OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 4957 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4968 sslSessionID * sid; | 4968 sslSessionID * sid; |
4969 ssl3CipherSpec * cwSpec; | 4969 ssl3CipherSpec * cwSpec; |
4970 SECStatus rv; | 4970 SECStatus rv; |
4971 int i; | 4971 int i; |
4972 int length; | 4972 int length; |
4973 int num_suites; | 4973 int num_suites; |
4974 int actual_count = 0; | 4974 int actual_count = 0; |
4975 PRBool isTLS = PR_FALSE; | 4975 PRBool isTLS = PR_FALSE; |
4976 PRBool requestingResume = PR_FALSE; | 4976 PRBool requestingResume = PR_FALSE; |
4977 PRInt32 total_exten_len = 0; | 4977 PRInt32 total_exten_len = 0; |
| 4978 unsigned paddingExtensionLen; |
4978 unsigned numCompressionMethods; | 4979 unsigned numCompressionMethods; |
4979 PRInt32 flags; | 4980 PRInt32 flags; |
4980 | 4981 |
4981 SSL_TRC(3, ("%d: SSL3[%d]: send client_hello handshake", SSL_GETPID(), | 4982 SSL_TRC(3, ("%d: SSL3[%d]: send client_hello handshake", SSL_GETPID(), |
4982 ss->fd)); | 4983 ss->fd)); |
4983 | 4984 |
4984 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 4985 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
4985 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); | 4986 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); |
4986 | 4987 |
4987 rv = ssl3_InitState(ss); | 4988 rv = ssl3_InitState(ss); |
(...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5234 } | 5235 } |
5235 | 5236 |
5236 length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH + | 5237 length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH + |
5237 1 + ((sid == NULL) ? 0 : sid->u.ssl3.sessionIDLength) + | 5238 1 + ((sid == NULL) ? 0 : sid->u.ssl3.sessionIDLength) + |
5238 2 + num_suites*sizeof(ssl3CipherSuite) + | 5239 2 + num_suites*sizeof(ssl3CipherSuite) + |
5239 1 + numCompressionMethods + total_exten_len; | 5240 1 + numCompressionMethods + total_exten_len; |
5240 if (IS_DTLS(ss)) { | 5241 if (IS_DTLS(ss)) { |
5241 length += 1 + ss->ssl3.hs.cookieLen; | 5242 length += 1 + ss->ssl3.hs.cookieLen; |
5242 } | 5243 } |
5243 | 5244 |
| 5245 /* A padding extension may be included to ensure that the record containing |
| 5246 * the ClientHello doesn't have a length between 256 and 511 bytes |
| 5247 * (inclusive). Initial, ClientHello records with such lengths trigger bugs |
| 5248 * in F5 devices. |
| 5249 * |
| 5250 * This is not done for DTLS nor for renegotiation. */ |
| 5251 if (!IS_DTLS(ss) && !ss->firstHsDone) { |
| 5252 paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length); |
| 5253 total_exten_len += paddingExtensionLen; |
| 5254 length += paddingExtensionLen; |
| 5255 } else { |
| 5256 paddingExtensionLen = 0; |
| 5257 } |
| 5258 |
5244 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); | 5259 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); |
5245 if (rv != SECSuccess) { | 5260 if (rv != SECSuccess) { |
5246 return rv; /* err set by ssl3_AppendHandshake* */ | 5261 return rv; /* err set by ssl3_AppendHandshake* */ |
5247 } | 5262 } |
5248 | 5263 |
5249 if (ss->firstHsDone) { | 5264 if (ss->firstHsDone) { |
5250 /* The client hello version must stay unchanged to work around | 5265 /* The client hello version must stay unchanged to work around |
5251 * the Windows SChannel bug described above. */ | 5266 * the Windows SChannel bug described above. */ |
5252 PORT_Assert(ss->version == ss->clientHelloVersion); | 5267 PORT_Assert(ss->version == ss->clientHelloVersion); |
5253 } | 5268 } |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5353 rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2); | 5368 rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2); |
5354 if (rv != SECSuccess) { | 5369 if (rv != SECSuccess) { |
5355 return rv; /* err set by AppendHandshake. */ | 5370 return rv; /* err set by AppendHandshake. */ |
5356 } | 5371 } |
5357 | 5372 |
5358 extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL); | 5373 extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL); |
5359 if (extLen < 0) { | 5374 if (extLen < 0) { |
5360 return SECFailure; | 5375 return SECFailure; |
5361 } | 5376 } |
5362 maxBytes -= extLen; | 5377 maxBytes -= extLen; |
| 5378 |
| 5379 extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes); |
| 5380 if (extLen < 0) { |
| 5381 return SECFailure; |
| 5382 } |
| 5383 maxBytes -= extLen; |
| 5384 |
5363 PORT_Assert(!maxBytes); | 5385 PORT_Assert(!maxBytes); |
5364 } | 5386 } |
5365 if (ss->ssl3.hs.sendingSCSV) { | 5387 if (ss->ssl3.hs.sendingSCSV) { |
5366 /* Since we sent the SCSV, pretend we sent empty RI extension. */ | 5388 /* Since we sent the SCSV, pretend we sent empty RI extension. */ |
5367 TLSExtensionData *xtnData = &ss->xtnData; | 5389 TLSExtensionData *xtnData = &ss->xtnData; |
5368 xtnData->advertised[xtnData->numAdvertised++] = | 5390 xtnData->advertised[xtnData->numAdvertised++] = |
5369 ssl_renegotiation_info_xtn; | 5391 ssl_renegotiation_info_xtn; |
5370 } | 5392 } |
5371 | 5393 |
5372 flags = 0; | 5394 flags = 0; |
(...skipping 7195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
12568 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12590 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
12569 } | 12591 } |
12570 } | 12592 } |
12571 | 12593 |
12572 ss->ssl3.initialized = PR_FALSE; | 12594 ss->ssl3.initialized = PR_FALSE; |
12573 | 12595 |
12574 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12596 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
12575 } | 12597 } |
12576 | 12598 |
12577 /* End of ssl3con.c */ | 12599 /* End of ssl3con.c */ |
OLD | NEW |