OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 3916 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3927 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | 3927 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
3928 return SECFailure; | 3928 return SECFailure; |
3929 } | 3929 } |
3930 ss->ssl3.hs.hashType = handshake_hash_single; | 3930 ss->ssl3.hs.hashType = handshake_hash_single; |
3931 | 3931 |
3932 if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { | 3932 if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { |
3933 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3933 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
3934 return SECFailure; | 3934 return SECFailure; |
3935 } | 3935 } |
3936 | 3936 |
3937 #ifdef _WIN32 | |
3938 /* A backup SHA-1 hash for a potential client auth signature. */ | 3937 /* A backup SHA-1 hash for a potential client auth signature. */ |
3939 if (!ss->sec.isServer) { | 3938 if (!ss->sec.isServer) { |
3940 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_SHA1); | 3939 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_SHA1); |
3941 if (ss->ssl3.hs.md5 == NULL) { | 3940 if (ss->ssl3.hs.md5 == NULL) { |
3942 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | 3941 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
3943 return SECFailure; | 3942 return SECFailure; |
3944 } | 3943 } |
3945 | 3944 |
3946 if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) { | 3945 if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) { |
3947 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | 3946 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
3948 return SECFailure; | 3947 return SECFailure; |
3949 } | 3948 } |
3950 } | 3949 } |
3951 #endif | |
3952 } else { | 3950 } else { |
3953 /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or | 3951 /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or |
3954 * created successfully. */ | 3952 * created successfully. */ |
3955 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5); | 3953 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5); |
3956 if (ss->ssl3.hs.md5 == NULL) { | 3954 if (ss->ssl3.hs.md5 == NULL) { |
3957 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | 3955 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); |
3958 return SECFailure; | 3956 return SECFailure; |
3959 } | 3957 } |
3960 ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1); | 3958 ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1); |
3961 if (ss->ssl3.hs.sha == NULL) { | 3959 if (ss->ssl3.hs.sha == NULL) { |
(...skipping 3080 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7042 } | 7040 } |
7043 if (ss->ssl3.platformClientKey) { | 7041 if (ss->ssl3.platformClientKey) { |
7044 ssl_FreePlatformKey(ss->ssl3.platformClientKey); | 7042 ssl_FreePlatformKey(ss->ssl3.platformClientKey); |
7045 ss->ssl3.platformClientKey = (PlatformKey)NULL; | 7043 ss->ssl3.platformClientKey = (PlatformKey)NULL; |
7046 } | 7044 } |
7047 goto send_no_certificate; | 7045 goto send_no_certificate; |
7048 } | 7046 } |
7049 | 7047 |
7050 if (isTLS12 && ss->ssl3.hs.md5) { | 7048 if (isTLS12 && ss->ssl3.hs.md5) { |
7051 PRBool need_backup_hash = PR_FALSE; | 7049 PRBool need_backup_hash = PR_FALSE; |
7050 PRBool prefer_sha1 = PR_FALSE; | |
7052 #ifdef _WIN32 | 7051 #ifdef _WIN32 |
7053 /* If the key is in CAPI, assume conservatively that the CAPI | 7052 /* If the key is in CAPI, assume conservatively that the CAPI |
7054 * service provider may be unable to sign SHA-256 hashes. | 7053 * service provider may be unable to sign SHA-256 hashes. |
7055 » » * Use SHA-1 if the server supports it. */ | 7054 » » */ |
7056 if (ss->ssl3.platformClientKey->dwKeySpec != | 7055 if (ss->ssl3.platformClientKey->dwKeySpec != |
7057 CERT_NCRYPT_KEY_SPEC) { | 7056 CERT_NCRYPT_KEY_SPEC) { |
7057 /* CAPI only supports RSA and DSA signatures, so we don't | |
7058 * need to check the key type. */ | |
7059 prefer_sha1 = PR_TRUE; | |
7060 } | |
7061 #endif /* _WIN32 */ | |
7062 /* If the key is a 1024-bit RSA or DSA key, assume | |
7063 * conservatively that it may be unable to sign SHA-256 | |
7064 * hashes. This is the case for older Estonian ID cards that | |
7065 * have 1024-bit RSA keys. In FIPS 186-2 and older, DSA key | |
7066 * size is at most 1024 bits and the hash function must be | |
7067 * SHA-1. | |
7068 */ | |
7069 if (!prefer_sha1) { | |
7070 SECKEYPublicKey *pubk = | |
7071 CERT_ExtractPublicKey(ss->ssl3.clientCertificate); | |
7072 if (pubk == NULL) { | |
7073 errCode = SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE; | |
7074 goto loser; | |
7075 } | |
7076 if (pubk->keyType == rsaKey || pubk->keyType == dsaKey) { | |
7077 prefer_sha1 = SECKEY_PublicKeyStrength(pubk) <= 128; | |
wtc
2013/09/05 21:53:21
SECKEY_PublicKeyStrength returns the key size in b
| |
7078 } | |
7079 SECKEY_DestroyPublicKey(pubk); | |
7080 } | |
7081 /* Use SHA-1 if the server supports it. */ | |
7082 if (prefer_sha1) { | |
7058 for (i = 0; i < algorithms.len; i += 2) { | 7083 for (i = 0; i < algorithms.len; i += 2) { |
7059 /* CAPI only supports RSA and DSA signatures. */ | |
7060 if (algorithms.data[i] == tls_hash_sha1 && | 7084 if (algorithms.data[i] == tls_hash_sha1 && |
7061 (algorithms.data[i+1] == tls_sig_rsa || | 7085 (algorithms.data[i+1] == tls_sig_rsa || |
7062 algorithms.data[i+1] == tls_sig_dsa)) { | 7086 algorithms.data[i+1] == tls_sig_dsa)) { |
7063 need_backup_hash = PR_TRUE; | 7087 need_backup_hash = PR_TRUE; |
7064 break; | 7088 break; |
7065 } | 7089 } |
7066 } | 7090 } |
7067 } | 7091 } |
7068 #endif /* _WIN32 */ | |
7069 if (!need_backup_hash) { | 7092 if (!need_backup_hash) { |
7070 PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE); | 7093 PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE); |
7071 ss->ssl3.hs.md5 = NULL; | 7094 ss->ssl3.hs.md5 = NULL; |
7072 } | 7095 } |
7073 } | 7096 } |
7074 break; /* not an error */ | 7097 break; /* not an error */ |
7075 } | 7098 } |
7076 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 7099 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
7077 /* check what the callback function returned */ | 7100 /* check what the callback function returned */ |
7078 if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) { | 7101 if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) { |
(...skipping 5269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12348 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12371 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
12349 } | 12372 } |
12350 } | 12373 } |
12351 | 12374 |
12352 ss->ssl3.initialized = PR_FALSE; | 12375 ss->ssl3.initialized = PR_FALSE; |
12353 | 12376 |
12354 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12377 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
12355 } | 12378 } |
12356 | 12379 |
12357 /* End of ssl3con.c */ | 12380 /* End of ssl3con.c */ |
OLD | NEW |