OLD | NEW |
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
11 * for the specific language governing rights and limitations under the | 11 * for the specific language governing rights and limitations under the |
12 * License. | 12 * License. |
13 * | 13 * |
14 * The Original Code is the Netscape security libraries. | 14 * The Original Code is the Netscape security libraries. |
15 * | 15 * |
16 * The Initial Developer of the Original Code is | 16 * The Initial Developer of the Original Code is |
17 * Netscape Communications Corporation. | 17 * Netscape Communications Corporation. |
18 * Portions created by the Initial Developer are Copyright (C) 2001 | 18 * Portions created by the Initial Developer are Copyright (C) 2001 |
19 * the Initial Developer. All Rights Reserved. | 19 * the Initial Developer. All Rights Reserved. |
20 * | 20 * |
21 * Contributor(s): | 21 * Contributor(s): |
22 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories | 22 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories |
| 23 * Douglas Stebila <douglas@stebila.ca> |
23 * | 24 * |
24 * Alternatively, the contents of this file may be used under the terms of | 25 * Alternatively, the contents of this file may be used under the terms of |
25 * either the GNU General Public License Version 2 or later (the "GPL"), or | 26 * either the GNU General Public License Version 2 or later (the "GPL"), or |
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), | 27 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), |
27 * in which case the provisions of the GPL or the LGPL are applicable instead | 28 * in which case the provisions of the GPL or the LGPL are applicable instead |
28 * of those above. If you wish to allow use of your version of this file only | 29 * of those above. If you wish to allow use of your version of this file only |
29 * under the terms of either the GPL or the LGPL, and not to allow others to | 30 * under the terms of either the GPL or the LGPL, and not to allow others to |
30 * use your version of this file under the terms of the MPL, indicate your | 31 * use your version of this file under the terms of the MPL, indicate your |
31 * decision by deleting the provisions above and replace them with the notice | 32 * decision by deleting the provisions above and replace them with the notice |
32 * and other provisions required by the GPL or the LGPL. If you do not delete | 33 * and other provisions required by the GPL or the LGPL. If you do not delete |
33 * the provisions above, a recipient may use your version of this file under | 34 * the provisions above, a recipient may use your version of this file under |
34 * the terms of any one of the MPL, the GPL or the LGPL. | 35 * the terms of any one of the MPL, the GPL or the LGPL. |
35 * | 36 * |
36 * ***** END LICENSE BLOCK ***** */ | 37 * ***** END LICENSE BLOCK ***** */ |
37 /* $Id: sslinfo.c,v 1.23.2.1 2010/09/02 01:13:46 wtc%google.com Exp $ */ | 38 /* $Id: sslinfo.c,v 1.23.2.1 2010/09/02 01:13:46 wtc%google.com Exp $ */ |
38 #include "ssl.h" | 39 #include "ssl.h" |
39 #include "sslimpl.h" | 40 #include "sslimpl.h" |
40 #include "sslproto.h" | 41 #include "sslproto.h" |
| 42 #include "pk11func.h" |
41 | 43 |
42 static const char * | 44 static const char * |
43 ssl_GetCompressionMethodName(SSLCompressionMethod compression) | 45 ssl_GetCompressionMethodName(SSLCompressionMethod compression) |
44 { | 46 { |
45 switch (compression) { | 47 switch (compression) { |
46 case ssl_compression_null: | 48 case ssl_compression_null: |
47 return "NULL"; | 49 return "NULL"; |
48 #ifdef NSS_ENABLE_ZLIB | 50 #ifdef NSS_ENABLE_ZLIB |
49 case ssl_compression_deflate: | 51 case ssl_compression_deflate: |
50 return "DEFLATE"; | 52 return "DEFLATE"; |
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
309 { | 311 { |
310 unsigned int i; | 312 unsigned int i; |
311 for (i = 0; i < NUM_SUITEINFOS; i++) { | 313 for (i = 0; i < NUM_SUITEINFOS; i++) { |
312 if (suiteInfo[i].cipherSuite == cipherSuite) { | 314 if (suiteInfo[i].cipherSuite == cipherSuite) { |
313 return (PRBool)(suiteInfo[i].isExportable); | 315 return (PRBool)(suiteInfo[i].isExportable); |
314 } | 316 } |
315 } | 317 } |
316 return PR_FALSE; | 318 return PR_FALSE; |
317 } | 319 } |
318 | 320 |
| 321 /* Export keying material according to draft-ietf-tls-extractor-06. |
| 322 ** fd must correspond to a TLS 1.0 or higher socket, out must |
| 323 ** be already allocated. |
| 324 */ |
| 325 SECStatus |
| 326 SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label, |
| 327 const unsigned char *context, |
| 328 unsigned int contextLen, |
| 329 unsigned char *out, |
| 330 unsigned int outLen) |
| 331 { |
| 332 sslSocket *ss; |
| 333 unsigned char *val = NULL; |
| 334 unsigned int valLen, i; |
| 335 SECStatus rv = SECFailure; |
| 336 |
| 337 ss = ssl_FindSocket(fd); |
| 338 if (!ss) { |
| 339 SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial", |
| 340 SSL_GETPID(), fd)); |
| 341 return SECFailure; |
| 342 } |
| 343 |
| 344 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) { |
| 345 PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); |
| 346 return SECFailure; |
| 347 } |
| 348 |
| 349 if (ss->ssl3.hs.ws != idle_handshake) { |
| 350 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); |
| 351 return SECFailure; |
| 352 } |
| 353 |
| 354 valLen = SSL3_RANDOM_LENGTH * 2; |
| 355 if (contextLen > 0) |
| 356 valLen += 2 /* uint16 length */ + contextLen; |
| 357 val = PORT_Alloc(valLen); |
| 358 if (val == NULL) |
| 359 return SECFailure; |
| 360 i = 0; |
| 361 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); |
| 362 i += SSL3_RANDOM_LENGTH; |
| 363 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); |
| 364 i += SSL3_RANDOM_LENGTH; |
| 365 if (contextLen > 0) { |
| 366 val[i++] = contextLen >> 8; |
| 367 val[i++] = contextLen; |
| 368 PORT_Memcpy(val + i, context, contextLen); |
| 369 i += contextLen; |
| 370 } |
| 371 PORT_Assert(i == valLen); |
| 372 |
| 373 ssl_GetSpecReadLock(ss); |
| 374 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val,
valLen, out, outLen); |
| 375 ssl_ReleaseSpecReadLock(ss); |
| 376 |
| 377 if (val != NULL) |
| 378 PORT_ZFree(val, valLen); |
| 379 return rv; |
| 380 } |
| 381 |
319 SECItem* | 382 SECItem* |
320 SSL_GetNegotiatedHostInfo(PRFileDesc *fd) | 383 SSL_GetNegotiatedHostInfo(PRFileDesc *fd) |
321 { | 384 { |
322 SECItem *sniName = NULL; | 385 SECItem *sniName = NULL; |
323 sslSocket *ss; | 386 sslSocket *ss; |
324 char *name = NULL; | 387 char *name = NULL; |
325 | 388 |
326 ss = ssl_FindSocket(fd); | 389 ss = ssl_FindSocket(fd); |
327 if (!ss) { | 390 if (!ss) { |
328 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo", | 391 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo", |
(...skipping 19 matching lines...) Expand all Loading... |
348 sniName = PORT_ZNew(SECItem); | 411 sniName = PORT_ZNew(SECItem); |
349 if (!sniName) { | 412 if (!sniName) { |
350 PORT_Free(name); | 413 PORT_Free(name); |
351 return NULL; | 414 return NULL; |
352 } | 415 } |
353 sniName->data = (void*)name; | 416 sniName->data = (void*)name; |
354 sniName->len = PORT_Strlen(name); | 417 sniName->len = PORT_Strlen(name); |
355 } | 418 } |
356 return sniName; | 419 return sniName; |
357 } | 420 } |
OLD | NEW |