OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
7 * | 7 * |
8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
(...skipping 2973 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2984 return SECFailure; | 2984 return SECFailure; |
2985 } | 2985 } |
2986 buf->len = 0; | 2986 buf->len = 0; |
2987 | 2987 |
2988 /* Swap the pending and current read specs. */ | 2988 /* Swap the pending and current read specs. */ |
2989 ssl_GetSpecWriteLock(ss); /*************************************/ | 2989 ssl_GetSpecWriteLock(ss); /*************************************/ |
2990 prSpec = ss->ssl3.prSpec; | 2990 prSpec = ss->ssl3.prSpec; |
2991 | 2991 |
2992 ss->ssl3.prSpec = ss->ssl3.crSpec; | 2992 ss->ssl3.prSpec = ss->ssl3.crSpec; |
2993 ss->ssl3.crSpec = prSpec; | 2993 ss->ssl3.crSpec = prSpec; |
2994 | 2994 ss->ssl3.hs.ws = wait_finished; |
2995 if (ss->sec.isServer && | |
2996 » ss->opt.requestCertificate && | |
2997 » ssl3_ExtensionNegotiated(ss, ssl_encrypted_client_certs)) { | |
2998 » ss->ssl3.hs.ws = wait_client_cert; | |
2999 } else { | |
3000 » ss->ssl3.hs.ws = wait_finished; | |
3001 } | |
3002 | 2995 |
3003 SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending", | 2996 SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending", |
3004 SSL_GETPID(), ss->fd )); | 2997 SSL_GETPID(), ss->fd )); |
3005 | 2998 |
3006 /* If we are really through with the old cipher prSpec | 2999 /* If we are really through with the old cipher prSpec |
3007 * (Both the read and write sides have changed) destroy it. | 3000 * (Both the read and write sides have changed) destroy it. |
3008 */ | 3001 */ |
3009 if (ss->ssl3.prSpec == ss->ssl3.pwSpec) { | 3002 if (ss->ssl3.prSpec == ss->ssl3.pwSpec) { |
3010 ssl3_DestroyCipherSpec(ss->ssl3.prSpec, PR_FALSE/*freeSrvName*/); | 3003 ssl3_DestroyCipherSpec(ss->ssl3.prSpec, PR_FALSE/*freeSrvName*/); |
3011 } | 3004 } |
(...skipping 2068 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5080 loser: | 5073 loser: |
5081 if (serverKey) | 5074 if (serverKey) |
5082 SECKEY_DestroyPublicKey(serverKey); | 5075 SECKEY_DestroyPublicKey(serverKey); |
5083 return rv; /* err code already set. */ | 5076 return rv; /* err code already set. */ |
5084 } | 5077 } |
5085 | 5078 |
5086 /* Called from ssl3_HandleServerHelloDone(). */ | 5079 /* Called from ssl3_HandleServerHelloDone(). */ |
5087 static SECStatus | 5080 static SECStatus |
5088 ssl3_SendCertificateVerify(sslSocket *ss) | 5081 ssl3_SendCertificateVerify(sslSocket *ss) |
5089 { | 5082 { |
5090 SECStatus rv» » = SECFailure; | 5083 SECStatus rv» » = SECFailure; |
5091 PRBool isTLS; | 5084 PRBool isTLS; |
5092 SECItem buf» » = {siBuffer, NULL, 0}; | 5085 SECItem buf = {siBuffer, NULL, 0}; |
5093 SSL3Hashes hashes; | 5086 SSL3Hashes hashes; |
5094 ssl3CipherSpec *spec; | |
5095 | 5087 |
5096 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | 5088 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
5097 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 5089 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
5098 | 5090 |
5099 SSL_TRC(3, ("%d: SSL3[%d]: send certificate_verify handshake", | 5091 SSL_TRC(3, ("%d: SSL3[%d]: send certificate_verify handshake", |
5100 SSL_GETPID(), ss->fd)); | 5092 SSL_GETPID(), ss->fd)); |
5101 | 5093 |
5102 ssl_GetSpecReadLock(ss); | 5094 ssl_GetSpecReadLock(ss); |
5103 spec = ss->ssl3.pwSpec; | 5095 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.pwSpec, &hashes, 0); |
5104 if (ssl3_ExtensionNegotiated(ss, ssl_encrypted_client_certs)) { | |
5105 » spec = ss->ssl3.cwSpec; | |
5106 } | |
5107 rv = ssl3_ComputeHandshakeHashes(ss, spec, &hashes, 0); | |
5108 ssl_ReleaseSpecReadLock(ss); | 5096 ssl_ReleaseSpecReadLock(ss); |
5109 if (rv != SECSuccess) { | 5097 if (rv != SECSuccess) { |
5110 goto done; /* err code was set by ssl3_ComputeHandshakeHashes */ | 5098 goto done; /* err code was set by ssl3_ComputeHandshakeHashes */ |
5111 } | 5099 } |
5112 | 5100 |
5113 isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); | 5101 isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); |
5114 if (ss->ssl3.platformClientKey) { | 5102 if (ss->ssl3.platformClientKey) { |
5115 #ifdef NSS_PLATFORM_CLIENT_AUTH | 5103 #ifdef NSS_PLATFORM_CLIENT_AUTH |
5116 rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey, | 5104 rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey, |
5117 &buf, isTLS); | 5105 &buf, isTLS); |
5118 ssl_FreePlatformKey(ss->ssl3.platformClientKey); | 5106 ssl_FreePlatformKey(ss->ssl3.platformClientKey); |
5119 ss->ssl3.platformClientKey = (PlatformKey)NULL; | 5107 ss->ssl3.platformClientKey = (PlatformKey)NULL; |
5120 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 5108 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
5121 } else { | 5109 } else { |
5122 rv = ssl3_SignHashes(&hashes, ss->ssl3.clientPrivateKey, &buf, isTLS); | 5110 rv = ssl3_SignHashes(&hashes, ss->ssl3.clientPrivateKey, &buf, isTLS); |
5123 if (rv == SECSuccess) { | 5111 if (rv == SECSuccess) { |
(...skipping 1034 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6158 | 6146 |
6159 /* Called from ssl3_HandleServerHelloDone and ssl3_AuthCertificateComplete. | 6147 /* Called from ssl3_HandleServerHelloDone and ssl3_AuthCertificateComplete. |
6160 * | 6148 * |
6161 * Caller must hold Handshake and RecvBuf locks. | 6149 * Caller must hold Handshake and RecvBuf locks. |
6162 */ | 6150 */ |
6163 static SECStatus | 6151 static SECStatus |
6164 ssl3_SendClientSecondRound(sslSocket *ss) | 6152 ssl3_SendClientSecondRound(sslSocket *ss) |
6165 { | 6153 { |
6166 SECStatus rv; | 6154 SECStatus rv; |
6167 PRBool sendClientCert; | 6155 PRBool sendClientCert; |
6168 PRBool sendEmptyCert; | |
6169 int n = 0, i; | |
6170 typedef SECStatus (*SendFunction)(sslSocket*); | |
6171 SendFunction send_funcs[5]; | |
6172 | 6156 |
6173 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 6157 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
6174 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 6158 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
6175 | 6159 |
6176 sendClientCert = !ss->ssl3.sendEmptyCert && | 6160 sendClientCert = !ss->ssl3.sendEmptyCert && |
6177 ss->ssl3.clientCertChain != NULL && | 6161 ss->ssl3.clientCertChain != NULL && |
6178 (ss->ssl3.platformClientKey || | 6162 (ss->ssl3.platformClientKey || |
6179 ss->ssl3.clientPrivateKey != NULL); | 6163 ss->ssl3.clientPrivateKey != NULL); |
6180 | 6164 |
6181 /* We must wait for the server's certificate to be authenticated before | 6165 /* We must wait for the server's certificate to be authenticated before |
(...skipping 26 matching lines...) Expand all Loading... |
6208 return SECFailure; | 6192 return SECFailure; |
6209 } | 6193 } |
6210 if (ss->ssl3.hs.authCertificatePending && | 6194 if (ss->ssl3.hs.authCertificatePending && |
6211 (sendClientCert || ss->ssl3.sendEmptyCert || ss->firstHsDone)) { | 6195 (sendClientCert || ss->ssl3.sendEmptyCert || ss->firstHsDone)) { |
6212 ss->ssl3.hs.restartTarget = ssl3_SendClientSecondRound; | 6196 ss->ssl3.hs.restartTarget = ssl3_SendClientSecondRound; |
6213 return SECWouldBlock; | 6197 return SECWouldBlock; |
6214 } | 6198 } |
6215 | 6199 |
6216 ssl_GetXmitBufLock(ss); /*******************************/ | 6200 ssl_GetXmitBufLock(ss); /*******************************/ |
6217 | 6201 |
6218 sendEmptyCert = ss->ssl3.sendEmptyCert; | 6202 if (ss->ssl3.sendEmptyCert) { |
6219 ss->ssl3.sendEmptyCert = PR_FALSE; | 6203 » ss->ssl3.sendEmptyCert = PR_FALSE; |
6220 | 6204 » rv = ssl3_SendEmptyCertificate(ss); |
6221 if (ssl3_ExtensionNegotiated(ss, ssl_encrypted_client_certs)) { | 6205 » /* Don't send verify */ |
6222 » send_funcs[n++] = ssl3_SendClientKeyExchange; | 6206 » if (rv != SECSuccess) { |
6223 » send_funcs[n++] = ssl3_SendChangeCipherSpecs; | 6207 » goto loser;»/* error code is set. */ |
6224 » if (sendEmptyCert) { | 6208 » } |
6225 » send_funcs[n++] = ssl3_SendEmptyCertificate; | 6209 } else if (sendClientCert) { |
6226 » } | 6210 » rv = ssl3_SendCertificate(ss); |
6227 » if (sendClientCert) { | 6211 » if (rv != SECSuccess) { |
6228 » send_funcs[n++] = ssl3_SendCertificate; | 6212 » goto loser;»/* error code is set. */ |
6229 » send_funcs[n++] = ssl3_SendCertificateVerify; | 6213 » } |
6230 » } | |
6231 } else { | |
6232 » if (sendEmptyCert) { | |
6233 » send_funcs[n++] = ssl3_SendEmptyCertificate; | |
6234 » } | |
6235 » if (sendClientCert) { | |
6236 » send_funcs[n++] = ssl3_SendCertificate; | |
6237 » } | |
6238 » send_funcs[n++] = ssl3_SendClientKeyExchange; | |
6239 » if (sendClientCert) { | |
6240 » send_funcs[n++] = ssl3_SendCertificateVerify; | |
6241 » } | |
6242 » send_funcs[n++] = ssl3_SendChangeCipherSpecs; | |
6243 } | 6214 } |
6244 | 6215 |
6245 PORT_Assert(n <= sizeof(send_funcs)/sizeof(send_funcs[0])); | 6216 rv = ssl3_SendClientKeyExchange(ss); |
| 6217 if (rv != SECSuccess) { |
| 6218 » goto loser;» /* err is set. */ |
| 6219 } |
6246 | 6220 |
6247 for (i = 0; i < n; i++) { | 6221 if (sendClientCert) { |
6248 » rv = send_funcs[i](ss); | 6222 » rv = ssl3_SendCertificateVerify(ss); |
6249 if (rv != SECSuccess) { | 6223 if (rv != SECSuccess) { |
6250 » goto loser;»/* err code was set. */ | 6224 » goto loser;»/* err is set. */ |
6251 » } | 6225 } |
| 6226 } |
| 6227 |
| 6228 rv = ssl3_SendChangeCipherSpecs(ss); |
| 6229 if (rv != SECSuccess) { |
| 6230 » goto loser;» /* err code was set. */ |
6252 } | 6231 } |
6253 | 6232 |
6254 /* XXX: If the server's certificate hasn't been authenticated by this | 6233 /* XXX: If the server's certificate hasn't been authenticated by this |
6255 * point, then we may be leaking this NPN message to an attacker. | 6234 * point, then we may be leaking this NPN message to an attacker. |
6256 */ | 6235 */ |
6257 if (!ss->firstHsDone) { | 6236 if (!ss->firstHsDone) { |
6258 rv = ssl3_SendNextProto(ss); | 6237 rv = ssl3_SendNextProto(ss); |
6259 if (rv != SECSuccess) { | 6238 if (rv != SECSuccess) { |
6260 goto loser; /* err code was set. */ | 6239 goto loser; /* err code was set. */ |
6261 } | 6240 } |
(...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6456 rv = ssl3_SendCertificateRequest(ss); | 6435 rv = ssl3_SendCertificateRequest(ss); |
6457 if (rv != SECSuccess) { | 6436 if (rv != SECSuccess) { |
6458 return rv; /* err code is set. */ | 6437 return rv; /* err code is set. */ |
6459 } | 6438 } |
6460 } | 6439 } |
6461 rv = ssl3_SendServerHelloDone(ss); | 6440 rv = ssl3_SendServerHelloDone(ss); |
6462 if (rv != SECSuccess) { | 6441 if (rv != SECSuccess) { |
6463 return rv; /* err code is set. */ | 6442 return rv; /* err code is set. */ |
6464 } | 6443 } |
6465 | 6444 |
6466 if (ss->opt.requestCertificate && | 6445 ss->ssl3.hs.ws = (ss->opt.requestCertificate) ? wait_client_cert |
6467 » !ssl3_ExtensionNegotiated(ss, ssl_encrypted_client_certs)) { | 6446 : wait_client_key; |
6468 » ss->ssl3.hs.ws = wait_client_cert; | |
6469 } else { | |
6470 » ss->ssl3.hs.ws = wait_client_key; | |
6471 } | |
6472 | |
6473 return SECSuccess; | 6447 return SECSuccess; |
6474 } | 6448 } |
6475 | 6449 |
6476 /* An empty TLS Renegotiation Info (RI) extension */ | 6450 /* An empty TLS Renegotiation Info (RI) extension */ |
6477 static const PRUint8 emptyRIext[5] = {0xff, 0x01, 0x00, 0x01, 0x00}; | 6451 static const PRUint8 emptyRIext[5] = {0xff, 0x01, 0x00, 0x01, 0x00}; |
6478 | 6452 |
6479 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | 6453 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
6480 * ssl3 Client Hello message. | 6454 * ssl3 Client Hello message. |
6481 * Caller must hold Handshake and RecvBuf locks. | 6455 * Caller must hold Handshake and RecvBuf locks. |
6482 */ | 6456 */ |
(...skipping 1276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7759 desc = isTLS ? decrypt_error : handshake_failure; | 7733 desc = isTLS ? decrypt_error : handshake_failure; |
7760 goto alert_loser; | 7734 goto alert_loser; |
7761 } | 7735 } |
7762 | 7736 |
7763 signed_hash.data = NULL; | 7737 signed_hash.data = NULL; |
7764 | 7738 |
7765 if (length != 0) { | 7739 if (length != 0) { |
7766 desc = isTLS ? decode_error : illegal_parameter; | 7740 desc = isTLS ? decode_error : illegal_parameter; |
7767 goto alert_loser; /* malformed */ | 7741 goto alert_loser; /* malformed */ |
7768 } | 7742 } |
7769 if (ssl3_ExtensionNegotiated(ss, ssl_encrypted_client_certs)) { | 7743 ss->ssl3.hs.ws = wait_change_cipher; |
7770 » ss->ssl3.hs.ws = wait_finished; | |
7771 } else { | |
7772 » ss->ssl3.hs.ws = wait_change_cipher; | |
7773 } | |
7774 return SECSuccess; | 7744 return SECSuccess; |
7775 | 7745 |
7776 alert_loser: | 7746 alert_loser: |
7777 SSL3_SendAlert(ss, alert_fatal, desc); | 7747 SSL3_SendAlert(ss, alert_fatal, desc); |
7778 loser: | 7748 loser: |
7779 PORT_SetError(errCode); | 7749 PORT_SetError(errCode); |
7780 return SECFailure; | 7750 return SECFailure; |
7781 } | 7751 } |
7782 | 7752 |
7783 | 7753 |
(...skipping 892 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8676 /* XXX OR server cert is signing only. */ | 8646 /* XXX OR server cert is signing only. */ |
8677 #ifdef NSS_ENABLE_ECC | 8647 #ifdef NSS_ENABLE_ECC |
8678 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || | 8648 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || |
8679 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || | 8649 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || |
8680 #endif /* NSS_ENABLE_ECC */ | 8650 #endif /* NSS_ENABLE_ECC */ |
8681 ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { | 8651 ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { |
8682 ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ | 8652 ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ |
8683 } | 8653 } |
8684 } else { | 8654 } else { |
8685 server_no_cert: | 8655 server_no_cert: |
8686 » if (ssl3_ExtensionNegotiated(ss, ssl_encrypted_client_certs)) { | 8656 » ss->ssl3.hs.ws = wait_client_key; |
8687 » ss->ssl3.hs.ws = wait_cert_verify; | |
8688 » } else { | |
8689 » ss->ssl3.hs.ws = wait_client_key; | |
8690 » } | |
8691 } | 8657 } |
8692 | 8658 |
8693 PORT_Assert(rv == SECSuccess); | 8659 PORT_Assert(rv == SECSuccess); |
8694 if (rv != SECSuccess) { | 8660 if (rv != SECSuccess) { |
8695 errCode = SEC_ERROR_LIBRARY_FAILURE; | 8661 errCode = SEC_ERROR_LIBRARY_FAILURE; |
8696 rv = SECFailure; | 8662 rv = SECFailure; |
8697 goto loser; | 8663 goto loser; |
8698 } | 8664 } |
8699 | 8665 |
8700 return rv; | 8666 return rv; |
(...skipping 594 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9295 * current message. | 9261 * current message. |
9296 */ | 9262 */ |
9297 ssl_GetSpecReadLock(ss); /************************************/ | 9263 ssl_GetSpecReadLock(ss); /************************************/ |
9298 if((type == finished) || (type == certificate_verify)) { | 9264 if((type == finished) || (type == certificate_verify)) { |
9299 SSL3Sender sender = (SSL3Sender)0; | 9265 SSL3Sender sender = (SSL3Sender)0; |
9300 ssl3CipherSpec *rSpec = ss->ssl3.prSpec; | 9266 ssl3CipherSpec *rSpec = ss->ssl3.prSpec; |
9301 | 9267 |
9302 if (type == finished) { | 9268 if (type == finished) { |
9303 sender = ss->sec.isServer ? sender_client : sender_server; | 9269 sender = ss->sec.isServer ? sender_client : sender_server; |
9304 rSpec = ss->ssl3.crSpec; | 9270 rSpec = ss->ssl3.crSpec; |
9305 } else if (ssl3_ExtensionNegotiated(ss, ssl_encrypted_client_certs)) { | |
9306 rSpec = ss->ssl3.crSpec; | |
9307 } | 9271 } |
9308 rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); | 9272 rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); |
9309 } | 9273 } |
9310 ssl_ReleaseSpecReadLock(ss); /************************************/ | 9274 ssl_ReleaseSpecReadLock(ss); /************************************/ |
9311 if (rv != SECSuccess) { | 9275 if (rv != SECSuccess) { |
9312 return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/ | 9276 return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/ |
9313 } | 9277 } |
9314 SSL_TRC(30,("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(), | 9278 SSL_TRC(30,("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(), |
9315 ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type))); | 9279 ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type))); |
9316 PRINT_BUF(60, (ss, "MD5 handshake hash:", | 9280 PRINT_BUF(60, (ss, "MD5 handshake hash:", |
(...skipping 1144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
10461 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 10425 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
10462 } | 10426 } |
10463 } | 10427 } |
10464 | 10428 |
10465 ss->ssl3.initialized = PR_FALSE; | 10429 ss->ssl3.initialized = PR_FALSE; |
10466 | 10430 |
10467 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 10431 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
10468 } | 10432 } |
10469 | 10433 |
10470 /* End of ssl3con.c */ | 10434 /* End of ssl3con.c */ |
OLD | NEW |