net/third_party/nss/ssl/sslsock.c - Issue 415005: Linux: add next-protocol-negotiation to libssl.

Side by Side Diff: net/third_party/nss/ssl/sslsock.c

Issue 415005: Linux: add next-protocol-negotiation to libssl. (Closed)

Patch Set: Addressing wtc's comments. Created 11 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 /*	1 /*

2 * vtables (and methods that call through them) for the 4 types of	2 * vtables (and methods that call through them) for the 4 types of

3 * SSLSockets supported. Only one type is still supported.	3 * SSLSockets supported. Only one type is still supported.

4 * Various other functions.	4 * Various other functions.

5 *	5 *

6 * *** BEGIN LICENSE BLOCK ***	6 * *** BEGIN LICENSE BLOCK ***

7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1	7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

8 *	8 *

9 * The contents of this file are subject to the Mozilla Public License Version	9 * The contents of this file are subject to the Mozilla Public License Version

10 * 1.1 (the "License"); you may not use this file except in compliance with	10 * 1.1 (the "License"); you may not use this file except in compliance with

(...skipping 145 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
156 ssl_SecureRead,	156 ssl_SecureRead,

157 ssl_SecureWrite,	157 ssl_SecureWrite,

158 ssl_DefGetpeername,	158 ssl_DefGetpeername,

159 ssl_DefGetsockname	159 ssl_DefGetsockname

160 };	160 };

161	161

162 /*	162 /*

163 ** default settings for socket enables	163 ** default settings for socket enables

164 */	164 */

165 static sslOptions ssl_defaults = {	165 static sslOptions ssl_defaults = {

	166 { siBuffer, NULL, 0 }, /* nextProtoNego */

166 PR_TRUE, /* useSecurity */	167 PR_TRUE, /* useSecurity */

167 PR_FALSE, /* useSocks */	168 PR_FALSE, /* useSocks */

168 PR_FALSE, /* requestCertificate */	169 PR_FALSE, /* requestCertificate */

169 2, /* requireCertificate */	170 2, /* requireCertificate */

170 PR_FALSE, /* handshakeAsClient */	171 PR_FALSE, /* handshakeAsClient */

171 PR_FALSE, /* handshakeAsServer */	172 PR_FALSE, /* handshakeAsServer */

172 PR_TRUE, /* enableSSL2 */	173 PR_TRUE, /* enableSSL2 */

173 PR_TRUE, /* enableSSL3 */	174 PR_TRUE, /* enableSSL3 */

174 PR_TRUE, /* enableTLS / / now defaults to on in NSS 3.0 */	175 PR_TRUE, /* enableTLS / / now defaults to on in NSS 3.0 */

175 PR_FALSE, /* noCache */	176 PR_FALSE, /* noCache */

(...skipping 251 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
427 ssl3_FreeKeyPair(sc->serverKeyPair);	428 ssl3_FreeKeyPair(sc->serverKeyPair);

428 }	429 }

429 if (ss->stepDownKeyPair) {	430 if (ss->stepDownKeyPair) {

430 ssl3_FreeKeyPair(ss->stepDownKeyPair);	431 ssl3_FreeKeyPair(ss->stepDownKeyPair);

431 ss->stepDownKeyPair = NULL;	432 ss->stepDownKeyPair = NULL;

432 }	433 }

433 if (ss->ephemeralECDHKeyPair) {	434 if (ss->ephemeralECDHKeyPair) {

434 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);	435 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);

435 ss->ephemeralECDHKeyPair = NULL;	436 ss->ephemeralECDHKeyPair = NULL;

436 }	437 }

	438 if (ss->opt.nextProtoNego.data) {

	439 PORT_Free(ss->opt.nextProtoNego.data);

	440 ss->opt.nextProtoNego.data = NULL;

	441 }

437 }	442 }

438	443

439 /*	444 /*

440 * free an sslSocket struct, and all the stuff that hangs off of it	445 * free an sslSocket struct, and all the stuff that hangs off of it

441 */	446 */

442 void	447 void

443 ssl_FreeSocket(sslSocket *ss)	448 ssl_FreeSocket(sslSocket *ss)

444 {	449 {

445 #ifdef DEBUG	450 #ifdef DEBUG

446 sslSocket *fs;	451 sslSocket *fs;

(...skipping 793 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1240 #ifdef _WIN32	1245 #ifdef _WIN32

1241 PR_Sleep(PR_INTERVAL_NO_WAIT); /* workaround NT winsock connect bug. */	1246 PR_Sleep(PR_INTERVAL_NO_WAIT); /* workaround NT winsock connect bug. */

1242 #endif	1247 #endif

1243 ns = ssl_FindSocket(fd);	1248 ns = ssl_FindSocket(fd);

1244 PORT_Assert(ns);	1249 PORT_Assert(ns);

1245 if (ns)	1250 if (ns)

1246 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));	1251 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));

1247 return fd;	1252 return fd;

1248 }	1253 }

1249	1254

	1255 /* SSL_SetNextProtoNego sets the list of supported protocols for the given

	1256 * socket. The list is a series of 8-bit, length prefixed strings. */

	1257 SECStatus

	1258 SSL_SetNextProtoNego(PRFileDesc fd, const unsigned char data,

	1259 unsigned short length)

	1260 {

	1261 sslSocket *ss = ssl_FindSocket(fd);

	1262

	1263 if (!ss) {

	1264 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", SSL_GETPID() ,

	1265 fd));

	1266 return SECFailure;

	1267 }

	1268

	1269 if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)

	1270 return SECFailure;

	1271

	1272 ssl_GetSSL3HandshakeLock(ss);

	1273 if (ss->opt.nextProtoNego.data)

	1274 PORT_Free(ss->opt.nextProtoNego.data);

	1275 ss->opt.nextProtoNego.data = PORT_Alloc(length);

	1276 if (!ss->opt.nextProtoNego.data) {

	1277 ssl_ReleaseSSL3HandshakeLock(ss);

	1278 return SECFailure;

	1279 }

	1280 memcpy(ss->opt.nextProtoNego.data, data, length);

	1281 ss->opt.nextProtoNego.len = length;

	1282 ss->opt.nextProtoNego.type = siBuffer;

	1283 ssl_ReleaseSSL3HandshakeLock(ss);

	1284

	1285 return SECSuccess;

	1286 }

	1287

	1288 /* SSL_GetNextProto reads the resulting Next Protocol Negotiation result for

	1289 * the given socket. It's only valid to call this once the handshake has

	1290 * completed.

	1291 *

	1292 * state is set to one of the SSL_NEXT_PROTO_* constants. The negotiated

	1293 * protocol, if any, is written into buf, which must be at least buf_len

	1294 * bytes long. If the negotiated protocol is longer than this, it is truncated.

	1295 * The number of bytes copied is written into length.

	1296 */

	1297 SECStatus

	1298 SSL_GetNextProto(PRFileDesc fd, int state, unsigned char *buf,

	1299 unsigned int *length, unsigned int buf_len)

	1300 {

	1301 sslSocket *ss = ssl_FindSocket(fd);

	1302

	1303 if (!ss) {

	1304 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),

	1305 fd));

	1306 return SECFailure;

	1307 }

	1308

	1309 *state = ss->ssl3.nextProtoState;

	1310

	1311 if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&

	1312 ss->ssl3.nextProto.data) {

	1313 *length = ss->ssl3.nextProto.len;

	1314 if (*length > buf_len)

	1315 *length = buf_len;

	1316 PORT_Memcpy(buf, ss->ssl3.nextProto.data, *length);

	1317 } else {

	1318 *length = 0;

	1319 }

	1320

	1321 return SECSuccess;

	1322 }

	1323

1250 /************************************************************************/	1324 /************************************************************************/

1251 /* The following functions are the TOP LEVEL SSL functions.	1325 /* The following functions are the TOP LEVEL SSL functions.

1252 ** They all get called through the NSPRIOMethods table below.	1326 ** They all get called through the NSPRIOMethods table below.

1253 */	1327 */

1254	1328

1255 static PRFileDesc * PR_CALLBACK	1329 static PRFileDesc * PR_CALLBACK

1256 ssl_Accept(PRFileDesc fd, PRNetAddr sockaddr, PRIntervalTime timeout)	1330 ssl_Accept(PRFileDesc fd, PRNetAddr sockaddr, PRIntervalTime timeout)

1257 {	1331 {

1258 sslSocket *ss;	1332 sslSocket *ss;

1259 sslSocket *ns = NULL;	1333 sslSocket *ns = NULL;

(...skipping 997 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2257 loser:	2331 loser:

2258 ssl_DestroySocketContents(ss);	2332 ssl_DestroySocketContents(ss);

2259 ssl_DestroyLocks(ss);	2333 ssl_DestroyLocks(ss);

2260 PORT_Free(ss);	2334 PORT_Free(ss);

2261 ss = NULL;	2335 ss = NULL;

2262 }	2336 }

2263 }	2337 }

2264 return ss;	2338 return ss;

2265 }	2339 }

2266	2340

OLD	NEW

« net/flip/flip_session.cc ('K') | « net/third_party/nss/ssl/sslimpl.h ('k') | no next file » | no next file with comments »