OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 /* $Id$ */ | 8 /* $Id$ */ |
9 | 9 |
10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
189 case ssl_compression_deflate: | 189 case ssl_compression_deflate: |
190 return ss->opt.enableDeflate; | 190 return ss->opt.enableDeflate; |
191 #endif | 191 #endif |
192 default: | 192 default: |
193 return PR_FALSE; | 193 return PR_FALSE; |
194 } | 194 } |
195 } | 195 } |
196 | 196 |
197 static const /*SSL3ClientCertificateType */ uint8 certificate_types [] = { | 197 static const /*SSL3ClientCertificateType */ uint8 certificate_types [] = { |
198 ct_RSA_sign, | 198 ct_RSA_sign, |
199 ct_DSS_sign, | |
200 #ifdef NSS_ENABLE_ECC | 199 #ifdef NSS_ENABLE_ECC |
201 ct_ECDSA_sign, | 200 ct_ECDSA_sign, |
202 #endif /* NSS_ENABLE_ECC */ | 201 #endif /* NSS_ENABLE_ECC */ |
202 ct_DSS_sign, | |
203 }; | |
204 | |
205 /* This block is our supported_signature_algorithms value, in wire format. | |
206 * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ | |
207 static const PRUint8 supported_signature_algorithms[] = { | |
208 tls_hash_sha256, tls_sig_rsa, | |
209 tls_hash_sha384, tls_sig_rsa, | |
210 tls_hash_sha1, tls_sig_rsa, | |
211 #ifdef NSS_ENABLE_ECC | |
212 tls_hash_sha256, tls_sig_ecdsa, | |
213 tls_hash_sha384, tls_sig_ecdsa, | |
214 tls_hash_sha1, tls_sig_ecdsa, | |
215 #endif | |
216 tls_hash_sha256, tls_sig_dsa, | |
217 tls_hash_sha1, tls_sig_dsa, | |
203 }; | 218 }; |
204 | 219 |
205 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ | 220 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ |
206 | 221 |
207 | 222 |
208 /* This global item is used only in servers. It is is initialized by | 223 /* This global item is used only in servers. It is is initialized by |
209 ** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest(). | 224 ** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest(). |
210 */ | 225 */ |
211 CERTDistNames *ssl3_server_ca_list = NULL; | 226 CERTDistNames *ssl3_server_ca_list = NULL; |
212 static SSL3Statistics ssl3stats; | 227 static SSL3Statistics ssl3stats; |
(...skipping 3712 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3925 if (serialized[0] == 0) { | 3940 if (serialized[0] == 0) { |
3926 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); | 3941 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); |
3927 return SECFailure; | 3942 return SECFailure; |
3928 } | 3943 } |
3929 | 3944 |
3930 serialized[1] = sigAndHash->sigAlg; | 3945 serialized[1] = sigAndHash->sigAlg; |
3931 | 3946 |
3932 return ssl3_AppendHandshake(ss, serialized, sizeof(serialized)); | 3947 return ssl3_AppendHandshake(ss, serialized, sizeof(serialized)); |
3933 } | 3948 } |
3934 | 3949 |
3950 /* Appends our supported_signature_algorithms value to the current handshake | |
3951 * message. */ | |
3952 SECStatus | |
3953 ssl3_AppendSupportedSignatureAlgorithms(sslSocket *ss) | |
3954 { | |
3955 return ssl3_AppendHandshakeVariable(ss, supported_signature_algorithms, | |
3956 sizeof supported_signature_algorithms, | |
agl
2013/05/31 12:38:24
(nit: Other uses of sizeof seem to have parenthese
wtc
2013/05/31 16:30:55
This file uses both styles with sizeof. The code i
| |
3957 2); | |
3958 } | |
3959 | |
3960 /* Returns the size in bytes of our supported_signature_algorithms value. */ | |
3961 unsigned int | |
3962 ssl3_SizeOfSupportedSignatureAlgorithms(void) | |
3963 { | |
3964 return sizeof supported_signature_algorithms; | |
agl
2013/05/31 12:38:24
ditto.
| |
3965 } | |
3966 | |
3935 /************************************************************************** | 3967 /************************************************************************** |
3936 * Consume Handshake functions. | 3968 * Consume Handshake functions. |
3937 * | 3969 * |
3938 * All data used in these functions is protected by two locks, | 3970 * All data used in these functions is protected by two locks, |
3939 * the RecvBufLock and the SSL3HandshakeLock | 3971 * the RecvBufLock and the SSL3HandshakeLock |
3940 **************************************************************************/ | 3972 **************************************************************************/ |
3941 | 3973 |
3942 /* Read up the next "bytes" number of bytes from the (decrypted) input | 3974 /* Read up the next "bytes" number of bytes from the (decrypted) input |
3943 * stream "b" (which is *length bytes long). Copy them into buffer "v". | 3975 * stream "b" (which is *length bytes long). Copy them into buffer "v". |
3944 * Reduces *length by bytes. Advances *b by bytes. | 3976 * Reduces *length by bytes. Advances *b by bytes. |
(...skipping 2556 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6501 * ssl3 Certificate Request message. | 6533 * ssl3 Certificate Request message. |
6502 * Caller must hold Handshake and RecvBuf locks. | 6534 * Caller must hold Handshake and RecvBuf locks. |
6503 */ | 6535 */ |
6504 static SECStatus | 6536 static SECStatus |
6505 ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) | 6537 ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
6506 { | 6538 { |
6507 PRArenaPool * arena = NULL; | 6539 PRArenaPool * arena = NULL; |
6508 dnameNode * node; | 6540 dnameNode * node; |
6509 PRInt32 remaining; | 6541 PRInt32 remaining; |
6510 PRBool isTLS = PR_FALSE; | 6542 PRBool isTLS = PR_FALSE; |
6543 PRBool isTLS12 = PR_FALSE; | |
6511 int i; | 6544 int i; |
6512 int errCode = SSL_ERROR_RX_MALFORMED_CERT_REQUEST; | 6545 int errCode = SSL_ERROR_RX_MALFORMED_CERT_REQUEST; |
6513 int nnames = 0; | 6546 int nnames = 0; |
6514 SECStatus rv; | 6547 SECStatus rv; |
6515 SSL3AlertDescription desc = illegal_parameter; | 6548 SSL3AlertDescription desc = illegal_parameter; |
6516 SECItem cert_types = {siBuffer, NULL, 0}; | 6549 SECItem cert_types = {siBuffer, NULL, 0}; |
6550 SECItem algorithms = {siBuffer, NULL, 0}; | |
6517 CERTDistNames ca_list; | 6551 CERTDistNames ca_list; |
6518 #ifdef NSS_PLATFORM_CLIENT_AUTH | 6552 #ifdef NSS_PLATFORM_CLIENT_AUTH |
6519 CERTCertList * platform_cert_list = NULL; | 6553 CERTCertList * platform_cert_list = NULL; |
6520 CERTCertListNode * certNode = NULL; | 6554 CERTCertListNode * certNode = NULL; |
6521 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 6555 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
6522 | 6556 |
6523 SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake", | 6557 SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake", |
6524 SSL_GETPID(), ss->fd)); | 6558 SSL_GETPID(), ss->fd)); |
6525 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 6559 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
6526 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 6560 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
6527 | 6561 |
6528 if (ss->ssl3.hs.ws != wait_cert_request && | 6562 if (ss->ssl3.hs.ws != wait_cert_request && |
6529 ss->ssl3.hs.ws != wait_server_key) { | 6563 ss->ssl3.hs.ws != wait_server_key) { |
6530 desc = unexpected_message; | 6564 desc = unexpected_message; |
6531 errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; | 6565 errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; |
6532 goto alert_loser; | 6566 goto alert_loser; |
6533 } | 6567 } |
6534 | 6568 |
6535 PORT_Assert(ss->ssl3.clientCertChain == NULL); | 6569 PORT_Assert(ss->ssl3.clientCertChain == NULL); |
6536 PORT_Assert(ss->ssl3.clientCertificate == NULL); | 6570 PORT_Assert(ss->ssl3.clientCertificate == NULL); |
6537 PORT_Assert(ss->ssl3.clientPrivateKey == NULL); | 6571 PORT_Assert(ss->ssl3.clientPrivateKey == NULL); |
6538 PORT_Assert(ss->ssl3.platformClientKey == (PlatformKey)NULL); | 6572 PORT_Assert(ss->ssl3.platformClientKey == (PlatformKey)NULL); |
6539 | 6573 |
6540 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); | 6574 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); |
6575 isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); | |
6541 rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length); | 6576 rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length); |
6542 if (rv != SECSuccess) | 6577 if (rv != SECSuccess) |
6543 goto loser; /* malformed, alert has been sent */ | 6578 goto loser; /* malformed, alert has been sent */ |
6544 | 6579 |
6545 PORT_Assert(!ss->requestedCertTypes); | 6580 PORT_Assert(!ss->requestedCertTypes); |
6546 ss->requestedCertTypes = &cert_types; | 6581 ss->requestedCertTypes = &cert_types; |
6547 | 6582 |
6583 if (isTLS12) { | |
6584 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); | |
6585 if (rv != SECSuccess) | |
6586 goto loser; /* malformed, alert has been sent */ | |
6587 /* An empty or odd-length value is invalid. | |
6588 * SignatureAndHashAlgorithm | |
6589 * supported_signature_algorithms<2..2^16-2>; | |
6590 */ | |
6591 if (algorithms.len == 0 || (algorithms.len & 1) != 0) | |
6592 goto alert_loser; | |
6593 } | |
6594 | |
6548 arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 6595 arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
6549 if (arena == NULL) | 6596 if (arena == NULL) |
6550 goto no_mem; | 6597 goto no_mem; |
6551 | 6598 |
6552 remaining = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); | 6599 remaining = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
6553 if (remaining < 0) | 6600 if (remaining < 0) |
6554 goto loser; /* malformed, alert has been sent */ | 6601 goto loser; /* malformed, alert has been sent */ |
6555 | 6602 |
6556 if ((PRUint32)remaining > length) | 6603 if ((PRUint32)remaining > length) |
6557 goto alert_loser; | 6604 goto alert_loser; |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6600 } | 6647 } |
6601 | 6648 |
6602 if (length != 0) | 6649 if (length != 0) |
6603 goto alert_loser; /* malformed */ | 6650 goto alert_loser; /* malformed */ |
6604 | 6651 |
6605 desc = no_certificate; | 6652 desc = no_certificate; |
6606 ss->ssl3.hs.ws = wait_hello_done; | 6653 ss->ssl3.hs.ws = wait_hello_done; |
6607 | 6654 |
6608 #ifdef NSS_PLATFORM_CLIENT_AUTH | 6655 #ifdef NSS_PLATFORM_CLIENT_AUTH |
6609 if (ss->getPlatformClientAuthData != NULL) { | 6656 if (ss->getPlatformClientAuthData != NULL) { |
6610 » /* XXX Should pass cert_types in this call!! */ | 6657 » /* XXX Should pass cert_types and algorithms in this call!! */ |
6611 rv = (SECStatus)(*ss->getPlatformClientAuthData)( | 6658 rv = (SECStatus)(*ss->getPlatformClientAuthData)( |
6612 ss->getPlatformClientAuthDataArg, | 6659 ss->getPlatformClientAuthDataArg, |
6613 ss->fd, &ca_list, | 6660 ss->fd, &ca_list, |
6614 &platform_cert_list, | 6661 &platform_cert_list, |
6615 (void**)&ss->ssl3.platformClientKey, | 6662 (void**)&ss->ssl3.platformClientKey, |
6616 &ss->ssl3.clientCertificate, | 6663 &ss->ssl3.clientCertificate, |
6617 &ss->ssl3.clientPrivateKey); | 6664 &ss->ssl3.clientPrivateKey); |
6618 } else | 6665 } else |
6619 #endif | 6666 #endif |
6620 if (ss->getClientAuthData != NULL) { | 6667 if (ss->getClientAuthData != NULL) { |
6621 » /* XXX Should pass cert_types in this call!! */ | 6668 » /* XXX Should pass cert_types and algorithms in this call!! */ |
6622 rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg, | 6669 rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg, |
6623 ss->fd, &ca_list, | 6670 ss->fd, &ca_list, |
6624 &ss->ssl3.clientCertificate, | 6671 &ss->ssl3.clientCertificate, |
6625 &ss->ssl3.clientPrivateKey); | 6672 &ss->ssl3.clientPrivateKey); |
6626 } else { | 6673 } else { |
6627 rv = SECFailure; /* force it to send a no_certificate alert */ | 6674 rv = SECFailure; /* force it to send a no_certificate alert */ |
6628 } | 6675 } |
6629 | 6676 |
6630 switch (rv) { | 6677 switch (rv) { |
6631 case SECWouldBlock: /* getClientAuthData has put up a dialog box. */ | 6678 case SECWouldBlock: /* getClientAuthData has put up a dialog box. */ |
(...skipping 1853 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8485 loser: | 8532 loser: |
8486 if (signed_hash.data != NULL) | 8533 if (signed_hash.data != NULL) |
8487 PORT_Free(signed_hash.data); | 8534 PORT_Free(signed_hash.data); |
8488 return SECFailure; | 8535 return SECFailure; |
8489 } | 8536 } |
8490 | 8537 |
8491 | 8538 |
8492 static SECStatus | 8539 static SECStatus |
8493 ssl3_SendCertificateRequest(sslSocket *ss) | 8540 ssl3_SendCertificateRequest(sslSocket *ss) |
8494 { | 8541 { |
8542 PRBool isTLS12; | |
8495 SECItem * name; | 8543 SECItem * name; |
8496 CERTDistNames *ca_list; | 8544 CERTDistNames *ca_list; |
8497 const uint8 * certTypes; | 8545 const uint8 * certTypes; |
8498 SECItem * names = NULL; | 8546 SECItem * names = NULL; |
8499 SECStatus rv; | 8547 SECStatus rv; |
8500 int length; | 8548 int length; |
8501 int i; | 8549 int i; |
8502 int calen = 0; | 8550 int calen = 0; |
8503 int nnames = 0; | 8551 int nnames = 0; |
8504 int certTypesLength; | 8552 int certTypesLength; |
8505 | 8553 |
8506 SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", | 8554 SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", |
8507 SSL_GETPID(), ss->fd)); | 8555 SSL_GETPID(), ss->fd)); |
8508 | 8556 |
8509 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | 8557 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
8510 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 8558 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
8511 | 8559 |
8560 isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); | |
8561 | |
8512 /* ssl3.ca_list is initialized to NULL, and never changed. */ | 8562 /* ssl3.ca_list is initialized to NULL, and never changed. */ |
8513 ca_list = ss->ssl3.ca_list; | 8563 ca_list = ss->ssl3.ca_list; |
8514 if (!ca_list) { | 8564 if (!ca_list) { |
8515 ca_list = ssl3_server_ca_list; | 8565 ca_list = ssl3_server_ca_list; |
8516 } | 8566 } |
8517 | 8567 |
8518 if (ca_list != NULL) { | 8568 if (ca_list != NULL) { |
8519 names = ca_list->names; | 8569 names = ca_list->names; |
8520 nnames = ca_list->nnames; | 8570 nnames = ca_list->nnames; |
8521 } | 8571 } |
8522 | 8572 |
8523 for (i = 0, name = names; i < nnames; i++, name++) { | 8573 for (i = 0, name = names; i < nnames; i++, name++) { |
8524 calen += 2 + name->len; | 8574 calen += 2 + name->len; |
8525 } | 8575 } |
8526 | 8576 |
8527 certTypes = certificate_types; | 8577 certTypes = certificate_types; |
8528 certTypesLength = sizeof certificate_types; | 8578 certTypesLength = sizeof certificate_types; |
8529 | 8579 |
8530 length = 1 + certTypesLength + 2 + calen; | 8580 length = 1 + certTypesLength + 2 + calen; |
8581 if (isTLS12) { | |
8582 length += 2 + ssl3_SizeOfSupportedSignatureAlgorithms(); | |
8583 } | |
8531 | 8584 |
8532 rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length); | 8585 rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length); |
8533 if (rv != SECSuccess) { | 8586 if (rv != SECSuccess) { |
8534 return rv; /* err set by AppendHandshake. */ | 8587 return rv; /* err set by AppendHandshake. */ |
8535 } | 8588 } |
8536 rv = ssl3_AppendHandshakeVariable(ss, certTypes, certTypesLength, 1); | 8589 rv = ssl3_AppendHandshakeVariable(ss, certTypes, certTypesLength, 1); |
8537 if (rv != SECSuccess) { | 8590 if (rv != SECSuccess) { |
8538 return rv; /* err set by AppendHandshake. */ | 8591 return rv; /* err set by AppendHandshake. */ |
8539 } | 8592 } |
8593 if (isTLS12) { | |
8594 rv = ssl3_AppendSupportedSignatureAlgorithms(ss); | |
8595 if (rv != SECSuccess) { | |
8596 return rv; /* err set by AppendHandshake. */ | |
8597 } | |
8598 } | |
8540 rv = ssl3_AppendHandshakeNumber(ss, calen, 2); | 8599 rv = ssl3_AppendHandshakeNumber(ss, calen, 2); |
8541 if (rv != SECSuccess) { | 8600 if (rv != SECSuccess) { |
8542 return rv; /* err set by AppendHandshake. */ | 8601 return rv; /* err set by AppendHandshake. */ |
8543 } | 8602 } |
8544 for (i = 0, name = names; i < nnames; i++, name++) { | 8603 for (i = 0, name = names; i < nnames; i++, name++) { |
8545 rv = ssl3_AppendHandshakeVariable(ss, name->data, name->len, 2); | 8604 rv = ssl3_AppendHandshakeVariable(ss, name->data, name->len, 2); |
8546 if (rv != SECSuccess) { | 8605 if (rv != SECSuccess) { |
8547 return rv; /* err set by AppendHandshake. */ | 8606 return rv; /* err set by AppendHandshake. */ |
8548 } | 8607 } |
8549 } | 8608 } |
(...skipping 3335 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
11885 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 11944 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
11886 } | 11945 } |
11887 } | 11946 } |
11888 | 11947 |
11889 ss->ssl3.initialized = PR_FALSE; | 11948 ss->ssl3.initialized = PR_FALSE; |
11890 | 11949 |
11891 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 11950 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
11892 } | 11951 } |
11893 | 11952 |
11894 /* End of ssl3con.c */ | 11953 /* End of ssl3con.c */ |
OLD | NEW |