OLD | NEW |
---|---|
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
11 * for the specific language governing rights and limitations under the | 11 * for the specific language governing rights and limitations under the |
12 * License. | 12 * License. |
13 * | 13 * |
14 * The Original Code is the Netscape security libraries. | 14 * The Original Code is the Netscape security libraries. |
15 * | 15 * |
16 * The Initial Developer of the Original Code is | 16 * The Initial Developer of the Original Code is |
17 * Netscape Communications Corporation. | 17 * Netscape Communications Corporation. |
18 * Portions created by the Initial Developer are Copyright (C) 2001 | 18 * Portions created by the Initial Developer are Copyright (C) 2001 |
19 * the Initial Developer. All Rights Reserved. | 19 * the Initial Developer. All Rights Reserved. |
20 * | 20 * |
21 * Contributor(s): | 21 * Contributor(s): |
22 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories | 22 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories |
23 * Douglas Stebila <douglas@stebila.ca> | |
23 * | 24 * |
24 * Alternatively, the contents of this file may be used under the terms of | 25 * Alternatively, the contents of this file may be used under the terms of |
25 * either the GNU General Public License Version 2 or later (the "GPL"), or | 26 * either the GNU General Public License Version 2 or later (the "GPL"), or |
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), | 27 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), |
27 * in which case the provisions of the GPL or the LGPL are applicable instead | 28 * in which case the provisions of the GPL or the LGPL are applicable instead |
28 * of those above. If you wish to allow use of your version of this file only | 29 * of those above. If you wish to allow use of your version of this file only |
29 * under the terms of either the GPL or the LGPL, and not to allow others to | 30 * under the terms of either the GPL or the LGPL, and not to allow others to |
30 * use your version of this file under the terms of the MPL, indicate your | 31 * use your version of this file under the terms of the MPL, indicate your |
31 * decision by deleting the provisions above and replace them with the notice | 32 * decision by deleting the provisions above and replace them with the notice |
32 * and other provisions required by the GPL or the LGPL. If you do not delete | 33 * and other provisions required by the GPL or the LGPL. If you do not delete |
33 * the provisions above, a recipient may use your version of this file under | 34 * the provisions above, a recipient may use your version of this file under |
34 * the terms of any one of the MPL, the GPL or the LGPL. | 35 * the terms of any one of the MPL, the GPL or the LGPL. |
35 * | 36 * |
36 * ***** END LICENSE BLOCK ***** */ | 37 * ***** END LICENSE BLOCK ***** */ |
37 /* $Id: sslinfo.c,v 1.23.2.1 2010/09/02 01:13:46 wtc%google.com Exp $ */ | 38 /* $Id: sslinfo.c,v 1.23.2.1 2010/09/02 01:13:46 wtc%google.com Exp $ */ |
38 #include "ssl.h" | 39 #include "ssl.h" |
39 #include "sslimpl.h" | 40 #include "sslimpl.h" |
40 #include "sslproto.h" | 41 #include "sslproto.h" |
42 #include "pk11func.h" | |
wtc
2011/07/21 19:56:16
I don't see anything in the new code that requires
agl
2011/07/22 14:05:40
Done.
| |
41 | 43 |
42 static const char * | 44 static const char * |
43 ssl_GetCompressionMethodName(SSLCompressionMethod compression) | 45 ssl_GetCompressionMethodName(SSLCompressionMethod compression) |
44 { | 46 { |
45 switch (compression) { | 47 switch (compression) { |
46 case ssl_compression_null: | 48 case ssl_compression_null: |
47 return "NULL"; | 49 return "NULL"; |
48 #ifdef NSS_ENABLE_ZLIB | 50 #ifdef NSS_ENABLE_ZLIB |
49 case ssl_compression_deflate: | 51 case ssl_compression_deflate: |
50 return "DEFLATE"; | 52 return "DEFLATE"; |
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
309 { | 311 { |
310 unsigned int i; | 312 unsigned int i; |
311 for (i = 0; i < NUM_SUITEINFOS; i++) { | 313 for (i = 0; i < NUM_SUITEINFOS; i++) { |
312 if (suiteInfo[i].cipherSuite == cipherSuite) { | 314 if (suiteInfo[i].cipherSuite == cipherSuite) { |
313 return (PRBool)(suiteInfo[i].isExportable); | 315 return (PRBool)(suiteInfo[i].isExportable); |
314 } | 316 } |
315 } | 317 } |
316 return PR_FALSE; | 318 return PR_FALSE; |
317 } | 319 } |
318 | 320 |
321 /* Export keying material according to draft-ietf-tls-extractor-06. | |
wtc
2011/07/21 19:56:16
Change draft-ietf-tls-extractor-06 to RFC 5705.
agl
2011/07/22 14:05:40
Done.
| |
322 ** fd must correspond to a TLS 1.0 or higher socket, out must | |
323 ** be already allocated. | |
324 */ | |
325 SECStatus | |
326 SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label, | |
327 const unsigned char *context, | |
328 unsigned int contextLen, | |
329 unsigned char *out, | |
330 unsigned int outLen) | |
331 { | |
332 sslSocket *ss; | |
333 unsigned char *val = NULL; | |
334 unsigned int valLen, i; | |
335 SECStatus rv = SECFailure; | |
336 | |
337 ss = ssl_FindSocket(fd); | |
338 if (!ss) { | |
339 SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial", | |
340 SSL_GETPID(), fd)); | |
341 return SECFailure; | |
342 } | |
343 | |
344 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) { | |
345 PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); | |
wtc
2011/07/21 19:56:16
This is a new meaning for the SSL_ERROR_UNSUPPORTE
| |
346 return SECFailure; | |
347 } | |
348 | |
349 if (ss->ssl3.hs.ws != idle_handshake) { | |
350 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); | |
wtc
2011/07/21 19:56:16
In the other place where NSS sets this error code,
agl
2011/07/22 14:05:40
I've copied the referenced test for completeness (
| |
351 return SECFailure; | |
352 } | |
353 | |
354 valLen = SSL3_RANDOM_LENGTH * 2; | |
355 if (contextLen > 0) | |
356 valLen += 2 /* uint16 length */ + contextLen; | |
357 val = PORT_Alloc(valLen); | |
358 if (val == NULL) | |
359 return SECFailure; | |
360 i = 0; | |
361 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); | |
362 i += SSL3_RANDOM_LENGTH; | |
363 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); | |
364 i += SSL3_RANDOM_LENGTH; | |
365 if (contextLen > 0) { | |
366 val[i++] = contextLen >> 8; | |
367 val[i++] = contextLen; | |
368 PORT_Memcpy(val + i, context, contextLen); | |
369 i += contextLen; | |
370 } | |
371 PORT_Assert(i == valLen); | |
372 | |
373 ssl_GetSpecReadLock(ss); | |
374 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val, valLen, out, outLen); | |
wtc
2011/07/21 19:56:16
Please fold this long line.
agl
2011/07/22 14:05:40
Done.
| |
375 ssl_ReleaseSpecReadLock(ss); | |
376 | |
377 if (val != NULL) | |
378 PORT_ZFree(val, valLen); | |
379 return rv; | |
380 } | |
381 | |
319 SECItem* | 382 SECItem* |
320 SSL_GetNegotiatedHostInfo(PRFileDesc *fd) | 383 SSL_GetNegotiatedHostInfo(PRFileDesc *fd) |
321 { | 384 { |
322 SECItem *sniName = NULL; | 385 SECItem *sniName = NULL; |
323 sslSocket *ss; | 386 sslSocket *ss; |
324 char *name = NULL; | 387 char *name = NULL; |
325 | 388 |
326 ss = ssl_FindSocket(fd); | 389 ss = ssl_FindSocket(fd); |
327 if (!ss) { | 390 if (!ss) { |
328 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo", | 391 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo", |
(...skipping 19 matching lines...) Expand all Loading... | |
348 sniName = PORT_ZNew(SECItem); | 411 sniName = PORT_ZNew(SECItem); |
349 if (!sniName) { | 412 if (!sniName) { |
350 PORT_Free(name); | 413 PORT_Free(name); |
351 return NULL; | 414 return NULL; |
352 } | 415 } |
353 sniName->data = (void*)name; | 416 sniName->data = (void*)name; |
354 sniName->len = PORT_Strlen(name); | 417 sniName->len = PORT_Strlen(name); |
355 } | 418 } |
356 return sniName; | 419 return sniName; |
357 } | 420 } |
OLD | NEW |