OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 3657 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3668 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | 3668 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
3669 return SECFailure; | 3669 return SECFailure; |
3670 } | 3670 } |
3671 ss->ssl3.hs.hashType = handshake_hash_single; | 3671 ss->ssl3.hs.hashType = handshake_hash_single; |
3672 | 3672 |
3673 if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { | 3673 if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { |
3674 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3674 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
3675 return SECFailure; | 3675 return SECFailure; |
3676 } | 3676 } |
3677 | 3677 |
3678 #ifdef _WIN32 | |
3679 /* A backup SHA-1 hash for a potential client auth signature. */ | 3678 /* A backup SHA-1 hash for a potential client auth signature. */ |
3680 if (!ss->sec.isServer) { | 3679 if (!ss->sec.isServer) { |
3681 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_SHA1); | 3680 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_SHA1); |
3682 if (ss->ssl3.hs.md5 == NULL) { | 3681 if (ss->ssl3.hs.md5 == NULL) { |
3683 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | 3682 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
3684 return SECFailure; | 3683 return SECFailure; |
3685 } | 3684 } |
3686 | 3685 |
3687 if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) { | 3686 if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) { |
3688 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | 3687 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
3689 return SECFailure; | 3688 return SECFailure; |
3690 } | 3689 } |
3691 } | 3690 } |
3692 #endif | |
3693 } else { | 3691 } else { |
3694 /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or | 3692 /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or |
3695 * created successfully. */ | 3693 * created successfully. */ |
3696 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5); | 3694 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5); |
3697 if (ss->ssl3.hs.md5 == NULL) { | 3695 if (ss->ssl3.hs.md5 == NULL) { |
3698 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | 3696 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); |
3699 return SECFailure; | 3697 return SECFailure; |
3700 } | 3698 } |
3701 ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1); | 3699 ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1); |
3702 if (ss->ssl3.hs.sha == NULL) { | 3700 if (ss->ssl3.hs.sha == NULL) { |
(...skipping 3076 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6779 } | 6777 } |
6780 if (ss->ssl3.platformClientKey) { | 6778 if (ss->ssl3.platformClientKey) { |
6781 ssl_FreePlatformKey(ss->ssl3.platformClientKey); | 6779 ssl_FreePlatformKey(ss->ssl3.platformClientKey); |
6782 ss->ssl3.platformClientKey = (PlatformKey)NULL; | 6780 ss->ssl3.platformClientKey = (PlatformKey)NULL; |
6783 } | 6781 } |
6784 goto send_no_certificate; | 6782 goto send_no_certificate; |
6785 } | 6783 } |
6786 | 6784 |
6787 if (isTLS12 && ss->ssl3.hs.md5) { | 6785 if (isTLS12 && ss->ssl3.hs.md5) { |
6788 PRBool need_backup_hash = PR_FALSE; | 6786 PRBool need_backup_hash = PR_FALSE; |
| 6787 PRBool prefer_sha1 = PR_FALSE; |
6789 #ifdef _WIN32 | 6788 #ifdef _WIN32 |
6790 /* If the key is in CAPI, assume conservatively that the CAPI | 6789 /* If the key is in CAPI, assume conservatively that the CAPI |
6791 * service provider may be unable to sign SHA-256 hashes. | 6790 * service provider may be unable to sign SHA-256 hashes. |
6792 » » * Use SHA-1 if the server supports it. */ | 6791 » » */ |
6793 if (ss->ssl3.platformClientKey->dwKeySpec != | 6792 if (ss->ssl3.platformClientKey->dwKeySpec != |
6794 CERT_NCRYPT_KEY_SPEC) { | 6793 CERT_NCRYPT_KEY_SPEC) { |
| 6794 /* CAPI only supports RSA and DSA signatures, so we don't |
| 6795 * need to check the key type. */ |
| 6796 prefer_sha1 = PR_TRUE; |
| 6797 } |
| 6798 #endif /* _WIN32 */ |
| 6799 /* If the key is a 1024-bit RSA or DSA key, assume |
| 6800 * conservatively that it may be unable to sign SHA-256 |
| 6801 * hashes. This is the case for older Estonian ID cards that |
| 6802 * have 1024-bit RSA keys. In FIPS 186-2 and older, DSA key |
| 6803 * size is at most 1024 bits and the hash function must be |
| 6804 * SHA-1. |
| 6805 */ |
| 6806 if (!prefer_sha1) { |
| 6807 SECKEYPublicKey *pubk = |
| 6808 CERT_ExtractPublicKey(ss->ssl3.clientCertificate); |
| 6809 if (pubk == NULL) { |
| 6810 errCode = SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE; |
| 6811 goto loser; |
| 6812 } |
| 6813 if (pubk->keyType == rsaKey || pubk->keyType == dsaKey) { |
| 6814 prefer_sha1 = SECKEY_PublicKeyStrength(pubk) <= 128; |
| 6815 } |
| 6816 SECKEY_DestroyPublicKey(pubk); |
| 6817 } |
| 6818 /* Use SHA-1 if the server supports it. */ |
| 6819 if (prefer_sha1) { |
6795 for (i = 0; i < algorithms.len; i += 2) { | 6820 for (i = 0; i < algorithms.len; i += 2) { |
6796 /* CAPI only supports RSA and DSA signatures. */ | |
6797 if (algorithms.data[i] == tls_hash_sha1 && | 6821 if (algorithms.data[i] == tls_hash_sha1 && |
6798 (algorithms.data[i+1] == tls_sig_rsa || | 6822 (algorithms.data[i+1] == tls_sig_rsa || |
6799 algorithms.data[i+1] == tls_sig_dsa)) { | 6823 algorithms.data[i+1] == tls_sig_dsa)) { |
6800 need_backup_hash = PR_TRUE; | 6824 need_backup_hash = PR_TRUE; |
6801 break; | 6825 break; |
6802 } | 6826 } |
6803 } | 6827 } |
6804 } | 6828 } |
6805 #endif /* _WIN32 */ | |
6806 if (!need_backup_hash) { | 6829 if (!need_backup_hash) { |
6807 PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE); | 6830 PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE); |
6808 ss->ssl3.hs.md5 = NULL; | 6831 ss->ssl3.hs.md5 = NULL; |
6809 } | 6832 } |
6810 } | 6833 } |
6811 break; /* not an error */ | 6834 break; /* not an error */ |
6812 } | 6835 } |
6813 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 6836 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
6814 /* check what the callback function returned */ | 6837 /* check what the callback function returned */ |
6815 if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) { | 6838 if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) { |
(...skipping 5238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
12054 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12077 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
12055 } | 12078 } |
12056 } | 12079 } |
12057 | 12080 |
12058 ss->ssl3.initialized = PR_FALSE; | 12081 ss->ssl3.initialized = PR_FALSE; |
12059 | 12082 |
12060 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12083 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
12061 } | 12084 } |
12062 | 12085 |
12063 /* End of ssl3con.c */ | 12086 /* End of ssl3con.c */ |
OLD | NEW |