OLD | NEW |
1 /* | 1 /* |
2 * SSL v2 handshake functions, and functions common to SSL2 and SSL3. | 2 * SSL v2 handshake functions, and functions common to SSL2 and SSL3. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 #include "nssrenam.h" | 8 #include "nssrenam.h" |
9 #include "cert.h" | 9 #include "cert.h" |
10 #include "secitem.h" | 10 #include "secitem.h" |
11 #include "sechash.h" | 11 #include "sechash.h" |
12 #include "cryptohi.h" /* for SGN_ funcs */ | 12 #include "cryptohi.h" /* for SGN_ funcs */ |
13 #include "keyhi.h" /* for SECKEY_ high level functions. */ | 13 #include "keyhi.h" /* for SECKEY_ high level functions. */ |
14 #include "ssl.h" | 14 #include "ssl.h" |
15 #include "sslimpl.h" | 15 #include "sslimpl.h" |
16 #include "sslproto.h" | 16 #include "sslproto.h" |
17 #include "ssl3prot.h" | 17 #include "ssl3prot.h" |
18 #include "sslerr.h" | 18 #include "sslerr.h" |
19 #include "pk11func.h" | 19 #include "pk11func.h" |
20 #include "prinit.h" | 20 #include "prinit.h" |
21 #include "prtime.h" /* for PR_Now() */ | 21 #include "prtime.h" /* for PR_Now() */ |
22 | 22 |
23 static PRBool policyWasSet; | 23 static PRBool policyWasSet; |
24 | 24 |
25 /* This ordered list is indexed by (SSL_CK_xx * 3) */ | |
26 /* Second and third bytes are MSB and LSB of master key length. */ | |
27 static const PRUint8 allCipherSuites[] = { | |
28 0, 0, 0, | |
29 SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80, | |
30 SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80, | |
31 SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80, | |
32 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80, | |
33 SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80, | |
34 SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40, | |
35 SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0, | |
36 0, 0, 0 | |
37 }; | |
38 | |
39 #define ssl2_NUM_SUITES_IMPLEMENTED 6 | 25 #define ssl2_NUM_SUITES_IMPLEMENTED 6 |
40 | 26 |
41 /* This list is sent back to the client when the client-hello message | 27 /* This list is sent back to the client when the client-hello message |
42 * contains no overlapping ciphers, so the client can report what ciphers | 28 * contains no overlapping ciphers, so the client can report what ciphers |
43 * are supported by the server. Unlike allCipherSuites (above), this list | 29 * are supported by the server. Unlike allCipherSuites (above), this list |
44 * is sorted by descending preference, not by cipherSuite number. | 30 * is sorted by descending preference, not by cipherSuite number. |
45 */ | 31 */ |
46 static const PRUint8 implementedCipherSuites[ssl2_NUM_SUITES_IMPLEMENTED * 3] =
{ | 32 static const PRUint8 implementedCipherSuites[ssl2_NUM_SUITES_IMPLEMENTED * 3] =
{ |
47 SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80, | 33 SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80, |
48 SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80, | 34 SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80, |
(...skipping 795 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
844 ** Send some data in the clear. | 830 ** Send some data in the clear. |
845 ** Package up data with the length header and send it. | 831 ** Package up data with the length header and send it. |
846 ** | 832 ** |
847 ** Return count of bytes successfully written, or negative number (failure). | 833 ** Return count of bytes successfully written, or negative number (failure). |
848 */ | 834 */ |
849 static PRInt32 | 835 static PRInt32 |
850 ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) | 836 ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) |
851 { | 837 { |
852 PRUint8 * out; | 838 PRUint8 * out; |
853 int rv; | 839 int rv; |
854 int amount; | 840 unsigned int amount; |
855 int count = 0; | 841 int count = 0; |
856 | 842 |
857 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | 843 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
858 | 844 |
859 SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes in the clear", | 845 SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes in the clear", |
860 SSL_GETPID(), ss->fd, len)); | 846 SSL_GETPID(), ss->fd, len)); |
861 PRINT_BUF(50, (ss, "clear data:", (PRUint8*) in, len)); | 847 PRINT_BUF(50, (ss, "clear data:", (PRUint8*) in, len)); |
862 | 848 |
863 while (len) { | 849 while (len) { |
864 amount = PR_MIN( len, MAX_STREAM_CYPHER_LEN ); | 850 amount = PR_MIN( len, MAX_STREAM_CYPHER_LEN ); |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
920 static PRInt32 | 906 static PRInt32 |
921 ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) | 907 ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) |
922 { | 908 { |
923 PRUint8 * out; | 909 PRUint8 * out; |
924 int rv; | 910 int rv; |
925 int count = 0; | 911 int count = 0; |
926 | 912 |
927 int amount; | 913 int amount; |
928 PRUint8 macLen; | 914 PRUint8 macLen; |
929 int nout; | 915 int nout; |
930 int buflen; | 916 unsigned int buflen; |
931 | 917 |
932 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | 918 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
933 | 919 |
934 SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes using stream cipher", | 920 SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes using stream cipher", |
935 SSL_GETPID(), ss->fd, len)); | 921 SSL_GETPID(), ss->fd, len)); |
936 PRINT_BUF(50, (ss, "clear data:", (PRUint8*) in, len)); | 922 PRINT_BUF(50, (ss, "clear data:", (PRUint8*) in, len)); |
937 | 923 |
938 while (len) { | 924 while (len) { |
939 ssl_GetSpecReadLock(ss); /*************************************/ | 925 ssl_GetSpecReadLock(ss); /*************************************/ |
940 | 926 |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1024 PRUint8 * out; /* begining of output buffer. */ | 1010 PRUint8 * out; /* begining of output buffer. */ |
1025 PRUint8 * op; /* next output byte goes here. */ | 1011 PRUint8 * op; /* next output byte goes here. */ |
1026 int rv; /* value from funcs we called. */ | 1012 int rv; /* value from funcs we called. */ |
1027 int count = 0; /* this function's return value. */ | 1013 int count = 0; /* this function's return value. */ |
1028 | 1014 |
1029 unsigned int hlen; /* output record hdr len, 2 or 3 */ | 1015 unsigned int hlen; /* output record hdr len, 2 or 3 */ |
1030 unsigned int macLen; /* MAC is this many bytes long. */ | 1016 unsigned int macLen; /* MAC is this many bytes long. */ |
1031 int amount; /* of plaintext to go in record. */ | 1017 int amount; /* of plaintext to go in record. */ |
1032 unsigned int padding; /* add this many padding byte. */ | 1018 unsigned int padding; /* add this many padding byte. */ |
1033 int nout; /* ciphertext size after header. */ | 1019 int nout; /* ciphertext size after header. */ |
1034 int buflen;» » /* size of generated record. */ | 1020 unsigned int buflen;» » /* size of generated record. */ |
1035 | 1021 |
1036 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | 1022 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
1037 | 1023 |
1038 SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes using block cipher", | 1024 SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes using block cipher", |
1039 SSL_GETPID(), ss->fd, len)); | 1025 SSL_GETPID(), ss->fd, len)); |
1040 PRINT_BUF(50, (ss, "clear data:", in, len)); | 1026 PRINT_BUF(50, (ss, "clear data:", in, len)); |
1041 | 1027 |
1042 while (len) { | 1028 while (len) { |
1043 ssl_GetSpecReadLock(ss); /*************************************/ | 1029 ssl_GetSpecReadLock(ss); /*************************************/ |
1044 | 1030 |
(...skipping 503 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1548 PRUint8 *ek, unsigned int ekLen, | 1534 PRUint8 *ek, unsigned int ekLen, |
1549 PRUint8 *ca, unsigned int caLen) | 1535 PRUint8 *ca, unsigned int caLen) |
1550 { | 1536 { |
1551 PRUint8 * dk = NULL; /* decrypted master key */ | 1537 PRUint8 * dk = NULL; /* decrypted master key */ |
1552 sslSessionID * sid; | 1538 sslSessionID * sid; |
1553 sslServerCerts * sc = ss->serverCerts + kt_rsa; | 1539 sslServerCerts * sc = ss->serverCerts + kt_rsa; |
1554 PRUint8 * kbuf = 0; /* buffer for RSA decrypted data. */ | 1540 PRUint8 * kbuf = 0; /* buffer for RSA decrypted data. */ |
1555 unsigned int ddLen; /* length of RSA decrypted data in kbuf */ | 1541 unsigned int ddLen; /* length of RSA decrypted data in kbuf */ |
1556 unsigned int keySize; | 1542 unsigned int keySize; |
1557 unsigned int dkLen; /* decrypted key length in bytes */ | 1543 unsigned int dkLen; /* decrypted key length in bytes */ |
1558 int modulusLen; | 1544 int modulusLen; |
1559 SECStatus rv; | 1545 SECStatus rv; |
1560 PRUint16 allowed; /* cipher kinds enabled and allowed by policy */ | 1546 PRUint16 allowed; /* cipher kinds enabled and allowed by policy */ |
1561 PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES]; | 1547 PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES]; |
1562 | 1548 |
1563 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | 1549 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); |
1564 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 1550 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
1565 PORT_Assert((sc->SERVERKEY != 0)); | 1551 PORT_Assert((sc->SERVERKEY != 0)); |
1566 PORT_Assert((ss->sec.ci.sid != 0)); | 1552 PORT_Assert((ss->sec.ci.sid != 0)); |
1567 sid = ss->sec.ci.sid; | 1553 sid = ss->sec.ci.sid; |
1568 | 1554 |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1610 } | 1596 } |
1611 | 1597 |
1612 if (caLen != ssl_Specs[cipher].ivLen) { | 1598 if (caLen != ssl_Specs[cipher].ivLen) { |
1613 SSL_DBG(("%d: SSL[%d]: invalid key args length, caLen=%d (bytes)!", | 1599 SSL_DBG(("%d: SSL[%d]: invalid key args length, caLen=%d (bytes)!", |
1614 SSL_GETPID(), ss->fd, caLen)); | 1600 SSL_GETPID(), ss->fd, caLen)); |
1615 PORT_SetError(SSL_ERROR_BAD_CLIENT); | 1601 PORT_SetError(SSL_ERROR_BAD_CLIENT); |
1616 goto loser; | 1602 goto loser; |
1617 } | 1603 } |
1618 | 1604 |
1619 modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY); | 1605 modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY); |
1620 if (modulusLen == -1) { | 1606 if (modulusLen < 0) { |
1621 /* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */ | 1607 /* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */ |
1622 modulusLen = ekLen; | 1608 modulusLen = ekLen; |
1623 } | 1609 } |
1624 if (ekLen > modulusLen || ekLen + ckLen < keySize) { | 1610 if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) { |
1625 SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!", | 1611 SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!", |
1626 SSL_GETPID(), ss->fd, ekLen)); | 1612 SSL_GETPID(), ss->fd, ekLen)); |
1627 PORT_SetError(SSL_ERROR_BAD_CLIENT); | 1613 PORT_SetError(SSL_ERROR_BAD_CLIENT); |
1628 goto loser; | 1614 goto loser; |
1629 } | 1615 } |
1630 | 1616 |
1631 /* allocate the buffer to hold the decrypted portion of the key. */ | 1617 /* allocate the buffer to hold the decrypted portion of the key. */ |
1632 kbuf = (PRUint8*)PORT_Alloc(modulusLen); | 1618 kbuf = (PRUint8*)PORT_Alloc(modulusLen); |
1633 if (!kbuf) { | 1619 if (!kbuf) { |
1634 goto loser; | 1620 goto loser; |
(...skipping 853 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2488 ** Called from ssl_Do1stHandshake(). | 2474 ** Called from ssl_Do1stHandshake(). |
2489 ** | 2475 ** |
2490 */ | 2476 */ |
2491 static SECStatus | 2477 static SECStatus |
2492 ssl2_HandleMessage(sslSocket *ss) | 2478 ssl2_HandleMessage(sslSocket *ss) |
2493 { | 2479 { |
2494 PRUint8 * data; | 2480 PRUint8 * data; |
2495 PRUint8 * cid; | 2481 PRUint8 * cid; |
2496 unsigned len, certType, certLen, responseLen; | 2482 unsigned len, certType, certLen, responseLen; |
2497 int rv; | 2483 int rv; |
2498 int rv2; | |
2499 | 2484 |
2500 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | 2485 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); |
2501 | 2486 |
2502 ssl_GetRecvBufLock(ss); | 2487 ssl_GetRecvBufLock(ss); |
2503 | 2488 |
2504 data = ss->gs.buf.buf + ss->gs.recordOffset; | 2489 data = ss->gs.buf.buf + ss->gs.recordOffset; |
2505 | 2490 |
2506 if (ss->gs.recordLen < 1) { | 2491 if (ss->gs.recordLen < 1) { |
2507 goto bad_peer; | 2492 goto bad_peer; |
2508 } | 2493 } |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2606 > ss->gs.recordLen) { | 2591 > ss->gs.recordLen) { |
2607 /* prevent overflow crash. */ | 2592 /* prevent overflow crash. */ |
2608 rv = SECFailure; | 2593 rv = SECFailure; |
2609 } else | 2594 } else |
2610 rv = ssl2_HandleClientCertificate(ss, data[1], | 2595 rv = ssl2_HandleClientCertificate(ss, data[1], |
2611 data + SSL_HL_CLIENT_CERTIFICATE_HBYTES, | 2596 data + SSL_HL_CLIENT_CERTIFICATE_HBYTES, |
2612 certLen, | 2597 certLen, |
2613 data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen, | 2598 data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen, |
2614 responseLen); | 2599 responseLen); |
2615 if (rv) { | 2600 if (rv) { |
2616 » rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); | 2601 » (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); |
2617 SET_ERROR_CODE | 2602 SET_ERROR_CODE |
2618 goto loser; | 2603 goto loser; |
2619 } | 2604 } |
2620 ss->sec.ci.elements |= CIS_HAVE_CERTIFICATE; | 2605 ss->sec.ci.elements |= CIS_HAVE_CERTIFICATE; |
2621 break; | 2606 break; |
2622 | 2607 |
2623 case SSL_MT_ERROR: | 2608 case SSL_MT_ERROR: |
2624 rv = (data[1] << 8) | data[2]; | 2609 rv = (data[1] << 8) | data[2]; |
2625 SSL_TRC(2, ("%d: SSL[%d]: got error message, error=0x%x", | 2610 SSL_TRC(2, ("%d: SSL[%d]: got error message, error=0x%x", |
2626 SSL_GETPID(), ss->fd, rv)); | 2611 SSL_GETPID(), ss->fd, rv)); |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2734 * Called from ssl_Do1stHandshake after ssl2_BeginClientHandshake() | 2719 * Called from ssl_Do1stHandshake after ssl2_BeginClientHandshake() |
2735 */ | 2720 */ |
2736 SECStatus | 2721 SECStatus |
2737 ssl2_HandleServerHelloMessage(sslSocket *ss) | 2722 ssl2_HandleServerHelloMessage(sslSocket *ss) |
2738 { | 2723 { |
2739 sslSessionID * sid; | 2724 sslSessionID * sid; |
2740 PRUint8 * cert; | 2725 PRUint8 * cert; |
2741 PRUint8 * cs; | 2726 PRUint8 * cs; |
2742 PRUint8 * data; | 2727 PRUint8 * data; |
2743 SECStatus rv; | 2728 SECStatus rv; |
2744 int needed, sidHit, certLen, csLen, cidLen, certType, err; | 2729 unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err; |
2745 | 2730 |
2746 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | 2731 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); |
2747 | 2732 |
2748 if (!ss->opt.enableSSL2) { | 2733 if (!ss->opt.enableSSL2) { |
2749 PORT_SetError(SSL_ERROR_SSL2_DISABLED); | 2734 PORT_SetError(SSL_ERROR_SSL2_DISABLED); |
2750 return SECFailure; | 2735 return SECFailure; |
2751 } | 2736 } |
2752 | 2737 |
2753 ssl_GetRecvBufLock(ss); | 2738 ssl_GetRecvBufLock(ss); |
2754 | 2739 |
(...skipping 907 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3662 loser: | 3647 loser: |
3663 return SECFailure; | 3648 return SECFailure; |
3664 } | 3649 } |
3665 | 3650 |
3666 /* This function doesn't really belong in this file. | 3651 /* This function doesn't really belong in this file. |
3667 ** It's here to keep AIX compilers from optimizing it away, | 3652 ** It's here to keep AIX compilers from optimizing it away, |
3668 ** and not including it in the DSO. | 3653 ** and not including it in the DSO. |
3669 */ | 3654 */ |
3670 | 3655 |
3671 #include "nss.h" | 3656 #include "nss.h" |
3672 extern const char __nss_ssl_rcsid[]; | 3657 extern const char __nss_ssl_version[]; |
3673 extern const char __nss_ssl_sccsid[]; | |
3674 | 3658 |
3675 PRBool | 3659 PRBool |
3676 NSSSSL_VersionCheck(const char *importedVersion) | 3660 NSSSSL_VersionCheck(const char *importedVersion) |
3677 { | 3661 { |
| 3662 #define NSS_VERSION_VARIABLE __nss_ssl_version |
| 3663 #include "verref.h" |
| 3664 |
3678 /* | 3665 /* |
3679 * This is the secret handshake algorithm. | 3666 * This is the secret handshake algorithm. |
3680 * | 3667 * |
3681 * This release has a simple version compatibility | 3668 * This release has a simple version compatibility |
3682 * check algorithm. This release is not backward | 3669 * check algorithm. This release is not backward |
3683 * compatible with previous major releases. It is | 3670 * compatible with previous major releases. It is |
3684 * not compatible with future major, minor, or | 3671 * not compatible with future major, minor, or |
3685 * patch releases. | 3672 * patch releases. |
3686 */ | 3673 */ |
3687 volatile char c; /* force a reference that won't get optimized away */ | |
3688 | |
3689 c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0]; | |
3690 return NSS_VersionCheck(importedVersion); | 3674 return NSS_VersionCheck(importedVersion); |
3691 } | 3675 } |
3692 | 3676 |
3693 const char * | 3677 const char * |
3694 NSSSSL_GetVersion(void) | 3678 NSSSSL_GetVersion(void) |
3695 { | 3679 { |
3696 return NSS_VERSION; | 3680 return NSS_VERSION; |
3697 } | 3681 } |
OLD | NEW |