OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 786 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
797 } | 797 } |
798 } | 798 } |
799 PORT_Assert(numPresent > 0 || numEnabled == 0); | 799 PORT_Assert(numPresent > 0 || numEnabled == 0); |
800 if (numPresent <= 0) { | 800 if (numPresent <= 0) { |
801 PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED); | 801 PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED); |
802 } | 802 } |
803 return numPresent; | 803 return numPresent; |
804 } | 804 } |
805 | 805 |
806 | 806 |
807 /* return PR_TRUE if suite matches policy and enabled state */ | 807 /* return PR_TRUE if suite matches policy, enabled state and is applicable to |
808 * the given version. */ | |
wtc
2013/09/24 17:17:46
I think this is correct for the server side but wr
agl
2013/09/24 18:58:22
That's a very good point, thanks for that.
Have c
| |
808 /* It would be a REALLY BAD THING (tm) if we ever permitted the use | 809 /* It would be a REALLY BAD THING (tm) if we ever permitted the use |
809 ** of a cipher that was NOT_ALLOWED. So, if this is ever called with | 810 ** of a cipher that was NOT_ALLOWED. So, if this is ever called with |
810 ** policy == SSL_NOT_ALLOWED, report no match. | 811 ** policy == SSL_NOT_ALLOWED, report no match. |
811 */ | 812 */ |
812 /* adjust suite enabled to the availability of a token that can do the | 813 /* adjust suite enabled to the availability of a token that can do the |
813 * cipher suite. */ | 814 * cipher suite. */ |
814 static PRBool | 815 static PRBool |
815 config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled) | 816 config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled, |
817 » PRUint16 version) | |
816 { | 818 { |
817 PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE); | 819 PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE); |
818 if (policy == SSL_NOT_ALLOWED || !enabled) | 820 if (policy == SSL_NOT_ALLOWED || !enabled) |
819 return PR_FALSE; | 821 return PR_FALSE; |
820 return (PRBool)(suite->enabled && | 822 return (PRBool)(suite->enabled && |
821 suite->isPresent && | 823 suite->isPresent && |
822 suite->policy != SSL_NOT_ALLOWED && | 824 suite->policy != SSL_NOT_ALLOWED && |
823 » » suite->policy <= policy); | 825 » » suite->policy <= policy && |
826 » » ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, | |
827 » » » » » » version)); | |
824 } | 828 } |
825 | 829 |
826 /* return number of cipher suites that match policy and enabled state */ | 830 /* return number of cipher suites that match policy, enabled state and are |
831 * applicable for the given protocol version. */ | |
827 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ | 832 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ |
828 static int | 833 static int |
829 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) | 834 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled, |
835 » » PRUint16 version) | |
830 { | 836 { |
831 int i, count = 0; | 837 int i, count = 0; |
832 | 838 |
833 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { | 839 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
834 return 0; | 840 return 0; |
835 } | 841 } |
836 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 842 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
837 » if (config_match(&ss->cipherSuites[i], policy, enabled)) | 843 » if (config_match(&ss->cipherSuites[i], policy, enabled, version)) |
838 count++; | 844 count++; |
839 } | 845 } |
840 if (count <= 0) { | 846 if (count <= 0) { |
841 PORT_SetError(SSL_ERROR_SSL_DISABLED); | 847 PORT_SetError(SSL_ERROR_SSL_DISABLED); |
842 } | 848 } |
843 return count; | 849 return count; |
844 } | 850 } |
845 | 851 |
846 /* | 852 /* |
847 * Null compression, mac and encryption functions | 853 * Null compression, mac and encryption functions |
(...skipping 4349 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5197 | 5203 |
5198 if (IS_DTLS(ss)) { | 5204 if (IS_DTLS(ss)) { |
5199 ssl3_DisableNonDTLSSuites(ss); | 5205 ssl3_DisableNonDTLSSuites(ss); |
5200 } | 5206 } |
5201 | 5207 |
5202 if (!ssl3_HasGCMSupport()) { | 5208 if (!ssl3_HasGCMSupport()) { |
5203 ssl3_DisableGCMSuites(ss); | 5209 ssl3_DisableGCMSuites(ss); |
5204 } | 5210 } |
5205 | 5211 |
5206 /* how many suites are permitted by policy and user preference? */ | 5212 /* how many suites are permitted by policy and user preference? */ |
5207 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); | 5213 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE, |
5214 » » » » ss->version); | |
5208 if (!num_suites) | 5215 if (!num_suites) |
5209 return SECFailure; /* count_cipher_suites has set error code. */ | 5216 return SECFailure; /* count_cipher_suites has set error code. */ |
5210 if (ss->ssl3.hs.sendingSCSV) { | 5217 if (ss->ssl3.hs.sendingSCSV) { |
5211 ++num_suites; /* make room for SCSV */ | 5218 ++num_suites; /* make room for SCSV */ |
5212 } | 5219 } |
5213 | 5220 |
5214 /* count compression methods */ | 5221 /* count compression methods */ |
5215 numCompressionMethods = 0; | 5222 numCompressionMethods = 0; |
5216 for (i = 0; i < compressionMethodsCount; i++) { | 5223 for (i = 0; i < compressionMethodsCount; i++) { |
5217 if (compressionEnabled(ss, compressions[i])) | 5224 if (compressionEnabled(ss, compressions[i])) |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5287 /* Add the actual SCSV */ | 5294 /* Add the actual SCSV */ |
5288 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, | 5295 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, |
5289 sizeof(ssl3CipherSuite)); | 5296 sizeof(ssl3CipherSuite)); |
5290 if (rv != SECSuccess) { | 5297 if (rv != SECSuccess) { |
5291 return rv; /* err set by ssl3_AppendHandshake* */ | 5298 return rv; /* err set by ssl3_AppendHandshake* */ |
5292 } | 5299 } |
5293 actual_count++; | 5300 actual_count++; |
5294 } | 5301 } |
5295 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 5302 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
5296 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 5303 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
5297 » if (config_match(suite, ss->ssl3.policy, PR_TRUE)) { | 5304 » if (config_match(suite, ss->ssl3.policy, PR_TRUE, ss->version)) { |
5298 actual_count++; | 5305 actual_count++; |
5299 if (actual_count > num_suites) { | 5306 if (actual_count > num_suites) { |
5300 /* set error card removal/insertion error */ | 5307 /* set error card removal/insertion error */ |
5301 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); | 5308 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); |
5302 return SECFailure; | 5309 return SECFailure; |
5303 } | 5310 } |
5304 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, | 5311 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, |
5305 sizeof(ssl3CipherSuite)); | 5312 sizeof(ssl3CipherSuite)); |
5306 if (rv != SECSuccess) { | 5313 if (rv != SECSuccess) { |
5307 return rv; /* err set by ssl3_AppendHandshake* */ | 5314 return rv; /* err set by ssl3_AppendHandshake* */ |
(...skipping 1044 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6352 | 6359 |
6353 /* find selected cipher suite in our list. */ | 6360 /* find selected cipher suite in our list. */ |
6354 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); | 6361 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
6355 if (temp < 0) { | 6362 if (temp < 0) { |
6356 goto loser; /* alert has been sent */ | 6363 goto loser; /* alert has been sent */ |
6357 } | 6364 } |
6358 ssl3_config_match_init(ss); | 6365 ssl3_config_match_init(ss); |
6359 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 6366 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
6360 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 6367 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
6361 if (temp == suite->cipher_suite) { | 6368 if (temp == suite->cipher_suite) { |
6362 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) { | 6369 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE, ss->version)) { |
6363 break; /* failure */ | 6370 break; /* failure */ |
6364 } | 6371 } |
6365 if (!ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, | |
6366 ss->version)) { | |
6367 desc = handshake_failure; | |
6368 errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION; | |
6369 goto alert_loser; | |
6370 } | |
6371 | 6372 |
6372 suite_found = PR_TRUE; | 6373 suite_found = PR_TRUE; |
6373 break; /* success */ | 6374 break; /* success */ |
6374 } | 6375 } |
6375 } | 6376 } |
6376 if (!suite_found) { | 6377 if (!suite_found) { |
6377 desc = handshake_failure; | 6378 desc = handshake_failure; |
6378 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 6379 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
6379 goto alert_loser; | 6380 goto alert_loser; |
6380 } | 6381 } |
(...skipping 1648 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8029 } | 8030 } |
8030 PORT_Assert(j > 0); | 8031 PORT_Assert(j > 0); |
8031 if (j <= 0) | 8032 if (j <= 0) |
8032 break; | 8033 break; |
8033 #ifdef PARANOID | 8034 #ifdef PARANOID |
8034 /* Double check that the cached cipher suite is still enabled, | 8035 /* Double check that the cached cipher suite is still enabled, |
8035 * implemented, and allowed by policy. Might have been disabled. | 8036 * implemented, and allowed by policy. Might have been disabled. |
8036 * The product policy won't change during the process lifetime. | 8037 * The product policy won't change during the process lifetime. |
8037 * Implemented ("isPresent") shouldn't change for servers. | 8038 * Implemented ("isPresent") shouldn't change for servers. |
8038 */ | 8039 */ |
8039 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) | 8040 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE, ss->version)) |
8040 break; | 8041 break; |
8041 #else | 8042 #else |
8042 if (!suite->enabled) | 8043 if (!suite->enabled) |
8043 break; | 8044 break; |
8044 #endif | 8045 #endif |
8045 /* Double check that the cached cipher suite is in the client's list */ | 8046 /* Double check that the cached cipher suite is in the client's list */ |
8046 for (i = 0; i + 1 < suites.len; i += 2) { | 8047 for (i = 0; i + 1 < suites.len; i += 2) { |
8047 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; | 8048 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; |
8048 if (suite_i == suite->cipher_suite) { | 8049 if (suite_i == suite->cipher_suite) { |
8049 ss->ssl3.hs.cipher_suite = suite->cipher_suite; | 8050 ss->ssl3.hs.cipher_suite = suite->cipher_suite; |
(...skipping 27 matching lines...) Expand all Loading... | |
8077 ** offered TLS 1.1 but offered only export cipher suites by choosing TLS | 8078 ** offered TLS 1.1 but offered only export cipher suites by choosing TLS |
8078 ** 1.0 and selecting one of those export cipher suites. However, a secure | 8079 ** 1.0 and selecting one of those export cipher suites. However, a secure |
8079 ** TLS 1.1 client should not have export cipher suites enabled at all, | 8080 ** TLS 1.1 client should not have export cipher suites enabled at all, |
8080 ** and a TLS 1.1 client should definitely not be offering *only* export | 8081 ** and a TLS 1.1 client should definitely not be offering *only* export |
8081 ** cipher suites. Therefore, we refuse to negotiate export cipher suites | 8082 ** cipher suites. Therefore, we refuse to negotiate export cipher suites |
8082 ** with any client that indicates support for TLS 1.1 or higher when we | 8083 ** with any client that indicates support for TLS 1.1 or higher when we |
8083 ** (the server) have TLS 1.1 support enabled. | 8084 ** (the server) have TLS 1.1 support enabled. |
8084 */ | 8085 */ |
8085 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { | 8086 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
8086 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; | 8087 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; |
8087 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE) || | 8088 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE, ss->version)) { |
8088 » !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, | |
8089 » » » » » ss->version)) { | |
8090 continue; | 8089 continue; |
8091 } | 8090 } |
8092 for (i = 0; i + 1 < suites.len; i += 2) { | 8091 for (i = 0; i + 1 < suites.len; i += 2) { |
8093 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; | 8092 PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; |
8094 if (suite_i == suite->cipher_suite) { | 8093 if (suite_i == suite->cipher_suite) { |
8095 ss->ssl3.hs.cipher_suite = suite->cipher_suite; | 8094 ss->ssl3.hs.cipher_suite = suite->cipher_suite; |
8096 ss->ssl3.hs.suite_def = | 8095 ss->ssl3.hs.suite_def = |
8097 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); | 8096 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); |
8098 goto suite_found; | 8097 goto suite_found; |
8099 } | 8098 } |
(...skipping 512 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8612 | 8611 |
8613 /* Select a cipher suite. | 8612 /* Select a cipher suite. |
8614 ** | 8613 ** |
8615 ** NOTE: This suite selection algorithm should be the same as the one in | 8614 ** NOTE: This suite selection algorithm should be the same as the one in |
8616 ** ssl3_HandleClientHello(). | 8615 ** ssl3_HandleClientHello(). |
8617 ** | 8616 ** |
8618 ** See the comments about export cipher suites in ssl3_HandleClientHello(). | 8617 ** See the comments about export cipher suites in ssl3_HandleClientHello(). |
8619 */ | 8618 */ |
8620 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { | 8619 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
8621 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; | 8620 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; |
8622 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE) || | 8621 » if (!config_match(suite, ss->ssl3.policy, PR_TRUE, ss->version)) { |
8623 » !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, | |
8624 » » » » » ss->version)) { | |
8625 continue; | 8622 continue; |
8626 } | 8623 } |
8627 for (i = 0; i+2 < suite_length; i += 3) { | 8624 for (i = 0; i+2 < suite_length; i += 3) { |
8628 PRUint32 suite_i = (suites[i] << 16)|(suites[i+1] << 8)|suites[i+2]; | 8625 PRUint32 suite_i = (suites[i] << 16)|(suites[i+1] << 8)|suites[i+2]; |
8629 if (suite_i == suite->cipher_suite) { | 8626 if (suite_i == suite->cipher_suite) { |
8630 ss->ssl3.hs.cipher_suite = suite->cipher_suite; | 8627 ss->ssl3.hs.cipher_suite = suite->cipher_suite; |
8631 ss->ssl3.hs.suite_def = | 8628 ss->ssl3.hs.suite_def = |
8632 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); | 8629 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); |
8633 goto suite_found; | 8630 goto suite_found; |
8634 } | 8631 } |
(...skipping 3675 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12310 PORT_Assert(ss != 0); | 12307 PORT_Assert(ss != 0); |
12311 if (!ss) { | 12308 if (!ss) { |
12312 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); | 12309 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); |
12313 return SECFailure; | 12310 return SECFailure; |
12314 } | 12311 } |
12315 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { | 12312 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
12316 *size = 0; | 12313 *size = 0; |
12317 return SECSuccess; | 12314 return SECSuccess; |
12318 } | 12315 } |
12319 if (cs == NULL) { | 12316 if (cs == NULL) { |
12320 » *size = count_cipher_suites(ss, SSL_ALLOWED, PR_TRUE); | 12317 » *size = count_cipher_suites(ss, SSL_ALLOWED, PR_TRUE, ss->vrange.max); |
agl
2013/09/23 18:39:10
I am somewhat unsure about this (and on line 12324
wtc
2013/09/24 17:24:13
Your analysis is correct. At this point, some SSL
| |
12321 return SECSuccess; | 12318 return SECSuccess; |
12322 } | 12319 } |
12323 | 12320 |
12324 /* ssl3_config_match_init was called by the caller of this function. */ | 12321 /* ssl3_config_match_init was called by the caller of this function. */ |
12325 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 12322 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
12326 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 12323 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
12327 » if (config_match(suite, SSL_ALLOWED, PR_TRUE)) { | 12324 » if (config_match(suite, SSL_ALLOWED, PR_TRUE, ss->vrange.max)) { |
12328 if (cs != NULL) { | 12325 if (cs != NULL) { |
12329 *cs++ = 0x00; | 12326 *cs++ = 0x00; |
12330 *cs++ = (suite->cipher_suite >> 8) & 0xFF; | 12327 *cs++ = (suite->cipher_suite >> 8) & 0xFF; |
12331 *cs++ = suite->cipher_suite & 0xFF; | 12328 *cs++ = suite->cipher_suite & 0xFF; |
12332 } | 12329 } |
12333 count++; | 12330 count++; |
12334 } | 12331 } |
12335 } | 12332 } |
12336 *size = count; | 12333 *size = count; |
12337 return SECSuccess; | 12334 return SECSuccess; |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12455 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12452 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
12456 } | 12453 } |
12457 } | 12454 } |
12458 | 12455 |
12459 ss->ssl3.initialized = PR_FALSE; | 12456 ss->ssl3.initialized = PR_FALSE; |
12460 | 12457 |
12461 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12458 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
12462 } | 12459 } |
12463 | 12460 |
12464 /* End of ssl3con.c */ | 12461 /* End of ssl3con.c */ |
OLD | NEW |