OLD | NEW |
---|---|
1 /* | 1 /* |
2 * SSL3 Protocol | 2 * SSL3 Protocol |
3 * | 3 * |
4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
6 * | 6 * |
7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
(...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
242 /* These two tables are used by the client, to handle server hello | 242 /* These two tables are used by the client, to handle server hello |
243 * extensions. */ | 243 * extensions. */ |
244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { | 244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { |
245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, | 245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
246 /* TODO: add a handler for ssl_ec_point_formats_xtn */ | 246 /* TODO: add a handler for ssl_ec_point_formats_xtn */ |
247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, | 247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
249 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, | 249 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
250 { ssl_cached_info_xtn, &ssl3_ClientHandleCachedInfoXtn }, | 250 { ssl_cached_info_xtn, &ssl3_ClientHandleCachedInfoXtn }, |
251 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, | 251 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
252 { ssl_ob_cert_xtn, &ssl3_ClientHandleOBCertXtn }, | |
252 { -1, NULL } | 253 { -1, NULL } |
253 }; | 254 }; |
254 | 255 |
255 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { | 256 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { |
256 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 257 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
257 { -1, NULL } | 258 { -1, NULL } |
258 }; | 259 }; |
259 | 260 |
260 /* Tables of functions to format TLS hello extensions, one function per | 261 /* Tables of functions to format TLS hello extensions, one function per |
261 * extension. | 262 * extension. |
262 * These static tables are for the formatting of client hello extensions. | 263 * These static tables are for the formatting of client hello extensions. |
263 * The server's table of hello senders is dynamic, in the socket struct, | 264 * The server's table of hello senders is dynamic, in the socket struct, |
264 * and sender functions are registered there. | 265 * and sender functions are registered there. |
265 */ | 266 */ |
266 static const | 267 static const |
267 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { | 268 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { |
268 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, | 269 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, |
269 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, | 270 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, |
270 #ifdef NSS_ENABLE_ECC | 271 #ifdef NSS_ENABLE_ECC |
271 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, | 272 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, |
272 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, | 273 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, |
273 #endif | 274 #endif |
274 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, | 275 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
275 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }, | 276 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
276 { ssl_cached_info_xtn, &ssl3_ClientSendCachedInfoXtn }, | 277 { ssl_cached_info_xtn, &ssl3_ClientSendCachedInfoXtn }, |
277 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } | 278 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, |
279 { ssl_ob_cert_xtn, &ssl3_SendOBCertXtn } | |
278 /* any extra entries will appear as { 0, NULL } */ | 280 /* any extra entries will appear as { 0, NULL } */ |
279 }; | 281 }; |
280 | 282 |
281 static const | 283 static const |
282 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { | 284 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { |
283 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } | 285 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } |
284 /* any extra entries will appear as { 0, NULL } */ | 286 /* any extra entries will appear as { 0, NULL } */ |
285 }; | 287 }; |
286 | 288 |
287 static PRBool | 289 static PRBool |
(...skipping 1572 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1860 ss->peerRequestedProtection = 1; | 1862 ss->peerRequestedProtection = 1; |
1861 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 1863 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
1862 if (ss->sec.isServer) { | 1864 if (ss->sec.isServer) { |
1863 /* prepare to send back the appropriate response */ | 1865 /* prepare to send back the appropriate response */ |
1864 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, | 1866 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, |
1865 ssl3_SendRenegotiationInfoXtn); | 1867 ssl3_SendRenegotiationInfoXtn); |
1866 } | 1868 } |
1867 return rv; | 1869 return rv; |
1868 } | 1870 } |
1869 | 1871 |
1872 /* This sender is used by both the client and server. */ | |
1873 PRInt32 | |
1874 ssl3_SendOBCertXtn(sslSocket * ss, PRBool append, | |
1875 PRUint32 maxBytes) | |
agl
2011/07/13 21:48:29
I would line this up with the "sslSocket" of the p
wtc
2011/07/13 22:13:47
In these three functions, please align the third a
| |
1876 { | |
1877 SECStatus rv; | |
1878 | |
1879 if (!ss) | |
1880 return 0; | |
1881 | |
1882 if (!ss->opt.enableOBCerts) | |
1883 return 0; | |
1884 | |
1885 /* extension length = extension_type (2-bytes) + | |
1886 * length(extension_data) (2-bytes) + | |
1887 */ | |
1888 | |
1889 PRUint32 extension_length = 4; | |
1890 | |
1891 if (append && maxBytes >= extension_length) { | |
1892 /* extension_type */ | |
1893 rv = ssl3_AppendHandshakeNumber(ss, ssl_ob_cert_xtn, 2); | |
1894 if (rv != SECSuccess) return -1; | |
1895 /* length of extension_data */ | |
1896 rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); | |
1897 if (rv != SECSuccess) return -1; | |
1898 | |
1899 if (!ss->sec.isServer) | |
1900 ss->xtnData.advertised[ss->xtnData.numAdvertised++] | |
1901 = ssl_ob_cert_xtn; | |
wtc
2011/07/13 22:13:47
Please add curly braces around the if statement's
| |
1902 } | |
1903 | |
1904 return extension_length; | |
1905 } | |
1906 | |
1907 SECStatus | |
1908 ssl3_ServerHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type, | |
1909 SECItem *data) | |
1910 { | |
1911 SECStatus rv; | |
1912 | |
1913 /* Ignore the OBCert extension if it is disabled. */ | |
1914 if (!ss->opt.enableOBCerts) | |
1915 return SECSuccess; | |
1916 | |
1917 /* The echoed extension must be empty. */ | |
1918 if (data->len != 0) | |
1919 return SECFailure; | |
1920 | |
1921 /* Keep track of negotiated extensions. */ | |
1922 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
1923 | |
1924 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, | |
1925 ssl3_SendOBCertXtn); | |
1926 | |
1927 return SECSuccess; | |
1928 } | |
1929 | |
1930 SECStatus | |
1931 ssl3_ClientHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type, | |
1932 SECItem *data) | |
1933 { | |
1934 /* If we didn't request this extension, then the server may not echo it. */ | |
1935 if (!ss->opt.enableOBCerts) | |
1936 return SECFailure; | |
1937 | |
1938 /* The echoed extension must be empty. */ | |
1939 if (data->len != 0) | |
1940 return SECFailure; | |
1941 | |
1942 /* Keep track of negotiated extensions. */ | |
1943 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | |
1944 | |
1945 return SECSuccess; | |
1946 } | |
OLD | NEW |