OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 2872 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2883 PRInt32 flags) | 2883 PRInt32 flags) |
2884 { | 2884 { |
2885 sslBuffer * wrBuf = &ss->sec.writeBuf; | 2885 sslBuffer * wrBuf = &ss->sec.writeBuf; |
2886 SECStatus rv; | 2886 SECStatus rv; |
2887 PRInt32 totalSent = 0; | 2887 PRInt32 totalSent = 0; |
2888 PRBool capRecordVersion; | 2888 PRBool capRecordVersion; |
2889 | 2889 |
2890 SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d", | 2890 SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d", |
2891 SSL_GETPID(), ss->fd, ssl3_DecodeContentType(type), | 2891 SSL_GETPID(), ss->fd, ssl3_DecodeContentType(type), |
2892 nIn)); | 2892 nIn)); |
2893 PRINT_BUF(3, (ss, "Send record (plain text)", pIn, nIn)); | 2893 PRINT_BUF(50, (ss, "Send record (plain text)", pIn, nIn)); |
2894 | 2894 |
2895 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | 2895 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
2896 | 2896 |
2897 capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0); | 2897 capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0); |
2898 | 2898 |
2899 if (capRecordVersion) { | 2899 if (capRecordVersion) { |
2900 /* ssl_SEND_FLAG_CAP_RECORD_VERSION can only be used with the | 2900 /* ssl_SEND_FLAG_CAP_RECORD_VERSION can only be used with the |
2901 * TLS initial ClientHello. */ | 2901 * TLS initial ClientHello. */ |
2902 PORT_Assert(!IS_DTLS(ss)); | 2902 PORT_Assert(!IS_DTLS(ss)); |
2903 PORT_Assert(!ss->firstHsDone); | 2903 PORT_Assert(!ss->firstHsDone); |
(...skipping 4433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7337 } | 7337 } |
7338 if (certChain) { | 7338 if (certChain) { |
7339 CERT_DestroyCertificateList(certChain); | 7339 CERT_DestroyCertificateList(certChain); |
7340 } | 7340 } |
7341 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 7341 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
7342 rv = SECFailure; | 7342 rv = SECFailure; |
7343 } | 7343 } |
7344 return rv; | 7344 return rv; |
7345 } | 7345 } |
7346 | 7346 |
7347 PRBool | 7347 static SECStatus |
7348 ssl3_CanFalseStart(sslSocket *ss) { | 7348 ssl3_CheckFalseStart(sslSocket *ss) |
7349 PRBool rv; | 7349 { |
7350 SECStatus rv; | |
7350 | 7351 |
7351 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 7352 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
7353 PORT_Assert( !ss->ssl3.hs.authCertificatePending ); | |
7352 | 7354 |
7353 /* XXX: does not take into account whether we are waiting for | 7355 if (ss->canFalseStartCallback) { |
7354 * SSL_AuthCertificateComplete or SSL_RestartHandshakeAfterCertReq. If/when | 7356 » PRBool maybeFalseStart; |
7355 * that is done, this function could return different results each time it | |
7356 * would be called. | |
7357 */ | |
7358 | 7357 |
7359 ssl_GetSpecReadLock(ss); | 7358 » /* An attacker can control the selected ciphersuite so we only wish to |
7360 rv = ss->opt.enableFalseStart && | 7359 » * do False Start in the case that the selected ciphersuite is |
7361 » !ss->sec.isServer && | 7360 » * sufficiently strong that the attack can gain no advantage. |
7362 » !ss->ssl3.hs.isResuming && | 7361 » * Therefore we always require an 80-bit cipher. */ |
7363 » ss->ssl3.cwSpec && | 7362 ssl_GetSpecReadLock(ss); |
7363 maybeFalseStart = ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10; | |
7364 ssl_ReleaseSpecReadLock(ss); | |
7364 | 7365 |
7365 » /* An attacker can control the selected ciphersuite so we only wish to | 7366 » if (maybeFalseStart) { |
7366 » * do False Start in the case that the selected ciphersuite is | 7367 » rv = (ss->canFalseStartCallback)(ss->fd, |
7367 » * sufficiently strong that the attack can gain no advantage. | 7368 » » » » » ss->canFalseStartCallbackData, |
7368 » * Therefore we require an 80-bit cipher and a forward-secret key | 7369 » » » » » &ss->ssl3.hs.canFalseStart); |
7369 » * exchange. */ | 7370 » if (rv == SECSuccess) { |
7370 » ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && | 7371 » » SSL_TRC(3, ("%d: SSL[%d]: false start callback returned %s", |
7371 » (ss->ssl3.hs.kea_def->kea == kea_dhe_dss || | 7372 » » » SSL_GETPID(), ss->fd, |
7372 » ss->ssl3.hs.kea_def->kea == kea_dhe_rsa || | 7373 » » » ss->ssl3.hs.canFalseStart ? "TRUE" : "FALSE")); |
7373 » ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || | 7374 » } else { |
7374 » ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa); | 7375 » » SSL_TRC(3, ("%d: SSL[%d]: false start callback failed (%s)", |
7375 ssl_ReleaseSpecReadLock(ss); | 7376 » » » SSL_GETPID(), ss->fd, |
7376 return rv; | 7377 » » » PR_ErrorToName(PR_GetError()))); |
7378 » } | |
7379 » return rv; | |
7380 » } | |
7381 } | |
7382 | |
7383 SSL_TRC(3, ("%d: SSL[%d]: no false start callback so no false start", | |
7384 » » SSL_GETPID(), ss->fd)); | |
7385 | |
7386 ss->ssl3.hs.canFalseStart = PR_FALSE; | |
7387 return SECSuccess; | |
wtc
2013/10/17 00:10:53
Nit: it seems better to handle the "no false start
briansmith
2013/10/17 01:42:40
Done.
| |
7377 } | 7388 } |
7378 | 7389 |
7379 static SECStatus ssl3_SendClientSecondRound(sslSocket *ss); | 7390 static SECStatus ssl3_SendClientSecondRound(sslSocket *ss); |
7380 | 7391 |
7381 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | 7392 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
7382 * ssl3 Server Hello Done message. | 7393 * ssl3 Server Hello Done message. |
7383 * Caller must hold Handshake and RecvBuf locks. | 7394 * Caller must hold Handshake and RecvBuf locks. |
7384 */ | 7395 */ |
7385 static SECStatus | 7396 static SECStatus |
7386 ssl3_HandleServerHelloDone(sslSocket *ss) | 7397 ssl3_HandleServerHelloDone(sslSocket *ss) |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7456 * before using the cipher specs agreed upon for that handshake for | 7467 * before using the cipher specs agreed upon for that handshake for |
7457 * application data. | 7468 * application data. |
7458 */ | 7469 */ |
7459 if (ss->ssl3.hs.restartTarget) { | 7470 if (ss->ssl3.hs.restartTarget) { |
7460 PR_NOT_REACHED("unexpected ss->ssl3.hs.restartTarget"); | 7471 PR_NOT_REACHED("unexpected ss->ssl3.hs.restartTarget"); |
7461 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 7472 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
7462 return SECFailure; | 7473 return SECFailure; |
7463 } | 7474 } |
7464 if (ss->ssl3.hs.authCertificatePending && | 7475 if (ss->ssl3.hs.authCertificatePending && |
7465 (sendClientCert || ss->ssl3.sendEmptyCert || ss->firstHsDone)) { | 7476 (sendClientCert || ss->ssl3.sendEmptyCert || ss->firstHsDone)) { |
7477 SSL_TRC(3, ("%d: SSL3[%p]: deferring ssl3_SendClientSecondRound because" | |
7478 " certificate authentication is still pending.", | |
7479 SSL_GETPID(), ss->fd)); | |
7466 ss->ssl3.hs.restartTarget = ssl3_SendClientSecondRound; | 7480 ss->ssl3.hs.restartTarget = ssl3_SendClientSecondRound; |
7467 return SECWouldBlock; | 7481 return SECWouldBlock; |
7468 } | 7482 } |
7469 | 7483 |
7470 ssl_GetXmitBufLock(ss); /*******************************/ | 7484 ssl_GetXmitBufLock(ss); /*******************************/ |
7471 | 7485 |
7472 if (ss->ssl3.sendEmptyCert) { | 7486 if (ss->ssl3.sendEmptyCert) { |
7473 ss->ssl3.sendEmptyCert = PR_FALSE; | 7487 ss->ssl3.sendEmptyCert = PR_FALSE; |
7474 rv = ssl3_SendEmptyCertificate(ss); | 7488 rv = ssl3_SendEmptyCertificate(ss); |
7475 /* Don't send verify */ | 7489 /* Don't send verify */ |
(...skipping 17 matching lines...) Expand all Loading... | |
7493 if (rv != SECSuccess) { | 7507 if (rv != SECSuccess) { |
7494 goto loser; /* err is set. */ | 7508 goto loser; /* err is set. */ |
7495 } | 7509 } |
7496 } | 7510 } |
7497 | 7511 |
7498 rv = ssl3_SendChangeCipherSpecs(ss); | 7512 rv = ssl3_SendChangeCipherSpecs(ss); |
7499 if (rv != SECSuccess) { | 7513 if (rv != SECSuccess) { |
7500 goto loser; /* err code was set. */ | 7514 goto loser; /* err code was set. */ |
7501 } | 7515 } |
7502 | 7516 |
7503 /* XXX: If the server's certificate hasn't been authenticated by this | 7517 /* This must be done after we've set ss->ssl3.cwSpec in |
7504 * point, then we may be leaking this NPN message to an attacker. | 7518 * ssl3_SendChangeCipherSpecs because SSL_GetChannelInfo uses information |
7519 * from cwSpec. This must be done before we call ssl3_CheckFalseStart | |
7520 * because the false start callback (if any) may need the information from | |
7521 * the functions that depend on this being set. | |
7505 */ | 7522 */ |
7523 ss->enoughFirstHsDone = PR_TRUE; | |
7524 | |
7506 if (!ss->firstHsDone) { | 7525 if (!ss->firstHsDone) { |
7526 /* XXX: If the server's certificate hasn't been authenticated by this | |
7527 * point, then we may be leaking this NPN message to an attacker. | |
7528 */ | |
7507 rv = ssl3_SendNextProto(ss); | 7529 rv = ssl3_SendNextProto(ss); |
7508 if (rv != SECSuccess) { | 7530 if (rv != SECSuccess) { |
7509 goto loser; /* err code was set. */ | 7531 goto loser; /* err code was set. */ |
7510 } | 7532 } |
7511 } | 7533 } |
7534 | |
7512 rv = ssl3_SendEncryptedExtensions(ss); | 7535 rv = ssl3_SendEncryptedExtensions(ss); |
7513 if (rv != SECSuccess) { | 7536 if (rv != SECSuccess) { |
7514 goto loser; /* err code was set. */ | 7537 goto loser; /* err code was set. */ |
7515 } | 7538 } |
7516 | 7539 |
7540 if (!ss->firstHsDone) { | |
7541 if (ss->opt.enableFalseStart) { | |
7542 if (!ss->ssl3.hs.authCertificatePending) { | |
7543 /* When we fix bug 589047, we will need to know whether we are | |
7544 * false starting before we try to flush the client second | |
7545 * round to the network. With that in mind, we purposefully | |
7546 * call ssl3_CheckFalseStart before calling ssl3_SendFinished, | |
7547 * which includes a call to ssl3_FlushHandshake, so that | |
7548 * no application develops a reliance on such flushing being | |
7549 * done before its false start callback is called. | |
7550 */ | |
7551 ssl_ReleaseXmitBufLock(ss); | |
7552 rv = ssl3_CheckFalseStart(ss); | |
7553 ssl_GetXmitBufLock(ss); | |
7554 if (rv != SECSuccess) { | |
7555 goto loser; | |
7556 } | |
7557 } else { | |
7558 /* The certificate authentication and the server's Finished | |
7559 * message are racing each other. If the certificate | |
7560 * authentication wins, then we will try to false start in | |
7561 * ssl3_AuthCertificateComplete. | |
7562 */ | |
7563 SSL_TRC(3, ("%d: SSL3[%p]: deferring false start check because" | |
7564 " certificate authentication is still pending.", | |
7565 SSL_GETPID(), ss->fd)); | |
7566 } | |
7567 } | |
7568 } | |
7569 | |
7517 rv = ssl3_SendFinished(ss, 0); | 7570 rv = ssl3_SendFinished(ss, 0); |
7518 if (rv != SECSuccess) { | 7571 if (rv != SECSuccess) { |
7519 goto loser; /* err code was set. */ | 7572 goto loser; /* err code was set. */ |
7520 } | 7573 } |
7521 | 7574 |
7522 ssl_ReleaseXmitBufLock(ss); /*******************************/ | 7575 ssl_ReleaseXmitBufLock(ss); /*******************************/ |
7523 | 7576 |
7524 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) | 7577 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) |
7525 ss->ssl3.hs.ws = wait_new_session_ticket; | 7578 ss->ssl3.hs.ws = wait_new_session_ticket; |
7526 else | 7579 else |
7527 ss->ssl3.hs.ws = wait_change_cipher; | 7580 ss->ssl3.hs.ws = wait_change_cipher; |
7528 | 7581 |
7529 /* Do the handshake callback for sslv3 here, if we can false start. */ | |
7530 if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { | |
7531 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | |
7532 } | |
7533 | |
7534 return SECSuccess; | 7582 return SECSuccess; |
7535 | 7583 |
7536 loser: | 7584 loser: |
7537 ssl_ReleaseXmitBufLock(ss); | 7585 ssl_ReleaseXmitBufLock(ss); |
7538 return rv; | 7586 return rv; |
7539 } | 7587 } |
7540 | 7588 |
7541 /* | 7589 /* |
7542 * Routines used by servers | 7590 * Routines used by servers |
7543 */ | 7591 */ |
(...skipping 2596 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10140 | 10188 |
10141 if (rv == SECWouldBlock) { | 10189 if (rv == SECWouldBlock) { |
10142 if (ss->sec.isServer) { | 10190 if (ss->sec.isServer) { |
10143 errCode = SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS; | 10191 errCode = SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS; |
10144 rv = SECFailure; | 10192 rv = SECFailure; |
10145 goto loser; | 10193 goto loser; |
10146 } | 10194 } |
10147 | 10195 |
10148 ss->ssl3.hs.authCertificatePending = PR_TRUE; | 10196 ss->ssl3.hs.authCertificatePending = PR_TRUE; |
10149 rv = SECSuccess; | 10197 rv = SECSuccess; |
10150 | |
10151 /* XXX: Async cert validation and False Start don't work together | |
10152 * safely yet; if we leave False Start enabled, we may end up false | |
10153 * starting (sending application data) before we | |
10154 * SSL_AuthCertificateComplete has been called. | |
10155 */ | |
10156 ss->opt.enableFalseStart = PR_FALSE; | |
10157 } | 10198 } |
10158 | 10199 |
10159 if (rv != SECSuccess) { | 10200 if (rv != SECSuccess) { |
10160 ssl3_SendAlertForCertError(ss, errCode); | 10201 ssl3_SendAlertForCertError(ss, errCode); |
10161 goto loser; | 10202 goto loser; |
10162 } | 10203 } |
10163 } | 10204 } |
10164 | 10205 |
10165 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert); | 10206 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert); |
10166 ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid); | 10207 ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid); |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10271 | 10312 |
10272 ss->ssl3.hs.authCertificatePending = PR_FALSE; | 10313 ss->ssl3.hs.authCertificatePending = PR_FALSE; |
10273 | 10314 |
10274 if (error != 0) { | 10315 if (error != 0) { |
10275 ss->ssl3.hs.restartTarget = ssl3_AlwaysFail; | 10316 ss->ssl3.hs.restartTarget = ssl3_AlwaysFail; |
10276 ssl3_SendAlertForCertError(ss, error); | 10317 ssl3_SendAlertForCertError(ss, error); |
10277 rv = SECSuccess; | 10318 rv = SECSuccess; |
10278 } else if (ss->ssl3.hs.restartTarget != NULL) { | 10319 } else if (ss->ssl3.hs.restartTarget != NULL) { |
10279 sslRestartTarget target = ss->ssl3.hs.restartTarget; | 10320 sslRestartTarget target = ss->ssl3.hs.restartTarget; |
10280 ss->ssl3.hs.restartTarget = NULL; | 10321 ss->ssl3.hs.restartTarget = NULL; |
10322 | |
10323 if (target == ssl3_FinishHandshake) { | |
10324 SSL_TRC(3,("%d: SSL3[%p]: certificate authentication lost the race" | |
10325 " with peer's finished message", SSL_GETPID(), ss->fd)); | |
10326 } | |
wtc
2013/10/17 00:10:53
If |target| is ssl3_SendClientSecondRound here, do
briansmith
2013/10/17 01:42:40
if target == ssl3_SendClientSecondRound then that
| |
10327 | |
10281 rv = target(ss); | 10328 rv = target(ss); |
10282 /* Even if we blocked here, we have accomplished enough to claim | 10329 /* Even if we blocked here, we have accomplished enough to claim |
10283 * success. Any remaining work will be taken care of by subsequent | 10330 * success. Any remaining work will be taken care of by subsequent |
10284 * calls to SSL_ForceHandshake/PR_Send/PR_Read/etc. | 10331 * calls to SSL_ForceHandshake/PR_Send/PR_Read/etc. |
10285 */ | 10332 */ |
10286 if (rv == SECWouldBlock) { | 10333 if (rv == SECWouldBlock) { |
10287 rv = SECSuccess; | 10334 rv = SECSuccess; |
10288 } | 10335 } |
10289 } else { | 10336 } else { |
10290 » rv = SECSuccess; | 10337 » SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication won the race with" |
10338 » " peer's finished message", SSL_GETPID(), ss->fd)); | |
10339 | |
10340 » PORT_Assert(!ss->firstHsDone); | |
10341 » PORT_Assert(!ss->sec.isServer); | |
10342 » PORT_Assert(!ss->ssl3.hs.isResuming); | |
10343 » PORT_Assert(ss->ssl3.hs.ws == wait_change_cipher || | |
10344 » » ss->ssl3.hs.ws == wait_finished || | |
10345 » » ss->ssl3.hs.ws == wait_new_session_ticket); | |
10346 | |
10347 » /* ssl3_SendClientSecondRound deferred the false start check because | |
10348 » * certificate authentication was pending, so we have to do it now. | |
10349 » */ | |
10350 » if (ss->opt.enableFalseStart && | |
10351 » !ss->firstHsDone && | |
10352 » !ss->sec.isServer && | |
10353 » !ss->ssl3.hs.isResuming && | |
10354 » (ss->ssl3.hs.ws == wait_change_cipher || | |
10355 » ss->ssl3.hs.ws == wait_finished || | |
10356 » ss->ssl3.hs.ws == wait_new_session_ticket)) { | |
10357 » rv = ssl3_CheckFalseStart(ss); | |
10358 » } else { | |
10359 » rv = SECSuccess; | |
10360 » } | |
10291 } | 10361 } |
10292 | 10362 |
10293 done: | 10363 done: |
10294 ssl_ReleaseSSL3HandshakeLock(ss); | 10364 ssl_ReleaseSSL3HandshakeLock(ss); |
10295 ssl_ReleaseRecvBufLock(ss); | 10365 ssl_ReleaseRecvBufLock(ss); |
10296 | 10366 |
10297 return rv; | 10367 return rv; |
10298 } | 10368 } |
10299 | 10369 |
10300 static SECStatus | 10370 static SECStatus |
(...skipping 605 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10906 goto xmit_loser; /* err is set. */ | 10976 goto xmit_loser; /* err is set. */ |
10907 } | 10977 } |
10908 } | 10978 } |
10909 | 10979 |
10910 xmit_loser: | 10980 xmit_loser: |
10911 ssl_ReleaseXmitBufLock(ss); /*************************************/ | 10981 ssl_ReleaseXmitBufLock(ss); /*************************************/ |
10912 if (rv != SECSuccess) { | 10982 if (rv != SECSuccess) { |
10913 return rv; | 10983 return rv; |
10914 } | 10984 } |
10915 | 10985 |
10916 ss->gs.writeOffset = 0; | |
10917 ss->gs.readOffset = 0; | |
10918 | |
10919 if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { | 10986 if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { |
10920 effectiveExchKeyType = kt_rsa; | 10987 effectiveExchKeyType = kt_rsa; |
10921 } else { | 10988 } else { |
10922 effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; | 10989 effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; |
10923 } | 10990 } |
10924 | 10991 |
10925 if (sid->cached == never_cached && !ss->opt.noCache && ss->sec.cache) { | 10992 if (sid->cached == never_cached && !ss->opt.noCache && ss->sec.cache) { |
10926 /* fill in the sid */ | 10993 /* fill in the sid */ |
10927 sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; | 10994 sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; |
10928 sid->u.ssl3.compression = ss->ssl3.hs.compression; | 10995 sid->u.ssl3.compression = ss->ssl3.hs.compression; |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10973 } | 11040 } |
10974 | 11041 |
10975 ss->ssl3.hs.restartTarget = ssl3_FinishHandshake; | 11042 ss->ssl3.hs.restartTarget = ssl3_FinishHandshake; |
10976 return SECWouldBlock; | 11043 return SECWouldBlock; |
10977 } | 11044 } |
10978 | 11045 |
10979 rv = ssl3_FinishHandshake(ss); | 11046 rv = ssl3_FinishHandshake(ss); |
10980 return rv; | 11047 return rv; |
10981 } | 11048 } |
10982 | 11049 |
11050 /* The return type is SECStatus instead of void because this function needs | |
11051 * to have type sslRestartTarget. | |
11052 */ | |
10983 SECStatus | 11053 SECStatus |
10984 ssl3_FinishHandshake(sslSocket * ss) | 11054 ssl3_FinishHandshake(sslSocket * ss) |
10985 { | 11055 { |
10986 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 11056 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
10987 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 11057 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
10988 PORT_Assert( ss->ssl3.hs.restartTarget == NULL ); | 11058 PORT_Assert( ss->ssl3.hs.restartTarget == NULL ); |
10989 | 11059 |
10990 /* The first handshake is now completed. */ | 11060 /* The first handshake is now completed. */ |
10991 ss->handshake = NULL; | 11061 ss->handshake = NULL; |
10992 ss->firstHsDone = PR_TRUE; | |
10993 | 11062 |
10994 if (ss->ssl3.hs.cacheSID) { | 11063 if (ss->ssl3.hs.cacheSID) { |
10995 (*ss->sec.cache)(ss->sec.ci.sid); | 11064 (*ss->sec.cache)(ss->sec.ci.sid); |
10996 ss->ssl3.hs.cacheSID = PR_FALSE; | 11065 ss->ssl3.hs.cacheSID = PR_FALSE; |
10997 } | 11066 } |
10998 | 11067 |
11068 ss->ssl3.hs.canFalseStart = PR_FALSE; /* False Start phase is complete */ | |
10999 ss->ssl3.hs.ws = idle_handshake; | 11069 ss->ssl3.hs.ws = idle_handshake; |
11000 | 11070 |
11001 /* Do the handshake callback for sslv3 here, if we cannot false start. */ | 11071 ssl_FinishHandshake(ss); |
11002 if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { | |
11003 » (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | |
11004 } | |
11005 | 11072 |
11006 return SECSuccess; | 11073 return SECSuccess; |
11007 } | 11074 } |
11008 | 11075 |
11009 /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3 | 11076 /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3 |
11010 * hanshake message. | 11077 * hanshake message. |
11011 * Caller must hold Handshake and RecvBuf locks. | 11078 * Caller must hold Handshake and RecvBuf locks. |
11012 */ | 11079 */ |
11013 SECStatus | 11080 SECStatus |
11014 ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) | 11081 ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
(...skipping 547 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
11562 sslBuffer temp_buf; | 11629 sslBuffer temp_buf; |
11563 PRUint64 dtls_seq_num; | 11630 PRUint64 dtls_seq_num; |
11564 unsigned int ivLen = 0; | 11631 unsigned int ivLen = 0; |
11565 unsigned int originalLen = 0; | 11632 unsigned int originalLen = 0; |
11566 unsigned int good; | 11633 unsigned int good; |
11567 unsigned int minLength; | 11634 unsigned int minLength; |
11568 unsigned char header[13]; | 11635 unsigned char header[13]; |
11569 unsigned int headerLen; | 11636 unsigned int headerLen; |
11570 | 11637 |
11571 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 11638 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
11639 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | |
wtc
2013/10/17 00:10:53
Why do we need to call ssl3_HandleRecord while hol
briansmith
2013/10/17 01:42:40
ssl3_GatherCompleteHandshake is the function that
wtc
2013/10/17 15:28:14
I see. We should reconsider this change. This func
| |
11572 | 11640 |
11573 if (!ss->ssl3.initialized) { | 11641 if (!ss->ssl3.initialized) { |
11574 ssl_GetSSL3HandshakeLock(ss); | |
11575 rv = ssl3_InitState(ss); | 11642 rv = ssl3_InitState(ss); |
11576 ssl_ReleaseSSL3HandshakeLock(ss); | |
11577 if (rv != SECSuccess) { | 11643 if (rv != SECSuccess) { |
11578 return rv; /* ssl3_InitState has set the error code. */ | 11644 return rv; /* ssl3_InitState has set the error code. */ |
11579 } | 11645 } |
11580 } | 11646 } |
11581 | 11647 |
11582 /* check for Token Presence */ | 11648 /* check for Token Presence */ |
11583 if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) { | 11649 if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) { |
11584 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); | 11650 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); |
11585 return SECFailure; | 11651 return SECFailure; |
11586 } | 11652 } |
(...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
11926 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA); | 11992 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA); |
11927 return SECFailure; | 11993 return SECFailure; |
11928 } | 11994 } |
11929 | 11995 |
11930 /* It's a record that must be handled by ssl itself, not the application. | 11996 /* It's a record that must be handled by ssl itself, not the application. |
11931 */ | 11997 */ |
11932 process_it: | 11998 process_it: |
11933 /* XXX Get the xmit lock here. Odds are very high that we'll be xmiting | 11999 /* XXX Get the xmit lock here. Odds are very high that we'll be xmiting |
11934 * data ang getting the xmit lock here prevents deadlocks. | 12000 * data ang getting the xmit lock here prevents deadlocks. |
11935 */ | 12001 */ |
11936 ssl_GetSSL3HandshakeLock(ss); | |
11937 | 12002 |
11938 /* All the functions called in this switch MUST set error code if | 12003 /* All the functions called in this switch MUST set error code if |
11939 ** they return SECFailure or SECWouldBlock. | 12004 ** they return SECFailure or SECWouldBlock. |
11940 */ | 12005 */ |
11941 switch (rType) { | 12006 switch (rType) { |
11942 case content_change_cipher_spec: | 12007 case content_change_cipher_spec: |
11943 rv = ssl3_HandleChangeCipherSpecs(ss, databuf); | 12008 rv = ssl3_HandleChangeCipherSpecs(ss, databuf); |
11944 break; | 12009 break; |
11945 case content_alert: | 12010 case content_alert: |
11946 rv = ssl3_HandleAlert(ss, databuf); | 12011 rv = ssl3_HandleAlert(ss, databuf); |
(...skipping 10 matching lines...) Expand all Loading... | |
11957 */ | 12022 */ |
11958 default: | 12023 default: |
11959 SSL_DBG(("%d: SSL3[%d]: bogus content type=%d", | 12024 SSL_DBG(("%d: SSL3[%d]: bogus content type=%d", |
11960 SSL_GETPID(), ss->fd, cText->type)); | 12025 SSL_GETPID(), ss->fd, cText->type)); |
11961 /* XXX Send an alert ??? */ | 12026 /* XXX Send an alert ??? */ |
11962 PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE); | 12027 PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE); |
11963 rv = SECFailure; | 12028 rv = SECFailure; |
11964 break; | 12029 break; |
11965 } | 12030 } |
11966 | 12031 |
11967 ssl_ReleaseSSL3HandshakeLock(ss); | |
11968 return rv; | 12032 return rv; |
11969 | |
11970 } | 12033 } |
11971 | 12034 |
11972 /* | 12035 /* |
11973 * Initialization functions | 12036 * Initialization functions |
11974 */ | 12037 */ |
11975 | 12038 |
11976 /* Called from ssl3_InitState, immediately below. */ | 12039 /* Called from ssl3_InitState, immediately below. */ |
11977 /* Caller must hold the SpecWriteLock. */ | 12040 /* Caller must hold the SpecWriteLock. */ |
11978 static void | 12041 static void |
11979 ssl3_InitCipherSpec(sslSocket *ss, ssl3CipherSpec *spec) | 12042 ssl3_InitCipherSpec(sslSocket *ss, ssl3CipherSpec *spec) |
(...skipping 490 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12470 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12533 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
12471 } | 12534 } |
12472 } | 12535 } |
12473 | 12536 |
12474 ss->ssl3.initialized = PR_FALSE; | 12537 ss->ssl3.initialized = PR_FALSE; |
12475 | 12538 |
12476 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12539 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
12477 } | 12540 } |
12478 | 12541 |
12479 /* End of ssl3con.c */ | 12542 /* End of ssl3con.c */ |
OLD | NEW |