OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
7 * | 7 * |
8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
(...skipping 4814 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4825 goto loser; /* err set by PORT_Alloc */ | 4825 goto loser; /* err set by PORT_Alloc */ |
4826 } | 4826 } |
4827 | 4827 |
4828 /* wrap pre-master secret in server's public key. */ | 4828 /* wrap pre-master secret in server's public key. */ |
4829 rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, pms, &enc_pms); | 4829 rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, pms, &enc_pms); |
4830 if (rv != SECSuccess) { | 4830 if (rv != SECSuccess) { |
4831 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); | 4831 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); |
4832 goto loser; | 4832 goto loser; |
4833 } | 4833 } |
4834 | 4834 |
4835 #if defined(TRACE) | 4835 if (ssl_keylog_iob) { |
4836 if (ssl_trace >= 100 || ssl_keylog_iob) { | |
4837 SECStatus extractRV = PK11_ExtractKeyValue(pms); | 4836 SECStatus extractRV = PK11_ExtractKeyValue(pms); |
4838 if (extractRV == SECSuccess) { | 4837 if (extractRV == SECSuccess) { |
4839 SECItem * keyData = PK11_GetKeyData(pms); | 4838 SECItem * keyData = PK11_GetKeyData(pms); |
4840 if (keyData && keyData->data && keyData->len) { | 4839 if (keyData && keyData->data && keyData->len) { |
4840 #ifdef TRACE | |
4841 if (ssl_trace >= 100) { | 4841 if (ssl_trace >= 100) { |
4842 ssl_PrintBuf(ss, "Pre-Master Secret", | 4842 ssl_PrintBuf(ss, "Pre-Master Secret", |
4843 keyData->data, keyData->len); | 4843 keyData->data, keyData->len); |
4844 } | 4844 } |
4845 #endif | |
4845 if (ssl_keylog_iob && enc_pms.len >= 8 && keyData->len == 48) { | 4846 if (ssl_keylog_iob && enc_pms.len >= 8 && keyData->len == 48) { |
4846 /* https://developer.mozilla.org/en/NSS_Key_Log_Format */ | 4847 /* https://developer.mozilla.org/en/NSS_Key_Log_Format */ |
4847 | 4848 |
4848 /* There could be multiple, concurrent writers to the | 4849 /* There could be multiple, concurrent writers to the |
4849 * keylog, so we have to do everything in a single call to | 4850 * keylog, so we have to do everything in a single call to |
4850 * fwrite. */ | 4851 * fwrite. */ |
4851 char buf[4 + 8*2 + 1 + 48*2 + 1]; | 4852 char buf[4 + 8*2 + 1 + 48*2 + 1]; |
4852 static const char hextable[16] = "0123456789abcdef"; | 4853 static const char hextable[16] = "0123456789abcdef"; |
4853 unsigned int i; | 4854 unsigned int i; |
4854 | 4855 |
(...skipping 10 matching lines...) Expand all Loading... | |
4865 buf[21 + i*2 + 1] = hextable[keyData->data[i] & 15]; | 4866 buf[21 + i*2 + 1] = hextable[keyData->data[i] & 15]; |
4866 } | 4867 } |
4867 buf[sizeof(buf) - 1] = '\n'; | 4868 buf[sizeof(buf) - 1] = '\n'; |
4868 | 4869 |
4869 fwrite(buf, sizeof(buf), 1, ssl_keylog_iob); | 4870 fwrite(buf, sizeof(buf), 1, ssl_keylog_iob); |
4870 fflush(ssl_keylog_iob); | 4871 fflush(ssl_keylog_iob); |
4871 } | 4872 } |
4872 } | 4873 } |
4873 } | 4874 } |
4874 } | 4875 } |
4875 #endif | |
4876 | 4876 |
4877 rv = ssl3_InitPendingCipherSpec(ss, pms); | 4877 rv = ssl3_InitPendingCipherSpec(ss, pms); |
4878 PK11_FreeSymKey(pms); pms = NULL; | 4878 PK11_FreeSymKey(pms); pms = NULL; |
4879 | 4879 |
4880 if (rv != SECSuccess) { | 4880 if (rv != SECSuccess) { |
4881 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); | 4881 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); |
4882 goto loser; | 4882 goto loser; |
4883 } | 4883 } |
4884 | 4884 |
4885 rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, | 4885 rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, |
(...skipping 4091 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8977 if (spki) | 8977 if (spki) |
8978 SECITEM_FreeItem(spki, PR_TRUE); | 8978 SECITEM_FreeItem(spki, PR_TRUE); |
8979 if (channelID) | 8979 if (channelID) |
8980 SECKEY_DestroyPrivateKey(channelID); | 8980 SECKEY_DestroyPrivateKey(channelID); |
8981 if (channelIDPub) | 8981 if (channelIDPub) |
8982 SECKEY_DestroyPublicKey(channelIDPub); | 8982 SECKEY_DestroyPublicKey(channelIDPub); |
8983 | 8983 |
8984 return rv; | 8984 return rv; |
8985 } | 8985 } |
8986 | 8986 |
8987 /* called from ssl3_SendFinished | |
8988 * | |
8989 * Caller must already hold the SpecReadLock. (wish we could assert that!). | |
8990 * This function is simply a debugging aid and therefore does not return a | |
8991 * SECStatus. */ | |
8992 static void | |
8993 ssl3_RecordKeyLog(sslSocket *ss) | |
8994 { | |
8995 sslSessionID *sid; | |
8996 SECStatus rv; | |
8997 SECItem *keyData; | |
8998 char buf[14 /* "CLIENT_RANDOM " */ + | |
8999 32*2 /* client_random */ + | |
wtc
2012/06/05 23:45:22
Nit: 32 => SSL3_RANDOM_LENGTH
agl
2012/06/06 19:17:13
Done.
| |
9000 1 /* " " */ + | |
9001 48*2 /* master secret */ + | |
9002 1 /* new line */]; | |
9003 static const char hextable[16] = "0123456789abcdef"; | |
9004 unsigned int i, j; | |
9005 | |
9006 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | |
wtc
2012/06/05 23:45:22
The XmitBufLock should be unnecessary for this fun
agl
2012/06/06 19:17:13
Done.
| |
9007 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | |
9008 | |
9009 sid = ss->sec.ci.sid; | |
9010 | |
9011 if (!ssl_keylog_iob) | |
9012 return; | |
9013 | |
9014 rv = PK11_ExtractKeyValue(ss->ssl3.cwSpec->master_secret); | |
wtc
2012/06/05 23:45:22
Should this function call ssl_GetSpecReadLock?
agl
2012/06/06 19:17:13
Done.
| |
9015 if (rv != SECSuccess) | |
9016 return; | |
9017 | |
9018 /* keyData does not need to be freed. */ | |
9019 keyData = PK11_GetKeyData(ss->ssl3.cwSpec->master_secret); | |
9020 if (!keyData || !keyData->data || keyData->len != 48) | |
9021 return; | |
9022 | |
9023 /* https://developer.mozilla.org/en/NSS_Key_Log_Format */ | |
9024 | |
9025 /* There could be multiple, concurrent writers to the | |
9026 * keylog, so we have to do everything in a single call to | |
9027 * fwrite. */ | |
9028 | |
9029 memcpy(buf, "CLIENT_RANDOM ", 14); | |
wtc
2012/06/05 23:45:22
I guess the CLIENT_RANDOM is just for identificati
agl
2012/06/06 19:17:13
Yes, having the CLIENT_RANDOM simply allows Wiresh
| |
9030 j = 14; | |
9031 for (i = 0; i < SSL3_RANDOM_LENGTH; i++) { | |
9032 buf[j + 2*i] = hextable[ss->ssl3.hs.client_random.rand[i] >> 4]; | |
9033 buf[j + 2*i + 1] = hextable[ss->ssl3.hs.client_random.rand[i] & 15]; | |
9034 } | |
9035 j += SSL3_RANDOM_LENGTH*2; | |
9036 buf[j++] = ' '; | |
9037 | |
9038 for (i = 0; i < 48; i++) { | |
9039 buf[j + 2*i] = hextable[keyData->data[i] >> 4]; | |
9040 buf[j + 2*i + 1] = hextable[keyData->data[i] & 15]; | |
9041 } | |
9042 j += 48*2; | |
9043 buf[j++] = '\n'; | |
9044 | |
9045 PORT_Assert(j == sizeof(buf)); | |
9046 | |
9047 if (fwrite(buf, sizeof(buf), 1, ssl_keylog_iob) != 1 || | |
9048 fflush(ssl_keylog_iob) != 0) { | |
9049 return; | |
9050 } | |
9051 | |
9052 return; | |
wtc
2012/06/05 23:45:22
Nit: write the last few lines like this:
if (
agl
2012/06/06 19:17:13
Done.
| |
9053 } | |
9054 | |
8987 /* called from ssl3_HandleServerHelloDone | 9055 /* called from ssl3_HandleServerHelloDone |
8988 * ssl3_HandleClientHello | 9056 * ssl3_HandleClientHello |
8989 * ssl3_HandleFinished | 9057 * ssl3_HandleFinished |
8990 */ | 9058 */ |
8991 static SECStatus | 9059 static SECStatus |
8992 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) | 9060 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) |
8993 { | 9061 { |
8994 ssl3CipherSpec *cwSpec; | 9062 ssl3CipherSpec *cwSpec; |
8995 PRBool isTLS; | 9063 PRBool isTLS; |
8996 PRBool isServer = ss->sec.isServer; | 9064 PRBool isServer = ss->sec.isServer; |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9038 if (rv != SECSuccess) | 9106 if (rv != SECSuccess) |
9039 goto fail; /* err set by AppendHandshake. */ | 9107 goto fail; /* err set by AppendHandshake. */ |
9040 rv = ssl3_AppendHandshake(ss, &hashes, sizeof hashes); | 9108 rv = ssl3_AppendHandshake(ss, &hashes, sizeof hashes); |
9041 if (rv != SECSuccess) | 9109 if (rv != SECSuccess) |
9042 goto fail; /* err set by AppendHandshake. */ | 9110 goto fail; /* err set by AppendHandshake. */ |
9043 } | 9111 } |
9044 rv = ssl3_FlushHandshake(ss, flags); | 9112 rv = ssl3_FlushHandshake(ss, flags); |
9045 if (rv != SECSuccess) { | 9113 if (rv != SECSuccess) { |
9046 goto fail; /* error code set by ssl3_FlushHandshake */ | 9114 goto fail; /* error code set by ssl3_FlushHandshake */ |
9047 } | 9115 } |
9116 | |
9117 ssl3_RecordKeyLog(ss); | |
9118 | |
9048 return SECSuccess; | 9119 return SECSuccess; |
9049 | 9120 |
9050 fail: | 9121 fail: |
9051 return rv; | 9122 return rv; |
9052 } | 9123 } |
9053 | 9124 |
9054 /* wrap the master secret, and put it into the SID. | 9125 /* wrap the master secret, and put it into the SID. |
9055 * Caller holds the Spec read lock. | 9126 * Caller holds the Spec read lock. |
9056 */ | 9127 */ |
9057 SECStatus | 9128 SECStatus |
(...skipping 1501 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10559 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 10630 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
10560 } | 10631 } |
10561 } | 10632 } |
10562 | 10633 |
10563 ss->ssl3.initialized = PR_FALSE; | 10634 ss->ssl3.initialized = PR_FALSE; |
10564 | 10635 |
10565 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 10636 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
10566 } | 10637 } |
10567 | 10638 |
10568 /* End of ssl3con.c */ | 10639 /* End of ssl3con.c */ |
OLD | NEW |