Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(369)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 7464031: net: add NSS support for RFC 5705 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 9 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/third_party/nss/ssl/ssl.h ('K') | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 8424 matching lines...) Expand 10 before | Expand all | Expand 10 after
8435 ssl_GetRecvBufLock(ss); 8435 ssl_GetRecvBufLock(ss);
8436 if (ss->ssl3.hs.msgState.buf != NULL) { 8436 if (ss->ssl3.hs.msgState.buf != NULL) {
8437 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); 8437 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
8438 } 8438 }
8439 ssl_ReleaseRecvBufLock(ss); 8439 ssl_ReleaseRecvBufLock(ss);
8440 } 8440 }
8441 8441
8442 return rv; 8442 return rv;
8443 } 8443 }
8444 8444
8445 static SECStatus 8445 /* The calling function must acquire and release the appropriate lock (i.e.,
8446 ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, 8446 * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any
8447 » » » PRBool isServer, 8447 * label must already be concatenated onto the beginning of val.
8448 const SSL3Finished * hashes, 8448 */
8449 TLSFinished * tlsFinished) 8449 SECStatus
8450 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
8451 unsigned int labelLen, const unsigned char *val, unsigned int valLen,
8452 unsigned char *out, unsigned int outLen)
8450 { 8453 {
8451 const char * label; 8454 SECStatus rv = SECSuccess;
8452 unsigned int len; 8455 unsigned int retLen;
8453 SECStatus rv;
8454
8455 label = isServer ? "server finished" : "client finished";
8456 len = 15;
8457 8456
8458 if (spec->master_secret && !spec->bypassCiphers) { 8457 if (spec->master_secret && !spec->bypassCiphers) {
8459 SECItem param = {siBuffer, NULL, 0}; 8458 SECItem param = {siBuffer, NULL, 0};
8460 PK11Context *prf_context = 8459 PK11Context *prf_context =
8461 PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN, 8460 PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN,
8462 spec->master_secret, &param); 8461 spec->master_secret, &param);
8463 if (!prf_context) 8462 if (!prf_context)
8464 return SECFailure; 8463 return SECFailure;
8465 8464
8466 rv = PK11_DigestBegin(prf_context); 8465 rv = PK11_DigestBegin(prf_context);
8467 » rv |= PK11_DigestOp(prf_context, (const unsigned char *) label, len); 8466 » rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen);
8468 » rv |= PK11_DigestOp(prf_context, hashes->md5, sizeof *hashes); 8467 » rv |= PK11_DigestOp(prf_context, val, valLen);
8469 » rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, 8468 » rv |= PK11_DigestFinal(prf_context, out,
8470 » » » &len, sizeof tlsFinished->verify_data); 8469 » » » &retLen, outLen);
8471 » PORT_Assert(rv != SECSuccess || len == sizeof *tlsFinished); 8470 » PORT_Assert(rv != SECSuccess || retLen == outLen);
8472 8471
8473 PK11_DestroyContext(prf_context, PR_TRUE); 8472 PK11_DestroyContext(prf_context, PR_TRUE);
8474 } else { 8473 } else {
8475 /* bypass PKCS11 */ 8474 /* bypass PKCS11 */
8476 SECItem inData = { siBuffer, }; 8475 SECItem inData = { siBuffer, };
8477 SECItem outData = { siBuffer, }; 8476 SECItem outData = { siBuffer, };
8478 PRBool isFIPS = PR_FALSE; 8477 PRBool isFIPS = PR_FALSE;
8479 8478
8480 » inData.data = (unsigned char *)hashes->md5; 8479 » inData.data = (unsigned char *) val;
8481 » inData.len = sizeof hashes[0]; 8480 » inData.len = valLen;
8482 » outData.data = tlsFinished->verify_data; 8481 » outData.data = out;
8483 » outData.len = sizeof tlsFinished->verify_data; 8482 » outData.len = outLen;
8484 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); 8483 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
8485 » PORT_Assert(rv != SECSuccess || \ 8484 » PORT_Assert(rv != SECSuccess || outData.len == outLen);
8486 » » outData.len == sizeof tlsFinished->verify_data);
8487 } 8485 }
8488 return rv; 8486 return rv;
8489 } 8487 }
8490 8488
8489 static SECStatus
8490 ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
8491 PRBool isServer,
8492 const SSL3Finished * hashes,
8493 TLSFinished * tlsFinished)
8494 {
8495 const char * label;
8496 SECStatus rv;
8497
8498 label = isServer ? "server finished" : "client finished";
8499
8500 rv = ssl3_TLSPRFWithMasterSecret(spec, label, 15, hashes->md5,
8501 sizeof *hashes, tlsFinished->verify_data,
8502 sizeof tlsFinished->verify_data);
8503
8504 return rv;
8505 }
8506
8491 /* called from ssl3_HandleServerHelloDone 8507 /* called from ssl3_HandleServerHelloDone
8492 */ 8508 */
8493 static SECStatus 8509 static SECStatus
8494 ssl3_SendNextProto(sslSocket *ss) 8510 ssl3_SendNextProto(sslSocket *ss)
8495 { 8511 {
8496 SECStatus rv; 8512 SECStatus rv;
8497 int padding_len; 8513 int padding_len;
8498 static const unsigned char padding[32] = {0}; 8514 static const unsigned char padding[32] = {0};
8499 8515
8500 if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NO_SUPPORT) 8516 if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NO_SUPPORT)
(...skipping 1432 matching lines...) Expand 10 before | Expand all | Expand 10 after
9933 9949
9934 ss->ssl3.initialized = PR_FALSE; 9950 ss->ssl3.initialized = PR_FALSE;
9935 9951
9936 if (ss->ssl3.nextProto.data) { 9952 if (ss->ssl3.nextProto.data) {
9937 PORT_Free(ss->ssl3.nextProto.data); 9953 PORT_Free(ss->ssl3.nextProto.data);
9938 ss->ssl3.nextProto.data = NULL; 9954 ss->ssl3.nextProto.data = NULL;
9939 } 9955 }
9940 } 9956 }
9941 9957
9942 /* End of ssl3con.c */ 9958 /* End of ssl3con.c */
OLDNEW
« net/third_party/nss/ssl/ssl.h ('K') | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698