222
226
* In the second generation, this table will be dynamic, and functions
223
227
* will be registered here.
229
/* This table is used by the server, to handle client hello extensions. */
225
230
static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
226
{ server_name_xtn, &ssl3_HandleServerNameXtn },
231
{ ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
227
232
#ifdef NSS_ENABLE_ECC
228
{ elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn },
229
{ ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn },
233
{ ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn },
234
{ ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn },
231
{ session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
235
static const ssl3HelloExtensionHandler serverHelloHandlers[] = {
236
{ server_name_xtn, &ssl3_HandleServerNameXtn },
237
/* TODO: add a handler for ec_point_formats_xtn */
238
{ session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
242
/* Table of functions to format TLS hello extensions, one per extension.
243
* This static table is for the formatting of client hello extensions.
236
{ ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
237
{ ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
241
/* These two tables are used by the client, to handle server hello
243
static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
244
{ ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
245
/* TODO: add a handler for ssl_ec_point_formats_xtn */
246
{ ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
247
{ ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
251
static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
252
{ ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
256
/* Tables of functions to format TLS hello extensions, one function per
258
* These static tables are for the formatting of client hello extensions.
244
259
* The server's table of hello senders is dynamic, in the socket struct,
245
260
* and sender functions are registered there.
248
ssl3HelloExtensionSender clientHelloSenders[MAX_EXTENSIONS] = {
249
{ server_name_xtn, &ssl3_SendServerNameXtn },
263
ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
264
{ ssl_server_name_xtn, &ssl3_SendServerNameXtn },
265
{ ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
250
266
#ifdef NSS_ENABLE_ECC
251
{ elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
252
{ ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
267
{ ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
268
{ ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
257
{ session_ticket_xtn, ssl3_SendSessionTicketXtn }
270
{ ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }
271
/* any extra entries will appear as { 0, NULL } */
275
ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
276
{ ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
277
/* any extra entries will appear as { 0, NULL } */
285
305
/* Format an SNI extension, using the name from the socket's URL,
286
306
* unless that name is a dotted decimal string.
307
* Used by client and server.
289
ssl3_SendServerNameXtn(
310
ssl3_SendServerNameXtn(sslSocket * ss, PRBool append,
297
/* must have a hostname */
298
if (!ss || !ss->url || !ss->url[0])
300
/* must not be an IPv4 or IPv6 address */
301
if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) {
302
/* is an IP address (v4 or v6) */
305
len = PORT_Strlen(ss->url);
306
if (append && maxBytes >= len + 9) {
309
rv = ssl3_AppendHandshakeNumber(ss, server_name_xtn, 2);
310
if (rv != SECSuccess) return -1;
311
/* length of extension_data */
312
rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2);
313
if (rv != SECSuccess) return -1;
314
/* length of server_name_list */
315
rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2);
316
if (rv != SECSuccess) return -1;
317
/* Name Type (host_name) */
318
rv = ssl3_AppendHandshake(ss, "\0", 1);
319
if (rv != SECSuccess) return -1;
320
/* HostName (length and value) */
321
rv = ssl3_AppendHandshakeVariable(ss, (unsigned char *)ss->url, len, 2);
322
if (rv != SECSuccess) return -1;
323
if (!ss->sec.isServer) {
324
TLSExtensionData *xtnData = &ss->xtnData;
325
xtnData->advertised[xtnData->numAdvertised++] = server_name_xtn;
314
if (!ss->sec.isServer) {
318
/* must have a hostname */
319
if (!ss || !ss->url || !ss->url[0])
321
/* must not be an IPv4 or IPv6 address */
322
if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) {
323
/* is an IP address (v4 or v6) */
326
len = PORT_Strlen(ss->url);
327
if (append && maxBytes >= len + 9) {
329
rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
330
if (rv != SECSuccess) return -1;
331
/* length of extension_data */
332
rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2);
333
if (rv != SECSuccess) return -1;
334
/* length of server_name_list */
335
rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2);
336
if (rv != SECSuccess) return -1;
337
/* Name Type (sni_host_name) */
338
rv = ssl3_AppendHandshake(ss, "\0", 1);
339
if (rv != SECSuccess) return -1;
340
/* HostName (length and value) */
341
rv = ssl3_AppendHandshakeVariable(ss, (PRUint8 *)ss->url, len, 2);
342
if (rv != SECSuccess) return -1;
343
if (!ss->sec.isServer) {
344
TLSExtensionData *xtnData = &ss->xtnData;
345
xtnData->advertised[xtnData->numAdvertised++] =
352
if (append && maxBytes >= 4) {
353
rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
354
if (rv != SECSuccess) return -1;
355
/* length of extension_data */
356
rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
357
if (rv != SECSuccess) return -1;
331
362
/* handle an incoming SNI extension, by ignoring it. */
333
364
ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
335
/* TODO: if client, should verify extension_data is empty. */
336
/* TODO: if server, should send empty extension_data. */
337
/* For now, we ignore this, as if we didn't understand it. :-) */
366
SECItem *names = NULL;
367
PRUint32 listCount = 0, namesPos = 0, i;
368
TLSExtensionData *xtnData = &ss->xtnData;
370
PRInt32 listLenBytes = 0;
372
if (!ss->sec.isServer) {
373
/* Verify extension_data is empty. */
374
if (data->data || data->len ||
375
!ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) {
376
/* malformed or was not initiated by the client.*/
382
/* Server side - consume client data and register server sender. */
383
/* do not parse the data if don't have user extension handling function. */
384
if (!ss->sniSocketConfig) {
387
/* length of server_name_list */
388
listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
389
if (listLenBytes == 0 || listLenBytes != data->len) {
393
/* Calculate the size of the array.*/
394
while (listLenBytes > 0) {
398
/* Name Type (sni_host_name) */
399
type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len);
403
rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 2, &ldata.data, &ldata.len);
404
if (rv != SECSuccess) {
407
/* Adjust total length for cunsumed item, item len and type.*/
408
listLenBytes -= litem.len + 3;
409
if (listLenBytes > 0 && !ldata.len) {
417
names = PORT_ZNewArray(SECItem, listCount);
421
for (i = 0;i < listCount;i++) {
425
PRBool nametypePresent = PR_FALSE;
426
/* Name Type (sni_host_name) */
427
type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len);
428
/* Check if we have such type in the list */
429
for (j = 0;j < listCount && names[j].data;j++) {
430
if (names[j].type == type) {
431
nametypePresent = PR_TRUE;
435
/* HostName (length and value) */
436
rv = ssl3_ConsumeHandshakeVariable(ss, &names[namesPos], 2,
437
&data->data, &data->len);
438
if (rv != SECSuccess) {
441
if (nametypePresent == PR_FALSE) {
445
/* Free old and set the new data. */
446
if (xtnData->sniNameArr) {
447
PORT_Free(ss->xtnData.sniNameArr);
449
xtnData->sniNameArr = names;
450
xtnData->sniNameArrSize = namesPos;
451
xtnData->negotiated[xtnData->numNegotiated++] = ssl_server_name_xtn;
338
453
return SECSuccess;
341
460
/* Called by both clients and servers.
342
461
* Clients sends a filled in session ticket if one is available, and otherwise
343
462
* sends an empty ticket. Servers always send empty tickets.
1267
1439
return total_exten_len;
1443
/* Extension format:
1444
* Extension number: 2 bytes
1445
* Extension length: 2 bytes
1446
* Verify Data Length: 1 byte
1447
* Verify Data (TLS): 12 bytes (client) or 24 bytes (server)
1448
* Verify Data (SSL): 36 bytes (client) or 72 bytes (server)
1451
ssl3_SendRenegotiationInfoXtn(
1456
PRInt32 len, needed;
1458
/* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send
1459
* both the SCSV and the empty RI, so when we send SCSV in
1460
* the initial handshake, we don't also send RI.
1462
if (!ss || ss->ssl3.hs.sendingSCSV)
1464
len = !ss->firstHsDone ? 0 :
1465
(ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
1466
: ss->ssl3.hs.finishedBytes);
1468
if (append && maxBytes >= needed) {
1470
/* extension_type */
1471
rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
1472
if (rv != SECSuccess) return -1;
1473
/* length of extension_data */
1474
rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2);
1475
if (rv != SECSuccess) return -1;
1476
/* verify_Data from previous Finished message(s) */
1477
rv = ssl3_AppendHandshakeVariable(ss,
1478
ss->ssl3.hs.finishedMsgs.data, len, 1);
1479
if (rv != SECSuccess) return -1;
1480
if (!ss->sec.isServer) {
1481
TLSExtensionData *xtnData = &ss->xtnData;
1482
xtnData->advertised[xtnData->numAdvertised++] =
1483
ssl_renegotiation_info_xtn;
1489
/* This function runs in both the client and server. */
1491
ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
1493
SECStatus rv = SECSuccess;
1496
if (ss->firstHsDone) {
1497
len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
1498
: ss->ssl3.hs.finishedBytes * 2;
1500
if (data->len != 1 + len ||
1501
data->data[0] != len || (len &&
1502
NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
1503
data->data + 1, len))) {
1504
/* Can we do this here? Or, must we arrange for the caller to do it? */
1505
(void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
1506
PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
1509
/* remember that we got this extension and it was correct. */
1510
ss->peerRequestedProtection = 1;
1511
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
1512
if (ss->sec.isServer) {
1513
/* prepare to send back the appropriate response */
1514
rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
1515
ssl3_SendRenegotiationInfoXtn);