OLD | NEW |
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c | 1 diff --git a/ssl/ssl.h b/ssl/ssl.h |
2 --- a/nss/lib/ssl/ssl3con.c» 2014-01-17 17:59:03.242109996 -0800 | 2 index 716537d..80717db 100644 |
3 +++ b/nss/lib/ssl/ssl3con.c» 2014-01-17 17:59:45.862816905 -0800 | 3 --- a/ssl/ssl.h |
4 @@ -12383,6 +12383,68 @@ ssl3_InitSocketPolicy(sslSocket *ss) | 4 +++ b/ssl/ssl.h |
| 5 @@ -292,6 +292,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 ciphe
r, PRBool *enabled); |
| 6 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); |
| 7 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); |
| 8 |
| 9 +/* SSLChannelBindingType enumerates the types of supported channel binding |
| 10 + * values. See RFC 5929. */ |
| 11 +typedef enum SSLChannelBindingType { |
| 12 + SSL_CHANNEL_BINDING_TLS_UNIQUE = 1, |
| 13 +} SSLChannelBindingType; |
| 14 + |
| 15 +/* SSL_GetChannelBinding copies the requested channel binding value, as defined |
| 16 + * in RFC 5929, into |out|. The full length of the binding value is written |
| 17 + * into |*outLen|. |
| 18 + * |
| 19 + * At most |outLenMax| bytes of data are copied. If |outLenMax| is |
| 20 + * insufficient then the function returns SECFailure and sets the error to |
| 21 + * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set. |
| 22 + * |
| 23 + * This call will fail if made during a renegotiation. */ |
| 24 +SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd, |
| 25 +» » » » » SSLChannelBindingType binding_type, |
| 26 +» » » » » unsigned char *out, |
| 27 +» » » » » unsigned int *outLen, |
| 28 +» » » » » unsigned int outLenMax); |
| 29 + |
| 30 /* SSL Version Range API |
| 31 ** |
| 32 ** This API should be used to control SSL 3.0 & TLS support instead of the |
| 33 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c |
| 34 index 45c3454..67c8f6d 100644 |
| 35 --- a/ssl/ssl3con.c |
| 36 +++ b/ssl/ssl3con.c |
| 37 @@ -12471,6 +12471,68 @@ ssl3_InitSocketPolicy(sslSocket *ss) |
5 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); | 38 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); |
6 } | 39 } |
7 | 40 |
8 +SECStatus | 41 +SECStatus |
9 +ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, | 42 +ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, |
10 + unsigned char *out, | 43 + unsigned char *out, |
11 + unsigned int *outLen, | 44 + unsigned int *outLen, |
12 + unsigned int outLenMax) { | 45 + unsigned int outLenMax) { |
13 + PRBool isTLS; | 46 + PRBool isTLS; |
14 + int index = 0; | 47 + int index = 0; |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
63 + rv = SECSuccess; | 96 + rv = SECSuccess; |
64 + | 97 + |
65 +loser: | 98 +loser: |
66 + ssl_ReleaseSSL3HandshakeLock(ss); | 99 + ssl_ReleaseSSL3HandshakeLock(ss); |
67 + return rv; | 100 + return rv; |
68 +} | 101 +} |
69 + | 102 + |
70 /* ssl3_config_match_init must have already been called by | 103 /* ssl3_config_match_init must have already been called by |
71 * the caller of this function. | 104 * the caller of this function. |
72 */ | 105 */ |
73 diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h | 106 diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h |
74 --- a/nss/lib/ssl/ssl.h»2014-01-17 17:59:03.242109996 -0800 | 107 index 57346cb..2d21e90 100644 |
75 +++ b/nss/lib/ssl/ssl.h»2014-01-17 17:59:45.862816905 -0800 | 108 --- a/ssl/sslimpl.h |
76 @@ -282,6 +282,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDe | 109 +++ b/ssl/sslimpl.h |
77 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); | 110 @@ -1857,6 +1857,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivat
eKey *svrPrivKey, |
78 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); | |
79 | |
80 +/* SSLChannelBindingType enumerates the types of supported channel binding | |
81 + * values. See RFC 5929. */ | |
82 +typedef enum SSLChannelBindingType { | |
83 + SSL_CHANNEL_BINDING_TLS_UNIQUE = 1, | |
84 +} SSLChannelBindingType; | |
85 + | |
86 +/* SSL_GetChannelBinding copies the requested channel binding value, as defined | |
87 + * in RFC 5929, into |out|. The full length of the binding value is written | |
88 + * into |*outLen|. | |
89 + * | |
90 + * At most |outLenMax| bytes of data are copied. If |outLenMax| is | |
91 + * insufficient then the function returns SECFailure and sets the error to | |
92 + * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set. | |
93 + * | |
94 + * This call will fail if made during a renegotiation. */ | |
95 +SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd, | |
96 +» » » » » SSLChannelBindingType binding_type, | |
97 +» » » » » unsigned char *out, | |
98 +» » » » » unsigned int *outLen, | |
99 +» » » » » unsigned int outLenMax); | |
100 + | |
101 /* SSL Version Range API | |
102 ** | |
103 ** This API should be used to control SSL 3.0 & TLS support instead of the | |
104 diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h | |
105 --- a/nss/lib/ssl/sslimpl.h» 2014-01-17 17:59:03.242109996 -0800 | |
106 +++ b/nss/lib/ssl/sslimpl.h» 2014-01-17 17:59:45.862816905 -0800 | |
107 @@ -1853,6 +1853,11 @@ extern PRBool ssl_GetSessionTicketKeysPK | |
108 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, | 111 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, |
109 unsigned int length); | 112 unsigned int length); |
110 | 113 |
111 +extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, | 114 +extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, |
112 + unsigned char *out, | 115 + unsigned char *out, |
113 + unsigned int *outLen, | 116 + unsigned int *outLen, |
114 + unsigned int outLenMax); | 117 + unsigned int outLenMax); |
115 + | 118 + |
116 /* Construct a new NSPR socket for the app to use */ | 119 /* Construct a new NSPR socket for the app to use */ |
117 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); | 120 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); |
118 extern void ssl_FreePRSocket(PRFileDesc *fd); | 121 extern void ssl_FreePRSocket(PRFileDesc *fd); |
119 diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c | 122 diff --git a/ssl/sslsock.c b/ssl/sslsock.c |
120 --- a/nss/lib/ssl/sslsock.c» 2014-01-17 17:59:03.252110162 -0800 | 123 index d3f3bf4..47906e0 100644 |
121 +++ b/nss/lib/ssl/sslsock.c» 2014-01-17 17:59:45.872817074 -0800 | 124 --- a/ssl/sslsock.c |
122 @@ -1308,6 +1308,27 @@ NSS_SetFrancePolicy(void) | 125 +++ b/ssl/sslsock.c |
| 126 @@ -1345,6 +1345,27 @@ NSS_SetFrancePolicy(void) |
123 return NSS_SetDomesticPolicy(); | 127 return NSS_SetDomesticPolicy(); |
124 } | 128 } |
125 | 129 |
126 +SECStatus | 130 +SECStatus |
127 +SSL_GetChannelBinding(PRFileDesc *fd, | 131 +SSL_GetChannelBinding(PRFileDesc *fd, |
128 + SSLChannelBindingType binding_type, | 132 + SSLChannelBindingType binding_type, |
129 + unsigned char *out, | 133 + unsigned char *out, |
130 + unsigned int *outLen, | 134 + unsigned int *outLen, |
131 + unsigned int outLenMax) { | 135 + unsigned int outLenMax) { |
132 + sslSocket *ss = ssl_FindSocket(fd); | 136 + sslSocket *ss = ssl_FindSocket(fd); |
133 + | 137 + |
134 + if (!ss) { | 138 + if (!ss) { |
135 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding", | 139 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding", |
136 + SSL_GETPID(), fd)); | 140 + SSL_GETPID(), fd)); |
137 + return SECFailure; | 141 + return SECFailure; |
138 + } | 142 + } |
139 + | 143 + |
140 + if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) { | 144 + if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) { |
141 + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); | 145 + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); |
142 + return SECFailure; | 146 + return SECFailure; |
143 + } | 147 + } |
144 + | 148 + |
145 + return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax); | 149 + return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax); |
146 +} | 150 +} |
147 | 151 |
148 | 152 |
149 /* LOCKS ??? XXX */ | 153 /* LOCKS ??? XXX */ |
OLD | NEW |