OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 /* $Id$ */ | 8 /* $Id$ */ |
9 | 9 |
10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
62 static SECStatus ssl3_SendCertificate( sslSocket *ss); | 62 static SECStatus ssl3_SendCertificate( sslSocket *ss); |
63 static SECStatus ssl3_SendCertificateStatus( sslSocket *ss); | 63 static SECStatus ssl3_SendCertificateStatus( sslSocket *ss); |
64 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); | 64 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); |
65 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); | 65 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); |
66 static SECStatus ssl3_SendNextProto( sslSocket *ss); | 66 static SECStatus ssl3_SendNextProto( sslSocket *ss); |
67 static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); | 67 static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); |
68 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); | 68 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); |
69 static SECStatus ssl3_SendServerHello( sslSocket *ss); | 69 static SECStatus ssl3_SendServerHello( sslSocket *ss); |
70 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); | 70 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); |
71 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); | 71 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); |
72 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss); | |
73 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, | 72 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, |
74 const unsigned char *b, | 73 const unsigned char *b, |
75 unsigned int l); | 74 unsigned int l); |
76 static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); | 75 static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); |
77 static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid); | 76 static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid); |
78 | 77 |
79 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, | 78 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, |
80 int maxOutputLen, const unsigned char *input, | 79 int maxOutputLen, const unsigned char *input, |
81 int inputLen); | 80 int inputLen); |
82 | 81 |
(...skipping 982 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1065 hashes->len = MD5_LENGTH + SHA1_LENGTH; | 1064 hashes->len = MD5_LENGTH + SHA1_LENGTH; |
1066 } else if (hashAlg == SEC_OID_SHA1) { | 1065 } else if (hashAlg == SEC_OID_SHA1) { |
1067 SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); | 1066 SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); |
1068 hashes->len = SHA1_LENGTH; | 1067 hashes->len = SHA1_LENGTH; |
1069 } else if (hashAlg == SEC_OID_SHA256) { | 1068 } else if (hashAlg == SEC_OID_SHA256) { |
1070 SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); | 1069 SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); |
1071 hashes->len = SHA256_LENGTH; | 1070 hashes->len = SHA256_LENGTH; |
1072 } else if (hashAlg == SEC_OID_SHA384) { | 1071 } else if (hashAlg == SEC_OID_SHA384) { |
1073 SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); | 1072 SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); |
1074 hashes->len = SHA384_LENGTH; | 1073 hashes->len = SHA384_LENGTH; |
1074 } else if (hashAlg == SEC_OID_SHA512) { | |
1075 SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen); | |
1076 hashes->len = SHA512_LENGTH; | |
1075 } else { | 1077 } else { |
1076 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); | 1078 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); |
1077 return SECFailure; | 1079 return SECFailure; |
1078 } | 1080 } |
1079 } else | 1081 } else |
1080 #endif | 1082 #endif |
1081 { | 1083 { |
1082 if (hashAlg == SEC_OID_UNKNOWN) { | 1084 if (hashAlg == SEC_OID_UNKNOWN) { |
1083 rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); | 1085 rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); |
1084 if (rv != SECSuccess) { | 1086 if (rv != SECSuccess) { |
(...skipping 443 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1528 default: | 1530 default: |
1529 PORT_Assert(0); | 1531 PORT_Assert(0); |
1530 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 1532 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
1531 return SECFailure; | 1533 return SECFailure; |
1532 } | 1534 } |
1533 | 1535 |
1534 return SECSuccess; | 1536 return SECSuccess; |
1535 } | 1537 } |
1536 | 1538 |
1537 #ifndef NO_PKCS11_BYPASS | 1539 #ifndef NO_PKCS11_BYPASS |
1538 /* Initialize encryption and MAC contexts for pending spec. | 1540 /* Initialize encryption contexts for pending spec. |
1541 * MAC contexts are set up when computing the mac, not here. | |
1539 * Master Secret already is derived in spec->msItem | 1542 * Master Secret already is derived in spec->msItem |
1540 * Caller holds Spec write lock. | 1543 * Caller holds Spec write lock. |
1541 */ | 1544 */ |
1542 static SECStatus | 1545 static SECStatus |
1543 ssl3_InitPendingContextsBypass(sslSocket *ss) | 1546 ssl3_InitPendingContextsBypass(sslSocket *ss) |
1544 { | 1547 { |
1545 ssl3CipherSpec * pwSpec; | 1548 ssl3CipherSpec * pwSpec; |
1546 const ssl3BulkCipherDef *cipher_def; | 1549 const ssl3BulkCipherDef *cipher_def; |
1547 void * serverContext = NULL; | 1550 void * serverContext = NULL; |
1548 void * clientContext = NULL; | 1551 void * clientContext = NULL; |
1549 BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL; | 1552 BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL; |
1550 int mode = 0; | 1553 int mode = 0; |
1551 unsigned int optArg1 = 0; | 1554 unsigned int optArg1 = 0; |
1552 unsigned int optArg2 = 0; | 1555 unsigned int optArg2 = 0; |
1553 PRBool server_encrypts = ss->sec.isServer; | 1556 PRBool server_encrypts = ss->sec.isServer; |
1554 CK_ULONG macLength; | |
1555 SSLCipherAlgorithm calg; | 1557 SSLCipherAlgorithm calg; |
1556 SSLCompressionMethod compression_method; | 1558 SSLCompressionMethod compression_method; |
1557 SECStatus rv; | 1559 SECStatus rv; |
1558 | 1560 |
1559 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 1561 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
1560 PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); | 1562 PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); |
1561 PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); | 1563 PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); |
1562 | 1564 |
1563 pwSpec = ss->ssl3.pwSpec; | 1565 pwSpec = ss->ssl3.pwSpec; |
1564 cipher_def = pwSpec->cipher_def; | 1566 cipher_def = pwSpec->cipher_def; |
1565 macLength = pwSpec->mac_size; | |
1566 | |
1567 /* MAC setup is done when computing the mac, not here. | |
1568 * Now setup the crypto contexts. | |
1569 */ | |
1570 | 1567 |
1571 calg = cipher_def->calg; | 1568 calg = cipher_def->calg; |
1572 compression_method = pwSpec->compression_method; | 1569 compression_method = pwSpec->compression_method; |
1573 | 1570 |
1574 serverContext = pwSpec->server.cipher_context; | 1571 serverContext = pwSpec->server.cipher_context; |
1575 clientContext = pwSpec->client.cipher_context; | 1572 clientContext = pwSpec->client.cipher_context; |
1576 | 1573 |
1577 switch (calg) { | 1574 switch (calg) { |
1578 case ssl_calg_null: | 1575 case ssl_calg_null: |
1579 pwSpec->encode = Null_Cipher; | 1576 pwSpec->encode = Null_Cipher; |
(...skipping 1872 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3452 } | 3449 } |
3453 #ifndef NO_PKCS11_BYPASS | 3450 #ifndef NO_PKCS11_BYPASS |
3454 if (ss->opt.bypassPKCS11) { | 3451 if (ss->opt.bypassPKCS11) { |
3455 SECItem * keydata; | 3452 SECItem * keydata; |
3456 /* In hope of doing a "double bypass", | 3453 /* In hope of doing a "double bypass", |
3457 * need to extract the master secret's value from the key object | 3454 * need to extract the master secret's value from the key object |
3458 * and store it raw in the sslSocket struct. | 3455 * and store it raw in the sslSocket struct. |
3459 */ | 3456 */ |
3460 rv = PK11_ExtractKeyValue(pwSpec->master_secret); | 3457 rv = PK11_ExtractKeyValue(pwSpec->master_secret); |
3461 if (rv != SECSuccess) { | 3458 if (rv != SECSuccess) { |
3462 #if defined(NSS_SURVIVE_DOUBLE_BYPASS_FAILURE) | |
wtc
2013/06/15 19:40:55
I don't think this code is used by any NSS user. I
| |
3463 /* The double bypass failed. | |
3464 * Attempt to revert to an all PKCS#11, non-bypass method. | |
3465 * Do we need any unacquired locks here? | |
3466 */ | |
3467 ss->opt.bypassPKCS11 = 0; | |
3468 rv = ssl3_NewHandshakeHashes(ss); | |
3469 if (rv == SECSuccess) { | |
3470 rv = ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf, | |
3471 ss->ssl3.hs.messages.len); | |
3472 } | |
3473 #endif | |
3474 return rv; | 3459 return rv; |
3475 } | 3460 } |
3476 /* This returns the address of the secItem inside the key struct, | 3461 /* This returns the address of the secItem inside the key struct, |
3477 * not a copy or a reference. So, there's no need to free it. | 3462 * not a copy or a reference. So, there's no need to free it. |
3478 */ | 3463 */ |
3479 keydata = PK11_GetKeyData(pwSpec->master_secret); | 3464 keydata = PK11_GetKeyData(pwSpec->master_secret); |
3480 if (keydata && keydata->len <= sizeof pwSpec->raw_master_secret) { | 3465 if (keydata && keydata->len <= sizeof pwSpec->raw_master_secret) { |
3481 memcpy(pwSpec->raw_master_secret, keydata->data, keydata->len); | 3466 memcpy(pwSpec->raw_master_secret, keydata->data, keydata->len); |
3482 pwSpec->msItem.data = pwSpec->raw_master_secret; | 3467 pwSpec->msItem.data = pwSpec->raw_master_secret; |
3483 pwSpec->msItem.len = keydata->len; | 3468 pwSpec->msItem.len = keydata->len; |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3633 PK11_FreeSymKey(symKey); | 3618 PK11_FreeSymKey(symKey); |
3634 return SECSuccess; | 3619 return SECSuccess; |
3635 | 3620 |
3636 | 3621 |
3637 loser: | 3622 loser: |
3638 if (symKey) PK11_FreeSymKey(symKey); | 3623 if (symKey) PK11_FreeSymKey(symKey); |
3639 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); | 3624 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); |
3640 return SECFailure; | 3625 return SECFailure; |
3641 } | 3626 } |
3642 | 3627 |
3643 /* ssl3_InitTLS12HandshakeHash creates a handshake hash context for TLS 1.2, | 3628 /* ssl3_InitHandshakeHashes creates handshake hash contexts and hashes in |
3644 * if needed, and hashes in any buffered messages in ss->ssl3.hs.messages. */ | 3629 * buffered messages in ss->ssl3.hs.messages. */ |
3645 static SECStatus | 3630 static SECStatus |
3646 ssl3_InitTLS12HandshakeHash(sslSocket *ss) | 3631 ssl3_InitHandshakeHashes(sslSocket *ss) |
3647 { | 3632 { |
3648 if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2 && | 3633 PK11Context *md5 = NULL; |
3649 » ss->ssl3.hs.tls12_handshake_hash == NULL) { | 3634 PK11Context *sha = NULL; |
3650 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 | 3635 |
3651 » * then this will need to be updated. */ | 3636 SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd)); |
3652 » ss->ssl3.hs.tls12_handshake_hash = | 3637 |
3653 » PK11_CreateDigestContext(SEC_OID_SHA256); | 3638 PORT_Assert(ss->ssl3.hs.hashType == HANDSHAKE_HASH_UNKNOWN); |
3654 » if (!ss->ssl3.hs.tls12_handshake_hash || | 3639 #ifndef NO_PKCS11_BYPASS |
3655 » PK11_DigestBegin(ss->ssl3.hs.tls12_handshake_hash) != SECSuccess) { | 3640 if (ss->opt.bypassPKCS11) { |
3656 » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3641 » PORT_Assert(!ss->ssl3.hs.sha_obj && !ss->ssl3.hs.sha_clone); |
3657 » return SECFailure; | 3642 » if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { |
3643 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 | |
3644 » * then this will need to be updated. */ | |
3645 » ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256); | |
3646 » if (!ss->ssl3.hs.sha_obj) { | |
3647 » » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | |
3648 » » return SECFailure; | |
3649 » } | |
3650 » ss->ssl3.hs.sha_clone = (void (*)(void *, void *))SHA256_Clone; | |
3651 » ss->ssl3.hs.hashType = HANDSHAKE_HASH_SINGLE; | |
3652 » ss->ssl3.hs.sha_obj->begin(ss->ssl3.hs.sha_cx); | |
3653 » } else { | |
3654 » ss->ssl3.hs.hashType = HANDSHAKE_HASH_COMBO; | |
3655 » MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); | |
3656 » SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); | |
3657 » } | |
3658 } else | |
3659 #endif | |
3660 { | |
3661 » PORT_Assert(!ss->ssl3.hs.md5 && !ss->ssl3.hs.sha); | |
3662 » /* | |
3663 » * note: We should probably lookup an SSL3 slot for these | |
3664 » * handshake hashes in hopes that we wind up with the same slots | |
3665 » * that the master secret will wind up in ... | |
3666 » */ | |
3667 » if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { | |
3668 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 | |
3669 » * then this will need to be updated. */ | |
3670 » ss->ssl3.hs.sha = sha = PK11_CreateDigestContext(SEC_OID_SHA256); | |
3671 » if (sha == NULL) { | |
3672 » » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | |
3673 » » goto loser; | |
3674 » } | |
3675 » ss->ssl3.hs.hashType = HANDSHAKE_HASH_SINGLE; | |
3676 | |
3677 » if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { | |
3678 » » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | |
3679 » » return SECFailure; | |
3680 » } | |
3681 » } else { | |
3682 » ss->ssl3.hs.md5 = md5 = PK11_CreateDigestContext(SEC_OID_MD5); | |
3683 » ss->ssl3.hs.sha = sha = PK11_CreateDigestContext(SEC_OID_SHA1); | |
3684 » if (md5 == NULL) { | |
3685 » » ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | |
3686 » » goto loser; | |
agl
2013/06/17 14:01:14
Several error paths in this function return direct
wtc
2013/06/17 20:05:16
You are right. I was also unhappy with how I handl
| |
3687 » } | |
3688 » if (sha == NULL) { | |
3689 » » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | |
3690 » » goto loser; | |
3691 » } | |
3692 » ss->ssl3.hs.hashType = HANDSHAKE_HASH_COMBO; | |
3693 | |
3694 » if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) { | |
3695 » » ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | |
3696 » » return SECFailure; | |
3697 » } | |
3698 » if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { | |
3699 » » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | |
3700 » » return SECFailure; | |
3701 » } | |
3658 } | 3702 } |
3659 } | 3703 } |
3660 | 3704 |
3661 if (ss->ssl3.hs.tls12_handshake_hash && ss->ssl3.hs.messages.len > 0) { | 3705 if (ss->ssl3.hs.messages.len > 0) { |
3662 » if (PK11_DigestOp(ss->ssl3.hs.tls12_handshake_hash, | 3706 » if (ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf, |
3663 » » » ss->ssl3.hs.messages.buf, | 3707 » » » » ss->ssl3.hs.messages.len) != |
3664 » » » ss->ssl3.hs.messages.len) != SECSuccess) { | 3708 » SECSuccess) { |
3665 » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | |
3666 return SECFailure; | 3709 return SECFailure; |
3667 } | 3710 } |
3668 } | |
3669 | |
3670 if (ss->ssl3.hs.messages.buf && !ss->opt.bypassPKCS11) { | |
3671 PORT_Free(ss->ssl3.hs.messages.buf); | 3711 PORT_Free(ss->ssl3.hs.messages.buf); |
3672 ss->ssl3.hs.messages.buf = NULL; | 3712 ss->ssl3.hs.messages.buf = NULL; |
3673 ss->ssl3.hs.messages.len = 0; | 3713 ss->ssl3.hs.messages.len = 0; |
3674 ss->ssl3.hs.messages.space = 0; | 3714 ss->ssl3.hs.messages.space = 0; |
3675 } | 3715 } |
3676 | 3716 |
3677 return SECSuccess; | 3717 return SECSuccess; |
3718 | |
3719 loser: | |
3720 if (md5 != NULL) { | |
3721 PK11_DestroyContext(md5, PR_TRUE); | |
3722 ss->ssl3.hs.md5 = NULL; | |
3723 } | |
3724 if (sha != NULL) { | |
3725 PK11_DestroyContext(sha, PR_TRUE); | |
3726 ss->ssl3.hs.sha = NULL; | |
3727 } | |
3728 return SECFailure; | |
3678 } | 3729 } |
3679 | 3730 |
3680 static SECStatus | 3731 static SECStatus |
3681 ssl3_RestartHandshakeHashes(sslSocket *ss) | 3732 ssl3_RestartHandshakeHashes(sslSocket *ss) |
3682 { | 3733 { |
3683 SECStatus rv = SECSuccess; | 3734 SECStatus rv = SECSuccess; |
3684 | 3735 |
3736 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", | |
3737 SSL_GETPID(), ss->fd )); | |
3738 ss->ssl3.hs.hashType = HANDSHAKE_HASH_UNKNOWN; | |
3685 ss->ssl3.hs.messages.len = 0; | 3739 ss->ssl3.hs.messages.len = 0; |
3686 #ifndef NO_PKCS11_BYPASS | 3740 #ifndef NO_PKCS11_BYPASS |
3687 if (ss->opt.bypassPKCS11) { | 3741 ss->ssl3.hs.sha_obj = NULL; |
3688 » MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); | 3742 ss->ssl3.hs.sha_clone = NULL; |
3689 » SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); | |
3690 } else | |
3691 #endif | 3743 #endif |
3692 { | 3744 if (ss->ssl3.hs.md5) { |
3693 » if (ss->ssl3.hs.tls12_handshake_hash) { | 3745 » PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); |
3694 » rv = PK11_DigestBegin(ss->ssl3.hs.tls12_handshake_hash); | 3746 » ss->ssl3.hs.md5 = NULL; |
3695 » if (rv != SECSuccess) { | 3747 } |
3696 » » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3748 if (ss->ssl3.hs.sha) { |
3697 » » return rv; | 3749 » PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); |
3698 » } | 3750 » ss->ssl3.hs.sha = NULL; |
3699 » } | |
3700 » rv = PK11_DigestBegin(ss->ssl3.hs.md5); | |
3701 » if (rv != SECSuccess) { | |
3702 » ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | |
3703 » return rv; | |
3704 » } | |
3705 » rv = PK11_DigestBegin(ss->ssl3.hs.sha); | |
3706 » if (rv != SECSuccess) { | |
3707 » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | |
3708 » return rv; | |
3709 » } | |
3710 } | 3751 } |
3711 return rv; | 3752 return rv; |
3712 } | 3753 } |
3713 | 3754 |
3714 static SECStatus | |
3715 ssl3_NewHandshakeHashes(sslSocket *ss) | |
wtc
2013/06/15 19:40:55
After I removed the NSS_SURVIVE_DOUBLE_BYPASS_FAIL
| |
3716 { | |
3717 PK11Context *md5 = NULL; | |
3718 PK11Context *sha = NULL; | |
3719 | |
3720 /* | |
3721 * note: We should probably lookup an SSL3 slot for these | |
3722 * handshake hashes in hopes that we wind up with the same slots | |
3723 * that the master secret will wind up in ... | |
3724 */ | |
3725 SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd)); | |
3726 PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space); | |
3727 ss->ssl3.hs.messages.buf = NULL; | |
3728 ss->ssl3.hs.messages.space = 0; | |
3729 | |
3730 ss->ssl3.hs.md5 = md5 = PK11_CreateDigestContext(SEC_OID_MD5); | |
3731 ss->ssl3.hs.sha = sha = PK11_CreateDigestContext(SEC_OID_SHA1); | |
3732 ss->ssl3.hs.tls12_handshake_hash = NULL; | |
3733 if (md5 == NULL) { | |
3734 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | |
3735 goto loser; | |
3736 } | |
3737 if (sha == NULL) { | |
3738 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | |
3739 goto loser; | |
3740 } | |
3741 if (SECSuccess == ssl3_RestartHandshakeHashes(ss)) { | |
wtc
2013/06/15 19:40:55
Note that ssl3_NewHandshakeHashes calls ssl3_Resta
| |
3742 return SECSuccess; | |
3743 } | |
3744 | |
3745 loser: | |
3746 if (md5 != NULL) { | |
3747 PK11_DestroyContext(md5, PR_TRUE); | |
3748 ss->ssl3.hs.md5 = NULL; | |
3749 } | |
3750 if (sha != NULL) { | |
3751 PK11_DestroyContext(sha, PR_TRUE); | |
3752 ss->ssl3.hs.sha = NULL; | |
3753 } | |
3754 return SECFailure; | |
3755 | |
3756 } | |
3757 | |
3758 /* | 3755 /* |
3759 * Handshake messages | 3756 * Handshake messages |
3760 */ | 3757 */ |
3761 /* Called from» ssl3_AppendHandshake() | 3758 /* Called from» ssl3_InitHandshakeHashes() |
3759 **» » ssl3_AppendHandshake() | |
3762 ** ssl3_StartHandshakeHash() | 3760 ** ssl3_StartHandshakeHash() |
3763 ** ssl3_HandleV2ClientHello() | 3761 ** ssl3_HandleV2ClientHello() |
3764 ** ssl3_HandleHandshakeMessage() | 3762 ** ssl3_HandleHandshakeMessage() |
3765 ** Caller must hold the ssl3Handshake lock. | 3763 ** Caller must hold the ssl3Handshake lock. |
3766 */ | 3764 */ |
3767 static SECStatus | 3765 static SECStatus |
3768 ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, | 3766 ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, |
3769 unsigned int l) | 3767 unsigned int l) |
3770 { | 3768 { |
3771 SECStatus rv = SECSuccess; | 3769 SECStatus rv = SECSuccess; |
3772 | 3770 |
3773 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 3771 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
3774 | 3772 |
3775 PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l)); | 3773 /* We need to buffer the handshake messages until we have established |
3774 * which handshake hash function to use. */ | |
3775 if (ss->ssl3.hs.hashType == HANDSHAKE_HASH_UNKNOWN) { | |
3776 » return sslBuffer_Append(&ss->ssl3.hs.messages, b, l); | |
3777 } | |
3776 | 3778 |
3777 if ((ss->version == 0 || ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) && | 3779 PRINT_BUF(90, (NULL, "handshake hash input:", b, l)); |
3778 » !ss->opt.bypassPKCS11 && | |
3779 » ss->ssl3.hs.tls12_handshake_hash == NULL) { | |
3780 » /* For TLS 1.2 connections we need to buffer the handshake messages | |
3781 » * until we have established which PRF hash function to use. */ | |
3782 » rv = sslBuffer_Append(&ss->ssl3.hs.messages, b, l); | |
3783 » if (rv != SECSuccess) { | |
3784 » return rv; | |
3785 » } | |
3786 } | |
3787 | 3780 |
3788 #ifndef NO_PKCS11_BYPASS | 3781 #ifndef NO_PKCS11_BYPASS |
3789 if (ss->opt.bypassPKCS11) { | 3782 if (ss->opt.bypassPKCS11) { |
3790 » MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); | 3783 » if (ss->ssl3.hs.hashType == HANDSHAKE_HASH_SINGLE) { |
3791 » SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l); | 3784 » ss->ssl3.hs.sha_obj->update(ss->ssl3.hs.sha_cx, b, l); |
3792 #if defined(NSS_SURVIVE_DOUBLE_BYPASS_FAILURE) | 3785 » } else { |
3793 » rv = sslBuffer_Append(&ss->ssl3.hs.messages, b, l); | 3786 » MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); |
3794 #endif | 3787 » SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l); |
3788 » } | |
3795 return rv; | 3789 return rv; |
3796 } | 3790 } |
3797 #endif | 3791 #endif |
3798 if (ss->ssl3.hs.tls12_handshake_hash) { | 3792 if (ss->ssl3.hs.hashType == HANDSHAKE_HASH_SINGLE) { |
3799 » rv = PK11_DigestOp(ss->ssl3.hs.tls12_handshake_hash, b, l); | 3793 » rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l); |
3800 if (rv != SECSuccess) { | 3794 if (rv != SECSuccess) { |
3801 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3795 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
3802 return rv; | 3796 return rv; |
3803 } | 3797 } |
3804 } else { | 3798 } else { |
3805 rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); | 3799 rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); |
3806 if (rv != SECSuccess) { | 3800 if (rv != SECSuccess) { |
3807 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | 3801 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); |
3808 return rv; | 3802 return rv; |
3809 } | 3803 } |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3917 */ | 3911 */ |
3918 if (IS_DTLS(ss)) { | 3912 if (IS_DTLS(ss)) { |
3919 rv = dtls_StageHandshakeMessage(ss); | 3913 rv = dtls_StageHandshakeMessage(ss); |
3920 if (rv != SECSuccess) { | 3914 if (rv != SECSuccess) { |
3921 return rv; | 3915 return rv; |
3922 } | 3916 } |
3923 } | 3917 } |
3924 | 3918 |
3925 SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s", | 3919 SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s", |
3926 SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t))); | 3920 SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t))); |
3927 PRINT_BUF(60, (ss, "MD5 handshake hash:", | |
3928 (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH)); | |
3929 PRINT_BUF(95, (ss, "SHA handshake hash:", | |
3930 (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH)); | |
wtc
2013/06/15 19:40:55
These two PRINT_BUF statements are broken because
| |
3931 | 3921 |
3932 rv = ssl3_AppendHandshakeNumber(ss, t, 1); | 3922 rv = ssl3_AppendHandshakeNumber(ss, t, 1); |
3933 if (rv != SECSuccess) { | 3923 if (rv != SECSuccess) { |
3934 return rv; /* error code set by AppendHandshake, if applicable. */ | 3924 return rv; /* error code set by AppendHandshake, if applicable. */ |
3935 } | 3925 } |
3936 rv = ssl3_AppendHandshakeNumber(ss, length, 3); | 3926 rv = ssl3_AppendHandshakeNumber(ss, length, 3); |
3937 if (rv != SECSuccess) { | 3927 if (rv != SECSuccess) { |
3938 return rv; /* error code set by AppendHandshake, if applicable. */ | 3928 return rv; /* error code set by AppendHandshake, if applicable. */ |
3939 } | 3929 } |
3940 | 3930 |
(...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4268 SECStatus rv = SECSuccess; | 4258 SECStatus rv = SECSuccess; |
4269 PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); | 4259 PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); |
4270 unsigned int outLength; | 4260 unsigned int outLength; |
4271 SSL3Opaque md5_inner[MAX_MAC_LENGTH]; | 4261 SSL3Opaque md5_inner[MAX_MAC_LENGTH]; |
4272 SSL3Opaque sha_inner[MAX_MAC_LENGTH]; | 4262 SSL3Opaque sha_inner[MAX_MAC_LENGTH]; |
4273 | 4263 |
4274 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 4264 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
4275 hashes->hashAlg = SEC_OID_UNKNOWN; | 4265 hashes->hashAlg = SEC_OID_UNKNOWN; |
4276 | 4266 |
4277 #ifndef NO_PKCS11_BYPASS | 4267 #ifndef NO_PKCS11_BYPASS |
4278 if (ss->opt.bypassPKCS11) { | 4268 if (ss->opt.bypassPKCS11 && |
4269 » ss->ssl3.hs.hashType == HANDSHAKE_HASH_SINGLE) { | |
4270 » /* compute them without PKCS11 */ | |
4271 » PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; | |
4272 | |
4273 » if (!spec->msItem.data) { | |
4274 » PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); | |
4275 » return SECFailure; | |
4276 » } | |
4277 | |
4278 » ss->ssl3.hs.sha_clone(sha_cx, ss->ssl3.hs.sha_cx); | |
4279 » ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len, | |
4280 » » » » sizeof(hashes->u.raw)); | |
4281 | |
4282 » PRINT_BUF(60, (NULL, "SHA-256: result", hashes->u.raw, hashes->len)); | |
4283 | |
4284 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 | |
4285 » * then this will need to be updated. */ | |
4286 » hashes->hashAlg = SEC_OID_SHA256; | |
4287 » rv = SECSuccess; | |
4288 } else if (ss->opt.bypassPKCS11) { | |
4279 /* compute them without PKCS11 */ | 4289 /* compute them without PKCS11 */ |
4280 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; | 4290 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
4281 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; | 4291 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
4282 | 4292 |
4283 #define md5cx ((MD5Context *)md5_cx) | 4293 #define md5cx ((MD5Context *)md5_cx) |
4284 #define shacx ((SHA1Context *)sha_cx) | 4294 #define shacx ((SHA1Context *)sha_cx) |
4285 | 4295 |
4286 if (!spec->msItem.data) { | 4296 if (!spec->msItem.data) { |
4287 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); | 4297 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
4288 return SECFailure; | 4298 return SECFailure; |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4353 SHA1_End(shacx, hashes->u.s.sha, &outLength, SHA1_LENGTH); | 4363 SHA1_End(shacx, hashes->u.s.sha, &outLength, SHA1_LENGTH); |
4354 | 4364 |
4355 PRINT_BUF(60, (NULL, "SHA outer: result", hashes->u.s.sha, SHA1_LENGTH)) ; | 4365 PRINT_BUF(60, (NULL, "SHA outer: result", hashes->u.s.sha, SHA1_LENGTH)) ; |
4356 | 4366 |
4357 hashes->len = MD5_LENGTH + SHA1_LENGTH; | 4367 hashes->len = MD5_LENGTH + SHA1_LENGTH; |
4358 rv = SECSuccess; | 4368 rv = SECSuccess; |
4359 #undef md5cx | 4369 #undef md5cx |
4360 #undef shacx | 4370 #undef shacx |
4361 } else | 4371 } else |
4362 #endif | 4372 #endif |
4363 if (ss->ssl3.hs.tls12_handshake_hash) { | 4373 if (ss->ssl3.hs.hashType == HANDSHAKE_HASH_SINGLE) { |
4374 » /* compute hashes with PKCS11 */ | |
4364 PK11Context *h; | 4375 PK11Context *h; |
4365 unsigned int stateLen; | 4376 unsigned int stateLen; |
4366 unsigned char stackBuf[1024]; | 4377 unsigned char stackBuf[1024]; |
4367 unsigned char *stateBuf = NULL; | 4378 unsigned char *stateBuf = NULL; |
4368 | 4379 |
4369 if (!spec->master_secret) { | 4380 if (!spec->master_secret) { |
4370 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); | 4381 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
4371 return SECFailure; | 4382 return SECFailure; |
4372 } | 4383 } |
4373 | 4384 |
4374 » h = ss->ssl3.hs.tls12_handshake_hash; | 4385 » h = ss->ssl3.hs.sha; |
4375 stateBuf = PK11_SaveContextAlloc(h, stackBuf, | 4386 stateBuf = PK11_SaveContextAlloc(h, stackBuf, |
4376 sizeof(stackBuf), &stateLen); | 4387 sizeof(stackBuf), &stateLen); |
4377 if (stateBuf == NULL) { | 4388 if (stateBuf == NULL) { |
4378 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 4389 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
4379 goto tls12_loser; | 4390 goto tls12_loser; |
4380 } | 4391 } |
4381 rv |= PK11_DigestFinal(h, hashes->u.raw, &hashes->len, | 4392 rv |= PK11_DigestFinal(h, hashes->u.raw, &hashes->len, |
4382 sizeof(hashes->u.raw)); | 4393 sizeof(hashes->u.raw)); |
4383 if (rv != SECSuccess) { | 4394 if (rv != SECSuccess) { |
4384 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 4395 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
4385 rv = SECFailure; | 4396 rv = SECFailure; |
4386 goto tls12_loser; | 4397 goto tls12_loser; |
4387 } | 4398 } |
4388 /* If we ever support ciphersuites where the PRF hash isn't SHA-256 | 4399 /* If we ever support ciphersuites where the PRF hash isn't SHA-256 |
4389 * then this will need to be updated. */ | 4400 * then this will need to be updated. */ |
4390 hashes->hashAlg = SEC_OID_SHA256; | 4401 hashes->hashAlg = SEC_OID_SHA256; |
4391 rv = SECSuccess; | 4402 rv = SECSuccess; |
4392 | 4403 |
4393 tls12_loser: | 4404 tls12_loser: |
4394 if (stateBuf) { | 4405 if (stateBuf) { |
4395 » if (PK11_RestoreContext(ss->ssl3.hs.tls12_handshake_hash, stateBuf, | 4406 » if (PK11_RestoreContext(h, stateBuf, stateLen) != SECSuccess) { |
4396 » » » » stateLen) != SECSuccess) { | |
4397 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 4407 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
4398 rv = SECFailure; | 4408 rv = SECFailure; |
4399 } | 4409 } |
4400 if (stateBuf != stackBuf) { | 4410 if (stateBuf != stackBuf) { |
4401 PORT_ZFree(stateBuf, stateLen); | 4411 PORT_ZFree(stateBuf, stateLen); |
4402 } | 4412 } |
4403 } | 4413 } |
4404 } else { | 4414 } else { |
4405 » /* compute hases with PKCS11 */ | 4415 » /* compute hashes with PKCS11 */ |
4406 PK11Context * md5; | 4416 PK11Context * md5; |
4407 PK11Context * sha = NULL; | 4417 PK11Context * sha = NULL; |
4408 unsigned char *md5StateBuf = NULL; | 4418 unsigned char *md5StateBuf = NULL; |
4409 unsigned char *shaStateBuf = NULL; | 4419 unsigned char *shaStateBuf = NULL; |
4410 unsigned int md5StateLen, shaStateLen; | 4420 unsigned int md5StateLen, shaStateLen; |
4411 unsigned char md5StackBuf[256]; | 4421 unsigned char md5StackBuf[256]; |
4412 unsigned char shaStackBuf[512]; | 4422 unsigned char shaStackBuf[512]; |
4413 | 4423 |
4414 if (!spec->master_secret) { | 4424 if (!spec->master_secret) { |
4415 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); | 4425 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4560 ssl3_StartHandshakeHash(sslSocket *ss, unsigned char * buf, int length) | 4570 ssl3_StartHandshakeHash(sslSocket *ss, unsigned char * buf, int length) |
4561 { | 4571 { |
4562 SECStatus rv; | 4572 SECStatus rv; |
4563 | 4573 |
4564 ssl_GetSSL3HandshakeLock(ss); /**************************************/ | 4574 ssl_GetSSL3HandshakeLock(ss); /**************************************/ |
4565 | 4575 |
4566 rv = ssl3_InitState(ss); | 4576 rv = ssl3_InitState(ss); |
4567 if (rv != SECSuccess) { | 4577 if (rv != SECSuccess) { |
4568 goto done; /* ssl3_InitState has set the error code. */ | 4578 goto done; /* ssl3_InitState has set the error code. */ |
4569 } | 4579 } |
4580 rv = ssl3_RestartHandshakeHashes(ss); | |
4581 if (rv != SECSuccess) { | |
4582 goto done; | |
4583 } | |
4570 | 4584 |
4571 PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH); | 4585 PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH); |
4572 PORT_Memcpy( | 4586 PORT_Memcpy( |
4573 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - SSL_CHALLENGE_BYTES ], | 4587 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - SSL_CHALLENGE_BYTES ], |
4574 &ss->sec.ci.clientChallenge, | 4588 &ss->sec.ci.clientChallenge, |
4575 SSL_CHALLENGE_BYTES); | 4589 SSL_CHALLENGE_BYTES); |
4576 | 4590 |
4577 rv = ssl3_UpdateHandshakeHashes(ss, buf, length); | 4591 rv = ssl3_UpdateHandshakeHashes(ss, buf, length); |
4578 /* if it failed, ssl3_UpdateHandshakeHashes has set the error code. */ | 4592 /* if it failed, ssl3_UpdateHandshakeHashes has set the error code. */ |
4579 | 4593 |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4619 return rv; /* ssl3_InitState has set the error code. */ | 4633 return rv; /* ssl3_InitState has set the error code. */ |
4620 } | 4634 } |
4621 ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ | 4635 ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ |
4622 PORT_Assert(IS_DTLS(ss) || !resending); | 4636 PORT_Assert(IS_DTLS(ss) || !resending); |
4623 | 4637 |
4624 /* We might be starting a session renegotiation in which case we should | 4638 /* We might be starting a session renegotiation in which case we should |
4625 * clear previous state. | 4639 * clear previous state. |
4626 */ | 4640 */ |
4627 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 4641 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
4628 | 4642 |
4629 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", | |
4630 SSL_GETPID(), ss->fd )); | |
4631 rv = ssl3_RestartHandshakeHashes(ss); | 4643 rv = ssl3_RestartHandshakeHashes(ss); |
4632 if (rv != SECSuccess) { | 4644 if (rv != SECSuccess) { |
4633 return rv; | 4645 return rv; |
4634 } | 4646 } |
4635 | 4647 |
4636 /* | 4648 /* |
4637 * During a renegotiation, ss->clientHelloVersion will be used again to | 4649 * During a renegotiation, ss->clientHelloVersion will be used again to |
4638 * work around a Windows SChannel bug. Ensure that it is still enabled. | 4650 * work around a Windows SChannel bug. Ensure that it is still enabled. |
4639 */ | 4651 */ |
4640 if (ss->firstHsDone) { | 4652 if (ss->firstHsDone) { |
(...skipping 1249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5890 SECItem sidBytes = {siBuffer, NULL, 0}; | 5902 SECItem sidBytes = {siBuffer, NULL, 0}; |
5891 PRBool sid_match; | 5903 PRBool sid_match; |
5892 PRBool isTLS = PR_FALSE; | 5904 PRBool isTLS = PR_FALSE; |
5893 SSL3AlertDescription desc = illegal_parameter; | 5905 SSL3AlertDescription desc = illegal_parameter; |
5894 SSL3ProtocolVersion version; | 5906 SSL3ProtocolVersion version; |
5895 | 5907 |
5896 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake", | 5908 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake", |
5897 SSL_GETPID(), ss->fd)); | 5909 SSL_GETPID(), ss->fd)); |
5898 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 5910 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
5899 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 5911 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
5912 PORT_Assert( ss->ssl3.initialized ); | |
5900 | 5913 |
5901 rv = ssl3_InitState(ss); | |
5902 if (rv != SECSuccess) { | |
5903 errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */ | |
5904 goto alert_loser; | |
5905 } | |
5906 if (ss->ssl3.hs.ws != wait_server_hello) { | 5914 if (ss->ssl3.hs.ws != wait_server_hello) { |
5907 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; | 5915 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; |
5908 desc = unexpected_message; | 5916 desc = unexpected_message; |
5909 goto alert_loser; | 5917 goto alert_loser; |
5910 } | 5918 } |
5911 | 5919 |
5912 /* clean up anything left from previous handshake. */ | 5920 /* clean up anything left from previous handshake. */ |
5913 if (ss->ssl3.clientCertChain != NULL) { | 5921 if (ss->ssl3.clientCertChain != NULL) { |
5914 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); | 5922 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); |
5915 ss->ssl3.clientCertChain = NULL; | 5923 ss->ssl3.clientCertChain = NULL; |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5963 | 5971 |
5964 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); | 5972 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); |
5965 if (rv != SECSuccess) { | 5973 if (rv != SECSuccess) { |
5966 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | 5974 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
5967 : handshake_failure; | 5975 : handshake_failure; |
5968 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 5976 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
5969 goto alert_loser; | 5977 goto alert_loser; |
5970 } | 5978 } |
5971 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); | 5979 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); |
5972 | 5980 |
5973 rv = ssl3_InitTLS12HandshakeHash(ss); | 5981 rv = ssl3_InitHandshakeHashes(ss); |
5974 if (rv != SECSuccess) { | 5982 if (rv != SECSuccess) { |
5975 desc = internal_error; | 5983 desc = internal_error; |
5976 errCode = PORT_GetError(); | 5984 errCode = PORT_GetError(); |
5977 goto alert_loser; | 5985 goto alert_loser; |
5978 } | 5986 } |
5979 | 5987 |
5980 rv = ssl3_ConsumeHandshake( | 5988 rv = ssl3_ConsumeHandshake( |
5981 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); | 5989 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); |
5982 if (rv != SECSuccess) { | 5990 if (rv != SECSuccess) { |
5983 goto loser; /* alert has been sent */ | 5991 goto loser; /* alert has been sent */ |
(...skipping 1317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7301 SECItem suites = {siBuffer, NULL, 0}; | 7309 SECItem suites = {siBuffer, NULL, 0}; |
7302 SECItem comps = {siBuffer, NULL, 0}; | 7310 SECItem comps = {siBuffer, NULL, 0}; |
7303 PRBool haveSpecWriteLock = PR_FALSE; | 7311 PRBool haveSpecWriteLock = PR_FALSE; |
7304 PRBool haveXmitBufLock = PR_FALSE; | 7312 PRBool haveXmitBufLock = PR_FALSE; |
7305 | 7313 |
7306 SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", | 7314 SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", |
7307 SSL_GETPID(), ss->fd)); | 7315 SSL_GETPID(), ss->fd)); |
7308 | 7316 |
7309 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 7317 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
7310 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 7318 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
7319 PORT_Assert( ss->ssl3.initialized ); | |
7311 | 7320 |
7312 /* Get peer name of client */ | 7321 /* Get peer name of client */ |
7313 rv = ssl_GetPeerInfo(ss); | 7322 rv = ssl_GetPeerInfo(ss); |
7314 if (rv != SECSuccess) { | 7323 if (rv != SECSuccess) { |
7315 return rv; /* error code is set. */ | 7324 return rv; /* error code is set. */ |
7316 } | 7325 } |
7317 | 7326 |
7318 /* Clearing the handshake pointers so that ssl_Do1stHandshake won't | 7327 /* Clearing the handshake pointers so that ssl_Do1stHandshake won't |
7319 * call ssl2_HandleMessage. | 7328 * call ssl2_HandleMessage. |
7320 * | 7329 * |
7321 * The issue here is that TLS ordinarily starts out in | 7330 * The issue here is that TLS ordinarily starts out in |
7322 * ssl2_HandleV3HandshakeRecord() because of the backward-compatibility | 7331 * ssl2_HandleV3HandshakeRecord() because of the backward-compatibility |
7323 * code paths. That function zeroes these next pointers. But with DTLS, | 7332 * code paths. That function zeroes these next pointers. But with DTLS, |
7324 * we don't even try to do the v2 ClientHello so we skip that function | 7333 * we don't even try to do the v2 ClientHello so we skip that function |
7325 * and need to reset these values here. | 7334 * and need to reset these values here. |
7326 */ | 7335 */ |
7327 if (IS_DTLS(ss)) { | 7336 if (IS_DTLS(ss)) { |
7328 ss->nextHandshake = 0; | 7337 ss->nextHandshake = 0; |
7329 ss->securityHandshake = 0; | 7338 ss->securityHandshake = 0; |
7330 } | 7339 } |
7331 | 7340 |
7332 /* We might be starting session renegotiation in which case we should | 7341 /* We might be starting session renegotiation in which case we should |
7333 * clear previous state. | 7342 * clear previous state. |
7334 */ | 7343 */ |
7335 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 7344 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
7336 ss->statelessResume = PR_FALSE; | 7345 ss->statelessResume = PR_FALSE; |
7337 | 7346 |
7338 rv = ssl3_InitState(ss); | |
7339 if (rv != SECSuccess) { | |
7340 return rv; /* ssl3_InitState has set the error code. */ | |
7341 } | |
7342 | |
7343 if ((ss->ssl3.hs.ws != wait_client_hello) && | 7347 if ((ss->ssl3.hs.ws != wait_client_hello) && |
7344 (ss->ssl3.hs.ws != idle_handshake)) { | 7348 (ss->ssl3.hs.ws != idle_handshake)) { |
7345 desc = unexpected_message; | 7349 desc = unexpected_message; |
7346 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; | 7350 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; |
7347 goto alert_loser; | 7351 goto alert_loser; |
7348 } | 7352 } |
7349 if (ss->ssl3.hs.ws == idle_handshake && | 7353 if (ss->ssl3.hs.ws == idle_handshake && |
7350 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { | 7354 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { |
7351 desc = no_renegotiation; | 7355 desc = no_renegotiation; |
7352 level = alert_warning; | 7356 level = alert_warning; |
(...skipping 18 matching lines...) Expand all Loading... | |
7371 } | 7375 } |
7372 | 7376 |
7373 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); | 7377 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); |
7374 if (rv != SECSuccess) { | 7378 if (rv != SECSuccess) { |
7375 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | 7379 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
7376 : handshake_failure; | 7380 : handshake_failure; |
7377 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 7381 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
7378 goto alert_loser; | 7382 goto alert_loser; |
7379 } | 7383 } |
7380 | 7384 |
7381 rv = ssl3_InitTLS12HandshakeHash(ss); | 7385 rv = ssl3_InitHandshakeHashes(ss); |
7382 if (rv != SECSuccess) { | 7386 if (rv != SECSuccess) { |
7383 desc = internal_error; | 7387 desc = internal_error; |
7384 errCode = PORT_GetError(); | 7388 errCode = PORT_GetError(); |
7385 goto alert_loser; | 7389 goto alert_loser; |
7386 } | 7390 } |
7387 | 7391 |
7388 /* grab the client random data. */ | 7392 /* grab the client random data. */ |
7389 rv = ssl3_ConsumeHandshake( | 7393 rv = ssl3_ConsumeHandshake( |
7390 ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length); | 7394 ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length); |
7391 if (rv != SECSuccess) { | 7395 if (rv != SECSuccess) { |
(...skipping 707 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8099 | 8103 |
8100 ssl_GetSSL3HandshakeLock(ss); | 8104 ssl_GetSSL3HandshakeLock(ss); |
8101 | 8105 |
8102 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 8106 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
8103 | 8107 |
8104 rv = ssl3_InitState(ss); | 8108 rv = ssl3_InitState(ss); |
8105 if (rv != SECSuccess) { | 8109 if (rv != SECSuccess) { |
8106 ssl_ReleaseSSL3HandshakeLock(ss); | 8110 ssl_ReleaseSSL3HandshakeLock(ss); |
8107 return rv; /* ssl3_InitState has set the error code. */ | 8111 return rv; /* ssl3_InitState has set the error code. */ |
8108 } | 8112 } |
8113 rv = ssl3_RestartHandshakeHashes(ss); | |
8114 if (rv != SECSuccess) { | |
8115 ssl_ReleaseSSL3HandshakeLock(ss); | |
8116 return rv; | |
8117 } | |
8109 | 8118 |
8110 if (ss->ssl3.hs.ws != wait_client_hello) { | 8119 if (ss->ssl3.hs.ws != wait_client_hello) { |
8111 desc = unexpected_message; | 8120 desc = unexpected_message; |
8112 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; | 8121 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; |
8113 goto loser; /* alert_loser */ | 8122 goto loser; /* alert_loser */ |
8114 } | 8123 } |
8115 | 8124 |
8116 version = (buffer[1] << 8) | buffer[2]; | 8125 version = (buffer[1] << 8) | buffer[2]; |
8117 suite_length = (buffer[3] << 8) | buffer[4]; | 8126 suite_length = (buffer[3] << 8) | buffer[4]; |
8118 sid_length = (buffer[5] << 8) | buffer[6]; | 8127 sid_length = (buffer[5] << 8) | buffer[6]; |
8119 rand_length = (buffer[7] << 8) | buffer[8]; | 8128 rand_length = (buffer[7] << 8) | buffer[8]; |
8120 ss->clientHelloVersion = version; | 8129 ss->clientHelloVersion = version; |
8121 | 8130 |
8122 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); | 8131 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); |
8123 if (rv != SECSuccess) { | 8132 if (rv != SECSuccess) { |
8124 /* send back which ever alert client will understand. */ | 8133 /* send back which ever alert client will understand. */ |
8125 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshak e_failure; | 8134 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshak e_failure; |
8126 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 8135 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
8127 goto alert_loser; | 8136 goto alert_loser; |
8128 } | 8137 } |
8129 | 8138 |
8130 rv = ssl3_InitTLS12HandshakeHash(ss); | 8139 rv = ssl3_InitHandshakeHashes(ss); |
8131 if (rv != SECSuccess) { | 8140 if (rv != SECSuccess) { |
8132 desc = internal_error; | 8141 desc = internal_error; |
8133 errCode = PORT_GetError(); | 8142 errCode = PORT_GetError(); |
8134 goto alert_loser; | 8143 goto alert_loser; |
8135 } | 8144 } |
8136 | 8145 |
8137 /* if we get a non-zero SID, just ignore it. */ | 8146 /* if we get a non-zero SID, just ignore it. */ |
8138 if (length != | 8147 if (length != |
8139 SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) { | 8148 SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) { |
8140 SSL_DBG(("%d: SSL3[%d]: bad v2 client hello message, len=%d should=%d", | 8149 SSL_DBG(("%d: SSL3[%d]: bad v2 client hello message, len=%d should=%d", |
(...skipping 710 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8851 unsigned int outLen = 0; | 8860 unsigned int outLen = 0; |
8852 #endif | 8861 #endif |
8853 PRBool isTLS = PR_FALSE; | 8862 PRBool isTLS = PR_FALSE; |
8854 SECStatus rv; | 8863 SECStatus rv; |
8855 SECItem enc_pms; | 8864 SECItem enc_pms; |
8856 unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; | 8865 unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; |
8857 SECItem pmsItem = {siBuffer, NULL, 0}; | 8866 SECItem pmsItem = {siBuffer, NULL, 0}; |
8858 | 8867 |
8859 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 8868 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
8860 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 8869 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
8870 PORT_Assert( ss->ssl3.prSpec == ss->ssl3.pwSpec ); | |
8861 | 8871 |
8862 enc_pms.data = b; | 8872 enc_pms.data = b; |
8863 enc_pms.len = length; | 8873 enc_pms.len = length; |
8864 pmsItem.data = rsaPmsBuf; | 8874 pmsItem.data = rsaPmsBuf; |
8865 pmsItem.len = sizeof rsaPmsBuf; | 8875 pmsItem.len = sizeof rsaPmsBuf; |
8866 | 8876 |
8867 if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */ | 8877 if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */ |
8868 PRInt32 kLen; | 8878 PRInt32 kLen; |
8869 kLen = ssl3_ConsumeHandshakeNumber(ss, 2, &enc_pms.data, &enc_pms.len); | 8879 kLen = ssl3_ConsumeHandshakeNumber(ss, 2, &enc_pms.data, &enc_pms.len); |
8870 if (kLen < 0) { | 8880 if (kLen < 0) { |
(...skipping 1008 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9879 rv = SECFailure; | 9889 rv = SECFailure; |
9880 #else | 9890 #else |
9881 SECItem inData = { siBuffer, }; | 9891 SECItem inData = { siBuffer, }; |
9882 SECItem outData = { siBuffer, }; | 9892 SECItem outData = { siBuffer, }; |
9883 PRBool isFIPS = PR_FALSE; | 9893 PRBool isFIPS = PR_FALSE; |
9884 | 9894 |
9885 inData.data = (unsigned char *) val; | 9895 inData.data = (unsigned char *) val; |
9886 inData.len = valLen; | 9896 inData.len = valLen; |
9887 outData.data = out; | 9897 outData.data = out; |
9888 outData.len = outLen; | 9898 outData.len = outLen; |
9889 » rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); | 9899 » if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { |
9900 » rv = TLS_P_hash(HASH_AlgSHA256, &spec->msItem, label, &inData, | |
9901 » » » &outData, isFIPS); | |
9902 » } else { | |
9903 » rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); | |
9904 » } | |
9890 PORT_Assert(rv != SECSuccess || outData.len == outLen); | 9905 PORT_Assert(rv != SECSuccess || outData.len == outLen); |
9891 #endif | 9906 #endif |
9892 } | 9907 } |
9893 return rv; | 9908 return rv; |
9894 } | 9909 } |
9895 | 9910 |
9896 /* called from ssl3_HandleServerHelloDone | 9911 /* called from ssl3_HandleServerHelloDone |
9897 */ | 9912 */ |
9898 static SECStatus | 9913 static SECStatus |
9899 ssl3_SendNextProto(sslSocket *ss) | 9914 ssl3_SendNextProto(sslSocket *ss) |
(...skipping 653 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10553 rSpec = ss->ssl3.crSpec; | 10568 rSpec = ss->ssl3.crSpec; |
10554 } | 10569 } |
10555 rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); | 10570 rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); |
10556 } | 10571 } |
10557 ssl_ReleaseSpecReadLock(ss); /************************************/ | 10572 ssl_ReleaseSpecReadLock(ss); /************************************/ |
10558 if (rv != SECSuccess) { | 10573 if (rv != SECSuccess) { |
10559 return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/ | 10574 return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/ |
10560 } | 10575 } |
10561 SSL_TRC(30,("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(), | 10576 SSL_TRC(30,("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(), |
10562 ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type))); | 10577 ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type))); |
10563 PRINT_BUF(60, (ss, "MD5 handshake hash:", | |
10564 (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH)); | |
10565 PRINT_BUF(95, (ss, "SHA handshake hash:", | |
10566 (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH)); | |
wtc
2013/06/15 19:40:55
These two PRINT_BUF statements are also broken and
| |
10567 | 10578 |
10568 hdr[0] = (PRUint8)ss->ssl3.hs.msg_type; | 10579 hdr[0] = (PRUint8)ss->ssl3.hs.msg_type; |
10569 hdr[1] = (PRUint8)(length >> 16); | 10580 hdr[1] = (PRUint8)(length >> 16); |
10570 hdr[2] = (PRUint8)(length >> 8); | 10581 hdr[2] = (PRUint8)(length >> 8); |
10571 hdr[3] = (PRUint8)(length ); | 10582 hdr[3] = (PRUint8)(length ); |
10572 | 10583 |
10573 /* Start new handshake hashes when we start a new handshake */ | 10584 /* Start new handshake hashes when we start a new handshake */ |
10574 if (ss->ssl3.hs.msg_type == client_hello) { | 10585 if (ss->ssl3.hs.msg_type == client_hello) { |
10575 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", | |
10576 SSL_GETPID(), ss->fd )); | |
10577 rv = ssl3_RestartHandshakeHashes(ss); | 10586 rv = ssl3_RestartHandshakeHashes(ss); |
10578 if (rv != SECSuccess) { | 10587 if (rv != SECSuccess) { |
10579 return rv; | 10588 return rv; |
10580 } | 10589 } |
10581 } | 10590 } |
10582 /* We should not include hello_request and hello_verify_request messages | 10591 /* We should not include hello_request and hello_verify_request messages |
10583 * in the handshake hashes */ | 10592 * in the handshake hashes */ |
10584 if ((ss->ssl3.hs.msg_type != hello_request) && | 10593 if ((ss->ssl3.hs.msg_type != hello_request) && |
10585 (ss->ssl3.hs.msg_type != hello_verify_request)) { | 10594 (ss->ssl3.hs.msg_type != hello_verify_request)) { |
10586 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); | 10595 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); |
(...skipping 932 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
11519 | 11528 |
11520 spec->epoch = 0; | 11529 spec->epoch = 0; |
11521 dtls_InitRecvdRecords(&spec->recvdRecords); | 11530 dtls_InitRecvdRecords(&spec->recvdRecords); |
11522 | 11531 |
11523 spec->version = ss->vrange.max; | 11532 spec->version = ss->vrange.max; |
11524 } | 11533 } |
11525 | 11534 |
11526 /* Called from: ssl3_SendRecord | 11535 /* Called from: ssl3_SendRecord |
11527 ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake() | 11536 ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake() |
11528 ** ssl3_SendClientHello() | 11537 ** ssl3_SendClientHello() |
11529 ** ssl3_HandleServerHello() | |
11530 ** ssl3_HandleClientHello() | |
11531 ** ssl3_HandleV2ClientHello() | 11538 ** ssl3_HandleV2ClientHello() |
11532 ** ssl3_HandleRecord() | 11539 ** ssl3_HandleRecord() |
11533 ** | 11540 ** |
11534 ** This function should perhaps acquire and release the SpecWriteLock. | 11541 ** This function should perhaps acquire and release the SpecWriteLock. |
11535 ** | 11542 ** |
11536 ** | 11543 ** |
11537 */ | 11544 */ |
11538 static SECStatus | 11545 static SECStatus |
11539 ssl3_InitState(sslSocket *ss) | 11546 ssl3_InitState(sslSocket *ss) |
11540 { | 11547 { |
11541 SECStatus rv; | |
11542 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 11548 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
11543 | 11549 |
11544 if (ss->ssl3.initialized) | 11550 if (ss->ssl3.initialized) |
11545 return SECSuccess; /* Function should be idempotent */ | 11551 return SECSuccess; /* Function should be idempotent */ |
11546 | 11552 |
11547 ss->ssl3.policy = SSL_ALLOWED; | 11553 ss->ssl3.policy = SSL_ALLOWED; |
11548 | 11554 |
11549 ssl_GetSpecWriteLock(ss); | 11555 ssl_GetSpecWriteLock(ss); |
11550 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; | 11556 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; |
11551 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; | 11557 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; |
(...skipping 12 matching lines...) Expand all Loading... | |
11564 if (IS_DTLS(ss)) { | 11570 if (IS_DTLS(ss)) { |
11565 ss->ssl3.hs.sendMessageSeq = 0; | 11571 ss->ssl3.hs.sendMessageSeq = 0; |
11566 ss->ssl3.hs.recvMessageSeq = 0; | 11572 ss->ssl3.hs.recvMessageSeq = 0; |
11567 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; | 11573 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; |
11568 ss->ssl3.hs.rtRetries = 0; | 11574 ss->ssl3.hs.rtRetries = 0; |
11569 ss->ssl3.hs.recvdHighWater = -1; | 11575 ss->ssl3.hs.recvdHighWater = -1; |
11570 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); | 11576 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); |
11571 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */ | 11577 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */ |
11572 } | 11578 } |
11573 | 11579 |
11574 rv = ssl3_NewHandshakeHashes(ss); | 11580 PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space); |
11575 if (rv == SECSuccess) { | 11581 ss->ssl3.hs.messages.buf = NULL; |
11576 » ss->ssl3.initialized = PR_TRUE; | 11582 ss->ssl3.hs.messages.space = 0; |
11577 } | |
11578 | 11583 |
11579 return rv; | 11584 ss->ssl3.initialized = PR_TRUE; |
11585 return SECSuccess; | |
11580 } | 11586 } |
11581 | 11587 |
11582 /* Returns a reference counted object that contains a key pair. | 11588 /* Returns a reference counted object that contains a key pair. |
11583 * Or NULL on failure. Initial ref count is 1. | 11589 * Or NULL on failure. Initial ref count is 1. |
11584 * Uses the keys in the pair as input. | 11590 * Uses the keys in the pair as input. |
11585 */ | 11591 */ |
11586 ssl3KeyPair * | 11592 ssl3KeyPair * |
11587 ssl3_NewKeyPair( SECKEYPrivateKey * privKey, SECKEYPublicKey * pubKey) | 11593 ssl3_NewKeyPair( SECKEYPrivateKey * privKey, SECKEYPublicKey * pubKey) |
11588 { | 11594 { |
11589 ssl3KeyPair * pair; | 11595 ssl3KeyPair * pair; |
(...skipping 345 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
11935 ssl3_CleanupPeerCerts(ss); | 11941 ssl3_CleanupPeerCerts(ss); |
11936 | 11942 |
11937 if (ss->ssl3.clientCertChain != NULL) { | 11943 if (ss->ssl3.clientCertChain != NULL) { |
11938 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); | 11944 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); |
11939 ss->ssl3.clientCertChain = NULL; | 11945 ss->ssl3.clientCertChain = NULL; |
11940 } | 11946 } |
11941 | 11947 |
11942 /* clean up handshake */ | 11948 /* clean up handshake */ |
11943 #ifndef NO_PKCS11_BYPASS | 11949 #ifndef NO_PKCS11_BYPASS |
11944 if (ss->opt.bypassPKCS11) { | 11950 if (ss->opt.bypassPKCS11) { |
11945 » SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); | 11951 » if (ss->ssl3.hs.hashType == HANDSHAKE_HASH_COMBO) { |
11946 » MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); | 11952 » SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); |
11953 » MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); | |
11954 » } else if (ss->ssl3.hs.hashType == HANDSHAKE_HASH_SINGLE) { | |
11955 » ss->ssl3.hs.sha_obj->destroy(ss->ssl3.hs.sha_cx, PR_FALSE); | |
11956 » } | |
11947 } | 11957 } |
11948 #endif | 11958 #endif |
11949 if (ss->ssl3.hs.md5) { | 11959 if (ss->ssl3.hs.md5) { |
11950 PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); | 11960 PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); |
11951 } | 11961 } |
11952 if (ss->ssl3.hs.sha) { | 11962 if (ss->ssl3.hs.sha) { |
11953 PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); | 11963 PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); |
11954 } | 11964 } |
11955 if (ss->ssl3.hs.tls12_handshake_hash) { | |
11956 PK11_DestroyContext(ss->ssl3.hs.tls12_handshake_hash,PR_TRUE); | |
11957 } | |
11958 if (ss->ssl3.hs.clientSigAndHash) { | 11965 if (ss->ssl3.hs.clientSigAndHash) { |
11959 PORT_Free(ss->ssl3.hs.clientSigAndHash); | 11966 PORT_Free(ss->ssl3.hs.clientSigAndHash); |
11960 } | 11967 } |
11961 if (ss->ssl3.hs.messages.buf) { | 11968 if (ss->ssl3.hs.messages.buf) { |
11962 PORT_Free(ss->ssl3.hs.messages.buf); | 11969 PORT_Free(ss->ssl3.hs.messages.buf); |
11963 ss->ssl3.hs.messages.buf = NULL; | 11970 ss->ssl3.hs.messages.buf = NULL; |
11964 ss->ssl3.hs.messages.len = 0; | 11971 ss->ssl3.hs.messages.len = 0; |
11965 ss->ssl3.hs.messages.space = 0; | 11972 ss->ssl3.hs.messages.space = 0; |
11966 } | 11973 } |
11967 | 11974 |
(...skipping 11 matching lines...) Expand all Loading... | |
11979 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 11986 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
11980 } | 11987 } |
11981 } | 11988 } |
11982 | 11989 |
11983 ss->ssl3.initialized = PR_FALSE; | 11990 ss->ssl3.initialized = PR_FALSE; |
11984 | 11991 |
11985 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 11992 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
11986 } | 11993 } |
11987 | 11994 |
11988 /* End of ssl3con.c */ | 11995 /* End of ssl3con.c */ |
OLD | NEW |