| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
| 3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
| 4 * Various other functions. | 4 * Various other functions. |
| 5 * | 5 * |
| 6 * ***** BEGIN LICENSE BLOCK ***** | 6 * ***** BEGIN LICENSE BLOCK ***** |
| 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 8 * | 8 * |
| 9 * The contents of this file are subject to the Mozilla Public License Version | 9 * The contents of this file are subject to the Mozilla Public License Version |
| 10 * 1.1 (the "License"); you may not use this file except in compliance with | 10 * 1.1 (the "License"); you may not use this file except in compliance with |
| (...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 216 PRBool locksEverDisabled; /* implicitly PR_FALSE */ | 216 PRBool locksEverDisabled; /* implicitly PR_FALSE */ |
| 217 PRBool ssl_force_locks; /* implicitly PR_FALSE */ | 217 PRBool ssl_force_locks; /* implicitly PR_FALSE */ |
| 218 int ssl_lock_readers = 1; /* default true. */ | 218 int ssl_lock_readers = 1; /* default true. */ |
| 219 char ssl_debug; | 219 char ssl_debug; |
| 220 char ssl_trace; | 220 char ssl_trace; |
| 221 FILE * ssl_trace_iob; | 221 FILE * ssl_trace_iob; |
| 222 FILE * ssl_keylog_iob; | 222 FILE * ssl_keylog_iob; |
| 223 char lockStatus[] = "Locks are ENABLED. "; | 223 char lockStatus[] = "Locks are ENABLED. "; |
| 224 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */ | 224 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */ |
| 225 | 225 |
| 226 /* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */ |
| 227 static const PRUint16 srtpCiphers[] = { |
| 228 SRTP_AES128_CM_HMAC_SHA1_80, |
| 229 SRTP_AES128_CM_HMAC_SHA1_32, |
| 230 0 |
| 231 }; |
| 232 |
| 226 /* forward declarations. */ | 233 /* forward declarations. */ |
| 227 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant); | 234 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant); |
| 228 static SECStatus ssl_MakeLocks(sslSocket *ss); | 235 static SECStatus ssl_MakeLocks(sslSocket *ss); |
| 229 static void ssl_SetDefaultsFromEnvironment(void); | 236 static void ssl_SetDefaultsFromEnvironment(void); |
| 230 static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, | 237 static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, |
| 231 PRDescIdentity id); | 238 PRDescIdentity id); |
| 232 | 239 |
| 233 /************************************************************************/ | 240 /************************************************************************/ |
| 234 | 241 |
| 235 /* | 242 /* |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 281 ss->fd = layer; | 288 ss->fd = layer; |
| 282 return ss; | 289 return ss; |
| 283 } | 290 } |
| 284 | 291 |
| 285 sslSocket * | 292 sslSocket * |
| 286 ssl_DupSocket(sslSocket *os) | 293 ssl_DupSocket(sslSocket *os) |
| 287 { | 294 { |
| 288 sslSocket *ss; | 295 sslSocket *ss; |
| 289 SECStatus rv; | 296 SECStatus rv; |
| 290 | 297 |
| 291 /* Not implemented for datagram */ | |
| 292 if (IS_DTLS(os)) { | |
| 293 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); | |
| 294 return NULL; | |
| 295 } | |
| 296 | |
| 297 ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant); | 298 ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant); |
| 298 if (ss) { | 299 if (ss) { |
| 299 ss->opt = os->opt; | 300 ss->opt = os->opt; |
| 300 ss->opt.useSocks = PR_FALSE; | 301 ss->opt.useSocks = PR_FALSE; |
| 301 ss->vrange = os->vrange; | 302 ss->vrange = os->vrange; |
| 302 | 303 |
| 303 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); | 304 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); |
| 304 ss->url = !os->url ? NULL : PORT_Strdup(os->url); | 305 ss->url = !os->url ? NULL : PORT_Strdup(os->url); |
| 305 | 306 |
| 306 ss->ops = os->ops; | 307 ss->ops = os->ops; |
| 307 ss->rTimeout = os->rTimeout; | 308 ss->rTimeout = os->rTimeout; |
| 308 ss->wTimeout = os->wTimeout; | 309 ss->wTimeout = os->wTimeout; |
| 309 ss->cTimeout = os->cTimeout; | 310 ss->cTimeout = os->cTimeout; |
| 310 ss->dbHandle = os->dbHandle; | 311 ss->dbHandle = os->dbHandle; |
| 311 | 312 |
| 312 /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */ | 313 /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */ |
| 313 ss->allowedByPolicy = os->allowedByPolicy; | 314 ss->allowedByPolicy = os->allowedByPolicy; |
| 314 ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; | 315 ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; |
| 315 ss->chosenPreference = os->chosenPreference; | 316 ss->chosenPreference = os->chosenPreference; |
| 316 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites)
; | 317 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites)
; |
| 318 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, |
| 319 sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); |
| 320 ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; |
| 317 | 321 |
| 318 if (os->cipherSpecs) { | 322 if (os->cipherSpecs) { |
| 319 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); | 323 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); |
| 320 if (ss->cipherSpecs) | 324 if (ss->cipherSpecs) |
| 321 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, | 325 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, |
| 322 os->sizeCipherSpecs); | 326 os->sizeCipherSpecs); |
| 323 ss->sizeCipherSpecs = os->sizeCipherSpecs; | 327 ss->sizeCipherSpecs = os->sizeCipherSpecs; |
| 324 ss->preferredCipher = os->preferredCipher; | 328 ss->preferredCipher = os->preferredCipher; |
| 325 } else { | 329 } else { |
| 326 ss->cipherSpecs = NULL; /* produced lazily */ | 330 ss->cipherSpecs = NULL; /* produced lazily */ |
| (...skipping 1240 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1567 } | 1571 } |
| 1568 PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); | 1572 PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); |
| 1569 *bufLen = ss->ssl3.nextProto.len; | 1573 *bufLen = ss->ssl3.nextProto.len; |
| 1570 } else { | 1574 } else { |
| 1571 *bufLen = 0; | 1575 *bufLen = 0; |
| 1572 } | 1576 } |
| 1573 | 1577 |
| 1574 return SECSuccess; | 1578 return SECSuccess; |
| 1575 } | 1579 } |
| 1576 | 1580 |
| 1581 SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd, |
| 1582 const PRUint16 *ciphers, |
| 1583 unsigned int numCiphers) |
| 1584 { |
| 1585 sslSocket *ss; |
| 1586 int i; |
| 1587 |
| 1588 ss = ssl_FindSocket(fd); |
| 1589 if (!ss || !IS_DTLS(ss)) { |
| 1590 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers", |
| 1591 SSL_GETPID(), fd)); |
| 1592 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1593 return SECFailure; |
| 1594 } |
| 1595 |
| 1596 if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) { |
| 1597 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1598 return SECFailure; |
| 1599 } |
| 1600 |
| 1601 ss->ssl3.dtlsSRTPCipherCount = 0; |
| 1602 for (i = 0; i < numCiphers; i++) { |
| 1603 const PRUint16 *srtpCipher = srtpCiphers; |
| 1604 |
| 1605 while (*srtpCipher) { |
| 1606 if (ciphers[i] == *srtpCipher) |
| 1607 break; |
| 1608 srtpCipher++; |
| 1609 } |
| 1610 if (*srtpCipher) { |
| 1611 ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] = |
| 1612 ciphers[i]; |
| 1613 } else { |
| 1614 SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher " |
| 1615 "suite specified: 0x%04hx", SSL_GETPID(), fd, |
| 1616 ciphers[i])); |
| 1617 } |
| 1618 } |
| 1619 |
| 1620 if (ss->ssl3.dtlsSRTPCipherCount == 0) { |
| 1621 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1622 return SECFailure; |
| 1623 } |
| 1624 |
| 1625 return SECSuccess; |
| 1626 } |
| 1627 |
| 1628 SECStatus |
| 1629 SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher) |
| 1630 { |
| 1631 sslSocket * ss; |
| 1632 |
| 1633 ss = ssl_FindSocket(fd); |
| 1634 if (!ss) { |
| 1635 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher", |
| 1636 SSL_GETPID(), fd)); |
| 1637 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1638 return SECFailure; |
| 1639 } |
| 1640 |
| 1641 if (!ss->ssl3.dtlsSRTPCipherSuite) { |
| 1642 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1643 return SECFailure; |
| 1644 } |
| 1645 |
| 1646 *cipher = ss->ssl3.dtlsSRTPCipherSuite; |
| 1647 return SECSuccess; |
| 1648 } |
| 1649 |
| 1577 PRFileDesc * | 1650 PRFileDesc * |
| 1578 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) | 1651 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) |
| 1579 { | 1652 { |
| 1580 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); | 1653 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); |
| 1581 PR_NOT_REACHED("not implemented"); | 1654 PR_NOT_REACHED("not implemented"); |
| 1582 return NULL; | 1655 return NULL; |
| 1583 | 1656 |
| 1584 #if 0 | 1657 #if 0 |
| 1585 sslSocket * sm = NULL, *ss = NULL; | 1658 sslSocket * sm = NULL, *ss = NULL; |
| 1586 int i; | 1659 int i; |
| (...skipping 13 matching lines...) Expand all Loading... |
| 1600 ss = ssl_FindSocket(fd); | 1673 ss = ssl_FindSocket(fd); |
| 1601 PORT_Assert(ss); | 1674 PORT_Assert(ss); |
| 1602 if (ss == NULL) { | 1675 if (ss == NULL) { |
| 1603 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1676 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1604 return NULL; | 1677 return NULL; |
| 1605 } | 1678 } |
| 1606 | 1679 |
| 1607 ss->opt = sm->opt; | 1680 ss->opt = sm->opt; |
| 1608 ss->vrange = sm->vrange; | 1681 ss->vrange = sm->vrange; |
| 1609 PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites); | 1682 PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites); |
| 1683 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers, |
| 1684 sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount); |
| 1685 ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount; |
| 1610 | 1686 |
| 1611 if (!ss->opt.useSecurity) { | 1687 if (!ss->opt.useSecurity) { |
| 1612 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1688 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1613 return NULL; | 1689 return NULL; |
| 1614 } | 1690 } |
| 1615 /* This int should be SSLKEAType, but CC on Irix complains, | 1691 /* This int should be SSLKEAType, but CC on Irix complains, |
| 1616 * during the for loop. | 1692 * during the for loop. |
| 1617 */ | 1693 */ |
| 1618 for (i=kt_null; i < kt_kea_size; i++) { | 1694 for (i=kt_null; i < kt_kea_size; i++) { |
| 1619 mc = &(sm->serverCerts[i]); | 1695 mc = &(sm->serverCerts[i]); |
| (...skipping 1345 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2965 ssl_DestroySocketContents(ss); | 3041 ssl_DestroySocketContents(ss); |
| 2966 ssl_DestroyLocks(ss); | 3042 ssl_DestroyLocks(ss); |
| 2967 PORT_Free(ss); | 3043 PORT_Free(ss); |
| 2968 ss = NULL; | 3044 ss = NULL; |
| 2969 } | 3045 } |
| 2970 ss->protocolVariant = protocolVariant; | 3046 ss->protocolVariant = protocolVariant; |
| 2971 } | 3047 } |
| 2972 return ss; | 3048 return ss; |
| 2973 } | 3049 } |
| 2974 | 3050 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9982019:
Implement RFC 5764 (DTLS-SRTP). (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/