net/third_party/nss/ssl/sslinfo.c - Issue 7493056: net: allow SSL secrets to be exported sooner.

Side by Side Diff: net/third_party/nss/ssl/sslinfo.c

Issue 7493056: net: allow SSL secrets to be exported sooner. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: ... Created 9 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /* *** BEGIN LICENSE BLOCK ***	1 /* *** BEGIN LICENSE BLOCK ***

2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1	2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

3 *	3 *

4 * The contents of this file are subject to the Mozilla Public License Version	4 * The contents of this file are subject to the Mozilla Public License Version

5 * 1.1 (the "License"); you may not use this file except in compliance with	5 * 1.1 (the "License"); you may not use this file except in compliance with

6 * the License. You may obtain a copy of the License at	6 * the License. You may obtain a copy of the License at

7 * http://www.mozilla.org/MPL/	7 * http://www.mozilla.org/MPL/

8 *	8 *

9 * Software distributed under the License is distributed on an "AS IS" basis,	9 * Software distributed under the License is distributed on an "AS IS" basis,

10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License	10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License

(...skipping 21 matching lines...) Expand all Loading...
32 * decision by deleting the provisions above and replace them with the notice	32 * decision by deleting the provisions above and replace them with the notice

33 * and other provisions required by the GPL or the LGPL. If you do not delete	33 * and other provisions required by the GPL or the LGPL. If you do not delete

34 * the provisions above, a recipient may use your version of this file under	34 * the provisions above, a recipient may use your version of this file under

35 * the terms of any one of the MPL, the GPL or the LGPL.	35 * the terms of any one of the MPL, the GPL or the LGPL.

36 *	36 *

37 * *** END LICENSE BLOCK *** */	37 * *** END LICENSE BLOCK *** */

38 /* $Id: sslinfo.c,v 1.23.2.1 2010/09/02 01:13:46 wtc%google.com Exp $ */	38 /* $Id: sslinfo.c,v 1.23.2.1 2010/09/02 01:13:46 wtc%google.com Exp $ */

39 #include "ssl.h"	39 #include "ssl.h"

40 #include "sslimpl.h"	40 #include "sslimpl.h"

41 #include "sslproto.h"	41 #include "sslproto.h"

42 #include "pk11func.h"

43	42

44 static const char *	43 static const char *

45 ssl_GetCompressionMethodName(SSLCompressionMethod compression)	44 ssl_GetCompressionMethodName(SSLCompressionMethod compression)

46 {	45 {

47 switch (compression) {	46 switch (compression) {

48 case ssl_compression_null:	47 case ssl_compression_null:

49 return "NULL";	48 return "NULL";

50 #ifdef NSS_ENABLE_ZLIB	49 #ifdef NSS_ENABLE_ZLIB

51 case ssl_compression_deflate:	50 case ssl_compression_deflate:

52 return "DEFLATE";	51 return "DEFLATE";

(...skipping 258 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
311 {	310 {

312 unsigned int i;	311 unsigned int i;

313 for (i = 0; i < NUM_SUITEINFOS; i++) {	312 for (i = 0; i < NUM_SUITEINFOS; i++) {

314 if (suiteInfo[i].cipherSuite == cipherSuite) {	313 if (suiteInfo[i].cipherSuite == cipherSuite) {

315 return (PRBool)(suiteInfo[i].isExportable);	314 return (PRBool)(suiteInfo[i].isExportable);

316 }	315 }

317 }	316 }

318 return PR_FALSE;	317 return PR_FALSE;

319 }	318 }

320	319

321 /* Export keying material according to draft-ietf-tls-extractor-06.	320 /* Export keying material according to RFC 5705.

322 ** fd must correspond to a TLS 1.0 or higher socket, out must	321 ** fd must correspond to a TLS 1.0 or higher socket, out must

323 ** be already allocated.	322 ** be already allocated.

324 */	323 */

325 SECStatus	324 SECStatus

326 SSL_ExportKeyingMaterial(PRFileDesc fd, const char label,	325 SSL_ExportKeyingMaterial(PRFileDesc *fd,

	326 » » » const char *label,

	327 » » » unsigned int labelLen,

327 const unsigned char *context,	328 const unsigned char *context,

328 unsigned int contextLen,	329 unsigned int contextLen,

329 unsigned char *out,	330 unsigned char *out,

330 unsigned int outLen)	331 unsigned int outLen)

331 {	332 {

332 sslSocket *ss;	333 sslSocket *ss;

333 unsigned char *val = NULL;	334 unsigned char *val = NULL;

334 unsigned int valLen, i;	335 unsigned int valLen, i;

335 SECStatus rv = SECFailure;	336 SECStatus rv = SECFailure;

336	337

337 ss = ssl_FindSocket(fd);	338 ss = ssl_FindSocket(fd);

338 if (!ss) {	339 if (!ss) {

339 SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",	340 SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",

340 SSL_GETPID(), fd));	341 SSL_GETPID(), fd));

341 return SECFailure;	342 return SECFailure;

342 }	343 }

343	344

344 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {	345 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {

345 PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);	346 PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);

346 return SECFailure;	347 return SECFailure;

347 }	348 }

348	349

349 if (ss->ssl3.hs.ws != idle_handshake) {

350 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);

351 return SECFailure;

352 }

353

354 valLen = SSL3_RANDOM_LENGTH * 2;	350 valLen = SSL3_RANDOM_LENGTH * 2;

355 if (contextLen > 0)	351 if (contextLen > 0)

356 valLen += 2 /* uint16 length */ + contextLen;	352 valLen += 2 /* uint16 length */ + contextLen;

357 val = PORT_Alloc(valLen);	353 val = PORT_Alloc(valLen);

358 if (val == NULL)	354 if (val == NULL)

359 return SECFailure;	355 return SECFailure;

360 i = 0;	356 i = 0;

361 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);	357 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);

362 i += SSL3_RANDOM_LENGTH;	358 i += SSL3_RANDOM_LENGTH;

363 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);	359 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);

364 i += SSL3_RANDOM_LENGTH;	360 i += SSL3_RANDOM_LENGTH;

365 if (contextLen > 0) {	361 if (contextLen > 0) {

366 val[i++] = contextLen >> 8;	362 val[i++] = contextLen >> 8;

367 val[i++] = contextLen;	363 val[i++] = contextLen;

368 PORT_Memcpy(val + i, context, contextLen);	364 PORT_Memcpy(val + i, context, contextLen);

369 i += contextLen;	365 i += contextLen;

370 }	366 }

371 PORT_Assert(i == valLen);	367 PORT_Assert(i == valLen);

372	368

373 ssl_GetSpecReadLock(ss);	369 ssl_GetSpecReadLock(ss);

374 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val, valLen, out, outLen);	370 if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {

	371 » PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);

	372 » rv = SECFailure;

	373 } else {

	374 » rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,

	375 » » » » » valLen, out, outLen);

	376 }

375 ssl_ReleaseSpecReadLock(ss);	377 ssl_ReleaseSpecReadLock(ss);

376	378

377 if (val != NULL)	379 PORT_ZFree(val, valLen);

378 » PORT_ZFree(val, valLen);

379 return rv;	380 return rv;

380 }	381 }

381	382

382 SECItem*	383 SECItem*

383 SSL_GetNegotiatedHostInfo(PRFileDesc *fd)	384 SSL_GetNegotiatedHostInfo(PRFileDesc *fd)

384 {	385 {

385 SECItem *sniName = NULL;	386 SECItem *sniName = NULL;

386 sslSocket *ss;	387 sslSocket *ss;

387 char *name = NULL;	388 char *name = NULL;

388	389

(...skipping 22 matching lines...) Expand all Loading...
411 sniName = PORT_ZNew(SECItem);	412 sniName = PORT_ZNew(SECItem);

412 if (!sniName) {	413 if (!sniName) {

413 PORT_Free(name);	414 PORT_Free(name);

414 return NULL;	415 return NULL;

415 }	416 }

416 sniName->data = (void*)name;	417 sniName->data = (void*)name;

417 sniName->len = PORT_Strlen(name);	418 sniName->len = PORT_Strlen(name);

418 }	419 }

419 return sniName;	420 return sniName;

420 }	421 }

OLD	NEW

« no previous file with comments | « net/third_party/nss/ssl/ssl3con.c ('k') | no next file » | no next file with comments »