECFailure:
7330 default: 7379 default:
7331 send_no_certificate: 7380 send_no_certificate:
7332 if (isTLS) { 7381 if (isTLS) {
7333 ss->ssl3.sendEmptyCert = PR_TRUE; 7382 ss->ssl3.sendEmptyCert = PR_TRUE;
7334 } else { 7383 } else {
(...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after
7552 7601
7553 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); 7602 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
7554 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); 7603 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
7555 7604
7556 sendClientCert = !ss->ssl3.sendEmptyCert && 7605 sendClientCert = !ss->ssl3.sendEmptyCert &&
7557 ss->ssl3.clientCertChain != NULL && 7606 ss->ssl3.clientCertChain != NULL &&
7558 (ss->ssl3.platformClientKey || 7607 (ss->ssl3.platformClientKey ||
7559 ss->ssl3.clientPrivateKey != NULL); 7608 ss->ssl3.clientPrivateKey != NULL);
7560 7609
7561 if (!sendClientCert && 7610 if (!sendClientCert &&
7562 » ss->ssl3.hs.hashType == handshake_hash_single && ss->ssl3.hs.md5) { 7611 » ss->ssl3.hs.hashType == handshake_hash_single &&
7612 » ss->ssl3.hs.backupHash) {
7563 /* Don't need the backup handshake hash. */ 7613 /* Don't need the backup handshake hash. */
7564 » PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE); 7614 » PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE);
7565 » ss->ssl3.hs.md5 = NULL; 7615 » ss->ssl3.hs.backupHash = NULL;
7566 } 7616 }
7567 7617
7568 /* We must wait for the server's certificate to be authenticated before 7618 /* We must wait for the server's certificate to be authenticated before
7569 * sending the client certificate in order to disclosing the client 7619 * sending the client certificate in order to disclosing the client
7570 * certificate to an attacker that does not have a valid cert for the 7620 * certificate to an attacker that does not have a valid cert for the
7571 * domain we are connecting to. 7621 * domain we are connecting to.
7572 * 7622 *
7573 * XXX: We should do the same for the NPN extension, but for that we 7623 * XXX: We should do the same for the NPN extension, but for that we
7574 * need an option to give the application the ability to leak the NPN 7624 * need an option to give the application the ability to leak the NPN
7575 * information to get better performance. 7625 * information to get better performance.
(...skipping 748 matching lines...) Expand 10 before | Expand all | Expand 10 after
8324 ss->ssl3.hs.suite_def = 8374 ss->ssl3.hs.suite_def =
8325 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); 8375 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
8326 goto suite_found; 8376 goto suite_found;
8327 } 8377 }
8328 } 8378 }
8329 } 8379 }
8330 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; 8380 errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
8331 goto alert_loser; 8381 goto alert_loser;
8332 8382
8333 suite_found: 8383 suite_found:
8334 /* Look for a matching compression algorithm. */ 8384 /* Select a compression algorithm. */
8335 for (i = 0; i < comps.len; i++) { 8385 for (i = 0; i < comps.len; i++) {
8336 if (!compressionEnabled(ss, comps.data[i])) 8386 if (!compressionEnabled(ss, comps.data[i]))
8337 continue; 8387 continue;
8338 for (j = 0; j < compressionMethodsCount; j++) { 8388 for (j = 0; j < compressionMethodsCount; j++) {
8339 if (comps.data[i] == compressions[j]) { 8389 if (comps.data[i] == compressions[j]) {
8340 ss->ssl3.hs.compression = 8390 ss->ssl3.hs.compression =
8341 (SSLCompressionMethod)compressions[j]; 8391 (SSLCompressionMethod)compressions[j];
8342 goto compression_found; 8392 goto compression_found;
8343 } 8393 }
8344 } 8394 }
(...skipping 1421 matching lines...) Expand 10 before | Expand all | Expand 10 after
9766 rv = ssl3_AppendHandshakeHeader(ss, certificate, 3); 9816 rv = ssl3_AppendHandshakeHeader(ss, certificate, 3);
9767 if (rv == SECSuccess) { 9817 if (rv == SECSuccess) {
9768 rv = ssl3_AppendHandshakeNumber(ss, 0, 3); 9818 rv = ssl3_AppendHandshakeNumber(ss, 0, 3);
9769 } 9819 }
9770 return rv; /* error, if any, set by functions called above. */ 9820 return rv; /* error, if any, set by functions called above. */
9771 } 9821 }
9772 9822
9773 SECStatus 9823 SECStatus
9774 ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length) 9824 ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
9775 { 9825 {
9776 SECStatus rv; 9826 SECStatus rv;
9777 NewSessionTicket session_ticket; 9827 SECItem ticketData;
9778 9828
9779 SSL_TRC(3, ("%d: SSL3[%d]: handle session_ticket handshake", 9829 SSL_TRC(3, ("%d: SSL3[%d]: handle session_ticket handshake",
9780 SSL_GETPID(), ss->fd)); 9830 SSL_GETPID(), ss->fd));
9781 9831
9782 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); 9832 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
9783 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); 9833 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
9784 9834
9835 PORT_Assert(!ss->ssl3.hs.newSessionTicket.ticket.data);
9836 PORT_Assert(!ss->ssl3.hs.receivedNewSessionTicket);
9837
9785 if (ss->ssl3.hs.ws != wait_new_session_ticket) { 9838 if (ss->ssl3.hs.ws != wait_new_session_ticket) {
9786 SSL3_SendAlert(ss, alert_fatal, unexpected_message); 9839 SSL3_SendAlert(ss, alert_fatal, unexpected_message);
9787 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET); 9840 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET);
9788 return SECFailure; 9841 return SECFailure;
9789 } 9842 }
9790 9843
9791 session_ticket.received_timestamp = ssl_Time(); 9844 /* RFC5077 Section 3.3: "The client MUST NOT treat the ticket as valid
9845 * until it has verified the server's Finished message." See the comment in
9846 * ssl3_FinishHandshake for more details.
9847 */
9848 ss->ssl3.hs.newSessionTicket.received_timestamp = ssl_Time();
9792 if (length < 4) { 9849 if (length < 4) {
9793 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); 9850 (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
9794 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); 9851 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
9795 return SECFailure; 9852 return SECFailure;
9796 } 9853 }
9797 session_ticket.ticket_lifetime_hint = 9854 ss->ssl3.hs.newSessionTicket.ticket_lifetime_hint =
9798 (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length); 9855 (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length);
9799 9856
9800 rv = ssl3_ConsumeHandshakeVariable(ss, &session_ticket.ticket, 2, 9857 rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length);
9801 » &b, &length);
9802 if (length != 0 || rv != SECSuccess) { 9858 if (length != 0 || rv != SECSuccess) {
9803 (void)SSL3_SendAlert(ss, alert_fatal, decode_error); 9859 (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
9804 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); 9860 PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
9805 return SECFailure; /* malformed */ 9861 return SECFailure; /* malformed */
9806 } 9862 }
9863 rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
9864 &ticketData);
9865 if (rv != SECSuccess) {
9866 return rv;
9867 }
9868 ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
9807 9869
9808 rv = ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &session_ticket);
9809 if (rv != SECSuccess) {
9810 (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
9811 PORT_SetError(SSL_ERROR_INTERNAL_ERROR_ALERT);
9812 return SECFailure;
9813 }
9814 ss->ssl3.hs.ws = wait_change_cipher; 9870 ss->ssl3.hs.ws = wait_change_cipher;
9815 return SECSuccess; 9871 return SECSuccess;
9816 } 9872 }
9817 9873
9818 #ifdef NISCC_TEST 9874 #ifdef NISCC_TEST
9819 static PRInt32 connNum = 0; 9875 static PRInt32 connNum = 0;
9820 9876
9821 static SECStatus 9877 static SECStatus
9822 get_fake_cert(SECItem *pCertItem, int *pIndex) 9878 get_fake_cert(SECItem *pCertItem, int *pIndex)
9823 { 9879 {
(...skipping 670 matching lines...) Expand 10 before | Expand all | Expand 10 after
10494 * success. Any remaining work will be taken care of by subsequent 10550 * success. Any remaining work will be taken care of by subsequent
10495 * calls to SSL_ForceHandshake/PR_Send/PR_Read/etc. 10551 * calls to SSL_ForceHandshake/PR_Send/PR_Read/etc.
10496 */ 10552 */
10497 if (rv == SECWouldBlock) { 10553 if (rv == SECWouldBlock) {
10498 rv = SECSuccess; 10554 rv = SECSuccess;
10499 } 10555 }
10500 } else { 10556 } else {
10501 SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication won the race with" 10557 SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication won the race with"
10502 " peer's finished message", SSL_GETPID(), ss->fd)); 10558 " peer's finished message", SSL_GETPID(), ss->fd));
10503 10559
10504 PORT_Assert(!ss->firstHsDone);
10505 PORT_Assert(!ss->sec.isServer);
10506 PORT_Assert(!ss->ssl3.hs.isResuming); 10560 PORT_Assert(!ss->ssl3.hs.isResuming);
10507 PORT_Assert(ss->ssl3.hs.ws != idle_handshake); 10561 PORT_Assert(ss->ssl3.hs.ws != idle_handshake);
10508 10562
10509 if (ss->opt.enableFalseStart && 10563 if (ss->opt.enableFalseStart &&
10510 !ss->firstHsDone && 10564 !ss->firstHsDone &&
10511 !ss->sec.isServer &&
10512 !ss->ssl3.hs.isResuming && 10565 !ss->ssl3.hs.isResuming &&
10513 ssl3_WaitingForStartOfServerSecondRound(ss)) { 10566 ssl3_WaitingForStartOfServerSecondRound(ss)) {
10514 /* ssl3_SendClientSecondRound deferred the false start check because 10567 /* ssl3_SendClientSecondRound deferred the false start check because
10515 * certificate authentication was pending, so we do it now if we sti ll 10568 * certificate authentication was pending, so we do it now if we sti ll
10516 * haven't received any of the server's second round yet. 10569 * haven't received any of the server's second round yet.
10517 */ 10570 */
10518 rv = ssl3_CheckFalseStart(ss); 10571 rv = ssl3_CheckFalseStart(ss);
10519 } else { 10572 } else {
10520 rv = SECSuccess; 10573 rv = SECSuccess;
10521 } 10574 }
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
10600 &outData, isFIPS); 10653 &outData, isFIPS);
10601 } else { 10654 } else {
10602 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); 10655 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
10603 } 10656 }
10604 PORT_Assert(rv != SECSuccess || outData.len == outLen); 10657 PORT_Assert(rv != SECSuccess || outData.len == outLen);
10605 #endif 10658 #endif
10606 } 10659 }
10607 return rv; 10660 return rv;
10608 } 10661 }
10609 10662
10610 /* called from ssl3_HandleServerHelloDone 10663 /* called from ssl3_SendClientSecondRound
10664 * ssl3_HandleFinished
10611 */ 10665 */
10612 static SECStatus 10666 static SECStatus
10613 ssl3_SendNextProto(sslSocket *ss) 10667 ssl3_SendNextProto(sslSocket *ss)
10614 { 10668 {
10615 SECStatus rv; 10669 SECStatus rv;
10616 int padding_len; 10670 int padding_len;
10617 static const unsigned char padding[32] = {0}; 10671 static const unsigned char padding[32] = {0};
10618 10672
10619 if (ss->ssl3.nextProto.len == 0 || 10673 if (ss->ssl3.nextProto.len == 0 ||
10620 ss->ssl3.nextProtoState == SSL_NEXT_PROTO_SELECTED) { 10674 ss->ssl3.nextProtoState == SSL_NEXT_PROTO_SELECTED) {
(...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after
10873 if (ss->ssl3.channelIDPub) 10927 if (ss->ssl3.channelIDPub)
10874 SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); 10928 SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
10875 10929
10876 ss->handshake = ssl_GatherRecord1stHandshake; 10930 ss->handshake = ssl_GatherRecord1stHandshake;
10877 ss->ssl3.channelID = channelID; 10931 ss->ssl3.channelID = channelID;
10878 ss->ssl3.channelIDPub = channelIDPub; 10932 ss->ssl3.channelIDPub = channelIDPub;
10879 10933
10880 return SECSuccess; 10934 return SECSuccess;
10881 } 10935 }
10882 10936
10883 /* called from ssl3_HandleServerHelloDone 10937 /* called from ssl3_SendClientSecondRound
10884 * ssl3_HandleClientHello 10938 * ssl3_HandleClientHello
10885 * ssl3_HandleFinished 10939 * ssl3_HandleFinished
10886 */ 10940 */
10887 static SECStatus 10941 static SECStatus
10888 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) 10942 ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
10889 { 10943 {
10890 ssl3CipherSpec *cwSpec; 10944 ssl3CipherSpec *cwSpec;
10891 PRBool isTLS; 10945 PRBool isTLS;
10892 PRBool isServer = ss->sec.isServer; 10946 PRBool isServer = ss->sec.isServer;
10893 SECStatus rv; 10947 SECStatus rv;
(...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after
11109 PRInt32 flags = 0; 11163 PRInt32 flags = 0;
11110 11164
11111 /* Send a NewSessionTicket message if the client sent us 11165 /* Send a NewSessionTicket message if the client sent us
11112 * either an empty session ticket, or one that did not verify. 11166 * either an empty session ticket, or one that did not verify.
11113 * (Note that if either of these conditions was met, then the 11167 * (Note that if either of these conditions was met, then the
11114 * server has sent a SessionTicket extension in the 11168 * server has sent a SessionTicket extension in the
11115 * ServerHello message.) 11169 * ServerHello message.)
11116 */ 11170 */
11117 if (isServer && !ss->ssl3.hs.isResuming && 11171 if (isServer && !ss->ssl3.hs.isResuming &&
11118 ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) { 11172 ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) {
11173 /* RFC 5077 Section 3.3: "In the case of a full handshake, the
11174 * server MUST verify the client's Finished message before sending
11175 * the ticket." Presumably, this also means that the client's
11176 * certificate, if any, must be verified beforehand too.
11177 */
11119 rv = ssl3_SendNewSessionTicket(ss); 11178 rv = ssl3_SendNewSessionTicket(ss);
11120 if (rv != SECSuccess) { 11179 if (rv != SECSuccess) {
11121 goto xmit_loser; 11180 goto xmit_loser;
11122 } 11181 }
11123 } 11182 }
11124 11183
11125 rv = ssl3_SendChangeCipherSpecs(ss); 11184 rv = ssl3_SendChangeCipherSpecs(ss);
11126 if (rv != SECSuccess) { 11185 if (rv != SECSuccess) {
11127 goto xmit_loser; /* err is set. */ 11186 goto xmit_loser; /* err is set. */
11128 } 11187 }
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after
11233 SECStatus 11292 SECStatus
11234 ssl3_FinishHandshake(sslSocket * ss) 11293 ssl3_FinishHandshake(sslSocket * ss)
11235 { 11294 {
11236 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); 11295 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
11237 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); 11296 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
11238 PORT_Assert( ss->ssl3.hs.restartTarget == NULL ); 11297 PORT_Assert( ss->ssl3.hs.restartTarget == NULL );
11239 11298
11240 /* The first handshake is now completed. */ 11299 /* The first handshake is now completed. */
11241 ss->handshake = NULL; 11300 ss->handshake = NULL;
11242 11301
11302 /* RFC 5077 Section 3.3: "The client MUST NOT treat the ticket as valid
11303 * until it has verified the server's Finished message." When the server
11304 * sends a NewSessionTicket in a resumption handshake, we must wait until
11305 * the handshake is finished (we have verified the server's Finished
11306 * AND the server's certificate) before we update the ticket in the sid.
11307 *
11308 * This must be done before we call (*ss->sec.cache)(ss->sec.ci.sid)
11309 * because CacheSID requires the session ticket to already be set, and also
11310 * because of the lazy lock creation scheme used by CacheSID and
11311 * ssl3_SetSIDSessionTicket.
11312 */
11313 if (ss->ssl3.hs.receivedNewSessionTicket) {
11314 PORT_Assert(!ss->sec.isServer);
11315 ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &ss->ssl3.hs.newSessionTicket);
11316 /* The sid took over the ticket data */
11317 PORT_Assert(!ss->ssl3.hs.newSessionTicket.ticket.data);
11318 ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
11319 }
11320
11243 if (ss->ssl3.hs.cacheSID && ss->sec.isServer) { 11321 if (ss->ssl3.hs.cacheSID && ss->sec.isServer) {
11322 PORT_Assert(ss->sec.ci.sid->cached == never_cached);
11244 (*ss->sec.cache)(ss->sec.ci.sid); 11323 (*ss->sec.cache)(ss->sec.ci.sid);
11245 ss->ssl3.hs.cacheSID = PR_FALSE; 11324 ss->ssl3.hs.cacheSID = PR_FALSE;
11246 } 11325 }
11247 11326
11248 ss->ssl3.hs.canFalseStart = PR_FALSE; /* False Start phase is complete */ 11327 ss->ssl3.hs.canFalseStart = PR_FALSE; /* False Start phase is complete */
11249 ss->ssl3.hs.ws = idle_handshake; 11328 ss->ssl3.hs.ws = idle_handshake;
11250 11329
11251 ssl_FinishHandshake(ss); 11330 ssl_FinishHandshake(ss);
11252 11331
11253 return SECSuccess; 11332 return SECSuccess;
(...skipping 1050 matching lines...) Expand 10 before | Expand all | Expand 10 after
12304 ss->ssl3.hs.rtRetries = 0; 12383 ss->ssl3.hs.rtRetries = 0;
12305 ss->ssl3.hs.recvdHighWater = -1; 12384 ss->ssl3.hs.recvdHighWater = -1;
12306 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); 12385 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
12307 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */ 12386 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */
12308 } 12387 }
12309 12388
12310 PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space); 12389 PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space);
12311 ss->ssl3.hs.messages.buf = NULL; 12390 ss->ssl3.hs.messages.buf = NULL;
12312 ss->ssl3.hs.messages.space = 0; 12391 ss->ssl3.hs.messages.space = 0;
12313 12392
12393 ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
12394 PORT_Memset(&ss->ssl3.hs.newSessionTicket, 0,
12395 sizeof(ss->ssl3.hs.newSessionTicket));
12396
12314 ss->ssl3.initialized = PR_TRUE; 12397 ss->ssl3.initialized = PR_TRUE;
12315 return SECSuccess; 12398 return SECSuccess;
12316 } 12399 }
12317 12400
12318 /* Returns a reference counted object that contains a key pair. 12401 /* Returns a reference counted object that contains a key pair.
12319 * Or NULL on failure. Initial ref count is 1. 12402 * Or NULL on failure. Initial ref count is 1.
12320 * Uses the keys in the pair as input. 12403 * Uses the keys in the pair as input.
12321 */ 12404 */
12322 ssl3KeyPair * 12405 ssl3KeyPair *
12323 ssl3_NewKeyPair( SECKEYPrivateKey * privKey, SECKEYPublicKey * pubKey) 12406 ssl3_NewKeyPair( SECKEYPrivateKey * privKey, SECKEYPublicKey * pubKey)
(...skipping 414 matching lines...) Expand 10 before | Expand all | Expand 10 after
12738 if (ss->ssl3.hs.messages.buf) { 12821 if (ss->ssl3.hs.messages.buf) {
12739 PORT_Free(ss->ssl3.hs.messages.buf); 12822 PORT_Free(ss->ssl3.hs.messages.buf);
12740 ss->ssl3.hs.messages.buf = NULL; 12823 ss->ssl3.hs.messages.buf = NULL;
12741 ss->ssl3.hs.messages.len = 0; 12824 ss->ssl3.hs.messages.len = 0;
12742 ss->ssl3.hs.messages.space = 0; 12825 ss->ssl3.hs.messages.space = 0;
12743 } 12826 }
12744 12827
12745 /* free the SSL3Buffer (msg_body) */ 12828 /* free the SSL3Buffer (msg_body) */
12746 PORT_Free(ss->ssl3.hs.msg_body.buf); 12829 PORT_Free(ss->ssl3.hs.msg_body.buf);
12747 12830
12831 SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE);
12832
12748 /* free up the CipherSpecs */ 12833 /* free up the CipherSpecs */
12749 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/); 12834 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/);
12750 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/); 12835 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/);
12751 12836
12752 /* Destroy the DTLS data */ 12837 /* Destroy the DTLS data */
12753 if (IS_DTLS(ss)) { 12838 if (IS_DTLS(ss)) {
12754 dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight); 12839 dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
12755 if (ss->ssl3.hs.recvdFragments.buf) { 12840 if (ss->ssl3.hs.recvdFragments.buf) {
12756 PORT_Free(ss->ssl3.hs.recvdFragments.buf); 12841 PORT_Free(ss->ssl3.hs.recvdFragments.buf);
12757 } 12842 }
12758 } 12843 }
12759 12844
12760 ss->ssl3.initialized = PR_FALSE; 12845 ss->ssl3.initialized = PR_FALSE;
12761 12846
12762 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); 12847 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
12763 } 12848 }
12764 12849
12765 /* End of ssl3con.c */ 12850 /* End of ssl3con.c */
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/ssl3ecc.c » ('j') | net/third_party/nss/ssl/sslenum.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698