mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Implement new function SSL_GetChannelInfo(). Bugzilla bug 78959.

This commit is contained in:
nelsonb%netscape.com 2001-09-18 01:59:21 +00:00
Родитель 38965ccfd9
Коммит 0e45538807
13 изменённых файлов: 729 добавлений и 205 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
security/nss/lib/ssl/manifest.mn
Просмотреть файл

@ -42,6 +42,7 @@ PRIVATE_EXPORTS = \
EXPORTS = \
ssl.h \
sslt.h \
sslerr.h \
sslproto.h \
preenc.h \
@ -71,8 +72,10 @@ CSRCS = \
authcert.c \
cmpcert.c \
nsskea.c \
sslinfo.c \
$(NULL)
REQUIRES = security dbm
LIBRARY_NAME = ssl

1
security/nss/lib/ssl/ssl.def
Просмотреть файл

@ -112,6 +112,7 @@ NSSSSL_VersionCheck;
;+# functions for now.
SSL_GetMaxServerCacheLocks;
SSL_SetMaxServerCacheLocks;
SSL_GetChannelInfo;
;+ local:
;+*;
;+};

41
security/nss/lib/ssl/ssl.h
Просмотреть файл

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: ssl.h,v 1.9 2001/06/12 20:27:10 nelsonb%netscape.com Exp $
* $Id: ssl.h,v 1.10 2001/09/18 01:59:18 nelsonb%netscape.com Exp $
*/
#ifndef __ssl_h_
@ -45,12 +45,16 @@
#include "cert.h"
#include "keyt.h"
#include "sslt.h" /* public ssl data types */
#if defined(_WIN32) && !defined(IN_LIBSSL) && !defined(NSS_USE_STATIC_LIBS)
#define SSL_IMPORT extern __declspec(dllimport)
#else
#define SSL_IMPORT extern
#endif
SEC_BEGIN_PROTOS
/* constant table enumerating all implemented SSL 2 and 3 cipher suites. */
SSL_IMPORT const PRUint16 SSL_ImplementedCiphers[];
@ -60,26 +64,6 @@ SSL_IMPORT const PRUint16 SSL_NumImplementedCiphers;
/* Macro to tell which ciphers in table are SSL2 vs SSL3/TLS. */
#define SSL_IS_SSL2_CIPHER(which) (((which) & 0xfff0) == 0xff00)
typedef struct SSL3StatisticsStr {
/* statistics from ssl3_SendClientHello (sch) */
long sch_sid_cache_hits;
long sch_sid_cache_misses;
long sch_sid_cache_not_ok;
/* statistics from ssl3_HandleServerHello (hsh) */
long hsh_sid_cache_hits;
long hsh_sid_cache_misses;
long hsh_sid_cache_not_ok;
/* statistics from ssl3_HandleClientHello (hch) */
long hch_sid_cache_hits;
long hch_sid_cache_misses;
long hch_sid_cache_not_ok;
} SSL3Statistics;
SEC_BEGIN_PROTOS
/*
** Imports fd into SSL, returning a new socket. Copies SSL configuration
** from model.
@ -260,15 +244,6 @@ SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f,
** certificate for the server and the servers private key. The arguments
** are copied.
*/
/* Key Exchange values */
typedef enum {
kt_null = 0,
kt_rsa = 1,
kt_dh = 2,
kt_fortezza = 3,
kt_kea_size
} SSLKEAType;
SSL_IMPORT SECStatus SSL_ConfigSecureServer(
PRFileDesc *fd, CERTCertificate *cert,
SECKEYPrivateKey *key, SSLKEAType kea);
@ -445,6 +420,12 @@ SSL_IMPORT SECStatus NSS_SetFrancePolicy(void);
SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void);
/* Report more information than SSL_SecurityStatus.
** Caller supplies the info struct. Function fills it in.
*/
SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info,
PRUintn len);
SEC_END_PROTOS
#endif /* __ssl_h_ */

186
security/nss/lib/ssl/ssl3con.c
Просмотреть файл

@ -33,7 +33,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: ssl3con.c,v 1.23 2001/08/22 23:15:45 wtc%netscape.com Exp $
* $Id: ssl3con.c,v 1.24 2001/09/18 01:59:18 nelsonb%netscape.com Exp $
*/
#include "nssrenam.h"
@ -136,14 +136,13 @@ static const /*SSL3ClientCertificateType */ uint8 fortezza_certificate_types []
*/
#define SSL3_BUFFER_FUDGE 100
#undef BPB
#define BPB 8 /* Bits Per Byte */
#define SET_ERROR_CODE /* reminder */
#define SEND_ALERT /* reminder */
#define TEST_FOR_FAILURE /* reminder */
#define DEAL_WITH_FAILURE /* reminder */
#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */
/* This is a hack to make sure we don't do double handshakes for US policy */
PRBool ssl3_global_policy_some_restricted = PR_FALSE;
@ -191,23 +190,6 @@ static const ssl3KEADef kea_defs[] = { /* indexed by SSL3KeyExchangeAlgorithm */
{kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE },
};
static const CK_MECHANISM_TYPE kea_alg_defs[] = {
0x80000000L,
CKM_RSA_PKCS,
CKM_DH_PKCS_DERIVE,
CKM_KEA_KEY_DERIVE
};
static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
/* mac malg pad_size mac_size */
{ mac_null, malg_null, 0, 0 },
{ mac_md5, malg_md5, 48, MD5_LENGTH },
{ mac_sha, malg_sha, 40, SHA1_LENGTH},
{hmac_md5, malg_md5_hmac, 48, MD5_LENGTH },
{hmac_sha, malg_sha_hmac, 40, SHA1_LENGTH},
};
/* must use ssl_LookupCipherSuiteDef to access */
static const ssl3CipherSuiteDef cipher_suite_defs[] = {
/* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */
@ -272,6 +254,44 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {
};
static const CK_MECHANISM_TYPE kea_alg_defs[] = {
0x80000000L,
CKM_RSA_PKCS,
CKM_DH_PKCS_DERIVE,
CKM_KEA_KEY_DERIVE
};
typedef struct SSLCipher2MechStr {
SSLCipherAlgorithm calg;
CK_MECHANISM_TYPE cmech;
} SSLCipher2Mech;
static const SSLCipher2Mech alg2Mech[] = {
{ calg_null , (CK_MECHANISM_TYPE)0x80000000L },
{ calg_rc4 , CKM_RC4 },
{ calg_rc2 , CKM_RC2_CBC },
{ calg_des , CKM_DES_CBC },
{ calg_3des , CKM_DES3_CBC },
{ calg_idea , CKM_IDEA_CBC },
{ calg_fortezza , CKM_SKIPJACK_CBC64 },
/* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */
};
#define mmech_null (CK_MECHANISM_TYPE)0x80000000L
#define mmech_md5 CKM_SSL3_MD5_MAC
#define mmech_sha CKM_SSL3_SHA1_MAC
#define mmech_md5_hmac CKM_MD5_HMAC
#define mmech_sha_hmac CKM_SHA_1_HMAC
static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
/* mac mmech pad_size mac_size */
{ mac_null, mmech_null, 0, 0 },
{ mac_md5, mmech_md5, 48, MD5_LENGTH },
{ mac_sha, mmech_sha, 40, SHA1_LENGTH},
{hmac_md5, mmech_md5_hmac, 48, MD5_LENGTH },
{hmac_sha, mmech_sha_hmac, 40, SHA1_LENGTH},
};
/* indexed by SSL3BulkCipher */
const char * const ssl3_cipherName[] = {
"NULL",
@ -387,12 +407,14 @@ ssl3_config_match_init(sslSocket *ss)
{
ssl3CipherSuiteCfg * suite;
const ssl3CipherSuiteDef *cipher_def;
CipherAlgorithm cipher_alg;
SSLCipherAlgorithm cipher_alg;
CK_MECHANISM_TYPE cipher_mech;
SSL3KEAType exchKeyType;
int i;
int numPresent = 0;
int numEnabled = 0;
PRBool isServer;
sslServerCerts *svrAuth;
if (!ss->enableSSL3 && !ss->enableTLS) {
return 0;
@ -412,16 +434,19 @@ ssl3_config_match_init(sslSocket *ss)
continue;
}
cipher_alg=bulk_cipher_defs[cipher_def->bulk_cipher_alg ].calg;
PORT_Assert( alg2Mech[cipher_alg].calg == cipher_alg);
cipher_mech = alg2Mech[cipher_alg].cmech;
exchKeyType =
kea_defs[cipher_def->key_exchange_alg].exchKeyType;
svrAuth = ss->serverCerts + exchKeyType;
/* Mark the suites that are backed by real tokens, certs and keys */
suite->isPresent = (PRBool)
(((exchKeyType == kt_null) ||
(!isServer || (ss->serverKey[exchKeyType] &&
ss->serverCertChain[exchKeyType])) &&
(!isServer || (svrAuth->serverKey &&
svrAuth->serverCertChain)) &&
PK11_TokenExists(kea_alg_defs[exchKeyType])) &&
((cipher_alg == calg_null) || PK11_TokenExists(cipher_alg)));
((cipher_alg == calg_null) || PK11_TokenExists(cipher_mech)));
if (suite->isPresent)
++numPresent;
}
@ -641,8 +666,6 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
return SECFailure;
}
switch (key->keyType) {
case rsaKey:
hashItem.data = hash->md5;
@ -1025,6 +1048,7 @@ const ssl3BulkCipherDef *cipher_def;
PK11Context * clientContext = NULL;
SECItem * param;
CK_ULONG macLength;
SSLCipherAlgorithm calg;
SECStatus rv;
CK_MECHANISM_TYPE mechanism;
CK_MECHANISM_TYPE mac_mech;
@ -1052,7 +1076,7 @@ const ssl3BulkCipherDef *cipher_def;
mac_param.data = (unsigned char *)&macLength;
mac_param.len = sizeof(macLength);
mac_mech = (CK_MECHANISM_TYPE) pwSpec->mac_def->malg;
mac_mech = pwSpec->mac_def->mmech;
if (cipher_def->calg == calg_null) {
pwSpec->encode = Null_Cipher;
@ -1073,7 +1097,9 @@ const ssl3BulkCipherDef *cipher_def;
goto success;
}
mechanism = (CK_MECHANISM_TYPE) cipher_def->calg;
calg = cipher_def->calg;
PORT_Assert(alg2Mech[calg].calg == calg);
mechanism = alg2Mech[calg].cmech;
/*
* build the server context
@ -1208,7 +1234,7 @@ ssl3_ComputeRecordMAC(
/* ssl_GetSpecReadLock(ss); Don't have "ss"! */
mac_def = spec->mac_def;
if (mac_def->malg == malg_null) {
if (mac_def->mac == mac_null) {
*outLength = 0;
/* ssl_ReleaseSpecReadLock(ss); */
return SECSuccess;
@ -1539,7 +1565,7 @@ ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags)
}
/*
* Called from ssl3_HandleAlert and from ssl3_HandleCertificates when
* Called from ssl3_HandleAlert and from ssl3_HandleCertificate when
* the remote client sends a negative response to our certificate request.
* Returns SECFailure if the application has required client auth.
* SECSuccess otherwise.
@ -1928,6 +1954,7 @@ ssl3_GenerateSessionKeys(sslSocket *ss, const PK11SymKey *pms)
CK_SSL3_KEY_MAT_PARAMS key_material_params;
CK_SSL3_KEY_MAT_OUT returnedKeys;
CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
SSLCipherAlgorithm calg;
PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
PORT_Assert( ssl_HaveSpecWriteLock(ss));
@ -2033,7 +2060,11 @@ ssl3_GenerateSessionKeys(sslSocket *ss, const PK11SymKey *pms)
returnedKeys.pIVClient = NULL;
returnedKeys.pIVServer = NULL;
}
bulk_mechanism = (CK_MECHANISM_TYPE) cipher_def->calg;
calg = cipher_def->calg;
PORT_Assert( alg2Mech[calg].calg == calg);
bulk_mechanism = alg2Mech[calg].cmech;
params.data = (unsigned char *)&key_material_params;
params.len = sizeof(key_material_params);
@ -2934,7 +2965,7 @@ getWrappingKey( sslSocket * ss,
static PZLock * symWrapKeysLock;
static ssl3SymWrapKey symWrapKeys[SSL_NUM_WRAP_MECHS];
svrPrivKey = ss->serverKey[exchKeyType];
svrPrivKey = ss->serverCerts[exchKeyType].serverKey;
PORT_Assert(svrPrivKey != NULL);
if (!svrPrivKey) {
return NULL; /* why are we here?!? */
@ -2994,7 +3025,7 @@ getWrappingKey( sslSocket * ss,
*/
PORT_Memset(&wswk, 0, sizeof wswk); /* eliminate UMRs. */
svrCert = ss->serverCert[exchKeyType];
svrCert = ss->serverCerts[exchKeyType].serverCert;
svrPubKey = CERT_ExtractPublicKey(svrCert);
if (svrPubKey == NULL) {
/* CERT_ExtractPublicKey doesn't set error code */
@ -3736,6 +3767,9 @@ ssl3_SendClientKeyExchange(sslSocket *ss)
}
}
ss->sec->keaType = ss->ssl3->hs.kea_def->exchKeyType;
ss->sec->keaKeyBits = SECKEY_PublicKeyStrength(serverKey) * BPB;
switch (ss->ssl3->hs.kea_def->exchKeyType) {
case kt_rsa:
rv = sendRSAClientKeyExchange(ss, serverKey);
@ -3760,7 +3794,8 @@ ssl3_SendClientKeyExchange(sslSocket *ss)
SSL_GETPID(), ss->fd));
loser:
if (serverKey) SECKEY_DestroyPublicKey(serverKey);
if (serverKey)
SECKEY_DestroyPublicKey(serverKey);
return rv; /* err code already set. */
}
@ -3980,6 +4015,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
PK11SymKey * wrapKey; /* wrapping key */
SECItem wrappedMS; /* wrapped master secret. */
CK_FLAGS keyFlags = 0;
sslSecurityInfo *sec = ss->sec;
sec->authAlgorithm = sid->authAlgorithm;
sec->authKeyBits = sid->authKeyBits;
sec->keaType = sid->keaType;
sec->keaKeyBits = sid->keaKeyBits;
slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
sid->u.ssl3.masterSlotID);
@ -4760,7 +4801,7 @@ ssl3_SendServerHelloSequence(sslSocket *ss)
int keyLen; /* bytes */
keyLen = PK11_GetPrivateModulusLen(
ss->serverKey[kea_def->exchKeyType]);
ss->serverCerts[kea_def->exchKeyType].serverKey);
if (keyLen > 0 &&
keyLen * BPB <= kea_def->key_size_limit ) {
@ -5057,6 +5098,11 @@ compression_found:
++ssl3stats.hch_sid_cache_hits;
ssl3->hs.isResuming = PR_TRUE;
ss->sec->authAlgorithm = sid->authAlgorithm;
ss->sec->authKeyBits = sid->authKeyBits;
ss->sec->keaType = sid->keaType;
ss->sec->keaKeyBits = sid->keaKeyBits;
ssl_GetXmitBufLock(ss); haveXmitBufLock = PR_TRUE;
rv = ssl3_SendServerHello(ss);
@ -5085,7 +5131,8 @@ compression_found:
/* Now, unwrap the client and server write keys with Ks */
/* get the slot that the fortezza server private key is in. */
slot = PK11_GetSlotFromPrivateKey(ss->serverKey[kt_fortezza]);
slot = PK11_GetSlotFromPrivateKey(
ss->serverCerts[kt_fortezza].serverKey);
if (slot == NULL) {
ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
goto loser;
@ -5497,8 +5544,8 @@ const ssl3KEADef * kea_def = ss->ssl3->hs.kea_def;
}
isTLS = (PRBool)(ss->ssl3->pwSpec->version > SSL_LIBRARY_VERSION_3_0);
rv = ssl3_SignHashes(&hashes, ss->serverKey[kt_rsa], &signed_hash,
isTLS);
rv = ssl3_SignHashes(&hashes, ss->serverCerts[kt_rsa].serverKey,
&signed_hash, isTLS);
if (rv != SECSuccess) {
goto loser; /* ssl3_SignHashes has set err. */
}
@ -5999,6 +6046,7 @@ ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
if (slot == NULL) {
SSLCipherAlgorithm calg;
/* The specReadLock would suffice here, but we cannot assert on
** read locks. Also, all the callers who call with a non-null
** slot already hold the SpecWriteLock.
@ -6006,10 +6054,14 @@ ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
PORT_Assert( ssl_HaveSpecWriteLock(ss));
PORT_Assert(ss->ssl3->prSpec == ss->ssl3->pwSpec);
calg = spec->cipher_def->calg;
PORT_Assert(alg2Mech[calg].calg == calg);
/* First get an appropriate slot. */
mechanism_array[0] = CKM_SSL3_PRE_MASTER_KEY_GEN;
mechanism_array[1] = CKM_RSA_PKCS;
mechanism_array[2] = (CK_MECHANISM_TYPE) spec->cipher_def->calg;
mechanism_array[2] = alg2Mech[calg].cmech;
slot = PK11_GetBestSlotMultiple(mechanism_array, 3, pwArg);
if (slot == NULL) {
/* can't find a slot with all three, find a slot with the minimum */
@ -6146,7 +6198,22 @@ const ssl3KEADef * kea_def;
&& ss->stepDownKeyPair != NULL
#endif
) ? ss->stepDownKeyPair->privKey
: ss->serverKey[kea_def->exchKeyType];
: ss->serverCerts[kea_def->exchKeyType].serverKey;
if (ss->ssl3->hs.usedStepDownKey
#ifdef DEBUG
&& kea_def->is_limited /* XXX OR cert is signing only */
&& kea_def->exchKeyType == kt_rsa
&& ss->stepDownKeyPair != NULL
#endif
) {
serverKey = ss->stepDownKeyPair->privKey;
ss->sec->keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
} else {
sslServerCerts * sc = ss->serverCerts + kea_def->exchKeyType;
serverKey = sc->serverKey;
ss->sec->keaKeyBits = sc->serverKeyBits;
}
if (serverKey == NULL) {
SEND_ALERT
@ -6154,6 +6221,8 @@ const ssl3KEADef * kea_def;
return SECFailure;
}
ss->sec->keaType = kea_def->exchKeyType;
switch (kea_def->exchKeyType) {
case kt_rsa:
rv = ssl3_HandleRSAClientKeyExchange(ss, b, length, serverKey);
@ -6211,9 +6280,15 @@ ssl3_SendCertificate(sslSocket *ss)
PORT_Assert( ssl_HaveXmitBufLock(ss));
PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
certChain = (ss->sec->isServer)
? ss->serverCertChain[ss->ssl3->hs.kea_def->exchKeyType]
: ss->ssl3->clientCertChain;
if (ss->sec->isServer) {
sslServerCerts * sc =
ss->serverCerts + ss->ssl3->hs.kea_def->exchKeyType;
certChain = sc->serverCertChain;
ss->sec->authKeyBits = sc->serverKeyBits;
ss->sec->authAlgorithm = ss->ssl3->hs.kea_def->signKeyType;
} else {
certChain = ss->ssl3->clientCertChain;
}
if (certChain) {
for (i = 0; i < certChain->len; i++) {
@ -6457,6 +6532,22 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
sec->ci.sid->peerCert = CERT_DupCertificate(sec->peerCert);
if (!sec->isServer) {
/* set the server authentication and key exchange types and sizes
** from the value in the cert. If the key exchange key is different,
** it will get fixed when we handle the server key exchange message.
*/
SECKEYPublicKey * pubKey = CERT_ExtractPublicKey(cert);
sec->authAlgorithm = ssl3->hs.kea_def->signKeyType;
sec->keaType = ssl3->hs.kea_def->exchKeyType;
if (pubKey) {
sec->keaKeyBits = sec->authKeyBits =
SECKEY_PublicKeyStrength(pubKey) * BPB;
SECKEY_DestroyPublicKey(pubKey);
pubKey = NULL;
}
}
/* We don't need the CA certs now that we've authenticated the peer cert. */
ssl3->peerCertChain = certs; certs = NULL; arena = NULL;
ssl3_CleanupPeerCerts(ssl3);
@ -6804,6 +6895,10 @@ xmit_loser:
sid->u.ssl3.policy = ssl3->policy;
sid->u.ssl3.exchKeyType = ssl3->hs.kea_def->exchKeyType;
sid->version = ss->version;
sid->authAlgorithm = sec->authAlgorithm;
sid->authKeyBits = sec->authKeyBits;
sid->keaType = sec->keaType;
sid->keaKeyBits = sec->keaKeyBits;
ssl_GetSpecReadLock(ss); /*************************************/
symKeySlot = PK11_GetSlotFromKey(ssl3->crSpec->master_secret);
@ -7557,7 +7652,6 @@ ssl3_FreeKeyPair(ssl3KeyPair * keyPair)
}
#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */
/*
* Creates the public and private RSA keys for SSL Step down.
@ -7575,7 +7669,7 @@ ssl3_CreateRSAStepDownKeys(sslSocket *ss)
ss->stepDownKeyPair = NULL;
#ifndef HACKED_EXPORT_SERVER
/* Sigh, should have a get key strength call for private keys */
if (PK11_GetPrivateModulusLen(ss->serverKey[kt_rsa]) >
if (PK11_GetPrivateModulusLen(ss->serverCerts[kt_rsa].serverKey) >
EXPORT_RSA_KEY_LENGTH) {
/* need to ask for the key size in bits */
privKey = SECKEY_CreateRSAPrivateKey(EXPORT_RSA_KEY_LENGTH * BPB,

6
security/nss/lib/ssl/ssl3prot.h
Просмотреть файл

@ -33,7 +33,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: ssl3prot.h,v 1.1 2000/03/31 19:33:16 relyea%netscape.com Exp $
* $Id: ssl3prot.h,v 1.2 2001/09/18 01:59:19 nelsonb%netscape.com Exp $
*/
#ifndef __ssl3proto_h_
@ -184,9 +184,7 @@ typedef struct {
SECItem list;
} SSL3Certificate;
typedef enum {
sign_null, sign_rsa, sign_dsa
} SSL3SignType;
/* SSL3SignType moved to ssl.h */
/* The SSL key exchange method used */
typedef enum {

103
security/nss/lib/ssl/sslcon.c
Просмотреть файл

@ -1,4 +1,4 @@
/*
/*
* SSL v2 handshake functions, and functions common to SSL2 and SSL3.
*
* The contents of this file are subject to the Mozilla Public
@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslcon.c,v 1.9 2001/06/09 03:18:06 nelsonb%netscape.com Exp $
* $Id: sslcon.c,v 1.10 2001/09/18 01:59:19 nelsonb%netscape.com Exp $
*/
#include "nssrenam.h"
@ -1343,7 +1343,11 @@ ssl2_FillInSID(sslSessionID * sid,
PRUint8 *ca,
int caLen,
int keyBits,
int secretKeyBits)
int secretKeyBits,
SSLSignType authAlgorithm,
PRUint32 authKeyBits,
SSLKEAType keaType,
PRUint32 keaKeyBits)
{
PORT_Assert(sid->references == 1);
PORT_Assert(sid->cached == never_cached);
@ -1359,8 +1363,12 @@ ssl2_FillInSID(sslSessionID * sid,
}
PORT_Memcpy(sid->u.ssl2.masterKey.data, keyData, keyLen);
sid->u.ssl2.masterKey.len = keyLen;
sid->u.ssl2.keyBits = keyBits;
sid->u.ssl2.keyBits = keyBits;
sid->u.ssl2.secretKeyBits = secretKeyBits;
sid->authAlgorithm = authAlgorithm;
sid->authKeyBits = authKeyBits;
sid->keaType = keaType;
sid->keaKeyBits = keaKeyBits;
if (caLen) {
sid->u.ssl2.cipherArg.data = (PRUint8*) PORT_Alloc(caLen);
@ -1450,10 +1458,12 @@ loser:
return rv;
}
/* Called from ssl2_ServerSetupSessionCypher() <- ssl2_HandleClientSessionKeyMessage()
<- ssl2_HandleClientHelloMessage()
* ssl2_ClientSetupSessionCypher() <- ssl2_HandleServerHelloMessage()
*/
/* Called from ssl2_ServerSetupSessionCypher()
** <- ssl2_HandleClientSessionKeyMessage()
** <- ssl2_HandleClientHelloMessage()
** and from ssl2_ClientSetupSessionCypher()
** <- ssl2_HandleServerHelloMessage()
*/
static SECStatus
ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient)
{
@ -1618,13 +1628,14 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits,
PRUint8 * kbuf = 0; /* buffer for RSA decrypted data. */
unsigned int el1; /* length of RSA decrypted data in kbuf */
unsigned int keySize;
unsigned int modulus;
unsigned int modulusLen;
SECStatus rv;
PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES];
sslServerCerts * sc = ss->serverCerts + kt_rsa;
PORT_Assert( ssl_Have1stHandshakeLock(ss) );
PORT_Assert( ssl_HaveRecvBufLock(ss) );
PORT_Assert((ss->sec != 0) && (ss->serverKey[kt_rsa] != 0));
PORT_Assert((ss->sec != 0) && (sc->serverKey != 0));
sec = ss->sec;
PORT_Assert((sec->ci.sid != 0));
sid = sec->ci.sid;
@ -1683,25 +1694,25 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits,
** NOTE: PK11_PubDecryptRaw will barf on a non-RSA key. This is
** desired behavior here.
*/
rv = PK11_PubDecryptRaw(ss->serverKey[kt_rsa], kbuf, &el1, ekLen, ek, ekLen);
rv = PK11_PubDecryptRaw(sc->serverKey, kbuf, &el1, ekLen, ek, ekLen);
if (rv != SECSuccess)
goto hide_loser;
modulus = PK11_GetPrivateModulusLen(ss->serverKey[kt_rsa]);
if (modulus == -1) {
modulusLen = PK11_GetPrivateModulusLen(sc->serverKey);
if (modulusLen == -1) {
/* If the key was really bad, then PK11_pubDecryptRaw
* would have failed, therefore the we must assume that the card
* is just being a pain and not giving us the modulus... but it
* should be the same size as the encrypted key length, so use it
* and keep cranking */
modulus = ekLen;
modulusLen = ekLen;
}
/* Is the length of the decrypted data (el1) the expected value? */
if (modulus != el1)
if (modulusLen != el1)
goto hide_loser;
/* Cheaply verify that PKCS#1 was used to format the encryption block */
kk = kbuf + modulus - (keySize - ckLen);
kk = kbuf + modulusLen - (keySize - ckLen);
if ((kbuf[0] != 0x00) || (kbuf[1] != 0x02) || (kk[-1] != 0x00)) {
/* Tsk tsk. */
SSL_DBG(("%d: SSL[%d]: strange encryption block",
@ -1740,7 +1751,9 @@ hide_loser:
/* Fill in session-id */
rv = ssl2_FillInSID(sid, cipher, mkbuf, keySize, ca, caLen,
keyBits, keyBits - (ckLen<<3));
keyBits, keyBits - (ckLen<<3),
sec->authAlgorithm, sec->authKeyBits,
sec->keaType, sec->keaKeyBits);
if (rv != SECSuccess) {
goto loser;
}
@ -1996,6 +2009,7 @@ static SECStatus
ssl2_ClientSetupSessionCypher(sslSocket *ss, PRUint8 *cs, int csLen)
{
sslSessionID * sid;
sslSecurityInfo * sec;
PRUint8 * ca; /* points to iv data, or NULL if none. */
PRUint8 * ekbuf = 0;
CERTCertificate * cert = 0;
@ -2020,10 +2034,11 @@ ssl2_ClientSetupSessionCypher(sslSocket *ss, PRUint8 *cs, int csLen)
eblock.data = 0;
eblock.len = 0;
sid = ss->sec->ci.sid;
sec = ss->sec;
sid = sec->ci.sid;
PORT_Assert(sid != 0);
cert = ss->sec->peerCert;
cert = sec->peerCert;
serverKey = CERT_ExtractPublicKey(cert);
if (!serverKey) {
@ -2034,6 +2049,11 @@ ssl2_ClientSetupSessionCypher(sslSocket *ss, PRUint8 *cs, int csLen)
goto loser2;
}
sec->authAlgorithm = ssl_sign_rsa;
sec->keaType = ssl_kea_rsa;
sec->keaKeyBits = \
sec->authKeyBits = SECKEY_PublicKeyStrength(serverKey) * BPB;
/* Choose a compatible cipher with the server */
nc = csLen / 3;
cipher = ssl2_ChooseSessionCypher(ss, nc, cs, &keyLen);
@ -2068,7 +2088,9 @@ ssl2_ClientSetupSessionCypher(sslSocket *ss, PRUint8 *cs, int csLen)
/* Fill in session-id */
rv = ssl2_FillInSID(sid, cipher, keyData, keyLen,
ca, caLen, keyLen << 3, (keyLen - ckLen) << 3);
ca, caLen, keyLen << 3, (keyLen - ckLen) << 3,
sec->authAlgorithm, sec->authKeyBits,
sec->keaType, sec->keaKeyBits);
if (rv != SECSuccess) {
goto loser;
}
@ -2387,6 +2409,7 @@ ssl2_HandleClientCertificate(sslSocket * ss,
CERTCertificate *cert = NULL;
SECKEYPublicKey *pubKey = NULL;
VFYContext * vfy = NULL;
SECItem * derCert;
SECStatus rv = SECFailure;
SECItem certItem;
SECItem rep;
@ -2435,8 +2458,9 @@ ssl2_HandleClientCertificate(sslSocket * ss,
rv = VFY_Update(vfy, ci->serverChallenge, SSL_CHALLENGE_BYTES);
if (rv)
goto loser;
rv = VFY_Update(vfy, ss->serverCert[kt_rsa]->derCert.data,
ss->serverCert[kt_rsa]->derCert.len);
derCert = &ss->serverCerts[kt_rsa].serverCert->derCert;
rv = VFY_Update(vfy, derCert->data, derCert->len);
if (rv)
goto loser;
rv = VFY_End(vfy);
@ -2746,6 +2770,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
ci = &sec->ci;
gs = ss->gather;
PORT_Assert(ci->sid != 0);
sid = ci->sid;
data = gs->buf.buf + gs->recordOffset;
DUMP_MSG(29, (ss, data, gs->recordLen));
@ -2807,8 +2832,12 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
SSL_TRC(1, ("%d: SSL[%d]: client, using nonce for peer=0x%08x "
"port=0x%04x",
SSL_GETPID(), ss->fd, ci->peer, ci->port));
sec->peerCert = CERT_DupCertificate(ci->sid->peerCert);
rv = ssl2_CreateSessionCypher(ss, ci->sid, PR_TRUE);
sec->peerCert = CERT_DupCertificate(sid->peerCert);
sec->authAlgorithm = sid->authAlgorithm;
sec->authKeyBits = sid->authKeyBits;
sec->keaType = sid->keaType;
sec->keaKeyBits = sid->keaKeyBits;
rv = ssl2_CreateSessionCypher(ss, sid, PR_TRUE);
if (rv != SECSuccess) {
goto loser;
}
@ -2829,7 +2858,6 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
goto bad_server;
}
sid = ci->sid;
if (sid->cached != never_cached) {
/* Forget our session-id - server didn't like it */
SSL_TRC(7, ("%d: SSL[%d]: server forgot me, uncaching session-id",
@ -3531,11 +3559,18 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
hit = 1;
certLen = 0;
csLen = 0;
sec->authAlgorithm = sid->authAlgorithm;
sec->authKeyBits = sid->authKeyBits;
sec->keaType = sid->keaType;
sec->keaKeyBits = sid->keaKeyBits;
rv = ssl2_CreateSessionCypher(ss, sid, PR_FALSE);
if (rv != SECSuccess) {
goto loser;
}
} else {
SECItem * derCert = &ss->serverCerts[kt_rsa].serverCert->derCert;
SSL_TRC(7, ("%d: SSL[%d]: server, lookup nonce missed",
SSL_GETPID(), ss->fd));
hit = 0;
@ -3554,8 +3589,13 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
pid = SSL_GETPID();
sid->u.ssl2.sessionID[0] = MSB(pid);
sid->u.ssl2.sessionID[1] = LSB(pid);
cert = ss->serverCert[kt_rsa]->derCert.data;
certLen = ss->serverCert[kt_rsa]->derCert.len;
cert = derCert->data;
certLen = derCert->len;
sec->authAlgorithm = ssl_sign_rsa;
sec->keaType = ssl_kea_rsa;
sec->keaKeyBits = \
sec->authKeyBits = ss->serverCerts[kt_rsa].serverKeyBits;
}
/* Build up final list of required elements */
@ -3648,6 +3688,7 @@ ssl2_BeginServerHandshake(sslSocket *ss)
sslSecurityInfo *sec;
sslConnectInfo * ci;
SECStatus rv;
sslServerCerts * rsaAuth = ss->serverCerts + kt_rsa;
PORT_Assert((ss->sec != 0));
sec = ss->sec;
@ -3658,7 +3699,7 @@ ssl2_BeginServerHandshake(sslSocket *ss)
sec->rcvSequence = 0;
/* don't turn on SSL2 if we don't have an RSA key and cert */
if (!ss->serverKey[kt_rsa] || !ss->serverCert[kt_rsa]) {
if (!rsaAuth->serverKey || !rsaAuth->serverCert) {
ss->enableSSL2 = PR_FALSE;
}
@ -3691,6 +3732,12 @@ loser:
return SECFailure;
}
/* This function doesn't really belong in this file.
** It's here to keep AIX compilers from optimizing it away,
** and not including it in the DSO.
*/
#include "nss.h"
extern const char __nss_ssl_rcsid[];
extern const char __nss_ssl_sccsid[];

101
security/nss/lib/ssl/sslimpl.h
Просмотреть файл

@ -34,7 +34,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslimpl.h,v 1.15 2001/06/09 19:45:22 nelsonb%netscape.com Exp $
* $Id: sslimpl.h,v 1.16 2001/09/18 01:59:19 nelsonb%netscape.com Exp $
*/
#ifndef __sslimpl_h_
@ -59,6 +59,35 @@
#include "nssrwlk.h"
#include "prthread.h"
#include "sslt.h" /* for some formerly private types, now public */
/* to make some of these old enums public without namespace pollution,
** it was necessary to prepend ssl_ to the names.
** These #defines preserve compatibility with the old code here in libssl.
*/
typedef SSLKEAType SSL3KEAType;
typedef SSLMACAlgorithm SSL3MACAlgorithm;
typedef SSLSignType SSL3SignType;
#define sign_null ssl_sign_null
#define sign_rsa ssl_sign_rsa
#define sign_dsa ssl_sign_dsa
#define calg_null ssl_calg_null
#define calg_rc4 ssl_calg_rc4
#define calg_rc2 ssl_calg_rc2
#define calg_des ssl_calg_des
#define calg_3des ssl_calg_3des
#define calg_idea ssl_calg_idea
#define calg_fortezza ssl_calg_fortezza
#define calg_aes ssl_calg_aes
#define mac_null ssl_mac_null
#define mac_md5 ssl_mac_md5
#define mac_sha ssl_mac_sha
#define hmac_md5 ssl_hmac_md5
#define hmac_sha ssl_hmac_sha
#if defined(DEBUG) || defined(TRACE)
#ifdef __cplusplus
@ -133,6 +162,10 @@ typedef enum { SSLAppOpRead = 0,
/* This makes the cert cache entry exactly 4k. */
#define SSL_MAX_CACHED_CERT_LEN 4060
#ifndef BPB
#define BPB 8 /* Bits Per Byte */
#endif
typedef struct sslBufferStr sslBuffer;
typedef struct sslConnectInfoStr sslConnectInfo;
typedef struct sslGatherStr sslGather;
@ -244,6 +277,14 @@ typedef enum { sslHandshakingUndetermined = 0,
sslHandshakingAsServer
} sslHandshakingType;
typedef struct sslServerCertsStr {
/* Configuration state for server sockets */
CERTCertificate * serverCert;
CERTCertificateList * serverCertChain;
SECKEYPrivateKey * serverKey;
unsigned int serverKeyBits;
} sslServerCerts;
/*
** SSL Socket struct
**
@ -308,9 +349,9 @@ struct sslSocketStr {
const unsigned char * preferredCipher;
/* Configuration state for server sockets */
CERTCertificate * serverCert[kt_kea_size];
CERTCertificateList * serverCertChain[kt_kea_size];
SECKEYPrivateKey * serverKey[kt_kea_size];
/* server cert and key for each KEA type */
sslServerCerts serverCerts[kt_kea_size];
ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
/* Callbacks */
@ -478,7 +519,7 @@ typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
*/
/*
** This is "ci", as in "ss->sec.ci".
** This is "ci", as in "ss->sec->ci".
**
** Protection: All the variables in here are protected by
** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock
@ -543,6 +584,11 @@ struct sslSecurityInfoStr {
CERTCertificate *peerCert; /* ssl 2 & 3 */
SECKEYPublicKey *peerKey; /* ssl3 only */
SSLSignType authAlgorithm;
PRUint32 authKeyBits;
SSLKEAType keaType;
PRUint32 keaKeyBits;
/*
** Procs used for SID cache (nonce) management.
** Different implementations exist for clients/servers
@ -602,40 +648,6 @@ typedef enum {
cipher_missing /* reserved for no such supported cipher */
} SSL3BulkCipher;
/* The specific cipher algorithm */
typedef enum {
calg_null = (int)0x80000000L,
calg_rc4 = CKM_RC4,
calg_rc2 = CKM_RC2_CBC,
calg_des = CKM_DES_CBC,
calg_3des = CKM_DES3_CBC,
calg_idea = CKM_IDEA_CBC,
calg_fortezza = CKM_SKIPJACK_CBC64,
calg_init = (int) 0x7fffffffL
} CipherAlgorithm;
/* hmac added to help TLS conversion by rjr... */
typedef enum {
malg_null = (int)0x80000000L,
malg_md5 = CKM_SSL3_MD5_MAC,
malg_sha = CKM_SSL3_SHA1_MAC,
malg_md5_hmac = CKM_MD5_HMAC,
malg_sha_hmac = CKM_SHA_1_HMAC
} MACAlgorithm;
/* Key Exchange values moved to ssl.h */
typedef SSLKEAType SSL3KEAType;
typedef enum {
mac_null,
mac_md5,
mac_sha,
hmac_md5, /* TLS HMAC version of mac_md5 */
hmac_sha /* TLS HMAC version of mac_sha */
} SSL3MACAlgorithm;
typedef enum { type_stream, type_block } CipherType;
#define MAX_IV_LENGTH 64
@ -708,6 +720,11 @@ struct sslSessionIDStr {
Cached cached;
int references;
SSLSignType authAlgorithm;
PRUint32 authKeyBits;
SSLKEAType keaType;
PRUint32 keaKeyBits;
union {
struct {
/* the V2 code depends upon the size of sessionID. */
@ -803,7 +820,7 @@ typedef enum { kg_null, kg_strong, kg_export } SSL3KeyGenMode;
*/
struct ssl3BulkCipherDefStr {
SSL3BulkCipher cipher;
CipherAlgorithm calg;
SSLCipherAlgorithm calg;
int key_size;
int secret_key_size;
CipherType type;
@ -817,7 +834,7 @@ struct ssl3BulkCipherDefStr {
*/
struct ssl3MACDefStr {
SSL3MACAlgorithm mac;
MACAlgorithm malg;
CK_MECHANISM_TYPE mmech;
int pad_size;
int mac_size;
};
@ -1250,6 +1267,8 @@ SEC_END_PROTOS
#if defined(XP_UNIX)
#define SSL_GETPID() getpid()
#elif defined(WIN32)
extern int __cdecl _getpid(void);
/* #define SSL_GETPID() GetCurrentProcessId() */
#define SSL_GETPID() _getpid()
#else

205
security/nss/lib/ssl/sslinfo.c Normal file
Просмотреть файл

@ -0,0 +1,205 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslinfo.c,v 1.1 2001/09/18 01:59:20 nelsonb%netscape.com Exp $
*/
#include "ssl.h"
#include "sslimpl.h"
#include "sslproto.h"
typedef struct BulkCipherInfoStr {
SSLCipherAlgorithm symCipher;
PRUint16 symKeyBits;
PRUint16 symKeySpace;
PRUint16 effectiveKeyBits;
} BulkCipherInfo;
static const BulkCipherInfo ssl2CipherInfo[] = {
/* NONE */ { ssl_calg_null, 0, 0, 0 },
/* SSL_CK_RC4_128_WITH_MD5 */ { ssl_calg_rc4, 128, 128, 128 },
/* SSL_CK_RC4_128_EXPORT40_WITH_MD5 */ { ssl_calg_rc4, 128, 40, 40 },
/* SSL_CK_RC2_128_CBC_WITH_MD5 */ { ssl_calg_rc2, 128, 128, 128 },
/* SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 */ { ssl_calg_rc2, 128, 40, 40 },
/* SSL_CK_IDEA_128_CBC_WITH_MD5 */ { ssl_calg_idea, 0, 0, 0 },
/* SSL_CK_DES_64_CBC_WITH_MD5 */ { ssl_calg_des, 64, 56, 56 },
/* SSL_CK_DES_192_EDE3_CBC_WITH_MD5 */ { ssl_calg_3des, 192, 168, 112 }
};
static const char * const authName[] = {
{ "NULL" },
{ "RSA" },
{ "DSA" }
};
static const char * const keaName[] = {
{ "NULL" },
{ "RSA" },
{ "DH" },
{ "KEA" },
{ "BOGUS" }
};
static const char * const cipherName[] = {
{ "NULL" },
{ "RC4" },
{ "RC2" },
{ "DES" },
{ "3DES" },
{ "IDEA" },
{ "SKIPJACK" },
{ "AES" }
};
static const char * const macName[] = {
{ "NULL" },
{ "MD5" },
{ "SHA" },
{ "MD5" },
{ "SHA" }
};
#define SSL_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb)))
SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
{
sslSocket * ss;
sslSecurityInfo *sec;
SSLChannelInfo inf;
if (!info) { /* He doesn't want it? OK. */
return SECSuccess;
}
ss = ssl_FindSocket(fd);
if (!ss) {
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo",
SSL_GETPID(), fd));
return SECFailure;
}
memset(&inf, 0, sizeof inf);
inf.length = SSL_OFFSETOF(SSLChannelInfo, reserved);
inf.length = PR_MIN(inf.length, len);
sec = ss->sec;
if (ss->useSecurity && ss->firstHsDone && sec) {
if (ss->version < SSL_LIBRARY_VERSION_3_0) {
/* SSL2 */
const BulkCipherInfo * bulk = ssl2CipherInfo + ss->sec->cipherType;
inf.protocolVersion = ss->version;
inf.cipherSuite = ss->sec->cipherType | 0xff00;
/* server auth */
inf.authAlgorithm = ss->sec->authAlgorithm;
inf.authKeyBits = ss->sec->authKeyBits;
/* key exchange */
inf.keaType = ss->sec->keaType;
inf.keaKeyBits = ss->sec->keaKeyBits;
/* symmetric cipher */
inf.symCipher = bulk->symCipher;
inf.symKeyBits = bulk->symKeyBits;
inf.symKeySpace = bulk->symKeySpace;
inf.effectiveKeyBits = bulk->effectiveKeyBits;
/* MAC info */
inf.macAlgorithm = ssl_mac_md5;
inf.macBits = MD5_LENGTH * BPB;
/* misc */
inf.isFIPS = 0;
} else if (ss->ssl3 && ss->ssl3->crSpec &&
ss->ssl3->crSpec->cipher_def) {
/* SSL3 and TLS */
ssl3CipherSpec * crSpec = ss->ssl3->crSpec;
const ssl3BulkCipherDef * cipher_def = crSpec->cipher_def;
/* XXX NBB These should come from crSpec */
inf.protocolVersion = ss->version;
inf.cipherSuite = ss->ssl3->hs.cipher_suite;
/* server auth */
inf.authAlgorithm = ss->sec->authAlgorithm;
inf.authKeyBits = ss->sec->authKeyBits;
/* key exchange */
inf.keaType = ss->sec->keaType;
inf.keaKeyBits = ss->sec->keaKeyBits;
/* symmetric cipher */
inf.symCipher = cipher_def->calg;
switch (inf.symCipher) {
case ssl_calg_des:
inf.symKeyBits = cipher_def->key_size * 8 ;
inf.symKeySpace = \
inf.effectiveKeyBits = cipher_def->secret_key_size * 7 ;
break;
case ssl_calg_3des:
inf.symKeyBits = cipher_def->key_size * 8 ;
inf.symKeySpace = cipher_def->secret_key_size * 7 ;
inf.effectiveKeyBits = (inf.symKeySpace / 3 ) * 2;
break;
default:
inf.symKeyBits = cipher_def->key_size * BPB ;
inf.symKeySpace = \
inf.effectiveKeyBits = cipher_def->secret_key_size * BPB ;
break;
}
/* MAC info */
inf.macAlgorithm = crSpec->mac_def->mac;
inf.macBits = crSpec->mac_def->mac_size * BPB;
/* misc */
inf.isFIPS = (inf.symCipher == ssl_calg_des ||
inf.symCipher == ssl_calg_3des ||
inf.symCipher == ssl_calg_aes)
&& (inf.macAlgorithm == ssl_mac_sha ||
inf.macAlgorithm == ssl_hmac_sha)
&& (inf.protocolVersion > SSL_LIBRARY_VERSION_3_0 ||
inf.cipherSuite >= 0xfef0);
}
}
inf.authAlgorithmName = authName[ inf.authAlgorithm];
inf.keaTypeName = keaName[ inf.keaType ];
inf.symCipherName = cipherName[inf.symCipher ];
inf.macAlgorithmName = macName[ inf.macAlgorithm ];
memcpy(info, &inf, inf.length);
return SECSuccess;
}

4
security/nss/lib/ssl/sslproto.h
Просмотреть файл

@ -34,14 +34,14 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslproto.h,v 1.1 2000/03/31 19:35:27 relyea%netscape.com Exp $
* $Id: sslproto.h,v 1.2 2001/09/18 01:59:20 nelsonb%netscape.com Exp $
*/
#ifndef __sslproto_h_
#define __sslproto_h_
/* All versions less than 3_0 are treated as SSL version 2 */
#define SSL_LIBRARY_VERSION_2 0x0002
#define SSL_LIBRARY_VERSION_2_1 0x0201
#define SSL_LIBRARY_VERSION_3_0 0x0300
#define SSL_LIBRARY_VERSION_3_1_TLS 0x0301

77
security/nss/lib/ssl/sslsecur.c
Просмотреть файл

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslsecur.c,v 1.12 2001/06/09 03:18:08 nelsonb%netscape.com Exp $
* $Id: sslsecur.c,v 1.13 2001/09/18 01:59:20 nelsonb%netscape.com Exp $
*/
#include "cert.h"
#include "secitem.h"
@ -619,6 +619,7 @@ SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert,
SECStatus rv;
sslSocket *ss;
sslSecurityInfo *sec;
sslServerCerts *sc;
ss = ssl_FindSocket(fd);
if (!ss) {
@ -654,39 +655,49 @@ SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert,
return SECFailure;
}
sc = ss->serverCerts + kea;
/* load the server certificate */
if (ss->serverCert[kea] != NULL)
CERT_DestroyCertificate(ss->serverCert[kea]);
if (sc->serverCert != NULL) {
CERT_DestroyCertificate(sc->serverCert);
sc->serverCert = NULL;
}
if (cert) {
ss->serverCert[kea] = CERT_DupCertificate(cert);
if (ss->serverCert[kea] == NULL)
SECKEYPublicKey * pubKey;
sc->serverCert = CERT_DupCertificate(cert);
if (!sc->serverCert)
goto loser;
} else ss->serverCert[kea] = NULL;
/* get the size of the cert's public key, and remember it */
pubKey = CERT_ExtractPublicKey(cert);
if (!pubKey)
goto loser;
sc->serverKeyBits = SECKEY_PublicKeyStrength(pubKey) * BPB;
SECKEY_DestroyPublicKey(pubKey);
pubKey = NULL;
}
/* load the server cert chain */
if (ss->serverCertChain[kea] != NULL)
CERT_DestroyCertificateList(ss->serverCertChain[kea]);
if (sc->serverCertChain != NULL) {
CERT_DestroyCertificateList(sc->serverCertChain);
sc->serverCertChain = NULL;
}
if (cert) {
ss->serverCertChain[kea] = CERT_CertChainFromCert(
ss->serverCert[kea], certUsageSSLServer, PR_TRUE);
if (ss->serverCertChain[kea] == NULL)
sc->serverCertChain = CERT_CertChainFromCert(
sc->serverCert, certUsageSSLServer, PR_TRUE);
if (sc->serverCertChain == NULL)
goto loser;
} else ss->serverCertChain[kea] = NULL;
/* Only do this once because it's global. */
if (ssl3_server_ca_list == NULL)
ssl3_server_ca_list = CERT_GetSSLCACerts(ss->dbHandle);
}
/* load the private key */
if (ss->serverKey[kea] != NULL)
SECKEY_DestroyPrivateKey(ss->serverKey[kea]);
if (sc->serverKey != NULL) {
SECKEY_DestroyPrivateKey(sc->serverKey);
sc->serverKey = NULL;
}
if (key) {
ss->serverKey[kea] = SECKEY_CopyPrivateKey(key);
if (ss->serverKey[kea] == NULL)
sc->serverKey = SECKEY_CopyPrivateKey(key);
if (sc->serverKey == NULL)
goto loser;
} else ss->serverKey[kea] = NULL;
}
if (kea == kt_rsa) {
rv = ssl3_CreateRSAStepDownKeys(ss);
@ -695,20 +706,24 @@ SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert,
}
}
/* Only do this once because it's global. */
if (ssl3_server_ca_list == NULL)
ssl3_server_ca_list = CERT_GetSSLCACerts(ss->dbHandle);
return SECSuccess;
loser:
if (ss->serverCert[kea] != NULL) {
CERT_DestroyCertificate(ss->serverCert[kea]);
ss->serverCert[kea] = NULL;
if (sc->serverCert != NULL) {
CERT_DestroyCertificate(sc->serverCert);
sc->serverCert = NULL;
}
if (ss->serverCertChain != NULL) {
CERT_DestroyCertificateList(ss->serverCertChain[kea]);
ss->serverCertChain[kea] = NULL;
if (sc->serverCertChain != NULL) {
CERT_DestroyCertificateList(sc->serverCertChain);
sc->serverCertChain = NULL;
}
if (ss->serverKey[kea] != NULL) {
SECKEY_DestroyPrivateKey(ss->serverKey[kea]);
ss->serverKey[kea] = NULL;
if (sc->serverKey != NULL) {
SECKEY_DestroyPrivateKey(sc->serverKey);
sc->serverKey = NULL;
}
return SECFailure;
}

16
security/nss/lib/ssl/sslsnce.c
Просмотреть файл

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslsnce.c,v 1.13 2001/06/22 03:38:05 nelsonb%netscape.com Exp $
* $Id: sslsnce.c,v 1.14 2001/09/18 01:59:20 nelsonb%netscape.com Exp $
*/
/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server
@ -111,7 +111,11 @@ struct sidCacheEntryStr {
/* 1 */ PRUint8 valid;
/* 1 */ PRUint8 sessionIDLength;
/* 32 */ PRUint8 sessionID[SSL3_SESSIONID_BYTES];
/* 56 - common header total */
/* 2 */ PRUint16 authAlgorithm;
/* 2 */ PRUint16 authKeyBits;
/* 2 */ PRUint16 keaType;
/* 2 */ PRUint16 keaKeyBits;
/* 64 - common header total */
union {
struct {
@ -390,6 +394,10 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
to->version = from->version;
to->addr = from->addr;
to->time = from->time;
to->authAlgorithm = from->authAlgorithm;
to->authKeyBits = from->authKeyBits;
to->keaType = from->keaType;
to->keaKeyBits = from->keaKeyBits;
if (from->version < SSL_LIBRARY_VERSION_3_0) {
if ((from->u.ssl2.masterKey.len > SSL_MAX_MASTER_KEY_BYTES) ||
@ -552,6 +560,10 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
to->cached = in_server_cache;
to->addr = from->addr;
to->references = 1;
to->authAlgorithm = from->authAlgorithm;
to->authKeyBits = from->authKeyBits;
to->keaType = from->keaType;
to->keaKeyBits = from->keaKeyBits;
return to;

52
security/nss/lib/ssl/sslsock.c
Просмотреть файл

@ -35,7 +35,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslsock.c,v 1.19 2001/06/23 00:01:17 nelsonb%netscape.com Exp $
* $Id: sslsock.c,v 1.20 2001/09/18 01:59:20 nelsonb%netscape.com Exp $
*/
#include "seccomon.h"
#include "cert.h"
@ -246,18 +246,24 @@ ssl_DupSocket(sslSocket *os)
* during the for loop.
*/
int i;
sslServerCerts * oc = os->serverCerts;
sslServerCerts * sc = ss->serverCerts;
for (i=kt_null; i < kt_kea_size; i++) {
if (os->serverCert[i] && os->serverCertChain[i]) {
ss->serverCert[i] = CERT_DupCertificate(os->serverCert[i]);
ss->serverCertChain[i] = CERT_DupCertList(
os->serverCertChain[i]);
for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
if (oc->serverCert && oc->serverCertChain) {
sc->serverCert = CERT_DupCertificate(oc->serverCert);
sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
if (!sc->serverCertChain)
goto loser;
} else {
ss->serverCert[i] = NULL;
ss->serverCertChain[i] = NULL;
sc->serverCert = NULL;
sc->serverCertChain = NULL;
}
ss->serverKey[i] = os->serverKey[i] ?
SECKEY_CopyPrivateKey(os->serverKey[i]) : NULL;
sc->serverKey = oc->serverKey ?
SECKEY_CopyPrivateKey(oc->serverKey) : NULL;
if (oc->serverKey && !sc->serverKey)
goto loser;
sc->serverKeyBits = oc->serverKeyBits;
}
ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
ssl3_GetKeyPairRef(os->stepDownKeyPair);
@ -278,13 +284,14 @@ ssl_DupSocket(sslSocket *os)
/* Create security data */
rv = ssl_CopySecurityInfo(ss, os);
if (rv != SECSuccess) {
goto losage;
goto loser;
}
}
}
return ss;
losage:
loser:
ssl_FreeSocket(ss);
return NULL;
}
@ -336,12 +343,13 @@ ssl_FreeSocket(sslSocket *ss)
/* Clean up server configuration */
for (i=kt_null; i < kt_kea_size; i++) {
if (fs->serverCert[i] != NULL)
CERT_DestroyCertificate(fs->serverCert[i]);
if (fs->serverCertChain[i] != NULL)
CERT_DestroyCertificateList(fs->serverCertChain[i]);
if (fs->serverKey[i] != NULL)
SECKEY_DestroyPrivateKey(fs->serverKey[i]);
sslServerCerts * sc = fs->serverCerts + i;
if (sc->serverCert != NULL)
CERT_DestroyCertificate(sc->serverCert);
if (sc->serverCertChain != NULL)
CERT_DestroyCertificateList(sc->serverCertChain);
if (sc->serverKey != NULL)
SECKEY_DestroyPrivateKey(sc->serverKey);
}
if (fs->stepDownKeyPair) {
ssl3_FreeKeyPair(fs->stepDownKeyPair);
@ -1835,9 +1843,11 @@ ssl_NewSocket(void)
ss->url = NULL;
for (i=kt_null; i < kt_kea_size; i++) {
ss->serverCert[i] = NULL;
ss->serverCertChain[i] = NULL;
ss->serverKey[i] = NULL;
sslServerCerts * sc = ss->serverCerts + i;
sc->serverCert = NULL;
sc->serverCertChain = NULL;
sc->serverKey = NULL;
sc->serverKeyBits = 0;
}
ss->stepDownKeyPair = NULL;
ss->dbHandle = CERT_GetDefaultCertDB();

139
security/nss/lib/ssl/sslt.h Normal file
Просмотреть файл

@ -0,0 +1,139 @@
/*
* This file contains prototypes for the public SSL functions.
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslt.h,v 1.1 2001/09/18 01:59:21 nelsonb%netscape.com Exp $
*/
#ifndef __sslt_h_
#define __sslt_h_
#include "prtypes.h"
typedef struct SSL3StatisticsStr {
/* statistics from ssl3_SendClientHello (sch) */
long sch_sid_cache_hits;
long sch_sid_cache_misses;
long sch_sid_cache_not_ok;
/* statistics from ssl3_HandleServerHello (hsh) */
long hsh_sid_cache_hits;
long hsh_sid_cache_misses;
long hsh_sid_cache_not_ok;
/* statistics from ssl3_HandleClientHello (hch) */
long hch_sid_cache_hits;
long hch_sid_cache_misses;
long hch_sid_cache_not_ok;
} SSL3Statistics;
/* Key Exchange algorithm values */
typedef enum {
ssl_kea_null = 0,
ssl_kea_rsa = 1,
ssl_kea_dh = 2,
ssl_kea_fortezza = 3,
ssl_kea_size /* number of ssl_kea_ algorithms */
} SSLKEAType;
/* The following defines are for backwards compatibility.
** They will be removed in a forthcoming release to reduce namespace pollution.
** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
** soon.
*/
#define kt_null ssl_kea_null
#define kt_rsa ssl_kea_rsa
#define kt_dh ssl_kea_dh
#define kt_fortezza ssl_kea_fortezza
#define kt_kea_size ssl_kea_size
typedef enum {
ssl_sign_null = 0,
ssl_sign_rsa = 1,
ssl_sign_dsa = 2
} SSLSignType;
typedef enum {
ssl_calg_null = 0,
ssl_calg_rc4 = 1,
ssl_calg_rc2 = 2,
ssl_calg_des = 3,
ssl_calg_3des = 4,
ssl_calg_idea = 5,
ssl_calg_fortezza = 6, /* skipjack */
ssl_calg_aes = 7 /* coming soon */
} SSLCipherAlgorithm;
typedef enum {
ssl_mac_null = 0,
ssl_mac_md5 = 1,
ssl_mac_sha = 2,
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
ssl_hmac_sha = 4 /* TLS HMAC version of mac_sha */
} SSLMACAlgorithm;
typedef struct SSLChannelInfoStr {
PRUint32 length;
PRUint16 protocolVersion;
PRUint16 cipherSuite;
/* server authentication info */
const char * authAlgorithmName;
SSLSignType authAlgorithm;
PRUint32 authKeyBits;
/* key exchange algorithm info */
const char * keaTypeName;
SSLKEAType keaType;
PRUint32 keaKeyBits;
/* symmetric encryption info */
const char * symCipherName;
SSLCipherAlgorithm symCipher;
PRUint16 symKeyBits;
PRUint16 symKeySpace;
PRUint16 effectiveKeyBits;
/* MAC info */
const char * macAlgorithmName;
SSLMACAlgorithm macAlgorithm;
PRUint16 macBits;
PRUintn isFIPS : 1;
PRUintn reservedBits :31;
PRUint8 reserved [64];
} SSLChannelInfo;
#endif /* __sslt_h_ */