Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(98)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/derive.c

Issue 1053903002: Update libssl to NSS 3.18 RTM (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix typo Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/ssl/SSLerrs.h ('k') | net/third_party/nss/ssl/dtlscon.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Key Derivation that doesn't use PKCS11 2 * Key Derivation that doesn't use PKCS11
3 * 3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public 4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 7
8 #include "ssl.h" /* prereq to sslimpl.h */ 8 #include "ssl.h" /* prereq to sslimpl.h */
9 #include "certt.h" /* prereq to sslimpl.h */ 9 #include "certt.h" /* prereq to sslimpl.h */
10 #include "keythi.h" /* prereq to sslimpl.h */ 10 #include "keythi.h" /* prereq to sslimpl.h */
(...skipping 599 matching lines...) Expand 10 before | Expand all | Expand 10 after
610 SECItem param; 610 SECItem param;
611 CK_VERSION version; 611 CK_VERSION version;
612 CK_MECHANISM_TYPE mechanism_array[2]; 612 CK_MECHANISM_TYPE mechanism_array[2];
613 SECItem enc_pms = {siBuffer, NULL, 0}; 613 SECItem enc_pms = {siBuffer, NULL, 0};
614 PRBool isTLS = PR_FALSE; 614 PRBool isTLS = PR_FALSE;
615 SSLCipherSuiteInfo csdef; 615 SSLCipherSuiteInfo csdef;
616 PRBool testrsa = PR_FALSE; 616 PRBool testrsa = PR_FALSE;
617 PRBool testrsa_export = PR_FALSE; 617 PRBool testrsa_export = PR_FALSE;
618 PRBool testecdh = PR_FALSE; 618 PRBool testecdh = PR_FALSE;
619 PRBool testecdhe = PR_FALSE; 619 PRBool testecdhe = PR_FALSE;
620 #ifdef NSS_ENABLE_ECC 620 #ifndef NSS_DISABLE_ECC
621 SECKEYECParams ecParams = { siBuffer, NULL, 0 }; 621 SECKEYECParams ecParams = { siBuffer, NULL, 0 };
622 #endif 622 #endif
623 623
624 if (!cert || !srvPrivkey || !ciphersuites || !pcanbypass) { 624 if (!cert || !srvPrivkey || !ciphersuites || !pcanbypass) {
625 PORT_SetError(SEC_ERROR_INVALID_ARGS); 625 PORT_SetError(SEC_ERROR_INVALID_ARGS);
626 return SECFailure; 626 return SECFailure;
627 } 627 }
628 628
629 srvPubkey = CERT_ExtractPublicKey(cert); 629 srvPubkey = CERT_ExtractPublicKey(cert);
630 if (!srvPubkey) 630 if (!srvPubkey)
631 return SECFailure; 631 return SECFailure;
632 632
633 *pcanbypass = PR_TRUE; 633 *pcanbypass = PR_TRUE;
634 rv = SECFailure; 634 rv = SECFailure;
635 635
636 /* determine which KEAs to test */ 636 /* determine which KEAs to test */
637 /* 0 (SSL_NULL_WITH_NULL_NULL) is used as a list terminator because 637 /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
638 * SSL3 and TLS specs forbid negotiating that cipher suite number. 638 * SSL3 and TLS specs forbid negotiating that cipher suite number.
639 */ 639 */
640 for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) { 640 for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
641 /* skip SSL2 cipher suites and ones NSS doesn't support */ 641 /* skip SSL2 cipher suites and ones NSS doesn't support */
642 if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess 642 if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess
643 || SSL_IS_SSL2_CIPHER(suite) ) 643 || SSL_IS_SSL2_CIPHER(suite) )
644 continue; 644 continue;
645 switch (csdef.keaType) { 645 switch (csdef.keaType) {
646 case ssl_kea_rsa: 646 case ssl_kea_rsa:
647 switch (csdef.cipherSuite) { 647 switch (csdef.cipherSuite) {
648 case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA: 648 case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
649 case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA: 649 case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
650 » case SSL_RSA_EXPORT_WITH_RC4_40_MD5: 650 » case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
651 » case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: 651 » case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
652 testrsa_export = PR_TRUE; 652 testrsa_export = PR_TRUE;
653 } 653 }
654 if (!testrsa_export) 654 if (!testrsa_export)
655 testrsa = PR_TRUE; 655 testrsa = PR_TRUE;
656 break; 656 break;
657 case ssl_kea_ecdh: 657 case ssl_kea_ecdh:
658 if (strcmp(csdef.keaTypeName, "ECDHE") == 0) /* ephemeral? */ 658 if (strcmp(csdef.keaTypeName, "ECDHE") == 0) /* ephemeral? */
659 testecdhe = PR_TRUE; 659 testecdhe = PR_TRUE;
660 else 660 else
661 testecdh = PR_TRUE; 661 testecdh = PR_TRUE;
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
748 goto done; 748 goto done;
749 break; 749 break;
750 } 750 }
751 751
752 /* Check for NULL to avoid double free. 752 /* Check for NULL to avoid double free.
753 * SECItem_FreeItem sets data NULL in secitem.c#265 753 * SECItem_FreeItem sets data NULL in secitem.c#265
754 */ 754 */
755 if (enc_pms.data != NULL) { 755 if (enc_pms.data != NULL) {
756 SECITEM_FreeItem(&enc_pms, PR_FALSE); 756 SECITEM_FreeItem(&enc_pms, PR_FALSE);
757 } 757 }
758 #ifdef NSS_ENABLE_ECC 758 #ifndef NSS_DISABLE_ECC
759 for (; (privKeytype == ecKey && ( testecdh || testecdhe)) || 759 for (; (privKeytype == ecKey && ( testecdh || testecdhe)) ||
760 (privKeytype == rsaKey && testecdhe); ) { 760 (privKeytype == rsaKey && testecdhe); ) {
761 CK_MECHANISM_TYPE target; 761 CK_MECHANISM_TYPE target;
762 SECKEYPublicKey *keapub = NULL; 762 SECKEYPublicKey *keapub = NULL;
763 SECKEYPrivateKey *keapriv; 763 SECKEYPrivateKey *keapriv;
764 SECKEYPublicKey *cpub = NULL; /* client's ephemeral ECDH keys */ 764 SECKEYPublicKey *cpub = NULL; /* client's ephemeral ECDH keys */
765 SECKEYPrivateKey *cpriv = NULL; 765 SECKEYPrivateKey *cpriv = NULL;
766 SECKEYECParams *pecParams = NULL; 766 SECKEYECParams *pecParams = NULL;
767 767
768 if (privKeytype == ecKey && testecdhe) { 768 if (privKeytype == ecKey && testecdhe) {
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after
852 } 852 }
853 if (rv == SECSuccess && *pcanbypass == PR_FALSE) 853 if (rv == SECSuccess && *pcanbypass == PR_FALSE)
854 goto done; 854 goto done;
855 break; 855 break;
856 } 856 }
857 /* Check for NULL to avoid double free. */ 857 /* Check for NULL to avoid double free. */
858 if (ecParams.data != NULL) { 858 if (ecParams.data != NULL) {
859 PORT_Free(ecParams.data); 859 PORT_Free(ecParams.data);
860 ecParams.data = NULL; 860 ecParams.data = NULL;
861 } 861 }
862 #endif /* NSS_ENABLE_ECC */ 862 #endif /* NSS_DISABLE_ECC */
863 if (pms) 863 if (pms)
864 PK11_FreeSymKey(pms); 864 PK11_FreeSymKey(pms);
865 } 865 }
866 866
867 /* *pcanbypass has been set */ 867 /* *pcanbypass has been set */
868 rv = SECSuccess; 868 rv = SECSuccess;
869 869
870 done: 870 done:
871 if (pms) 871 if (pms)
872 PK11_FreeSymKey(pms); 872 PK11_FreeSymKey(pms);
873 873
874 /* Check for NULL to avoid double free. 874 /* Check for NULL to avoid double free.
875 * SECItem_FreeItem sets data NULL in secitem.c#265 875 * SECItem_FreeItem sets data NULL in secitem.c#265
876 */ 876 */
877 if (enc_pms.data != NULL) { 877 if (enc_pms.data != NULL) {
878 SECITEM_FreeItem(&enc_pms, PR_FALSE); 878 SECITEM_FreeItem(&enc_pms, PR_FALSE);
879 } 879 }
880 #ifdef NSS_ENABLE_ECC 880 #ifndef NSS_DISABLE_ECC
881 if (ecParams.data != NULL) { 881 if (ecParams.data != NULL) {
882 PORT_Free(ecParams.data); 882 PORT_Free(ecParams.data);
883 ecParams.data = NULL; 883 ecParams.data = NULL;
884 } 884 }
885 #endif /* NSS_ENABLE_ECC */ 885 #endif /* NSS_DISABLE_ECC */
886 886
887 if (srvPubkey) { 887 if (srvPubkey) {
888 SECKEY_DestroyPublicKey(srvPubkey); 888 SECKEY_DestroyPublicKey(srvPubkey);
889 srvPubkey = NULL; 889 srvPubkey = NULL;
890 } 890 }
891 891
892 892
893 return rv; 893 return rv;
894 #endif /* NO_PKCS11_BYPASS */ 894 #endif /* NO_PKCS11_BYPASS */
895 } 895 }
896 896
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/SSLerrs.h ('k') | net/third_party/nss/ssl/dtlscon.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698