OLD | NEW |
---|---|
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
(...skipping 21 matching lines...) Expand all Loading... | |
32 * decision by deleting the provisions above and replace them with the notice | 32 * decision by deleting the provisions above and replace them with the notice |
33 * and other provisions required by the GPL or the LGPL. If you do not delete | 33 * and other provisions required by the GPL or the LGPL. If you do not delete |
34 * the provisions above, a recipient may use your version of this file under | 34 * the provisions above, a recipient may use your version of this file under |
35 * the terms of any one of the MPL, the GPL or the LGPL. | 35 * the terms of any one of the MPL, the GPL or the LGPL. |
36 * | 36 * |
37 * ***** END LICENSE BLOCK ***** */ | 37 * ***** END LICENSE BLOCK ***** */ |
38 /* $Id: sslinfo.c,v 1.23.2.1 2010/09/02 01:13:46 wtc%google.com Exp $ */ | 38 /* $Id: sslinfo.c,v 1.23.2.1 2010/09/02 01:13:46 wtc%google.com Exp $ */ |
39 #include "ssl.h" | 39 #include "ssl.h" |
40 #include "sslimpl.h" | 40 #include "sslimpl.h" |
41 #include "sslproto.h" | 41 #include "sslproto.h" |
42 #include "pk11func.h" | |
43 | 42 |
44 static const char * | 43 static const char * |
45 ssl_GetCompressionMethodName(SSLCompressionMethod compression) | 44 ssl_GetCompressionMethodName(SSLCompressionMethod compression) |
46 { | 45 { |
47 switch (compression) { | 46 switch (compression) { |
48 case ssl_compression_null: | 47 case ssl_compression_null: |
49 return "NULL"; | 48 return "NULL"; |
50 #ifdef NSS_ENABLE_ZLIB | 49 #ifdef NSS_ENABLE_ZLIB |
51 case ssl_compression_deflate: | 50 case ssl_compression_deflate: |
52 return "DEFLATE"; | 51 return "DEFLATE"; |
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
311 { | 310 { |
312 unsigned int i; | 311 unsigned int i; |
313 for (i = 0; i < NUM_SUITEINFOS; i++) { | 312 for (i = 0; i < NUM_SUITEINFOS; i++) { |
314 if (suiteInfo[i].cipherSuite == cipherSuite) { | 313 if (suiteInfo[i].cipherSuite == cipherSuite) { |
315 return (PRBool)(suiteInfo[i].isExportable); | 314 return (PRBool)(suiteInfo[i].isExportable); |
316 } | 315 } |
317 } | 316 } |
318 return PR_FALSE; | 317 return PR_FALSE; |
319 } | 318 } |
320 | 319 |
321 /* Export keying material according to draft-ietf-tls-extractor-06. | 320 /* Export keying material according to RFC 5705. |
322 ** fd must correspond to a TLS 1.0 or higher socket, out must | 321 ** fd must correspond to a TLS 1.0 or higher socket, out must |
323 ** be already allocated. | 322 ** be already allocated. |
324 */ | 323 */ |
325 SECStatus | 324 SECStatus |
326 SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label, | 325 SSL_ExportKeyingMaterial(PRFileDesc *fd, |
326 » » » const char *label, | |
327 » » » unsigned int labelLen, | |
327 const unsigned char *context, | 328 const unsigned char *context, |
328 unsigned int contextLen, | 329 unsigned int contextLen, |
329 unsigned char *out, | 330 unsigned char *out, |
330 unsigned int outLen) | 331 unsigned int outLen) |
331 { | 332 { |
332 sslSocket *ss; | 333 sslSocket *ss; |
333 unsigned char *val = NULL; | 334 unsigned char *val = NULL; |
334 unsigned int valLen, i; | 335 unsigned int valLen, i; |
335 SECStatus rv = SECFailure; | 336 SECStatus rv = SECFailure; |
336 | 337 |
337 ss = ssl_FindSocket(fd); | 338 ss = ssl_FindSocket(fd); |
338 if (!ss) { | 339 if (!ss) { |
339 SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial", | 340 SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial", |
340 SSL_GETPID(), fd)); | 341 SSL_GETPID(), fd)); |
341 return SECFailure; | 342 return SECFailure; |
342 } | 343 } |
343 | 344 |
344 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) { | 345 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) { |
345 PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); | 346 PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); |
346 return SECFailure; | 347 return SECFailure; |
347 } | 348 } |
348 | 349 |
349 if (ss->ssl3.hs.ws != idle_handshake) { | |
350 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); | |
351 return SECFailure; | |
352 } | |
353 | |
354 valLen = SSL3_RANDOM_LENGTH * 2; | 350 valLen = SSL3_RANDOM_LENGTH * 2; |
355 if (contextLen > 0) | 351 if (contextLen > 0) |
356 valLen += 2 /* uint16 length */ + contextLen; | 352 valLen += 2 /* uint16 length */ + contextLen; |
357 val = PORT_Alloc(valLen); | 353 val = PORT_Alloc(valLen); |
358 if (val == NULL) | 354 if (val == NULL) |
359 return SECFailure; | 355 return SECFailure; |
360 i = 0; | 356 i = 0; |
361 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); | 357 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); |
362 i += SSL3_RANDOM_LENGTH; | 358 i += SSL3_RANDOM_LENGTH; |
363 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); | 359 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); |
364 i += SSL3_RANDOM_LENGTH; | 360 i += SSL3_RANDOM_LENGTH; |
365 if (contextLen > 0) { | 361 if (contextLen > 0) { |
366 val[i++] = contextLen >> 8; | 362 val[i++] = contextLen >> 8; |
367 val[i++] = contextLen; | 363 val[i++] = contextLen; |
368 PORT_Memcpy(val + i, context, contextLen); | 364 PORT_Memcpy(val + i, context, contextLen); |
369 i += contextLen; | 365 i += contextLen; |
370 } | 366 } |
371 PORT_Assert(i == valLen); | 367 PORT_Assert(i == valLen); |
372 | 368 |
373 ssl_GetSpecReadLock(ss); | 369 ssl_GetSpecReadLock(ss); |
374 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val, valLen, out, outLen); | 370 if (ss->ssl3.cwSpec->master_secret == NULL) { |
wtc
2011/07/25 17:31:13
I'd like to doublecheck this ss->ssl3.cwSpec->mast
wtc
2011/07/25 18:51:22
I checked this test again. There are two possible
agl
2011/07/26 13:50:04
Done.
| |
371 » PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); | |
372 » rv = SECFailure; | |
373 } else { | |
374 » rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, | |
375 » » » » » valLen, out, outLen); | |
376 } | |
375 ssl_ReleaseSpecReadLock(ss); | 377 ssl_ReleaseSpecReadLock(ss); |
376 | 378 |
377 if (val != NULL) | 379 PORT_ZFree(val, valLen); |
378 » PORT_ZFree(val, valLen); | |
379 return rv; | 380 return rv; |
380 } | 381 } |
381 | 382 |
382 SECItem* | 383 SECItem* |
383 SSL_GetNegotiatedHostInfo(PRFileDesc *fd) | 384 SSL_GetNegotiatedHostInfo(PRFileDesc *fd) |
384 { | 385 { |
385 SECItem *sniName = NULL; | 386 SECItem *sniName = NULL; |
386 sslSocket *ss; | 387 sslSocket *ss; |
387 char *name = NULL; | 388 char *name = NULL; |
388 | 389 |
(...skipping 22 matching lines...) Expand all Loading... | |
411 sniName = PORT_ZNew(SECItem); | 412 sniName = PORT_ZNew(SECItem); |
412 if (!sniName) { | 413 if (!sniName) { |
413 PORT_Free(name); | 414 PORT_Free(name); |
414 return NULL; | 415 return NULL; |
415 } | 416 } |
416 sniName->data = (void*)name; | 417 sniName->data = (void*)name; |
417 sniName->len = PORT_Strlen(name); | 418 sniName->len = PORT_Strlen(name); |
418 } | 419 } |
419 return sniName; | 420 return sniName; |
420 } | 421 } |
OLD | NEW |