Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(84)

Side by Side Diff: net/third_party/nss/ssl/ssl3ext.c

Issue 7003069: Remove the TLS Snap Start code from NSS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after
241 241
242 /* These two tables are used by the client, to handle server hello 242 /* These two tables are used by the client, to handle server hello
243 * extensions. */ 243 * extensions. */
244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { 244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, 245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
246 /* TODO: add a handler for ssl_ec_point_formats_xtn */ 246 /* TODO: add a handler for ssl_ec_point_formats_xtn */
247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, 247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, 248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
249 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, 249 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
250 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, 250 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
251 { ssl_snap_start_xtn, &ssl3_ClientHandleSnapStartXtn },
252 { -1, NULL } 251 { -1, NULL }
253 }; 252 };
254 253
255 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { 254 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
256 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, 255 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
257 { -1, NULL } 256 { -1, NULL }
258 }; 257 };
259 258
260 /* Tables of functions to format TLS hello extensions, one function per 259 /* Tables of functions to format TLS hello extensions, one function per
261 * extension. 260 * extension.
262 * These static tables are for the formatting of client hello extensions. 261 * These static tables are for the formatting of client hello extensions.
263 * The server's table of hello senders is dynamic, in the socket struct, 262 * The server's table of hello senders is dynamic, in the socket struct,
264 * and sender functions are registered there. 263 * and sender functions are registered there.
265 */ 264 */
266 static const 265 static const
267 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { 266 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
268 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, 267 { ssl_server_name_xtn, &ssl3_SendServerNameXtn },
269 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, 268 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
270 #ifdef NSS_ENABLE_ECC 269 #ifdef NSS_ENABLE_ECC
271 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, 270 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
272 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, 271 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
273 #endif 272 #endif
274 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, 273 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
275 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }, 274 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn },
276 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, 275 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }
277 { ssl_snap_start_xtn, &ssl3_SendSnapStartXtn }
278 /* NOTE: The Snap Start sender MUST be the last extension in the list. */
279 /* any extra entries will appear as { 0, NULL } */ 276 /* any extra entries will appear as { 0, NULL } */
280 }; 277 };
281 278
282 static const 279 static const
283 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { 280 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
284 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } 281 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
285 /* any extra entries will appear as { 0, NULL } */ 282 /* any extra entries will appear as { 0, NULL } */
286 }; 283 };
287 284
288 static PRBool 285 static PRBool
289 arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) 286 arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type)
290 { 287 {
291 int i; 288 int i;
292 for (i = 0; i < len; i++) { 289 for (i = 0; i < len; i++) {
293 if (ex_type == array[i]) 290 if (ex_type == array[i])
294 return PR_TRUE; 291 return PR_TRUE;
295 } 292 }
296 return PR_FALSE; 293 return PR_FALSE;
297 } 294 }
298 295
299 PRBool 296 PRBool
300 ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) { 297 ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) {
301 TLSExtensionData *xtnData = &ss->xtnData; 298 TLSExtensionData *xtnData = &ss->xtnData;
302 return arrayContainsExtension(xtnData->negotiated, 299 return arrayContainsExtension(xtnData->negotiated,
303 xtnData->numNegotiated, ex_type); 300 xtnData->numNegotiated, ex_type);
304 } 301 }
305 302
306 PRBool 303 static PRBool
307 ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) { 304 ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) {
308 TLSExtensionData *xtnData = &ss->xtnData; 305 TLSExtensionData *xtnData = &ss->xtnData;
309 return arrayContainsExtension(xtnData->advertised, 306 return arrayContainsExtension(xtnData->advertised,
310 xtnData->numAdvertised, ex_type); 307 xtnData->numAdvertised, ex_type);
311 } 308 }
312 309
313 /* Format an SNI extension, using the name from the socket's URL, 310 /* Format an SNI extension, using the name from the socket's URL,
314 * unless that name is a dotted decimal string. 311 * unless that name is a dotted decimal string.
315 * Used by client and server. 312 * Used by client and server.
316 */ 313 */
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after
513 SECStatus rv; 510 SECStatus rv;
514 /* extension_type */ 511 /* extension_type */
515 rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); 512 rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
516 if (rv != SECSuccess) 513 if (rv != SECSuccess)
517 goto loser; 514 goto loser;
518 if (session_ticket && session_ticket->ticket.data && 515 if (session_ticket && session_ticket->ticket.data &&
519 ss->xtnData.ticketTimestampVerified) { 516 ss->xtnData.ticketTimestampVerified) {
520 rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data, 517 rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data,
521 session_ticket->ticket.len, 2); 518 session_ticket->ticket.len, 2);
522 ss->xtnData.ticketTimestampVerified = PR_FALSE; 519 ss->xtnData.ticketTimestampVerified = PR_FALSE;
523 if (!ss->sec.isServer)
524 ss->xtnData.clientSentNonEmptySessionTicket = PR_TRUE;
525 } else { 520 } else {
526 rv = ssl3_AppendHandshakeNumber(ss, 0, 2); 521 rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
527 } 522 }
528 if (rv != SECSuccess) 523 if (rv != SECSuccess)
529 goto loser; 524 goto loser;
530 525
531 if (!ss->sec.isServer) { 526 if (!ss->sec.isServer) {
532 TLSExtensionData *xtnData = &ss->xtnData; 527 TLSExtensionData *xtnData = &ss->xtnData;
533 xtnData->advertised[xtnData->numAdvertised++] = 528 xtnData->advertised[xtnData->numAdvertised++] =
534 ssl_session_ticket_xtn; 529 ssl_session_ticket_xtn;
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
573 } 568 }
574 569
575 if (offset > length) 570 if (offset > length)
576 return SECFailure; 571 return SECFailure;
577 572
578 return SECSuccess; 573 return SECSuccess;
579 } 574 }
580 575
581 SECStatus 576 SECStatus
582 ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, 577 ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
583 SECItem *data) 578 SECItem *data)
584 { 579 {
585 unsigned int i, j; 580 unsigned int i, j;
586 SECStatus rv; 581 SECStatus rv;
587 unsigned char *result; 582 unsigned char *result;
588 583
589 if (data->len == 0) { 584 if (data->len == 0) {
590 /* The server supports the extension, but doesn't have any 585 /* The server supports the extension, but doesn't have any
591 * protocols configured. In this case we request our favoured 586 * protocols configured. In this case we request our favoured
592 * protocol. */ 587 * protocol. */
593 goto pick_first; 588 goto pick_first;
(...skipping 501 matching lines...) Expand 10 before | Expand all | Expand 10 after
1095 return SECSuccess; 1090 return SECSuccess;
1096 1091
1097 /* Keep track of negotiated extensions. */ 1092 /* Keep track of negotiated extensions. */
1098 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; 1093 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
1099 1094
1100 /* Parse the received ticket sent in by the client. We are 1095 /* Parse the received ticket sent in by the client. We are
1101 * lenient about some parse errors, falling back to a fullshake 1096 * lenient about some parse errors, falling back to a fullshake
1102 * instead of terminating the current connection. 1097 * instead of terminating the current connection.
1103 */ 1098 */
1104 if (data->len == 0) { 1099 if (data->len == 0) {
1105 » ss->xtnData.serverReceivedEmptySessionTicket = PR_TRUE; 1100 » ss->xtnData.emptySessionTicket = PR_TRUE;
1106 } else { 1101 } else {
1107 int i; 1102 int i;
1108 SECItem extension_data; 1103 SECItem extension_data;
1109 EncryptedSessionTicket enc_session_ticket; 1104 EncryptedSessionTicket enc_session_ticket;
1110 unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; 1105 unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
1111 unsigned int computed_mac_length; 1106 unsigned int computed_mac_length;
1112 const SECHashObject *hashObj; 1107 const SECHashObject *hashObj;
1113 const unsigned char *aes_key; 1108 const unsigned char *aes_key;
1114 const unsigned char *mac_key; 1109 const unsigned char *mac_key;
1115 PK11SymKey *aes_key_pkcs11; 1110 PK11SymKey *aes_key_pkcs11;
(...skipping 597 matching lines...) Expand 10 before | Expand all | Expand 10 after
1713 ss->peerRequestedProtection = 1; 1708 ss->peerRequestedProtection = 1;
1714 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; 1709 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
1715 if (ss->sec.isServer) { 1710 if (ss->sec.isServer) {
1716 /* prepare to send back the appropriate response */ 1711 /* prepare to send back the appropriate response */
1717 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, 1712 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
1718 ssl3_SendRenegotiationInfoXtn); 1713 ssl3_SendRenegotiationInfoXtn);
1719 } 1714 }
1720 return rv; 1715 return rv;
1721 } 1716 }
1722 1717
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698