OLD | NEW |
1 /* | 1 /* |
2 * SSL3 Protocol | 2 * SSL3 Protocol |
3 * | 3 * |
4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
6 * | 6 * |
7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
77 static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss, | 77 static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss, |
78 PRBool append, PRUint32 maxBytes); | 78 PRBool append, PRUint32 maxBytes); |
79 static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, | 79 static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, |
80 PRUint16 ex_type, SECItem *data); | 80 PRUint16 ex_type, SECItem *data); |
81 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, | 81 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, |
82 PRUint16 ex_type, SECItem *data); | 82 PRUint16 ex_type, SECItem *data); |
83 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, | 83 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, |
84 PRUint16 ex_type, SECItem *data); | 84 PRUint16 ex_type, SECItem *data); |
85 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, | 85 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, |
86 PRUint32 maxBytes); | 86 PRUint32 maxBytes); |
87 static SECStatus ssl3_ServerHandleEncryptedClientCertsXtn(sslSocket *ss, | |
88 PRUint16 ex_type, SECItem *data); | |
89 static SECStatus ssl3_ClientHandleEncryptedClientCertsXtn(sslSocket *ss, | |
90 PRUint16 ex_type, SECItem *data); | |
91 static PRInt32 ssl3_SendEncryptedClientCertsXtn(sslSocket *ss, | |
92 PRBool append, PRUint32 maxBytes); | |
93 | 87 |
94 /* | 88 /* |
95 * Write bytes. Using this function means the SECItem structure | 89 * Write bytes. Using this function means the SECItem structure |
96 * cannot be freed. The caller is expected to call this function | 90 * cannot be freed. The caller is expected to call this function |
97 * on a shallow copy of the structure. | 91 * on a shallow copy of the structure. |
98 */ | 92 */ |
99 static SECStatus | 93 static SECStatus |
100 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes) | 94 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes) |
101 { | 95 { |
102 if (bytes > item->len) | 96 if (bytes > item->len) |
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
239 * will be registered here. | 233 * will be registered here. |
240 */ | 234 */ |
241 /* This table is used by the server, to handle client hello extensions. */ | 235 /* This table is used by the server, to handle client hello extensions. */ |
242 static const ssl3HelloExtensionHandler clientHelloHandlers[] = { | 236 static const ssl3HelloExtensionHandler clientHelloHandlers[] = { |
243 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, | 237 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
244 #ifdef NSS_ENABLE_ECC | 238 #ifdef NSS_ENABLE_ECC |
245 { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn }, | 239 { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn }, |
246 { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn }, | 240 { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn }, |
247 #endif | 241 #endif |
248 { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, | 242 { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, |
249 { ssl_encrypted_client_certs, &ssl3_ServerHandleEncryptedClientCertsXtn }, | |
250 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 243 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
251 { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, | 244 { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, |
252 { ssl_ob_cert_xtn, &ssl3_ServerHandleOBCertXtn }, | |
253 { -1, NULL } | 245 { -1, NULL } |
254 }; | 246 }; |
255 | 247 |
256 /* These two tables are used by the client, to handle server hello | 248 /* These two tables are used by the client, to handle server hello |
257 * extensions. */ | 249 * extensions. */ |
258 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { | 250 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { |
259 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, | 251 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
260 /* TODO: add a handler for ssl_ec_point_formats_xtn */ | 252 /* TODO: add a handler for ssl_ec_point_formats_xtn */ |
261 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, | 253 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
262 { ssl_encrypted_client_certs, &ssl3_ClientHandleEncryptedClientCertsXtn }, | |
263 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 254 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
264 { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, | 255 { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
265 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, | 256 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
266 { ssl_ob_cert_xtn, &ssl3_ClientHandleOBCertXtn }, | |
267 { -1, NULL } | 257 { -1, NULL } |
268 }; | 258 }; |
269 | 259 |
270 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { | 260 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { |
271 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 261 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
272 { -1, NULL } | 262 { -1, NULL } |
273 }; | 263 }; |
274 | 264 |
275 /* Tables of functions to format TLS hello extensions, one function per | 265 /* Tables of functions to format TLS hello extensions, one function per |
276 * extension. | 266 * extension. |
277 * These static tables are for the formatting of client hello extensions. | 267 * These static tables are for the formatting of client hello extensions. |
278 * The server's table of hello senders is dynamic, in the socket struct, | 268 * The server's table of hello senders is dynamic, in the socket struct, |
279 * and sender functions are registered there. | 269 * and sender functions are registered there. |
280 */ | 270 */ |
281 static const | 271 static const |
282 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { | 272 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { |
283 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, | 273 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, |
284 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, | 274 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, |
285 #ifdef NSS_ENABLE_ECC | 275 #ifdef NSS_ENABLE_ECC |
286 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, | 276 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, |
287 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, | 277 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, |
288 #endif | 278 #endif |
289 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, | 279 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
290 { ssl_encrypted_client_certs, &ssl3_SendEncryptedClientCertsXtn }, | |
291 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, | 280 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
292 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, | 281 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } |
293 { ssl_ob_cert_xtn, &ssl3_SendOBCertXtn } | |
294 /* any extra entries will appear as { 0, NULL } */ | 282 /* any extra entries will appear as { 0, NULL } */ |
295 }; | 283 }; |
296 | 284 |
297 static const | 285 static const |
298 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { | 286 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { |
299 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } | 287 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } |
300 /* any extra entries will appear as { 0, NULL } */ | 288 /* any extra entries will appear as { 0, NULL } */ |
301 }; | 289 }; |
302 | 290 |
303 static PRBool | 291 static PRBool |
(...skipping 788 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1092 SECItem *data) | 1080 SECItem *data) |
1093 { | 1081 { |
1094 if (data->len != 0) | 1082 if (data->len != 0) |
1095 return SECFailure; | 1083 return SECFailure; |
1096 | 1084 |
1097 /* Keep track of negotiated extensions. */ | 1085 /* Keep track of negotiated extensions. */ |
1098 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 1086 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
1099 return SECSuccess; | 1087 return SECSuccess; |
1100 } | 1088 } |
1101 | 1089 |
1102 static SECStatus | |
1103 ssl3_ClientHandleEncryptedClientCertsXtn(sslSocket *ss, PRUint16 ex_type, | |
1104 SECItem *data) | |
1105 { | |
1106 if (data->len != 0) | |
1107 return SECFailure; | |
1108 | |
1109 /* Keep track of negotiated extensions. */ | |
1110 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
1111 return SECSuccess; | |
1112 } | |
1113 | |
1114 SECStatus | 1090 SECStatus |
1115 ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, | 1091 ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, |
1116 SECItem *data) | 1092 SECItem *data) |
1117 { | 1093 { |
1118 SECStatus rv; | 1094 SECStatus rv; |
1119 SECItem *decrypted_state = NULL; | 1095 SECItem *decrypted_state = NULL; |
1120 SessionTicket *parsed_session_ticket = NULL; | 1096 SessionTicket *parsed_session_ticket = NULL; |
1121 sslSessionID *sid = NULL; | 1097 sslSessionID *sid = NULL; |
1122 SSL3Statistics *ssl3stats; | 1098 SSL3Statistics *ssl3stats; |
1123 | 1099 |
(...skipping 393 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1517 if (parsed_session_ticket != NULL) { | 1493 if (parsed_session_ticket != NULL) { |
1518 if (parsed_session_ticket->peer_cert.data) { | 1494 if (parsed_session_ticket->peer_cert.data) { |
1519 SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE); | 1495 SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE); |
1520 } | 1496 } |
1521 PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket)); | 1497 PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket)); |
1522 } | 1498 } |
1523 | 1499 |
1524 return rv; | 1500 return rv; |
1525 } | 1501 } |
1526 | 1502 |
1527 static SECStatus | |
1528 ssl3_ServerHandleEncryptedClientCertsXtn(sslSocket *ss, PRUint16 ex_type, | |
1529 SECItem *data) | |
1530 { | |
1531 SECStatus rv = SECSuccess; | |
1532 | |
1533 if (data->len != 0) | |
1534 return SECFailure; | |
1535 | |
1536 if (ss->opt.encryptClientCerts) { | |
1537 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
1538 rv = ssl3_RegisterServerHelloExtensionSender( | |
1539 ss, ex_type, ssl3_SendEncryptedClientCertsXtn); | |
1540 } | |
1541 | |
1542 return rv; | |
1543 } | |
1544 | |
1545 /* | 1503 /* |
1546 * Read bytes. Using this function means the SECItem structure | 1504 * Read bytes. Using this function means the SECItem structure |
1547 * cannot be freed. The caller is expected to call this function | 1505 * cannot be freed. The caller is expected to call this function |
1548 * on a shallow copy of the structure. | 1506 * on a shallow copy of the structure. |
1549 */ | 1507 */ |
1550 static SECStatus | 1508 static SECStatus |
1551 ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes) | 1509 ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes) |
1552 { | 1510 { |
1553 if (bytes > item->len) | 1511 if (bytes > item->len) |
1554 return SECFailure; | 1512 return SECFailure; |
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1734 if (rv != SECSuccess) return -1; | 1692 if (rv != SECSuccess) return -1; |
1735 if (!ss->sec.isServer) { | 1693 if (!ss->sec.isServer) { |
1736 TLSExtensionData *xtnData = &ss->xtnData; | 1694 TLSExtensionData *xtnData = &ss->xtnData; |
1737 xtnData->advertised[xtnData->numAdvertised++] = | 1695 xtnData->advertised[xtnData->numAdvertised++] = |
1738 ssl_renegotiation_info_xtn; | 1696 ssl_renegotiation_info_xtn; |
1739 } | 1697 } |
1740 } | 1698 } |
1741 return needed; | 1699 return needed; |
1742 } | 1700 } |
1743 | 1701 |
1744 static PRInt32 | |
1745 ssl3_SendEncryptedClientCertsXtn( | |
1746 sslSocket * ss, | |
1747 PRBool append, | |
1748 PRUint32 maxBytes) | |
1749 { | |
1750 PRInt32 needed; | |
1751 | |
1752 if (!ss->opt.encryptClientCerts) | |
1753 return 0; | |
1754 | |
1755 needed = 4; /* two bytes of type and two of length. */ | |
1756 if (append && maxBytes >= needed) { | |
1757 SECStatus rv; | |
1758 rv = ssl3_AppendHandshakeNumber(ss, ssl_encrypted_client_certs, 2); | |
1759 if (rv != SECSuccess) | |
1760 return -1; | |
1761 rv = ssl3_AppendHandshakeNumber(ss, 0 /* length */, 2); | |
1762 if (rv != SECSuccess) | |
1763 return -1; | |
1764 ss->xtnData.advertised[ss->xtnData.numAdvertised++] = | |
1765 ssl_encrypted_client_certs; | |
1766 } | |
1767 | |
1768 return needed; | |
1769 } | |
1770 | |
1771 /* This function runs in both the client and server. */ | 1702 /* This function runs in both the client and server. */ |
1772 static SECStatus | 1703 static SECStatus |
1773 ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) | 1704 ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) |
1774 { | 1705 { |
1775 SECStatus rv = SECSuccess; | 1706 SECStatus rv = SECSuccess; |
1776 PRUint32 len = 0; | 1707 PRUint32 len = 0; |
1777 | 1708 |
1778 if (ss->firstHsDone) { | 1709 if (ss->firstHsDone) { |
1779 len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes | 1710 len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes |
1780 : ss->ssl3.hs.finishedBytes * 2; | 1711 : ss->ssl3.hs.finishedBytes * 2; |
(...skipping 11 matching lines...) Expand all Loading... |
1792 ss->peerRequestedProtection = 1; | 1723 ss->peerRequestedProtection = 1; |
1793 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 1724 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
1794 if (ss->sec.isServer) { | 1725 if (ss->sec.isServer) { |
1795 /* prepare to send back the appropriate response */ | 1726 /* prepare to send back the appropriate response */ |
1796 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, | 1727 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, |
1797 ssl3_SendRenegotiationInfoXtn); | 1728 ssl3_SendRenegotiationInfoXtn); |
1798 } | 1729 } |
1799 return rv; | 1730 return rv; |
1800 } | 1731 } |
1801 | 1732 |
1802 /* This sender is used by both the client and server. */ | |
1803 PRInt32 | |
1804 ssl3_SendOBCertXtn(sslSocket * ss, PRBool append, | |
1805 PRUint32 maxBytes) | |
1806 { | |
1807 SECStatus rv; | |
1808 PRUint32 extension_length; | |
1809 | |
1810 if (!ss) | |
1811 return 0; | |
1812 | |
1813 if (!ss->opt.enableOBCerts) | |
1814 return 0; | |
1815 | |
1816 /* extension length = extension_type (2-bytes) + | |
1817 * length(extension_data) (2-bytes) + | |
1818 */ | |
1819 | |
1820 extension_length = 4; | |
1821 | |
1822 if (append && maxBytes >= extension_length) { | |
1823 /* extension_type */ | |
1824 rv = ssl3_AppendHandshakeNumber(ss, ssl_ob_cert_xtn, 2); | |
1825 if (rv != SECSuccess) return -1; | |
1826 /* length of extension_data */ | |
1827 rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); | |
1828 if (rv != SECSuccess) return -1; | |
1829 | |
1830 if (!ss->sec.isServer) { | |
1831 TLSExtensionData *xtnData = &ss->xtnData; | |
1832 xtnData->advertised[xtnData->numAdvertised++] = ssl_ob_cert_xtn; | |
1833 } | |
1834 } | |
1835 | |
1836 return extension_length; | |
1837 } | |
1838 | |
1839 SECStatus | |
1840 ssl3_ServerHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type, | |
1841 SECItem *data) | |
1842 { | |
1843 SECStatus rv; | |
1844 | |
1845 /* Ignore the OBCert extension if it is disabled. */ | |
1846 if (!ss->opt.enableOBCerts) | |
1847 return SECSuccess; | |
1848 | |
1849 /* The echoed extension must be empty. */ | |
1850 if (data->len != 0) | |
1851 return SECFailure; | |
1852 | |
1853 /* Keep track of negotiated extensions. */ | |
1854 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
1855 | |
1856 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, | |
1857 ssl3_SendOBCertXtn); | |
1858 | |
1859 return SECSuccess; | |
1860 } | |
1861 | |
1862 SECStatus | |
1863 ssl3_ClientHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type, | |
1864 SECItem *data) | |
1865 { | |
1866 /* If we didn't request this extension, then the server may not echo it. */ | |
1867 if (!ss->opt.enableOBCerts) | |
1868 return SECFailure; | |
1869 | |
1870 /* The echoed extension must be empty. */ | |
1871 if (data->len != 0) | |
1872 return SECFailure; | |
1873 | |
1874 /* Keep track of negotiated extensions. */ | |
1875 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
1876 | |
1877 return SECSuccess; | |
1878 } | |
OLD | NEW |