Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(80)

Side by Side Diff: net/third_party/nss/ssl/ssl3ext.c

Issue 7327029: Add client-side support for the origin bound certificate TLS extension. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after
242 /* These two tables are used by the client, to handle server hello 242 /* These two tables are used by the client, to handle server hello
243 * extensions. */ 243 * extensions. */
244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { 244 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, 245 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
246 /* TODO: add a handler for ssl_ec_point_formats_xtn */ 246 /* TODO: add a handler for ssl_ec_point_formats_xtn */
247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, 247 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, 248 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
249 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, 249 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
250 { ssl_cached_info_xtn, &ssl3_ClientHandleCachedInfoXtn }, 250 { ssl_cached_info_xtn, &ssl3_ClientHandleCachedInfoXtn },
251 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, 251 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
252 { ssl_ob_cert_xtn, &ssl3_ClientHandleOBCertXtn },
252 { -1, NULL } 253 { -1, NULL }
253 }; 254 };
254 255
255 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { 256 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
256 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, 257 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
257 { -1, NULL } 258 { -1, NULL }
258 }; 259 };
259 260
260 /* Tables of functions to format TLS hello extensions, one function per 261 /* Tables of functions to format TLS hello extensions, one function per
261 * extension. 262 * extension.
262 * These static tables are for the formatting of client hello extensions. 263 * These static tables are for the formatting of client hello extensions.
263 * The server's table of hello senders is dynamic, in the socket struct, 264 * The server's table of hello senders is dynamic, in the socket struct,
264 * and sender functions are registered there. 265 * and sender functions are registered there.
265 */ 266 */
266 static const 267 static const
267 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { 268 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
268 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, 269 { ssl_server_name_xtn, &ssl3_SendServerNameXtn },
269 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, 270 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
270 #ifdef NSS_ENABLE_ECC 271 #ifdef NSS_ENABLE_ECC
271 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, 272 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
272 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, 273 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
273 #endif 274 #endif
274 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, 275 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
275 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }, 276 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn },
276 { ssl_cached_info_xtn, &ssl3_ClientSendCachedInfoXtn }, 277 { ssl_cached_info_xtn, &ssl3_ClientSendCachedInfoXtn },
277 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } 278 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
279 { ssl_ob_cert_xtn, &ssl3_SendOBCertXtn }
278 /* any extra entries will appear as { 0, NULL } */ 280 /* any extra entries will appear as { 0, NULL } */
279 }; 281 };
280 282
281 static const 283 static const
282 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { 284 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
283 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } 285 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
284 /* any extra entries will appear as { 0, NULL } */ 286 /* any extra entries will appear as { 0, NULL } */
285 }; 287 };
286 288
287 static PRBool 289 static PRBool
(...skipping 1572 matching lines...) Expand 10 before | Expand all | Expand 10 after
1860 ss->peerRequestedProtection = 1; 1862 ss->peerRequestedProtection = 1;
1861 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; 1863 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
1862 if (ss->sec.isServer) { 1864 if (ss->sec.isServer) {
1863 /* prepare to send back the appropriate response */ 1865 /* prepare to send back the appropriate response */
1864 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, 1866 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
1865 ssl3_SendRenegotiationInfoXtn); 1867 ssl3_SendRenegotiationInfoXtn);
1866 } 1868 }
1867 return rv; 1869 return rv;
1868 } 1870 }
1869 1871
1872 /* This sender is used by both the client and server. */
1873 PRInt32
1874 ssl3_SendOBCertXtn(sslSocket * ss, PRBool append,
1875 PRUint32 maxBytes)
agl 2011/07/13 21:48:29 I would line this up with the "sslSocket" of the p
wtc 2011/07/13 22:13:47 In these three functions, please align the third a
1876 {
1877 SECStatus rv;
1878
1879 if (!ss)
1880 return 0;
1881
1882 if (!ss->opt.enableOBCerts)
1883 return 0;
1884
1885 /* extension length = extension_type (2-bytes) +
1886 * length(extension_data) (2-bytes) +
1887 */
1888
1889 PRUint32 extension_length = 4;
1890
1891 if (append && maxBytes >= extension_length) {
1892 /* extension_type */
1893 rv = ssl3_AppendHandshakeNumber(ss, ssl_ob_cert_xtn, 2);
1894 if (rv != SECSuccess) return -1;
1895 /* length of extension_data */
1896 rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
1897 if (rv != SECSuccess) return -1;
1898
1899 if (!ss->sec.isServer)
1900 ss->xtnData.advertised[ss->xtnData.numAdvertised++]
1901 = ssl_ob_cert_xtn;
wtc 2011/07/13 22:13:47 Please add curly braces around the if statement's
1902 }
1903
1904 return extension_length;
1905 }
1906
1907 SECStatus
1908 ssl3_ServerHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type,
1909 SECItem *data)
1910 {
1911 SECStatus rv;
1912
1913 /* Ignore the OBCert extension if it is disabled. */
1914 if (!ss->opt.enableOBCerts)
1915 return SECSuccess;
1916
1917 /* The echoed extension must be empty. */
1918 if (data->len != 0)
1919 return SECFailure;
1920
1921 /* Keep track of negotiated extensions. */
1922 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
1923
1924 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
1925 ssl3_SendOBCertXtn);
1926
1927 return SECSuccess;
1928 }
1929
1930 SECStatus
1931 ssl3_ClientHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type,
1932 SECItem *data)
1933 {
1934 /* If we didn't request this extension, then the server may not echo it. */
1935 if (!ss->opt.enableOBCerts)
1936 return SECFailure;
1937
1938 /* The echoed extension must be empty. */
1939 if (data->len != 0)
1940 return SECFailure;
1941
1942 /* Keep track of negotiated extensions. */
1943 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
1944
1945 return SECSuccess;
1946 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698