| Index: net/third_party/nss/ssl/ssl3con.c
|
| ===================================================================
|
| --- net/third_party/nss/ssl/ssl3con.c (revision 206496)
|
| +++ net/third_party/nss/ssl/ssl3con.c (working copy)
|
| @@ -69,7 +69,6 @@
|
| static SECStatus ssl3_SendServerHello( sslSocket *ss);
|
| static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
|
| static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss);
|
| -static SECStatus ssl3_NewHandshakeHashes( sslSocket *ss);
|
| static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss,
|
| const unsigned char *b,
|
| unsigned int l);
|
| @@ -1072,6 +1071,9 @@
|
| } else if (hashAlg == SEC_OID_SHA384) {
|
| SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen);
|
| hashes->len = SHA384_LENGTH;
|
| + } else if (hashAlg == SEC_OID_SHA512) {
|
| + SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen);
|
| + hashes->len = SHA512_LENGTH;
|
| } else {
|
| PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
| return SECFailure;
|
| @@ -1535,7 +1537,8 @@
|
| }
|
|
|
| #ifndef NO_PKCS11_BYPASS
|
| -/* Initialize encryption and MAC contexts for pending spec.
|
| +/* Initialize encryption contexts for pending spec.
|
| + * MAC contexts are set up when computing the mac, not here.
|
| * Master Secret already is derived in spec->msItem
|
| * Caller holds Spec write lock.
|
| */
|
| @@ -1551,7 +1554,6 @@
|
| unsigned int optArg1 = 0;
|
| unsigned int optArg2 = 0;
|
| PRBool server_encrypts = ss->sec.isServer;
|
| - CK_ULONG macLength;
|
| SSLCipherAlgorithm calg;
|
| SSLCompressionMethod compression_method;
|
| SECStatus rv;
|
| @@ -1562,12 +1564,7 @@
|
|
|
| pwSpec = ss->ssl3.pwSpec;
|
| cipher_def = pwSpec->cipher_def;
|
| - macLength = pwSpec->mac_size;
|
|
|
| - /* MAC setup is done when computing the mac, not here.
|
| - * Now setup the crypto contexts.
|
| - */
|
| -
|
| calg = cipher_def->calg;
|
| compression_method = pwSpec->compression_method;
|
|
|
| @@ -3459,18 +3456,6 @@
|
| */
|
| rv = PK11_ExtractKeyValue(pwSpec->master_secret);
|
| if (rv != SECSuccess) {
|
| -#if defined(NSS_SURVIVE_DOUBLE_BYPASS_FAILURE)
|
| - /* The double bypass failed.
|
| - * Attempt to revert to an all PKCS#11, non-bypass method.
|
| - * Do we need any unacquired locks here?
|
| - */
|
| - ss->opt.bypassPKCS11 = 0;
|
| - rv = ssl3_NewHandshakeHashes(ss);
|
| - if (rv == SECSuccess) {
|
| - rv = ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf,
|
| - ss->ssl3.hs.messages.len);
|
| - }
|
| -#endif
|
| return rv;
|
| }
|
| /* This returns the address of the secItem inside the key struct,
|
| @@ -3640,34 +3625,90 @@
|
| return SECFailure;
|
| }
|
|
|
| -/* ssl3_InitTLS12HandshakeHash creates a handshake hash context for TLS 1.2,
|
| - * if needed, and hashes in any buffered messages in ss->ssl3.hs.messages. */
|
| +/* ssl3_InitHandshakeHashes creates handshake hash contexts and hashes in
|
| + * buffered messages in ss->ssl3.hs.messages. */
|
| static SECStatus
|
| -ssl3_InitTLS12HandshakeHash(sslSocket *ss)
|
| +ssl3_InitHandshakeHashes(sslSocket *ss)
|
| {
|
| - if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2 &&
|
| - ss->ssl3.hs.tls12_handshake_hash == NULL) {
|
| - /* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
| - * then this will need to be updated. */
|
| - ss->ssl3.hs.tls12_handshake_hash =
|
| - PK11_CreateDigestContext(SEC_OID_SHA256);
|
| - if (!ss->ssl3.hs.tls12_handshake_hash ||
|
| - PK11_DigestBegin(ss->ssl3.hs.tls12_handshake_hash) != SECSuccess) {
|
| - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
| - return SECFailure;
|
| + SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd));
|
| +
|
| + PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_unknown);
|
| +#ifndef NO_PKCS11_BYPASS
|
| + if (ss->opt.bypassPKCS11) {
|
| + PORT_Assert(!ss->ssl3.hs.sha_obj && !ss->ssl3.hs.sha_clone);
|
| + if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
| + /* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
| + * then this will need to be updated. */
|
| + ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256);
|
| + if (!ss->ssl3.hs.sha_obj) {
|
| + ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
| + return SECFailure;
|
| + }
|
| + ss->ssl3.hs.sha_clone = (void (*)(void *, void *))SHA256_Clone;
|
| + ss->ssl3.hs.hashType = handshake_hash_single;
|
| + ss->ssl3.hs.sha_obj->begin(ss->ssl3.hs.sha_cx);
|
| + } else {
|
| + ss->ssl3.hs.hashType = handshake_hash_combo;
|
| + MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx);
|
| + SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx);
|
| }
|
| - }
|
| + } else
|
| +#endif
|
| + {
|
| + PORT_Assert(!ss->ssl3.hs.md5 && !ss->ssl3.hs.sha);
|
| + /*
|
| + * note: We should probably lookup an SSL3 slot for these
|
| + * handshake hashes in hopes that we wind up with the same slots
|
| + * that the master secret will wind up in ...
|
| + */
|
| + if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
| + /* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
| + * then this will need to be updated. */
|
| + ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA256);
|
| + if (ss->ssl3.hs.sha == NULL) {
|
| + ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
|
| + return SECFailure;
|
| + }
|
| + ss->ssl3.hs.hashType = handshake_hash_single;
|
|
|
| - if (ss->ssl3.hs.tls12_handshake_hash && ss->ssl3.hs.messages.len > 0) {
|
| - if (PK11_DigestOp(ss->ssl3.hs.tls12_handshake_hash,
|
| - ss->ssl3.hs.messages.buf,
|
| - ss->ssl3.hs.messages.len) != SECSuccess) {
|
| - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
| - return SECFailure;
|
| + if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {
|
| + ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
| + return SECFailure;
|
| + }
|
| + } else {
|
| + /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or
|
| + * created successfully. */
|
| + ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5);
|
| + if (ss->ssl3.hs.md5 == NULL) {
|
| + ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
|
| + return SECFailure;
|
| + }
|
| + ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1);
|
| + if (ss->ssl3.hs.sha == NULL) {
|
| + PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE);
|
| + ss->ssl3.hs.md5 = NULL;
|
| + ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
|
| + return SECFailure;
|
| + }
|
| + ss->ssl3.hs.hashType = handshake_hash_combo;
|
| +
|
| + if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) {
|
| + ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
|
| + return SECFailure;
|
| + }
|
| + if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {
|
| + ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
|
| + return SECFailure;
|
| + }
|
| }
|
| }
|
|
|
| - if (ss->ssl3.hs.messages.buf && !ss->opt.bypassPKCS11) {
|
| + if (ss->ssl3.hs.messages.len > 0) {
|
| + if (ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf,
|
| + ss->ssl3.hs.messages.len) !=
|
| + SECSuccess) {
|
| + return SECFailure;
|
| + }
|
| PORT_Free(ss->ssl3.hs.messages.buf);
|
| ss->ssl3.hs.messages.buf = NULL;
|
| ss->ssl3.hs.messages.len = 0;
|
| @@ -3682,83 +3723,30 @@
|
| {
|
| SECStatus rv = SECSuccess;
|
|
|
| + SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes",
|
| + SSL_GETPID(), ss->fd ));
|
| + ss->ssl3.hs.hashType = handshake_hash_unknown;
|
| ss->ssl3.hs.messages.len = 0;
|
| #ifndef NO_PKCS11_BYPASS
|
| - if (ss->opt.bypassPKCS11) {
|
| - MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx);
|
| - SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx);
|
| - } else
|
| + ss->ssl3.hs.sha_obj = NULL;
|
| + ss->ssl3.hs.sha_clone = NULL;
|
| #endif
|
| - {
|
| - if (ss->ssl3.hs.tls12_handshake_hash) {
|
| - rv = PK11_DigestBegin(ss->ssl3.hs.tls12_handshake_hash);
|
| - if (rv != SECSuccess) {
|
| - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
| - return rv;
|
| - }
|
| - }
|
| - rv = PK11_DigestBegin(ss->ssl3.hs.md5);
|
| - if (rv != SECSuccess) {
|
| - ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
|
| - return rv;
|
| - }
|
| - rv = PK11_DigestBegin(ss->ssl3.hs.sha);
|
| - if (rv != SECSuccess) {
|
| - ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
|
| - return rv;
|
| - }
|
| - }
|
| - return rv;
|
| -}
|
| -
|
| -static SECStatus
|
| -ssl3_NewHandshakeHashes(sslSocket *ss)
|
| -{
|
| - PK11Context *md5 = NULL;
|
| - PK11Context *sha = NULL;
|
| -
|
| - /*
|
| - * note: We should probably lookup an SSL3 slot for these
|
| - * handshake hashes in hopes that we wind up with the same slots
|
| - * that the master secret will wind up in ...
|
| - */
|
| - SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd));
|
| - PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space);
|
| - ss->ssl3.hs.messages.buf = NULL;
|
| - ss->ssl3.hs.messages.space = 0;
|
| -
|
| - ss->ssl3.hs.md5 = md5 = PK11_CreateDigestContext(SEC_OID_MD5);
|
| - ss->ssl3.hs.sha = sha = PK11_CreateDigestContext(SEC_OID_SHA1);
|
| - ss->ssl3.hs.tls12_handshake_hash = NULL;
|
| - if (md5 == NULL) {
|
| - ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
|
| - goto loser;
|
| - }
|
| - if (sha == NULL) {
|
| - ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
|
| - goto loser;
|
| - }
|
| - if (SECSuccess == ssl3_RestartHandshakeHashes(ss)) {
|
| - return SECSuccess;
|
| - }
|
| -
|
| -loser:
|
| - if (md5 != NULL) {
|
| - PK11_DestroyContext(md5, PR_TRUE);
|
| + if (ss->ssl3.hs.md5) {
|
| + PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE);
|
| ss->ssl3.hs.md5 = NULL;
|
| }
|
| - if (sha != NULL) {
|
| - PK11_DestroyContext(sha, PR_TRUE);
|
| + if (ss->ssl3.hs.sha) {
|
| + PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE);
|
| ss->ssl3.hs.sha = NULL;
|
| }
|
| - return SECFailure;
|
| -
|
| + return rv;
|
| }
|
|
|
| /*
|
| * Handshake messages
|
| */
|
| -/* Called from ssl3_AppendHandshake()
|
| +/* Called from ssl3_InitHandshakeHashes()
|
| +** ssl3_AppendHandshake()
|
| ** ssl3_StartHandshakeHash()
|
| ** ssl3_HandleV2ClientHello()
|
| ** ssl3_HandleHandshakeMessage()
|
| @@ -3772,31 +3760,27 @@
|
|
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
|
|
|
| - PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l));
|
| -
|
| - if ((ss->version == 0 || ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) &&
|
| - !ss->opt.bypassPKCS11 &&
|
| - ss->ssl3.hs.tls12_handshake_hash == NULL) {
|
| - /* For TLS 1.2 connections we need to buffer the handshake messages
|
| - * until we have established which PRF hash function to use. */
|
| - rv = sslBuffer_Append(&ss->ssl3.hs.messages, b, l);
|
| - if (rv != SECSuccess) {
|
| - return rv;
|
| - }
|
| + /* We need to buffer the handshake messages until we have established
|
| + * which handshake hash function to use. */
|
| + if (ss->ssl3.hs.hashType == handshake_hash_unknown) {
|
| + return sslBuffer_Append(&ss->ssl3.hs.messages, b, l);
|
| }
|
|
|
| + PRINT_BUF(90, (NULL, "handshake hash input:", b, l));
|
| +
|
| #ifndef NO_PKCS11_BYPASS
|
| if (ss->opt.bypassPKCS11) {
|
| - MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l);
|
| - SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l);
|
| -#if defined(NSS_SURVIVE_DOUBLE_BYPASS_FAILURE)
|
| - rv = sslBuffer_Append(&ss->ssl3.hs.messages, b, l);
|
| -#endif
|
| + if (ss->ssl3.hs.hashType == handshake_hash_single) {
|
| + ss->ssl3.hs.sha_obj->update(ss->ssl3.hs.sha_cx, b, l);
|
| + } else {
|
| + MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l);
|
| + SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l);
|
| + }
|
| return rv;
|
| }
|
| #endif
|
| - if (ss->ssl3.hs.tls12_handshake_hash) {
|
| - rv = PK11_DigestOp(ss->ssl3.hs.tls12_handshake_hash, b, l);
|
| + if (ss->ssl3.hs.hashType == handshake_hash_single) {
|
| + rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l);
|
| if (rv != SECSuccess) {
|
| ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
| return rv;
|
| @@ -3924,10 +3908,6 @@
|
|
|
| SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s",
|
| SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t)));
|
| - PRINT_BUF(60, (ss, "MD5 handshake hash:",
|
| - (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH));
|
| - PRINT_BUF(95, (ss, "SHA handshake hash:",
|
| - (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH));
|
|
|
| rv = ssl3_AppendHandshakeNumber(ss, t, 1);
|
| if (rv != SECSuccess) {
|
| @@ -4275,8 +4255,28 @@
|
| hashes->hashAlg = SEC_OID_UNKNOWN;
|
|
|
| #ifndef NO_PKCS11_BYPASS
|
| - if (ss->opt.bypassPKCS11) {
|
| + if (ss->opt.bypassPKCS11 &&
|
| + ss->ssl3.hs.hashType == handshake_hash_single) {
|
| /* compute them without PKCS11 */
|
| + PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
|
| +
|
| + if (!spec->msItem.data) {
|
| + PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
|
| + return SECFailure;
|
| + }
|
| +
|
| + ss->ssl3.hs.sha_clone(sha_cx, ss->ssl3.hs.sha_cx);
|
| + ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len,
|
| + sizeof(hashes->u.raw));
|
| +
|
| + PRINT_BUF(60, (NULL, "SHA-256: result", hashes->u.raw, hashes->len));
|
| +
|
| + /* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
| + * then this will need to be updated. */
|
| + hashes->hashAlg = SEC_OID_SHA256;
|
| + rv = SECSuccess;
|
| + } else if (ss->opt.bypassPKCS11) {
|
| + /* compute them without PKCS11 */
|
| PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS];
|
| PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
|
|
|
| @@ -4360,7 +4360,8 @@
|
| #undef shacx
|
| } else
|
| #endif
|
| - if (ss->ssl3.hs.tls12_handshake_hash) {
|
| + if (ss->ssl3.hs.hashType == handshake_hash_single) {
|
| + /* compute hashes with PKCS11 */
|
| PK11Context *h;
|
| unsigned int stateLen;
|
| unsigned char stackBuf[1024];
|
| @@ -4371,7 +4372,7 @@
|
| return SECFailure;
|
| }
|
|
|
| - h = ss->ssl3.hs.tls12_handshake_hash;
|
| + h = ss->ssl3.hs.sha;
|
| stateBuf = PK11_SaveContextAlloc(h, stackBuf,
|
| sizeof(stackBuf), &stateLen);
|
| if (stateBuf == NULL) {
|
| @@ -4392,8 +4393,7 @@
|
|
|
| tls12_loser:
|
| if (stateBuf) {
|
| - if (PK11_RestoreContext(ss->ssl3.hs.tls12_handshake_hash, stateBuf,
|
| - stateLen) != SECSuccess) {
|
| + if (PK11_RestoreContext(h, stateBuf, stateLen) != SECSuccess) {
|
| ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
| rv = SECFailure;
|
| }
|
| @@ -4402,7 +4402,7 @@
|
| }
|
| }
|
| } else {
|
| - /* compute hases with PKCS11 */
|
| + /* compute hashes with PKCS11 */
|
| PK11Context * md5;
|
| PK11Context * sha = NULL;
|
| unsigned char *md5StateBuf = NULL;
|
| @@ -4567,6 +4567,10 @@
|
| if (rv != SECSuccess) {
|
| goto done; /* ssl3_InitState has set the error code. */
|
| }
|
| + rv = ssl3_RestartHandshakeHashes(ss);
|
| + if (rv != SECSuccess) {
|
| + goto done;
|
| + }
|
|
|
| PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
|
| PORT_Memcpy(
|
| @@ -4626,8 +4630,6 @@
|
| */
|
| PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData));
|
|
|
| - SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes",
|
| - SSL_GETPID(), ss->fd ));
|
| rv = ssl3_RestartHandshakeHashes(ss);
|
| if (rv != SECSuccess) {
|
| return rv;
|
| @@ -5897,12 +5899,8 @@
|
| SSL_GETPID(), ss->fd));
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
|
| + PORT_Assert( ss->ssl3.initialized );
|
|
|
| - rv = ssl3_InitState(ss);
|
| - if (rv != SECSuccess) {
|
| - errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */
|
| - goto alert_loser;
|
| - }
|
| if (ss->ssl3.hs.ws != wait_server_hello) {
|
| errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO;
|
| desc = unexpected_message;
|
| @@ -5970,7 +5968,7 @@
|
| }
|
| isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
|
|
|
| - rv = ssl3_InitTLS12HandshakeHash(ss);
|
| + rv = ssl3_InitHandshakeHashes(ss);
|
| if (rv != SECSuccess) {
|
| desc = internal_error;
|
| errCode = PORT_GetError();
|
| @@ -7308,6 +7306,7 @@
|
|
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
| + PORT_Assert( ss->ssl3.initialized );
|
|
|
| /* Get peer name of client */
|
| rv = ssl_GetPeerInfo(ss);
|
| @@ -7335,11 +7334,6 @@
|
| PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData));
|
| ss->statelessResume = PR_FALSE;
|
|
|
| - rv = ssl3_InitState(ss);
|
| - if (rv != SECSuccess) {
|
| - return rv; /* ssl3_InitState has set the error code. */
|
| - }
|
| -
|
| if ((ss->ssl3.hs.ws != wait_client_hello) &&
|
| (ss->ssl3.hs.ws != idle_handshake)) {
|
| desc = unexpected_message;
|
| @@ -7378,7 +7372,7 @@
|
| goto alert_loser;
|
| }
|
|
|
| - rv = ssl3_InitTLS12HandshakeHash(ss);
|
| + rv = ssl3_InitHandshakeHashes(ss);
|
| if (rv != SECSuccess) {
|
| desc = internal_error;
|
| errCode = PORT_GetError();
|
| @@ -8106,6 +8100,11 @@
|
| ssl_ReleaseSSL3HandshakeLock(ss);
|
| return rv; /* ssl3_InitState has set the error code. */
|
| }
|
| + rv = ssl3_RestartHandshakeHashes(ss);
|
| + if (rv != SECSuccess) {
|
| + ssl_ReleaseSSL3HandshakeLock(ss);
|
| + return rv;
|
| + }
|
|
|
| if (ss->ssl3.hs.ws != wait_client_hello) {
|
| desc = unexpected_message;
|
| @@ -8127,7 +8126,7 @@
|
| goto alert_loser;
|
| }
|
|
|
| - rv = ssl3_InitTLS12HandshakeHash(ss);
|
| + rv = ssl3_InitHandshakeHashes(ss);
|
| if (rv != SECSuccess) {
|
| desc = internal_error;
|
| errCode = PORT_GetError();
|
| @@ -8858,6 +8857,7 @@
|
|
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
|
| + PORT_Assert( ss->ssl3.prSpec == ss->ssl3.pwSpec );
|
|
|
| enc_pms.data = b;
|
| enc_pms.len = length;
|
| @@ -9886,7 +9886,12 @@
|
| inData.len = valLen;
|
| outData.data = out;
|
| outData.len = outLen;
|
| - rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
|
| + if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
| + rv = TLS_P_hash(HASH_AlgSHA256, &spec->msItem, label, &inData,
|
| + &outData, isFIPS);
|
| + } else {
|
| + rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
|
| + }
|
| PORT_Assert(rv != SECSuccess || outData.len == outLen);
|
| #endif
|
| }
|
| @@ -10560,10 +10565,6 @@
|
| }
|
| SSL_TRC(30,("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(),
|
| ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type)));
|
| - PRINT_BUF(60, (ss, "MD5 handshake hash:",
|
| - (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH));
|
| - PRINT_BUF(95, (ss, "SHA handshake hash:",
|
| - (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH));
|
|
|
| hdr[0] = (PRUint8)ss->ssl3.hs.msg_type;
|
| hdr[1] = (PRUint8)(length >> 16);
|
| @@ -10572,8 +10573,6 @@
|
|
|
| /* Start new handshake hashes when we start a new handshake */
|
| if (ss->ssl3.hs.msg_type == client_hello) {
|
| - SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes",
|
| - SSL_GETPID(), ss->fd ));
|
| rv = ssl3_RestartHandshakeHashes(ss);
|
| if (rv != SECSuccess) {
|
| return rv;
|
| @@ -11526,8 +11525,6 @@
|
| /* Called from: ssl3_SendRecord
|
| ** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake()
|
| ** ssl3_SendClientHello()
|
| -** ssl3_HandleServerHello()
|
| -** ssl3_HandleClientHello()
|
| ** ssl3_HandleV2ClientHello()
|
| ** ssl3_HandleRecord()
|
| **
|
| @@ -11538,7 +11535,6 @@
|
| static SECStatus
|
| ssl3_InitState(sslSocket *ss)
|
| {
|
| - SECStatus rv;
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
|
|
| if (ss->ssl3.initialized)
|
| @@ -11571,12 +11567,12 @@
|
| dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */
|
| }
|
|
|
| - rv = ssl3_NewHandshakeHashes(ss);
|
| - if (rv == SECSuccess) {
|
| - ss->ssl3.initialized = PR_TRUE;
|
| - }
|
| + PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space);
|
| + ss->ssl3.hs.messages.buf = NULL;
|
| + ss->ssl3.hs.messages.space = 0;
|
|
|
| - return rv;
|
| + ss->ssl3.initialized = PR_TRUE;
|
| + return SECSuccess;
|
| }
|
|
|
| /* Returns a reference counted object that contains a key pair.
|
| @@ -11942,8 +11938,12 @@
|
| /* clean up handshake */
|
| #ifndef NO_PKCS11_BYPASS
|
| if (ss->opt.bypassPKCS11) {
|
| - SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE);
|
| - MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE);
|
| + if (ss->ssl3.hs.hashType == handshake_hash_combo) {
|
| + SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE);
|
| + MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE);
|
| + } else if (ss->ssl3.hs.hashType == handshake_hash_single) {
|
| + ss->ssl3.hs.sha_obj->destroy(ss->ssl3.hs.sha_cx, PR_FALSE);
|
| + }
|
| }
|
| #endif
|
| if (ss->ssl3.hs.md5) {
|
| @@ -11952,9 +11952,6 @@
|
| if (ss->ssl3.hs.sha) {
|
| PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE);
|
| }
|
| - if (ss->ssl3.hs.tls12_handshake_hash) {
|
| - PK11_DestroyContext(ss->ssl3.hs.tls12_handshake_hash,PR_TRUE);
|
| - }
|
| if (ss->ssl3.hs.clientSigAndHash) {
|
| PORT_Free(ss->ssl3.hs.clientSigAndHash);
|
| }
|
|
|
Chromium Code Reviews
Issue 17109007:
Miscellaneous cleanup of TLS 1.2 code. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/