OLD | NEW |
1 /* | 1 /* |
2 * SSL3 Protocol | 2 * SSL3 Protocol |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 /* TLS extension code moved here from ssl3ecc.c */ | 8 /* TLS extension code moved here from ssl3ecc.c */ |
9 /* $Id$ */ | 9 /* $Id$ */ |
10 | 10 |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
67 PRUint32 maxBytes); | 67 PRUint32 maxBytes); |
68 static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss, | 68 static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss, |
69 PRBool append, PRUint32 maxBytes); | 69 PRBool append, PRUint32 maxBytes); |
70 static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, | 70 static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, |
71 PRUint16 ex_type, SECItem *data); | 71 PRUint16 ex_type, SECItem *data); |
72 static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, | 72 static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, |
73 PRUint16 ex_type, | 73 PRUint16 ex_type, |
74 SECItem *data); | 74 SECItem *data); |
75 static PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, | 75 static PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, |
76 PRUint32 maxBytes); | 76 PRUint32 maxBytes); |
| 77 static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, |
| 78 PRUint32 maxBytes); |
| 79 static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type, |
| 80 SECItem *data); |
77 | 81 |
78 /* | 82 /* |
79 * Write bytes. Using this function means the SECItem structure | 83 * Write bytes. Using this function means the SECItem structure |
80 * cannot be freed. The caller is expected to call this function | 84 * cannot be freed. The caller is expected to call this function |
81 * on a shallow copy of the structure. | 85 * on a shallow copy of the structure. |
82 */ | 86 */ |
83 static SECStatus | 87 static SECStatus |
84 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes) | 88 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes) |
85 { | 89 { |
86 if (bytes > item->len) | 90 if (bytes > item->len) |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
229 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, | 233 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
230 #ifdef NSS_ENABLE_ECC | 234 #ifdef NSS_ENABLE_ECC |
231 { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn }, | 235 { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn }, |
232 { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn }, | 236 { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn }, |
233 #endif | 237 #endif |
234 { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, | 238 { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, |
235 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 239 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
236 { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, | 240 { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, |
237 { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, | 241 { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, |
238 { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, | 242 { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, |
| 243 { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, |
239 { -1, NULL } | 244 { -1, NULL } |
240 }; | 245 }; |
241 | 246 |
242 /* These two tables are used by the client, to handle server hello | 247 /* These two tables are used by the client, to handle server hello |
243 * extensions. */ | 248 * extensions. */ |
244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { | 249 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { |
245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, | 250 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
246 /* TODO: add a handler for ssl_ec_point_formats_xtn */ | 251 /* TODO: add a handler for ssl_ec_point_formats_xtn */ |
247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, | 252 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 253 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
(...skipping 20 matching lines...) Expand all Loading... |
269 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, | 274 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, |
270 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, | 275 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, |
271 #ifdef NSS_ENABLE_ECC | 276 #ifdef NSS_ENABLE_ECC |
272 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, | 277 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, |
273 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, | 278 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, |
274 #endif | 279 #endif |
275 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, | 280 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
276 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, | 281 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
277 { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, | 282 { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, |
278 { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, | 283 { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, |
279 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } | 284 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, |
| 285 { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn } |
280 /* any extra entries will appear as { 0, NULL } */ | 286 /* any extra entries will appear as { 0, NULL } */ |
281 }; | 287 }; |
282 | 288 |
283 static const | 289 static const |
284 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { | 290 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { |
285 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } | 291 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } |
286 /* any extra entries will appear as { 0, NULL } */ | 292 /* any extra entries will appear as { 0, NULL } */ |
287 }; | 293 }; |
288 | 294 |
289 static PRBool | 295 static PRBool |
(...skipping 1742 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2032 return SECSuccess; | 2038 return SECSuccess; |
2033 } | 2039 } |
2034 | 2040 |
2035 /* OK, we have a valid cipher and we've selected it */ | 2041 /* OK, we have a valid cipher and we've selected it */ |
2036 ss->ssl3.dtlsSRTPCipherSuite = cipher; | 2042 ss->ssl3.dtlsSRTPCipherSuite = cipher; |
2037 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; | 2043 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; |
2038 | 2044 |
2039 return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn, | 2045 return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn, |
2040 ssl3_SendUseSRTPXtn); | 2046 ssl3_SendUseSRTPXtn); |
2041 } | 2047 } |
| 2048 |
| 2049 /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension |
| 2050 * from a client. |
| 2051 * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ |
| 2052 static SECStatus |
| 2053 ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) |
| 2054 { |
| 2055 SECStatus rv; |
| 2056 SECItem algorithms; |
| 2057 const unsigned char *b; |
| 2058 unsigned int numAlgorithms, i; |
| 2059 |
| 2060 /* Ignore this extension if we aren't doing TLS 1.2 or greater. */ |
| 2061 if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { |
| 2062 return SECSuccess; |
| 2063 } |
| 2064 |
| 2065 /* Keep track of negotiated extensions. */ |
| 2066 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
| 2067 |
| 2068 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data, |
| 2069 &data->len); |
| 2070 if (rv != SECSuccess) { |
| 2071 return SECFailure; |
| 2072 } |
| 2073 /* Trailing data or odd-length parameters is invalid. */ |
| 2074 if (data->len != 0 || (algorithms.len & 1) != 0) { |
| 2075 PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); |
| 2076 return SECFailure; |
| 2077 } |
| 2078 |
| 2079 numAlgorithms = algorithms.len/2; |
| 2080 |
| 2081 if (numAlgorithms == 0) { |
| 2082 return SECSuccess; |
| 2083 } |
| 2084 /* We don't care to process excessive numbers of algorithms. */ |
| 2085 if (numAlgorithms > 512) { |
| 2086 numAlgorithms = 512; |
| 2087 } |
| 2088 |
| 2089 ss->ssl3.hs.clientSigAndHash = |
| 2090 PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); |
| 2091 if (!ss->ssl3.hs.clientSigAndHash) { |
| 2092 return SECFailure; |
| 2093 } |
| 2094 ss->ssl3.hs.numClientSigAndHash = 0; |
| 2095 |
| 2096 b = algorithms.data; |
| 2097 for (i = 0; i < numAlgorithms; i++) { |
| 2098 unsigned char tls_hash = *(b++); |
| 2099 unsigned char tls_sig = *(b++); |
| 2100 SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); |
| 2101 |
| 2102 if (hash == SEC_OID_UNKNOWN) { |
| 2103 /* We ignore formats that we don't understand. */ |
| 2104 continue; |
| 2105 } |
| 2106 /* tls_sig support will be checked later in |
| 2107 * ssl3_PickSignatureHashAlgorithm. */ |
| 2108 ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash; |
| 2109 ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig; |
| 2110 ss->ssl3.hs.numClientSigAndHash++; |
| 2111 } |
| 2112 |
| 2113 if (!ss->ssl3.hs.numClientSigAndHash) { |
| 2114 /* We didn't understand any of the client's requested signature |
| 2115 * formats. We'll use the defaults. */ |
| 2116 PORT_Free(ss->ssl3.hs.clientSigAndHash); |
| 2117 ss->ssl3.hs.clientSigAndHash = NULL; |
| 2118 } |
| 2119 |
| 2120 return SECSuccess; |
| 2121 } |
| 2122 |
| 2123 /* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS |
| 2124 * 1.2 ClientHellos. */ |
| 2125 static PRInt32 |
| 2126 ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) |
| 2127 { |
| 2128 static const unsigned char signatureAlgorithms[] = { |
| 2129 /* This block is the contents of our signature_algorithms extension, in |
| 2130 * wire format. See |
| 2131 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ |
| 2132 tls_hash_sha256, tls_sig_rsa, |
| 2133 tls_hash_sha384, tls_sig_rsa, |
| 2134 tls_hash_sha1, tls_sig_rsa, |
| 2135 #ifdef NSS_ENABLE_ECC |
| 2136 tls_hash_sha256, tls_sig_ecdsa, |
| 2137 tls_hash_sha384, tls_sig_ecdsa, |
| 2138 tls_hash_sha1, tls_sig_ecdsa, |
| 2139 #endif |
| 2140 tls_hash_sha256, tls_sig_dsa, |
| 2141 tls_hash_sha1, tls_sig_dsa, |
| 2142 }; |
| 2143 PRInt32 extension_length; |
| 2144 |
| 2145 if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { |
| 2146 return 0; |
| 2147 } |
| 2148 |
| 2149 extension_length = |
| 2150 2 /* extension type */ + |
| 2151 2 /* extension length */ + |
| 2152 2 /* supported_signature_algorithms length */ + |
| 2153 sizeof(signatureAlgorithms); |
| 2154 |
| 2155 if (append && maxBytes >= extension_length) { |
| 2156 SECStatus rv; |
| 2157 rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); |
| 2158 if (rv != SECSuccess) |
| 2159 goto loser; |
| 2160 rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); |
| 2161 if (rv != SECSuccess) |
| 2162 goto loser; |
| 2163 rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, |
| 2164 sizeof(signatureAlgorithms), 2); |
| 2165 if (rv != SECSuccess) |
| 2166 goto loser; |
| 2167 ss->xtnData.advertised[ss->xtnData.numAdvertised++] = |
| 2168 ssl_signature_algorithms_xtn; |
| 2169 } else if (maxBytes < extension_length) { |
| 2170 PORT_Assert(0); |
| 2171 return 0; |
| 2172 } |
| 2173 |
| 2174 return extension_length; |
| 2175 |
| 2176 loser: |
| 2177 return -1; |
| 2178 } |
OLD | NEW |