| OLD | NEW |
|---|
| 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| 2 /* | 2 /* |
| 3 * SSL3 Protocol | 3 * SSL3 Protocol |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 /* $Id$ */ | 8 /* $Id$ */ |
| 9 | 9 |
| 10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 62 static SECStatus ssl3_SendCertificate( sslSocket *ss); | 62 static SECStatus ssl3_SendCertificate( sslSocket *ss); |
| 63 static SECStatus ssl3_SendCertificateStatus( sslSocket *ss); | 63 static SECStatus ssl3_SendCertificateStatus( sslSocket *ss); |
| 64 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); | 64 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); |
| 65 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); | 65 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); |
| 66 static SECStatus ssl3_SendNextProto( sslSocket *ss); | 66 static SECStatus ssl3_SendNextProto( sslSocket *ss); |
| 67 static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); | 67 static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); |
| 68 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); | 68 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); |
| 69 static SECStatus ssl3_SendServerHello( sslSocket *ss); | 69 static SECStatus ssl3_SendServerHello( sslSocket *ss); |
| 70 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); | 70 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); |
| 71 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); | 71 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); |
| 72 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss); | |
| 73 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, | 72 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, |
| 74 const unsigned char *b, | 73 const unsigned char *b, |
| 75 unsigned int l); | 74 unsigned int l); |
| 76 static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); | 75 static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); |
| 77 static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid); | 76 static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid); |
| 78 | 77 |
| 79 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, | 78 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, |
| 80 int maxOutputLen, const unsigned char *input, | 79 int maxOutputLen, const unsigned char *input, |
| 81 int inputLen); | 80 int inputLen); |
| 82 | 81 |
| (...skipping 982 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1065 hashes->len = MD5_LENGTH + SHA1_LENGTH; | 1064 hashes->len = MD5_LENGTH + SHA1_LENGTH; |
| 1066 } else if (hashAlg == SEC_OID_SHA1) { | 1065 } else if (hashAlg == SEC_OID_SHA1) { |
| 1067 SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); | 1066 SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); |
| 1068 hashes->len = SHA1_LENGTH; | 1067 hashes->len = SHA1_LENGTH; |
| 1069 } else if (hashAlg == SEC_OID_SHA256) { | 1068 } else if (hashAlg == SEC_OID_SHA256) { |
| 1070 SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); | 1069 SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); |
| 1071 hashes->len = SHA256_LENGTH; | 1070 hashes->len = SHA256_LENGTH; |
| 1072 } else if (hashAlg == SEC_OID_SHA384) { | 1071 } else if (hashAlg == SEC_OID_SHA384) { |
| 1073 SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); | 1072 SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); |
| 1074 hashes->len = SHA384_LENGTH; | 1073 hashes->len = SHA384_LENGTH; |
| 1074 } else if (hashAlg == SEC_OID_SHA512) { |
| 1075 SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen); |
| 1076 hashes->len = SHA512_LENGTH; |
| 1075 } else { | 1077 } else { |
| 1076 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); | 1078 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); |
| 1077 return SECFailure; | 1079 return SECFailure; |
| 1078 } | 1080 } |
| 1079 } else | 1081 } else |
| 1080 #endif | 1082 #endif |
| 1081 { | 1083 { |
| 1082 if (hashAlg == SEC_OID_UNKNOWN) { | 1084 if (hashAlg == SEC_OID_UNKNOWN) { |
| 1083 rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); | 1085 rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); |
| 1084 if (rv != SECSuccess) { | 1086 if (rv != SECSuccess) { |
| (...skipping 443 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1528 default: | 1530 default: |
| 1529 PORT_Assert(0); | 1531 PORT_Assert(0); |
| 1530 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 1532 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
| 1531 return SECFailure; | 1533 return SECFailure; |
| 1532 } | 1534 } |
| 1533 | 1535 |
| 1534 return SECSuccess; | 1536 return SECSuccess; |
| 1535 } | 1537 } |
| 1536 | 1538 |
| 1537 #ifndef NO_PKCS11_BYPASS | 1539 #ifndef NO_PKCS11_BYPASS |
| 1538 /* Initialize encryption and MAC contexts for pending spec. | 1540 /* Initialize encryption contexts for pending spec. |
| 1541 * MAC contexts are set up when computing the mac, not here. |
| 1539 * Master Secret already is derived in spec->msItem | 1542 * Master Secret already is derived in spec->msItem |
| 1540 * Caller holds Spec write lock. | 1543 * Caller holds Spec write lock. |
| 1541 */ | 1544 */ |
| 1542 static SECStatus | 1545 static SECStatus |
| 1543 ssl3_InitPendingContextsBypass(sslSocket *ss) | 1546 ssl3_InitPendingContextsBypass(sslSocket *ss) |
| 1544 { | 1547 { |
| 1545 ssl3CipherSpec * pwSpec; | 1548 ssl3CipherSpec * pwSpec; |
| 1546 const ssl3BulkCipherDef *cipher_def; | 1549 const ssl3BulkCipherDef *cipher_def; |
| 1547 void * serverContext = NULL; | 1550 void * serverContext = NULL; |
| 1548 void * clientContext = NULL; | 1551 void * clientContext = NULL; |
| 1549 BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL; | 1552 BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL; |
| 1550 int mode = 0; | 1553 int mode = 0; |
| 1551 unsigned int optArg1 = 0; | 1554 unsigned int optArg1 = 0; |
| 1552 unsigned int optArg2 = 0; | 1555 unsigned int optArg2 = 0; |
| 1553 PRBool server_encrypts = ss->sec.isServer; | 1556 PRBool server_encrypts = ss->sec.isServer; |
| 1554 CK_ULONG macLength; | |
| 1555 SSLCipherAlgorithm calg; | 1557 SSLCipherAlgorithm calg; |
| 1556 SSLCompressionMethod compression_method; | 1558 SSLCompressionMethod compression_method; |
| 1557 SECStatus rv; | 1559 SECStatus rv; |
| 1558 | 1560 |
| 1559 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 1561 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
| 1560 PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); | 1562 PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); |
| 1561 PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); | 1563 PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); |
| 1562 | 1564 |
| 1563 pwSpec = ss->ssl3.pwSpec; | 1565 pwSpec = ss->ssl3.pwSpec; |
| 1564 cipher_def = pwSpec->cipher_def; | 1566 cipher_def = pwSpec->cipher_def; |
| 1565 macLength = pwSpec->mac_size; | |
| 1566 | |
| 1567 /* MAC setup is done when computing the mac, not here. | |
| 1568 * Now setup the crypto contexts. | |
| 1569 */ | |
| 1570 | 1567 |
| 1571 calg = cipher_def->calg; | 1568 calg = cipher_def->calg; |
| 1572 compression_method = pwSpec->compression_method; | 1569 compression_method = pwSpec->compression_method; |
| 1573 | 1570 |
| 1574 serverContext = pwSpec->server.cipher_context; | 1571 serverContext = pwSpec->server.cipher_context; |
| 1575 clientContext = pwSpec->client.cipher_context; | 1572 clientContext = pwSpec->client.cipher_context; |
| 1576 | 1573 |
| 1577 switch (calg) { | 1574 switch (calg) { |
| 1578 case ssl_calg_null: | 1575 case ssl_calg_null: |
| 1579 pwSpec->encode = Null_Cipher; | 1576 pwSpec->encode = Null_Cipher; |
| (...skipping 1872 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3452 } | 3449 } |
| 3453 #ifndef NO_PKCS11_BYPASS | 3450 #ifndef NO_PKCS11_BYPASS |
| 3454 if (ss->opt.bypassPKCS11) { | 3451 if (ss->opt.bypassPKCS11) { |
| 3455 SECItem * keydata; | 3452 SECItem * keydata; |
| 3456 /* In hope of doing a "double bypass", | 3453 /* In hope of doing a "double bypass", |
| 3457 * need to extract the master secret's value from the key object | 3454 * need to extract the master secret's value from the key object |
| 3458 * and store it raw in the sslSocket struct. | 3455 * and store it raw in the sslSocket struct. |
| 3459 */ | 3456 */ |
| 3460 rv = PK11_ExtractKeyValue(pwSpec->master_secret); | 3457 rv = PK11_ExtractKeyValue(pwSpec->master_secret); |
| 3461 if (rv != SECSuccess) { | 3458 if (rv != SECSuccess) { |
| 3462 #if defined(NSS_SURVIVE_DOUBLE_BYPASS_FAILURE) | |
| 3463 /* The double bypass failed. | |
| 3464 * Attempt to revert to an all PKCS#11, non-bypass method. | |
| 3465 * Do we need any unacquired locks here? | |
| 3466 */ | |
| 3467 ss->opt.bypassPKCS11 = 0; | |
| 3468 rv = ssl3_NewHandshakeHashes(ss); | |
| 3469 if (rv == SECSuccess) { | |
| 3470 rv = ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf, | |
| 3471 ss->ssl3.hs.messages.len); | |
| 3472 } | |
| 3473 #endif | |
| 3474 return rv; | 3459 return rv; |
| 3475 } | 3460 } |
| 3476 /* This returns the address of the secItem inside the key struct, | 3461 /* This returns the address of the secItem inside the key struct, |
| 3477 * not a copy or a reference. So, there's no need to free it. | 3462 * not a copy or a reference. So, there's no need to free it. |
| 3478 */ | 3463 */ |
| 3479 keydata = PK11_GetKeyData(pwSpec->master_secret); | 3464 keydata = PK11_GetKeyData(pwSpec->master_secret); |
| 3480 if (keydata && keydata->len <= sizeof pwSpec->raw_master_secret) { | 3465 if (keydata && keydata->len <= sizeof pwSpec->raw_master_secret) { |
| 3481 memcpy(pwSpec->raw_master_secret, keydata->data, keydata->len); | 3466 memcpy(pwSpec->raw_master_secret, keydata->data, keydata->len); |
| 3482 pwSpec->msItem.data = pwSpec->raw_master_secret; | 3467 pwSpec->msItem.data = pwSpec->raw_master_secret; |
| 3483 pwSpec->msItem.len = keydata->len; | 3468 pwSpec->msItem.len = keydata->len; |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3633 PK11_FreeSymKey(symKey); | 3618 PK11_FreeSymKey(symKey); |
| 3634 return SECSuccess; | 3619 return SECSuccess; |
| 3635 | 3620 |
| 3636 | 3621 |
| 3637 loser: | 3622 loser: |
| 3638 if (symKey) PK11_FreeSymKey(symKey); | 3623 if (symKey) PK11_FreeSymKey(symKey); |
| 3639 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); | 3624 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); |
| 3640 return SECFailure; | 3625 return SECFailure; |
| 3641 } | 3626 } |
| 3642 | 3627 |
| 3643 /* ssl3_InitTLS12HandshakeHash creates a handshake hash context for TLS 1.2, | 3628 /* ssl3_InitHandshakeHashes creates handshake hash contexts and hashes in |
| 3644 * if needed, and hashes in any buffered messages in ss->ssl3.hs.messages. */ | 3629 * buffered messages in ss->ssl3.hs.messages. */ |
| 3645 static SECStatus | 3630 static SECStatus |
| 3646 ssl3_InitTLS12HandshakeHash(sslSocket *ss) | 3631 ssl3_InitHandshakeHashes(sslSocket *ss) |
| 3647 { | 3632 { |
| 3648 if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2 && | 3633 SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd)); |
| 3649 » ss->ssl3.hs.tls12_handshake_hash == NULL) { | 3634 |
| 3650 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 | 3635 PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_unknown); |
| 3651 » * then this will need to be updated. */ | 3636 #ifndef NO_PKCS11_BYPASS |
| 3652 » ss->ssl3.hs.tls12_handshake_hash = | 3637 if (ss->opt.bypassPKCS11) { |
| 3653 » PK11_CreateDigestContext(SEC_OID_SHA256); | 3638 » PORT_Assert(!ss->ssl3.hs.sha_obj && !ss->ssl3.hs.sha_clone); |
| 3654 » if (!ss->ssl3.hs.tls12_handshake_hash || | 3639 » if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { |
| 3655 » PK11_DigestBegin(ss->ssl3.hs.tls12_handshake_hash) != SECSuccess) { | 3640 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 |
| 3656 » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3641 » * then this will need to be updated. */ |
| 3657 » return SECFailure; | 3642 » ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256); |
| 3643 » if (!ss->ssl3.hs.sha_obj) { |
| 3644 » » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
| 3645 » » return SECFailure; |
| 3646 » } |
| 3647 » ss->ssl3.hs.sha_clone = (void (*)(void *, void *))SHA256_Clone; |
| 3648 » ss->ssl3.hs.hashType = handshake_hash_single; |
| 3649 » ss->ssl3.hs.sha_obj->begin(ss->ssl3.hs.sha_cx); |
| 3650 » } else { |
| 3651 » ss->ssl3.hs.hashType = handshake_hash_combo; |
| 3652 » MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); |
| 3653 » SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); |
| 3654 » } |
| 3655 } else |
| 3656 #endif |
| 3657 { |
| 3658 » PORT_Assert(!ss->ssl3.hs.md5 && !ss->ssl3.hs.sha); |
| 3659 » /* |
| 3660 » * note: We should probably lookup an SSL3 slot for these |
| 3661 » * handshake hashes in hopes that we wind up with the same slots |
| 3662 » * that the master secret will wind up in ... |
| 3663 » */ |
| 3664 » if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { |
| 3665 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 |
| 3666 » * then this will need to be updated. */ |
| 3667 » ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA256); |
| 3668 » if (ss->ssl3.hs.sha == NULL) { |
| 3669 » » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
| 3670 » » return SECFailure; |
| 3671 » } |
| 3672 » ss->ssl3.hs.hashType = handshake_hash_single; |
| 3673 |
| 3674 » if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { |
| 3675 » » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
| 3676 » » return SECFailure; |
| 3677 » } |
| 3678 » } else { |
| 3679 » /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or |
| 3680 » * created successfully. */ |
| 3681 » ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5); |
| 3682 » if (ss->ssl3.hs.md5 == NULL) { |
| 3683 » » ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); |
| 3684 » » return SECFailure; |
| 3685 » } |
| 3686 » ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1); |
| 3687 » if (ss->ssl3.hs.sha == NULL) { |
| 3688 » » PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE); |
| 3689 » » ss->ssl3.hs.md5 = NULL; |
| 3690 » » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
| 3691 » » return SECFailure; |
| 3692 » } |
| 3693 » ss->ssl3.hs.hashType = handshake_hash_combo; |
| 3694 |
| 3695 » if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) { |
| 3696 » » ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); |
| 3697 » » return SECFailure; |
| 3698 » } |
| 3699 » if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { |
| 3700 » » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
| 3701 » » return SECFailure; |
| 3702 » } |
| 3658 } | 3703 } |
| 3659 } | 3704 } |
| 3660 | 3705 |
| 3661 if (ss->ssl3.hs.tls12_handshake_hash && ss->ssl3.hs.messages.len > 0) { | 3706 if (ss->ssl3.hs.messages.len > 0) { |
| 3662 » if (PK11_DigestOp(ss->ssl3.hs.tls12_handshake_hash, | 3707 » if (ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf, |
| 3663 » » » ss->ssl3.hs.messages.buf, | 3708 » » » » ss->ssl3.hs.messages.len) != |
| 3664 » » » ss->ssl3.hs.messages.len) != SECSuccess) { | 3709 » SECSuccess) { |
| 3665 » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | |
| 3666 return SECFailure; | 3710 return SECFailure; |
| 3667 } | 3711 } |
| 3668 } | |
| 3669 | |
| 3670 if (ss->ssl3.hs.messages.buf && !ss->opt.bypassPKCS11) { | |
| 3671 PORT_Free(ss->ssl3.hs.messages.buf); | 3712 PORT_Free(ss->ssl3.hs.messages.buf); |
| 3672 ss->ssl3.hs.messages.buf = NULL; | 3713 ss->ssl3.hs.messages.buf = NULL; |
| 3673 ss->ssl3.hs.messages.len = 0; | 3714 ss->ssl3.hs.messages.len = 0; |
| 3674 ss->ssl3.hs.messages.space = 0; | 3715 ss->ssl3.hs.messages.space = 0; |
| 3675 } | 3716 } |
| 3676 | 3717 |
| 3677 return SECSuccess; | 3718 return SECSuccess; |
| 3678 } | 3719 } |
| 3679 | 3720 |
| 3680 static SECStatus | 3721 static SECStatus |
| 3681 ssl3_RestartHandshakeHashes(sslSocket *ss) | 3722 ssl3_RestartHandshakeHashes(sslSocket *ss) |
| 3682 { | 3723 { |
| 3683 SECStatus rv = SECSuccess; | 3724 SECStatus rv = SECSuccess; |
| 3684 | 3725 |
| 3726 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", |
| 3727 SSL_GETPID(), ss->fd )); |
| 3728 ss->ssl3.hs.hashType = handshake_hash_unknown; |
| 3685 ss->ssl3.hs.messages.len = 0; | 3729 ss->ssl3.hs.messages.len = 0; |
| 3686 #ifndef NO_PKCS11_BYPASS | 3730 #ifndef NO_PKCS11_BYPASS |
| 3687 if (ss->opt.bypassPKCS11) { | 3731 ss->ssl3.hs.sha_obj = NULL; |
| 3688 » MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); | 3732 ss->ssl3.hs.sha_clone = NULL; |
| 3689 » SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); | |
| 3690 } else | |
| 3691 #endif | 3733 #endif |
| 3692 { | 3734 if (ss->ssl3.hs.md5) { |
| 3693 » if (ss->ssl3.hs.tls12_handshake_hash) { | 3735 » PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); |
| 3694 » rv = PK11_DigestBegin(ss->ssl3.hs.tls12_handshake_hash); | 3736 » ss->ssl3.hs.md5 = NULL; |
| 3695 » if (rv != SECSuccess) { | 3737 } |
| 3696 » » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3738 if (ss->ssl3.hs.sha) { |
| 3697 » » return rv; | 3739 » PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); |
| 3698 » } | 3740 » ss->ssl3.hs.sha = NULL; |
| 3699 » } | |
| 3700 » rv = PK11_DigestBegin(ss->ssl3.hs.md5); | |
| 3701 » if (rv != SECSuccess) { | |
| 3702 » ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | |
| 3703 » return rv; | |
| 3704 » } | |
| 3705 » rv = PK11_DigestBegin(ss->ssl3.hs.sha); | |
| 3706 » if (rv != SECSuccess) { | |
| 3707 » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | |
| 3708 » return rv; | |
| 3709 » } | |
| 3710 } | 3741 } |
| 3711 return rv; | 3742 return rv; |
| 3712 } | 3743 } |
| 3713 | 3744 |
| 3714 static SECStatus | |
| 3715 ssl3_NewHandshakeHashes(sslSocket *ss) | |
| 3716 { | |
| 3717 PK11Context *md5 = NULL; | |
| 3718 PK11Context *sha = NULL; | |
| 3719 | |
| 3720 /* | |
| 3721 * note: We should probably lookup an SSL3 slot for these | |
| 3722 * handshake hashes in hopes that we wind up with the same slots | |
| 3723 * that the master secret will wind up in ... | |
| 3724 */ | |
| 3725 SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd)); | |
| 3726 PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space); | |
| 3727 ss->ssl3.hs.messages.buf = NULL; | |
| 3728 ss->ssl3.hs.messages.space = 0; | |
| 3729 | |
| 3730 ss->ssl3.hs.md5 = md5 = PK11_CreateDigestContext(SEC_OID_MD5); | |
| 3731 ss->ssl3.hs.sha = sha = PK11_CreateDigestContext(SEC_OID_SHA1); | |
| 3732 ss->ssl3.hs.tls12_handshake_hash = NULL; | |
| 3733 if (md5 == NULL) { | |
| 3734 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | |
| 3735 goto loser; | |
| 3736 } | |
| 3737 if (sha == NULL) { | |
| 3738 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | |
| 3739 goto loser; | |
| 3740 } | |
| 3741 if (SECSuccess == ssl3_RestartHandshakeHashes(ss)) { | |
| 3742 return SECSuccess; | |
| 3743 } | |
| 3744 | |
| 3745 loser: | |
| 3746 if (md5 != NULL) { | |
| 3747 PK11_DestroyContext(md5, PR_TRUE); | |
| 3748 ss->ssl3.hs.md5 = NULL; | |
| 3749 } | |
| 3750 if (sha != NULL) { | |
| 3751 PK11_DestroyContext(sha, PR_TRUE); | |
| 3752 ss->ssl3.hs.sha = NULL; | |
| 3753 } | |
| 3754 return SECFailure; | |
| 3755 | |
| 3756 } | |
| 3757 | |
| 3758 /* | 3745 /* |
| 3759 * Handshake messages | 3746 * Handshake messages |
| 3760 */ | 3747 */ |
| 3761 /* Called from» ssl3_AppendHandshake() | 3748 /* Called from» ssl3_InitHandshakeHashes() |
| 3749 **» » ssl3_AppendHandshake() |
| 3762 ** ssl3_StartHandshakeHash() | 3750 ** ssl3_StartHandshakeHash() |
| 3763 ** ssl3_HandleV2ClientHello() | 3751 ** ssl3_HandleV2ClientHello() |
| 3764 ** ssl3_HandleHandshakeMessage() | 3752 ** ssl3_HandleHandshakeMessage() |
| 3765 ** Caller must hold the ssl3Handshake lock. | 3753 ** Caller must hold the ssl3Handshake lock. |
| 3766 */ | 3754 */ |
| 3767 static SECStatus | 3755 static SECStatus |
| 3768 ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, | 3756 ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, |
| 3769 unsigned int l) | 3757 unsigned int l) |
| 3770 { | 3758 { |
| 3771 SECStatus rv = SECSuccess; | 3759 SECStatus rv = SECSuccess; |
| 3772 | 3760 |
| 3773 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 3761 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
| 3774 | 3762 |
| 3775 PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l)); | 3763 /* We need to buffer the handshake messages until we have established |
| 3764 * which handshake hash function to use. */ |
| 3765 if (ss->ssl3.hs.hashType == handshake_hash_unknown) { |
| 3766 » return sslBuffer_Append(&ss->ssl3.hs.messages, b, l); |
| 3767 } |
| 3776 | 3768 |
| 3777 if ((ss->version == 0 || ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) && | 3769 PRINT_BUF(90, (NULL, "handshake hash input:", b, l)); |
| 3778 » !ss->opt.bypassPKCS11 && | |
| 3779 » ss->ssl3.hs.tls12_handshake_hash == NULL) { | |
| 3780 » /* For TLS 1.2 connections we need to buffer the handshake messages | |
| 3781 » * until we have established which PRF hash function to use. */ | |
| 3782 » rv = sslBuffer_Append(&ss->ssl3.hs.messages, b, l); | |
| 3783 » if (rv != SECSuccess) { | |
| 3784 » return rv; | |
| 3785 » } | |
| 3786 } | |
| 3787 | 3770 |
| 3788 #ifndef NO_PKCS11_BYPASS | 3771 #ifndef NO_PKCS11_BYPASS |
| 3789 if (ss->opt.bypassPKCS11) { | 3772 if (ss->opt.bypassPKCS11) { |
| 3790 » MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); | 3773 » if (ss->ssl3.hs.hashType == handshake_hash_single) { |
| 3791 » SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l); | 3774 » ss->ssl3.hs.sha_obj->update(ss->ssl3.hs.sha_cx, b, l); |
| 3792 #if defined(NSS_SURVIVE_DOUBLE_BYPASS_FAILURE) | 3775 » } else { |
| 3793 » rv = sslBuffer_Append(&ss->ssl3.hs.messages, b, l); | 3776 » MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); |
| 3794 #endif | 3777 » SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l); |
| 3778 » } |
| 3795 return rv; | 3779 return rv; |
| 3796 } | 3780 } |
| 3797 #endif | 3781 #endif |
| 3798 if (ss->ssl3.hs.tls12_handshake_hash) { | 3782 if (ss->ssl3.hs.hashType == handshake_hash_single) { |
| 3799 » rv = PK11_DigestOp(ss->ssl3.hs.tls12_handshake_hash, b, l); | 3783 » rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l); |
| 3800 if (rv != SECSuccess) { | 3784 if (rv != SECSuccess) { |
| 3801 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3785 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
| 3802 return rv; | 3786 return rv; |
| 3803 } | 3787 } |
| 3804 } else { | 3788 } else { |
| 3805 rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); | 3789 rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); |
| 3806 if (rv != SECSuccess) { | 3790 if (rv != SECSuccess) { |
| 3807 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | 3791 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); |
| 3808 return rv; | 3792 return rv; |
| 3809 } | 3793 } |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3917 */ | 3901 */ |
| 3918 if (IS_DTLS(ss)) { | 3902 if (IS_DTLS(ss)) { |
| 3919 rv = dtls_StageHandshakeMessage(ss); | 3903 rv = dtls_StageHandshakeMessage(ss); |
| 3920 if (rv != SECSuccess) { | 3904 if (rv != SECSuccess) { |
| 3921 return rv; | 3905 return rv; |
| 3922 } | 3906 } |
| 3923 } | 3907 } |
| 3924 | 3908 |
| 3925 SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s", | 3909 SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s", |
| 3926 SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t))); | 3910 SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t))); |
| 3927 PRINT_BUF(60, (ss, "MD5 handshake hash:", | |
| 3928 (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH)); | |
| 3929 PRINT_BUF(95, (ss, "SHA handshake hash:", | |
| 3930 (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH)); | |
| 3931 | 3911 |
| 3932 rv = ssl3_AppendHandshakeNumber(ss, t, 1); | 3912 rv = ssl3_AppendHandshakeNumber(ss, t, 1); |
| 3933 if (rv != SECSuccess) { | 3913 if (rv != SECSuccess) { |
| 3934 return rv; /* error code set by AppendHandshake, if applicable. */ | 3914 return rv; /* error code set by AppendHandshake, if applicable. */ |
| 3935 } | 3915 } |
| 3936 rv = ssl3_AppendHandshakeNumber(ss, length, 3); | 3916 rv = ssl3_AppendHandshakeNumber(ss, length, 3); |
| 3937 if (rv != SECSuccess) { | 3917 if (rv != SECSuccess) { |
| 3938 return rv; /* error code set by AppendHandshake, if applicable. */ | 3918 return rv; /* error code set by AppendHandshake, if applicable. */ |
| 3939 } | 3919 } |
| 3940 | 3920 |
| (...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4268 SECStatus rv = SECSuccess; | 4248 SECStatus rv = SECSuccess; |
| 4269 PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); | 4249 PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); |
| 4270 unsigned int outLength; | 4250 unsigned int outLength; |
| 4271 SSL3Opaque md5_inner[MAX_MAC_LENGTH]; | 4251 SSL3Opaque md5_inner[MAX_MAC_LENGTH]; |
| 4272 SSL3Opaque sha_inner[MAX_MAC_LENGTH]; | 4252 SSL3Opaque sha_inner[MAX_MAC_LENGTH]; |
| 4273 | 4253 |
| 4274 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 4254 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
| 4275 hashes->hashAlg = SEC_OID_UNKNOWN; | 4255 hashes->hashAlg = SEC_OID_UNKNOWN; |
| 4276 | 4256 |
| 4277 #ifndef NO_PKCS11_BYPASS | 4257 #ifndef NO_PKCS11_BYPASS |
| 4278 if (ss->opt.bypassPKCS11) { | 4258 if (ss->opt.bypassPKCS11 && |
| 4259 » ss->ssl3.hs.hashType == handshake_hash_single) { |
| 4260 » /* compute them without PKCS11 */ |
| 4261 » PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
| 4262 |
| 4263 » if (!spec->msItem.data) { |
| 4264 » PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
| 4265 » return SECFailure; |
| 4266 » } |
| 4267 |
| 4268 » ss->ssl3.hs.sha_clone(sha_cx, ss->ssl3.hs.sha_cx); |
| 4269 » ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len, |
| 4270 » » » » sizeof(hashes->u.raw)); |
| 4271 |
| 4272 » PRINT_BUF(60, (NULL, "SHA-256: result", hashes->u.raw, hashes->len)); |
| 4273 |
| 4274 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 |
| 4275 » * then this will need to be updated. */ |
| 4276 » hashes->hashAlg = SEC_OID_SHA256; |
| 4277 » rv = SECSuccess; |
| 4278 } else if (ss->opt.bypassPKCS11) { |
| 4279 /* compute them without PKCS11 */ | 4279 /* compute them without PKCS11 */ |
| 4280 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; | 4280 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
| 4281 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; | 4281 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
| 4282 | 4282 |
| 4283 #define md5cx ((MD5Context *)md5_cx) | 4283 #define md5cx ((MD5Context *)md5_cx) |
| 4284 #define shacx ((SHA1Context *)sha_cx) | 4284 #define shacx ((SHA1Context *)sha_cx) |
| 4285 | 4285 |
| 4286 if (!spec->msItem.data) { | 4286 if (!spec->msItem.data) { |
| 4287 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); | 4287 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
| 4288 return SECFailure; | 4288 return SECFailure; |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4353 SHA1_End(shacx, hashes->u.s.sha, &outLength, SHA1_LENGTH); | 4353 SHA1_End(shacx, hashes->u.s.sha, &outLength, SHA1_LENGTH); |
| 4354 | 4354 |
| 4355 PRINT_BUF(60, (NULL, "SHA outer: result", hashes->u.s.sha, SHA1_LENGTH))
; | 4355 PRINT_BUF(60, (NULL, "SHA outer: result", hashes->u.s.sha, SHA1_LENGTH))
; |
| 4356 | 4356 |
| 4357 hashes->len = MD5_LENGTH + SHA1_LENGTH; | 4357 hashes->len = MD5_LENGTH + SHA1_LENGTH; |
| 4358 rv = SECSuccess; | 4358 rv = SECSuccess; |
| 4359 #undef md5cx | 4359 #undef md5cx |
| 4360 #undef shacx | 4360 #undef shacx |
| 4361 } else | 4361 } else |
| 4362 #endif | 4362 #endif |
| 4363 if (ss->ssl3.hs.tls12_handshake_hash) { | 4363 if (ss->ssl3.hs.hashType == handshake_hash_single) { |
| 4364 » /* compute hashes with PKCS11 */ |
| 4364 PK11Context *h; | 4365 PK11Context *h; |
| 4365 unsigned int stateLen; | 4366 unsigned int stateLen; |
| 4366 unsigned char stackBuf[1024]; | 4367 unsigned char stackBuf[1024]; |
| 4367 unsigned char *stateBuf = NULL; | 4368 unsigned char *stateBuf = NULL; |
| 4368 | 4369 |
| 4369 if (!spec->master_secret) { | 4370 if (!spec->master_secret) { |
| 4370 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); | 4371 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
| 4371 return SECFailure; | 4372 return SECFailure; |
| 4372 } | 4373 } |
| 4373 | 4374 |
| 4374 » h = ss->ssl3.hs.tls12_handshake_hash; | 4375 » h = ss->ssl3.hs.sha; |
| 4375 stateBuf = PK11_SaveContextAlloc(h, stackBuf, | 4376 stateBuf = PK11_SaveContextAlloc(h, stackBuf, |
| 4376 sizeof(stackBuf), &stateLen); | 4377 sizeof(stackBuf), &stateLen); |
| 4377 if (stateBuf == NULL) { | 4378 if (stateBuf == NULL) { |
| 4378 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 4379 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
| 4379 goto tls12_loser; | 4380 goto tls12_loser; |
| 4380 } | 4381 } |
| 4381 rv |= PK11_DigestFinal(h, hashes->u.raw, &hashes->len, | 4382 rv |= PK11_DigestFinal(h, hashes->u.raw, &hashes->len, |
| 4382 sizeof(hashes->u.raw)); | 4383 sizeof(hashes->u.raw)); |
| 4383 if (rv != SECSuccess) { | 4384 if (rv != SECSuccess) { |
| 4384 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 4385 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
| 4385 rv = SECFailure; | 4386 rv = SECFailure; |
| 4386 goto tls12_loser; | 4387 goto tls12_loser; |
| 4387 } | 4388 } |
| 4388 /* If we ever support ciphersuites where the PRF hash isn't SHA-256 | 4389 /* If we ever support ciphersuites where the PRF hash isn't SHA-256 |
| 4389 * then this will need to be updated. */ | 4390 * then this will need to be updated. */ |
| 4390 hashes->hashAlg = SEC_OID_SHA256; | 4391 hashes->hashAlg = SEC_OID_SHA256; |
| 4391 rv = SECSuccess; | 4392 rv = SECSuccess; |
| 4392 | 4393 |
| 4393 tls12_loser: | 4394 tls12_loser: |
| 4394 if (stateBuf) { | 4395 if (stateBuf) { |
| 4395 » if (PK11_RestoreContext(ss->ssl3.hs.tls12_handshake_hash, stateBuf, | 4396 » if (PK11_RestoreContext(h, stateBuf, stateLen) != SECSuccess) { |
| 4396 » » » » stateLen) != SECSuccess) { | |
| 4397 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 4397 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
| 4398 rv = SECFailure; | 4398 rv = SECFailure; |
| 4399 } | 4399 } |
| 4400 if (stateBuf != stackBuf) { | 4400 if (stateBuf != stackBuf) { |
| 4401 PORT_ZFree(stateBuf, stateLen); | 4401 PORT_ZFree(stateBuf, stateLen); |
| 4402 } | 4402 } |
| 4403 } | 4403 } |
| 4404 } else { | 4404 } else { |
| 4405 » /* compute hases with PKCS11 */ | 4405 » /* compute hashes with PKCS11 */ |
| 4406 PK11Context * md5; | 4406 PK11Context * md5; |
| 4407 PK11Context * sha = NULL; | 4407 PK11Context * sha = NULL; |
| 4408 unsigned char *md5StateBuf = NULL; | 4408 unsigned char *md5StateBuf = NULL; |
| 4409 unsigned char *shaStateBuf = NULL; | 4409 unsigned char *shaStateBuf = NULL; |
| 4410 unsigned int md5StateLen, shaStateLen; | 4410 unsigned int md5StateLen, shaStateLen; |
| 4411 unsigned char md5StackBuf[256]; | 4411 unsigned char md5StackBuf[256]; |
| 4412 unsigned char shaStackBuf[512]; | 4412 unsigned char shaStackBuf[512]; |
| 4413 | 4413 |
| 4414 if (!spec->master_secret) { | 4414 if (!spec->master_secret) { |
| 4415 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); | 4415 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4560 ssl3_StartHandshakeHash(sslSocket *ss, unsigned char * buf, int length) | 4560 ssl3_StartHandshakeHash(sslSocket *ss, unsigned char * buf, int length) |
| 4561 { | 4561 { |
| 4562 SECStatus rv; | 4562 SECStatus rv; |
| 4563 | 4563 |
| 4564 ssl_GetSSL3HandshakeLock(ss); /**************************************/ | 4564 ssl_GetSSL3HandshakeLock(ss); /**************************************/ |
| 4565 | 4565 |
| 4566 rv = ssl3_InitState(ss); | 4566 rv = ssl3_InitState(ss); |
| 4567 if (rv != SECSuccess) { | 4567 if (rv != SECSuccess) { |
| 4568 goto done; /* ssl3_InitState has set the error code. */ | 4568 goto done; /* ssl3_InitState has set the error code. */ |
| 4569 } | 4569 } |
| 4570 rv = ssl3_RestartHandshakeHashes(ss); |
| 4571 if (rv != SECSuccess) { |
| 4572 goto done; |
| 4573 } |
| 4570 | 4574 |
| 4571 PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH); | 4575 PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH); |
| 4572 PORT_Memcpy( | 4576 PORT_Memcpy( |
| 4573 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - SSL_CHALLENGE_BYTES
], | 4577 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - SSL_CHALLENGE_BYTES
], |
| 4574 &ss->sec.ci.clientChallenge, | 4578 &ss->sec.ci.clientChallenge, |
| 4575 SSL_CHALLENGE_BYTES); | 4579 SSL_CHALLENGE_BYTES); |
| 4576 | 4580 |
| 4577 rv = ssl3_UpdateHandshakeHashes(ss, buf, length); | 4581 rv = ssl3_UpdateHandshakeHashes(ss, buf, length); |
| 4578 /* if it failed, ssl3_UpdateHandshakeHashes has set the error code. */ | 4582 /* if it failed, ssl3_UpdateHandshakeHashes has set the error code. */ |
| 4579 | 4583 |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4619 return rv; /* ssl3_InitState has set the error code. */ | 4623 return rv; /* ssl3_InitState has set the error code. */ |
| 4620 } | 4624 } |
| 4621 ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ | 4625 ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ |
| 4622 PORT_Assert(IS_DTLS(ss) || !resending); | 4626 PORT_Assert(IS_DTLS(ss) || !resending); |
| 4623 | 4627 |
| 4624 /* We might be starting a session renegotiation in which case we should | 4628 /* We might be starting a session renegotiation in which case we should |
| 4625 * clear previous state. | 4629 * clear previous state. |
| 4626 */ | 4630 */ |
| 4627 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 4631 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
| 4628 | 4632 |
| 4629 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", | |
| 4630 SSL_GETPID(), ss->fd )); | |
| 4631 rv = ssl3_RestartHandshakeHashes(ss); | 4633 rv = ssl3_RestartHandshakeHashes(ss); |
| 4632 if (rv != SECSuccess) { | 4634 if (rv != SECSuccess) { |
| 4633 return rv; | 4635 return rv; |
| 4634 } | 4636 } |
| 4635 | 4637 |
| 4636 /* | 4638 /* |
| 4637 * During a renegotiation, ss->clientHelloVersion will be used again to | 4639 * During a renegotiation, ss->clientHelloVersion will be used again to |
| 4638 * work around a Windows SChannel bug. Ensure that it is still enabled. | 4640 * work around a Windows SChannel bug. Ensure that it is still enabled. |
| 4639 */ | 4641 */ |
| 4640 if (ss->firstHsDone) { | 4642 if (ss->firstHsDone) { |
| (...skipping 1249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5890 SECItem sidBytes = {siBuffer, NULL, 0}; | 5892 SECItem sidBytes = {siBuffer, NULL, 0}; |
| 5891 PRBool sid_match; | 5893 PRBool sid_match; |
| 5892 PRBool isTLS = PR_FALSE; | 5894 PRBool isTLS = PR_FALSE; |
| 5893 SSL3AlertDescription desc = illegal_parameter; | 5895 SSL3AlertDescription desc = illegal_parameter; |
| 5894 SSL3ProtocolVersion version; | 5896 SSL3ProtocolVersion version; |
| 5895 | 5897 |
| 5896 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake", | 5898 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake", |
| 5897 SSL_GETPID(), ss->fd)); | 5899 SSL_GETPID(), ss->fd)); |
| 5898 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 5900 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| 5899 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 5901 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
| 5902 PORT_Assert( ss->ssl3.initialized ); |
| 5900 | 5903 |
| 5901 rv = ssl3_InitState(ss); | |
| 5902 if (rv != SECSuccess) { | |
| 5903 errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */ | |
| 5904 goto alert_loser; | |
| 5905 } | |
| 5906 if (ss->ssl3.hs.ws != wait_server_hello) { | 5904 if (ss->ssl3.hs.ws != wait_server_hello) { |
| 5907 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; | 5905 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; |
| 5908 desc = unexpected_message; | 5906 desc = unexpected_message; |
| 5909 goto alert_loser; | 5907 goto alert_loser; |
| 5910 } | 5908 } |
| 5911 | 5909 |
| 5912 /* clean up anything left from previous handshake. */ | 5910 /* clean up anything left from previous handshake. */ |
| 5913 if (ss->ssl3.clientCertChain != NULL) { | 5911 if (ss->ssl3.clientCertChain != NULL) { |
| 5914 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); | 5912 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); |
| 5915 ss->ssl3.clientCertChain = NULL; | 5913 ss->ssl3.clientCertChain = NULL; |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5963 | 5961 |
| 5964 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); | 5962 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); |
| 5965 if (rv != SECSuccess) { | 5963 if (rv != SECSuccess) { |
| 5966 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | 5964 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
| 5967 : handshake_failure; | 5965 : handshake_failure; |
| 5968 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 5966 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
| 5969 goto alert_loser; | 5967 goto alert_loser; |
| 5970 } | 5968 } |
| 5971 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); | 5969 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); |
| 5972 | 5970 |
| 5973 rv = ssl3_InitTLS12HandshakeHash(ss); | 5971 rv = ssl3_InitHandshakeHashes(ss); |
| 5974 if (rv != SECSuccess) { | 5972 if (rv != SECSuccess) { |
| 5975 desc = internal_error; | 5973 desc = internal_error; |
| 5976 errCode = PORT_GetError(); | 5974 errCode = PORT_GetError(); |
| 5977 goto alert_loser; | 5975 goto alert_loser; |
| 5978 } | 5976 } |
| 5979 | 5977 |
| 5980 rv = ssl3_ConsumeHandshake( | 5978 rv = ssl3_ConsumeHandshake( |
| 5981 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); | 5979 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); |
| 5982 if (rv != SECSuccess) { | 5980 if (rv != SECSuccess) { |
| 5983 goto loser; /* alert has been sent */ | 5981 goto loser; /* alert has been sent */ |
| (...skipping 1317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7301 SECItem suites = {siBuffer, NULL, 0}; | 7299 SECItem suites = {siBuffer, NULL, 0}; |
| 7302 SECItem comps = {siBuffer, NULL, 0}; | 7300 SECItem comps = {siBuffer, NULL, 0}; |
| 7303 PRBool haveSpecWriteLock = PR_FALSE; | 7301 PRBool haveSpecWriteLock = PR_FALSE; |
| 7304 PRBool haveXmitBufLock = PR_FALSE; | 7302 PRBool haveXmitBufLock = PR_FALSE; |
| 7305 | 7303 |
| 7306 SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", | 7304 SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", |
| 7307 SSL_GETPID(), ss->fd)); | 7305 SSL_GETPID(), ss->fd)); |
| 7308 | 7306 |
| 7309 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 7307 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| 7310 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 7308 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
| 7309 PORT_Assert( ss->ssl3.initialized ); |
| 7311 | 7310 |
| 7312 /* Get peer name of client */ | 7311 /* Get peer name of client */ |
| 7313 rv = ssl_GetPeerInfo(ss); | 7312 rv = ssl_GetPeerInfo(ss); |
| 7314 if (rv != SECSuccess) { | 7313 if (rv != SECSuccess) { |
| 7315 return rv; /* error code is set. */ | 7314 return rv; /* error code is set. */ |
| 7316 } | 7315 } |
| 7317 | 7316 |
| 7318 /* Clearing the handshake pointers so that ssl_Do1stHandshake won't | 7317 /* Clearing the handshake pointers so that ssl_Do1stHandshake won't |
| 7319 * call ssl2_HandleMessage. | 7318 * call ssl2_HandleMessage. |
| 7320 * | 7319 * |
| 7321 * The issue here is that TLS ordinarily starts out in | 7320 * The issue here is that TLS ordinarily starts out in |
| 7322 * ssl2_HandleV3HandshakeRecord() because of the backward-compatibility | 7321 * ssl2_HandleV3HandshakeRecord() because of the backward-compatibility |
| 7323 * code paths. That function zeroes these next pointers. But with DTLS, | 7322 * code paths. That function zeroes these next pointers. But with DTLS, |
| 7324 * we don't even try to do the v2 ClientHello so we skip that function | 7323 * we don't even try to do the v2 ClientHello so we skip that function |
| 7325 * and need to reset these values here. | 7324 * and need to reset these values here. |
| 7326 */ | 7325 */ |
| 7327 if (IS_DTLS(ss)) { | 7326 if (IS_DTLS(ss)) { |
| 7328 ss->nextHandshake = 0; | 7327 ss->nextHandshake = 0; |
| 7329 ss->securityHandshake = 0; | 7328 ss->securityHandshake = 0; |
| 7330 } | 7329 } |
| 7331 | 7330 |
| 7332 /* We might be starting session renegotiation in which case we should | 7331 /* We might be starting session renegotiation in which case we should |
| 7333 * clear previous state. | 7332 * clear previous state. |
| 7334 */ | 7333 */ |
| 7335 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 7334 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
| 7336 ss->statelessResume = PR_FALSE; | 7335 ss->statelessResume = PR_FALSE; |
| 7337 | 7336 |
| 7338 rv = ssl3_InitState(ss); | |
| 7339 if (rv != SECSuccess) { | |
| 7340 return rv; /* ssl3_InitState has set the error code. */ | |
| 7341 } | |
| 7342 | |
| 7343 if ((ss->ssl3.hs.ws != wait_client_hello) && | 7337 if ((ss->ssl3.hs.ws != wait_client_hello) && |
| 7344 (ss->ssl3.hs.ws != idle_handshake)) { | 7338 (ss->ssl3.hs.ws != idle_handshake)) { |
| 7345 desc = unexpected_message; | 7339 desc = unexpected_message; |
| 7346 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; | 7340 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; |
| 7347 goto alert_loser; | 7341 goto alert_loser; |
| 7348 } | 7342 } |
| 7349 if (ss->ssl3.hs.ws == idle_handshake && | 7343 if (ss->ssl3.hs.ws == idle_handshake && |
| 7350 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { | 7344 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { |
| 7351 desc = no_renegotiation; | 7345 desc = no_renegotiation; |
| 7352 level = alert_warning; | 7346 level = alert_warning; |
| (...skipping 18 matching lines...) Expand all Loading... |
| 7371 } | 7365 } |
| 7372 | 7366 |
| 7373 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); | 7367 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); |
| 7374 if (rv != SECSuccess) { | 7368 if (rv != SECSuccess) { |
| 7375 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | 7369 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
| 7376 : handshake_failure; | 7370 : handshake_failure; |
| 7377 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 7371 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
| 7378 goto alert_loser; | 7372 goto alert_loser; |
| 7379 } | 7373 } |
| 7380 | 7374 |
| 7381 rv = ssl3_InitTLS12HandshakeHash(ss); | 7375 rv = ssl3_InitHandshakeHashes(ss); |
| 7382 if (rv != SECSuccess) { | 7376 if (rv != SECSuccess) { |
| 7383 desc = internal_error; | 7377 desc = internal_error; |
| 7384 errCode = PORT_GetError(); | 7378 errCode = PORT_GetError(); |
| 7385 goto alert_loser; | 7379 goto alert_loser; |
| 7386 } | 7380 } |
| 7387 | 7381 |
| 7388 /* grab the client random data. */ | 7382 /* grab the client random data. */ |
| 7389 rv = ssl3_ConsumeHandshake( | 7383 rv = ssl3_ConsumeHandshake( |
| 7390 ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length); | 7384 ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length); |
| 7391 if (rv != SECSuccess) { | 7385 if (rv != SECSuccess) { |
| (...skipping 707 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8099 | 8093 |
| 8100 ssl_GetSSL3HandshakeLock(ss); | 8094 ssl_GetSSL3HandshakeLock(ss); |
| 8101 | 8095 |
| 8102 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 8096 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
| 8103 | 8097 |
| 8104 rv = ssl3_InitState(ss); | 8098 rv = ssl3_InitState(ss); |
| 8105 if (rv != SECSuccess) { | 8099 if (rv != SECSuccess) { |
| 8106 ssl_ReleaseSSL3HandshakeLock(ss); | 8100 ssl_ReleaseSSL3HandshakeLock(ss); |
| 8107 return rv; /* ssl3_InitState has set the error code. */ | 8101 return rv; /* ssl3_InitState has set the error code. */ |
| 8108 } | 8102 } |
| 8103 rv = ssl3_RestartHandshakeHashes(ss); |
| 8104 if (rv != SECSuccess) { |
| 8105 ssl_ReleaseSSL3HandshakeLock(ss); |
| 8106 return rv; |
| 8107 } |
| 8109 | 8108 |
| 8110 if (ss->ssl3.hs.ws != wait_client_hello) { | 8109 if (ss->ssl3.hs.ws != wait_client_hello) { |
| 8111 desc = unexpected_message; | 8110 desc = unexpected_message; |
| 8112 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; | 8111 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; |
| 8113 goto loser; /* alert_loser */ | 8112 goto loser; /* alert_loser */ |
| 8114 } | 8113 } |
| 8115 | 8114 |
| 8116 version = (buffer[1] << 8) | buffer[2]; | 8115 version = (buffer[1] << 8) | buffer[2]; |
| 8117 suite_length = (buffer[3] << 8) | buffer[4]; | 8116 suite_length = (buffer[3] << 8) | buffer[4]; |
| 8118 sid_length = (buffer[5] << 8) | buffer[6]; | 8117 sid_length = (buffer[5] << 8) | buffer[6]; |
| 8119 rand_length = (buffer[7] << 8) | buffer[8]; | 8118 rand_length = (buffer[7] << 8) | buffer[8]; |
| 8120 ss->clientHelloVersion = version; | 8119 ss->clientHelloVersion = version; |
| 8121 | 8120 |
| 8122 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); | 8121 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); |
| 8123 if (rv != SECSuccess) { | 8122 if (rv != SECSuccess) { |
| 8124 /* send back which ever alert client will understand. */ | 8123 /* send back which ever alert client will understand. */ |
| 8125 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshak
e_failure; | 8124 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshak
e_failure; |
| 8126 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 8125 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
| 8127 goto alert_loser; | 8126 goto alert_loser; |
| 8128 } | 8127 } |
| 8129 | 8128 |
| 8130 rv = ssl3_InitTLS12HandshakeHash(ss); | 8129 rv = ssl3_InitHandshakeHashes(ss); |
| 8131 if (rv != SECSuccess) { | 8130 if (rv != SECSuccess) { |
| 8132 desc = internal_error; | 8131 desc = internal_error; |
| 8133 errCode = PORT_GetError(); | 8132 errCode = PORT_GetError(); |
| 8134 goto alert_loser; | 8133 goto alert_loser; |
| 8135 } | 8134 } |
| 8136 | 8135 |
| 8137 /* if we get a non-zero SID, just ignore it. */ | 8136 /* if we get a non-zero SID, just ignore it. */ |
| 8138 if (length != | 8137 if (length != |
| 8139 SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) { | 8138 SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) { |
| 8140 SSL_DBG(("%d: SSL3[%d]: bad v2 client hello message, len=%d should=%d", | 8139 SSL_DBG(("%d: SSL3[%d]: bad v2 client hello message, len=%d should=%d", |
| (...skipping 710 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8851 unsigned int outLen = 0; | 8850 unsigned int outLen = 0; |
| 8852 #endif | 8851 #endif |
| 8853 PRBool isTLS = PR_FALSE; | 8852 PRBool isTLS = PR_FALSE; |
| 8854 SECStatus rv; | 8853 SECStatus rv; |
| 8855 SECItem enc_pms; | 8854 SECItem enc_pms; |
| 8856 unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; | 8855 unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; |
| 8857 SECItem pmsItem = {siBuffer, NULL, 0}; | 8856 SECItem pmsItem = {siBuffer, NULL, 0}; |
| 8858 | 8857 |
| 8859 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 8858 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| 8860 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 8859 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
| 8860 PORT_Assert( ss->ssl3.prSpec == ss->ssl3.pwSpec ); |
| 8861 | 8861 |
| 8862 enc_pms.data = b; | 8862 enc_pms.data = b; |
| 8863 enc_pms.len = length; | 8863 enc_pms.len = length; |
| 8864 pmsItem.data = rsaPmsBuf; | 8864 pmsItem.data = rsaPmsBuf; |
| 8865 pmsItem.len = sizeof rsaPmsBuf; | 8865 pmsItem.len = sizeof rsaPmsBuf; |
| 8866 | 8866 |
| 8867 if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */ | 8867 if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */ |
| 8868 PRInt32 kLen; | 8868 PRInt32 kLen; |
| 8869 kLen = ssl3_ConsumeHandshakeNumber(ss, 2, &enc_pms.data, &enc_pms.len); | 8869 kLen = ssl3_ConsumeHandshakeNumber(ss, 2, &enc_pms.data, &enc_pms.len); |
| 8870 if (kLen < 0) { | 8870 if (kLen < 0) { |
| (...skipping 1008 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9879 rv = SECFailure; | 9879 rv = SECFailure; |
| 9880 #else | 9880 #else |
| 9881 SECItem inData = { siBuffer, }; | 9881 SECItem inData = { siBuffer, }; |
| 9882 SECItem outData = { siBuffer, }; | 9882 SECItem outData = { siBuffer, }; |
| 9883 PRBool isFIPS = PR_FALSE; | 9883 PRBool isFIPS = PR_FALSE; |
| 9884 | 9884 |
| 9885 inData.data = (unsigned char *) val; | 9885 inData.data = (unsigned char *) val; |
| 9886 inData.len = valLen; | 9886 inData.len = valLen; |
| 9887 outData.data = out; | 9887 outData.data = out; |
| 9888 outData.len = outLen; | 9888 outData.len = outLen; |
| 9889 » rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); | 9889 » if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { |
| 9890 » rv = TLS_P_hash(HASH_AlgSHA256, &spec->msItem, label, &inData, |
| 9891 » » » &outData, isFIPS); |
| 9892 » } else { |
| 9893 » rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); |
| 9894 » } |
| 9890 PORT_Assert(rv != SECSuccess || outData.len == outLen); | 9895 PORT_Assert(rv != SECSuccess || outData.len == outLen); |
| 9891 #endif | 9896 #endif |
| 9892 } | 9897 } |
| 9893 return rv; | 9898 return rv; |
| 9894 } | 9899 } |
| 9895 | 9900 |
| 9896 /* called from ssl3_HandleServerHelloDone | 9901 /* called from ssl3_HandleServerHelloDone |
| 9897 */ | 9902 */ |
| 9898 static SECStatus | 9903 static SECStatus |
| 9899 ssl3_SendNextProto(sslSocket *ss) | 9904 ssl3_SendNextProto(sslSocket *ss) |
| (...skipping 653 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10553 rSpec = ss->ssl3.crSpec; | 10558 rSpec = ss->ssl3.crSpec; |
| 10554 } | 10559 } |
| 10555 rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); | 10560 rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); |
| 10556 } | 10561 } |
| 10557 ssl_ReleaseSpecReadLock(ss); /************************************/ | 10562 ssl_ReleaseSpecReadLock(ss); /************************************/ |
| 10558 if (rv != SECSuccess) { | 10563 if (rv != SECSuccess) { |
| 10559 return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/ | 10564 return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/ |
| 10560 } | 10565 } |
| 10561 SSL_TRC(30,("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(), | 10566 SSL_TRC(30,("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(), |
| 10562 ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type))); | 10567 ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type))); |
| 10563 PRINT_BUF(60, (ss, "MD5 handshake hash:", | |
| 10564 (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH)); | |
| 10565 PRINT_BUF(95, (ss, "SHA handshake hash:", | |
| 10566 (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH)); | |
| 10567 | 10568 |
| 10568 hdr[0] = (PRUint8)ss->ssl3.hs.msg_type; | 10569 hdr[0] = (PRUint8)ss->ssl3.hs.msg_type; |
| 10569 hdr[1] = (PRUint8)(length >> 16); | 10570 hdr[1] = (PRUint8)(length >> 16); |
| 10570 hdr[2] = (PRUint8)(length >> 8); | 10571 hdr[2] = (PRUint8)(length >> 8); |
| 10571 hdr[3] = (PRUint8)(length ); | 10572 hdr[3] = (PRUint8)(length ); |
| 10572 | 10573 |
| 10573 /* Start new handshake hashes when we start a new handshake */ | 10574 /* Start new handshake hashes when we start a new handshake */ |
| 10574 if (ss->ssl3.hs.msg_type == client_hello) { | 10575 if (ss->ssl3.hs.msg_type == client_hello) { |
| 10575 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", | |
| 10576 SSL_GETPID(), ss->fd )); | |
| 10577 rv = ssl3_RestartHandshakeHashes(ss); | 10576 rv = ssl3_RestartHandshakeHashes(ss); |
| 10578 if (rv != SECSuccess) { | 10577 if (rv != SECSuccess) { |
| 10579 return rv; | 10578 return rv; |
| 10580 } | 10579 } |
| 10581 } | 10580 } |
| 10582 /* We should not include hello_request and hello_verify_request messages | 10581 /* We should not include hello_request and hello_verify_request messages |
| 10583 * in the handshake hashes */ | 10582 * in the handshake hashes */ |
| 10584 if ((ss->ssl3.hs.msg_type != hello_request) && | 10583 if ((ss->ssl3.hs.msg_type != hello_request) && |
| 10585 (ss->ssl3.hs.msg_type != hello_verify_request)) { | 10584 (ss->ssl3.hs.msg_type != hello_verify_request)) { |
| 10586 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); | 10585 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); |
| (...skipping 932 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 11519 | 11518 |
| 11520 spec->epoch = 0; | 11519 spec->epoch = 0; |
| 11521 dtls_InitRecvdRecords(&spec->recvdRecords); | 11520 dtls_InitRecvdRecords(&spec->recvdRecords); |
| 11522 | 11521 |
| 11523 spec->version = ss->vrange.max; | 11522 spec->version = ss->vrange.max; |
| 11524 } | 11523 } |
| 11525 | 11524 |
| 11526 /* Called from: ssl3_SendRecord | 11525 /* Called from: ssl3_SendRecord |
| 11527 ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake() | 11526 ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake() |
| 11528 ** ssl3_SendClientHello() | 11527 ** ssl3_SendClientHello() |
| 11529 ** ssl3_HandleServerHello() | |
| 11530 ** ssl3_HandleClientHello() | |
| 11531 ** ssl3_HandleV2ClientHello() | 11528 ** ssl3_HandleV2ClientHello() |
| 11532 ** ssl3_HandleRecord() | 11529 ** ssl3_HandleRecord() |
| 11533 ** | 11530 ** |
| 11534 ** This function should perhaps acquire and release the SpecWriteLock. | 11531 ** This function should perhaps acquire and release the SpecWriteLock. |
| 11535 ** | 11532 ** |
| 11536 ** | 11533 ** |
| 11537 */ | 11534 */ |
| 11538 static SECStatus | 11535 static SECStatus |
| 11539 ssl3_InitState(sslSocket *ss) | 11536 ssl3_InitState(sslSocket *ss) |
| 11540 { | 11537 { |
| 11541 SECStatus rv; | |
| 11542 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 11538 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
| 11543 | 11539 |
| 11544 if (ss->ssl3.initialized) | 11540 if (ss->ssl3.initialized) |
| 11545 return SECSuccess; /* Function should be idempotent */ | 11541 return SECSuccess; /* Function should be idempotent */ |
| 11546 | 11542 |
| 11547 ss->ssl3.policy = SSL_ALLOWED; | 11543 ss->ssl3.policy = SSL_ALLOWED; |
| 11548 | 11544 |
| 11549 ssl_GetSpecWriteLock(ss); | 11545 ssl_GetSpecWriteLock(ss); |
| 11550 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; | 11546 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; |
| 11551 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; | 11547 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; |
| (...skipping 12 matching lines...) Expand all Loading... |
| 11564 if (IS_DTLS(ss)) { | 11560 if (IS_DTLS(ss)) { |
| 11565 ss->ssl3.hs.sendMessageSeq = 0; | 11561 ss->ssl3.hs.sendMessageSeq = 0; |
| 11566 ss->ssl3.hs.recvMessageSeq = 0; | 11562 ss->ssl3.hs.recvMessageSeq = 0; |
| 11567 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; | 11563 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; |
| 11568 ss->ssl3.hs.rtRetries = 0; | 11564 ss->ssl3.hs.rtRetries = 0; |
| 11569 ss->ssl3.hs.recvdHighWater = -1; | 11565 ss->ssl3.hs.recvdHighWater = -1; |
| 11570 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); | 11566 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); |
| 11571 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */ | 11567 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */ |
| 11572 } | 11568 } |
| 11573 | 11569 |
| 11574 rv = ssl3_NewHandshakeHashes(ss); | 11570 PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space); |
| 11575 if (rv == SECSuccess) { | 11571 ss->ssl3.hs.messages.buf = NULL; |
| 11576 » ss->ssl3.initialized = PR_TRUE; | 11572 ss->ssl3.hs.messages.space = 0; |
| 11577 } | |
| 11578 | 11573 |
| 11579 return rv; | 11574 ss->ssl3.initialized = PR_TRUE; |
| 11575 return SECSuccess; |
| 11580 } | 11576 } |
| 11581 | 11577 |
| 11582 /* Returns a reference counted object that contains a key pair. | 11578 /* Returns a reference counted object that contains a key pair. |
| 11583 * Or NULL on failure. Initial ref count is 1. | 11579 * Or NULL on failure. Initial ref count is 1. |
| 11584 * Uses the keys in the pair as input. | 11580 * Uses the keys in the pair as input. |
| 11585 */ | 11581 */ |
| 11586 ssl3KeyPair * | 11582 ssl3KeyPair * |
| 11587 ssl3_NewKeyPair( SECKEYPrivateKey * privKey, SECKEYPublicKey * pubKey) | 11583 ssl3_NewKeyPair( SECKEYPrivateKey * privKey, SECKEYPublicKey * pubKey) |
| 11588 { | 11584 { |
| 11589 ssl3KeyPair * pair; | 11585 ssl3KeyPair * pair; |
| (...skipping 345 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 11935 ssl3_CleanupPeerCerts(ss); | 11931 ssl3_CleanupPeerCerts(ss); |
| 11936 | 11932 |
| 11937 if (ss->ssl3.clientCertChain != NULL) { | 11933 if (ss->ssl3.clientCertChain != NULL) { |
| 11938 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); | 11934 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); |
| 11939 ss->ssl3.clientCertChain = NULL; | 11935 ss->ssl3.clientCertChain = NULL; |
| 11940 } | 11936 } |
| 11941 | 11937 |
| 11942 /* clean up handshake */ | 11938 /* clean up handshake */ |
| 11943 #ifndef NO_PKCS11_BYPASS | 11939 #ifndef NO_PKCS11_BYPASS |
| 11944 if (ss->opt.bypassPKCS11) { | 11940 if (ss->opt.bypassPKCS11) { |
| 11945 » SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); | 11941 » if (ss->ssl3.hs.hashType == handshake_hash_combo) { |
| 11946 » MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); | 11942 » SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); |
| 11943 » MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); |
| 11944 » } else if (ss->ssl3.hs.hashType == handshake_hash_single) { |
| 11945 » ss->ssl3.hs.sha_obj->destroy(ss->ssl3.hs.sha_cx, PR_FALSE); |
| 11946 » } |
| 11947 } | 11947 } |
| 11948 #endif | 11948 #endif |
| 11949 if (ss->ssl3.hs.md5) { | 11949 if (ss->ssl3.hs.md5) { |
| 11950 PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); | 11950 PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); |
| 11951 } | 11951 } |
| 11952 if (ss->ssl3.hs.sha) { | 11952 if (ss->ssl3.hs.sha) { |
| 11953 PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); | 11953 PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); |
| 11954 } | 11954 } |
| 11955 if (ss->ssl3.hs.tls12_handshake_hash) { | |
| 11956 PK11_DestroyContext(ss->ssl3.hs.tls12_handshake_hash,PR_TRUE); | |
| 11957 } | |
| 11958 if (ss->ssl3.hs.clientSigAndHash) { | 11955 if (ss->ssl3.hs.clientSigAndHash) { |
| 11959 PORT_Free(ss->ssl3.hs.clientSigAndHash); | 11956 PORT_Free(ss->ssl3.hs.clientSigAndHash); |
| 11960 } | 11957 } |
| 11961 if (ss->ssl3.hs.messages.buf) { | 11958 if (ss->ssl3.hs.messages.buf) { |
| 11962 PORT_Free(ss->ssl3.hs.messages.buf); | 11959 PORT_Free(ss->ssl3.hs.messages.buf); |
| 11963 ss->ssl3.hs.messages.buf = NULL; | 11960 ss->ssl3.hs.messages.buf = NULL; |
| 11964 ss->ssl3.hs.messages.len = 0; | 11961 ss->ssl3.hs.messages.len = 0; |
| 11965 ss->ssl3.hs.messages.space = 0; | 11962 ss->ssl3.hs.messages.space = 0; |
| 11966 } | 11963 } |
| 11967 | 11964 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 11979 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 11976 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
| 11980 } | 11977 } |
| 11981 } | 11978 } |
| 11982 | 11979 |
| 11983 ss->ssl3.initialized = PR_FALSE; | 11980 ss->ssl3.initialized = PR_FALSE; |
| 11984 | 11981 |
| 11985 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 11982 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 11986 } | 11983 } |
| 11987 | 11984 |
| 11988 /* End of ssl3con.c */ | 11985 /* End of ssl3con.c */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 17109007:
Miscellaneous cleanup of TLS 1.2 code. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/