net/third_party/nss/ssl/sslsock.c - Issue 9982019: Implement RFC 5764 (DTLS-SRTP).

Side by Side Diff: net/third_party/nss/ssl/sslsock.c

Issue 9982019: Implement RFC 5764 (DTLS-SRTP). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Fix coding style nits, require DTLS for the use_srtp extension Created 8 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /*	1 /*

2 * vtables (and methods that call through them) for the 4 types of	2 * vtables (and methods that call through them) for the 4 types of

3 * SSLSockets supported. Only one type is still supported.	3 * SSLSockets supported. Only one type is still supported.

4 * Various other functions.	4 * Various other functions.

5 *	5 *

6 * *** BEGIN LICENSE BLOCK ***	6 * *** BEGIN LICENSE BLOCK ***

7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1	7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

8 *	8 *

9 * The contents of this file are subject to the Mozilla Public License Version	9 * The contents of this file are subject to the Mozilla Public License Version

10 * 1.1 (the "License"); you may not use this file except in compliance with	10 * 1.1 (the "License"); you may not use this file except in compliance with

(...skipping 207 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
218 PRBool locksEverDisabled; /* implicitly PR_FALSE */	218 PRBool locksEverDisabled; /* implicitly PR_FALSE */

219 PRBool ssl_force_locks; /* implicitly PR_FALSE */	219 PRBool ssl_force_locks; /* implicitly PR_FALSE */

220 int ssl_lock_readers = 1; /* default true. */	220 int ssl_lock_readers = 1; /* default true. */

221 char ssl_debug;	221 char ssl_debug;

222 char ssl_trace;	222 char ssl_trace;

223 FILE * ssl_trace_iob;	223 FILE * ssl_trace_iob;

224 FILE * ssl_keylog_iob;	224 FILE * ssl_keylog_iob;

225 char lockStatus[] = "Locks are ENABLED. ";	225 char lockStatus[] = "Locks are ENABLED. ";

226 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */	226 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */

227	227

	228 static PRUint16 srtpCiphers[] = {

	229 SRTP_AES128_CM_SHA1_80,

	230 SRTP_AES128_CM_SHA1_32,

	231 /* XXX what about SRTP_NULL_SHA1_80 and SRTP_NULL_SHA1_32? */
	wtc 2012/04/04 23:32:49 Should SRTP_NULL_SHA1_80 and SRTP_NULL_SHA1_32 be Should SRTP_NULL_SHA1_80 and SRTP_NULL_SHA1_32 be added to this array? You allow tstclnt.c to set these null encryption cipher suites using the letters C and D. ekr 2012/04/19 14:29:36 I think my preference is to simply not implement t Show quoted text On 2012/04/04 23:32:49, wtc wrote: > > Should SRTP_NULL_SHA1_80 and SRTP_NULL_SHA1_32 be added to > this array? You allow tstclnt.c to set these null encryption > cipher suites using the letters C and D. I think my preference is to simply not implement them, and remove them from tstclnt.c as well.
	232 0

	233 };

	234

228 /* forward declarations. */	235 /* forward declarations. */

229 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);	236 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);

230 static SECStatus ssl_MakeLocks(sslSocket *ss);	237 static SECStatus ssl_MakeLocks(sslSocket *ss);

231 static void ssl_SetDefaultsFromEnvironment(void);	238 static void ssl_SetDefaultsFromEnvironment(void);

232 static PRStatus ssl_PushIOLayer(sslSocket ns, PRFileDesc stack,	239 static PRStatus ssl_PushIOLayer(sslSocket ns, PRFileDesc stack,

233 PRDescIdentity id);	240 PRDescIdentity id);

234	241

235 /************************************************************************/	242 /************************************************************************/

236	243

237 /*	244 /*

(...skipping 1351 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1589 }	1596 }

1590 PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);	1597 PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);

1591 *bufLen = ss->ssl3.nextProto.len;	1598 *bufLen = ss->ssl3.nextProto.len;

1592 } else {	1599 } else {

1593 *bufLen = 0;	1600 *bufLen = 0;

1594 }	1601 }

1595	1602

1596 return SECSuccess;	1603 return SECSuccess;

1597 }	1604 }

1598	1605

	1606 SSL_IMPORT SECStatus SSL_SetSRTPCiphers(PRFileDesc *socket,

	1607 const PRUint16 *ciphers,

	1608 unsigned int numCiphers)

	1609 {

	1610 sslSocket * ss;

	1611 int i;

	1612

	1613 ss = ssl_FindSocket(socket);

	1614 if (!ss \|\| !IS_DTLS(ss)) {

	1615 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers"));

	1616 PORT_SetError(SEC_ERROR_INVALID_ARGS);

	1617 return SECFailure;

	1618 }

	1619

	1620 for (i = 0; i < numCiphers; i++) {

	1621 PRUint16 *srtpCipher = srtpCiphers;

	1622

	1623 while (*srtpCipher) {

	1624 if (ciphers[i] == *srtpCipher)

	1625 break;

	1626 srtpCipher++;

	1627 }

	1628 if (!*srtpCipher) {

	1629 SSL_DBG(("%d: SSL[%d]: invalid SRTP cipher suite specified"));

	1630 PORT_SetError(SEC_ERROR_INVALID_ARGS);

	1631 return SECFailure;

	1632 }

	1633 }

	1634

	1635 if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {

	1636 PORT_SetError(SEC_ERROR_INVALID_ARGS);

	1637 return SECFailure;

	1638 }

	1639 memcpy(ss->ssl3.dtlsSRTPCiphers, ciphers, sizeof(PRUint16) * numCiphers);

	1640 ss->ssl3.dtlsSRTPCipherCount = numCiphers;

	1641

	1642 return SECSuccess;

	1643 }

	1644

	1645 SECStatus

	1646 SSL_GetSRTPCipher(PRFileDesc socket, PRUint16 cipher)

	1647 {

	1648 sslSocket * ss;

	1649

	1650 ss = ssl_FindSocket(socket);

	1651 if (!ss) {

	1652 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher"));

	1653 PORT_SetError(SEC_ERROR_INVALID_ARGS);

	1654 return SECFailure;

	1655 }

	1656

	1657 if (!ss->ssl3.dtlsSRTPCipherSuite) {

	1658 PORT_SetError(SEC_ERROR_INVALID_ARGS);

	1659 return SECFailure;

	1660 }

	1661

	1662 *cipher = ss->ssl3.dtlsSRTPCipherSuite;

	1663 return SECSuccess;

	1664 }

	1665

1599 PRFileDesc *	1666 PRFileDesc *

1600 SSL_ReconfigFD(PRFileDesc model, PRFileDesc fd)	1667 SSL_ReconfigFD(PRFileDesc model, PRFileDesc fd)

1601 {	1668 {

1602 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);	1669 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);

1603 PR_NOT_REACHED("not implemented");	1670 PR_NOT_REACHED("not implemented");

1604 return NULL;	1671 return NULL;

1605	1672

1606 #if 0	1673 #if 0

1607 sslSocket * sm = NULL, *ss = NULL;	1674 sslSocket * sm = NULL, *ss = NULL;

1608 int i;	1675 int i;

(...skipping 1372 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2981 ssl_DestroySocketContents(ss);	3048 ssl_DestroySocketContents(ss);

2982 ssl_DestroyLocks(ss);	3049 ssl_DestroyLocks(ss);

2983 PORT_Free(ss);	3050 PORT_Free(ss);

2984 ss = NULL;	3051 ss = NULL;

2985 }	3052 }

2986 ss->protocolVariant = protocolVariant;	3053 ss->protocolVariant = protocolVariant;

2987 }	3054 }

2988 return ss;	3055 return ss;

2989 }	3056 }

2990	3057

OLD	NEW

« net/third_party/nss/ssl/ssl3ext.c ('K') | « net/third_party/nss/ssl/sslproto.h ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »