Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(39)

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 10540014: nss: support SECWouldBlock from ChannelID callback. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /* 2 /*
3 * SSL3 Protocol 3 * SSL3 Protocol
4 * 4 *
5 * ***** BEGIN LICENSE BLOCK ***** 5 * ***** BEGIN LICENSE BLOCK *****
6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
7 * 7 *
8 * The contents of this file are subject to the Mozilla Public License Version 8 * The contents of this file are subject to the Mozilla Public License Version
9 * 1.1 (the "License"); you may not use this file except in compliance with 9 * 1.1 (the "License"); you may not use this file except in compliance with
10 * the License. You may obtain a copy of the License at 10 * the License. You may obtain a copy of the License at
(...skipping 5183 matching lines...) Expand 10 before | Expand all | Expand 10 after
5194 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); 5194 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
5195 ss->ssl3.clientPrivateKey = NULL; 5195 ss->ssl3.clientPrivateKey = NULL;
5196 } 5196 }
5197 #ifdef NSS_PLATFORM_CLIENT_AUTH 5197 #ifdef NSS_PLATFORM_CLIENT_AUTH
5198 if (ss->ssl3.platformClientKey) { 5198 if (ss->ssl3.platformClientKey) {
5199 ssl_FreePlatformKey(ss->ssl3.platformClientKey); 5199 ssl_FreePlatformKey(ss->ssl3.platformClientKey);
5200 ss->ssl3.platformClientKey = (PlatformKey)NULL; 5200 ss->ssl3.platformClientKey = (PlatformKey)NULL;
5201 } 5201 }
5202 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 5202 #endif /* NSS_PLATFORM_CLIENT_AUTH */
5203 5203
5204 if (ss->ssl3.channelID != NULL) {
5205 SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
5206 ss->ssl3.channelID = NULL;
5207 }
5208 if (ss->ssl3.channelIDPub != NULL) {
5209 SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
5210 ss->ssl3.channelIDPub = NULL;
5211 }
5212
5204 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); 5213 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
5205 if (temp < 0) { 5214 if (temp < 0) {
5206 goto loser; /* alert has been sent */ 5215 goto loser; /* alert has been sent */
5207 } 5216 }
5208 version = (SSL3ProtocolVersion)temp; 5217 version = (SSL3ProtocolVersion)temp;
5209 5218
5210 if (IS_DTLS(ss)) { 5219 if (IS_DTLS(ss)) {
5211 /* RFC 4347 required that you verify that the server versions 5220 /* RFC 4347 required that you verify that the server versions
5212 * match (Section 4.2.1) in the HelloVerifyRequest and the 5221 * match (Section 4.2.1) in the HelloVerifyRequest and the
5213 * ServerHello. 5222 * ServerHello.
(...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after
5446 ss->ssl3.hs.ws = wait_change_cipher; 5455 ss->ssl3.hs.ws = wait_change_cipher;
5447 5456
5448 ss->ssl3.hs.isResuming = PR_TRUE; 5457 ss->ssl3.hs.isResuming = PR_TRUE;
5449 5458
5450 /* copy the peer cert from the SID */ 5459 /* copy the peer cert from the SID */
5451 if (sid->peerCert != NULL) { 5460 if (sid->peerCert != NULL) {
5452 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); 5461 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
5453 ssl3_CopyPeerCertsFromSID(ss, sid); 5462 ssl3_CopyPeerCertsFromSID(ss, sid);
5454 } 5463 }
5455 5464
5456
5457 /* NULL value for PMS signifies re-use of the old MS */ 5465 /* NULL value for PMS signifies re-use of the old MS */
5458 rv = ssl3_InitPendingCipherSpec(ss, NULL); 5466 rv = ssl3_InitPendingCipherSpec(ss, NULL);
5459 if (rv != SECSuccess) { 5467 if (rv != SECSuccess) {
5460 goto alert_loser; /* err code was set */ 5468 goto alert_loser; /* err code was set */
5461 } 5469 }
5462 » return SECSuccess; 5470 » goto winner;
5463 } while (0); 5471 } while (0);
5464 5472
5465 if (sid_match) 5473 if (sid_match)
5466 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_not_ok ); 5474 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_not_ok );
5467 else 5475 else
5468 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_misses ); 5476 SSL_AtomicIncrementLong(& ssl3stats.hsh_sid_cache_misses );
5469 5477
5470 /* throw the old one away */ 5478 /* throw the old one away */
5471 sid->u.ssl3.keys.resumable = PR_FALSE; 5479 sid->u.ssl3.keys.resumable = PR_FALSE;
5472 (*ss->sec.uncache)(sid); 5480 (*ss->sec.uncache)(sid);
5473 ssl_FreeSID(sid); 5481 ssl_FreeSID(sid);
5474 5482
5475 /* get a new sid */ 5483 /* get a new sid */
5476 ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE); 5484 ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE);
5477 if (sid == NULL) { 5485 if (sid == NULL) {
5478 goto alert_loser; /* memory error is set. */ 5486 goto alert_loser; /* memory error is set. */
5479 } 5487 }
5480 5488
5481 sid->version = ss->version; 5489 sid->version = ss->version;
5482 sid->u.ssl3.sessionIDLength = sidBytes.len; 5490 sid->u.ssl3.sessionIDLength = sidBytes.len;
5483 PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); 5491 PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
5484 5492
5485 ss->ssl3.hs.isResuming = PR_FALSE; 5493 ss->ssl3.hs.isResuming = PR_FALSE;
5486 ss->ssl3.hs.ws = wait_server_cert; 5494 ss->ssl3.hs.ws = wait_server_cert;
5495
5496 winner:
5497 /* If we will need a ChannelID key then we make the callback now. This
5498 * allows the handshake to be restarted cleanly if the callback returns
5499 * SECWouldBlock. */
5500 if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
5501 rv = ss->getChannelID(ss->getChannelIDArg, ss->fd,
5502 &ss->ssl3.channelIDPub, &ss->ssl3.channelID);
5503 if (rv == SECWouldBlock) {
5504 ssl3_SetAlwaysBlock(ss);
5505 return rv;
5506 }
5507 if (rv != SECSuccess ||
5508 ss->ssl3.channelIDPub == NULL ||
5509 ss->ssl3.channelID == NULL) {
5510 PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED);
5511 goto loser;
5512 }
5513 }
5514
5487 return SECSuccess; 5515 return SECSuccess;
5488 5516
5489 alert_loser: 5517 alert_loser:
5490 (void)SSL3_SendAlert(ss, alert_fatal, desc); 5518 (void)SSL3_SendAlert(ss, alert_fatal, desc);
5491 5519
5492 loser: 5520 loser:
5493 errCode = ssl_MapLowLevelError(errCode); 5521 errCode = ssl_MapLowLevelError(errCode);
5494 return SECFailure; 5522 return SECFailure;
5495 } 5523 }
5496 5524
(...skipping 3393 matching lines...) Expand 10 before | Expand all | Expand 10 after
8890 8918
8891 SECStatus rv = SECFailure; 8919 SECStatus rv = SECFailure;
8892 SECItem *spki = NULL; 8920 SECItem *spki = NULL;
8893 SSL3Hashes hashes; 8921 SSL3Hashes hashes;
8894 const unsigned char *pub_bytes; 8922 const unsigned char *pub_bytes;
8895 unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)]; 8923 unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)];
8896 unsigned char digest[SHA256_LENGTH]; 8924 unsigned char digest[SHA256_LENGTH];
8897 SECItem digest_item; 8925 SECItem digest_item;
8898 unsigned char signature[64]; 8926 unsigned char signature[64];
8899 SECItem signature_item; 8927 SECItem signature_item;
8900 SECKEYPrivateKey *channelID = NULL;
8901 SECKEYPublicKey *channelIDPub = NULL;
8902 8928
8903 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); 8929 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
8904 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); 8930 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
8905 8931
8906 if (ss->getChannelID == NULL || 8932 if (ss->ssl3.channelID == NULL)
8907 » !ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
8908 return SECSuccess; 8933 return SECSuccess;
8909 }
8910 8934
8911 rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, 8935 PORT_Assert(ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn));
8912 » » » &channelIDPub, &channelID);
8913 if (rv != SECSuccess) {
8914 » PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED);
8915 » goto loser;
8916 }
8917 8936
8918 if (SECKEY_GetPrivateKeyType(channelID) != ecKey || 8937 if (SECKEY_GetPrivateKeyType(ss->ssl3.channelID) != ecKey ||
8919 » PK11_SignatureLen(channelID) != sizeof(signature)) { 8938 » PK11_SignatureLen(ss->ssl3.channelID) != sizeof(signature)) {
8920 PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); 8939 PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY);
8921 rv = SECFailure; 8940 rv = SECFailure;
8922 goto loser; 8941 goto loser;
8923 } 8942 }
8924 8943
8925 ssl_GetSpecReadLock(ss); 8944 ssl_GetSpecReadLock(ss);
8926 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0); 8945 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0);
8927 ssl_ReleaseSpecReadLock(ss); 8946 ssl_ReleaseSpecReadLock(ss);
8928 8947
8929 if (rv != SECSuccess) 8948 if (rv != SECSuccess)
8930 goto loser; 8949 goto loser;
8931 8950
8932 rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions, 8951 rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions,
8933 2 + 2 + CHANNEL_ID_LENGTH); 8952 2 + 2 + CHANNEL_ID_LENGTH);
8934 if (rv != SECSuccess) 8953 if (rv != SECSuccess)
8935 goto loser; /* error code set by AppendHandshakeHeader */ 8954 goto loser; /* error code set by AppendHandshakeHeader */
8936 rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); 8955 rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2);
8937 if (rv != SECSuccess) 8956 if (rv != SECSuccess)
8938 goto loser; /* error code set by AppendHandshake */ 8957 goto loser; /* error code set by AppendHandshake */
8939 rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2); 8958 rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2);
8940 if (rv != SECSuccess) 8959 if (rv != SECSuccess)
8941 goto loser; /* error code set by AppendHandshake */ 8960 goto loser; /* error code set by AppendHandshake */
8942 8961
8943 spki = SECKEY_EncodeDERSubjectPublicKeyInfo(channelIDPub); 8962 spki = SECKEY_EncodeDERSubjectPublicKeyInfo(ss->ssl3.channelIDPub);
8944 8963
8945 if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH || 8964 if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH ||
8946 memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) { 8965 memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) {
8947 PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); 8966 PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY);
8948 rv = SECFailure; 8967 rv = SECFailure;
8949 goto loser; 8968 goto loser;
8950 } 8969 }
8951 8970
8952 pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); 8971 pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX);
8953 8972
8954 memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC)); 8973 memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC));
8955 memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), &hashes, sizeof(hashes)); 8974 memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), &hashes, sizeof(hashes));
8956 8975
8957 rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, sizeof(signed_data)); 8976 rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, sizeof(signed_data));
8958 if (rv != SECSuccess) 8977 if (rv != SECSuccess)
8959 goto loser; 8978 goto loser;
8960 8979
8961 digest_item.data = digest; 8980 digest_item.data = digest;
8962 digest_item.len = sizeof(digest); 8981 digest_item.len = sizeof(digest);
8963 8982
8964 signature_item.data = signature; 8983 signature_item.data = signature;
8965 signature_item.len = sizeof(signature); 8984 signature_item.len = sizeof(signature);
8966 8985
8967 rv = PK11_Sign(channelID, &signature_item, &digest_item); 8986 rv = PK11_Sign(ss->ssl3.channelID, &signature_item, &digest_item);
8968 if (rv != SECSuccess) 8987 if (rv != SECSuccess)
8969 goto loser; 8988 goto loser;
8970 8989
8971 rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH); 8990 rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH);
8972 if (rv != SECSuccess) 8991 if (rv != SECSuccess)
8973 goto loser; 8992 goto loser;
8974 rv = ssl3_AppendHandshake(ss, signature, sizeof(signature)); 8993 rv = ssl3_AppendHandshake(ss, signature, sizeof(signature));
8975 8994
8976 loser: 8995 loser:
8977 if (spki) 8996 if (spki)
8978 SECITEM_FreeItem(spki, PR_TRUE); 8997 SECITEM_FreeItem(spki, PR_TRUE);
8979 if (channelID) 8998 if (ss->ssl3.channelID) {
8980 » SECKEY_DestroyPrivateKey(channelID); 8999 » SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
8981 if (channelIDPub) 9000 » ss->ssl3.channelID = NULL;
8982 » SECKEY_DestroyPublicKey(channelIDPub); 9001 }
9002 if (ss->ssl3.channelIDPub) {
9003 » SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
9004 » ss->ssl3.channelIDPub = NULL;
9005 }
8983 9006
8984 return rv; 9007 return rv;
8985 } 9008 }
8986 9009
9010 /* ssl3_RestartHandshakeAfterChannelIDReq is called to restart a handshake
9011 * after a ChannelID callback returned SECWouldBlock. At this point we have
9012 * processed the server's ServerHello but not yet any further messages. We will
9013 * always get a message from the server after a ServerHello so either they are
9014 * waiting in the buffer or we'll get network I/O. */
9015 SECStatus
9016 ssl3_RestartHandshakeAfterChannelIDReq(sslSocket *ss,
9017 SECKEYPublicKey *channelIDPub,
9018 SECKEYPrivateKey *channelID)
9019 {
9020 if (ss->handshake == 0) {
9021 SECKEY_DestroyPublicKey(channelIDPub);
9022 SECKEY_DestroyPrivateKey(channelID);
9023 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
9024 return SECFailure;
9025 }
9026
9027 if (channelIDPub == NULL ||
9028 channelID == NULL) {
9029 if (channelIDPub)
9030 SECKEY_DestroyPublicKey(channelIDPub);
9031 if (channelID)
9032 SECKEY_DestroyPrivateKey(channelID);
9033 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
9034 return SECFailure;
9035 }
9036
9037 if (ss->ssl3.channelID)
9038 SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
9039 if (ss->ssl3.channelIDPub)
9040 SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
9041
9042 ss->handshake = ssl_GatherRecord1stHandshake;
9043 ss->ssl3.channelID = channelID;
9044 ss->ssl3.channelIDPub = channelIDPub;
9045
9046 return SECSuccess;
9047 }
9048
8987 /* called from ssl3_HandleServerHelloDone 9049 /* called from ssl3_HandleServerHelloDone
8988 * ssl3_HandleClientHello 9050 * ssl3_HandleClientHello
8989 * ssl3_HandleFinished 9051 * ssl3_HandleFinished
8990 */ 9052 */
8991 static SECStatus 9053 static SECStatus
8992 ssl3_SendFinished(sslSocket *ss, PRInt32 flags) 9054 ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
8993 { 9055 {
8994 ssl3CipherSpec *cwSpec; 9056 ssl3CipherSpec *cwSpec;
8995 PRBool isTLS; 9057 PRBool isTLS;
8996 PRBool isServer = ss->sec.isServer; 9058 PRBool isServer = ss->sec.isServer;
(...skipping 1506 matching lines...) Expand 10 before | Expand all | Expand 10 after
10503 if (ss->ssl3.clientCertificate != NULL) 10565 if (ss->ssl3.clientCertificate != NULL)
10504 CERT_DestroyCertificate(ss->ssl3.clientCertificate); 10566 CERT_DestroyCertificate(ss->ssl3.clientCertificate);
10505 10567
10506 if (ss->ssl3.clientPrivateKey != NULL) 10568 if (ss->ssl3.clientPrivateKey != NULL)
10507 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); 10569 SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
10508 #ifdef NSS_PLATFORM_CLIENT_AUTH 10570 #ifdef NSS_PLATFORM_CLIENT_AUTH
10509 if (ss->ssl3.platformClientKey) 10571 if (ss->ssl3.platformClientKey)
10510 ssl_FreePlatformKey(ss->ssl3.platformClientKey); 10572 ssl_FreePlatformKey(ss->ssl3.platformClientKey);
10511 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 10573 #endif /* NSS_PLATFORM_CLIENT_AUTH */
10512 10574
10575 if (ss->ssl3.channelID)
10576 SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
10577 if (ss->ssl3.channelIDPub)
10578 SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
10579
10513 if (ss->ssl3.peerCertArena != NULL) 10580 if (ss->ssl3.peerCertArena != NULL)
10514 ssl3_CleanupPeerCerts(ss); 10581 ssl3_CleanupPeerCerts(ss);
10515 10582
10516 if (ss->ssl3.clientCertChain != NULL) { 10583 if (ss->ssl3.clientCertChain != NULL) {
10517 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); 10584 CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
10518 ss->ssl3.clientCertChain = NULL; 10585 ss->ssl3.clientCertChain = NULL;
10519 } 10586 }
10520 10587
10521 /* clean up handshake */ 10588 /* clean up handshake */
10522 if (ss->opt.bypassPKCS11) { 10589 if (ss->opt.bypassPKCS11) {
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
10559 PORT_Free(ss->ssl3.hs.recvdFragments.buf); 10626 PORT_Free(ss->ssl3.hs.recvdFragments.buf);
10560 } 10627 }
10561 } 10628 }
10562 10629
10563 ss->ssl3.initialized = PR_FALSE; 10630 ss->ssl3.initialized = PR_FALSE;
10564 10631
10565 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); 10632 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
10566 } 10633 }
10567 10634
10568 /* End of ssl3con.c */ 10635 /* End of ssl3con.c */
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698