diff options
| author | wtc%google.com <devnull@localhost> | 2011-01-25 01:49:22 +0000 |
|---|---|---|
| committer | wtc%google.com <devnull@localhost> | 2011-01-25 01:49:22 +0000 |
| commit | b14f62e030139e033fa48515a804e4b6376bf573 (patch) | |
| tree | 3aa428197d70043dd14395a96d07be53bec15ea7 /security/nss | |
| parent | f8ceb5a686843dc0177abca0c88ad19ebc7d06af (diff) | |
| download | nss-hg-b14f62e030139e033fa48515a804e4b6376bf573.tar.gz | |
Bug 616757: in ssl3_SendCertificateVerify, we must destroy
ss->ssl3.clientPrivateKey for all key exchange algorithms, otherwise we
will send a Certificate message in renegotiation even if the renegotiation
doesn't request client auth. Move the cleanup of clientCertChain and
clientPrivateKey from ssl3_HandleCertificateRequest to
ssl3_HandleServerHello as a second defense. The patch is contributed by
Ryan Sleevi <ryan.sleevi@gmail.com>. r=wtc.
Tag: NSS_3_12_BRANCH
Diffstat (limited to 'security/nss')
| -rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 40 |
1 files changed, 19 insertions, 21 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index fcefccc79..8008d682c 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -4837,14 +4837,8 @@ ssl3_SendCertificateVerify(sslSocket *ss) sid->u.ssl3.clAuthValid = PR_TRUE; PK11_FreeSlot(slot); } - /* If we're doing RSA key exchange, we're all done with the private key - * here. Diffie-Hellman key exchanges need the client's - * private key for the key exchange. - */ - if (ss->ssl3.hs.kea_def->exchKeyType == kt_rsa) { - SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); - ss->ssl3.clientPrivateKey = NULL; - } + SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); + ss->ssl3.clientPrivateKey = NULL; if (rv != SECSuccess) { goto done; /* err code was set by ssl3_SignHashes */ } @@ -4899,6 +4893,20 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto alert_loser; } + /* clean up anything left from previous handshake. */ + if (ss->ssl3.clientCertChain != NULL) { + CERT_DestroyCertificateList(ss->ssl3.clientCertChain); + ss->ssl3.clientCertChain = NULL; + } + if (ss->ssl3.clientCertificate != NULL) { + CERT_DestroyCertificate(ss->ssl3.clientCertificate); + ss->ssl3.clientCertificate = NULL; + } + if (ss->ssl3.clientPrivateKey != NULL) { + SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); + ss->ssl3.clientPrivateKey = NULL; + } + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); if (temp < 0) { goto loser; /* alert has been sent */ @@ -5454,19 +5462,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto alert_loser; } - /* clean up anything left from previous handshake. */ - if (ss->ssl3.clientCertChain != NULL) { - CERT_DestroyCertificateList(ss->ssl3.clientCertChain); - ss->ssl3.clientCertChain = NULL; - } - if (ss->ssl3.clientCertificate != NULL) { - CERT_DestroyCertificate(ss->ssl3.clientCertificate); - ss->ssl3.clientCertificate = NULL; - } - if (ss->ssl3.clientPrivateKey != NULL) { - SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); - ss->ssl3.clientPrivateKey = NULL; - } + PORT_Assert(ss->ssl3.clientCertChain == NULL); + PORT_Assert(ss->ssl3.clientCertificate == NULL); + PORT_Assert(ss->ssl3.clientPrivateKey == NULL); isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length); |