DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Mercurial (6cbf1430a66e)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
 * This file contains prototypes for the public SSL functions.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nss.h"
#include "pk11func.h"
#include "ssl.h"
#include "sslimpl.h"

struct {
    sslEphemeralKeyPair *keyPair;
    PRCallOnceType once;
} gECDHEKeyPairs[SSL_NAMED_GROUP_COUNT];

typedef struct sslSocketAndGroupArgStr {
    const sslNamedGroupDef *group;
    const sslSocket *ss;
} sslSocketAndGroupArg;

/* Function to clear out the ECDHE keys. */
static SECStatus
ssl_CleanupECDHEKeys(void *appData, void *nssData)
{
    unsigned int i;

    for (i = 0; i < SSL_NAMED_GROUP_COUNT; i++) {
        if (gECDHEKeyPairs[i].keyPair) {
            ssl_FreeEphemeralKeyPair(gECDHEKeyPairs[i].keyPair);
        }
    }
    memset(gECDHEKeyPairs, 0, sizeof(gECDHEKeyPairs));
    return SECSuccess;
}

/* Only run the cleanup once. */
static PRCallOnceType cleanupECDHEKeysOnce;
static PRStatus
ssl_SetupCleanupECDHEKeysOnce(void)
{
    SECStatus rv = NSS_RegisterShutdown(ssl_CleanupECDHEKeys, NULL);
    return (rv != SECSuccess) ? PR_FAILURE : PR_SUCCESS;
}

/* This creates a key pair for each of the supported EC groups.  If that works,
 * we assume that the token supports that group.  Since this is relatively
 * expensive, this is only done for the first socket that is used.  That means
 * that if tokens are added or removed, then this will not pick up any changes.
 */
static PRStatus
ssl_CreateStaticECDHEKeyPair(void *arg)
{
    const sslSocketAndGroupArg *typed_arg = (sslSocketAndGroupArg *)arg;
    const sslNamedGroupDef *group = typed_arg->group;
    const sslSocket *ss = typed_arg->ss;
    unsigned int i = group - ssl_named_groups;
    SECStatus rv;

    PORT_Assert(group->keaType == ssl_kea_ecdh);
    PORT_Assert(i < SSL_NAMED_GROUP_COUNT);
    rv = ssl_CreateECDHEphemeralKeyPair(ss, group,
                                        &gECDHEKeyPairs[i].keyPair);
    if (rv != SECSuccess) {
        gECDHEKeyPairs[i].keyPair = NULL;
        SSL_TRC(5, ("%d: SSL[-]: disabling group %d",
                    SSL_GETPID(), group->name));
    }

    return PR_SUCCESS;
}

void
ssl_FilterSupportedGroups(sslSocket *ss)
{
    unsigned int i;
    PRStatus prv;
    sslSocketAndGroupArg arg = { NULL, ss };

    prv = PR_CallOnce(&cleanupECDHEKeysOnce, ssl_SetupCleanupECDHEKeysOnce);
    PORT_Assert(prv == PR_SUCCESS);
    if (prv != PR_SUCCESS) {
        return;
    }

    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
        PRUint32 policy;
        SECStatus srv;
        unsigned int index;
        const sslNamedGroupDef *group = ss->namedGroupPreferences[i];
        if (!group) {
            continue;
        }

        srv = NSS_GetAlgorithmPolicy(group->oidTag, &policy);
        if (srv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL_KX)) {
            ss->namedGroupPreferences[i] = NULL;
            continue;
        }

        if (group->assumeSupported) {
            continue;
        }

        /* For EC groups, we have to test that a key pair can be created. This
         * is gross, and expensive, so only do it once. */
        index = group - ssl_named_groups;
        PORT_Assert(index < SSL_NAMED_GROUP_COUNT);

        arg.group = group;
        prv = PR_CallOnceWithArg(&gECDHEKeyPairs[index].once,
                                 ssl_CreateStaticECDHEKeyPair,
                                 (void *)&arg);
        PORT_Assert(prv == PR_SUCCESS);
        if (prv != PR_SUCCESS) {
            continue;
        }

        if (!gECDHEKeyPairs[index].keyPair) {
            ss->namedGroupPreferences[i] = NULL;
        }
    }
}

/*
 * Creates the static "ephemeral" public and private ECDH keys used by server in
 * ECDHE_RSA and ECDHE_ECDSA handshakes when we reuse the same key.
 */
SECStatus
ssl_CreateStaticECDHEKey(sslSocket *ss, const sslNamedGroupDef *ecGroup)
{
    sslEphemeralKeyPair *keyPair;
    /* We index gECDHEKeyPairs by the named group.  Pointer arithmetic! */
    unsigned int index = ecGroup - ssl_named_groups;
    PRStatus prv;
    sslSocketAndGroupArg arg = { ecGroup, ss };

    prv = PR_CallOnceWithArg(&gECDHEKeyPairs[index].once,
                             ssl_CreateStaticECDHEKeyPair,
                             (void *)&arg);
    PORT_Assert(prv == PR_SUCCESS);
    if (prv != PR_SUCCESS) {
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
        return SECFailure;
    }

    keyPair = gECDHEKeyPairs[index].keyPair;
    if (!keyPair) {
        /* Attempting to use a key pair for an unsupported group. */
        PORT_Assert(keyPair);
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
        return SECFailure;
    }

    keyPair = ssl_CopyEphemeralKeyPair(keyPair);
    if (!keyPair)
        return SECFailure;

    PORT_Assert(PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs));
    PR_APPEND_LINK(&keyPair->link, &ss->ephemeralKeyPairs);
    return SECSuccess;
}