OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
81 | 81 |
82 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ | 82 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ |
83 #define MIN_SEND_BUF_LENGTH 4000 | 83 #define MIN_SEND_BUF_LENGTH 4000 |
84 | 84 |
85 /* This list of SSL3 cipher suites is sorted in descending order of | 85 /* This list of SSL3 cipher suites is sorted in descending order of |
86 * precedence (desirability). It only includes cipher suites we implement. | 86 * precedence (desirability). It only includes cipher suites we implement. |
87 * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites | 87 * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites |
88 * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c) | 88 * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c) |
89 */ | 89 */ |
90 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { | 90 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { |
91 /* cipher_suite policy enabled is_present*/ | 91 /* cipher_suite enabled is_present */ |
92 #ifdef NSS_ENABLE_ECC | 92 #ifdef NSS_ENABLE_ECC |
93 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 93 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
94 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 94 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
95 #endif /* NSS_ENABLE_ECC */ | 95 #endif /* NSS_ENABLE_ECC */ |
96 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 96 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
97 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 97 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
98 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 98 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, PR_TRUE, PR_FALSE}, |
99 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 99 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, PR_TRUE, PR_FALSE}, |
100 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 100 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, PR_TRUE, PR_FALSE}, |
101 #ifdef NSS_ENABLE_ECC | 101 #ifdef NSS_ENABLE_ECC |
102 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 102 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
103 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 103 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
104 #endif /* NSS_ENABLE_ECC */ | 104 #endif /* NSS_ENABLE_ECC */ |
105 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 105 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, PR_FALSE, PR_FALSE}, |
106 { TLS_RSA_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 106 { TLS_RSA_WITH_AES_256_CBC_SHA, PR_TRUE, PR_FALSE}, |
107 { TLS_RSA_WITH_AES_256_CBC_SHA256,» SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 107 { TLS_RSA_WITH_AES_256_CBC_SHA256, PR_TRUE, PR_FALSE}, |
108 | 108 |
109 #ifdef NSS_ENABLE_ECC | 109 #ifdef NSS_ENABLE_ECC |
110 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 110 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, PR_FALSE, PR_FALSE}, |
111 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 111 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
112 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 112 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, PR_FALSE, PR_FALSE}, |
113 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 113 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, PR_FALSE, PR_FALSE}, |
114 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 114 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
115 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 115 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, PR_FALSE, PR_FALSE}, |
116 #endif /* NSS_ENABLE_ECC */ | 116 #endif /* NSS_ENABLE_ECC */ |
117 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 117 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
118 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 118 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
119 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 119 { TLS_DHE_DSS_WITH_RC4_128_SHA, PR_FALSE, PR_FALSE}, |
120 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 120 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, PR_TRUE, PR_FALSE}, |
121 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 121 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, PR_TRUE, PR_FALSE}, |
122 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 122 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, PR_TRUE, PR_FALSE}, |
123 #ifdef NSS_ENABLE_ECC | 123 #ifdef NSS_ENABLE_ECC |
124 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 124 { TLS_ECDH_RSA_WITH_RC4_128_SHA, PR_FALSE, PR_FALSE}, |
125 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 125 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
126 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 126 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, PR_FALSE, PR_FALSE}, |
127 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 127 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
128 #endif /* NSS_ENABLE_ECC */ | 128 #endif /* NSS_ENABLE_ECC */ |
129 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 129 { TLS_RSA_WITH_SEED_CBC_SHA, PR_FALSE, PR_FALSE}, |
130 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 130 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, PR_FALSE, PR_FALSE}, |
131 { SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 131 { SSL_RSA_WITH_RC4_128_SHA, PR_TRUE, PR_FALSE}, |
132 { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, | 132 { SSL_RSA_WITH_RC4_128_MD5, PR_TRUE, PR_FALSE}, |
133 { TLS_RSA_WITH_AES_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 133 { TLS_RSA_WITH_AES_128_CBC_SHA, PR_TRUE, PR_FALSE}, |
134 { TLS_RSA_WITH_AES_128_CBC_SHA256,» SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 134 { TLS_RSA_WITH_AES_128_CBC_SHA256, PR_TRUE, PR_FALSE}, |
135 | 135 |
136 #ifdef NSS_ENABLE_ECC | 136 #ifdef NSS_ENABLE_ECC |
137 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 137 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, PR_FALSE, PR_FALSE}, |
138 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 138 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, PR_FALSE, PR_FALSE}, |
139 #endif /* NSS_ENABLE_ECC */ | 139 #endif /* NSS_ENABLE_ECC */ |
140 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 140 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, PR_TRUE, PR_FALSE}, |
141 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 141 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, PR_TRUE, PR_FALSE}, |
142 #ifdef NSS_ENABLE_ECC | 142 #ifdef NSS_ENABLE_ECC |
143 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 143 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, PR_FALSE, PR_FALSE}, |
144 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 144 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, PR_FALSE, PR_FALSE}, |
145 #endif /* NSS_ENABLE_ECC */ | 145 #endif /* NSS_ENABLE_ECC */ |
146 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 146 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, PR_FALSE, PR_FALSE}, |
147 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, | 147 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, PR_TRUE, PR_FALSE}, |
148 | 148 |
149 | 149 |
150 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 150 { SSL_DHE_RSA_WITH_DES_CBC_SHA, PR_FALSE, PR_FALSE}, |
151 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 151 { SSL_DHE_DSS_WITH_DES_CBC_SHA, PR_FALSE, PR_FALSE}, |
152 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 152 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, PR_FALSE, PR_FALSE}, |
153 { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 153 { SSL_RSA_WITH_DES_CBC_SHA, PR_FALSE, PR_FALSE}, |
154 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 154 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, PR_FALSE, PR_FALSE}, |
155 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 155 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, PR_FALSE, PR_FALSE}, |
156 | 156 |
157 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 157 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, PR_FALSE, PR_FALSE}, |
158 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 158 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, PR_FALSE, PR_FALSE}, |
159 | 159 |
160 #ifdef NSS_ENABLE_ECC | 160 #ifdef NSS_ENABLE_ECC |
161 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 161 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, PR_FALSE, PR_FALSE}, |
162 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 162 { TLS_ECDHE_RSA_WITH_NULL_SHA, PR_FALSE, PR_FALSE}, |
163 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 163 { TLS_ECDH_RSA_WITH_NULL_SHA, PR_FALSE, PR_FALSE}, |
164 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 164 { TLS_ECDH_ECDSA_WITH_NULL_SHA, PR_FALSE, PR_FALSE}, |
165 #endif /* NSS_ENABLE_ECC */ | 165 #endif /* NSS_ENABLE_ECC */ |
166 { SSL_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 166 { SSL_RSA_WITH_NULL_SHA, PR_FALSE, PR_FALSE}, |
167 { TLS_RSA_WITH_NULL_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 167 { TLS_RSA_WITH_NULL_SHA256, PR_FALSE, PR_FALSE}, |
168 { SSL_RSA_WITH_NULL_MD5, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 168 { SSL_RSA_WITH_NULL_MD5, PR_FALSE, PR_FALSE}, |
169 | |
170 }; | 169 }; |
171 | 170 |
172 /* This list of SSL3 compression methods is sorted in descending order of | 171 /* This list of SSL3 compression methods is sorted in descending order of |
173 * precedence (desirability). It only includes compression methods we | 172 * precedence (desirability). It only includes compression methods we |
174 * implement. | 173 * implement. |
175 */ | 174 */ |
176 static const /*SSLCompressionMethod*/ PRUint8 compressions [] = { | 175 static const /*SSLCompressionMethod*/ PRUint8 compressions [] = { |
177 #ifdef NSS_ENABLE_ZLIB | 176 #ifdef NSS_ENABLE_ZLIB |
178 ssl_compression_deflate, | 177 ssl_compression_deflate, |
179 #endif | 178 #endif |
(...skipping 456 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
636 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 635 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
637 if (suites[i].cipher_suite == suite) | 636 if (suites[i].cipher_suite == suite) |
638 return &suites[i]; | 637 return &suites[i]; |
639 } | 638 } |
640 /* return NULL and let the caller handle it. */ | 639 /* return NULL and let the caller handle it. */ |
641 PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); | 640 PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); |
642 return NULL; | 641 return NULL; |
643 } | 642 } |
644 | 643 |
645 | 644 |
646 /* Initialize the suite->isPresent value for config_match | 645 /* Initialize the suite->isPresent value for cipher_suite_available. |
647 * Returns count of enabled ciphers supported by extant tokens, | 646 * Returns count of enabled ciphers supported by extant tokens, |
648 * regardless of policy or user preference. | 647 * regardless of user preference. |
649 * If this returns zero, the user cannot do SSL v3. | 648 * If this returns zero, the user cannot do SSL v3. |
650 */ | 649 */ |
651 int | 650 int |
652 ssl3_config_match_init(sslSocket *ss) | 651 ssl3_cipher_suite_available_init(sslSocket *ss) |
653 { | 652 { |
654 ssl3CipherSuiteCfg * suite; | 653 ssl3CipherSuiteCfg * suite; |
655 const ssl3CipherSuiteDef *cipher_def; | 654 const ssl3CipherSuiteDef *cipher_def; |
656 SSLCipherAlgorithm cipher_alg; | 655 SSLCipherAlgorithm cipher_alg; |
657 CK_MECHANISM_TYPE cipher_mech; | 656 CK_MECHANISM_TYPE cipher_mech; |
658 SSL3KEAType exchKeyType; | 657 SSL3KEAType exchKeyType; |
659 int i; | 658 int i; |
660 int numPresent = 0; | 659 int numPresent = 0; |
661 int numEnabled = 0; | 660 int numEnabled = 0; |
662 PRBool isServer; | 661 PRBool isServer; |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
738 } | 737 } |
739 } | 738 } |
740 PORT_Assert(numPresent > 0 || numEnabled == 0); | 739 PORT_Assert(numPresent > 0 || numEnabled == 0); |
741 if (numPresent <= 0) { | 740 if (numPresent <= 0) { |
742 PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED); | 741 PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED); |
743 } | 742 } |
744 return numPresent; | 743 return numPresent; |
745 } | 744 } |
746 | 745 |
747 | 746 |
748 /* return PR_TRUE if suite matches policy and enabled state */ | 747 /* return PR_TRUE if the given cipher suite is enabled and present. */ |
749 /* It would be a REALLY BAD THING (tm) if we ever permitted the use | |
750 ** of a cipher that was NOT_ALLOWED. So, if this is ever called with | |
751 ** policy == SSL_NOT_ALLOWED, report no match. | |
752 */ | |
753 /* adjust suite enabled to the availability of a token that can do the | |
754 * cipher suite. */ | |
755 static PRBool | 748 static PRBool |
756 config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled) | 749 cipher_suite_available(ssl3CipherSuiteCfg *suite) |
757 { | 750 { |
758 PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE); | 751 return (PRBool)(suite->enabled && suite->isPresent); |
759 if (policy == SSL_NOT_ALLOWED || !enabled) | |
760 » return PR_FALSE; | |
761 return (PRBool)(suite->enabled && | |
762 suite->isPresent && | |
763 » suite->policy != SSL_NOT_ALLOWED && | |
764 » » suite->policy <= policy); | |
765 } | 752 } |
766 | 753 |
767 /* return number of cipher suites that match policy and enabled state */ | 754 /* return number of cipher suites that are enabled and present. |
768 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ | 755 * called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ |
769 static int | 756 static int |
770 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) | 757 count_cipher_suites(sslSocket *ss) |
771 { | 758 { |
772 int i, count = 0; | 759 int i, count = 0; |
773 | 760 |
774 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { | 761 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
775 » return 0; | 762 » return 0; |
776 } | 763 } |
777 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 764 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
778 » if (config_match(&ss->cipherSuites[i], policy, enabled)) | 765 » if (cipher_suite_available(&ss->cipherSuites[i])) |
779 count++; | 766 count++; |
780 } | 767 } |
781 if (count <= 0) { | 768 if (count <= 0) { |
782 PORT_SetError(SSL_ERROR_SSL_DISABLED); | 769 PORT_SetError(SSL_ERROR_SSL_DISABLED); |
783 } | 770 } |
784 return count; | 771 return count; |
785 } | 772 } |
786 | 773 |
787 /* | 774 /* |
788 * Null compression, mac and encryption functions | 775 * Null compression, mac and encryption functions |
(...skipping 3942 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4731 requestingResume = PR_TRUE; | 4718 requestingResume = PR_TRUE; |
4732 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits ); | 4719 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits ); |
4733 | 4720 |
4734 /* Are we attempting a stateless session resume? */ | 4721 /* Are we attempting a stateless session resume? */ |
4735 if (sid->version > SSL_LIBRARY_VERSION_3_0 && | 4722 if (sid->version > SSL_LIBRARY_VERSION_3_0 && |
4736 sid->u.ssl3.sessionTicket.ticket.data) | 4723 sid->u.ssl3.sessionTicket.ticket.data) |
4737 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_stateless_resumes ); | 4724 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_stateless_resumes ); |
4738 | 4725 |
4739 PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID, | 4726 PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID, |
4740 sid->u.ssl3.sessionIDLength)); | 4727 sid->u.ssl3.sessionIDLength)); |
4741 | |
4742 ss->ssl3.policy = sid->u.ssl3.policy; | |
4743 } else { | 4728 } else { |
4744 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses ); | 4729 SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses ); |
4745 | 4730 |
4746 /* | 4731 /* |
4747 * Windows SChannel compares the client_version inside the RSA | 4732 * Windows SChannel compares the client_version inside the RSA |
4748 * EncryptedPreMasterSecret of a renegotiation with the | 4733 * EncryptedPreMasterSecret of a renegotiation with the |
4749 * client_version of the initial ClientHello rather than the | 4734 * client_version of the initial ClientHello rather than the |
4750 * ClientHello in the renegotiation. To work around this bug, we | 4735 * ClientHello in the renegotiation. To work around this bug, we |
4751 * continue to use the client_version used in the initial | 4736 * continue to use the client_version used in the initial |
4752 * ClientHello when renegotiating. | 4737 * ClientHello when renegotiating. |
(...skipping 29 matching lines...) Expand all Loading... |
4782 | 4767 |
4783 ss->sec.send = ssl3_SendApplicationData; | 4768 ss->sec.send = ssl3_SendApplicationData; |
4784 | 4769 |
4785 /* shouldn't get here if SSL3 is disabled, but ... */ | 4770 /* shouldn't get here if SSL3 is disabled, but ... */ |
4786 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { | 4771 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
4787 PR_NOT_REACHED("No versions of SSL 3.0 or later are enabled"); | 4772 PR_NOT_REACHED("No versions of SSL 3.0 or later are enabled"); |
4788 PORT_SetError(SSL_ERROR_SSL_DISABLED); | 4773 PORT_SetError(SSL_ERROR_SSL_DISABLED); |
4789 return SECFailure; | 4774 return SECFailure; |
4790 } | 4775 } |
4791 | 4776 |
4792 /* how many suites does our PKCS11 support (regardless of policy)? */ | 4777 /* how many suites does our PKCS11 support? */ |
4793 num_suites = ssl3_config_match_init(ss); | 4778 num_suites = ssl3_cipher_suite_available_init(ss); |
4794 if (!num_suites) | 4779 if (!num_suites) |
4795 » return SECFailure;» /* ssl3_config_match_init has set error code. */ | 4780 » return SECFailure;» /* ssl3_cipher_suite_available_init has set |
| 4781 » » » » * error code. */ |
4796 | 4782 |
4797 /* HACK for SCSV in SSL 3.0. On initial handshake, prepend SCSV, | 4783 /* HACK for SCSV in SSL 3.0. On initial handshake, prepend SCSV, |
4798 * only if TLS is disabled. | 4784 * only if TLS is disabled. |
4799 */ | 4785 */ |
4800 if (!ss->firstHsDone && !isTLS) { | 4786 if (!ss->firstHsDone && !isTLS) { |
4801 /* Must set this before calling Hello Extension Senders, | 4787 /* Must set this before calling Hello Extension Senders, |
4802 * to suppress sending of empty RI extension. | 4788 * to suppress sending of empty RI extension. |
4803 */ | 4789 */ |
4804 ss->ssl3.hs.sendingSCSV = PR_TRUE; | 4790 ss->ssl3.hs.sendingSCSV = PR_TRUE; |
4805 } | 4791 } |
(...skipping 17 matching lines...) Expand all Loading... |
4823 if (!total_exten_len || !isTLS) { | 4809 if (!total_exten_len || !isTLS) { |
4824 /* not sending the elliptic_curves and ec_point_formats extensions */ | 4810 /* not sending the elliptic_curves and ec_point_formats extensions */ |
4825 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ | 4811 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ |
4826 } | 4812 } |
4827 #endif | 4813 #endif |
4828 | 4814 |
4829 if (IS_DTLS(ss)) { | 4815 if (IS_DTLS(ss)) { |
4830 ssl3_DisableNonDTLSSuites(ss); | 4816 ssl3_DisableNonDTLSSuites(ss); |
4831 } | 4817 } |
4832 | 4818 |
4833 /* how many suites are permitted by policy and user preference? */ | 4819 /* how many suites are permitted by user preference? */ |
4834 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); | 4820 num_suites = count_cipher_suites(ss); |
4835 if (!num_suites) | 4821 if (!num_suites) |
4836 return SECFailure; /* count_cipher_suites has set error code. */ | 4822 return SECFailure; /* count_cipher_suites has set error code. */ |
4837 if (ss->ssl3.hs.sendingSCSV) { | 4823 if (ss->ssl3.hs.sendingSCSV) { |
4838 ++num_suites; /* make room for SCSV */ | 4824 ++num_suites; /* make room for SCSV */ |
4839 } | 4825 } |
4840 | 4826 |
4841 /* count compression methods */ | 4827 /* count compression methods */ |
4842 numCompressionMethods = 0; | 4828 numCompressionMethods = 0; |
4843 for (i = 0; i < compressionMethodsCount; i++) { | 4829 for (i = 0; i < compressionMethodsCount; i++) { |
4844 if (compressionEnabled(ss, compressions[i])) | 4830 if (compressionEnabled(ss, compressions[i])) |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4914 /* Add the actual SCSV */ | 4900 /* Add the actual SCSV */ |
4915 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, | 4901 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, |
4916 sizeof(ssl3CipherSuite)); | 4902 sizeof(ssl3CipherSuite)); |
4917 if (rv != SECSuccess) { | 4903 if (rv != SECSuccess) { |
4918 return rv; /* err set by ssl3_AppendHandshake* */ | 4904 return rv; /* err set by ssl3_AppendHandshake* */ |
4919 } | 4905 } |
4920 actual_count++; | 4906 actual_count++; |
4921 } | 4907 } |
4922 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 4908 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
4923 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 4909 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
4924 » if (config_match(suite, ss->ssl3.policy, PR_TRUE)) { | 4910 » if (cipher_suite_available(suite)) { |
4925 actual_count++; | 4911 actual_count++; |
4926 if (actual_count > num_suites) { | 4912 if (actual_count > num_suites) { |
4927 /* set error card removal/insertion error */ | 4913 /* set error card removal/insertion error */ |
4928 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); | 4914 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); |
4929 return SECFailure; | 4915 return SECFailure; |
4930 } | 4916 } |
4931 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, | 4917 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, |
4932 sizeof(ssl3CipherSuite)); | 4918 sizeof(ssl3CipherSuite)); |
4933 if (rv != SECSuccess) { | 4919 if (rv != SECSuccess) { |
4934 return rv; /* err set by ssl3_AppendHandshake* */ | 4920 return rv; /* err set by ssl3_AppendHandshake* */ |
(...skipping 1036 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5971 if (isTLS) | 5957 if (isTLS) |
5972 desc = decode_error; | 5958 desc = decode_error; |
5973 goto alert_loser; /* malformed. */ | 5959 goto alert_loser; /* malformed. */ |
5974 } | 5960 } |
5975 | 5961 |
5976 /* find selected cipher suite in our list. */ | 5962 /* find selected cipher suite in our list. */ |
5977 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); | 5963 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
5978 if (temp < 0) { | 5964 if (temp < 0) { |
5979 goto loser; /* alert has been sent */ | 5965 goto loser; /* alert has been sent */ |
5980 } | 5966 } |
5981 ssl3_config_match_init(ss); | 5967 ssl3_cipher_suite_available_init(ss); |
5982 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 5968 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
5983 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 5969 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
5984 if (temp == suite->cipher_suite) { | 5970 if (temp == suite->cipher_suite) { |
5985 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) { | 5971 » if (!cipher_suite_available(suite)) { |
5986 break; /* failure */ | 5972 break; /* failure */ |
5987 } | 5973 } |
5988 if (!ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, | 5974 if (!ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
5989 ss->version)) { | 5975 ss->version)) { |
5990 desc = handshake_failure; | 5976 desc = handshake_failure; |
5991 errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION; | 5977 errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION; |
5992 goto alert_loser; | 5978 goto alert_loser; |
5993 } | 5979 } |
5994 | 5980 |
5995 suite_found = PR_TRUE; | 5981 suite_found = PR_TRUE; |
(...skipping 1152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7148 } | 7134 } |
7149 sid->peerID = (ss->peerID == NULL) ? NULL : PORT_Strdup(ss->peerID); | 7135 sid->peerID = (ss->peerID == NULL) ? NULL : PORT_Strdup(ss->peerID); |
7150 sid->urlSvrName = (ss->url == NULL) ? NULL : PORT_Strdup(ss->url); | 7136 sid->urlSvrName = (ss->url == NULL) ? NULL : PORT_Strdup(ss->url); |
7151 sid->addr = ss->sec.ci.peer; | 7137 sid->addr = ss->sec.ci.peer; |
7152 sid->port = ss->sec.ci.port; | 7138 sid->port = ss->sec.ci.port; |
7153 sid->references = 1; | 7139 sid->references = 1; |
7154 sid->cached = never_cached; | 7140 sid->cached = never_cached; |
7155 sid->version = ss->version; | 7141 sid->version = ss->version; |
7156 | 7142 |
7157 sid->u.ssl3.keys.resumable = PR_TRUE; | 7143 sid->u.ssl3.keys.resumable = PR_TRUE; |
7158 sid->u.ssl3.policy = SSL_ALLOWED; | |
7159 sid->u.ssl3.clientWriteKey = NULL; | 7144 sid->u.ssl3.clientWriteKey = NULL; |
7160 sid->u.ssl3.serverWriteKey = NULL; | 7145 sid->u.ssl3.serverWriteKey = NULL; |
7161 | 7146 |
7162 if (is_server) { | 7147 if (is_server) { |
7163 SECStatus rv; | 7148 SECStatus rv; |
7164 int pid = SSL_GETPID(); | 7149 int pid = SSL_GETPID(); |
7165 | 7150 |
7166 sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES; | 7151 sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES; |
7167 sid->u.ssl3.sessionID[0] = (pid >> 8) & 0xff; | 7152 sid->u.ssl3.sessionID[0] = (pid >> 8) & 0xff; |
7168 sid->u.ssl3.sessionID[1] = pid & 0xff; | 7153 sid->u.ssl3.sessionID[1] = pid & 0xff; |
(...skipping 360 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7529 #ifdef NSS_ENABLE_ECC | 7514 #ifdef NSS_ENABLE_ECC |
7530 /* Disable any ECC cipher suites for which we have no cert. */ | 7515 /* Disable any ECC cipher suites for which we have no cert. */ |
7531 ssl3_FilterECCipherSuitesByServerCerts(ss); | 7516 ssl3_FilterECCipherSuitesByServerCerts(ss); |
7532 #endif | 7517 #endif |
7533 | 7518 |
7534 if (IS_DTLS(ss)) { | 7519 if (IS_DTLS(ss)) { |
7535 ssl3_DisableNonDTLSSuites(ss); | 7520 ssl3_DisableNonDTLSSuites(ss); |
7536 } | 7521 } |
7537 | 7522 |
7538 #ifdef PARANOID | 7523 #ifdef PARANOID |
7539 /* Look for a matching cipher suite. */ | 7524 /* Look for an available cipher suite. */ |
7540 j = ssl3_config_match_init(ss); | 7525 j = ssl3_cipher_suite_available_init(ss); |
7541 if (j <= 0) { /* no ciphers are working/supported by PK11 */ | 7526 if (j <= 0) { /* no ciphers are working/supported by PK11 */ |
7542 errCode = PORT_GetError(); /* error code is already set. */ | 7527 errCode = PORT_GetError(); /* error code is already set. */ |
7543 goto alert_loser; | 7528 goto alert_loser; |
7544 } | 7529 } |
7545 #endif | 7530 #endif |
7546 | 7531 |
7547 /* If we already have a session for this client, be sure to pick the | 7532 /* If we already have a session for this client, be sure to pick the |
7548 ** same cipher suite and compression method we picked before. | 7533 ** same cipher suite and compression method we picked before. |
7549 ** This is not a loop, despite appearances. | 7534 ** This is not a loop, despite appearances. |
7550 */ | 7535 */ |
(...skipping 15 matching lines...) Expand all Loading... |
7566 suite = ss->cipherSuites; | 7551 suite = ss->cipherSuites; |
7567 /* Find the entry for the cipher suite used in the cached session. */ | 7552 /* Find the entry for the cipher suite used in the cached session. */ |
7568 for (j = ssl_V3_SUITES_IMPLEMENTED; j > 0; --j, ++suite) { | 7553 for (j = ssl_V3_SUITES_IMPLEMENTED; j > 0; --j, ++suite) { |
7569 if (suite->cipher_suite == sid->u.ssl3.cipherSuite) | 7554 if (suite->cipher_suite == sid->u.ssl3.cipherSuite) |
7570 break; | 7555 break; |
7571 } | 7556 } |
7572 PORT_Assert(j > 0); | 7557 PORT_Assert(j > 0); |
7573 if (j <= 0) | 7558 if (j <= 0) |
7574 break; | 7559 break; |
7575 #ifdef PARANOID | 7560 #ifdef PARANOID |
7576 » /* Double check that the cached cipher suite is still enabled, | 7561 » /* Double check that the cached cipher suite is still enabled and |
7577 » * implemented, and allowed by policy. Might have been disabled. | 7562 » * implemented. Might have been disabled. |
7578 » * The product policy won't change during the process lifetime. | |
7579 * Implemented ("isPresent") shouldn't change for servers. | 7563 * Implemented ("isPresent") shouldn't change for servers. |
7580 */ | 7564 */ |
7581 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) | 7565 » if (!cipher_suite_available(suite)) |
7582 break; | 7566 break; |
7583 #else | 7567 #else |
7584 if (!suite->enabled) | 7568 if (!suite->enabled) |
7585 break; | 7569 break; |
7586 #endif | 7570 #endif |
7587 /* Double check that the cached cipher suite is in the client's list */ | 7571 /* Double check that the cached cipher suite is in the client's list */ |
7588 for (i = 0; i + 1 < suites.len; i += 2) { | 7572 for (i = 0; i + 1 < suites.len; i += 2) { |
7589 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; | 7573 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; |
7590 if (suite_i == suite->cipher_suite) { | 7574 if (suite_i == suite->cipher_suite) { |
7591 ss->ssl3.hs.cipher_suite = suite->cipher_suite; | 7575 ss->ssl3.hs.cipher_suite = suite->cipher_suite; |
7592 ss->ssl3.hs.suite_def = | 7576 ss->ssl3.hs.suite_def = |
7593 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); | 7577 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); |
7594 | 7578 |
7595 /* Use the cached compression method. */ | 7579 /* Use the cached compression method. */ |
7596 ss->ssl3.hs.compression = sid->u.ssl3.compression; | 7580 ss->ssl3.hs.compression = sid->u.ssl3.compression; |
7597 goto compression_found; | 7581 goto compression_found; |
7598 } | 7582 } |
7599 } | 7583 } |
7600 } while (0); | 7584 } while (0); |
7601 | 7585 |
7602 /* START A NEW SESSION */ | 7586 /* START A NEW SESSION */ |
7603 | 7587 |
7604 #ifndef PARANOID | 7588 #ifndef PARANOID |
7605 /* Look for a matching cipher suite. */ | 7589 /* Look for an available cipher suite. */ |
7606 j = ssl3_config_match_init(ss); | 7590 j = ssl3_cipher_suite_available_init(ss); |
7607 if (j <= 0) { /* no ciphers are working/supported by PK11 */ | 7591 if (j <= 0) { /* no ciphers are working/supported by PK11 */ |
7608 errCode = PORT_GetError(); /* error code is already set. */ | 7592 errCode = PORT_GetError(); /* error code is already set. */ |
7609 goto alert_loser; | 7593 goto alert_loser; |
7610 } | 7594 } |
7611 #endif | 7595 #endif |
7612 | 7596 |
7613 /* Select a cipher suite. | 7597 /* Select a cipher suite. |
7614 ** | 7598 ** |
7615 ** NOTE: This suite selection algorithm should be the same as the one in | 7599 ** NOTE: This suite selection algorithm should be the same as the one in |
7616 ** ssl3_HandleV2ClientHello(). | 7600 ** ssl3_HandleV2ClientHello(). |
7617 ** | 7601 ** |
7618 ** If TLS 1.0 is enabled, we could handle the case where the client | 7602 ** If TLS 1.0 is enabled, we could handle the case where the client |
7619 ** offered TLS 1.1 but offered only export cipher suites by choosing TLS | 7603 ** offered TLS 1.1 but offered only export cipher suites by choosing TLS |
7620 ** 1.0 and selecting one of those export cipher suites. However, a secure | 7604 ** 1.0 and selecting one of those export cipher suites. However, a secure |
7621 ** TLS 1.1 client should not have export cipher suites enabled at all, | 7605 ** TLS 1.1 client should not have export cipher suites enabled at all, |
7622 ** and a TLS 1.1 client should definitely not be offering *only* export | 7606 ** and a TLS 1.1 client should definitely not be offering *only* export |
7623 ** cipher suites. Therefore, we refuse to negotiate export cipher suites | 7607 ** cipher suites. Therefore, we refuse to negotiate export cipher suites |
7624 ** with any client that indicates support for TLS 1.1 or higher when we | 7608 ** with any client that indicates support for TLS 1.1 or higher when we |
7625 ** (the server) have TLS 1.1 support enabled. | 7609 ** (the server) have TLS 1.1 support enabled. |
7626 */ | 7610 */ |
7627 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { | 7611 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
7628 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; | 7612 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; |
7629 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE) || | 7613 » if (!cipher_suite_available(suite) || |
7630 !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, | 7614 !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
7631 ss->version)) { | 7615 ss->version)) { |
7632 continue; | 7616 continue; |
7633 } | 7617 } |
7634 for (i = 0; i + 1 < suites.len; i += 2) { | 7618 for (i = 0; i + 1 < suites.len; i += 2) { |
7635 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; | 7619 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; |
7636 if (suite_i == suite->cipher_suite) { | 7620 if (suite_i == suite->cipher_suite) { |
7637 ss->ssl3.hs.cipher_suite = suite->cipher_suite; | 7621 ss->ssl3.hs.cipher_suite = suite->cipher_suite; |
7638 ss->ssl3.hs.suite_def = | 7622 ss->ssl3.hs.suite_def = |
7639 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); | 7623 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); |
7640 goto suite_found; | 7624 goto suite_found; |
7641 } | 7625 } |
7642 } | 7626 } |
7643 } | 7627 } |
7644 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 7628 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
7645 goto alert_loser; | 7629 goto alert_loser; |
7646 | 7630 |
7647 suite_found: | 7631 suite_found: |
7648 /* Look for a matching compression algorithm. */ | 7632 /* Select a compression algorithm. */ |
7649 for (i = 0; i < comps.len; i++) { | 7633 for (i = 0; i < comps.len; i++) { |
7650 if (!compressionEnabled(ss, comps.data[i])) | 7634 if (!compressionEnabled(ss, comps.data[i])) |
7651 continue; | 7635 continue; |
7652 for (j = 0; j < compressionMethodsCount; j++) { | 7636 for (j = 0; j < compressionMethodsCount; j++) { |
7653 if (comps.data[i] == compressions[j]) { | 7637 if (comps.data[i] == compressions[j]) { |
7654 ss->ssl3.hs.compression = | 7638 ss->ssl3.hs.compression = |
7655 (SSLCompressionMethod)compressions[j]; | 7639 (SSLCompressionMethod)compressions[j]; |
7656 goto compression_found; | 7640 goto compression_found; |
7657 } | 7641 } |
7658 } | 7642 } |
(...skipping 283 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7942 SECITEM_FreeItem(pwsName, PR_FALSE); | 7926 SECITEM_FreeItem(pwsName, PR_FALSE); |
7943 } | 7927 } |
7944 rv = SECITEM_CopyItem(NULL, pwsName, name); | 7928 rv = SECITEM_CopyItem(NULL, pwsName, name); |
7945 ssl_ReleaseSpecWriteLock(ss); /***************************/ | 7929 ssl_ReleaseSpecWriteLock(ss); /***************************/ |
7946 if (rv != SECSuccess) { | 7930 if (rv != SECSuccess) { |
7947 errCode = SSL_ERROR_INTERNAL_ERROR_ALERT; | 7931 errCode = SSL_ERROR_INTERNAL_ERROR_ALERT; |
7948 desc = internal_error; | 7932 desc = internal_error; |
7949 ret = SSL_SNI_SEND_ALERT; | 7933 ret = SSL_SNI_SEND_ALERT; |
7950 break; | 7934 break; |
7951 } | 7935 } |
7952 configedCiphers = ssl3_config_match_init(ss); | 7936 configedCiphers = ssl3_cipher_suite_available_init(ss); |
7953 if (configedCiphers <= 0) { | 7937 if (configedCiphers <= 0) { |
7954 /* no ciphers are working/supported */ | 7938 /* no ciphers are working/supported */ |
7955 errCode = PORT_GetError(); | 7939 errCode = PORT_GetError(); |
7956 desc = handshake_failure; | 7940 desc = handshake_failure; |
7957 ret = SSL_SNI_SEND_ALERT; | 7941 ret = SSL_SNI_SEND_ALERT; |
7958 break; | 7942 break; |
7959 } | 7943 } |
7960 /* Need to tell the client that application has picked | 7944 /* Need to tell the client that application has picked |
7961 * the name from the offered list and reconfigured the socket. | 7945 * the name from the offered list and reconfigured the socket. |
7962 */ | 7946 */ |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8139 PORT_Memcpy( | 8123 PORT_Memcpy( |
8140 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length], | 8124 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length], |
8141 random, rand_length); | 8125 random, rand_length); |
8142 | 8126 |
8143 PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0], | 8127 PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0], |
8144 SSL3_RANDOM_LENGTH)); | 8128 SSL3_RANDOM_LENGTH)); |
8145 #ifdef NSS_ENABLE_ECC | 8129 #ifdef NSS_ENABLE_ECC |
8146 /* Disable any ECC cipher suites for which we have no cert. */ | 8130 /* Disable any ECC cipher suites for which we have no cert. */ |
8147 ssl3_FilterECCipherSuitesByServerCerts(ss); | 8131 ssl3_FilterECCipherSuitesByServerCerts(ss); |
8148 #endif | 8132 #endif |
8149 i = ssl3_config_match_init(ss); | 8133 i = ssl3_cipher_suite_available_init(ss); |
8150 if (i <= 0) { | 8134 if (i <= 0) { |
8151 errCode = PORT_GetError(); /* error code is already set. */ | 8135 errCode = PORT_GetError(); /* error code is already set. */ |
8152 goto alert_loser; | 8136 goto alert_loser; |
8153 } | 8137 } |
8154 | 8138 |
8155 /* Select a cipher suite. | 8139 /* Select a cipher suite. |
8156 ** | 8140 ** |
8157 ** NOTE: This suite selection algorithm should be the same as the one in | 8141 ** NOTE: This suite selection algorithm should be the same as the one in |
8158 ** ssl3_HandleClientHello(). | 8142 ** ssl3_HandleClientHello(). |
8159 ** | 8143 ** |
8160 ** See the comments about export cipher suites in ssl3_HandleClientHello(). | 8144 ** See the comments about export cipher suites in ssl3_HandleClientHello(). |
8161 */ | 8145 */ |
8162 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { | 8146 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
8163 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; | 8147 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; |
8164 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE) || | 8148 » if (!cipher_suite_available(suite) || |
8165 !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, | 8149 !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
8166 ss->version)) { | 8150 ss->version)) { |
8167 continue; | 8151 continue; |
8168 } | 8152 } |
8169 for (i = 0; i+2 < suite_length; i += 3) { | 8153 for (i = 0; i+2 < suite_length; i += 3) { |
8170 PRUint32 suite_i = (suites[i] << 16)|(suites[i+1] << 8)|suites[i+2]; | 8154 PRUint32 suite_i = (suites[i] << 16)|(suites[i+1] << 8)|suites[i+2]; |
8171 if (suite_i == suite->cipher_suite) { | 8155 if (suite_i == suite->cipher_suite) { |
8172 ss->ssl3.hs.cipher_suite = suite->cipher_suite; | 8156 ss->ssl3.hs.cipher_suite = suite->cipher_suite; |
8173 ss->ssl3.hs.suite_def = | 8157 ss->ssl3.hs.suite_def = |
8174 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); | 8158 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); |
(...skipping 2274 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
10449 if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { | 10433 if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { |
10450 effectiveExchKeyType = kt_rsa; | 10434 effectiveExchKeyType = kt_rsa; |
10451 } else { | 10435 } else { |
10452 effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; | 10436 effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; |
10453 } | 10437 } |
10454 | 10438 |
10455 if (sid->cached == never_cached && !ss->opt.noCache && ss->sec.cache) { | 10439 if (sid->cached == never_cached && !ss->opt.noCache && ss->sec.cache) { |
10456 /* fill in the sid */ | 10440 /* fill in the sid */ |
10457 sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; | 10441 sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; |
10458 sid->u.ssl3.compression = ss->ssl3.hs.compression; | 10442 sid->u.ssl3.compression = ss->ssl3.hs.compression; |
10459 sid->u.ssl3.policy = ss->ssl3.policy; | |
10460 #ifdef NSS_ENABLE_ECC | 10443 #ifdef NSS_ENABLE_ECC |
10461 sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves; | 10444 sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves; |
10462 #endif | 10445 #endif |
10463 sid->u.ssl3.exchKeyType = effectiveExchKeyType; | 10446 sid->u.ssl3.exchKeyType = effectiveExchKeyType; |
10464 sid->version = ss->version; | 10447 sid->version = ss->version; |
10465 sid->authAlgorithm = ss->sec.authAlgorithm; | 10448 sid->authAlgorithm = ss->sec.authAlgorithm; |
10466 sid->authKeyBits = ss->sec.authKeyBits; | 10449 sid->authKeyBits = ss->sec.authKeyBits; |
10467 sid->keaType = ss->sec.keaType; | 10450 sid->keaType = ss->sec.keaType; |
10468 sid->keaKeyBits = ss->sec.keaKeyBits; | 10451 sid->keaKeyBits = ss->sec.keaKeyBits; |
10469 sid->lastAccessTime = sid->creationTime = ssl_Time(); | 10452 sid->lastAccessTime = sid->creationTime = ssl_Time(); |
(...skipping 1057 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
11527 ** | 11510 ** |
11528 */ | 11511 */ |
11529 static SECStatus | 11512 static SECStatus |
11530 ssl3_InitState(sslSocket *ss) | 11513 ssl3_InitState(sslSocket *ss) |
11531 { | 11514 { |
11532 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 11515 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
11533 | 11516 |
11534 if (ss->ssl3.initialized) | 11517 if (ss->ssl3.initialized) |
11535 return SECSuccess; /* Function should be idempotent */ | 11518 return SECSuccess; /* Function should be idempotent */ |
11536 | 11519 |
11537 ss->ssl3.policy = SSL_ALLOWED; | |
11538 | |
11539 ssl_GetSpecWriteLock(ss); | 11520 ssl_GetSpecWriteLock(ss); |
11540 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; | 11521 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; |
11541 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; | 11522 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; |
11542 ss->ssl3.hs.sendingSCSV = PR_FALSE; | 11523 ss->ssl3.hs.sendingSCSV = PR_FALSE; |
11543 ssl3_InitCipherSpec(ss, ss->ssl3.crSpec); | 11524 ssl3_InitCipherSpec(ss, ss->ssl3.crSpec); |
11544 ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); | 11525 ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); |
11545 | 11526 |
11546 ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; | 11527 ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; |
11547 #ifdef NSS_ENABLE_ECC | 11528 #ifdef NSS_ENABLE_ECC |
11548 ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); | 11529 ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
11638 !(ss->stepDownKeyPair = ssl3_NewKeyPair(privKey, pubKey))) { | 11619 !(ss->stepDownKeyPair = ssl3_NewKeyPair(privKey, pubKey))) { |
11639 ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); | 11620 ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); |
11640 rv = SECFailure; | 11621 rv = SECFailure; |
11641 } | 11622 } |
11642 } | 11623 } |
11643 #endif | 11624 #endif |
11644 return rv; | 11625 return rv; |
11645 } | 11626 } |
11646 | 11627 |
11647 | 11628 |
11648 /* record the export policy for this cipher suite */ | |
11649 SECStatus | |
11650 ssl3_SetPolicy(ssl3CipherSuite which, int policy) | |
11651 { | |
11652 ssl3CipherSuiteCfg *suite; | |
11653 | |
11654 suite = ssl_LookupCipherSuiteCfg(which, cipherSuites); | |
11655 if (suite == NULL) { | |
11656 return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */ | |
11657 } | |
11658 suite->policy = policy; | |
11659 | |
11660 return SECSuccess; | |
11661 } | |
11662 | |
11663 SECStatus | |
11664 ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *oPolicy) | |
11665 { | |
11666 ssl3CipherSuiteCfg *suite; | |
11667 PRInt32 policy; | |
11668 SECStatus rv; | |
11669 | |
11670 suite = ssl_LookupCipherSuiteCfg(which, cipherSuites); | |
11671 if (suite) { | |
11672 policy = suite->policy; | |
11673 rv = SECSuccess; | |
11674 } else { | |
11675 policy = SSL_NOT_ALLOWED; | |
11676 rv = SECFailure; /* err code was set by Lookup. */ | |
11677 } | |
11678 *oPolicy = policy; | |
11679 return rv; | |
11680 } | |
11681 | |
11682 /* record the user preference for this suite */ | 11629 /* record the user preference for this suite */ |
11683 SECStatus | 11630 SECStatus |
11684 ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool enabled) | 11631 ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool enabled) |
11685 { | 11632 { |
11686 ssl3CipherSuiteCfg *suite; | 11633 ssl3CipherSuiteCfg *suite; |
11687 | 11634 |
11688 suite = ssl_LookupCipherSuiteCfg(which, cipherSuites); | 11635 suite = ssl_LookupCipherSuiteCfg(which, cipherSuites); |
11689 if (suite == NULL) { | 11636 if (suite == NULL) { |
11690 return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */ | 11637 return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */ |
11691 } | 11638 } |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
11738 pref = suite->enabled; | 11685 pref = suite->enabled; |
11739 rv = SECSuccess; | 11686 rv = SECSuccess; |
11740 } else { | 11687 } else { |
11741 pref = SSL_NOT_ALLOWED; | 11688 pref = SSL_NOT_ALLOWED; |
11742 rv = SECFailure; /* err code was set by Lookup. */ | 11689 rv = SECFailure; /* err code was set by Lookup. */ |
11743 } | 11690 } |
11744 *enabled = pref; | 11691 *enabled = pref; |
11745 return rv; | 11692 return rv; |
11746 } | 11693 } |
11747 | 11694 |
11748 /* copy global default policy into socket. */ | 11695 /* copy global default ciphersuite preferences into socket. */ |
11749 void | 11696 void |
11750 ssl3_InitSocketPolicy(sslSocket *ss) | 11697 ssl3_InitSocketCipherSuites(sslSocket *ss) |
11751 { | 11698 { |
11752 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); | 11699 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); |
11753 } | 11700 } |
11754 | 11701 |
11755 SECStatus | 11702 SECStatus |
11756 ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, | 11703 ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, |
11757 unsigned char *out, | 11704 unsigned char *out, |
11758 unsigned int *outLen, | 11705 unsigned int *outLen, |
11759 unsigned int outLenMax) { | 11706 unsigned int outLenMax) { |
11760 PRBool isTLS; | 11707 PRBool isTLS; |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
11807 memcpy(out, &ss->ssl3.hs.finishedMsgs.sFinished[index], len); | 11754 memcpy(out, &ss->ssl3.hs.finishedMsgs.sFinished[index], len); |
11808 } | 11755 } |
11809 | 11756 |
11810 rv = SECSuccess; | 11757 rv = SECSuccess; |
11811 | 11758 |
11812 loser: | 11759 loser: |
11813 ssl_ReleaseSSL3HandshakeLock(ss); | 11760 ssl_ReleaseSSL3HandshakeLock(ss); |
11814 return rv; | 11761 return rv; |
11815 } | 11762 } |
11816 | 11763 |
11817 /* ssl3_config_match_init must have already been called by | 11764 /* ssl3_cipher_suite_available_init must have already been called by the caller |
11818 * the caller of this function. | 11765 * of this function. |
11819 */ | 11766 */ |
11820 SECStatus | 11767 SECStatus |
11821 ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size) | 11768 ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size) |
11822 { | 11769 { |
11823 int i, count = 0; | 11770 int i, count = 0; |
11824 | 11771 |
11825 PORT_Assert(ss != 0); | 11772 PORT_Assert(ss != 0); |
11826 if (!ss) { | 11773 if (!ss) { |
11827 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); | 11774 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); |
11828 return SECFailure; | 11775 return SECFailure; |
11829 } | 11776 } |
11830 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { | 11777 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
11831 *size = 0; | 11778 *size = 0; |
11832 return SECSuccess; | 11779 return SECSuccess; |
11833 } | 11780 } |
11834 if (cs == NULL) { | 11781 if (cs == NULL) { |
11835 » *size = count_cipher_suites(ss, SSL_ALLOWED, PR_TRUE); | 11782 » *size = count_cipher_suites(ss); |
11836 return SECSuccess; | 11783 return SECSuccess; |
11837 } | 11784 } |
11838 | 11785 |
11839 /* ssl3_config_match_init was called by the caller of this function. */ | 11786 /* ssl3_cipher_suite_available_init was called by the caller of this |
| 11787 * function. */ |
11840 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 11788 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
11841 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 11789 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
11842 » if (config_match(suite, SSL_ALLOWED, PR_TRUE)) { | 11790 » if (cipher_suite_available(suite)) { |
11843 if (cs != NULL) { | 11791 if (cs != NULL) { |
11844 *cs++ = 0x00; | 11792 *cs++ = 0x00; |
11845 *cs++ = (suite->cipher_suite >> 8) & 0xFF; | 11793 *cs++ = (suite->cipher_suite >> 8) & 0xFF; |
11846 *cs++ = suite->cipher_suite & 0xFF; | 11794 *cs++ = suite->cipher_suite & 0xFF; |
11847 } | 11795 } |
11848 count++; | 11796 count++; |
11849 } | 11797 } |
11850 } | 11798 } |
11851 *size = count; | 11799 *size = count; |
11852 return SECSuccess; | 11800 return SECSuccess; |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
11970 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 11918 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
11971 } | 11919 } |
11972 } | 11920 } |
11973 | 11921 |
11974 ss->ssl3.initialized = PR_FALSE; | 11922 ss->ssl3.initialized = PR_FALSE; |
11975 | 11923 |
11976 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 11924 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
11977 } | 11925 } |
11978 | 11926 |
11979 /* End of ssl3con.c */ | 11927 /* End of ssl3con.c */ |
OLD | NEW |