OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
81 | 81 |
82 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ | 82 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ |
83 #define MIN_SEND_BUF_LENGTH 4000 | 83 #define MIN_SEND_BUF_LENGTH 4000 |
84 | 84 |
85 /* This list of SSL3 cipher suites is sorted in descending order of | 85 /* This list of SSL3 cipher suites is sorted in descending order of |
86 * precedence (desirability). It only includes cipher suites we implement. | 86 * precedence (desirability). It only includes cipher suites we implement. |
87 * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites | 87 * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites |
88 * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c) | 88 * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c) |
89 */ | 89 */ |
90 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { | 90 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { |
91 /* cipher_suite policy enabled is_present*/ | 91 /* cipher_suite enabled is_present*/ |
wtc
2013/08/08 21:26:28
Nit: add a space before "enabled"
agl
2013/08/09 15:53:49
Done.
| |
92 #ifdef NSS_ENABLE_ECC | 92 #ifdef NSS_ENABLE_ECC |
93 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 93 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
94 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 94 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
95 #endif /* NSS_ENABLE_ECC */ | 95 #endif /* NSS_ENABLE_ECC */ |
96 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 96 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
97 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 97 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
98 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 98 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, PR_TRUE, PR_FALSE}, |
99 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 99 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, PR_TRUE, PR_FALSE}, |
100 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 100 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, PR_TRUE, PR_FALSE}, |
101 #ifdef NSS_ENABLE_ECC | 101 #ifdef NSS_ENABLE_ECC |
102 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 102 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
103 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 103 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
104 #endif /* NSS_ENABLE_ECC */ | 104 #endif /* NSS_ENABLE_ECC */ |
105 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 105 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
106 { TLS_RSA_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 106 { TLS_RSA_WITH_AES_256_CBC_SHA, PR_TRUE, PR_FALSE}, |
107 { TLS_RSA_WITH_AES_256_CBC_SHA256,» SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 107 { TLS_RSA_WITH_AES_256_CBC_SHA256, PR_TRUE, PR_FALSE}, |
108 | 108 |
109 #ifdef NSS_ENABLE_ECC | 109 #ifdef NSS_ENABLE_ECC |
110 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 110 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, PR_FALSE, PR_FALSE}, |
111 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 111 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
112 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 112 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, PR_FALSE, PR_FALSE}, |
113 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 113 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, PR_FALSE, PR_FALSE}, |
114 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 114 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
115 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 115 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, PR_FALSE, PR_FALSE}, |
116 #endif /* NSS_ENABLE_ECC */ | 116 #endif /* NSS_ENABLE_ECC */ |
117 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 117 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
118 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 118 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
119 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 119 { TLS_DHE_DSS_WITH_RC4_128_SHA, PR_FALSE, PR_FALSE}, |
120 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 120 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, PR_TRUE, PR_FALSE}, |
121 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 121 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, PR_TRUE, PR_FALSE}, |
122 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 122 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, PR_TRUE, PR_FALSE}, |
123 #ifdef NSS_ENABLE_ECC | 123 #ifdef NSS_ENABLE_ECC |
124 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 124 { TLS_ECDH_RSA_WITH_RC4_128_SHA, PR_FALSE, PR_FALSE}, |
125 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 125 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
126 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 126 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, PR_FALSE, PR_FALSE}, |
127 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 127 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
128 #endif /* NSS_ENABLE_ECC */ | 128 #endif /* NSS_ENABLE_ECC */ |
129 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 129 { TLS_RSA_WITH_SEED_CBC_SHA, PR_FALSE, PR_FALSE}, |
130 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 130 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
131 { SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 131 { SSL_RSA_WITH_RC4_128_SHA, PR_TRUE, PR_FALSE}, |
132 { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, | 132 { SSL_RSA_WITH_RC4_128_MD5, PR_TRUE, PR_FALSE}, |
133 { TLS_RSA_WITH_AES_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 133 { TLS_RSA_WITH_AES_128_CBC_SHA, PR_TRUE, PR_FALSE}, |
134 { TLS_RSA_WITH_AES_128_CBC_SHA256,» SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 134 { TLS_RSA_WITH_AES_128_CBC_SHA256, PR_TRUE, PR_FALSE}, |
135 | 135 |
136 #ifdef NSS_ENABLE_ECC | 136 #ifdef NSS_ENABLE_ECC |
137 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 137 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, PR_FALSE, PR_FALSE}, |
138 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 138 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, PR_FALSE, PR_FALSE}, |
139 #endif /* NSS_ENABLE_ECC */ | 139 #endif /* NSS_ENABLE_ECC */ |
140 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 140 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, PR_TRUE, PR_FALSE}, |
141 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 141 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, PR_TRUE, PR_FALSE}, |
142 #ifdef NSS_ENABLE_ECC | 142 #ifdef NSS_ENABLE_ECC |
143 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 143 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, PR_FALSE, PR_FALSE}, |
144 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 144 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, PR_FALSE, PR_FALSE}, |
145 #endif /* NSS_ENABLE_ECC */ | 145 #endif /* NSS_ENABLE_ECC */ |
146 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 146 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, PR_FALSE, PR_FALSE}, |
147 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, | 147 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, PR_TRUE, PR_FALSE}, |
148 | 148 |
149 | 149 |
150 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 150 { SSL_DHE_RSA_WITH_DES_CBC_SHA, PR_FALSE, PR_FALSE}, |
151 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 151 { SSL_DHE_DSS_WITH_DES_CBC_SHA, PR_FALSE, PR_FALSE}, |
152 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 152 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, PR_FALSE, PR_FALSE}, |
153 { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 153 { SSL_RSA_WITH_DES_CBC_SHA, PR_FALSE, PR_FALSE}, |
154 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 154 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, PR_FALSE, PR_FALSE}, |
155 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 155 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, PR_FALSE, PR_FALSE}, |
156 | 156 |
157 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 157 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, PR_FALSE, PR_FALSE}, |
158 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 158 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, PR_FALSE, PR_FALSE}, |
159 | 159 |
160 #ifdef NSS_ENABLE_ECC | 160 #ifdef NSS_ENABLE_ECC |
161 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 161 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, PR_FALSE, PR_FALSE}, |
162 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 162 { TLS_ECDHE_RSA_WITH_NULL_SHA, PR_FALSE, PR_FALSE}, |
163 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 163 { TLS_ECDH_RSA_WITH_NULL_SHA, PR_FALSE, PR_FALSE}, |
164 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 164 { TLS_ECDH_ECDSA_WITH_NULL_SHA, PR_FALSE, PR_FALSE}, |
165 #endif /* NSS_ENABLE_ECC */ | 165 #endif /* NSS_ENABLE_ECC */ |
166 { SSL_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 166 { SSL_RSA_WITH_NULL_SHA, PR_FALSE, PR_FALSE}, |
167 { TLS_RSA_WITH_NULL_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 167 { TLS_RSA_WITH_NULL_SHA256, PR_FALSE, PR_FALSE}, |
168 { SSL_RSA_WITH_NULL_MD5, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 168 { SSL_RSA_WITH_NULL_MD5, PR_FALSE, PR_FALSE}, |
169 | |
170 }; | 169 }; |
171 | 170 |
172 /* This list of SSL3 compression methods is sorted in descending order of | 171 /* This list of SSL3 compression methods is sorted in descending order of |
173 * precedence (desirability). It only includes compression methods we | 172 * precedence (desirability). It only includes compression methods we |
174 * implement. | 173 * implement. |
175 */ | 174 */ |
176 static const /*SSLCompressionMethod*/ PRUint8 compressions [] = { | 175 static const /*SSLCompressionMethod*/ PRUint8 compressions [] = { |
177 #ifdef NSS_ENABLE_ZLIB | 176 #ifdef NSS_ENABLE_ZLIB |
178 ssl_compression_deflate, | 177 ssl_compression_deflate, |
179 #endif | 178 #endif |
(...skipping 456 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
636 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 635 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
637 if (suites[i].cipher_suite == suite) | 636 if (suites[i].cipher_suite == suite) |
638 return &suites[i]; | 637 return &suites[i]; |
639 } | 638 } |
640 /* return NULL and let the caller handle it. */ | 639 /* return NULL and let the caller handle it. */ |
641 PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); | 640 PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); |
642 return NULL; | 641 return NULL; |
643 } | 642 } |
644 | 643 |
645 | 644 |
646 /* Initialize the suite->isPresent value for config_match | 645 /* Initialize the suite->isPresent value for cipher_suite_available. |
647 * Returns count of enabled ciphers supported by extant tokens, | 646 * Returns count of enabled ciphers supported by extant tokens, |
648 * regardless of policy or user preference. | 647 * regardless of user preference. |
649 * If this returns zero, the user cannot do SSL v3. | 648 * If this returns zero, the user cannot do SSL v3. |
650 */ | 649 */ |
651 int | 650 int |
652 ssl3_config_match_init(sslSocket *ss) | 651 ssl3_cipher_suites_test_presence(sslSocket *ss) |
653 { | 652 { |
654 ssl3CipherSuiteCfg * suite; | 653 ssl3CipherSuiteCfg * suite; |
655 const ssl3CipherSuiteDef *cipher_def; | 654 const ssl3CipherSuiteDef *cipher_def; |
656 SSLCipherAlgorithm cipher_alg; | 655 SSLCipherAlgorithm cipher_alg; |
657 CK_MECHANISM_TYPE cipher_mech; | 656 CK_MECHANISM_TYPE cipher_mech; |
658 SSL3KEAType exchKeyType; | 657 SSL3KEAType exchKeyType; |
659 int i; | 658 int i; |
660 int numPresent = 0; | 659 int numPresent = 0; |
661 int numEnabled = 0; | 660 int numEnabled = 0; |
662 PRBool isServer; | 661 PRBool isServer; |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
738 } | 737 } |
739 } | 738 } |
740 PORT_Assert(numPresent > 0 || numEnabled == 0); | 739 PORT_Assert(numPresent > 0 || numEnabled == 0); |
741 if (numPresent <= 0) { | 740 if (numPresent <= 0) { |
742 PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED); | 741 PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED); |
743 } | 742 } |
744 return numPresent; | 743 return numPresent; |
745 } | 744 } |
746 | 745 |
747 | 746 |
748 /* return PR_TRUE if suite matches policy and enabled state */ | 747 /* return PR_TRUE if the given cipher suite is enabled and present. */ |
749 /* It would be a REALLY BAD THING (tm) if we ever permitted the use | |
750 ** of a cipher that was NOT_ALLOWED. So, if this is ever called with | |
751 ** policy == SSL_NOT_ALLOWED, report no match. | |
752 */ | |
753 /* adjust suite enabled to the availability of a token that can do the | |
754 * cipher suite. */ | |
755 static PRBool | 748 static PRBool |
756 config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled) | 749 cipher_suite_available(ssl3CipherSuiteCfg *suite) |
757 { | 750 { |
758 PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE); | 751 return (PRBool)(suite->enabled && suite->isPresent); |
759 if (policy == SSL_NOT_ALLOWED || !enabled) | |
760 » return PR_FALSE; | |
761 return (PRBool)(suite->enabled && | |
762 suite->isPresent && | |
763 » suite->policy != SSL_NOT_ALLOWED && | |
764 » » suite->policy <= policy); | |
765 } | 752 } |
766 | 753 |
767 /* return number of cipher suites that match policy and enabled state */ | 754 /* return number of cipher suites that are enabled and present. |
768 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ | 755 * called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ |
769 static int | 756 static int |
770 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) | 757 count_cipher_suites(sslSocket *ss) |
771 { | 758 { |
772 int i, count = 0; | 759 int i, count = 0; |
773 | 760 |
774 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { | 761 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
775 » return 0; | 762 » return 0; |
776 } | 763 } |
777 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 764 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
778 » if (config_match(&ss->cipherSuites[i], policy, enabled)) | 765 » if (cipher_suite_available(&ss->cipherSuites[i])) |
779 count++; | 766 count++; |
780 } | 767 } |
781 if (count <= 0) { | 768 if (count <= 0) { |
782 PORT_SetError(SSL_ERROR_SSL_DISABLED); | 769 PORT_SetError(SSL_ERROR_SSL_DISABLED); |
783 } | 770 } |
784 return count; | 771 return count; |
785 } | 772 } |
786 | 773 |
787 /* | 774 /* |
788 * Null compression, mac and encryption functions | 775 * Null compression, mac and encryption functions |
(...skipping 3942 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4731 requestingResume = PR_TRUE; | 4718 requestingResume = PR_TRUE; |
4732 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits ); | 4719 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits ); |
4733 | 4720 |
4734 /* Are we attempting a stateless session resume? */ | 4721 /* Are we attempting a stateless session resume? */ |
4735 if (sid->version > SSL_LIBRARY_VERSION_3_0 && | 4722 if (sid->version > SSL_LIBRARY_VERSION_3_0 && |
4736 sid->u.ssl3.sessionTicket.ticket.data) | 4723 sid->u.ssl3.sessionTicket.ticket.data) |
4737 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_stateless_resumes ); | 4724 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_stateless_resumes ); |
4738 | 4725 |
4739 PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID, | 4726 PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID, |
4740 sid->u.ssl3.sessionIDLength)); | 4727 sid->u.ssl3.sessionIDLength)); |
4741 | |
4742 ss->ssl3.policy = sid->u.ssl3.policy; | |
4743 } else { | 4728 } else { |
4744 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses ); | 4729 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses ); |
4745 | 4730 |
4746 /* | 4731 /* |
4747 * Windows SChannel compares the client_version inside the RSA | 4732 * Windows SChannel compares the client_version inside the RSA |
4748 * EncryptedPreMasterSecret of a renegotiation with the | 4733 * EncryptedPreMasterSecret of a renegotiation with the |
4749 * client_version of the initial ClientHello rather than the | 4734 * client_version of the initial ClientHello rather than the |
4750 * ClientHello in the renegotiation. To work around this bug, we | 4735 * ClientHello in the renegotiation. To work around this bug, we |
4751 * continue to use the client_version used in the initial | 4736 * continue to use the client_version used in the initial |
4752 * ClientHello when renegotiating. | 4737 * ClientHello when renegotiating. |
(...skipping 29 matching lines...) Expand all Loading... | |
4782 | 4767 |
4783 ss->sec.send = ssl3_SendApplicationData; | 4768 ss->sec.send = ssl3_SendApplicationData; |
4784 | 4769 |
4785 /* shouldn't get here if SSL3 is disabled, but ... */ | 4770 /* shouldn't get here if SSL3 is disabled, but ... */ |
4786 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { | 4771 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
4787 PR_NOT_REACHED("No versions of SSL 3.0 or later are enabled"); | 4772 PR_NOT_REACHED("No versions of SSL 3.0 or later are enabled"); |
4788 PORT_SetError(SSL_ERROR_SSL_DISABLED); | 4773 PORT_SetError(SSL_ERROR_SSL_DISABLED); |
4789 return SECFailure; | 4774 return SECFailure; |
4790 } | 4775 } |
4791 | 4776 |
4792 /* how many suites does our PKCS11 support (regardless of policy)? */ | 4777 /* how many suites does our PKCS11 support? */ |
4793 num_suites = ssl3_config_match_init(ss); | 4778 num_suites = ssl3_cipher_suites_test_presence(ss); |
4794 if (!num_suites) | 4779 if (!num_suites) |
4795 » return SECFailure;» /* ssl3_config_match_init has set error code. */ | 4780 » return SECFailure;» /* ssl3_cipher_suites_test_presence has set erro r code. */ |
wtc
2013/08/08 21:26:28
Nit: wrap this comment line?
agl
2013/08/09 15:53:49
Done.
| |
4796 | 4781 |
4797 /* HACK for SCSV in SSL 3.0. On initial handshake, prepend SCSV, | 4782 /* HACK for SCSV in SSL 3.0. On initial handshake, prepend SCSV, |
4798 * only if TLS is disabled. | 4783 * only if TLS is disabled. |
4799 */ | 4784 */ |
4800 if (!ss->firstHsDone && !isTLS) { | 4785 if (!ss->firstHsDone && !isTLS) { |
4801 /* Must set this before calling Hello Extension Senders, | 4786 /* Must set this before calling Hello Extension Senders, |
4802 * to suppress sending of empty RI extension. | 4787 * to suppress sending of empty RI extension. |
4803 */ | 4788 */ |
4804 ss->ssl3.hs.sendingSCSV = PR_TRUE; | 4789 ss->ssl3.hs.sendingSCSV = PR_TRUE; |
4805 } | 4790 } |
(...skipping 17 matching lines...) Expand all Loading... | |
4823 if (!total_exten_len || !isTLS) { | 4808 if (!total_exten_len || !isTLS) { |
4824 /* not sending the elliptic_curves and ec_point_formats extensions */ | 4809 /* not sending the elliptic_curves and ec_point_formats extensions */ |
4825 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ | 4810 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ |
4826 } | 4811 } |
4827 #endif | 4812 #endif |
4828 | 4813 |
4829 if (IS_DTLS(ss)) { | 4814 if (IS_DTLS(ss)) { |
4830 ssl3_DisableNonDTLSSuites(ss); | 4815 ssl3_DisableNonDTLSSuites(ss); |
4831 } | 4816 } |
4832 | 4817 |
4833 /* how many suites are permitted by policy and user preference? */ | 4818 /* how many suites are permitted by user preference? */ |
4834 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); | 4819 num_suites = count_cipher_suites(ss); |
4835 if (!num_suites) | 4820 if (!num_suites) |
4836 return SECFailure; /* count_cipher_suites has set error code. */ | 4821 return SECFailure; /* count_cipher_suites has set error code. */ |
4837 if (ss->ssl3.hs.sendingSCSV) { | 4822 if (ss->ssl3.hs.sendingSCSV) { |
4838 ++num_suites; /* make room for SCSV */ | 4823 ++num_suites; /* make room for SCSV */ |
4839 } | 4824 } |
4840 | 4825 |
4841 /* count compression methods */ | 4826 /* count compression methods */ |
4842 numCompressionMethods = 0; | 4827 numCompressionMethods = 0; |
4843 for (i = 0; i < compressionMethodsCount; i++) { | 4828 for (i = 0; i < compressionMethodsCount; i++) { |
4844 if (compressionEnabled(ss, compressions[i])) | 4829 if (compressionEnabled(ss, compressions[i])) |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4914 /* Add the actual SCSV */ | 4899 /* Add the actual SCSV */ |
4915 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, | 4900 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, |
4916 sizeof(ssl3CipherSuite)); | 4901 sizeof(ssl3CipherSuite)); |
4917 if (rv != SECSuccess) { | 4902 if (rv != SECSuccess) { |
4918 return rv; /* err set by ssl3_AppendHandshake* */ | 4903 return rv; /* err set by ssl3_AppendHandshake* */ |
4919 } | 4904 } |
4920 actual_count++; | 4905 actual_count++; |
4921 } | 4906 } |
4922 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 4907 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
4923 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 4908 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
4924 » if (config_match(suite, ss->ssl3.policy, PR_TRUE)) { | 4909 » if (cipher_suite_available(suite)) { |
4925 actual_count++; | 4910 actual_count++; |
4926 if (actual_count > num_suites) { | 4911 if (actual_count > num_suites) { |
4927 /* set error card removal/insertion error */ | 4912 /* set error card removal/insertion error */ |
4928 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); | 4913 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); |
4929 return SECFailure; | 4914 return SECFailure; |
4930 } | 4915 } |
4931 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, | 4916 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, |
4932 sizeof(ssl3CipherSuite)); | 4917 sizeof(ssl3CipherSuite)); |
4933 if (rv != SECSuccess) { | 4918 if (rv != SECSuccess) { |
4934 return rv; /* err set by ssl3_AppendHandshake* */ | 4919 return rv; /* err set by ssl3_AppendHandshake* */ |
(...skipping 1036 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5971 if (isTLS) | 5956 if (isTLS) |
5972 desc = decode_error; | 5957 desc = decode_error; |
5973 goto alert_loser; /* malformed. */ | 5958 goto alert_loser; /* malformed. */ |
5974 } | 5959 } |
5975 | 5960 |
5976 /* find selected cipher suite in our list. */ | 5961 /* find selected cipher suite in our list. */ |
5977 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); | 5962 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
5978 if (temp < 0) { | 5963 if (temp < 0) { |
5979 goto loser; /* alert has been sent */ | 5964 goto loser; /* alert has been sent */ |
5980 } | 5965 } |
5981 ssl3_config_match_init(ss); | 5966 ssl3_cipher_suites_test_presence(ss); |
5982 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 5967 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
5983 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 5968 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
5984 if (temp == suite->cipher_suite) { | 5969 if (temp == suite->cipher_suite) { |
5985 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) { | 5970 » if (!cipher_suite_available(suite)) { |
5986 break; /* failure */ | 5971 break; /* failure */ |
5987 } | 5972 } |
5988 if (!ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, | 5973 if (!ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
5989 ss->version)) { | 5974 ss->version)) { |
5990 desc = handshake_failure; | 5975 desc = handshake_failure; |
5991 errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION; | 5976 errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION; |
5992 goto alert_loser; | 5977 goto alert_loser; |
5993 } | 5978 } |
5994 | 5979 |
5995 suite_found = PR_TRUE; | 5980 suite_found = PR_TRUE; |
(...skipping 1152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7148 } | 7133 } |
7149 sid->peerID = (ss->peerID == NULL) ? NULL : PORT_Strdup(ss->peerID); | 7134 sid->peerID = (ss->peerID == NULL) ? NULL : PORT_Strdup(ss->peerID); |
7150 sid->urlSvrName = (ss->url == NULL) ? NULL : PORT_Strdup(ss->url); | 7135 sid->urlSvrName = (ss->url == NULL) ? NULL : PORT_Strdup(ss->url); |
7151 sid->addr = ss->sec.ci.peer; | 7136 sid->addr = ss->sec.ci.peer; |
7152 sid->port = ss->sec.ci.port; | 7137 sid->port = ss->sec.ci.port; |
7153 sid->references = 1; | 7138 sid->references = 1; |
7154 sid->cached = never_cached; | 7139 sid->cached = never_cached; |
7155 sid->version = ss->version; | 7140 sid->version = ss->version; |
7156 | 7141 |
7157 sid->u.ssl3.keys.resumable = PR_TRUE; | 7142 sid->u.ssl3.keys.resumable = PR_TRUE; |
7158 sid->u.ssl3.policy = SSL_ALLOWED; | |
7159 sid->u.ssl3.clientWriteKey = NULL; | 7143 sid->u.ssl3.clientWriteKey = NULL; |
7160 sid->u.ssl3.serverWriteKey = NULL; | 7144 sid->u.ssl3.serverWriteKey = NULL; |
7161 | 7145 |
7162 if (is_server) { | 7146 if (is_server) { |
7163 SECStatus rv; | 7147 SECStatus rv; |
7164 int pid = SSL_GETPID(); | 7148 int pid = SSL_GETPID(); |
7165 | 7149 |
7166 sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES; | 7150 sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES; |
7167 sid->u.ssl3.sessionID[0] = (pid >> 8) & 0xff; | 7151 sid->u.ssl3.sessionID[0] = (pid >> 8) & 0xff; |
7168 sid->u.ssl3.sessionID[1] = pid & 0xff; | 7152 sid->u.ssl3.sessionID[1] = pid & 0xff; |
(...skipping 361 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7530 /* Disable any ECC cipher suites for which we have no cert. */ | 7514 /* Disable any ECC cipher suites for which we have no cert. */ |
7531 ssl3_FilterECCipherSuitesByServerCerts(ss); | 7515 ssl3_FilterECCipherSuitesByServerCerts(ss); |
7532 #endif | 7516 #endif |
7533 | 7517 |
7534 if (IS_DTLS(ss)) { | 7518 if (IS_DTLS(ss)) { |
7535 ssl3_DisableNonDTLSSuites(ss); | 7519 ssl3_DisableNonDTLSSuites(ss); |
7536 } | 7520 } |
7537 | 7521 |
7538 #ifdef PARANOID | 7522 #ifdef PARANOID |
7539 /* Look for a matching cipher suite. */ | 7523 /* Look for a matching cipher suite. */ |
7540 j = ssl3_config_match_init(ss); | 7524 j = ssl3_cipher_suites_test_presence(ss); |
7541 if (j <= 0) { /* no ciphers are working/supported by PK11 */ | 7525 if (j <= 0) { /* no ciphers are working/supported by PK11 */ |
7542 errCode = PORT_GetError(); /* error code is already set. */ | 7526 errCode = PORT_GetError(); /* error code is already set. */ |
7543 goto alert_loser; | 7527 goto alert_loser; |
7544 } | 7528 } |
7545 #endif | 7529 #endif |
7546 | 7530 |
7547 /* If we already have a session for this client, be sure to pick the | 7531 /* If we already have a session for this client, be sure to pick the |
7548 ** same cipher suite and compression method we picked before. | 7532 ** same cipher suite and compression method we picked before. |
7549 ** This is not a loop, despite appearances. | 7533 ** This is not a loop, despite appearances. |
7550 */ | 7534 */ |
(...skipping 15 matching lines...) Expand all Loading... | |
7566 suite = ss->cipherSuites; | 7550 suite = ss->cipherSuites; |
7567 /* Find the entry for the cipher suite used in the cached session. */ | 7551 /* Find the entry for the cipher suite used in the cached session. */ |
7568 for (j = ssl_V3_SUITES_IMPLEMENTED; j > 0; --j, ++suite) { | 7552 for (j = ssl_V3_SUITES_IMPLEMENTED; j > 0; --j, ++suite) { |
7569 if (suite->cipher_suite == sid->u.ssl3.cipherSuite) | 7553 if (suite->cipher_suite == sid->u.ssl3.cipherSuite) |
7570 break; | 7554 break; |
7571 } | 7555 } |
7572 PORT_Assert(j > 0); | 7556 PORT_Assert(j > 0); |
7573 if (j <= 0) | 7557 if (j <= 0) |
7574 break; | 7558 break; |
7575 #ifdef PARANOID | 7559 #ifdef PARANOID |
7576 » /* Double check that the cached cipher suite is still enabled, | 7560 » /* Double check that the cached cipher suite is still enabled, and |
wtc
2013/08/08 21:26:28
Nit: remove the comma before "and".
agl
2013/08/09 15:53:49
Done.
| |
7577 » * implemented, and allowed by policy. Might have been disabled. | 7561 » * implemented. Might have been disabled. |
7578 » * The product policy won't change during the process lifetime. | |
7579 * Implemented ("isPresent") shouldn't change for servers. | 7562 * Implemented ("isPresent") shouldn't change for servers. |
7580 */ | 7563 */ |
7581 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) | 7564 » if (!cipher_suite_available(suite)) |
7582 break; | 7565 break; |
7583 #else | 7566 #else |
7584 if (!suite->enabled) | 7567 if (!suite->enabled) |
7585 break; | 7568 break; |
7586 #endif | 7569 #endif |
7587 /* Double check that the cached cipher suite is in the client's list */ | 7570 /* Double check that the cached cipher suite is in the client's list */ |
7588 for (i = 0; i + 1 < suites.len; i += 2) { | 7571 for (i = 0; i + 1 < suites.len; i += 2) { |
7589 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; | 7572 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; |
7590 if (suite_i == suite->cipher_suite) { | 7573 if (suite_i == suite->cipher_suite) { |
7591 ss->ssl3.hs.cipher_suite = suite->cipher_suite; | 7574 ss->ssl3.hs.cipher_suite = suite->cipher_suite; |
7592 ss->ssl3.hs.suite_def = | 7575 ss->ssl3.hs.suite_def = |
7593 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); | 7576 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); |
7594 | 7577 |
7595 /* Use the cached compression method. */ | 7578 /* Use the cached compression method. */ |
7596 ss->ssl3.hs.compression = sid->u.ssl3.compression; | 7579 ss->ssl3.hs.compression = sid->u.ssl3.compression; |
7597 goto compression_found; | 7580 goto compression_found; |
7598 } | 7581 } |
7599 } | 7582 } |
7600 } while (0); | 7583 } while (0); |
7601 | 7584 |
7602 /* START A NEW SESSION */ | 7585 /* START A NEW SESSION */ |
7603 | 7586 |
7604 #ifndef PARANOID | 7587 #ifndef PARANOID |
7605 /* Look for a matching cipher suite. */ | 7588 /* Look for a matching cipher suite. */ |
wtc
2013/08/08 21:26:28
Nit: a matching => an available?
"matching" seems
agl
2013/08/09 15:53:49
Done.
| |
7606 j = ssl3_config_match_init(ss); | 7589 j = ssl3_cipher_suites_test_presence(ss); |
7607 if (j <= 0) { /* no ciphers are working/supported by PK11 */ | 7590 if (j <= 0) { /* no ciphers are working/supported by PK11 */ |
7608 errCode = PORT_GetError(); /* error code is already set. */ | 7591 errCode = PORT_GetError(); /* error code is already set. */ |
7609 goto alert_loser; | 7592 goto alert_loser; |
7610 } | 7593 } |
7611 #endif | 7594 #endif |
7612 | 7595 |
7613 /* Select a cipher suite. | 7596 /* Select a cipher suite. |
7614 ** | 7597 ** |
7615 ** NOTE: This suite selection algorithm should be the same as the one in | 7598 ** NOTE: This suite selection algorithm should be the same as the one in |
7616 ** ssl3_HandleV2ClientHello(). | 7599 ** ssl3_HandleV2ClientHello(). |
7617 ** | 7600 ** |
7618 ** If TLS 1.0 is enabled, we could handle the case where the client | 7601 ** If TLS 1.0 is enabled, we could handle the case where the client |
7619 ** offered TLS 1.1 but offered only export cipher suites by choosing TLS | 7602 ** offered TLS 1.1 but offered only export cipher suites by choosing TLS |
7620 ** 1.0 and selecting one of those export cipher suites. However, a secure | 7603 ** 1.0 and selecting one of those export cipher suites. However, a secure |
7621 ** TLS 1.1 client should not have export cipher suites enabled at all, | 7604 ** TLS 1.1 client should not have export cipher suites enabled at all, |
7622 ** and a TLS 1.1 client should definitely not be offering *only* export | 7605 ** and a TLS 1.1 client should definitely not be offering *only* export |
7623 ** cipher suites. Therefore, we refuse to negotiate export cipher suites | 7606 ** cipher suites. Therefore, we refuse to negotiate export cipher suites |
7624 ** with any client that indicates support for TLS 1.1 or higher when we | 7607 ** with any client that indicates support for TLS 1.1 or higher when we |
7625 ** (the server) have TLS 1.1 support enabled. | 7608 ** (the server) have TLS 1.1 support enabled. |
7626 */ | 7609 */ |
7627 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { | 7610 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
7628 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; | 7611 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; |
7629 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE) || | 7612 » if (!cipher_suite_available(suite) || |
7630 !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, | 7613 !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
7631 ss->version)) { | 7614 ss->version)) { |
7632 continue; | 7615 continue; |
7633 } | 7616 } |
7634 for (i = 0; i + 1 < suites.len; i += 2) { | 7617 for (i = 0; i + 1 < suites.len; i += 2) { |
7635 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; | 7618 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; |
7636 if (suite_i == suite->cipher_suite) { | 7619 if (suite_i == suite->cipher_suite) { |
7637 ss->ssl3.hs.cipher_suite = suite->cipher_suite; | 7620 ss->ssl3.hs.cipher_suite = suite->cipher_suite; |
7638 ss->ssl3.hs.suite_def = | 7621 ss->ssl3.hs.suite_def = |
7639 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); | 7622 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); |
(...skipping 302 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7942 SECITEM_FreeItem(pwsName, PR_FALSE); | 7925 SECITEM_FreeItem(pwsName, PR_FALSE); |
7943 } | 7926 } |
7944 rv = SECITEM_CopyItem(NULL, pwsName, name); | 7927 rv = SECITEM_CopyItem(NULL, pwsName, name); |
7945 ssl_ReleaseSpecWriteLock(ss); /***************************/ | 7928 ssl_ReleaseSpecWriteLock(ss); /***************************/ |
7946 if (rv != SECSuccess) { | 7929 if (rv != SECSuccess) { |
7947 errCode = SSL_ERROR_INTERNAL_ERROR_ALERT; | 7930 errCode = SSL_ERROR_INTERNAL_ERROR_ALERT; |
7948 desc = internal_error; | 7931 desc = internal_error; |
7949 ret = SSL_SNI_SEND_ALERT; | 7932 ret = SSL_SNI_SEND_ALERT; |
7950 break; | 7933 break; |
7951 } | 7934 } |
7952 configedCiphers = ssl3_config_match_init(ss); | 7935 configedCiphers = ssl3_cipher_suites_test_presence(ss); |
7953 if (configedCiphers <= 0) { | 7936 if (configedCiphers <= 0) { |
7954 /* no ciphers are working/supported */ | 7937 /* no ciphers are working/supported */ |
7955 errCode = PORT_GetError(); | 7938 errCode = PORT_GetError(); |
7956 desc = handshake_failure; | 7939 desc = handshake_failure; |
7957 ret = SSL_SNI_SEND_ALERT; | 7940 ret = SSL_SNI_SEND_ALERT; |
7958 break; | 7941 break; |
7959 } | 7942 } |
7960 /* Need to tell the client that application has picked | 7943 /* Need to tell the client that application has picked |
7961 * the name from the offered list and reconfigured the socket. | 7944 * the name from the offered list and reconfigured the socket. |
7962 */ | 7945 */ |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8139 PORT_Memcpy( | 8122 PORT_Memcpy( |
8140 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length], | 8123 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length], |
8141 random, rand_length); | 8124 random, rand_length); |
8142 | 8125 |
8143 PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0], | 8126 PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0], |
8144 SSL3_RANDOM_LENGTH)); | 8127 SSL3_RANDOM_LENGTH)); |
8145 #ifdef NSS_ENABLE_ECC | 8128 #ifdef NSS_ENABLE_ECC |
8146 /* Disable any ECC cipher suites for which we have no cert. */ | 8129 /* Disable any ECC cipher suites for which we have no cert. */ |
8147 ssl3_FilterECCipherSuitesByServerCerts(ss); | 8130 ssl3_FilterECCipherSuitesByServerCerts(ss); |
8148 #endif | 8131 #endif |
8149 i = ssl3_config_match_init(ss); | 8132 i = ssl3_cipher_suites_test_presence(ss); |
8150 if (i <= 0) { | 8133 if (i <= 0) { |
8151 errCode = PORT_GetError(); /* error code is already set. */ | 8134 errCode = PORT_GetError(); /* error code is already set. */ |
8152 goto alert_loser; | 8135 goto alert_loser; |
8153 } | 8136 } |
8154 | 8137 |
8155 /* Select a cipher suite. | 8138 /* Select a cipher suite. |
8156 ** | 8139 ** |
8157 ** NOTE: This suite selection algorithm should be the same as the one in | 8140 ** NOTE: This suite selection algorithm should be the same as the one in |
8158 ** ssl3_HandleClientHello(). | 8141 ** ssl3_HandleClientHello(). |
8159 ** | 8142 ** |
8160 ** See the comments about export cipher suites in ssl3_HandleClientHello(). | 8143 ** See the comments about export cipher suites in ssl3_HandleClientHello(). |
8161 */ | 8144 */ |
8162 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { | 8145 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
8163 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; | 8146 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; |
8164 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE) || | 8147 » if (!cipher_suite_available(suite) || |
8165 !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, | 8148 !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
8166 ss->version)) { | 8149 ss->version)) { |
8167 continue; | 8150 continue; |
8168 } | 8151 } |
8169 for (i = 0; i+2 < suite_length; i += 3) { | 8152 for (i = 0; i+2 < suite_length; i += 3) { |
8170 PRUint32 suite_i = (suites[i] << 16)|(suites[i+1] << 8)|suites[i+2]; | 8153 PRUint32 suite_i = (suites[i] << 16)|(suites[i+1] << 8)|suites[i+2]; |
8171 if (suite_i == suite->cipher_suite) { | 8154 if (suite_i == suite->cipher_suite) { |
8172 ss->ssl3.hs.cipher_suite = suite->cipher_suite; | 8155 ss->ssl3.hs.cipher_suite = suite->cipher_suite; |
8173 ss->ssl3.hs.suite_def = | 8156 ss->ssl3.hs.suite_def = |
8174 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); | 8157 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); |
(...skipping 2274 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10449 if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { | 10432 if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { |
10450 effectiveExchKeyType = kt_rsa; | 10433 effectiveExchKeyType = kt_rsa; |
10451 } else { | 10434 } else { |
10452 effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; | 10435 effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; |
10453 } | 10436 } |
10454 | 10437 |
10455 if (sid->cached == never_cached && !ss->opt.noCache && ss->sec.cache) { | 10438 if (sid->cached == never_cached && !ss->opt.noCache && ss->sec.cache) { |
10456 /* fill in the sid */ | 10439 /* fill in the sid */ |
10457 sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; | 10440 sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; |
10458 sid->u.ssl3.compression = ss->ssl3.hs.compression; | 10441 sid->u.ssl3.compression = ss->ssl3.hs.compression; |
10459 sid->u.ssl3.policy = ss->ssl3.policy; | |
10460 #ifdef NSS_ENABLE_ECC | 10442 #ifdef NSS_ENABLE_ECC |
10461 sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves; | 10443 sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves; |
10462 #endif | 10444 #endif |
10463 sid->u.ssl3.exchKeyType = effectiveExchKeyType; | 10445 sid->u.ssl3.exchKeyType = effectiveExchKeyType; |
10464 sid->version = ss->version; | 10446 sid->version = ss->version; |
10465 sid->authAlgorithm = ss->sec.authAlgorithm; | 10447 sid->authAlgorithm = ss->sec.authAlgorithm; |
10466 sid->authKeyBits = ss->sec.authKeyBits; | 10448 sid->authKeyBits = ss->sec.authKeyBits; |
10467 sid->keaType = ss->sec.keaType; | 10449 sid->keaType = ss->sec.keaType; |
10468 sid->keaKeyBits = ss->sec.keaKeyBits; | 10450 sid->keaKeyBits = ss->sec.keaKeyBits; |
10469 sid->lastAccessTime = sid->creationTime = ssl_Time(); | 10451 sid->lastAccessTime = sid->creationTime = ssl_Time(); |
(...skipping 1056 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
11526 ** | 11508 ** |
11527 */ | 11509 */ |
11528 static SECStatus | 11510 static SECStatus |
11529 ssl3_InitState(sslSocket *ss) | 11511 ssl3_InitState(sslSocket *ss) |
11530 { | 11512 { |
11531 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 11513 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
11532 | 11514 |
11533 if (ss->ssl3.initialized) | 11515 if (ss->ssl3.initialized) |
11534 return SECSuccess; /* Function should be idempotent */ | 11516 return SECSuccess; /* Function should be idempotent */ |
11535 | 11517 |
11536 ss->ssl3.policy = SSL_ALLOWED; | |
11537 | |
11538 ssl_GetSpecWriteLock(ss); | 11518 ssl_GetSpecWriteLock(ss); |
11539 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; | 11519 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; |
11540 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; | 11520 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; |
11541 ss->ssl3.hs.sendingSCSV = PR_FALSE; | 11521 ss->ssl3.hs.sendingSCSV = PR_FALSE; |
11542 ssl3_InitCipherSpec(ss, ss->ssl3.crSpec); | 11522 ssl3_InitCipherSpec(ss, ss->ssl3.crSpec); |
11543 ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); | 11523 ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); |
11544 | 11524 |
11545 ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; | 11525 ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; |
11546 #ifdef NSS_ENABLE_ECC | 11526 #ifdef NSS_ENABLE_ECC |
11547 ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); | 11527 ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
11637 !(ss->stepDownKeyPair = ssl3_NewKeyPair(privKey, pubKey))) { | 11617 !(ss->stepDownKeyPair = ssl3_NewKeyPair(privKey, pubKey))) { |
11638 ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); | 11618 ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); |
11639 rv = SECFailure; | 11619 rv = SECFailure; |
11640 } | 11620 } |
11641 } | 11621 } |
11642 #endif | 11622 #endif |
11643 return rv; | 11623 return rv; |
11644 } | 11624 } |
11645 | 11625 |
11646 | 11626 |
11647 /* record the export policy for this cipher suite */ | |
11648 SECStatus | |
11649 ssl3_SetPolicy(ssl3CipherSuite which, int policy) | |
11650 { | |
11651 ssl3CipherSuiteCfg *suite; | |
11652 | |
11653 suite = ssl_LookupCipherSuiteCfg(which, cipherSuites); | |
11654 if (suite == NULL) { | |
11655 return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */ | |
11656 } | |
11657 suite->policy = policy; | |
11658 | |
11659 return SECSuccess; | |
11660 } | |
11661 | |
11662 SECStatus | |
11663 ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *oPolicy) | |
11664 { | |
11665 ssl3CipherSuiteCfg *suite; | |
11666 PRInt32 policy; | |
11667 SECStatus rv; | |
11668 | |
11669 suite = ssl_LookupCipherSuiteCfg(which, cipherSuites); | |
11670 if (suite) { | |
11671 policy = suite->policy; | |
11672 rv = SECSuccess; | |
11673 } else { | |
11674 policy = SSL_NOT_ALLOWED; | |
11675 rv = SECFailure; /* err code was set by Lookup. */ | |
11676 } | |
11677 *oPolicy = policy; | |
11678 return rv; | |
11679 } | |
11680 | |
11681 /* record the user preference for this suite */ | 11627 /* record the user preference for this suite */ |
11682 SECStatus | 11628 SECStatus |
11683 ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool enabled) | 11629 ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool enabled) |
11684 { | 11630 { |
11685 ssl3CipherSuiteCfg *suite; | 11631 ssl3CipherSuiteCfg *suite; |
11686 | 11632 |
11687 suite = ssl_LookupCipherSuiteCfg(which, cipherSuites); | 11633 suite = ssl_LookupCipherSuiteCfg(which, cipherSuites); |
11688 if (suite == NULL) { | 11634 if (suite == NULL) { |
11689 return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */ | 11635 return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */ |
11690 } | 11636 } |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
11737 pref = suite->enabled; | 11683 pref = suite->enabled; |
11738 rv = SECSuccess; | 11684 rv = SECSuccess; |
11739 } else { | 11685 } else { |
11740 pref = SSL_NOT_ALLOWED; | 11686 pref = SSL_NOT_ALLOWED; |
11741 rv = SECFailure; /* err code was set by Lookup. */ | 11687 rv = SECFailure; /* err code was set by Lookup. */ |
11742 } | 11688 } |
11743 *enabled = pref; | 11689 *enabled = pref; |
11744 return rv; | 11690 return rv; |
11745 } | 11691 } |
11746 | 11692 |
11747 /* copy global default policy into socket. */ | 11693 /* copy global default ciphersuite preferences into socket. */ |
11748 void | 11694 void |
11749 ssl3_InitSocketPolicy(sslSocket *ss) | 11695 ssl3_InitSocketCipherSuites(sslSocket *ss) |
11750 { | 11696 { |
11751 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); | 11697 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); |
11752 } | 11698 } |
11753 | 11699 |
11754 SECStatus | 11700 SECStatus |
11755 ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, | 11701 ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, |
11756 unsigned char *out, | 11702 unsigned char *out, |
11757 unsigned int *outLen, | 11703 unsigned int *outLen, |
11758 unsigned int outLenMax) { | 11704 unsigned int outLenMax) { |
11759 PRBool isTLS; | 11705 PRBool isTLS; |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
11806 memcpy(out, &ss->ssl3.hs.finishedMsgs.sFinished[index], len); | 11752 memcpy(out, &ss->ssl3.hs.finishedMsgs.sFinished[index], len); |
11807 } | 11753 } |
11808 | 11754 |
11809 rv = SECSuccess; | 11755 rv = SECSuccess; |
11810 | 11756 |
11811 loser: | 11757 loser: |
11812 ssl_ReleaseSSL3HandshakeLock(ss); | 11758 ssl_ReleaseSSL3HandshakeLock(ss); |
11813 return rv; | 11759 return rv; |
11814 } | 11760 } |
11815 | 11761 |
11816 /* ssl3_config_match_init must have already been called by | 11762 /* ssl3_cipher_suites_test_presence must have already been called by the caller |
11817 * the caller of this function. | 11763 * of this function. |
11818 */ | 11764 */ |
11819 SECStatus | 11765 SECStatus |
11820 ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size) | 11766 ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size) |
11821 { | 11767 { |
11822 int i, count = 0; | 11768 int i, count = 0; |
11823 | 11769 |
11824 PORT_Assert(ss != 0); | 11770 PORT_Assert(ss != 0); |
11825 if (!ss) { | 11771 if (!ss) { |
11826 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); | 11772 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); |
11827 return SECFailure; | 11773 return SECFailure; |
11828 } | 11774 } |
11829 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { | 11775 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
11830 *size = 0; | 11776 *size = 0; |
11831 return SECSuccess; | 11777 return SECSuccess; |
11832 } | 11778 } |
11833 if (cs == NULL) { | 11779 if (cs == NULL) { |
11834 » *size = count_cipher_suites(ss, SSL_ALLOWED, PR_TRUE); | 11780 » *size = count_cipher_suites(ss); |
11835 return SECSuccess; | 11781 return SECSuccess; |
11836 } | 11782 } |
11837 | 11783 |
11838 /* ssl3_config_match_init was called by the caller of this function. */ | 11784 /* ssl3_cipher_suites_test_presence was called by the caller of this |
11785 * function. */ | |
11839 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 11786 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
11840 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 11787 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
11841 » if (config_match(suite, SSL_ALLOWED, PR_TRUE)) { | 11788 » if (cipher_suite_available(suite)) { |
11842 if (cs != NULL) { | 11789 if (cs != NULL) { |
11843 *cs++ = 0x00; | 11790 *cs++ = 0x00; |
11844 *cs++ = (suite->cipher_suite >> 8) & 0xFF; | 11791 *cs++ = (suite->cipher_suite >> 8) & 0xFF; |
11845 *cs++ = suite->cipher_suite & 0xFF; | 11792 *cs++ = suite->cipher_suite & 0xFF; |
11846 } | 11793 } |
11847 count++; | 11794 count++; |
11848 } | 11795 } |
11849 } | 11796 } |
11850 *size = count; | 11797 *size = count; |
11851 return SECSuccess; | 11798 return SECSuccess; |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
11969 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 11916 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
11970 } | 11917 } |
11971 } | 11918 } |
11972 | 11919 |
11973 ss->ssl3.initialized = PR_FALSE; | 11920 ss->ssl3.initialized = PR_FALSE; |
11974 | 11921 |
11975 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 11922 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
11976 } | 11923 } |
11977 | 11924 |
11978 /* End of ssl3con.c */ | 11925 /* End of ssl3con.c */ |
OLD | NEW |