| OLD | NEW |
| 1 diff --git a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs
.h | 1 diff --git a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs
.h |
| 2 index e3f9a1c..2d92514 100644 | 2 index e3f9a1c..2d92514 100644 |
| 3 --- a/net/third_party/nss/ssl/SSLerrs.h | 3 --- a/net/third_party/nss/ssl/SSLerrs.h |
| 4 +++ b/net/third_party/nss/ssl/SSLerrs.h | 4 +++ b/net/third_party/nss/ssl/SSLerrs.h |
| 5 @@ -429,3 +429,12 @@ ER3(SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST, (SSL_ERROR
_BASE + 122), | 5 @@ -429,3 +429,12 @@ ER3(SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST, (SSL_ERROR
_BASE + 122), |
| 6 | 6 |
| 7 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 123), | 7 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 123), |
| 8 "SSL received an unexpected Hello Verify Request handshake message.") | 8 "SSL received an unexpected Hello Verify Request handshake message.") |
| 9 + | 9 + |
| 10 +ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 124), | 10 +ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 124), |
| 11 +"SSL received a malformed TLS Channel ID extension.") | 11 +"SSL received a malformed TLS Channel ID extension.") |
| 12 + | 12 + |
| 13 +ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 125), | 13 +ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 125), |
| 14 +"The application provided an invalid TLS Channel ID key.") | 14 +"The application provided an invalid TLS Channel ID key.") |
| 15 + | 15 + |
| 16 +ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 126), | 16 +ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 126), |
| 17 +"The application could not get a TLS Channel ID.") | 17 +"The application could not get a TLS Channel ID.") |
| 18 diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h | 18 diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h |
| 19 index 1368e2f..3d8fdcb 100644 | 19 index 1368e2f..9b3a199 100644 |
| 20 --- a/net/third_party/nss/ssl/ssl.h | 20 --- a/net/third_party/nss/ssl/ssl.h |
| 21 +++ b/net/third_party/nss/ssl/ssl.h | 21 +++ b/net/third_party/nss/ssl/ssl.h |
| 22 @@ -945,6 +945,25 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFil
eDesc * socket, | 22 @@ -945,6 +945,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFil
eDesc * socket, |
| 23 SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd, | 23 SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd, |
| 24 PRBool *last_handshake_resumed
); | 24 PRBool *last_handshake_resumed
); |
| 25 | 25 |
| 26 +/* See SSL_SetClientChannelIDCallback for usage. The callback must return | 26 +/* See SSL_SetClientChannelIDCallback for usage. If the callback returns |
| 27 + * SECFailure or SECSuccess (not SECWouldBlock). On SECSuccess, the callback | 27 + * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in |
| 28 + * must have written a P-256, EC key pair to |*out_public_key| and | 28 + * the future to restart the handshake. On SECSuccess, the callback must have |
| 29 + * |*out_private_key|. */ | 29 + * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */ |
| 30 +typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)( | 30 +typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)( |
| 31 + void *arg, | 31 + void *arg, |
| 32 + PRFileDesc *fd, | 32 + PRFileDesc *fd, |
| 33 + SECKEYPublicKey **out_public_key, | 33 + SECKEYPublicKey **out_public_key, |
| 34 + SECKEYPrivateKey **out_private_key); | 34 + SECKEYPrivateKey **out_private_key); |
| 35 + | 35 + |
| 36 +/* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake |
| 37 + * after a ChannelID callback returned SECWouldBlock. |
| 38 + * |
| 39 + * This function takes ownership of |channelIDPub| and |channelID|. */ |
| 40 +SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq( |
| 41 + PRFileDesc *fd, |
| 42 + SECKEYPublicKey *channelIDPub, |
| 43 + SECKEYPrivateKey *channelID); |
| 44 + |
| 36 +/* SSL_SetClientChannelIDCallback sets a callback function that will be called | 45 +/* SSL_SetClientChannelIDCallback sets a callback function that will be called |
| 37 + * just before a Channel ID is sent. This is only applicable to a client socket | 46 + * once the server's ServerHello has been processed. This is only applicable to |
| 38 + * and setting this callback causes the TLS Channel ID extension to be | 47 + * a client socket and setting this callback causes the TLS Channel ID |
| 39 + * advertised. */ | 48 + * extension to be advertised. */ |
| 40 +SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback( | 49 +SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback( |
| 41 + PRFileDesc *fd, | 50 + PRFileDesc *fd, |
| 42 + SSLClientChannelIDCallback callback, | 51 + SSLClientChannelIDCallback callback, |
| 43 + void *arg); | 52 + void *arg); |
| 44 + | 53 + |
| 45 /* | 54 /* |
| 46 ** How long should we wait before retransmitting the next flight of | 55 ** How long should we wait before retransmitting the next flight of |
| 47 ** the DTLS handshake? Returns SECFailure if not DTLS or not in a | 56 ** the DTLS handshake? Returns SECFailure if not DTLS or not in a |
| 48 diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con
.c | 57 diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con
.c |
| 49 index db9fad3..f714a98 100644 | 58 index db9fad3..6780a84 100644 |
| 50 --- a/net/third_party/nss/ssl/ssl3con.c | 59 --- a/net/third_party/nss/ssl/ssl3con.c |
| 51 +++ b/net/third_party/nss/ssl/ssl3con.c | 60 +++ b/net/third_party/nss/ssl/ssl3con.c |
| 52 @@ -86,6 +86,7 @@ static SECStatus ssl3_SendCertificate( sslSocket *ss); | 61 @@ -86,6 +86,7 @@ static SECStatus ssl3_SendCertificate( sslSocket *ss); |
| 53 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); | 62 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); |
| 54 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); | 63 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); |
| 55 static SECStatus ssl3_SendNextProto( sslSocket *ss); | 64 static SECStatus ssl3_SendNextProto( sslSocket *ss); |
| 56 +static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); | 65 +static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); |
| 57 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); | 66 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); |
| 58 static SECStatus ssl3_SendServerHello( sslSocket *ss); | 67 static SECStatus ssl3_SendServerHello( sslSocket *ss); |
| 59 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); | 68 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); |
| 60 @@ -6239,6 +6240,10 @@ ssl3_SendClientSecondRound(sslSocket *ss) | 69 @@ -5200,6 +5201,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUi
nt32 length) |
| 70 } |
| 71 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 72 |
| 73 + if (ss->ssl3.channelID != NULL) { |
| 74 +» SECKEY_DestroyPrivateKey(ss->ssl3.channelID); |
| 75 +» ss->ssl3.channelID = NULL; |
| 76 + } |
| 77 + if (ss->ssl3.channelIDPub != NULL) { |
| 78 +» SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); |
| 79 +» ss->ssl3.channelIDPub = NULL; |
| 80 + } |
| 81 + |
| 82 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); |
| 83 if (temp < 0) { |
| 84 » goto loser; » /* alert has been sent */ |
| 85 @@ -5452,13 +5462,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRU
int32 length) |
| 86 » ssl3_CopyPeerCertsFromSID(ss, sid); |
| 87 » } |
| 88 |
| 89 - |
| 90 » /* NULL value for PMS signifies re-use of the old MS */ |
| 91 » rv = ssl3_InitPendingCipherSpec(ss, NULL); |
| 92 » if (rv != SECSuccess) { |
| 93 » goto alert_loser;» /* err code was set */ |
| 94 » } |
| 95 -» return SECSuccess; |
| 96 +» goto winner; |
| 97 } while (0); |
| 98 |
| 99 if (sid_match) |
| 100 @@ -5483,6 +5492,26 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUi
nt32 length) |
| 101 |
| 102 ss->ssl3.hs.isResuming = PR_FALSE; |
| 103 ss->ssl3.hs.ws = wait_server_cert; |
| 104 + |
| 105 +winner: |
| 106 + /* If we will need a ChannelID key then we make the callback now. This |
| 107 + * allows the handshake to be restarted cleanly if the callback returns |
| 108 + * SECWouldBlock. */ |
| 109 + if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { |
| 110 +» rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, |
| 111 +» » » &ss->ssl3.channelIDPub, &ss->ssl3.channelID); |
| 112 +» if (rv == SECWouldBlock) { |
| 113 +» ssl3_SetAlwaysBlock(ss); |
| 114 +» return rv; |
| 115 +» } |
| 116 +» if (rv != SECSuccess || |
| 117 +» ss->ssl3.channelIDPub == NULL || |
| 118 +» ss->ssl3.channelID == NULL) { |
| 119 +» PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); |
| 120 +» goto loser; |
| 121 +» } |
| 122 + } |
| 123 + |
| 124 return SECSuccess; |
| 125 |
| 126 alert_loser: |
| 127 @@ -6239,6 +6268,10 @@ ssl3_SendClientSecondRound(sslSocket *ss) |
| 61 goto loser; /* err code was set. */ | 128 goto loser; /* err code was set. */ |
| 62 } | 129 } |
| 63 } | 130 } |
| 64 + rv = ssl3_SendEncryptedExtensions(ss); | 131 + rv = ssl3_SendEncryptedExtensions(ss); |
| 65 + if (rv != SECSuccess) { | 132 + if (rv != SECSuccess) { |
| 66 + goto loser; /* err code was set. */ | 133 + goto loser; /* err code was set. */ |
| 67 + } | 134 + } |
| 68 | 135 |
| 69 rv = ssl3_SendFinished(ss, 0); | 136 rv = ssl3_SendFinished(ss, 0); |
| 70 if (rv != SECSuccess) { | 137 if (rv != SECSuccess) { |
| 71 @@ -8855,6 +8860,130 @@ ssl3_SendNextProto(sslSocket *ss) | 138 @@ -8855,6 +8888,164 @@ ssl3_SendNextProto(sslSocket *ss) |
| 72 return rv; | 139 return rv; |
| 73 } | 140 } |
| 74 | 141 |
| 75 +/* called from ssl3_SendClientSecondRound | 142 +/* called from ssl3_SendClientSecondRound |
| 76 + * ssl3_HandleFinished | 143 + * ssl3_HandleFinished |
| 77 + */ | 144 + */ |
| 78 +static SECStatus | 145 +static SECStatus |
| 79 +ssl3_SendEncryptedExtensions(sslSocket *ss) | 146 +ssl3_SendEncryptedExtensions(sslSocket *ss) |
| 80 +{ | 147 +{ |
| 81 + static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature"; | 148 + static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature"; |
| (...skipping 20 matching lines...) Expand all Loading... |
| 102 + | 169 + |
| 103 + SECStatus rv = SECFailure; | 170 + SECStatus rv = SECFailure; |
| 104 + SECItem *spki = NULL; | 171 + SECItem *spki = NULL; |
| 105 + SSL3Hashes hashes; | 172 + SSL3Hashes hashes; |
| 106 + const unsigned char *pub_bytes; | 173 + const unsigned char *pub_bytes; |
| 107 + unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)]; | 174 + unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)]; |
| 108 + unsigned char digest[SHA256_LENGTH]; | 175 + unsigned char digest[SHA256_LENGTH]; |
| 109 + SECItem digest_item; | 176 + SECItem digest_item; |
| 110 + unsigned char signature[64]; | 177 + unsigned char signature[64]; |
| 111 + SECItem signature_item; | 178 + SECItem signature_item; |
| 112 + SECKEYPrivateKey *channelID = NULL; | |
| 113 + SECKEYPublicKey *channelIDPub = NULL; | |
| 114 + | 179 + |
| 115 + PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | 180 + PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
| 116 + PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 181 + PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
| 117 + | 182 + |
| 118 + if (ss->getChannelID == NULL || | 183 + if (ss->ssl3.channelID == NULL) |
| 119 +» !ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { | |
| 120 + return SECSuccess; | 184 + return SECSuccess; |
| 121 + } | |
| 122 + | 185 + |
| 123 + rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, | 186 + PORT_Assert(ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)); |
| 124 +» » » &channelIDPub, &channelID); | |
| 125 + if (rv != SECSuccess) { | |
| 126 +» PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); | |
| 127 +» goto loser; | |
| 128 + } | |
| 129 + | 187 + |
| 130 + if (SECKEY_GetPrivateKeyType(channelID) != ecKey || | 188 + if (SECKEY_GetPrivateKeyType(ss->ssl3.channelID) != ecKey || |
| 131 +» PK11_SignatureLen(channelID) != sizeof(signature)) { | 189 +» PK11_SignatureLen(ss->ssl3.channelID) != sizeof(signature)) { |
| 132 + PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); | 190 + PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); |
| 133 + rv = SECFailure; | 191 + rv = SECFailure; |
| 134 + goto loser; | 192 + goto loser; |
| 135 + } | 193 + } |
| 136 + | 194 + |
| 137 + ssl_GetSpecReadLock(ss); | 195 + ssl_GetSpecReadLock(ss); |
| 138 + rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0); | 196 + rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0); |
| 139 + ssl_ReleaseSpecReadLock(ss); | 197 + ssl_ReleaseSpecReadLock(ss); |
| 140 + | 198 + |
| 141 + if (rv != SECSuccess) | 199 + if (rv != SECSuccess) |
| 142 + goto loser; | 200 + goto loser; |
| 143 + | 201 + |
| 144 + rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions, | 202 + rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions, |
| 145 + 2 + 2 + CHANNEL_ID_LENGTH); | 203 + 2 + 2 + CHANNEL_ID_LENGTH); |
| 146 + if (rv != SECSuccess) | 204 + if (rv != SECSuccess) |
| 147 + goto loser; /* error code set by AppendHandshakeHeader */ | 205 + goto loser; /* error code set by AppendHandshakeHeader */ |
| 148 + rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); | 206 + rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); |
| 149 + if (rv != SECSuccess) | 207 + if (rv != SECSuccess) |
| 150 + goto loser; /* error code set by AppendHandshake */ | 208 + goto loser; /* error code set by AppendHandshake */ |
| 151 + rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2); | 209 + rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2); |
| 152 + if (rv != SECSuccess) | 210 + if (rv != SECSuccess) |
| 153 + goto loser; /* error code set by AppendHandshake */ | 211 + goto loser; /* error code set by AppendHandshake */ |
| 154 + | 212 + |
| 155 + spki = SECKEY_EncodeDERSubjectPublicKeyInfo(channelIDPub); | 213 + spki = SECKEY_EncodeDERSubjectPublicKeyInfo(ss->ssl3.channelIDPub); |
| 156 + | 214 + |
| 157 + if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH || | 215 + if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH || |
| 158 + memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) { | 216 + memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) { |
| 159 + PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); | 217 + PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); |
| 160 + rv = SECFailure; | 218 + rv = SECFailure; |
| 161 + goto loser; | 219 + goto loser; |
| 162 + } | 220 + } |
| 163 + | 221 + |
| 164 + pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); | 222 + pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); |
| 165 + | 223 + |
| 166 + memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC)); | 224 + memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC)); |
| 167 + memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), &hashes, sizeof(hashes)); | 225 + memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), &hashes, sizeof(hashes)); |
| 168 + | 226 + |
| 169 + rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, sizeof(signed_data))
; | 227 + rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, sizeof(signed_data))
; |
| 170 + if (rv != SECSuccess) | 228 + if (rv != SECSuccess) |
| 171 + goto loser; | 229 + goto loser; |
| 172 + | 230 + |
| 173 + digest_item.data = digest; | 231 + digest_item.data = digest; |
| 174 + digest_item.len = sizeof(digest); | 232 + digest_item.len = sizeof(digest); |
| 175 + | 233 + |
| 176 + signature_item.data = signature; | 234 + signature_item.data = signature; |
| 177 + signature_item.len = sizeof(signature); | 235 + signature_item.len = sizeof(signature); |
| 178 + | 236 + |
| 179 + rv = PK11_Sign(channelID, &signature_item, &digest_item); | 237 + rv = PK11_Sign(ss->ssl3.channelID, &signature_item, &digest_item); |
| 180 + if (rv != SECSuccess) | 238 + if (rv != SECSuccess) |
| 181 + goto loser; | 239 + goto loser; |
| 182 + | 240 + |
| 183 + rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH); | 241 + rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH); |
| 184 + if (rv != SECSuccess) | 242 + if (rv != SECSuccess) |
| 185 + goto loser; | 243 + goto loser; |
| 186 + rv = ssl3_AppendHandshake(ss, signature, sizeof(signature)); | 244 + rv = ssl3_AppendHandshake(ss, signature, sizeof(signature)); |
| 187 + | 245 + |
| 188 +loser: | 246 +loser: |
| 189 + if (spki) | 247 + if (spki) |
| 190 + SECITEM_FreeItem(spki, PR_TRUE); | 248 + SECITEM_FreeItem(spki, PR_TRUE); |
| 191 + if (channelID) | 249 + if (ss->ssl3.channelID) { |
| 192 +» SECKEY_DestroyPrivateKey(channelID); | 250 +» SECKEY_DestroyPrivateKey(ss->ssl3.channelID); |
| 193 + if (channelIDPub) | 251 +» ss->ssl3.channelID = NULL; |
| 194 +» SECKEY_DestroyPublicKey(channelIDPub); | 252 + } |
| 253 + if (ss->ssl3.channelIDPub) { |
| 254 +» SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); |
| 255 +» ss->ssl3.channelIDPub = NULL; |
| 256 + } |
| 195 + | 257 + |
| 196 + return rv; | 258 + return rv; |
| 197 +} | 259 +} |
| 198 + | 260 + |
| 261 +/* ssl3_RestartHandshakeAfterChannelIDReq is called to restart a handshake |
| 262 + * after a ChannelID callback returned SECWouldBlock. At this point we have |
| 263 + * processed the server's ServerHello but not yet any further messages. We will |
| 264 + * always get a message from the server after a ServerHello so either they are |
| 265 + * waiting in the buffer or we'll get network I/O. */ |
| 266 +SECStatus |
| 267 +ssl3_RestartHandshakeAfterChannelIDReq(sslSocket *ss, |
| 268 + SECKEYPublicKey *channelIDPub, |
| 269 + SECKEYPrivateKey *channelID) |
| 270 +{ |
| 271 + if (ss->handshake == 0) { |
| 272 + SECKEY_DestroyPublicKey(channelIDPub); |
| 273 + SECKEY_DestroyPrivateKey(channelID); |
| 274 + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
| 275 + return SECFailure; |
| 276 + } |
| 277 + |
| 278 + if (channelIDPub == NULL || |
| 279 + channelID == NULL) { |
| 280 + if (channelIDPub) |
| 281 + SECKEY_DestroyPublicKey(channelIDPub); |
| 282 + if (channelID) |
| 283 + SECKEY_DestroyPrivateKey(channelID); |
| 284 + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); |
| 285 + return SECFailure; |
| 286 + } |
| 287 + |
| 288 + if (ss->ssl3.channelID) |
| 289 + SECKEY_DestroyPrivateKey(ss->ssl3.channelID); |
| 290 + if (ss->ssl3.channelIDPub) |
| 291 + SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); |
| 292 + |
| 293 + ss->handshake = ssl_GatherRecord1stHandshake; |
| 294 + ss->ssl3.channelID = channelID; |
| 295 + ss->ssl3.channelIDPub = channelIDPub; |
| 296 + |
| 297 + return SECSuccess; |
| 298 +} |
| 299 + |
| 199 /* called from ssl3_HandleServerHelloDone | 300 /* called from ssl3_HandleServerHelloDone |
| 200 * ssl3_HandleClientHello | 301 * ssl3_HandleClientHello |
| 201 * ssl3_HandleFinished | 302 * ssl3_HandleFinished |
| 202 @@ -9105,11 +9234,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint
32 length, | 303 @@ -9105,11 +9296,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint
32 length, |
| 203 flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER; | 304 flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER; |
| 204 } | 305 } |
| 205 | 306 |
| 206 - if (!isServer && !ss->firstHsDone) { | 307 - if (!isServer && !ss->firstHsDone) { |
| 207 - rv = ssl3_SendNextProto(ss); | 308 - rv = ssl3_SendNextProto(ss); |
| 208 - if (rv != SECSuccess) { | 309 - if (rv != SECSuccess) { |
| 209 - goto xmit_loser; /* err code was set. */ | 310 - goto xmit_loser; /* err code was set. */ |
| 210 + if (!isServer) { | 311 + if (!isServer) { |
| 211 + if (!ss->firstHsDone) { | 312 + if (!ss->firstHsDone) { |
| 212 + rv = ssl3_SendNextProto(ss); | 313 + rv = ssl3_SendNextProto(ss); |
| 213 + if (rv != SECSuccess) { | 314 + if (rv != SECSuccess) { |
| 214 + goto xmit_loser; /* err code was set. */ | 315 + goto xmit_loser; /* err code was set. */ |
| 215 + } | 316 + } |
| 216 } | 317 } |
| 217 + rv = ssl3_SendEncryptedExtensions(ss); | 318 + rv = ssl3_SendEncryptedExtensions(ss); |
| 218 + if (rv != SECSuccess) | 319 + if (rv != SECSuccess) |
| 219 + goto xmit_loser; /* err code was set. */ | 320 + goto xmit_loser; /* err code was set. */ |
| 220 } | 321 } |
| 221 | 322 |
| 222 if (IS_DTLS(ss)) { | 323 if (IS_DTLS(ss)) { |
| 324 @@ -10376,6 +10572,11 @@ ssl3_DestroySSL3Info(sslSocket *ss) |
| 325 ssl_FreePlatformKey(ss->ssl3.platformClientKey); |
| 326 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 327 |
| 328 + if (ss->ssl3.channelID) |
| 329 + SECKEY_DestroyPrivateKey(ss->ssl3.channelID); |
| 330 + if (ss->ssl3.channelIDPub) |
| 331 + SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); |
| 332 + |
| 333 if (ss->ssl3.peerCertArena != NULL) |
| 334 ssl3_CleanupPeerCerts(ss); |
| 335 |
| 223 diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext
.c | 336 diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext
.c |
| 224 index b9fd6e7..029487e 100644 | 337 index b9fd6e7..029487e 100644 |
| 225 --- a/net/third_party/nss/ssl/ssl3ext.c | 338 --- a/net/third_party/nss/ssl/ssl3ext.c |
| 226 +++ b/net/third_party/nss/ssl/ssl3ext.c | 339 +++ b/net/third_party/nss/ssl/ssl3ext.c |
| 227 @@ -80,10 +80,14 @@ static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *
ss, | 340 @@ -80,10 +80,14 @@ static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *
ss, |
| 228 PRUint16 ex_type, SECItem *data); | 341 PRUint16 ex_type, SECItem *data); |
| 229 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, | 342 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, |
| 230 PRUint16 ex_type, SECItem *data); | 343 PRUint16 ex_type, SECItem *data); |
| 231 +static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss, | 344 +static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss, |
| 232 + PRUint16 ex_type, SECItem *data); | 345 + PRUint16 ex_type, SECItem *data); |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 360 SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123), | 473 SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123), |
| 361 | 474 |
| 362 +SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 124), | 475 +SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 124), |
| 363 +SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 125), | 476 +SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 125), |
| 364 +SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 126), | 477 +SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 126), |
| 365 + | 478 + |
| 366 SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ | 479 SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ |
| 367 } SSLErrorCodes; | 480 } SSLErrorCodes; |
| 368 #endif /* NO_SECURITY_ERROR_ENUM */ | 481 #endif /* NO_SECURITY_ERROR_ENUM */ |
| 369 diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl
.h | 482 diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl
.h |
| 370 index 8ab865a..7cd2298 100644 | 483 index 8ab865a..d7335ae 100644 |
| 371 --- a/net/third_party/nss/ssl/sslimpl.h | 484 --- a/net/third_party/nss/ssl/sslimpl.h |
| 372 +++ b/net/third_party/nss/ssl/sslimpl.h | 485 +++ b/net/third_party/nss/ssl/sslimpl.h |
| 373 @@ -1198,6 +1198,8 @@ const unsigned char * preferredCipher; | 486 @@ -930,6 +930,9 @@ struct ssl3StateStr { |
| 487 CERTCertificateList *clientCertChain; /* used by client */ |
| 488 PRBool sendEmptyCert; /* used by client */ |
| 489 |
| 490 + SECKEYPrivateKey *channelID; /* used by client */ |
| 491 + SECKEYPublicKey *channelIDPub; /* used by client */ |
| 492 + |
| 493 int policy; |
| 494 » » » /* This says what cipher suites we can do, and should |
| 495 » » » * be either SSL_ALLOWED or SSL_RESTRICTED |
| 496 @@ -1198,6 +1201,8 @@ const unsigned char * preferredCipher; |
| 374 void *pkcs11PinArg; | 497 void *pkcs11PinArg; |
| 375 SSLNextProtoCallback nextProtoCallback; | 498 SSLNextProtoCallback nextProtoCallback; |
| 376 void *nextProtoArg; | 499 void *nextProtoArg; |
| 377 + SSLClientChannelIDCallback getChannelID; | 500 + SSLClientChannelIDCallback getChannelID; |
| 378 + void *getChannelIDArg; | 501 + void *getChannelIDArg; |
| 379 | 502 |
| 380 PRIntervalTime rTimeout; /* timeout for NSPR I/O */ | 503 PRIntervalTime rTimeout; /* timeout for NSPR I/O */ |
| 381 PRIntervalTime wTimeout; /* timeout for NSPR I/O */ | 504 PRIntervalTime wTimeout; /* timeout for NSPR I/O */ |
| 505 @@ -1529,6 +1534,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSoc
ket * ss, |
| 506 SECKEYPrivateKey * key, |
| 507 CERTCertificateList *certChain); |
| 508 |
| 509 +extern SECStatus ssl3_RestartHandshakeAfterChannelIDReq( |
| 510 + sslSocket *ss, |
| 511 + SECKEYPublicKey *channelIDPub, |
| 512 + SECKEYPrivateKey *channelID); |
| 513 + |
| 514 extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error)
; |
| 515 |
| 516 /* |
| 517 diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsec
ur.c |
| 518 index e4804d0..526d654 100644 |
| 519 --- a/net/third_party/nss/ssl/sslsecur.c |
| 520 +++ b/net/third_party/nss/ssl/sslsecur.c |
| 521 @@ -1535,6 +1535,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc * fd, |
| 522 return ret; |
| 523 } |
| 524 |
| 525 +SECStatus |
| 526 +SSL_RestartHandshakeAfterChannelIDReq(PRFileDesc * fd, |
| 527 + SECKEYPublicKey * channelIDPub, |
| 528 + SECKEYPrivateKey *channelID) |
| 529 +{ |
| 530 + sslSocket * ss = ssl_FindSocket(fd); |
| 531 + SECStatus ret; |
| 532 + |
| 533 + if (!ss) { |
| 534 + SSL_DBG(("%d: SSL[%d]: bad socket in" |
| 535 + " SSL_RestartHandshakeAfterChannelIDReq", |
| 536 + SSL_GETPID(), fd)); |
| 537 + goto loser; |
| 538 + } |
| 539 + |
| 540 + |
| 541 + ssl_Get1stHandshakeLock(ss); |
| 542 + |
| 543 + if (ss->version < SSL_LIBRARY_VERSION_3_0) { |
| 544 + PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); |
| 545 + ssl_Release1stHandshakeLock(ss); |
| 546 + goto loser; |
| 547 + } |
| 548 + |
| 549 + ret = ssl3_RestartHandshakeAfterChannelIDReq(ss, channelIDPub, |
| 550 + channelID); |
| 551 + ssl_Release1stHandshakeLock(ss); |
| 552 + |
| 553 + return ret; |
| 554 + |
| 555 +loser: |
| 556 + SECKEY_DestroyPublicKey(channelIDPub); |
| 557 + SECKEY_DestroyPrivateKey(channelID); |
| 558 + return SECFailure; |
| 559 +} |
| 560 + |
| 561 /* DO NOT USE. This function was exported in ssl.def with the wrong signature; |
| 562 * this implementation exists to maintain link-time compatibility. |
| 563 */ |
| 382 diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock
.c | 564 diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock
.c |
| 383 index ebc245a..9498828 100644 | 565 index ebc245a..9498828 100644 |
| 384 --- a/net/third_party/nss/ssl/sslsock.c | 566 --- a/net/third_party/nss/ssl/sslsock.c |
| 385 +++ b/net/third_party/nss/ssl/sslsock.c | 567 +++ b/net/third_party/nss/ssl/sslsock.c |
| 386 @@ -374,6 +374,8 @@ ssl_DupSocket(sslSocket *os) | 568 @@ -374,6 +374,8 @@ ssl_DupSocket(sslSocket *os) |
| 387 ss->handshakeCallback = os->handshakeCallback; | 569 ss->handshakeCallback = os->handshakeCallback; |
| 388 ss->handshakeCallbackData = os->handshakeCallbackData; | 570 ss->handshakeCallbackData = os->handshakeCallbackData; |
| 389 ss->pkcs11PinArg = os->pkcs11PinArg; | 571 ss->pkcs11PinArg = os->pkcs11PinArg; |
| 390 + ss->getChannelID = os->getChannelID; | 572 + ss->getChannelID = os->getChannelID; |
| 391 + ss->getChannelIDArg = os->getChannelIDArg; | 573 + ss->getChannelIDArg = os->getChannelIDArg; |
| (...skipping 29 matching lines...) Expand all Loading... |
| 421 ssl_session_ticket_xtn = 35, | 603 ssl_session_ticket_xtn = 35, |
| 422 ssl_next_proto_nego_xtn = 13172, | 604 ssl_next_proto_nego_xtn = 13172, |
| 423 + ssl_channel_id_xtn = 30031, | 605 + ssl_channel_id_xtn = 30031, |
| 424 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ | 606 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ |
| 425 } SSLExtensionType; | 607 } SSLExtensionType; |
| 426 | 608 |
| 427 -#define SSL_MAX_EXTENSIONS 7 | 609 -#define SSL_MAX_EXTENSIONS 7 |
| 428 +#define SSL_MAX_EXTENSIONS 8 | 610 +#define SSL_MAX_EXTENSIONS 8 |
| 429 | 611 |
| 430 #endif /* __sslt_h_ */ | 612 #endif /* __sslt_h_ */ |
| OLD | NEW |