Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(645)

Side by Side Diff: net/third_party/nss/ssl/ssl3ext.c

Issue 3177012: Update to NSS 3.12.7. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/ssl3ecc.c ('k') | net/third_party/nss/ssl/ssl3prot.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 23 matching lines...) Expand all
34 * under the terms of either the GPL or the LGPL, and not to allow others to 34 * under the terms of either the GPL or the LGPL, and not to allow others to
35 * use your version of this file under the terms of the MPL, indicate your 35 * use your version of this file under the terms of the MPL, indicate your
36 * decision by deleting the provisions above and replace them with the notice 36 * decision by deleting the provisions above and replace them with the notice
37 * and other provisions required by the GPL or the LGPL. If you do not delete 37 * and other provisions required by the GPL or the LGPL. If you do not delete
38 * the provisions above, a recipient may use your version of this file under 38 * the provisions above, a recipient may use your version of this file under
39 * the terms of any one of the MPL, the GPL or the LGPL. 39 * the terms of any one of the MPL, the GPL or the LGPL.
40 * 40 *
41 * ***** END LICENSE BLOCK ***** */ 41 * ***** END LICENSE BLOCK ***** */
42 42
43 /* TLS extension code moved here from ssl3ecc.c */ 43 /* TLS extension code moved here from ssl3ecc.c */
44 /* $Id: ssl3ext.c,v 1.11 2010/02/03 02:38:20 wtc%google.com Exp $ */ 44 /* $Id: ssl3ext.c,v 1.14 2010/04/03 19:19:07 nelson%bolyard.com Exp $ */
45 45
46 #include "nssrenam.h" 46 #include "nssrenam.h"
47 #include "nss.h" 47 #include "nss.h"
48 #include "ssl.h" 48 #include "ssl.h"
49 #include "sslproto.h" 49 #include "sslproto.h"
50 #include "sslimpl.h" 50 #include "sslimpl.h"
51 #include "pk11pub.h" 51 #include "pk11pub.h"
52 #include "blapi.h" 52 #include "blapi.h"
53 #include "prinit.h" 53 #include "prinit.h"
54 54
(...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after
307 307
308 /* Format an SNI extension, using the name from the socket's URL, 308 /* Format an SNI extension, using the name from the socket's URL,
309 * unless that name is a dotted decimal string. 309 * unless that name is a dotted decimal string.
310 * Used by client and server. 310 * Used by client and server.
311 */ 311 */
312 PRInt32 312 PRInt32
313 ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, 313 ssl3_SendServerNameXtn(sslSocket * ss, PRBool append,
314 PRUint32 maxBytes) 314 PRUint32 maxBytes)
315 { 315 {
316 SECStatus rv; 316 SECStatus rv;
317 if (!ss)
318 return 0;
317 if (!ss->sec.isServer) { 319 if (!ss->sec.isServer) {
318 PRUint32 len; 320 PRUint32 len;
319 PRNetAddr netAddr; 321 PRNetAddr netAddr;
320 322
321 /* must have a hostname */ 323 /* must have a hostname */
322 if (!ss || !ss->url || !ss->url[0]) 324 if (!ss->url || !ss->url[0])
323 return 0; 325 return 0;
324 /* must not be an IPv4 or IPv6 address */ 326 /* must not be an IPv4 or IPv6 address */
325 if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) { 327 if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) {
326 /* is an IP address (v4 or v6) */ 328 /* is an IP address (v4 or v6) */
327 return 0; 329 return 0;
328 } 330 }
329 len = PORT_Strlen(ss->url); 331 len = PORT_Strlen(ss->url);
330 if (append && maxBytes >= len + 9) { 332 if (append && maxBytes >= len + 9) {
331 /* extension_type */ 333 /* extension_type */
332 rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); 334 rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
(...skipping 1283 matching lines...) Expand 10 before | Expand all | Expand 10 after
1616 PRUint32 len = 0; 1618 PRUint32 len = 0;
1617 1619
1618 if (ss->firstHsDone) { 1620 if (ss->firstHsDone) {
1619 len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes 1621 len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
1620 : ss->ssl3.hs.finishedBytes * 2; 1622 : ss->ssl3.hs.finishedBytes * 2;
1621 } 1623 }
1622 if (data->len != 1 + len || 1624 if (data->len != 1 + len ||
1623 data->data[0] != len || (len && 1625 data->data[0] != len || (len &&
1624 NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, 1626 NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
1625 data->data + 1, len))) { 1627 data->data + 1, len))) {
1626 » /* Can we do this here? Or, must we arrange for the caller to do it? */ 1628 » /* Can we do this here? Or, must we arrange for the caller to do it? */
1627 » (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); 1629 » (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
1628 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); 1630 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
1629 return SECFailure; 1631 return SECFailure;
1630 } 1632 }
1631 /* remember that we got this extension and it was correct. */ 1633 /* remember that we got this extension and it was correct. */
1632 ss->peerRequestedProtection = 1; 1634 ss->peerRequestedProtection = 1;
1633 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; 1635 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
1634 if (ss->sec.isServer) { 1636 if (ss->sec.isServer) {
1635 /* prepare to send back the appropriate response */ 1637 /* prepare to send back the appropriate response */
1636 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, 1638 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
1637 ssl3_SendRenegotiationInfoXtn); 1639 ssl3_SendRenegotiationInfoXtn);
1638 } 1640 }
1639 return rv; 1641 return rv;
1640 } 1642 }
1641 1643
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/ssl3ecc.c ('k') | net/third_party/nss/ssl/ssl3prot.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698