OLD | NEW |
1 /* | 1 /* |
2 * Various SSL functions. | 2 * Various SSL functions. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 #include "cert.h" | 7 #include "cert.h" |
8 #include "secitem.h" | 8 #include "secitem.h" |
9 #include "keyhi.h" | 9 #include "keyhi.h" |
10 #include "ssl.h" | 10 #include "ssl.h" |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
101 ss->gs.recordLen = 0; | 101 ss->gs.recordLen = 0; |
102 ssl_ReleaseRecvBufLock(ss); | 102 ssl_ReleaseRecvBufLock(ss); |
103 | 103 |
104 SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", | 104 SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", |
105 SSL_GETPID(), ss->fd)); | 105 SSL_GETPID(), ss->fd)); |
106 /* call handshake callback for ssl v2 */ | 106 /* call handshake callback for ssl v2 */ |
107 /* for v3 this is done in ssl3_HandleFinished() */ | 107 /* for v3 this is done in ssl3_HandleFinished() */ |
108 if ((ss->handshakeCallback != NULL) && /* has callback */ | 108 if ((ss->handshakeCallback != NULL) && /* has callback */ |
109 (!ss->firstHsDone) && /* only first time */ | 109 (!ss->firstHsDone) && /* only first time */ |
110 (ss->version < SSL_LIBRARY_VERSION_3_0)) { /* not ssl3 */ | 110 (ss->version < SSL_LIBRARY_VERSION_3_0)) { /* not ssl3 */ |
111 » » ss->firstHsDone = PR_TRUE; | 111 » » ss->firstHsDone = PR_TRUE; |
| 112 » » ss->enoughFirstHsDone = PR_TRUE; |
112 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | 113 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
113 } | 114 } |
114 » ss->firstHsDone = PR_TRUE; | 115 » ss->firstHsDone = PR_TRUE; |
| 116 » ss->enoughFirstHsDone = PR_TRUE; |
115 ss->gs.writeOffset = 0; | 117 ss->gs.writeOffset = 0; |
116 ss->gs.readOffset = 0; | 118 ss->gs.readOffset = 0; |
117 break; | 119 break; |
118 } | 120 } |
119 rv = (*ss->handshake)(ss); | 121 rv = (*ss->handshake)(ss); |
120 ++loopCount; | 122 ++loopCount; |
121 /* This code must continue to loop on SECWouldBlock, | 123 /* This code must continue to loop on SECWouldBlock, |
122 * or any positive value. See XXX_1 comments. | 124 * or any positive value. See XXX_1 comments. |
123 */ | 125 */ |
124 } while (rv != SECFailure); /* was (rv >= 0); XXX_1 */ | 126 } while (rv != SECFailure); /* was (rv >= 0); XXX_1 */ |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
199 if (!ss->opt.useSecurity) | 201 if (!ss->opt.useSecurity) |
200 return SECSuccess; | 202 return SECSuccess; |
201 | 203 |
202 SSL_LOCK_READER(ss); | 204 SSL_LOCK_READER(ss); |
203 SSL_LOCK_WRITER(ss); | 205 SSL_LOCK_WRITER(ss); |
204 | 206 |
205 /* Reset handshake state */ | 207 /* Reset handshake state */ |
206 ssl_Get1stHandshakeLock(ss); | 208 ssl_Get1stHandshakeLock(ss); |
207 | 209 |
208 ss->firstHsDone = PR_FALSE; | 210 ss->firstHsDone = PR_FALSE; |
| 211 ss->enoughFirstHsDone = PR_FALSE; |
209 if ( asServer ) { | 212 if ( asServer ) { |
210 ss->handshake = ssl2_BeginServerHandshake; | 213 ss->handshake = ssl2_BeginServerHandshake; |
211 ss->handshaking = sslHandshakingAsServer; | 214 ss->handshaking = sslHandshakingAsServer; |
212 } else { | 215 } else { |
213 ss->handshake = ssl2_BeginClientHandshake; | 216 ss->handshake = ssl2_BeginClientHandshake; |
214 ss->handshaking = sslHandshakingAsClient; | 217 ss->handshaking = sslHandshakingAsClient; |
215 } | 218 } |
216 ss->nextHandshake = 0; | 219 ss->nextHandshake = 0; |
217 ss->securityHandshake = 0; | 220 ss->securityHandshake = 0; |
218 | 221 |
219 ssl_GetRecvBufLock(ss); | 222 ssl_GetRecvBufLock(ss); |
220 status = ssl_InitGather(&ss->gs); | 223 status = ssl_InitGather(&ss->gs); |
221 ssl_ReleaseRecvBufLock(ss); | 224 ssl_ReleaseRecvBufLock(ss); |
222 | 225 |
223 ssl_GetSSL3HandshakeLock(ss); | 226 ssl_GetSSL3HandshakeLock(ss); |
| 227 ss->ssl3.hs.canFalseStart = PR_FALSE; |
| 228 ss->ssl3.hs.restartTarget = NULL; |
224 | 229 |
225 /* | 230 /* |
226 ** Blow away old security state and get a fresh setup. | 231 ** Blow away old security state and get a fresh setup. |
227 */ | 232 */ |
228 ssl_GetXmitBufLock(ss); | 233 ssl_GetXmitBufLock(ss); |
229 ssl_ResetSecurityInfo(&ss->sec, PR_TRUE); | 234 ssl_ResetSecurityInfo(&ss->sec, PR_TRUE); |
230 status = ssl_CreateSecurityInfo(ss); | 235 status = ssl_CreateSecurityInfo(ss); |
231 ssl_ReleaseXmitBufLock(ss); | 236 ssl_ReleaseXmitBufLock(ss); |
232 | 237 |
233 ssl_ReleaseSSL3HandshakeLock(ss); | 238 ssl_ReleaseSSL3HandshakeLock(ss); |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
324 | 329 |
325 ss->handshakeCallback = cb; | 330 ss->handshakeCallback = cb; |
326 ss->handshakeCallbackData = client_data; | 331 ss->handshakeCallbackData = client_data; |
327 | 332 |
328 ssl_ReleaseSSL3HandshakeLock(ss); | 333 ssl_ReleaseSSL3HandshakeLock(ss); |
329 ssl_Release1stHandshakeLock(ss); | 334 ssl_Release1stHandshakeLock(ss); |
330 | 335 |
331 return SECSuccess; | 336 return SECSuccess; |
332 } | 337 } |
333 | 338 |
| 339 /* Register an application callback to be called when false start may happen. |
| 340 ** Acquires and releases HandshakeLock. |
| 341 */ |
| 342 SECStatus |
| 343 SSL_SetCanFalseStartCallback(PRFileDesc *fd, SSLCanFalseStartCallback cb, |
| 344 void *client_data) |
| 345 { |
| 346 sslSocket *ss; |
| 347 |
| 348 ss = ssl_FindSocket(fd); |
| 349 if (!ss) { |
| 350 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCanFalseStartCallback", |
| 351 SSL_GETPID(), fd)); |
| 352 return SECFailure; |
| 353 } |
| 354 |
| 355 if (!ss->opt.useSecurity) { |
| 356 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 357 return SECFailure; |
| 358 } |
| 359 |
| 360 ssl_Get1stHandshakeLock(ss); |
| 361 ssl_GetSSL3HandshakeLock(ss); |
| 362 |
| 363 ss->canFalseStartCallback = cb; |
| 364 ss->canFalseStartCallbackData = client_data; |
| 365 |
| 366 ssl_ReleaseSSL3HandshakeLock(ss); |
| 367 ssl_Release1stHandshakeLock(ss); |
| 368 |
| 369 return SECSuccess; |
| 370 } |
| 371 |
| 372 /* A utility function that can be called from a custom CanFalseStartCallback |
| 373 ** function to determine what NSS would have done for this connection if the |
| 374 ** custom callback was not implemented. |
| 375 */ |
| 376 SECStatus |
| 377 SSL_DefaultCanFalseStart(PRFileDesc *fd, PRBool *canFalseStart) |
| 378 { |
| 379 sslSocket *ss; |
| 380 *canFalseStart = PR_FALSE; |
| 381 ss = ssl_FindSocket(fd); |
| 382 if (!ss) { |
| 383 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DefaultCanFalseStart", |
| 384 SSL_GETPID(), fd)); |
| 385 return SECFailure; |
| 386 } |
| 387 |
| 388 if (!ss->ssl3.initialized) { |
| 389 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); |
| 390 return SECFailure; |
| 391 } |
| 392 |
| 393 if (ss->version <= SSL_LIBRARY_VERSION_3_0) { |
| 394 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION); |
| 395 return SECFailure; |
| 396 } |
| 397 |
| 398 /* Require a forward-secret key exchange. */ |
| 399 *canFalseStart = ss->ssl3.hs.kea_def->kea == kea_dhe_dss || |
| 400 ss->ssl3.hs.kea_def->kea == kea_dhe_rsa || |
| 401 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || |
| 402 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa; |
| 403 |
| 404 return SECSuccess; |
| 405 } |
| 406 |
334 /* Try to make progress on an SSL handshake by attempting to read the | 407 /* Try to make progress on an SSL handshake by attempting to read the |
335 ** next handshake from the peer, and sending any responses. | 408 ** next handshake from the peer, and sending any responses. |
336 ** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK if it cannot | 409 ** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK if it cannot |
337 ** read the next handshake from the underlying socket. | 410 ** read the next handshake from the underlying socket. |
338 ** For SSLv2, returns when handshake is complete or fatal error occurs. | 411 ** For SSLv2, returns when handshake is complete or fatal error occurs. |
339 ** For SSLv3, returns when handshake is complete, or application data has | 412 ** For SSLv3, returns when handshake is complete, or application data has |
340 ** arrived that must be taken by application before handshake can continue, | 413 ** arrived that must be taken by application before handshake can continue, |
341 ** or a fatal error occurs. | 414 ** or a fatal error occurs. |
342 ** Application should use handshake completion callback to tell which. | 415 ** Application should use handshake completion callback to tell which. |
343 */ | 416 */ |
(...skipping 844 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1188 } | 1261 } |
1189 | 1262 |
1190 if (len > 0) | 1263 if (len > 0) |
1191 ss->writerThread = PR_GetCurrentThread(); | 1264 ss->writerThread = PR_GetCurrentThread(); |
1192 /* If any of these is non-zero, the initial handshake is not done. */ | 1265 /* If any of these is non-zero, the initial handshake is not done. */ |
1193 if (!ss->firstHsDone) { | 1266 if (!ss->firstHsDone) { |
1194 PRBool canFalseStart = PR_FALSE; | 1267 PRBool canFalseStart = PR_FALSE; |
1195 ssl_Get1stHandshakeLock(ss); | 1268 ssl_Get1stHandshakeLock(ss); |
1196 if (ss->version >= SSL_LIBRARY_VERSION_3_0) { | 1269 if (ss->version >= SSL_LIBRARY_VERSION_3_0) { |
1197 ssl_GetSSL3HandshakeLock(ss); | 1270 ssl_GetSSL3HandshakeLock(ss); |
1198 » if ((ss->ssl3.hs.ws == wait_change_cipher || | 1271 » canFalseStart = ss->ssl3.hs.canFalseStart; |
1199 » » ss->ssl3.hs.ws == wait_finished || | |
1200 » » ss->ssl3.hs.ws == wait_new_session_ticket) && | |
1201 » » ssl3_CanFalseStart(ss)) { | |
1202 » » canFalseStart = PR_TRUE; | |
1203 » } | |
1204 ssl_ReleaseSSL3HandshakeLock(ss); | 1272 ssl_ReleaseSSL3HandshakeLock(ss); |
1205 } | 1273 } |
1206 if (!canFalseStart && | 1274 if (!canFalseStart && |
1207 (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { | 1275 (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { |
1208 rv = ssl_Do1stHandshake(ss); | 1276 rv = ssl_Do1stHandshake(ss); |
1209 } | 1277 } |
1210 ssl_Release1stHandshakeLock(ss); | 1278 ssl_Release1stHandshakeLock(ss); |
1211 } | 1279 } |
1212 if (rv < 0) { | 1280 if (rv < 0) { |
1213 ss->writerThread = NULL; | 1281 ss->writerThread = NULL; |
(...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1589 if (!ss) { | 1657 if (!ss) { |
1590 SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook", | 1658 SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook", |
1591 SSL_GETPID(), fd)); | 1659 SSL_GETPID(), fd)); |
1592 return SECFailure; | 1660 return SECFailure; |
1593 } | 1661 } |
1594 | 1662 |
1595 ss->sniSocketConfig = func; | 1663 ss->sniSocketConfig = func; |
1596 ss->sniSocketConfigArg = arg; | 1664 ss->sniSocketConfigArg = arg; |
1597 return SECSuccess; | 1665 return SECSuccess; |
1598 } | 1666 } |
OLD | NEW |