| OLD | NEW |
| 1 /* | 1 /* |
| 2 * SSL3 Protocol | 2 * SSL3 Protocol |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 * under the terms of either the GPL or the LGPL, and not to allow others to | 34 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 35 * use your version of this file under the terms of the MPL, indicate your | 35 * use your version of this file under the terms of the MPL, indicate your |
| 36 * decision by deleting the provisions above and replace them with the notice | 36 * decision by deleting the provisions above and replace them with the notice |
| 37 * and other provisions required by the GPL or the LGPL. If you do not delete | 37 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 38 * the provisions above, a recipient may use your version of this file under | 38 * the provisions above, a recipient may use your version of this file under |
| 39 * the terms of any one of the MPL, the GPL or the LGPL. | 39 * the terms of any one of the MPL, the GPL or the LGPL. |
| 40 * | 40 * |
| 41 * ***** END LICENSE BLOCK ***** */ | 41 * ***** END LICENSE BLOCK ***** */ |
| 42 | 42 |
| 43 /* TLS extension code moved here from ssl3ecc.c */ | 43 /* TLS extension code moved here from ssl3ecc.c */ |
| 44 /* $Id: ssl3ext.c,v 1.11 2010/02/03 02:38:20 wtc%google.com Exp $ */ | 44 /* $Id: ssl3ext.c,v 1.14 2010/04/03 19:19:07 nelson%bolyard.com Exp $ */ |
| 45 | 45 |
| 46 #include "nssrenam.h" | 46 #include "nssrenam.h" |
| 47 #include "nss.h" | 47 #include "nss.h" |
| 48 #include "ssl.h" | 48 #include "ssl.h" |
| 49 #include "sslproto.h" | 49 #include "sslproto.h" |
| 50 #include "sslimpl.h" | 50 #include "sslimpl.h" |
| 51 #include "pk11pub.h" | 51 #include "pk11pub.h" |
| 52 #include "blapi.h" | 52 #include "blapi.h" |
| 53 #include "prinit.h" | 53 #include "prinit.h" |
| 54 | 54 |
| (...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 307 | 307 |
| 308 /* Format an SNI extension, using the name from the socket's URL, | 308 /* Format an SNI extension, using the name from the socket's URL, |
| 309 * unless that name is a dotted decimal string. | 309 * unless that name is a dotted decimal string. |
| 310 * Used by client and server. | 310 * Used by client and server. |
| 311 */ | 311 */ |
| 312 PRInt32 | 312 PRInt32 |
| 313 ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, | 313 ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, |
| 314 PRUint32 maxBytes) | 314 PRUint32 maxBytes) |
| 315 { | 315 { |
| 316 SECStatus rv; | 316 SECStatus rv; |
| 317 if (!ss) |
| 318 return 0; |
| 317 if (!ss->sec.isServer) { | 319 if (!ss->sec.isServer) { |
| 318 PRUint32 len; | 320 PRUint32 len; |
| 319 PRNetAddr netAddr; | 321 PRNetAddr netAddr; |
| 320 | 322 |
| 321 /* must have a hostname */ | 323 /* must have a hostname */ |
| 322 if (!ss || !ss->url || !ss->url[0]) | 324 if (!ss->url || !ss->url[0]) |
| 323 return 0; | 325 return 0; |
| 324 /* must not be an IPv4 or IPv6 address */ | 326 /* must not be an IPv4 or IPv6 address */ |
| 325 if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) { | 327 if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) { |
| 326 /* is an IP address (v4 or v6) */ | 328 /* is an IP address (v4 or v6) */ |
| 327 return 0; | 329 return 0; |
| 328 } | 330 } |
| 329 len = PORT_Strlen(ss->url); | 331 len = PORT_Strlen(ss->url); |
| 330 if (append && maxBytes >= len + 9) { | 332 if (append && maxBytes >= len + 9) { |
| 331 /* extension_type */ | 333 /* extension_type */ |
| 332 rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); | 334 rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); |
| (...skipping 1283 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1616 PRUint32 len = 0; | 1618 PRUint32 len = 0; |
| 1617 | 1619 |
| 1618 if (ss->firstHsDone) { | 1620 if (ss->firstHsDone) { |
| 1619 len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes | 1621 len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes |
| 1620 : ss->ssl3.hs.finishedBytes * 2; | 1622 : ss->ssl3.hs.finishedBytes * 2; |
| 1621 } | 1623 } |
| 1622 if (data->len != 1 + len || | 1624 if (data->len != 1 + len || |
| 1623 data->data[0] != len || (len && | 1625 data->data[0] != len || (len && |
| 1624 NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, | 1626 NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, |
| 1625 data->data + 1, len))) { | 1627 data->data + 1, len))) { |
| 1626 » /* Can we do this here? Or, must we arrange for the caller to do it? */ | 1628 » /* Can we do this here? Or, must we arrange for the caller to do it? */
|
| 1627 » (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); | 1629 » (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
|
| 1628 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); | 1630 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); |
| 1629 return SECFailure; | 1631 return SECFailure; |
| 1630 } | 1632 } |
| 1631 /* remember that we got this extension and it was correct. */ | 1633 /* remember that we got this extension and it was correct. */ |
| 1632 ss->peerRequestedProtection = 1; | 1634 ss->peerRequestedProtection = 1; |
| 1633 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 1635 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
| 1634 if (ss->sec.isServer) { | 1636 if (ss->sec.isServer) { |
| 1635 /* prepare to send back the appropriate response */ | 1637 /* prepare to send back the appropriate response */ |
| 1636 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, | 1638 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, |
| 1637 ssl3_SendRenegotiationInfoXtn); | 1639 ssl3_SendRenegotiationInfoXtn); |
| 1638 } | 1640 } |
| 1639 return rv; | 1641 return rv; |
| 1640 } | 1642 } |
| 1641 | 1643 |
| OLD | NEW |