OLD | NEW |
---|---|
1 /* | 1 /* |
2 * SSL3 Protocol | 2 * SSL3 Protocol |
3 * | 3 * |
4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
6 * | 6 * |
7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
241 | 241 |
242 /* These two tables are used by the client, to handle server hello | 242 /* These two tables are used by the client, to handle server hello |
243 * extensions. */ | 243 * extensions. */ |
244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { | 244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { |
245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, | 245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
246 /* TODO: add a handler for ssl_ec_point_formats_xtn */ | 246 /* TODO: add a handler for ssl_ec_point_formats_xtn */ |
247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, | 247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
249 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, | 249 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
250 { ssl_cached_info_xtn, &ssl3_ClientHandleCachedInfoXtn }, | 250 { ssl_cached_info_xtn, &ssl3_ClientHandleCachedInfoXtn }, |
251 { ssl_ob_cert_xtn, &ssl3_ClientHandleOBCertXtn }, | |
wtc
2011/07/13 01:17:15
Nit: list this after ssl_cert_status_xtn for consi
| |
251 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, | 252 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
252 { -1, NULL } | 253 { -1, NULL } |
253 }; | 254 }; |
254 | 255 |
255 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { | 256 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { |
256 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 257 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
258 { ssl_ob_cert_xtn, &ssl3_ClientHandleOBCertXtn }, | |
wtc
2011/07/13 01:17:15
BUG: remove this. In SSL 3.0 the only extension w
| |
257 { -1, NULL } | 259 { -1, NULL } |
258 }; | 260 }; |
259 | 261 |
260 /* Tables of functions to format TLS hello extensions, one function per | 262 /* Tables of functions to format TLS hello extensions, one function per |
261 * extension. | 263 * extension. |
262 * These static tables are for the formatting of client hello extensions. | 264 * These static tables are for the formatting of client hello extensions. |
263 * The server's table of hello senders is dynamic, in the socket struct, | 265 * The server's table of hello senders is dynamic, in the socket struct, |
264 * and sender functions are registered there. | 266 * and sender functions are registered there. |
265 */ | 267 */ |
266 static const | 268 static const |
267 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { | 269 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { |
268 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, | 270 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, |
269 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, | 271 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, |
270 #ifdef NSS_ENABLE_ECC | 272 #ifdef NSS_ENABLE_ECC |
271 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, | 273 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, |
272 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, | 274 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, |
273 #endif | 275 #endif |
274 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, | 276 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
275 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }, | 277 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
276 { ssl_cached_info_xtn, &ssl3_ClientSendCachedInfoXtn }, | 278 { ssl_cached_info_xtn, &ssl3_ClientSendCachedInfoXtn }, |
277 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } | 279 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, |
280 { ssl_ob_cert_xtn, &ssl3_ClientSendOBCertXtn } | |
278 /* any extra entries will appear as { 0, NULL } */ | 281 /* any extra entries will appear as { 0, NULL } */ |
279 }; | 282 }; |
280 | 283 |
281 static const | 284 static const |
282 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { | 285 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { |
283 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } | 286 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } |
284 /* any extra entries will appear as { 0, NULL } */ | 287 /* any extra entries will appear as { 0, NULL } */ |
285 }; | 288 }; |
286 | 289 |
287 static PRBool | 290 static PRBool |
(...skipping 1572 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1860 ss->peerRequestedProtection = 1; | 1863 ss->peerRequestedProtection = 1; |
1861 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 1864 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
1862 if (ss->sec.isServer) { | 1865 if (ss->sec.isServer) { |
1863 /* prepare to send back the appropriate response */ | 1866 /* prepare to send back the appropriate response */ |
1864 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, | 1867 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, |
1865 ssl3_SendRenegotiationInfoXtn); | 1868 ssl3_SendRenegotiationInfoXtn); |
1866 } | 1869 } |
1867 return rv; | 1870 return rv; |
1868 } | 1871 } |
1869 | 1872 |
1873 PRInt32 | |
1874 ssl3_ClientSendOBCertXtn(sslSocket * ss, PRBool append, | |
1875 PRUint32 maxBytes) | |
wtc
2011/07/13 01:17:15
Align the arguments properly.
Make the same chang
| |
1876 { | |
1877 SECStatus rv; | |
1878 TLSExtensionData *xtnData = &ss->xtnData; | |
1879 | |
1880 if (!ss) | |
wtc
2011/07/13 01:17:15
Indentation seems wrong.
| |
1881 return 0; | |
1882 | |
1883 /* extension length = extension_type (2-bytes) + | |
1884 * length(extension_data) (2-bytes) + | |
1885 */ | |
1886 | |
1887 PRUint32 extension_length = 4; | |
1888 | |
1889 if (append && maxBytes >= extension_length) { | |
1890 /* extension_type */ | |
1891 rv = ssl3_AppendHandshakeNumber(ss, ssl_ob_cert_xtn, 2); | |
1892 if (rv != SECSuccess) return -1; | |
1893 /* length of extension_data */ | |
1894 rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); | |
1895 if (rv != SECSuccess) return -1; | |
1896 | |
1897 xtnData = &ss->xtnData; | |
1898 xtnData->advertised[xtnData->numAdvertised++] = ssl_ob_cert_xtn; | |
1899 } | |
1900 | |
1901 return extension_length; | |
1902 } | |
1903 | |
1904 SECStatus | |
1905 ssl3_ServerHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type, | |
1906 SECItem *data) | |
1907 { | |
1908 SECStatus rv; | |
1909 | |
1910 /* TODO(rkn): Is enableOBCerts true only when we actually want an OBCert? */ | |
wtc
2011/07/13 01:17:15
Good question. I believe that the condition "we a
| |
1911 /* Ignore the OBCert extension if it is disabled. */ | |
1912 if (!ss->opt.enableOBCerts) | |
1913 return SECSuccess; | |
1914 | |
1915 /* The echoed extension must be empty. */ | |
1916 if (data->len != 0) | |
1917 return SECFailure; | |
1918 | |
1919 /* Keep track of negotiated extensions. */ | |
1920 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
1921 | |
1922 return SECSuccess; | |
1923 } | |
1924 | |
1925 PRInt32 | |
1926 ssl3_ServerSendOBCertXtn(sslSocket * ss, PRBool append, | |
1927 PRUint32 maxBytes) | |
1928 { | |
1929 SECStatus rv; | |
1930 if (!ss) | |
1931 return 0; | |
1932 | |
1933 /* extension length = extension_type (2-bytes) + | |
1934 * length(extension_data) (2-bytes) + | |
1935 */ | |
1936 | |
1937 PRUint32 extension_length = 4; | |
1938 | |
1939 if (append && maxBytes >= extension_length) { | |
1940 /* extension_type */ | |
1941 rv = ssl3_AppendHandshakeNumber(ss, ssl_ob_cert_xtn, 2); | |
1942 if (rv != SECSuccess) return -1; | |
1943 /* length of extension_data */ | |
1944 rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); | |
1945 if (rv != SECSuccess) return -1; | |
1946 } | |
1947 | |
1948 return extension_length; | |
1949 } | |
1950 | |
1951 SECStatus | |
1952 ssl3_ClientHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type, | |
1953 SECItem *data) | |
1954 { | |
1955 /* If we didn't request this extension, then the server may not echo it. */ | |
1956 if (!ss->opt.enableOBCerts) | |
1957 return SECFailure; | |
1958 | |
1959 /* The echoed extension must be empty. */ | |
1960 if (data->len != 0) | |
1961 return SECFailure; | |
1962 | |
1963 ss->ssl3.hs.may_get_cert_status = PR_TRUE; | |
wtc
2011/07/13 01:17:15
I think this line should be deleted. (It must hav
| |
1964 | |
1965 /* Keep track of negotiated extensions. */ | |
1966 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
1967 | |
1968 return SECSuccess; | |
1969 } | |
OLD | NEW |