OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 2797 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2808 PRInt32 flags) | 2808 PRInt32 flags) |
2809 { | 2809 { |
2810 sslBuffer * wrBuf = &ss->sec.writeBuf; | 2810 sslBuffer * wrBuf = &ss->sec.writeBuf; |
2811 SECStatus rv; | 2811 SECStatus rv; |
2812 PRInt32 totalSent = 0; | 2812 PRInt32 totalSent = 0; |
2813 PRBool capRecordVersion; | 2813 PRBool capRecordVersion; |
2814 | 2814 |
2815 SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d", | 2815 SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d", |
2816 SSL_GETPID(), ss->fd, ssl3_DecodeContentType(type), | 2816 SSL_GETPID(), ss->fd, ssl3_DecodeContentType(type), |
2817 nIn)); | 2817 nIn)); |
2818 PRINT_BUF(3, (ss, "Send record (plain text)", pIn, nIn)); | 2818 PRINT_BUF(50, (ss, "Send record (plain text)", pIn, nIn)); |
agl
2013/09/13 15:03:29
This seems to be an unrelated change.
wtc
2013/09/18 22:57:23
Done.
| |
2819 | 2819 |
2820 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | 2820 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
2821 | 2821 |
2822 capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0); | 2822 capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0); |
2823 | 2823 |
2824 if (capRecordVersion) { | 2824 if (capRecordVersion) { |
2825 /* ssl_SEND_FLAG_CAP_RECORD_VERSION can only be used with the | 2825 /* ssl_SEND_FLAG_CAP_RECORD_VERSION can only be used with the |
2826 * TLS initial ClientHello. */ | 2826 * TLS initial ClientHello. */ |
2827 PORT_Assert(!IS_DTLS(ss)); | 2827 PORT_Assert(!IS_DTLS(ss)); |
2828 PORT_Assert(!ss->firstHsDone); | 2828 PORT_Assert(!ss->firstHsDone); |
(...skipping 4430 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7259 } | 7259 } |
7260 if (certChain) { | 7260 if (certChain) { |
7261 CERT_DestroyCertificateList(certChain); | 7261 CERT_DestroyCertificateList(certChain); |
7262 } | 7262 } |
7263 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 7263 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
7264 rv = SECFailure; | 7264 rv = SECFailure; |
7265 } | 7265 } |
7266 return rv; | 7266 return rv; |
7267 } | 7267 } |
7268 | 7268 |
7269 PRBool | 7269 static SECStatus |
7270 ssl3_CanFalseStart(sslSocket *ss) { | 7270 ssl3_CheckFalseStart(sslSocket *ss) |
7271 PRBool rv; | 7271 { |
7272 SECStatus rv; | |
7273 PRBool maybeFalseStart = PR_TRUE; | |
7272 | 7274 |
7273 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 7275 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
7276 PORT_Assert( !ss->ssl3.hs.authCertificatePending ); | |
7274 | 7277 |
7275 /* XXX: does not take into account whether we are waiting for | 7278 /* An attacker can control the selected ciphersuite so we only wish to |
7276 * SSL_AuthCertificateComplete or SSL_RestartHandshakeAfterCertReq. If/when | 7279 * do False Start in the case that the selected ciphersuite is |
7277 * that is done, this function could return different results each time it | 7280 * sufficiently strong that the attack can gain no advantage. |
7278 * would be called. | 7281 * Therefore we always require an 80-bit cipher. */ |
7279 */ | |
7280 | 7282 |
7281 ssl_GetSpecReadLock(ss); | 7283 ssl_GetSpecReadLock(ss); |
7282 rv = ss->opt.enableFalseStart && | 7284 if (ss->ssl3.cwSpec->cipher_def->secret_key_size < 10) { |
7283 » !ss->sec.isServer && | 7285 » ss->ssl3.hs.canFalseStart = PR_FALSE; |
7284 » !ss->ssl3.hs.isResuming && | 7286 » maybeFalseStart = PR_FALSE; |
7285 » ss->ssl3.cwSpec && | 7287 } |
7288 ssl_ReleaseSpecReadLock(ss); | |
7289 if (!maybeFalseStart) { | |
7290 » return SECSuccess; | |
7291 } | |
7286 | 7292 |
7287 » /* An attacker can control the selected ciphersuite so we only wish to | 7293 if (!ss->canFalseStartCallback) { |
7288 » * do False Start in the case that the selected ciphersuite is | 7294 » rv = SSL_DefaultCanFalseStart(ss->fd, &ss->ssl3.hs.canFalseStart); |
7289 » * sufficiently strong that the attack can gain no advantage. | 7295 } else { |
7290 » * Therefore we require an 80-bit cipher and a forward-secret key | 7296 » rv = (ss->canFalseStartCallback)(ss->fd, |
7291 » * exchange. */ | 7297 » » » » » ss->canFalseStartCallbackData, |
7292 » ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && | 7298 » » » » » &ss->ssl3.hs.canFalseStart); |
7293 » (ss->ssl3.hs.kea_def->kea == kea_dhe_dss || | 7299 } |
7294 » ss->ssl3.hs.kea_def->kea == kea_dhe_rsa || | 7300 |
7295 » ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || | 7301 if (rv != SECSuccess) { |
7296 » ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa); | 7302 » ss->ssl3.hs.canFalseStart = PR_FALSE; |
7297 ssl_ReleaseSpecReadLock(ss); | 7303 } |
7304 | |
7298 return rv; | 7305 return rv; |
7299 } | 7306 } |
7300 | 7307 |
7301 static SECStatus ssl3_SendClientSecondRound(sslSocket *ss); | 7308 static SECStatus ssl3_SendClientSecondRound(sslSocket *ss); |
7302 | 7309 |
7303 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | 7310 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
7304 * ssl3 Server Hello Done message. | 7311 * ssl3 Server Hello Done message. |
7305 * Caller must hold Handshake and RecvBuf locks. | 7312 * Caller must hold Handshake and RecvBuf locks. |
7306 */ | 7313 */ |
7307 static SECStatus | 7314 static SECStatus |
7308 ssl3_HandleServerHelloDone(sslSocket *ss) | 7315 ssl3_HandleServerHelloDone(sslSocket *ss) |
7309 { | 7316 { |
7310 SECStatus rv; | 7317 SECStatus rv; |
7311 SSL3WaitState ws = ss->ssl3.hs.ws; | 7318 SSL3WaitState ws = ss->ssl3.hs.ws; |
7312 | 7319 |
7313 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello_done handshake", | 7320 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello_done handshake", |
7314 SSL_GETPID(), ss->fd)); | 7321 SSL_GETPID(), ss->fd)); |
7315 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 7322 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
7316 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 7323 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
7317 | 7324 |
7318 if (ws != wait_hello_done && | 7325 if (ws != wait_hello_done && |
7319 ws != wait_server_cert && | 7326 ws != wait_server_cert && |
7320 ws != wait_server_key && | 7327 ws != wait_server_key && |
7321 ws != wait_cert_request) { | 7328 ws != wait_cert_request) { |
7322 SSL3_SendAlert(ss, alert_fatal, unexpected_message); | 7329 SSL3_SendAlert(ss, alert_fatal, unexpected_message); |
7323 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE); | 7330 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE); |
7324 return SECFailure; | 7331 return SECFailure; |
7325 } | 7332 } |
7326 | 7333 |
7334 ss->enoughFirstHsDone = PR_TRUE; | |
wtc
2013/09/18 22:57:23
I think we need to wait until we have called ssl3_
| |
7327 rv = ssl3_SendClientSecondRound(ss); | 7335 rv = ssl3_SendClientSecondRound(ss); |
7328 | 7336 |
7329 return rv; | 7337 return rv; |
7330 } | 7338 } |
7331 | 7339 |
7332 /* Called from ssl3_HandleServerHelloDone and ssl3_AuthCertificateComplete. | 7340 /* Called from ssl3_HandleServerHelloDone and ssl3_AuthCertificateComplete. |
7333 * | 7341 * |
7334 * Caller must hold Handshake and RecvBuf locks. | 7342 * Caller must hold Handshake and RecvBuf locks. |
7335 */ | 7343 */ |
7336 static SECStatus | 7344 static SECStatus |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7415 if (rv != SECSuccess) { | 7423 if (rv != SECSuccess) { |
7416 goto loser; /* err is set. */ | 7424 goto loser; /* err is set. */ |
7417 } | 7425 } |
7418 } | 7426 } |
7419 | 7427 |
7420 rv = ssl3_SendChangeCipherSpecs(ss); | 7428 rv = ssl3_SendChangeCipherSpecs(ss); |
7421 if (rv != SECSuccess) { | 7429 if (rv != SECSuccess) { |
7422 goto loser; /* err code was set. */ | 7430 goto loser; /* err code was set. */ |
7423 } | 7431 } |
7424 | 7432 |
7425 /* XXX: If the server's certificate hasn't been authenticated by this | |
7426 * point, then we may be leaking this NPN message to an attacker. | |
7427 */ | |
7428 if (!ss->firstHsDone) { | 7433 if (!ss->firstHsDone) { |
7434 /* XXX: If the server's certificate hasn't been authenticated by this | |
7435 * point, then we may be leaking this NPN message to an attacker. | |
7436 */ | |
7429 rv = ssl3_SendNextProto(ss); | 7437 rv = ssl3_SendNextProto(ss); |
7430 if (rv != SECSuccess) { | 7438 if (rv != SECSuccess) { |
7431 goto loser; /* err code was set. */ | 7439 goto loser; /* err code was set. */ |
7432 } | 7440 } |
7433 } | 7441 } |
7442 | |
7434 rv = ssl3_SendEncryptedExtensions(ss); | 7443 rv = ssl3_SendEncryptedExtensions(ss); |
7435 if (rv != SECSuccess) { | 7444 if (rv != SECSuccess) { |
7436 goto loser; /* err code was set. */ | 7445 goto loser; /* err code was set. */ |
7437 } | 7446 } |
7438 | 7447 |
7448 if (!ss->firstHsDone) { | |
7449 if (ss->opt.enableFalseStart) { | |
7450 if (!ss->ssl3.hs.authCertificatePending) { | |
7451 /* When we fix bug 589047, we will need to know whether we are | |
7452 * false starting before we try to flush the client second | |
7453 * round to the network. With that in mind, we purposefully | |
7454 * call ssl3_CheckFalseStart before calling ssl3_SendFinished, | |
7455 * which includes a call to ssl3_FlushHandshake, so that | |
7456 * no application develops a reliance on such flushing being | |
7457 * done before its false start callback is called. | |
7458 */ | |
7459 ssl_ReleaseXmitBufLock(ss); | |
7460 rv = ssl3_CheckFalseStart(ss); | |
7461 ssl_GetXmitBufLock(ss); | |
7462 if (rv != SECSuccess) { | |
7463 goto loser; | |
7464 } | |
7465 } else { | |
7466 /* The certificate authentication and the server's Finished | |
7467 * message are racing each other. If the certificate | |
7468 * authentication wins, then we will try to false start in | |
7469 * ssl3_AuthCertificateComplete. | |
7470 */ | |
7471 SSL_TRC(3, ("%d: SSL3[%p]: deferring false start check because" | |
7472 " certificate authentication is still pending.", | |
7473 SSL_GETPID(), ss->fd)); | |
7474 } | |
7475 } | |
7476 } | |
7477 | |
7439 rv = ssl3_SendFinished(ss, 0); | 7478 rv = ssl3_SendFinished(ss, 0); |
7440 if (rv != SECSuccess) { | 7479 if (rv != SECSuccess) { |
7441 goto loser; /* err code was set. */ | 7480 goto loser; /* err code was set. */ |
7442 } | 7481 } |
7443 | 7482 |
7444 ssl_ReleaseXmitBufLock(ss); /*******************************/ | 7483 ssl_ReleaseXmitBufLock(ss); /*******************************/ |
7445 | 7484 |
7446 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) | 7485 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) |
7447 ss->ssl3.hs.ws = wait_new_session_ticket; | 7486 ss->ssl3.hs.ws = wait_new_session_ticket; |
7448 else | 7487 else |
7449 ss->ssl3.hs.ws = wait_change_cipher; | 7488 ss->ssl3.hs.ws = wait_change_cipher; |
7450 | 7489 |
7451 /* Do the handshake callback for sslv3 here, if we can false start. */ | 7490 if (ss->handshakeCallback && |
7452 if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { | 7491 » (ss->ssl3.hs.canFalseStart && !ss->canFalseStartCallback)) { |
7492 » /* Call the handshake callback here for backwards compatibility with | |
7493 » * applications that were using false start before | |
7494 » * canFalseStartCallback was added. Note that we do this after calling | |
7495 » * ssl3_SendFinished, which includes a call to ssl3_FlushHandshake, | |
7496 » * just in case the application is relying on having the handshake | |
7497 » * messages flushed to the network before its handshake callback is | |
7498 » * called. | |
Ryan Sleevi
2013/09/14 02:13:31
This was Brian's concession to Chromium, but as yo
wtc
2013/09/16 16:14:48
I should have pointed out that Brian's patch also
| |
7499 » */ | |
7453 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | 7500 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
7454 } | 7501 } |
7455 | 7502 |
7456 return SECSuccess; | 7503 return SECSuccess; |
7457 | 7504 |
7458 loser: | 7505 loser: |
7459 ssl_ReleaseXmitBufLock(ss); | 7506 ssl_ReleaseXmitBufLock(ss); |
7460 return rv; | 7507 return rv; |
7461 } | 7508 } |
7462 | 7509 |
(...skipping 2598 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10061 | 10108 |
10062 if (rv == SECWouldBlock) { | 10109 if (rv == SECWouldBlock) { |
10063 if (ss->sec.isServer) { | 10110 if (ss->sec.isServer) { |
10064 errCode = SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS; | 10111 errCode = SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS; |
10065 rv = SECFailure; | 10112 rv = SECFailure; |
10066 goto loser; | 10113 goto loser; |
10067 } | 10114 } |
10068 | 10115 |
10069 ss->ssl3.hs.authCertificatePending = PR_TRUE; | 10116 ss->ssl3.hs.authCertificatePending = PR_TRUE; |
10070 rv = SECSuccess; | 10117 rv = SECSuccess; |
10071 | |
10072 /* XXX: Async cert validation and False Start don't work together | |
10073 * safely yet; if we leave False Start enabled, we may end up false | |
10074 * starting (sending application data) before we | |
10075 * SSL_AuthCertificateComplete has been called. | |
10076 */ | |
10077 ss->opt.enableFalseStart = PR_FALSE; | |
10078 } | 10118 } |
10079 | 10119 |
10080 if (rv != SECSuccess) { | 10120 if (rv != SECSuccess) { |
10081 ssl3_SendAlertForCertError(ss, errCode); | 10121 ssl3_SendAlertForCertError(ss, errCode); |
10082 goto loser; | 10122 goto loser; |
10083 } | 10123 } |
10084 } | 10124 } |
10085 | 10125 |
10086 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert); | 10126 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert); |
10087 ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid); | 10127 ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid); |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10192 | 10232 |
10193 ss->ssl3.hs.authCertificatePending = PR_FALSE; | 10233 ss->ssl3.hs.authCertificatePending = PR_FALSE; |
10194 | 10234 |
10195 if (error != 0) { | 10235 if (error != 0) { |
10196 ss->ssl3.hs.restartTarget = ssl3_AlwaysFail; | 10236 ss->ssl3.hs.restartTarget = ssl3_AlwaysFail; |
10197 ssl3_SendAlertForCertError(ss, error); | 10237 ssl3_SendAlertForCertError(ss, error); |
10198 rv = SECSuccess; | 10238 rv = SECSuccess; |
10199 } else if (ss->ssl3.hs.restartTarget != NULL) { | 10239 } else if (ss->ssl3.hs.restartTarget != NULL) { |
10200 sslRestartTarget target = ss->ssl3.hs.restartTarget; | 10240 sslRestartTarget target = ss->ssl3.hs.restartTarget; |
10201 ss->ssl3.hs.restartTarget = NULL; | 10241 ss->ssl3.hs.restartTarget = NULL; |
10242 | |
10243 if (target == ssl3_FinishHandshake) { | |
10244 SSL_TRC(3,("%d: SSL3[%p]: certificate authentication lost the race" | |
10245 " with peer's finished message", SSL_GETPID(), ss->fd)); | |
10246 } | |
10247 | |
10202 rv = target(ss); | 10248 rv = target(ss); |
10203 /* Even if we blocked here, we have accomplished enough to claim | 10249 /* Even if we blocked here, we have accomplished enough to claim |
10204 * success. Any remaining work will be taken care of by subsequent | 10250 * success. Any remaining work will be taken care of by subsequent |
10205 * calls to SSL_ForceHandshake/PR_Send/PR_Read/etc. | 10251 * calls to SSL_ForceHandshake/PR_Send/PR_Read/etc. |
10206 */ | 10252 */ |
10207 if (rv == SECWouldBlock) { | 10253 if (rv == SECWouldBlock) { |
10208 rv = SECSuccess; | 10254 rv = SECSuccess; |
10209 } | 10255 } |
10210 } else { | 10256 } else { |
10211 » rv = SECSuccess; | 10257 » PORT_Assert(!ss->firstHsDone); |
10258 » PORT_Assert(!ss->sec.isServer); | |
10259 » PORT_Assert(!ss->ssl3.hs.isResuming); | |
10260 » PORT_Assert(ss->ssl3.hs.ws == wait_change_cipher || | |
10261 » » ss->ssl3.hs.ws == wait_finished ||» » | |
10262 » » ss->ssl3.hs.ws == wait_new_session_ticket); | |
10263 | |
10264 » SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication won the race with" | |
10265 » " peer's finished message", SSL_GETPID(), ss->fd)); | |
10266 | |
10267 » /* ssl3_SendClientSecondRound deferred the false start check because | |
10268 » * certificate authentication was pending, so we have to do it now. | |
10269 » */ | |
10270 » if (ss->opt.enableFalseStart && | |
10271 » !ss->firstHsDone && | |
10272 » !ss->sec.isServer && | |
10273 » !ss->ssl3.hs.isResuming && | |
10274 » (ss->ssl3.hs.ws == wait_change_cipher || | |
10275 » ss->ssl3.hs.ws == wait_finished ||»» | |
10276 » ss->ssl3.hs.ws == wait_new_session_ticket)) { | |
10277 » rv = ssl3_CheckFalseStart(ss); | |
10278 » if (rv == SECSuccess && | |
10279 » » ss->handshakeCallback && | |
10280 » » (ss->ssl3.hs.canFalseStart && !ss->canFalseStartCallback)) { | |
10281 » » /* Call the handshake callback here for backwards compatibility | |
10282 » » * with applications that were using false start before | |
10283 » » * canFalseStartCallback was added. | |
10284 » » */ | |
10285 » » (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | |
10286 » } | |
wtc
2013/09/18 22:57:23
It seems that we should still set rv to SECSuccess
| |
10287 » } else { | |
10288 » rv = SECSuccess; | |
10289 » } | |
10212 } | 10290 } |
10213 | 10291 |
10214 done: | 10292 done: |
10215 ssl_ReleaseSSL3HandshakeLock(ss); | 10293 ssl_ReleaseSSL3HandshakeLock(ss); |
10216 ssl_ReleaseRecvBufLock(ss); | 10294 ssl_ReleaseRecvBufLock(ss); |
10217 | 10295 |
10218 return rv; | 10296 return rv; |
10219 } | 10297 } |
10220 | 10298 |
10221 static SECStatus | 10299 static SECStatus |
(...skipping 675 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10897 return SECWouldBlock; | 10975 return SECWouldBlock; |
10898 } | 10976 } |
10899 | 10977 |
10900 rv = ssl3_FinishHandshake(ss); | 10978 rv = ssl3_FinishHandshake(ss); |
10901 return rv; | 10979 return rv; |
10902 } | 10980 } |
10903 | 10981 |
10904 SECStatus | 10982 SECStatus |
10905 ssl3_FinishHandshake(sslSocket * ss) | 10983 ssl3_FinishHandshake(sslSocket * ss) |
10906 { | 10984 { |
10985 PRBool falseStarted; | |
10986 | |
10907 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 10987 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
10908 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 10988 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
10909 PORT_Assert( ss->ssl3.hs.restartTarget == NULL ); | 10989 PORT_Assert( ss->ssl3.hs.restartTarget == NULL ); |
10910 | 10990 |
10911 /* The first handshake is now completed. */ | 10991 /* The first handshake is now completed. */ |
10912 ss->handshake = NULL; | 10992 ss->handshake = NULL; |
10913 ss->firstHsDone = PR_TRUE; | 10993 ss->firstHsDone = PR_TRUE; |
10994 ss->enoughFirstHsDone = PR_TRUE; | |
10914 | 10995 |
10915 if (ss->ssl3.hs.cacheSID) { | 10996 if (ss->ssl3.hs.cacheSID) { |
10916 (*ss->sec.cache)(ss->sec.ci.sid); | 10997 (*ss->sec.cache)(ss->sec.ci.sid); |
10917 ss->ssl3.hs.cacheSID = PR_FALSE; | 10998 ss->ssl3.hs.cacheSID = PR_FALSE; |
10918 } | 10999 } |
10919 | 11000 |
10920 ss->ssl3.hs.ws = idle_handshake; | 11001 falseStarted = ss->ssl3.hs.canFalseStart; |
11002 ss->ssl3.hs.canFalseStart = PR_FALSE; /* False Start phase is complete */ | |
10921 | 11003 |
10922 /* Do the handshake callback for sslv3 here, if we cannot false start. */ | 11004 /* Call the handshake callback for sslv3 here, unless we called it already |
10923 if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { | 11005 * for the case where false start was done without a canFalseStartCallback. |
11006 */ | |
11007 if (ss->handshakeCallback != NULL && | |
11008 » !(falseStarted && !ss->canFalseStartCallback)) { | |
10924 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | 11009 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
10925 } | 11010 } |
10926 | 11011 |
11012 ss->ssl3.hs.ws = idle_handshake; | |
wtc
2013/09/18 22:57:23
I will ask Brian if it's important to set ss->ssl3
| |
10927 return SECSuccess; | 11013 return SECSuccess; |
10928 } | 11014 } |
10929 | 11015 |
10930 /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3 | 11016 /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3 |
10931 * hanshake message. | 11017 * hanshake message. |
10932 * Caller must hold Handshake and RecvBuf locks. | 11018 * Caller must hold Handshake and RecvBuf locks. |
10933 */ | 11019 */ |
10934 SECStatus | 11020 SECStatus |
10935 ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) | 11021 ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
10936 { | 11022 { |
(...skipping 1454 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12391 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12477 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
12392 } | 12478 } |
12393 } | 12479 } |
12394 | 12480 |
12395 ss->ssl3.initialized = PR_FALSE; | 12481 ss->ssl3.initialized = PR_FALSE; |
12396 | 12482 |
12397 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12483 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
12398 } | 12484 } |
12399 | 12485 |
12400 /* End of ssl3con.c */ | 12486 /* End of ssl3con.c */ |
OLD | NEW |