OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 /* $Id$ */ | 8 /* $Id$ */ |
9 | 9 |
10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
62 static SECStatus ssl3_SendCertificate( sslSocket *ss); | 62 static SECStatus ssl3_SendCertificate( sslSocket *ss); |
63 static SECStatus ssl3_SendCertificateStatus( sslSocket *ss); | 63 static SECStatus ssl3_SendCertificateStatus( sslSocket *ss); |
64 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); | 64 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); |
65 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); | 65 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); |
66 static SECStatus ssl3_SendNextProto( sslSocket *ss); | 66 static SECStatus ssl3_SendNextProto( sslSocket *ss); |
67 static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); | 67 static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); |
68 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); | 68 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); |
69 static SECStatus ssl3_SendServerHello( sslSocket *ss); | 69 static SECStatus ssl3_SendServerHello( sslSocket *ss); |
70 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); | 70 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); |
71 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); | 71 static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); |
72 static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss); | |
73 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, | 72 static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, |
74 const unsigned char *b, | 73 const unsigned char *b, |
75 unsigned int l); | 74 unsigned int l); |
76 static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); | 75 static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); |
77 static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid); | 76 static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid); |
78 | 77 |
79 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, | 78 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, |
80 int maxOutputLen, const unsigned char *input, | 79 int maxOutputLen, const unsigned char *input, |
81 int inputLen); | 80 int inputLen); |
82 | 81 |
(...skipping 982 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1065 hashes->len = MD5_LENGTH + SHA1_LENGTH; | 1064 hashes->len = MD5_LENGTH + SHA1_LENGTH; |
1066 } else if (hashAlg == SEC_OID_SHA1) { | 1065 } else if (hashAlg == SEC_OID_SHA1) { |
1067 SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); | 1066 SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); |
1068 hashes->len = SHA1_LENGTH; | 1067 hashes->len = SHA1_LENGTH; |
1069 } else if (hashAlg == SEC_OID_SHA256) { | 1068 } else if (hashAlg == SEC_OID_SHA256) { |
1070 SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); | 1069 SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); |
1071 hashes->len = SHA256_LENGTH; | 1070 hashes->len = SHA256_LENGTH; |
1072 } else if (hashAlg == SEC_OID_SHA384) { | 1071 } else if (hashAlg == SEC_OID_SHA384) { |
1073 SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); | 1072 SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); |
1074 hashes->len = SHA384_LENGTH; | 1073 hashes->len = SHA384_LENGTH; |
| 1074 } else if (hashAlg == SEC_OID_SHA512) { |
| 1075 SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen); |
| 1076 hashes->len = SHA512_LENGTH; |
1075 } else { | 1077 } else { |
1076 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); | 1078 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); |
1077 return SECFailure; | 1079 return SECFailure; |
1078 } | 1080 } |
1079 } else | 1081 } else |
1080 #endif | 1082 #endif |
1081 { | 1083 { |
1082 if (hashAlg == SEC_OID_UNKNOWN) { | 1084 if (hashAlg == SEC_OID_UNKNOWN) { |
1083 rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); | 1085 rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); |
1084 if (rv != SECSuccess) { | 1086 if (rv != SECSuccess) { |
(...skipping 443 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1528 default: | 1530 default: |
1529 PORT_Assert(0); | 1531 PORT_Assert(0); |
1530 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 1532 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
1531 return SECFailure; | 1533 return SECFailure; |
1532 } | 1534 } |
1533 | 1535 |
1534 return SECSuccess; | 1536 return SECSuccess; |
1535 } | 1537 } |
1536 | 1538 |
1537 #ifndef NO_PKCS11_BYPASS | 1539 #ifndef NO_PKCS11_BYPASS |
1538 /* Initialize encryption and MAC contexts for pending spec. | 1540 /* Initialize encryption contexts for pending spec. |
| 1541 * MAC contexts are set up when computing the mac, not here. |
1539 * Master Secret already is derived in spec->msItem | 1542 * Master Secret already is derived in spec->msItem |
1540 * Caller holds Spec write lock. | 1543 * Caller holds Spec write lock. |
1541 */ | 1544 */ |
1542 static SECStatus | 1545 static SECStatus |
1543 ssl3_InitPendingContextsBypass(sslSocket *ss) | 1546 ssl3_InitPendingContextsBypass(sslSocket *ss) |
1544 { | 1547 { |
1545 ssl3CipherSpec * pwSpec; | 1548 ssl3CipherSpec * pwSpec; |
1546 const ssl3BulkCipherDef *cipher_def; | 1549 const ssl3BulkCipherDef *cipher_def; |
1547 void * serverContext = NULL; | 1550 void * serverContext = NULL; |
1548 void * clientContext = NULL; | 1551 void * clientContext = NULL; |
1549 BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL; | 1552 BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL; |
1550 int mode = 0; | 1553 int mode = 0; |
1551 unsigned int optArg1 = 0; | 1554 unsigned int optArg1 = 0; |
1552 unsigned int optArg2 = 0; | 1555 unsigned int optArg2 = 0; |
1553 PRBool server_encrypts = ss->sec.isServer; | 1556 PRBool server_encrypts = ss->sec.isServer; |
1554 CK_ULONG macLength; | |
1555 SSLCipherAlgorithm calg; | 1557 SSLCipherAlgorithm calg; |
1556 SSLCompressionMethod compression_method; | 1558 SSLCompressionMethod compression_method; |
1557 SECStatus rv; | 1559 SECStatus rv; |
1558 | 1560 |
1559 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 1561 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
1560 PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); | 1562 PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); |
1561 PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); | 1563 PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); |
1562 | 1564 |
1563 pwSpec = ss->ssl3.pwSpec; | 1565 pwSpec = ss->ssl3.pwSpec; |
1564 cipher_def = pwSpec->cipher_def; | 1566 cipher_def = pwSpec->cipher_def; |
1565 macLength = pwSpec->mac_size; | |
1566 | |
1567 /* MAC setup is done when computing the mac, not here. | |
1568 * Now setup the crypto contexts. | |
1569 */ | |
1570 | 1567 |
1571 calg = cipher_def->calg; | 1568 calg = cipher_def->calg; |
1572 compression_method = pwSpec->compression_method; | 1569 compression_method = pwSpec->compression_method; |
1573 | 1570 |
1574 serverContext = pwSpec->server.cipher_context; | 1571 serverContext = pwSpec->server.cipher_context; |
1575 clientContext = pwSpec->client.cipher_context; | 1572 clientContext = pwSpec->client.cipher_context; |
1576 | 1573 |
1577 switch (calg) { | 1574 switch (calg) { |
1578 case ssl_calg_null: | 1575 case ssl_calg_null: |
1579 pwSpec->encode = Null_Cipher; | 1576 pwSpec->encode = Null_Cipher; |
(...skipping 1872 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3452 } | 3449 } |
3453 #ifndef NO_PKCS11_BYPASS | 3450 #ifndef NO_PKCS11_BYPASS |
3454 if (ss->opt.bypassPKCS11) { | 3451 if (ss->opt.bypassPKCS11) { |
3455 SECItem * keydata; | 3452 SECItem * keydata; |
3456 /* In hope of doing a "double bypass", | 3453 /* In hope of doing a "double bypass", |
3457 * need to extract the master secret's value from the key object | 3454 * need to extract the master secret's value from the key object |
3458 * and store it raw in the sslSocket struct. | 3455 * and store it raw in the sslSocket struct. |
3459 */ | 3456 */ |
3460 rv = PK11_ExtractKeyValue(pwSpec->master_secret); | 3457 rv = PK11_ExtractKeyValue(pwSpec->master_secret); |
3461 if (rv != SECSuccess) { | 3458 if (rv != SECSuccess) { |
3462 #if defined(NSS_SURVIVE_DOUBLE_BYPASS_FAILURE) | |
3463 /* The double bypass failed. | |
3464 * Attempt to revert to an all PKCS#11, non-bypass method. | |
3465 * Do we need any unacquired locks here? | |
3466 */ | |
3467 ss->opt.bypassPKCS11 = 0; | |
3468 rv = ssl3_NewHandshakeHashes(ss); | |
3469 if (rv == SECSuccess) { | |
3470 rv = ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf, | |
3471 ss->ssl3.hs.messages.len); | |
3472 } | |
3473 #endif | |
3474 return rv; | 3459 return rv; |
3475 } | 3460 } |
3476 /* This returns the address of the secItem inside the key struct, | 3461 /* This returns the address of the secItem inside the key struct, |
3477 * not a copy or a reference. So, there's no need to free it. | 3462 * not a copy or a reference. So, there's no need to free it. |
3478 */ | 3463 */ |
3479 keydata = PK11_GetKeyData(pwSpec->master_secret); | 3464 keydata = PK11_GetKeyData(pwSpec->master_secret); |
3480 if (keydata && keydata->len <= sizeof pwSpec->raw_master_secret) { | 3465 if (keydata && keydata->len <= sizeof pwSpec->raw_master_secret) { |
3481 memcpy(pwSpec->raw_master_secret, keydata->data, keydata->len); | 3466 memcpy(pwSpec->raw_master_secret, keydata->data, keydata->len); |
3482 pwSpec->msItem.data = pwSpec->raw_master_secret; | 3467 pwSpec->msItem.data = pwSpec->raw_master_secret; |
3483 pwSpec->msItem.len = keydata->len; | 3468 pwSpec->msItem.len = keydata->len; |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3633 PK11_FreeSymKey(symKey); | 3618 PK11_FreeSymKey(symKey); |
3634 return SECSuccess; | 3619 return SECSuccess; |
3635 | 3620 |
3636 | 3621 |
3637 loser: | 3622 loser: |
3638 if (symKey) PK11_FreeSymKey(symKey); | 3623 if (symKey) PK11_FreeSymKey(symKey); |
3639 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); | 3624 ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); |
3640 return SECFailure; | 3625 return SECFailure; |
3641 } | 3626 } |
3642 | 3627 |
3643 /* ssl3_InitTLS12HandshakeHash creates a handshake hash context for TLS 1.2, | 3628 /* ssl3_InitHandshakeHashes creates handshake hash contexts and hashes in |
3644 * if needed, and hashes in any buffered messages in ss->ssl3.hs.messages. */ | 3629 * buffered messages in ss->ssl3.hs.messages. */ |
3645 static SECStatus | 3630 static SECStatus |
3646 ssl3_InitTLS12HandshakeHash(sslSocket *ss) | 3631 ssl3_InitHandshakeHashes(sslSocket *ss) |
3647 { | 3632 { |
3648 if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2 && | 3633 SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd)); |
3649 » ss->ssl3.hs.tls12_handshake_hash == NULL) { | 3634 |
3650 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 | 3635 PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_unknown); |
3651 » * then this will need to be updated. */ | 3636 #ifndef NO_PKCS11_BYPASS |
3652 » ss->ssl3.hs.tls12_handshake_hash = | 3637 if (ss->opt.bypassPKCS11) { |
3653 » PK11_CreateDigestContext(SEC_OID_SHA256); | 3638 » PORT_Assert(!ss->ssl3.hs.sha_obj && !ss->ssl3.hs.sha_clone); |
3654 » if (!ss->ssl3.hs.tls12_handshake_hash || | 3639 » if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { |
3655 » PK11_DigestBegin(ss->ssl3.hs.tls12_handshake_hash) != SECSuccess) { | 3640 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 |
3656 » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3641 » * then this will need to be updated. */ |
3657 » return SECFailure; | 3642 » ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256); |
| 3643 » if (!ss->ssl3.hs.sha_obj) { |
| 3644 » » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
| 3645 » » return SECFailure; |
| 3646 » } |
| 3647 » ss->ssl3.hs.sha_clone = (void (*)(void *, void *))SHA256_Clone; |
| 3648 » ss->ssl3.hs.hashType = handshake_hash_single; |
| 3649 » ss->ssl3.hs.sha_obj->begin(ss->ssl3.hs.sha_cx); |
| 3650 » } else { |
| 3651 » ss->ssl3.hs.hashType = handshake_hash_combo; |
| 3652 » MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); |
| 3653 » SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); |
| 3654 » } |
| 3655 } else |
| 3656 #endif |
| 3657 { |
| 3658 » PORT_Assert(!ss->ssl3.hs.md5 && !ss->ssl3.hs.sha); |
| 3659 » /* |
| 3660 » * note: We should probably lookup an SSL3 slot for these |
| 3661 » * handshake hashes in hopes that we wind up with the same slots |
| 3662 » * that the master secret will wind up in ... |
| 3663 » */ |
| 3664 » if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { |
| 3665 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 |
| 3666 » * then this will need to be updated. */ |
| 3667 » ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA256); |
| 3668 » if (ss->ssl3.hs.sha == NULL) { |
| 3669 » » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
| 3670 » » return SECFailure; |
| 3671 » } |
| 3672 » ss->ssl3.hs.hashType = handshake_hash_single; |
| 3673 |
| 3674 » if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { |
| 3675 » » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
| 3676 » » return SECFailure; |
| 3677 » } |
| 3678 » } else { |
| 3679 » /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or |
| 3680 » * created successfully. */ |
| 3681 » ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5); |
| 3682 » if (ss->ssl3.hs.md5 == NULL) { |
| 3683 » » ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); |
| 3684 » » return SECFailure; |
| 3685 » } |
| 3686 » ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1); |
| 3687 » if (ss->ssl3.hs.sha == NULL) { |
| 3688 » » PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE); |
| 3689 » » ss->ssl3.hs.md5 = NULL; |
| 3690 » » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
| 3691 » » return SECFailure; |
| 3692 » } |
| 3693 » ss->ssl3.hs.hashType = handshake_hash_combo; |
| 3694 |
| 3695 » if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) { |
| 3696 » » ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); |
| 3697 » » return SECFailure; |
| 3698 » } |
| 3699 » if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { |
| 3700 » » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); |
| 3701 » » return SECFailure; |
| 3702 » } |
3658 } | 3703 } |
3659 } | 3704 } |
3660 | 3705 |
3661 if (ss->ssl3.hs.tls12_handshake_hash && ss->ssl3.hs.messages.len > 0) { | 3706 if (ss->ssl3.hs.messages.len > 0) { |
3662 » if (PK11_DigestOp(ss->ssl3.hs.tls12_handshake_hash, | 3707 » if (ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf, |
3663 » » » ss->ssl3.hs.messages.buf, | 3708 » » » » ss->ssl3.hs.messages.len) != |
3664 » » » ss->ssl3.hs.messages.len) != SECSuccess) { | 3709 » SECSuccess) { |
3665 » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | |
3666 return SECFailure; | 3710 return SECFailure; |
3667 } | 3711 } |
3668 } | |
3669 | |
3670 if (ss->ssl3.hs.messages.buf && !ss->opt.bypassPKCS11) { | |
3671 PORT_Free(ss->ssl3.hs.messages.buf); | 3712 PORT_Free(ss->ssl3.hs.messages.buf); |
3672 ss->ssl3.hs.messages.buf = NULL; | 3713 ss->ssl3.hs.messages.buf = NULL; |
3673 ss->ssl3.hs.messages.len = 0; | 3714 ss->ssl3.hs.messages.len = 0; |
3674 ss->ssl3.hs.messages.space = 0; | 3715 ss->ssl3.hs.messages.space = 0; |
3675 } | 3716 } |
3676 | 3717 |
3677 return SECSuccess; | 3718 return SECSuccess; |
3678 } | 3719 } |
3679 | 3720 |
3680 static SECStatus | 3721 static SECStatus |
3681 ssl3_RestartHandshakeHashes(sslSocket *ss) | 3722 ssl3_RestartHandshakeHashes(sslSocket *ss) |
3682 { | 3723 { |
3683 SECStatus rv = SECSuccess; | 3724 SECStatus rv = SECSuccess; |
3684 | 3725 |
| 3726 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", |
| 3727 SSL_GETPID(), ss->fd )); |
| 3728 ss->ssl3.hs.hashType = handshake_hash_unknown; |
3685 ss->ssl3.hs.messages.len = 0; | 3729 ss->ssl3.hs.messages.len = 0; |
3686 #ifndef NO_PKCS11_BYPASS | 3730 #ifndef NO_PKCS11_BYPASS |
3687 if (ss->opt.bypassPKCS11) { | 3731 ss->ssl3.hs.sha_obj = NULL; |
3688 » MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); | 3732 ss->ssl3.hs.sha_clone = NULL; |
3689 » SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); | |
3690 } else | |
3691 #endif | 3733 #endif |
3692 { | 3734 if (ss->ssl3.hs.md5) { |
3693 » if (ss->ssl3.hs.tls12_handshake_hash) { | 3735 » PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); |
3694 » rv = PK11_DigestBegin(ss->ssl3.hs.tls12_handshake_hash); | 3736 » ss->ssl3.hs.md5 = NULL; |
3695 » if (rv != SECSuccess) { | 3737 } |
3696 » » ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3738 if (ss->ssl3.hs.sha) { |
3697 » » return rv; | 3739 » PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); |
3698 » } | 3740 » ss->ssl3.hs.sha = NULL; |
3699 » } | |
3700 » rv = PK11_DigestBegin(ss->ssl3.hs.md5); | |
3701 » if (rv != SECSuccess) { | |
3702 » ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | |
3703 » return rv; | |
3704 » } | |
3705 » rv = PK11_DigestBegin(ss->ssl3.hs.sha); | |
3706 » if (rv != SECSuccess) { | |
3707 » ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | |
3708 » return rv; | |
3709 » } | |
3710 } | 3741 } |
3711 return rv; | 3742 return rv; |
3712 } | 3743 } |
3713 | 3744 |
3714 static SECStatus | |
3715 ssl3_NewHandshakeHashes(sslSocket *ss) | |
3716 { | |
3717 PK11Context *md5 = NULL; | |
3718 PK11Context *sha = NULL; | |
3719 | |
3720 /* | |
3721 * note: We should probably lookup an SSL3 slot for these | |
3722 * handshake hashes in hopes that we wind up with the same slots | |
3723 * that the master secret will wind up in ... | |
3724 */ | |
3725 SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd)); | |
3726 PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space); | |
3727 ss->ssl3.hs.messages.buf = NULL; | |
3728 ss->ssl3.hs.messages.space = 0; | |
3729 | |
3730 ss->ssl3.hs.md5 = md5 = PK11_CreateDigestContext(SEC_OID_MD5); | |
3731 ss->ssl3.hs.sha = sha = PK11_CreateDigestContext(SEC_OID_SHA1); | |
3732 ss->ssl3.hs.tls12_handshake_hash = NULL; | |
3733 if (md5 == NULL) { | |
3734 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | |
3735 goto loser; | |
3736 } | |
3737 if (sha == NULL) { | |
3738 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); | |
3739 goto loser; | |
3740 } | |
3741 if (SECSuccess == ssl3_RestartHandshakeHashes(ss)) { | |
3742 return SECSuccess; | |
3743 } | |
3744 | |
3745 loser: | |
3746 if (md5 != NULL) { | |
3747 PK11_DestroyContext(md5, PR_TRUE); | |
3748 ss->ssl3.hs.md5 = NULL; | |
3749 } | |
3750 if (sha != NULL) { | |
3751 PK11_DestroyContext(sha, PR_TRUE); | |
3752 ss->ssl3.hs.sha = NULL; | |
3753 } | |
3754 return SECFailure; | |
3755 | |
3756 } | |
3757 | |
3758 /* | 3745 /* |
3759 * Handshake messages | 3746 * Handshake messages |
3760 */ | 3747 */ |
3761 /* Called from» ssl3_AppendHandshake() | 3748 /* Called from» ssl3_InitHandshakeHashes() |
| 3749 **» » ssl3_AppendHandshake() |
3762 ** ssl3_StartHandshakeHash() | 3750 ** ssl3_StartHandshakeHash() |
3763 ** ssl3_HandleV2ClientHello() | 3751 ** ssl3_HandleV2ClientHello() |
3764 ** ssl3_HandleHandshakeMessage() | 3752 ** ssl3_HandleHandshakeMessage() |
3765 ** Caller must hold the ssl3Handshake lock. | 3753 ** Caller must hold the ssl3Handshake lock. |
3766 */ | 3754 */ |
3767 static SECStatus | 3755 static SECStatus |
3768 ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, | 3756 ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, |
3769 unsigned int l) | 3757 unsigned int l) |
3770 { | 3758 { |
3771 SECStatus rv = SECSuccess; | 3759 SECStatus rv = SECSuccess; |
3772 | 3760 |
3773 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 3761 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
3774 | 3762 |
3775 PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l)); | 3763 /* We need to buffer the handshake messages until we have established |
| 3764 * which handshake hash function to use. */ |
| 3765 if (ss->ssl3.hs.hashType == handshake_hash_unknown) { |
| 3766 » return sslBuffer_Append(&ss->ssl3.hs.messages, b, l); |
| 3767 } |
3776 | 3768 |
3777 if ((ss->version == 0 || ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) && | 3769 PRINT_BUF(90, (NULL, "handshake hash input:", b, l)); |
3778 » !ss->opt.bypassPKCS11 && | |
3779 » ss->ssl3.hs.tls12_handshake_hash == NULL) { | |
3780 » /* For TLS 1.2 connections we need to buffer the handshake messages | |
3781 » * until we have established which PRF hash function to use. */ | |
3782 » rv = sslBuffer_Append(&ss->ssl3.hs.messages, b, l); | |
3783 » if (rv != SECSuccess) { | |
3784 » return rv; | |
3785 » } | |
3786 } | |
3787 | 3770 |
3788 #ifndef NO_PKCS11_BYPASS | 3771 #ifndef NO_PKCS11_BYPASS |
3789 if (ss->opt.bypassPKCS11) { | 3772 if (ss->opt.bypassPKCS11) { |
3790 » MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); | 3773 » if (ss->ssl3.hs.hashType == handshake_hash_single) { |
3791 » SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l); | 3774 » ss->ssl3.hs.sha_obj->update(ss->ssl3.hs.sha_cx, b, l); |
3792 #if defined(NSS_SURVIVE_DOUBLE_BYPASS_FAILURE) | 3775 » } else { |
3793 » rv = sslBuffer_Append(&ss->ssl3.hs.messages, b, l); | 3776 » MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); |
3794 #endif | 3777 » SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l); |
| 3778 » } |
3795 return rv; | 3779 return rv; |
3796 } | 3780 } |
3797 #endif | 3781 #endif |
3798 if (ss->ssl3.hs.tls12_handshake_hash) { | 3782 if (ss->ssl3.hs.hashType == handshake_hash_single) { |
3799 » rv = PK11_DigestOp(ss->ssl3.hs.tls12_handshake_hash, b, l); | 3783 » rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l); |
3800 if (rv != SECSuccess) { | 3784 if (rv != SECSuccess) { |
3801 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 3785 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
3802 return rv; | 3786 return rv; |
3803 } | 3787 } |
3804 } else { | 3788 } else { |
3805 rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); | 3789 rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); |
3806 if (rv != SECSuccess) { | 3790 if (rv != SECSuccess) { |
3807 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); | 3791 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); |
3808 return rv; | 3792 return rv; |
3809 } | 3793 } |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3917 */ | 3901 */ |
3918 if (IS_DTLS(ss)) { | 3902 if (IS_DTLS(ss)) { |
3919 rv = dtls_StageHandshakeMessage(ss); | 3903 rv = dtls_StageHandshakeMessage(ss); |
3920 if (rv != SECSuccess) { | 3904 if (rv != SECSuccess) { |
3921 return rv; | 3905 return rv; |
3922 } | 3906 } |
3923 } | 3907 } |
3924 | 3908 |
3925 SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s", | 3909 SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s", |
3926 SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t))); | 3910 SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t))); |
3927 PRINT_BUF(60, (ss, "MD5 handshake hash:", | |
3928 (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH)); | |
3929 PRINT_BUF(95, (ss, "SHA handshake hash:", | |
3930 (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH)); | |
3931 | 3911 |
3932 rv = ssl3_AppendHandshakeNumber(ss, t, 1); | 3912 rv = ssl3_AppendHandshakeNumber(ss, t, 1); |
3933 if (rv != SECSuccess) { | 3913 if (rv != SECSuccess) { |
3934 return rv; /* error code set by AppendHandshake, if applicable. */ | 3914 return rv; /* error code set by AppendHandshake, if applicable. */ |
3935 } | 3915 } |
3936 rv = ssl3_AppendHandshakeNumber(ss, length, 3); | 3916 rv = ssl3_AppendHandshakeNumber(ss, length, 3); |
3937 if (rv != SECSuccess) { | 3917 if (rv != SECSuccess) { |
3938 return rv; /* error code set by AppendHandshake, if applicable. */ | 3918 return rv; /* error code set by AppendHandshake, if applicable. */ |
3939 } | 3919 } |
3940 | 3920 |
(...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4268 SECStatus rv = SECSuccess; | 4248 SECStatus rv = SECSuccess; |
4269 PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); | 4249 PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); |
4270 unsigned int outLength; | 4250 unsigned int outLength; |
4271 SSL3Opaque md5_inner[MAX_MAC_LENGTH]; | 4251 SSL3Opaque md5_inner[MAX_MAC_LENGTH]; |
4272 SSL3Opaque sha_inner[MAX_MAC_LENGTH]; | 4252 SSL3Opaque sha_inner[MAX_MAC_LENGTH]; |
4273 | 4253 |
4274 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 4254 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
4275 hashes->hashAlg = SEC_OID_UNKNOWN; | 4255 hashes->hashAlg = SEC_OID_UNKNOWN; |
4276 | 4256 |
4277 #ifndef NO_PKCS11_BYPASS | 4257 #ifndef NO_PKCS11_BYPASS |
4278 if (ss->opt.bypassPKCS11) { | 4258 if (ss->opt.bypassPKCS11 && |
| 4259 » ss->ssl3.hs.hashType == handshake_hash_single) { |
| 4260 » /* compute them without PKCS11 */ |
| 4261 » PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
| 4262 |
| 4263 » if (!spec->msItem.data) { |
| 4264 » PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
| 4265 » return SECFailure; |
| 4266 » } |
| 4267 |
| 4268 » ss->ssl3.hs.sha_clone(sha_cx, ss->ssl3.hs.sha_cx); |
| 4269 » ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len, |
| 4270 » » » » sizeof(hashes->u.raw)); |
| 4271 |
| 4272 » PRINT_BUF(60, (NULL, "SHA-256: result", hashes->u.raw, hashes->len)); |
| 4273 |
| 4274 » /* If we ever support ciphersuites where the PRF hash isn't SHA-256 |
| 4275 » * then this will need to be updated. */ |
| 4276 » hashes->hashAlg = SEC_OID_SHA256; |
| 4277 » rv = SECSuccess; |
| 4278 } else if (ss->opt.bypassPKCS11) { |
4279 /* compute them without PKCS11 */ | 4279 /* compute them without PKCS11 */ |
4280 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; | 4280 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
4281 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; | 4281 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
4282 | 4282 |
4283 #define md5cx ((MD5Context *)md5_cx) | 4283 #define md5cx ((MD5Context *)md5_cx) |
4284 #define shacx ((SHA1Context *)sha_cx) | 4284 #define shacx ((SHA1Context *)sha_cx) |
4285 | 4285 |
4286 if (!spec->msItem.data) { | 4286 if (!spec->msItem.data) { |
4287 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); | 4287 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
4288 return SECFailure; | 4288 return SECFailure; |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4353 SHA1_End(shacx, hashes->u.s.sha, &outLength, SHA1_LENGTH); | 4353 SHA1_End(shacx, hashes->u.s.sha, &outLength, SHA1_LENGTH); |
4354 | 4354 |
4355 PRINT_BUF(60, (NULL, "SHA outer: result", hashes->u.s.sha, SHA1_LENGTH))
; | 4355 PRINT_BUF(60, (NULL, "SHA outer: result", hashes->u.s.sha, SHA1_LENGTH))
; |
4356 | 4356 |
4357 hashes->len = MD5_LENGTH + SHA1_LENGTH; | 4357 hashes->len = MD5_LENGTH + SHA1_LENGTH; |
4358 rv = SECSuccess; | 4358 rv = SECSuccess; |
4359 #undef md5cx | 4359 #undef md5cx |
4360 #undef shacx | 4360 #undef shacx |
4361 } else | 4361 } else |
4362 #endif | 4362 #endif |
4363 if (ss->ssl3.hs.tls12_handshake_hash) { | 4363 if (ss->ssl3.hs.hashType == handshake_hash_single) { |
| 4364 » /* compute hashes with PKCS11 */ |
4364 PK11Context *h; | 4365 PK11Context *h; |
4365 unsigned int stateLen; | 4366 unsigned int stateLen; |
4366 unsigned char stackBuf[1024]; | 4367 unsigned char stackBuf[1024]; |
4367 unsigned char *stateBuf = NULL; | 4368 unsigned char *stateBuf = NULL; |
4368 | 4369 |
4369 if (!spec->master_secret) { | 4370 if (!spec->master_secret) { |
4370 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); | 4371 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
4371 return SECFailure; | 4372 return SECFailure; |
4372 } | 4373 } |
4373 | 4374 |
4374 » h = ss->ssl3.hs.tls12_handshake_hash; | 4375 » h = ss->ssl3.hs.sha; |
4375 stateBuf = PK11_SaveContextAlloc(h, stackBuf, | 4376 stateBuf = PK11_SaveContextAlloc(h, stackBuf, |
4376 sizeof(stackBuf), &stateLen); | 4377 sizeof(stackBuf), &stateLen); |
4377 if (stateBuf == NULL) { | 4378 if (stateBuf == NULL) { |
4378 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 4379 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
4379 goto tls12_loser; | 4380 goto tls12_loser; |
4380 } | 4381 } |
4381 rv |= PK11_DigestFinal(h, hashes->u.raw, &hashes->len, | 4382 rv |= PK11_DigestFinal(h, hashes->u.raw, &hashes->len, |
4382 sizeof(hashes->u.raw)); | 4383 sizeof(hashes->u.raw)); |
4383 if (rv != SECSuccess) { | 4384 if (rv != SECSuccess) { |
4384 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 4385 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
4385 rv = SECFailure; | 4386 rv = SECFailure; |
4386 goto tls12_loser; | 4387 goto tls12_loser; |
4387 } | 4388 } |
4388 /* If we ever support ciphersuites where the PRF hash isn't SHA-256 | 4389 /* If we ever support ciphersuites where the PRF hash isn't SHA-256 |
4389 * then this will need to be updated. */ | 4390 * then this will need to be updated. */ |
4390 hashes->hashAlg = SEC_OID_SHA256; | 4391 hashes->hashAlg = SEC_OID_SHA256; |
4391 rv = SECSuccess; | 4392 rv = SECSuccess; |
4392 | 4393 |
4393 tls12_loser: | 4394 tls12_loser: |
4394 if (stateBuf) { | 4395 if (stateBuf) { |
4395 » if (PK11_RestoreContext(ss->ssl3.hs.tls12_handshake_hash, stateBuf, | 4396 » if (PK11_RestoreContext(h, stateBuf, stateLen) != SECSuccess) { |
4396 » » » » stateLen) != SECSuccess) { | |
4397 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); | 4397 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); |
4398 rv = SECFailure; | 4398 rv = SECFailure; |
4399 } | 4399 } |
4400 if (stateBuf != stackBuf) { | 4400 if (stateBuf != stackBuf) { |
4401 PORT_ZFree(stateBuf, stateLen); | 4401 PORT_ZFree(stateBuf, stateLen); |
4402 } | 4402 } |
4403 } | 4403 } |
4404 } else { | 4404 } else { |
4405 » /* compute hases with PKCS11 */ | 4405 » /* compute hashes with PKCS11 */ |
4406 PK11Context * md5; | 4406 PK11Context * md5; |
4407 PK11Context * sha = NULL; | 4407 PK11Context * sha = NULL; |
4408 unsigned char *md5StateBuf = NULL; | 4408 unsigned char *md5StateBuf = NULL; |
4409 unsigned char *shaStateBuf = NULL; | 4409 unsigned char *shaStateBuf = NULL; |
4410 unsigned int md5StateLen, shaStateLen; | 4410 unsigned int md5StateLen, shaStateLen; |
4411 unsigned char md5StackBuf[256]; | 4411 unsigned char md5StackBuf[256]; |
4412 unsigned char shaStackBuf[512]; | 4412 unsigned char shaStackBuf[512]; |
4413 | 4413 |
4414 if (!spec->master_secret) { | 4414 if (!spec->master_secret) { |
4415 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); | 4415 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); |
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4560 ssl3_StartHandshakeHash(sslSocket *ss, unsigned char * buf, int length) | 4560 ssl3_StartHandshakeHash(sslSocket *ss, unsigned char * buf, int length) |
4561 { | 4561 { |
4562 SECStatus rv; | 4562 SECStatus rv; |
4563 | 4563 |
4564 ssl_GetSSL3HandshakeLock(ss); /**************************************/ | 4564 ssl_GetSSL3HandshakeLock(ss); /**************************************/ |
4565 | 4565 |
4566 rv = ssl3_InitState(ss); | 4566 rv = ssl3_InitState(ss); |
4567 if (rv != SECSuccess) { | 4567 if (rv != SECSuccess) { |
4568 goto done; /* ssl3_InitState has set the error code. */ | 4568 goto done; /* ssl3_InitState has set the error code. */ |
4569 } | 4569 } |
| 4570 rv = ssl3_RestartHandshakeHashes(ss); |
| 4571 if (rv != SECSuccess) { |
| 4572 goto done; |
| 4573 } |
4570 | 4574 |
4571 PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH); | 4575 PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH); |
4572 PORT_Memcpy( | 4576 PORT_Memcpy( |
4573 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - SSL_CHALLENGE_BYTES
], | 4577 &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - SSL_CHALLENGE_BYTES
], |
4574 &ss->sec.ci.clientChallenge, | 4578 &ss->sec.ci.clientChallenge, |
4575 SSL_CHALLENGE_BYTES); | 4579 SSL_CHALLENGE_BYTES); |
4576 | 4580 |
4577 rv = ssl3_UpdateHandshakeHashes(ss, buf, length); | 4581 rv = ssl3_UpdateHandshakeHashes(ss, buf, length); |
4578 /* if it failed, ssl3_UpdateHandshakeHashes has set the error code. */ | 4582 /* if it failed, ssl3_UpdateHandshakeHashes has set the error code. */ |
4579 | 4583 |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4619 return rv; /* ssl3_InitState has set the error code. */ | 4623 return rv; /* ssl3_InitState has set the error code. */ |
4620 } | 4624 } |
4621 ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ | 4625 ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ |
4622 PORT_Assert(IS_DTLS(ss) || !resending); | 4626 PORT_Assert(IS_DTLS(ss) || !resending); |
4623 | 4627 |
4624 /* We might be starting a session renegotiation in which case we should | 4628 /* We might be starting a session renegotiation in which case we should |
4625 * clear previous state. | 4629 * clear previous state. |
4626 */ | 4630 */ |
4627 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 4631 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
4628 | 4632 |
4629 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", | |
4630 SSL_GETPID(), ss->fd )); | |
4631 rv = ssl3_RestartHandshakeHashes(ss); | 4633 rv = ssl3_RestartHandshakeHashes(ss); |
4632 if (rv != SECSuccess) { | 4634 if (rv != SECSuccess) { |
4633 return rv; | 4635 return rv; |
4634 } | 4636 } |
4635 | 4637 |
4636 /* | 4638 /* |
4637 * During a renegotiation, ss->clientHelloVersion will be used again to | 4639 * During a renegotiation, ss->clientHelloVersion will be used again to |
4638 * work around a Windows SChannel bug. Ensure that it is still enabled. | 4640 * work around a Windows SChannel bug. Ensure that it is still enabled. |
4639 */ | 4641 */ |
4640 if (ss->firstHsDone) { | 4642 if (ss->firstHsDone) { |
(...skipping 1249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5890 SECItem sidBytes = {siBuffer, NULL, 0}; | 5892 SECItem sidBytes = {siBuffer, NULL, 0}; |
5891 PRBool sid_match; | 5893 PRBool sid_match; |
5892 PRBool isTLS = PR_FALSE; | 5894 PRBool isTLS = PR_FALSE; |
5893 SSL3AlertDescription desc = illegal_parameter; | 5895 SSL3AlertDescription desc = illegal_parameter; |
5894 SSL3ProtocolVersion version; | 5896 SSL3ProtocolVersion version; |
5895 | 5897 |
5896 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake", | 5898 SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake", |
5897 SSL_GETPID(), ss->fd)); | 5899 SSL_GETPID(), ss->fd)); |
5898 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 5900 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
5899 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 5901 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
| 5902 PORT_Assert( ss->ssl3.initialized ); |
5900 | 5903 |
5901 rv = ssl3_InitState(ss); | |
5902 if (rv != SECSuccess) { | |
5903 errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */ | |
5904 goto alert_loser; | |
5905 } | |
5906 if (ss->ssl3.hs.ws != wait_server_hello) { | 5904 if (ss->ssl3.hs.ws != wait_server_hello) { |
5907 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; | 5905 errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO; |
5908 desc = unexpected_message; | 5906 desc = unexpected_message; |
5909 goto alert_loser; | 5907 goto alert_loser; |
5910 } | 5908 } |
5911 | 5909 |
5912 /* clean up anything left from previous handshake. */ | 5910 /* clean up anything left from previous handshake. */ |
5913 if (ss->ssl3.clientCertChain != NULL) { | 5911 if (ss->ssl3.clientCertChain != NULL) { |
5914 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); | 5912 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); |
5915 ss->ssl3.clientCertChain = NULL; | 5913 ss->ssl3.clientCertChain = NULL; |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5963 | 5961 |
5964 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); | 5962 rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); |
5965 if (rv != SECSuccess) { | 5963 if (rv != SECSuccess) { |
5966 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | 5964 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
5967 : handshake_failure; | 5965 : handshake_failure; |
5968 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 5966 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
5969 goto alert_loser; | 5967 goto alert_loser; |
5970 } | 5968 } |
5971 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); | 5969 isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); |
5972 | 5970 |
5973 rv = ssl3_InitTLS12HandshakeHash(ss); | 5971 rv = ssl3_InitHandshakeHashes(ss); |
5974 if (rv != SECSuccess) { | 5972 if (rv != SECSuccess) { |
5975 desc = internal_error; | 5973 desc = internal_error; |
5976 errCode = PORT_GetError(); | 5974 errCode = PORT_GetError(); |
5977 goto alert_loser; | 5975 goto alert_loser; |
5978 } | 5976 } |
5979 | 5977 |
5980 rv = ssl3_ConsumeHandshake( | 5978 rv = ssl3_ConsumeHandshake( |
5981 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); | 5979 ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); |
5982 if (rv != SECSuccess) { | 5980 if (rv != SECSuccess) { |
5983 goto loser; /* alert has been sent */ | 5981 goto loser; /* alert has been sent */ |
(...skipping 1317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7301 SECItem suites = {siBuffer, NULL, 0}; | 7299 SECItem suites = {siBuffer, NULL, 0}; |
7302 SECItem comps = {siBuffer, NULL, 0}; | 7300 SECItem comps = {siBuffer, NULL, 0}; |
7303 PRBool haveSpecWriteLock = PR_FALSE; | 7301 PRBool haveSpecWriteLock = PR_FALSE; |
7304 PRBool haveXmitBufLock = PR_FALSE; | 7302 PRBool haveXmitBufLock = PR_FALSE; |
7305 | 7303 |
7306 SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", | 7304 SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", |
7307 SSL_GETPID(), ss->fd)); | 7305 SSL_GETPID(), ss->fd)); |
7308 | 7306 |
7309 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 7307 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
7310 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 7308 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
| 7309 PORT_Assert( ss->ssl3.initialized ); |
7311 | 7310 |
7312 /* Get peer name of client */ | 7311 /* Get peer name of client */ |
7313 rv = ssl_GetPeerInfo(ss); | 7312 rv = ssl_GetPeerInfo(ss); |
7314 if (rv != SECSuccess) { | 7313 if (rv != SECSuccess) { |
7315 return rv; /* error code is set. */ | 7314 return rv; /* error code is set. */ |
7316 } | 7315 } |
7317 | 7316 |
7318 /* Clearing the handshake pointers so that ssl_Do1stHandshake won't | 7317 /* Clearing the handshake pointers so that ssl_Do1stHandshake won't |
7319 * call ssl2_HandleMessage. | 7318 * call ssl2_HandleMessage. |
7320 * | 7319 * |
7321 * The issue here is that TLS ordinarily starts out in | 7320 * The issue here is that TLS ordinarily starts out in |
7322 * ssl2_HandleV3HandshakeRecord() because of the backward-compatibility | 7321 * ssl2_HandleV3HandshakeRecord() because of the backward-compatibility |
7323 * code paths. That function zeroes these next pointers. But with DTLS, | 7322 * code paths. That function zeroes these next pointers. But with DTLS, |
7324 * we don't even try to do the v2 ClientHello so we skip that function | 7323 * we don't even try to do the v2 ClientHello so we skip that function |
7325 * and need to reset these values here. | 7324 * and need to reset these values here. |
7326 */ | 7325 */ |
7327 if (IS_DTLS(ss)) { | 7326 if (IS_DTLS(ss)) { |
7328 ss->nextHandshake = 0; | 7327 ss->nextHandshake = 0; |
7329 ss->securityHandshake = 0; | 7328 ss->securityHandshake = 0; |
7330 } | 7329 } |
7331 | 7330 |
7332 /* We might be starting session renegotiation in which case we should | 7331 /* We might be starting session renegotiation in which case we should |
7333 * clear previous state. | 7332 * clear previous state. |
7334 */ | 7333 */ |
7335 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 7334 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
7336 ss->statelessResume = PR_FALSE; | 7335 ss->statelessResume = PR_FALSE; |
7337 | 7336 |
7338 rv = ssl3_InitState(ss); | |
7339 if (rv != SECSuccess) { | |
7340 return rv; /* ssl3_InitState has set the error code. */ | |
7341 } | |
7342 | |
7343 if ((ss->ssl3.hs.ws != wait_client_hello) && | 7337 if ((ss->ssl3.hs.ws != wait_client_hello) && |
7344 (ss->ssl3.hs.ws != idle_handshake)) { | 7338 (ss->ssl3.hs.ws != idle_handshake)) { |
7345 desc = unexpected_message; | 7339 desc = unexpected_message; |
7346 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; | 7340 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; |
7347 goto alert_loser; | 7341 goto alert_loser; |
7348 } | 7342 } |
7349 if (ss->ssl3.hs.ws == idle_handshake && | 7343 if (ss->ssl3.hs.ws == idle_handshake && |
7350 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { | 7344 ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { |
7351 desc = no_renegotiation; | 7345 desc = no_renegotiation; |
7352 level = alert_warning; | 7346 level = alert_warning; |
(...skipping 18 matching lines...) Expand all Loading... |
7371 } | 7365 } |
7372 | 7366 |
7373 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); | 7367 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); |
7374 if (rv != SECSuccess) { | 7368 if (rv != SECSuccess) { |
7375 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version | 7369 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version |
7376 : handshake_failure; | 7370 : handshake_failure; |
7377 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 7371 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
7378 goto alert_loser; | 7372 goto alert_loser; |
7379 } | 7373 } |
7380 | 7374 |
7381 rv = ssl3_InitTLS12HandshakeHash(ss); | 7375 rv = ssl3_InitHandshakeHashes(ss); |
7382 if (rv != SECSuccess) { | 7376 if (rv != SECSuccess) { |
7383 desc = internal_error; | 7377 desc = internal_error; |
7384 errCode = PORT_GetError(); | 7378 errCode = PORT_GetError(); |
7385 goto alert_loser; | 7379 goto alert_loser; |
7386 } | 7380 } |
7387 | 7381 |
7388 /* grab the client random data. */ | 7382 /* grab the client random data. */ |
7389 rv = ssl3_ConsumeHandshake( | 7383 rv = ssl3_ConsumeHandshake( |
7390 ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length); | 7384 ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length); |
7391 if (rv != SECSuccess) { | 7385 if (rv != SECSuccess) { |
(...skipping 707 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8099 | 8093 |
8100 ssl_GetSSL3HandshakeLock(ss); | 8094 ssl_GetSSL3HandshakeLock(ss); |
8101 | 8095 |
8102 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 8096 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
8103 | 8097 |
8104 rv = ssl3_InitState(ss); | 8098 rv = ssl3_InitState(ss); |
8105 if (rv != SECSuccess) { | 8099 if (rv != SECSuccess) { |
8106 ssl_ReleaseSSL3HandshakeLock(ss); | 8100 ssl_ReleaseSSL3HandshakeLock(ss); |
8107 return rv; /* ssl3_InitState has set the error code. */ | 8101 return rv; /* ssl3_InitState has set the error code. */ |
8108 } | 8102 } |
| 8103 rv = ssl3_RestartHandshakeHashes(ss); |
| 8104 if (rv != SECSuccess) { |
| 8105 ssl_ReleaseSSL3HandshakeLock(ss); |
| 8106 return rv; |
| 8107 } |
8109 | 8108 |
8110 if (ss->ssl3.hs.ws != wait_client_hello) { | 8109 if (ss->ssl3.hs.ws != wait_client_hello) { |
8111 desc = unexpected_message; | 8110 desc = unexpected_message; |
8112 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; | 8111 errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; |
8113 goto loser; /* alert_loser */ | 8112 goto loser; /* alert_loser */ |
8114 } | 8113 } |
8115 | 8114 |
8116 version = (buffer[1] << 8) | buffer[2]; | 8115 version = (buffer[1] << 8) | buffer[2]; |
8117 suite_length = (buffer[3] << 8) | buffer[4]; | 8116 suite_length = (buffer[3] << 8) | buffer[4]; |
8118 sid_length = (buffer[5] << 8) | buffer[6]; | 8117 sid_length = (buffer[5] << 8) | buffer[6]; |
8119 rand_length = (buffer[7] << 8) | buffer[8]; | 8118 rand_length = (buffer[7] << 8) | buffer[8]; |
8120 ss->clientHelloVersion = version; | 8119 ss->clientHelloVersion = version; |
8121 | 8120 |
8122 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); | 8121 rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); |
8123 if (rv != SECSuccess) { | 8122 if (rv != SECSuccess) { |
8124 /* send back which ever alert client will understand. */ | 8123 /* send back which ever alert client will understand. */ |
8125 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshak
e_failure; | 8124 desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshak
e_failure; |
8126 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 8125 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
8127 goto alert_loser; | 8126 goto alert_loser; |
8128 } | 8127 } |
8129 | 8128 |
8130 rv = ssl3_InitTLS12HandshakeHash(ss); | 8129 rv = ssl3_InitHandshakeHashes(ss); |
8131 if (rv != SECSuccess) { | 8130 if (rv != SECSuccess) { |
8132 desc = internal_error; | 8131 desc = internal_error; |
8133 errCode = PORT_GetError(); | 8132 errCode = PORT_GetError(); |
8134 goto alert_loser; | 8133 goto alert_loser; |
8135 } | 8134 } |
8136 | 8135 |
8137 /* if we get a non-zero SID, just ignore it. */ | 8136 /* if we get a non-zero SID, just ignore it. */ |
8138 if (length != | 8137 if (length != |
8139 SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) { | 8138 SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) { |
8140 SSL_DBG(("%d: SSL3[%d]: bad v2 client hello message, len=%d should=%d", | 8139 SSL_DBG(("%d: SSL3[%d]: bad v2 client hello message, len=%d should=%d", |
(...skipping 710 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8851 unsigned int outLen = 0; | 8850 unsigned int outLen = 0; |
8852 #endif | 8851 #endif |
8853 PRBool isTLS = PR_FALSE; | 8852 PRBool isTLS = PR_FALSE; |
8854 SECStatus rv; | 8853 SECStatus rv; |
8855 SECItem enc_pms; | 8854 SECItem enc_pms; |
8856 unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; | 8855 unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; |
8857 SECItem pmsItem = {siBuffer, NULL, 0}; | 8856 SECItem pmsItem = {siBuffer, NULL, 0}; |
8858 | 8857 |
8859 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 8858 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
8860 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 8859 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
| 8860 PORT_Assert( ss->ssl3.prSpec == ss->ssl3.pwSpec ); |
8861 | 8861 |
8862 enc_pms.data = b; | 8862 enc_pms.data = b; |
8863 enc_pms.len = length; | 8863 enc_pms.len = length; |
8864 pmsItem.data = rsaPmsBuf; | 8864 pmsItem.data = rsaPmsBuf; |
8865 pmsItem.len = sizeof rsaPmsBuf; | 8865 pmsItem.len = sizeof rsaPmsBuf; |
8866 | 8866 |
8867 if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */ | 8867 if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */ |
8868 PRInt32 kLen; | 8868 PRInt32 kLen; |
8869 kLen = ssl3_ConsumeHandshakeNumber(ss, 2, &enc_pms.data, &enc_pms.len); | 8869 kLen = ssl3_ConsumeHandshakeNumber(ss, 2, &enc_pms.data, &enc_pms.len); |
8870 if (kLen < 0) { | 8870 if (kLen < 0) { |
(...skipping 1008 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9879 rv = SECFailure; | 9879 rv = SECFailure; |
9880 #else | 9880 #else |
9881 SECItem inData = { siBuffer, }; | 9881 SECItem inData = { siBuffer, }; |
9882 SECItem outData = { siBuffer, }; | 9882 SECItem outData = { siBuffer, }; |
9883 PRBool isFIPS = PR_FALSE; | 9883 PRBool isFIPS = PR_FALSE; |
9884 | 9884 |
9885 inData.data = (unsigned char *) val; | 9885 inData.data = (unsigned char *) val; |
9886 inData.len = valLen; | 9886 inData.len = valLen; |
9887 outData.data = out; | 9887 outData.data = out; |
9888 outData.len = outLen; | 9888 outData.len = outLen; |
9889 » rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); | 9889 » if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { |
| 9890 » rv = TLS_P_hash(HASH_AlgSHA256, &spec->msItem, label, &inData, |
| 9891 » » » &outData, isFIPS); |
| 9892 » } else { |
| 9893 » rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); |
| 9894 » } |
9890 PORT_Assert(rv != SECSuccess || outData.len == outLen); | 9895 PORT_Assert(rv != SECSuccess || outData.len == outLen); |
9891 #endif | 9896 #endif |
9892 } | 9897 } |
9893 return rv; | 9898 return rv; |
9894 } | 9899 } |
9895 | 9900 |
9896 /* called from ssl3_HandleServerHelloDone | 9901 /* called from ssl3_HandleServerHelloDone |
9897 */ | 9902 */ |
9898 static SECStatus | 9903 static SECStatus |
9899 ssl3_SendNextProto(sslSocket *ss) | 9904 ssl3_SendNextProto(sslSocket *ss) |
(...skipping 653 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
10553 rSpec = ss->ssl3.crSpec; | 10558 rSpec = ss->ssl3.crSpec; |
10554 } | 10559 } |
10555 rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); | 10560 rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); |
10556 } | 10561 } |
10557 ssl_ReleaseSpecReadLock(ss); /************************************/ | 10562 ssl_ReleaseSpecReadLock(ss); /************************************/ |
10558 if (rv != SECSuccess) { | 10563 if (rv != SECSuccess) { |
10559 return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/ | 10564 return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/ |
10560 } | 10565 } |
10561 SSL_TRC(30,("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(), | 10566 SSL_TRC(30,("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(), |
10562 ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type))); | 10567 ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type))); |
10563 PRINT_BUF(60, (ss, "MD5 handshake hash:", | |
10564 (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH)); | |
10565 PRINT_BUF(95, (ss, "SHA handshake hash:", | |
10566 (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH)); | |
10567 | 10568 |
10568 hdr[0] = (PRUint8)ss->ssl3.hs.msg_type; | 10569 hdr[0] = (PRUint8)ss->ssl3.hs.msg_type; |
10569 hdr[1] = (PRUint8)(length >> 16); | 10570 hdr[1] = (PRUint8)(length >> 16); |
10570 hdr[2] = (PRUint8)(length >> 8); | 10571 hdr[2] = (PRUint8)(length >> 8); |
10571 hdr[3] = (PRUint8)(length ); | 10572 hdr[3] = (PRUint8)(length ); |
10572 | 10573 |
10573 /* Start new handshake hashes when we start a new handshake */ | 10574 /* Start new handshake hashes when we start a new handshake */ |
10574 if (ss->ssl3.hs.msg_type == client_hello) { | 10575 if (ss->ssl3.hs.msg_type == client_hello) { |
10575 SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", | |
10576 SSL_GETPID(), ss->fd )); | |
10577 rv = ssl3_RestartHandshakeHashes(ss); | 10576 rv = ssl3_RestartHandshakeHashes(ss); |
10578 if (rv != SECSuccess) { | 10577 if (rv != SECSuccess) { |
10579 return rv; | 10578 return rv; |
10580 } | 10579 } |
10581 } | 10580 } |
10582 /* We should not include hello_request and hello_verify_request messages | 10581 /* We should not include hello_request and hello_verify_request messages |
10583 * in the handshake hashes */ | 10582 * in the handshake hashes */ |
10584 if ((ss->ssl3.hs.msg_type != hello_request) && | 10583 if ((ss->ssl3.hs.msg_type != hello_request) && |
10585 (ss->ssl3.hs.msg_type != hello_verify_request)) { | 10584 (ss->ssl3.hs.msg_type != hello_verify_request)) { |
10586 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); | 10585 rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4); |
(...skipping 932 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
11519 | 11518 |
11520 spec->epoch = 0; | 11519 spec->epoch = 0; |
11521 dtls_InitRecvdRecords(&spec->recvdRecords); | 11520 dtls_InitRecvdRecords(&spec->recvdRecords); |
11522 | 11521 |
11523 spec->version = ss->vrange.max; | 11522 spec->version = ss->vrange.max; |
11524 } | 11523 } |
11525 | 11524 |
11526 /* Called from: ssl3_SendRecord | 11525 /* Called from: ssl3_SendRecord |
11527 ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake() | 11526 ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake() |
11528 ** ssl3_SendClientHello() | 11527 ** ssl3_SendClientHello() |
11529 ** ssl3_HandleServerHello() | |
11530 ** ssl3_HandleClientHello() | |
11531 ** ssl3_HandleV2ClientHello() | 11528 ** ssl3_HandleV2ClientHello() |
11532 ** ssl3_HandleRecord() | 11529 ** ssl3_HandleRecord() |
11533 ** | 11530 ** |
11534 ** This function should perhaps acquire and release the SpecWriteLock. | 11531 ** This function should perhaps acquire and release the SpecWriteLock. |
11535 ** | 11532 ** |
11536 ** | 11533 ** |
11537 */ | 11534 */ |
11538 static SECStatus | 11535 static SECStatus |
11539 ssl3_InitState(sslSocket *ss) | 11536 ssl3_InitState(sslSocket *ss) |
11540 { | 11537 { |
11541 SECStatus rv; | |
11542 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 11538 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
11543 | 11539 |
11544 if (ss->ssl3.initialized) | 11540 if (ss->ssl3.initialized) |
11545 return SECSuccess; /* Function should be idempotent */ | 11541 return SECSuccess; /* Function should be idempotent */ |
11546 | 11542 |
11547 ss->ssl3.policy = SSL_ALLOWED; | 11543 ss->ssl3.policy = SSL_ALLOWED; |
11548 | 11544 |
11549 ssl_GetSpecWriteLock(ss); | 11545 ssl_GetSpecWriteLock(ss); |
11550 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; | 11546 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; |
11551 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; | 11547 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; |
(...skipping 12 matching lines...) Expand all Loading... |
11564 if (IS_DTLS(ss)) { | 11560 if (IS_DTLS(ss)) { |
11565 ss->ssl3.hs.sendMessageSeq = 0; | 11561 ss->ssl3.hs.sendMessageSeq = 0; |
11566 ss->ssl3.hs.recvMessageSeq = 0; | 11562 ss->ssl3.hs.recvMessageSeq = 0; |
11567 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; | 11563 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; |
11568 ss->ssl3.hs.rtRetries = 0; | 11564 ss->ssl3.hs.rtRetries = 0; |
11569 ss->ssl3.hs.recvdHighWater = -1; | 11565 ss->ssl3.hs.recvdHighWater = -1; |
11570 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); | 11566 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); |
11571 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */ | 11567 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */ |
11572 } | 11568 } |
11573 | 11569 |
11574 rv = ssl3_NewHandshakeHashes(ss); | 11570 PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space); |
11575 if (rv == SECSuccess) { | 11571 ss->ssl3.hs.messages.buf = NULL; |
11576 » ss->ssl3.initialized = PR_TRUE; | 11572 ss->ssl3.hs.messages.space = 0; |
11577 } | |
11578 | 11573 |
11579 return rv; | 11574 ss->ssl3.initialized = PR_TRUE; |
| 11575 return SECSuccess; |
11580 } | 11576 } |
11581 | 11577 |
11582 /* Returns a reference counted object that contains a key pair. | 11578 /* Returns a reference counted object that contains a key pair. |
11583 * Or NULL on failure. Initial ref count is 1. | 11579 * Or NULL on failure. Initial ref count is 1. |
11584 * Uses the keys in the pair as input. | 11580 * Uses the keys in the pair as input. |
11585 */ | 11581 */ |
11586 ssl3KeyPair * | 11582 ssl3KeyPair * |
11587 ssl3_NewKeyPair( SECKEYPrivateKey * privKey, SECKEYPublicKey * pubKey) | 11583 ssl3_NewKeyPair( SECKEYPrivateKey * privKey, SECKEYPublicKey * pubKey) |
11588 { | 11584 { |
11589 ssl3KeyPair * pair; | 11585 ssl3KeyPair * pair; |
(...skipping 345 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
11935 ssl3_CleanupPeerCerts(ss); | 11931 ssl3_CleanupPeerCerts(ss); |
11936 | 11932 |
11937 if (ss->ssl3.clientCertChain != NULL) { | 11933 if (ss->ssl3.clientCertChain != NULL) { |
11938 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); | 11934 CERT_DestroyCertificateList(ss->ssl3.clientCertChain); |
11939 ss->ssl3.clientCertChain = NULL; | 11935 ss->ssl3.clientCertChain = NULL; |
11940 } | 11936 } |
11941 | 11937 |
11942 /* clean up handshake */ | 11938 /* clean up handshake */ |
11943 #ifndef NO_PKCS11_BYPASS | 11939 #ifndef NO_PKCS11_BYPASS |
11944 if (ss->opt.bypassPKCS11) { | 11940 if (ss->opt.bypassPKCS11) { |
11945 » SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); | 11941 » if (ss->ssl3.hs.hashType == handshake_hash_combo) { |
11946 » MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); | 11942 » SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); |
| 11943 » MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); |
| 11944 » } else if (ss->ssl3.hs.hashType == handshake_hash_single) { |
| 11945 » ss->ssl3.hs.sha_obj->destroy(ss->ssl3.hs.sha_cx, PR_FALSE); |
| 11946 » } |
11947 } | 11947 } |
11948 #endif | 11948 #endif |
11949 if (ss->ssl3.hs.md5) { | 11949 if (ss->ssl3.hs.md5) { |
11950 PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); | 11950 PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); |
11951 } | 11951 } |
11952 if (ss->ssl3.hs.sha) { | 11952 if (ss->ssl3.hs.sha) { |
11953 PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); | 11953 PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE); |
11954 } | 11954 } |
11955 if (ss->ssl3.hs.tls12_handshake_hash) { | |
11956 PK11_DestroyContext(ss->ssl3.hs.tls12_handshake_hash,PR_TRUE); | |
11957 } | |
11958 if (ss->ssl3.hs.clientSigAndHash) { | 11955 if (ss->ssl3.hs.clientSigAndHash) { |
11959 PORT_Free(ss->ssl3.hs.clientSigAndHash); | 11956 PORT_Free(ss->ssl3.hs.clientSigAndHash); |
11960 } | 11957 } |
11961 if (ss->ssl3.hs.messages.buf) { | 11958 if (ss->ssl3.hs.messages.buf) { |
11962 PORT_Free(ss->ssl3.hs.messages.buf); | 11959 PORT_Free(ss->ssl3.hs.messages.buf); |
11963 ss->ssl3.hs.messages.buf = NULL; | 11960 ss->ssl3.hs.messages.buf = NULL; |
11964 ss->ssl3.hs.messages.len = 0; | 11961 ss->ssl3.hs.messages.len = 0; |
11965 ss->ssl3.hs.messages.space = 0; | 11962 ss->ssl3.hs.messages.space = 0; |
11966 } | 11963 } |
11967 | 11964 |
(...skipping 11 matching lines...) Expand all Loading... |
11979 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 11976 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
11980 } | 11977 } |
11981 } | 11978 } |
11982 | 11979 |
11983 ss->ssl3.initialized = PR_FALSE; | 11980 ss->ssl3.initialized = PR_FALSE; |
11984 | 11981 |
11985 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 11982 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
11986 } | 11983 } |
11987 | 11984 |
11988 /* End of ssl3con.c */ | 11985 /* End of ssl3con.c */ |
OLD | NEW |