Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
223 /* compressionEnabled returns true iff the compression algorithm is enabled | 223 /* compressionEnabled returns true iff the compression algorithm is enabled |
224 * for the given SSL socket. */ | 224 * for the given SSL socket. */ |
225 static PRBool | 225 static PRBool |
226 compressionEnabled(sslSocket *ss, SSLCompressionMethod compression) | 226 compressionEnabled(sslSocket *ss, SSLCompressionMethod compression) |
227 { | 227 { |
228 switch (compression) { | 228 switch (compression) { |
229 case ssl_compression_null: | 229 case ssl_compression_null: |
230 return PR_TRUE; /* Always enabled */ | 230 return PR_TRUE; /* Always enabled */ |
231 #ifdef NSS_SSL_ENABLE_ZLIB | 231 #ifdef NSS_SSL_ENABLE_ZLIB |
232 case ssl_compression_deflate: | 232 case ssl_compression_deflate: |
233 if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { | 233 if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 && !IS_DTLS(ss)) { |
234 return ss->opt.enableDeflate; | 234 return ss->opt.enableDeflate; |
235 } | 235 } |
236 return PR_FALSE; | 236 return PR_FALSE; |
237 #endif | 237 #endif |
238 default: | 238 default: |
239 return PR_FALSE; | 239 return PR_FALSE; |
240 } | 240 } |
241 } | 241 } |
242 | 242 |
243 static const /*SSL3ClientCertificateType */ PRUint8 certificate_types[] = { | 243 static const /*SSL3ClientCertificateType */ PRUint8 certificate_types[] = { |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
287 static const ssl3KEADef kea_defs[] = | 287 static const ssl3KEADef kea_defs[] = |
288 { /* indexed by SSL3KeyExchangeAlgorithm */ | 288 { /* indexed by SSL3KeyExchangeAlgorithm */ |
289 /* kea exchKeyType signKeyType tls_keygen ephemeral oid */ | 289 /* kea exchKeyType signKeyType tls_keygen ephemeral oid */ |
290 {kea_null, kt_null, ssl_sign_null, PR_FALSE, PR_FALSE, 0}, | 290 {kea_null, kt_null, ssl_sign_null, PR_FALSE, PR_FALSE, 0}, |
291 {kea_rsa, kt_rsa, ssl_sign_rsa, PR_FALSE, PR_FALSE, SEC_OID_TL S_RSA}, | 291 {kea_rsa, kt_rsa, ssl_sign_rsa, PR_FALSE, PR_FALSE, SEC_OID_TL S_RSA}, |
292 {kea_dh_dss, kt_dh, ssl_sign_dsa, PR_FALSE, PR_FALSE, SEC_OID_TL S_DH_DSS}, | 292 {kea_dh_dss, kt_dh, ssl_sign_dsa, PR_FALSE, PR_FALSE, SEC_OID_TL S_DH_DSS}, |
293 {kea_dh_rsa, kt_dh, ssl_sign_rsa, PR_FALSE, PR_FALSE, SEC_OID_TL S_DH_RSA}, | 293 {kea_dh_rsa, kt_dh, ssl_sign_rsa, PR_FALSE, PR_FALSE, SEC_OID_TL S_DH_RSA}, |
294 {kea_dhe_dss, kt_dh, ssl_sign_dsa, PR_FALSE, PR_TRUE, SEC_OID_TL S_DHE_DSS}, | 294 {kea_dhe_dss, kt_dh, ssl_sign_dsa, PR_FALSE, PR_TRUE, SEC_OID_TL S_DHE_DSS}, |
295 {kea_dhe_rsa, kt_dh, ssl_sign_rsa, PR_FALSE, PR_TRUE, SEC_OID_TL S_DHE_RSA}, | 295 {kea_dhe_rsa, kt_dh, ssl_sign_rsa, PR_FALSE, PR_TRUE, SEC_OID_TL S_DHE_RSA}, |
296 {kea_dh_anon, kt_dh, ssl_sign_null, PR_FALSE, PR_TRUE, SEC_OID_TL S_DH_ANON}, | 296 {kea_dh_anon, kt_dh, ssl_sign_null, PR_FALSE, PR_TRUE, SEC_OID_TL S_DH_ANON}, |
297 {kea_rsa_fips, kt_rsa, ssl_sign_rsa, PR_TRUE, PR_FALSE, SEC_OID_TL S_RSA}, | 297 {kea_rsa_fips, kt_rsa, ssl_sign_rsa, PR_TRUE, PR_FALSE, SEC_OID_TL S_RSA}, |
mt
2016/03/02 19:37:31
This one is next in the firing line.
| |
298 #ifndef NSS_DISABLE_ECC | 298 #ifndef NSS_DISABLE_ECC |
299 {kea_ecdh_ecdsa, kt_ecdh, ssl_sign_ecdsa, PR_FALSE, PR_FALSE, SEC_OID_TL S_ECDH_ECDSA}, | 299 {kea_ecdh_ecdsa, kt_ecdh, ssl_sign_ecdsa, PR_FALSE, PR_FALSE, SEC_OID_TL S_ECDH_ECDSA}, |
300 {kea_ecdhe_ecdsa, kt_ecdh, ssl_sign_ecdsa, PR_FALSE, PR_TRUE, SEC_OID_TL S_ECDHE_ECDSA}, | 300 {kea_ecdhe_ecdsa, kt_ecdh, ssl_sign_ecdsa, PR_FALSE, PR_TRUE, SEC_OID_TL S_ECDHE_ECDSA}, |
301 {kea_ecdh_rsa, kt_ecdh, ssl_sign_rsa, PR_FALSE, PR_FALSE, SEC_OID_TL S_ECDH_RSA}, | 301 {kea_ecdh_rsa, kt_ecdh, ssl_sign_rsa, PR_FALSE, PR_FALSE, SEC_OID_TL S_ECDH_RSA}, |
302 {kea_ecdhe_rsa, kt_ecdh, ssl_sign_rsa, PR_FALSE, PR_TRUE, SEC_OID_TL S_ECDHE_RSA}, | 302 {kea_ecdhe_rsa, kt_ecdh, ssl_sign_rsa, PR_FALSE, PR_TRUE, SEC_OID_TL S_ECDHE_RSA}, |
303 {kea_ecdh_anon, kt_ecdh, ssl_sign_null, PR_FALSE, PR_TRUE, SEC_OID_TL S_ECDH_ANON}, | 303 {kea_ecdh_anon, kt_ecdh, ssl_sign_null, PR_FALSE, PR_TRUE, SEC_OID_TL S_ECDH_ANON}, |
304 #endif /* NSS_DISABLE_ECC */ | 304 #endif /* NSS_DISABLE_ECC */ |
305 }; | 305 }; |
306 | 306 |
307 /* must use ssl_LookupCipherSuiteDef to access */ | 307 /* must use ssl_LookupCipherSuiteDef to access */ |
(...skipping 2497 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2805 * ClientHello.client_version and use the record layer version number | 2805 * ClientHello.client_version and use the record layer version number |
2806 * (TLSPlaintext.version) instead when negotiating protocol versions. In | 2806 * (TLSPlaintext.version) instead when negotiating protocol versions. In |
2807 * addition, if the record layer version number of ClientHello is { 3, 2 } | 2807 * addition, if the record layer version number of ClientHello is { 3, 2 } |
2808 * (TLS 1.1) or higher, these servers reset the TCP connections. Lastly, | 2808 * (TLS 1.1) or higher, these servers reset the TCP connections. Lastly, |
2809 * some F5 BIG-IP servers hang if a record containing a ClientHello has a | 2809 * some F5 BIG-IP servers hang if a record containing a ClientHello has a |
2810 * version greater than { 3, 1 } and a length greater than 255. Set this | 2810 * version greater than { 3, 1 } and a length greater than 255. Set this |
2811 * flag to work around such servers. | 2811 * flag to work around such servers. |
2812 */ | 2812 */ |
2813 PRInt32 | 2813 PRInt32 |
2814 ssl3_SendRecord(sslSocket *ss, | 2814 ssl3_SendRecord(sslSocket *ss, |
2815 DTLSEpoch epoch, /* DTLS only */ | 2815 ssl3CipherSpec *cwSpec, /* non-NULL for DTLS retransmits */ |
2816 SSL3ContentType type, | 2816 SSL3ContentType type, |
2817 const SSL3Opaque *pIn, /* input buffer */ | 2817 const SSL3Opaque *pIn, /* input buffer */ |
2818 PRInt32 nIn, /* bytes of input */ | 2818 PRInt32 nIn, /* bytes of input */ |
2819 PRInt32 flags) | 2819 PRInt32 flags) |
2820 { | 2820 { |
2821 sslBuffer *wrBuf = &ss->sec.writeBuf; | 2821 sslBuffer *wrBuf = &ss->sec.writeBuf; |
2822 SECStatus rv; | 2822 SECStatus rv; |
2823 PRInt32 totalSent = 0; | 2823 PRInt32 totalSent = 0; |
2824 PRBool capRecordVersion; | 2824 PRBool capRecordVersion; |
2825 | 2825 |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2920 pIn + 1, | 2920 pIn + 1, |
2921 contentLen - 1, | 2921 contentLen - 1, |
2922 &secondRecord); | 2922 &secondRecord); |
2923 if (rv == SECSuccess) { | 2923 if (rv == SECSuccess) { |
2924 PRINT_BUF(50, (ss, "send (encrypted) record data [2/2]:", | 2924 PRINT_BUF(50, (ss, "send (encrypted) record data [2/2]:", |
2925 secondRecord.buf, secondRecord.len)); | 2925 secondRecord.buf, secondRecord.len)); |
2926 wrBuf->len += secondRecord.len; | 2926 wrBuf->len += secondRecord.len; |
2927 } | 2927 } |
2928 } else { | 2928 } else { |
2929 if (!IS_DTLS(ss)) { | 2929 if (!IS_DTLS(ss)) { |
2930 /* cwSpec can only be set for retransmissions of DTLS handshake | |
2931 * messages. */ | |
2932 PORT_Assert(!cwSpec); | |
2930 if (ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_3) { | 2933 if (ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_3) { |
2931 rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, | 2934 rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, |
2932 ss->sec.isServer, | 2935 ss->sec.isServer, |
2933 PR_FALSE, | 2936 PR_FALSE, |
2934 capRecordVersion, | 2937 capRecordVersion, |
2935 type, pIn, | 2938 type, pIn, |
2936 contentLen, wrBuf); | 2939 contentLen, wrBuf); |
2937 } else { | 2940 } else { |
2938 rv = tls13_ProtectRecord(ss, type, pIn, | 2941 rv = tls13_ProtectRecord(ss, ss->ssl3.cwSpec, type, pIn, |
2939 contentLen, wrBuf); | 2942 contentLen, wrBuf); |
2940 } | 2943 } |
2941 } else { | 2944 } else { |
2942 /* TLS <= 1.2 and TLS 1.3 cases are both handled in | 2945 /* TLS <= 1.2 and TLS 1.3 cases are both handled in |
2943 * dtls_CompressMACEncryptRecord. */ | 2946 * dtls_CompressMACEncryptRecord. */ |
2944 rv = dtls_CompressMACEncryptRecord(ss, epoch, | 2947 rv = dtls_CompressMACEncryptRecord(ss, cwSpec, |
2945 !!(flags & ssl_SEND_FLAG_USE_ EPOCH), | |
2946 type, pIn, | 2948 type, pIn, |
2947 contentLen, wrBuf); | 2949 contentLen, wrBuf); |
2948 } | 2950 } |
2949 | 2951 |
2950 if (rv == SECSuccess) { | 2952 if (rv == SECSuccess) { |
2951 PRINT_BUF(50, (ss, "send (encrypted) record data:", | 2953 PRINT_BUF(50, (ss, "send (encrypted) record data:", |
2952 wrBuf->buf, wrBuf->len)); | 2954 wrBuf->buf, wrBuf->len)); |
2953 } | 2955 } |
2954 } | 2956 } |
2955 | 2957 |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3031 */ | 3033 */ |
3032 int | 3034 int |
3033 ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in, | 3035 ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in, |
3034 PRInt32 len, PRInt32 flags) | 3036 PRInt32 len, PRInt32 flags) |
3035 { | 3037 { |
3036 PRInt32 totalSent = 0; | 3038 PRInt32 totalSent = 0; |
3037 PRInt32 discarded = 0; | 3039 PRInt32 discarded = 0; |
3038 | 3040 |
3039 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | 3041 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
3040 /* These flags for internal use only */ | 3042 /* These flags for internal use only */ |
3041 PORT_Assert(!(flags & (ssl_SEND_FLAG_USE_EPOCH | | 3043 PORT_Assert(!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)); |
3042 ssl_SEND_FLAG_NO_RETRANSMIT))); | |
3043 if (len < 0 || !in) { | 3044 if (len < 0 || !in) { |
3044 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); | 3045 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); |
3045 return SECFailure; | 3046 return SECFailure; |
3046 } | 3047 } |
3047 | 3048 |
3048 if (ss->pendingBuf.len > SSL3_PENDING_HIGH_WATER && | 3049 if (ss->pendingBuf.len > SSL3_PENDING_HIGH_WATER && |
3049 !ssl_SocketIsBlocking(ss)) { | 3050 !ssl_SocketIsBlocking(ss)) { |
3050 PORT_Assert(!ssl_SocketIsBlocking(ss)); | 3051 PORT_Assert(!ssl_SocketIsBlocking(ss)); |
3051 PORT_SetError(PR_WOULD_BLOCK_ERROR); | 3052 PORT_SetError(PR_WOULD_BLOCK_ERROR); |
3052 return SECFailure; | 3053 return SECFailure; |
(...skipping 21 matching lines...) Expand all Loading... | |
3074 */ | 3075 */ |
3075 ssl_ReleaseXmitBufLock(ss); | 3076 ssl_ReleaseXmitBufLock(ss); |
3076 PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield(); */ | 3077 PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield(); */ |
3077 ssl_GetXmitBufLock(ss); | 3078 ssl_GetXmitBufLock(ss); |
3078 } | 3079 } |
3079 toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH); | 3080 toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH); |
3080 /* | 3081 /* |
3081 * Note that the 0 epoch is OK because flags will never require | 3082 * Note that the 0 epoch is OK because flags will never require |
3082 * its use, as guaranteed by the PORT_Assert above. | 3083 * its use, as guaranteed by the PORT_Assert above. |
3083 */ | 3084 */ |
3084 sent = ssl3_SendRecord(ss, 0, content_application_data, | 3085 sent = ssl3_SendRecord(ss, NULL, content_application_data, |
3085 in + totalSent, toSend, flags); | 3086 in + totalSent, toSend, flags); |
3086 if (sent < 0) { | 3087 if (sent < 0) { |
3087 if (totalSent > 0 && PR_GetError() == PR_WOULD_BLOCK_ERROR) { | 3088 if (totalSent > 0 && PR_GetError() == PR_WOULD_BLOCK_ERROR) { |
3088 PORT_Assert(ss->lastWriteBlocked); | 3089 PORT_Assert(ss->lastWriteBlocked); |
3089 break; | 3090 break; |
3090 } | 3091 } |
3091 return SECFailure; /* error code set by ssl3_SendRecord */ | 3092 return SECFailure; /* error code set by ssl3_SendRecord */ |
3092 } | 3093 } |
3093 totalSent += sent; | 3094 totalSent += sent; |
3094 if (ss->pendingBuf.len) { | 3095 if (ss->pendingBuf.len) { |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3159 | 3160 |
3160 if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len) | 3161 if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len) |
3161 return rv; | 3162 return rv; |
3162 | 3163 |
3163 /* only these flags are allowed */ | 3164 /* only these flags are allowed */ |
3164 PORT_Assert(!(flags & ~allowedFlags)); | 3165 PORT_Assert(!(flags & ~allowedFlags)); |
3165 if ((flags & ~allowedFlags) != 0) { | 3166 if ((flags & ~allowedFlags) != 0) { |
3166 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 3167 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
3167 rv = SECFailure; | 3168 rv = SECFailure; |
3168 } else { | 3169 } else { |
3169 count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf , | 3170 count = ssl3_SendRecord(ss, NULL, content_handshake, |
3171 ss->sec.ci.sendBuf.buf, | |
3170 ss->sec.ci.sendBuf.len, flags); | 3172 ss->sec.ci.sendBuf.len, flags); |
3171 } | 3173 } |
3172 if (count < 0) { | 3174 if (count < 0) { |
3173 int err = PORT_GetError(); | 3175 int err = PORT_GetError(); |
3174 PORT_Assert(err != PR_WOULD_BLOCK_ERROR); | 3176 PORT_Assert(err != PR_WOULD_BLOCK_ERROR); |
3175 if (err == PR_WOULD_BLOCK_ERROR) { | 3177 if (err == PR_WOULD_BLOCK_ERROR) { |
3176 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 3178 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
3177 } | 3179 } |
3178 rv = SECFailure; | 3180 rv = SECFailure; |
3179 } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) { | 3181 } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) { |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3279 ssl_GetSSL3HandshakeLock(ss); | 3281 ssl_GetSSL3HandshakeLock(ss); |
3280 if (level == alert_fatal) { | 3282 if (level == alert_fatal) { |
3281 if (!ss->opt.noCache && ss->sec.ci.sid && ss->sec.uncache) { | 3283 if (!ss->opt.noCache && ss->sec.ci.sid && ss->sec.uncache) { |
3282 ss->sec.uncache(ss->sec.ci.sid); | 3284 ss->sec.uncache(ss->sec.ci.sid); |
3283 } | 3285 } |
3284 } | 3286 } |
3285 ssl_GetXmitBufLock(ss); | 3287 ssl_GetXmitBufLock(ss); |
3286 rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER); | 3288 rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER); |
3287 if (rv == SECSuccess) { | 3289 if (rv == SECSuccess) { |
3288 PRInt32 sent; | 3290 PRInt32 sent; |
3289 sent = ssl3_SendRecord(ss, 0, content_alert, bytes, 2, | 3291 sent = ssl3_SendRecord(ss, NULL, content_alert, bytes, 2, |
3290 desc == no_certificate ? ssl_SEND_FLAG_FORCE_INTO _BUFFER : 0); | 3292 (desc == no_certificate) ? |
3293 ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0); | |
3291 rv = (sent >= 0) ? SECSuccess : (SECStatus)sent; | 3294 rv = (sent >= 0) ? SECSuccess : (SECStatus)sent; |
3292 } | 3295 } |
3293 if (level == alert_fatal) { | 3296 if (level == alert_fatal) { |
3294 ss->ssl3.fatalAlertSent = PR_TRUE; | 3297 ss->ssl3.fatalAlertSent = PR_TRUE; |
3295 } | 3298 } |
3296 ssl_ReleaseXmitBufLock(ss); | 3299 ssl_ReleaseXmitBufLock(ss); |
3297 ssl_ReleaseSSL3HandshakeLock(ss); | 3300 ssl_ReleaseSSL3HandshakeLock(ss); |
3298 return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */ | 3301 return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */ |
3299 } | 3302 } |
3300 | 3303 |
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3559 SSL_GETPID(), ss->fd)); | 3562 SSL_GETPID(), ss->fd)); |
3560 | 3563 |
3561 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); | 3564 PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
3562 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 3565 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
3563 | 3566 |
3564 rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER); | 3567 rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER); |
3565 if (rv != SECSuccess) { | 3568 if (rv != SECSuccess) { |
3566 return rv; /* error code set by ssl3_FlushHandshake */ | 3569 return rv; /* error code set by ssl3_FlushHandshake */ |
3567 } | 3570 } |
3568 if (!IS_DTLS(ss)) { | 3571 if (!IS_DTLS(ss)) { |
3569 sent = ssl3_SendRecord(ss, 0, content_change_cipher_spec, &change, 1, | 3572 sent = ssl3_SendRecord(ss, NULL, content_change_cipher_spec, &change, 1, |
3570 ssl_SEND_FLAG_FORCE_INTO_BUFFER); | 3573 ssl_SEND_FLAG_FORCE_INTO_BUFFER); |
3571 if (sent < 0) { | 3574 if (sent < 0) { |
3572 return (SECStatus)sent; /* error code set by ssl3_SendRecord */ | 3575 return (SECStatus)sent; /* error code set by ssl3_SendRecord */ |
3573 } | 3576 } |
3574 } else { | 3577 } else { |
3575 rv = dtls_QueueMessage(ss, content_change_cipher_spec, &change, 1); | 3578 rv = dtls_QueueMessage(ss, content_change_cipher_spec, &change, 1); |
3576 if (rv != SECSuccess) { | 3579 if (rv != SECSuccess) { |
3577 return rv; | 3580 return rv; |
3578 } | 3581 } |
3579 } | 3582 } |
(...skipping 11 matching lines...) Expand all Loading... | |
3591 /* We need to free up the contexts, keys and certs ! */ | 3594 /* We need to free up the contexts, keys and certs ! */ |
3592 /* If we are really through with the old cipher spec | 3595 /* If we are really through with the old cipher spec |
3593 * (Both the read and write sides have changed) destroy it. | 3596 * (Both the read and write sides have changed) destroy it. |
3594 */ | 3597 */ |
3595 if (ss->ssl3.prSpec == ss->ssl3.pwSpec) { | 3598 if (ss->ssl3.prSpec == ss->ssl3.pwSpec) { |
3596 if (!IS_DTLS(ss)) { | 3599 if (!IS_DTLS(ss)) { |
3597 ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE /*freeSrvName*/); | 3600 ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE /*freeSrvName*/); |
3598 } else { | 3601 } else { |
3599 /* With DTLS, we need to set a holddown timer in case the final | 3602 /* With DTLS, we need to set a holddown timer in case the final |
3600 * message got lost */ | 3603 * message got lost */ |
3601 ss->ssl3.hs.rtTimeoutMs = DTLS_FINISHED_TIMER_MS; | 3604 rv = dtls_StartHolddownTimer(ss); |
3602 dtls_StartTimer(ss, dtls_FinishedTimerCb); | |
3603 } | 3605 } |
3604 } | 3606 } |
3605 ssl_ReleaseSpecWriteLock(ss); /**************************************/ | 3607 ssl_ReleaseSpecWriteLock(ss); /**************************************/ |
3606 | 3608 |
3607 return SECSuccess; | 3609 return rv; |
3608 } | 3610 } |
3609 | 3611 |
3610 /* Called from ssl3_HandleRecord. | 3612 /* Called from ssl3_HandleRecord. |
3611 ** Caller must hold both RecvBuf and Handshake locks. | 3613 ** Caller must hold both RecvBuf and Handshake locks. |
3612 * | 3614 * |
3613 * Acquires and releases spec write lock, to protect switching the current | 3615 * Acquires and releases spec write lock, to protect switching the current |
3614 * and pending write spec pointers. | 3616 * and pending write spec pointers. |
3615 */ | 3617 */ |
3616 static SECStatus | 3618 static SECStatus |
3617 ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) | 3619 ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) |
(...skipping 391 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4009 key_material_params.ulKeySizeInBits = cipher_def->secret_key_size * BPB; | 4011 key_material_params.ulKeySizeInBits = cipher_def->secret_key_size * BPB; |
4010 key_material_params.ulIVSizeInBits = cipher_def->iv_size * BPB; | 4012 key_material_params.ulIVSizeInBits = cipher_def->iv_size * BPB; |
4011 if (cipher_def->type == type_block && | 4013 if (cipher_def->type == type_block && |
4012 pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) { | 4014 pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) { |
4013 /* Block ciphers in >= TLS 1.1 use a per-record, explicit IV. */ | 4015 /* Block ciphers in >= TLS 1.1 use a per-record, explicit IV. */ |
4014 key_material_params.ulIVSizeInBits = 0; | 4016 key_material_params.ulIVSizeInBits = 0; |
4015 memset(pwSpec->client.write_iv, 0, cipher_def->iv_size); | 4017 memset(pwSpec->client.write_iv, 0, cipher_def->iv_size); |
4016 memset(pwSpec->server.write_iv, 0, cipher_def->iv_size); | 4018 memset(pwSpec->server.write_iv, 0, cipher_def->iv_size); |
4017 } | 4019 } |
4018 | 4020 |
4021 key_material_params.bIsExport = PR_FALSE; | |
4019 key_material_params.RandomInfo.pClientRandom = cr; | 4022 key_material_params.RandomInfo.pClientRandom = cr; |
4020 key_material_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; | 4023 key_material_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; |
4021 key_material_params.RandomInfo.pServerRandom = sr; | 4024 key_material_params.RandomInfo.pServerRandom = sr; |
4022 key_material_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; | 4025 key_material_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; |
4023 key_material_params.pReturnedKeyMaterial = &returnedKeys; | 4026 key_material_params.pReturnedKeyMaterial = &returnedKeys; |
4024 | 4027 |
4025 returnedKeys.pIVClient = pwSpec->client.write_iv; | 4028 returnedKeys.pIVClient = pwSpec->client.write_iv; |
4026 returnedKeys.pIVServer = pwSpec->server.write_iv; | 4029 returnedKeys.pIVServer = pwSpec->server.write_iv; |
4027 keySize = cipher_def->key_size; | 4030 keySize = cipher_def->key_size; |
4028 | 4031 |
(...skipping 5429 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9458 #ifndef NSS_DISABLE_ECC | 9461 #ifndef NSS_DISABLE_ECC |
9459 case kt_ecdh: { | 9462 case kt_ecdh: { |
9460 rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash); | 9463 rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash); |
9461 break; | 9464 break; |
9462 } | 9465 } |
9463 #endif /* NSS_DISABLE_ECC */ | 9466 #endif /* NSS_DISABLE_ECC */ |
9464 | 9467 |
9465 case kt_rsa: | 9468 case kt_rsa: |
9466 case kt_null: | 9469 case kt_null: |
9467 default: | 9470 default: |
9468 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); | 9471 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
mt
2016/03/02 19:37:31
Isn't this LIBRARY_FAILURE?
ttaubert
2016/03/03 10:56:48
Yeah, you're right.
| |
9469 break; | 9472 break; |
9470 } | 9473 } |
9471 | 9474 |
9472 return rv; | 9475 return rv; |
9473 } | 9476 } |
9474 | 9477 |
9475 SECStatus | 9478 SECStatus |
9476 ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, | 9479 ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, |
9477 unsigned maxLen, PRUint32 *len) | 9480 unsigned maxLen, PRUint32 *len) |
9478 { | 9481 { |
(...skipping 2975 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12454 rType = content_handshake; | 12457 rType = content_handshake; |
12455 goto process_it; | 12458 goto process_it; |
12456 } | 12459 } |
12457 | 12460 |
12458 ssl_GetSpecReadLock(ss); /******************************************/ | 12461 ssl_GetSpecReadLock(ss); /******************************************/ |
12459 crSpec = ss->ssl3.crSpec; | 12462 crSpec = ss->ssl3.crSpec; |
12460 isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0); | 12463 isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0); |
12461 | 12464 |
12462 if (IS_DTLS(ss)) { | 12465 if (IS_DTLS(ss)) { |
12463 if (!dtls_IsRelevant(ss, crSpec, cText, &dtls_seq_num)) { | 12466 if (!dtls_IsRelevant(ss, crSpec, cText, &dtls_seq_num)) { |
12464 ssl_ReleaseSpecReadLock(ss); | 12467 ssl_ReleaseSpecReadLock(ss); /*****************************/ |
12465 /* Silently drop the packet */ | |
12466 databuf->len = 0; /* Needed to ensure data not left around */ | 12468 databuf->len = 0; /* Needed to ensure data not left around */ |
12467 return SECSuccess; | 12469 /* Drop the packet, but first see if retransmission is needed. */ |
12470 return dtls_MaybeRetransmitHandshake(ss, cText); | |
12468 } | 12471 } |
12469 } | 12472 } |
12470 | 12473 |
12471 /* If we will be decompressing the buffer we need to decrypt somewhere | 12474 /* If we will be decompressing the buffer we need to decrypt somewhere |
12472 * other than into databuf */ | 12475 * other than into databuf */ |
12473 if (crSpec->decompressor) { | 12476 if (crSpec->decompressor) { |
12474 temp_buf.buf = NULL; | 12477 temp_buf.buf = NULL; |
12475 temp_buf.space = 0; | 12478 temp_buf.space = 0; |
12476 plaintext = &temp_buf; | 12479 plaintext = &temp_buf; |
12477 } else { | 12480 } else { |
12478 plaintext = databuf; | 12481 plaintext = databuf; |
12479 } | 12482 } |
12480 | 12483 |
12481 plaintext->len = 0; /* filled in by Unprotect call below. */ | 12484 plaintext->len = 0; /* filled in by Unprotect call below. */ |
12482 if (plaintext->space < MAX_FRAGMENT_LENGTH) { | 12485 if (plaintext->space < MAX_FRAGMENT_LENGTH) { |
12483 rv = sslBuffer_Grow(plaintext, MAX_FRAGMENT_LENGTH + 2048); | 12486 rv = sslBuffer_Grow(plaintext, MAX_FRAGMENT_LENGTH + 2048); |
12484 if (rv != SECSuccess) { | 12487 if (rv != SECSuccess) { |
12485 ssl_ReleaseSpecReadLock(ss); | 12488 ssl_ReleaseSpecReadLock(ss); /*************************/ |
12486 SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes", | 12489 SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes", |
12487 SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048)); | 12490 SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048)); |
12488 /* sslBuffer_Grow has set a memory error code. */ | 12491 /* sslBuffer_Grow has set a memory error code. */ |
12489 /* Perhaps we should send an alert. (but we have no memory!) */ | 12492 /* Perhaps we should send an alert. (but we have no memory!) */ |
12490 return SECFailure; | 12493 return SECFailure; |
12491 } | 12494 } |
12492 } | 12495 } |
12493 | 12496 |
12494 /* IMPORTANT: Unprotect functions MUST NOT send alerts | 12497 /* IMPORTANT: Unprotect functions MUST NOT send alerts |
12495 * because we still hold the spec read lock. Instead, if they | 12498 * because we still hold the spec read lock. Instead, if they |
12496 * return SECFailure, they set *alert to the alert to be sent. */ | 12499 * return SECFailure, they set *alert to the alert to be sent. */ |
12497 if (crSpec->version < SSL_LIBRARY_VERSION_TLS_1_3 || | 12500 if (crSpec->version < SSL_LIBRARY_VERSION_TLS_1_3 || |
12498 crSpec->cipher_def->calg == ssl_calg_null) { | 12501 crSpec->cipher_def->calg == ssl_calg_null) { |
12499 /* Unencrypted TLS 1.3 records use the pre-TLS 1.3 format. */ | 12502 /* Unencrypted TLS 1.3 records use the pre-TLS 1.3 format. */ |
12500 rv = ssl3_UnprotectRecord(ss, cText, plaintext, &alert); | 12503 rv = ssl3_UnprotectRecord(ss, cText, plaintext, &alert); |
12501 } else { | 12504 } else { |
12502 rv = tls13_UnprotectRecord(ss, cText, plaintext, &alert); | 12505 rv = tls13_UnprotectRecord(ss, cText, plaintext, &alert); |
12503 } | 12506 } |
12504 | 12507 |
12505 if (rv != SECSuccess) { | 12508 if (rv != SECSuccess) { |
12506 ssl_ReleaseSpecReadLock(ss); | 12509 ssl_ReleaseSpecReadLock(ss); /***************************/ |
12507 | 12510 |
12508 SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd)); | 12511 SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd)); |
12509 | 12512 |
12510 if (!IS_DTLS(ss)) { | 12513 if (!IS_DTLS(ss)) { |
12511 int errCode = PORT_GetError(); | 12514 int errCode = PORT_GetError(); |
12512 SSL3_SendAlert(ss, alert_fatal, alert); | 12515 SSL3_SendAlert(ss, alert_fatal, alert); |
12513 /* Reset the error code in case SSL3_SendAlert called | 12516 /* Reset the error code in case SSL3_SendAlert called |
12514 * PORT_SetError(). */ | 12517 * PORT_SetError(). */ |
12515 PORT_SetError(errCode); | 12518 PORT_SetError(errCode); |
12516 return SECFailure; | 12519 return SECFailure; |
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12656 ssl_ReleaseSSL3HandshakeLock(ss); | 12659 ssl_ReleaseSSL3HandshakeLock(ss); |
12657 return rv; | 12660 return rv; |
12658 } | 12661 } |
12659 | 12662 |
12660 /* | 12663 /* |
12661 * Initialization functions | 12664 * Initialization functions |
12662 */ | 12665 */ |
12663 | 12666 |
12664 /* Called from ssl3_InitState, immediately below. */ | 12667 /* Called from ssl3_InitState, immediately below. */ |
12665 /* Caller must hold the SpecWriteLock. */ | 12668 /* Caller must hold the SpecWriteLock. */ |
12666 static void | 12669 void |
12667 ssl3_InitCipherSpec(sslSocket *ss, ssl3CipherSpec *spec) | 12670 ssl3_InitCipherSpec(ssl3CipherSpec *spec) |
12668 { | 12671 { |
12669 spec->cipher_def = &bulk_cipher_defs[cipher_null]; | 12672 spec->cipher_def = &bulk_cipher_defs[cipher_null]; |
12670 PORT_Assert(spec->cipher_def->cipher == cipher_null); | 12673 PORT_Assert(spec->cipher_def->cipher == cipher_null); |
12671 spec->mac_def = &mac_defs[mac_null]; | 12674 spec->mac_def = &mac_defs[mac_null]; |
12672 PORT_Assert(spec->mac_def->mac == mac_null); | 12675 PORT_Assert(spec->mac_def->mac == mac_null); |
12673 spec->encode = Null_Cipher; | 12676 spec->encode = Null_Cipher; |
12674 spec->decode = Null_Cipher; | 12677 spec->decode = Null_Cipher; |
12675 spec->destroy = NULL; | 12678 spec->destroy = NULL; |
12676 spec->compressor = NULL; | 12679 spec->compressor = NULL; |
12677 spec->decompressor = NULL; | 12680 spec->decompressor = NULL; |
(...skipping 15 matching lines...) Expand all Loading... | |
12693 spec->server.write_mac_context = NULL; | 12696 spec->server.write_mac_context = NULL; |
12694 | 12697 |
12695 spec->write_seq_num.high = 0; | 12698 spec->write_seq_num.high = 0; |
12696 spec->write_seq_num.low = 0; | 12699 spec->write_seq_num.low = 0; |
12697 | 12700 |
12698 spec->read_seq_num.high = 0; | 12701 spec->read_seq_num.high = 0; |
12699 spec->read_seq_num.low = 0; | 12702 spec->read_seq_num.low = 0; |
12700 | 12703 |
12701 spec->epoch = 0; | 12704 spec->epoch = 0; |
12702 dtls_InitRecvdRecords(&spec->recvdRecords); | 12705 dtls_InitRecvdRecords(&spec->recvdRecords); |
12703 | |
12704 spec->version = ss->vrange.max; | |
12705 } | 12706 } |
12706 | 12707 |
12707 /* Called from: ssl3_SendRecord | 12708 /* Called from: ssl3_SendRecord |
12708 ** ssl3_SendClientHello() | 12709 ** ssl3_SendClientHello() |
12709 ** ssl3_HandleV2ClientHello() | 12710 ** ssl3_HandleV2ClientHello() |
12710 ** ssl3_HandleRecord() | 12711 ** ssl3_HandleRecord() |
12711 ** | 12712 ** |
12712 ** This function should perhaps acquire and release the SpecWriteLock. | 12713 ** This function should perhaps acquire and release the SpecWriteLock. |
12713 ** | 12714 ** |
12714 ** | 12715 ** |
12715 */ | 12716 */ |
12716 SECStatus | 12717 SECStatus |
12717 ssl3_InitState(sslSocket *ss) | 12718 ssl3_InitState(sslSocket *ss) |
12718 { | 12719 { |
12719 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); | 12720 PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
12720 | 12721 |
12721 if (ss->ssl3.initialized) | 12722 if (ss->ssl3.initialized) |
12722 return SECSuccess; /* Function should be idempotent */ | 12723 return SECSuccess; /* Function should be idempotent */ |
12723 | 12724 |
12724 ss->ssl3.policy = SSL_ALLOWED; | 12725 ss->ssl3.policy = SSL_ALLOWED; |
12725 | 12726 |
12726 ssl_GetSpecWriteLock(ss); | 12727 ssl_GetSpecWriteLock(ss); |
12727 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; | 12728 ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0]; |
12728 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; | 12729 ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1]; |
12730 ssl3_InitCipherSpec(ss->ssl3.crSpec); | |
12731 ssl3_InitCipherSpec(ss->ssl3.prSpec); | |
12732 ss->ssl3.crSpec->version = ss->ssl3.prSpec->version = ss->vrange.max; | |
12729 ss->ssl3.hs.sendingSCSV = PR_FALSE; | 12733 ss->ssl3.hs.sendingSCSV = PR_FALSE; |
12730 ssl3_InitCipherSpec(ss, ss->ssl3.crSpec); | |
12731 ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); | |
12732 ss->ssl3.hs.preliminaryInfo = 0; | 12734 ss->ssl3.hs.preliminaryInfo = 0; |
12733 | 12735 |
12734 ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; | 12736 ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; |
12735 #ifndef NSS_DISABLE_ECC | 12737 #ifndef NSS_DISABLE_ECC |
12736 ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); | 12738 ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); |
12737 #endif | 12739 #endif |
12738 ssl_ReleaseSpecWriteLock(ss); | 12740 ssl_ReleaseSpecWriteLock(ss); |
12739 | 12741 |
12740 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); | 12742 PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); |
12741 | 12743 |
12742 if (IS_DTLS(ss)) { | 12744 if (IS_DTLS(ss)) { |
12743 ss->ssl3.hs.sendMessageSeq = 0; | 12745 ss->ssl3.hs.sendMessageSeq = 0; |
12744 ss->ssl3.hs.recvMessageSeq = 0; | 12746 ss->ssl3.hs.recvMessageSeq = 0; |
12745 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; | 12747 ss->ssl3.hs.rtTimeoutMs = DTLS_RETRANSMIT_INITIAL_MS; |
12746 ss->ssl3.hs.rtRetries = 0; | 12748 ss->ssl3.hs.rtRetries = 0; |
12747 ss->ssl3.hs.recvdHighWater = -1; | 12749 ss->ssl3.hs.recvdHighWater = -1; |
12748 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); | 12750 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); |
12749 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */ | 12751 dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */ |
12750 } | 12752 } |
12751 | 12753 |
12752 PR_INIT_CLIST(&ss->ssl3.hs.remoteKeyShares); | 12754 PR_INIT_CLIST(&ss->ssl3.hs.remoteKeyShares); |
12753 ss->ssl3.hs.xSS = NULL; | 12755 ss->ssl3.hs.xSS = NULL; |
12754 ss->ssl3.hs.xES = NULL; | 12756 ss->ssl3.hs.xES = NULL; |
12755 ss->ssl3.hs.trafficSecret = NULL; | 12757 ss->ssl3.hs.trafficSecret = NULL; |
(...skipping 419 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
13175 } | 13177 } |
13176 } | 13178 } |
13177 } | 13179 } |
13178 | 13180 |
13179 rv = ssl3_ConstrainRangeByPolicy(); | 13181 rv = ssl3_ConstrainRangeByPolicy(); |
13180 | 13182 |
13181 return rv; | 13183 return rv; |
13182 } | 13184 } |
13183 | 13185 |
13184 /* End of ssl3con.c */ | 13186 /* End of ssl3con.c */ |
LEFT | RIGHT |