| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
| 3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
| 4 * Various other functions. | 4 * Various other functions. |
| 5 * | 5 * |
| 6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
| 7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 9 #include "seccomon.h" | 9 #include "seccomon.h" |
| 10 #include "cert.h" | 10 #include "cert.h" |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 #include "nss.h" | 21 #include "nss.h" |
| 22 | 22 |
| 23 /* This is a bodge to allow this code to be compiled against older NSS headers | 23 /* This is a bodge to allow this code to be compiled against older NSS headers |
| 24 * that don't contain the TLS 1.2 changes. */ | 24 * that don't contain the TLS 1.2 changes. */ |
| 25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 | 25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 |
| 26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) | 26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
| 27 #endif | 27 #endif |
| 28 | 28 |
| 29 #define SET_ERROR_CODE /* reminder */ | 29 #define SET_ERROR_CODE /* reminder */ |
| 30 | 30 |
| 31 struct cipherPolicyStr { | |
| 32 int cipher; | |
| 33 unsigned char export; /* policy value for export policy */ | |
| 34 unsigned char france; /* policy value for france policy */ | |
| 35 }; | |
| 36 | |
| 37 typedef struct cipherPolicyStr cipherPolicy; | |
| 38 | |
| 39 /* This table contains two preconfigured policies: Export and France. | |
| 40 ** It is used only by the functions NSS_SetDomesticPolicy, | |
| 41 ** NSS_SetExportPolicy, and NSS_SetFrancePolicy. | |
| 42 ** Order of entries is not important. | |
| 43 */ | |
| 44 static cipherPolicy ssl_ciphers[] = { /* Export France */ | |
| 45 { SSL_EN_RC4_128_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 46 { SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 47 { SSL_EN_RC2_128_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 48 { SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 49 { SSL_EN_DES_64_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 50 { SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 51 { SSL_RSA_WITH_RC4_128_MD5, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
| 52 { SSL_RSA_WITH_RC4_128_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
| 53 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 54 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
| 55 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 56 { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 57 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 58 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 59 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 60 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 61 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 62 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 63 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 64 { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 65 { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 66 { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, SSL_ALLOWED }, | |
| 67 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 68 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 69 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 70 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 71 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 72 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 73 { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 74 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 75 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 76 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 77 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 78 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 79 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 80 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 81 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 82 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 83 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 84 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 85 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 86 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED }, | |
| 87 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED }, | |
| 88 #ifdef NSS_ENABLE_ECC | |
| 89 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 90 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 91 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 92 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 93 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 94 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 95 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 96 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 97 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 98 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 99 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 100 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 101 { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 102 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 103 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 104 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 105 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 106 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 107 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 108 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 109 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 110 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 111 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 112 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 113 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 114 { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 115 #endif /* NSS_ENABLE_ECC */ | |
| 116 { 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED } | |
| 117 }; | |
| 118 | |
| 119 static const sslSocketOps ssl_default_ops = { /* No SSL. */ | 31 static const sslSocketOps ssl_default_ops = { /* No SSL. */ |
| 120 ssl_DefConnect, | 32 ssl_DefConnect, |
| 121 NULL, | 33 NULL, |
| 122 ssl_DefBind, | 34 ssl_DefBind, |
| 123 ssl_DefListen, | 35 ssl_DefListen, |
| 124 ssl_DefShutdown, | 36 ssl_DefShutdown, |
| 125 ssl_DefClose, | 37 ssl_DefClose, |
| 126 ssl_DefRecv, | 38 ssl_DefRecv, |
| 127 ssl_DefSend, | 39 ssl_DefSend, |
| 128 ssl_DefRead, | 40 ssl_DefRead, |
| (...skipping 1264 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1393 } else { | 1305 } else { |
| 1394 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); | 1306 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); |
| 1395 } | 1307 } |
| 1396 return rv; | 1308 return rv; |
| 1397 } | 1309 } |
| 1398 | 1310 |
| 1399 SECStatus | 1311 SECStatus |
| 1400 NSS_SetDomesticPolicy(void) | 1312 NSS_SetDomesticPolicy(void) |
| 1401 { | 1313 { |
| 1402 SECStatus status = SECSuccess; | 1314 SECStatus status = SECSuccess; |
| 1403 cipherPolicy * policy; | 1315 const PRUint16 *cipher; |
| 1404 | 1316 |
| 1405 for (policy = ssl_ciphers; policy->cipher != 0; ++policy) { | 1317 for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) { |
| 1406 » status = SSL_SetPolicy(policy->cipher, SSL_ALLOWED); | 1318 » status = SSL_SetPolicy(*cipher, SSL_ALLOWED); |
| 1407 if (status != SECSuccess) | 1319 if (status != SECSuccess) |
| 1408 break; | 1320 break; |
| 1409 } | 1321 } |
| 1410 return status; | 1322 return status; |
| 1411 } | 1323 } |
| 1412 | 1324 |
| 1413 SECStatus | 1325 SECStatus |
| 1414 NSS_SetExportPolicy(void) | 1326 NSS_SetExportPolicy(void) |
| 1415 { | 1327 { |
| 1416 return NSS_SetDomesticPolicy(); | 1328 return NSS_SetDomesticPolicy(); |
| (...skipping 284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1701 return SECFailure; | 1613 return SECFailure; |
| 1702 } | 1614 } |
| 1703 | 1615 |
| 1704 *cipher = ss->ssl3.dtlsSRTPCipherSuite; | 1616 *cipher = ss->ssl3.dtlsSRTPCipherSuite; |
| 1705 return SECSuccess; | 1617 return SECSuccess; |
| 1706 } | 1618 } |
| 1707 | 1619 |
| 1708 PRFileDesc * | 1620 PRFileDesc * |
| 1709 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) | 1621 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) |
| 1710 { | 1622 { |
| 1711 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); | |
| 1712 PR_NOT_REACHED("not implemented"); | |
| 1713 return NULL; | |
| 1714 | |
| 1715 #if 0 | |
| 1716 sslSocket * sm = NULL, *ss = NULL; | 1623 sslSocket * sm = NULL, *ss = NULL; |
| 1717 int i; | 1624 int i; |
| 1718 sslServerCerts * mc = NULL; | 1625 sslServerCerts * mc = NULL; |
| 1719 sslServerCerts * sc = NULL; | 1626 sslServerCerts * sc = NULL; |
| 1720 | 1627 |
| 1721 if (model == NULL) { | 1628 if (model == NULL) { |
| 1722 PR_SetError(SEC_ERROR_INVALID_ARGS, 0); | 1629 PR_SetError(SEC_ERROR_INVALID_ARGS, 0); |
| 1723 return NULL; | 1630 return NULL; |
| 1724 } | 1631 } |
| 1725 sm = ssl_FindSocket(model); | 1632 sm = ssl_FindSocket(model); |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1833 ss->handshakeCallbackData = sm->handshakeCallbackData; | 1740 ss->handshakeCallbackData = sm->handshakeCallbackData; |
| 1834 if (sm->pkcs11PinArg) | 1741 if (sm->pkcs11PinArg) |
| 1835 ss->pkcs11PinArg = sm->pkcs11PinArg; | 1742 ss->pkcs11PinArg = sm->pkcs11PinArg; |
| 1836 if (sm->getChannelID) | 1743 if (sm->getChannelID) |
| 1837 ss->getChannelID = sm->getChannelID; | 1744 ss->getChannelID = sm->getChannelID; |
| 1838 if (sm->getChannelIDArg) | 1745 if (sm->getChannelIDArg) |
| 1839 ss->getChannelIDArg = sm->getChannelIDArg; | 1746 ss->getChannelIDArg = sm->getChannelIDArg; |
| 1840 return fd; | 1747 return fd; |
| 1841 loser: | 1748 loser: |
| 1842 return NULL; | 1749 return NULL; |
| 1843 #endif | |
| 1844 } | 1750 } |
| 1845 | 1751 |
| 1846 PRBool | 1752 PRBool |
| 1847 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, | 1753 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, |
| 1848 SSL3ProtocolVersion version) | 1754 SSL3ProtocolVersion version) |
| 1849 { | 1755 { |
| 1850 switch (protocolVariant) { | 1756 switch (protocolVariant) { |
| 1851 case ssl_variant_stream: | 1757 case ssl_variant_stream: |
| 1852 return (version >= SSL_LIBRARY_VERSION_3_0 && | 1758 return (version >= SSL_LIBRARY_VERSION_3_0 && |
| 1853 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); | 1759 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); |
| (...skipping 1336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3190 if (status != SECSuccess) { | 3096 if (status != SECSuccess) { |
| 3191 loser: | 3097 loser: |
| 3192 ssl_DestroySocketContents(ss); | 3098 ssl_DestroySocketContents(ss); |
| 3193 ssl_DestroyLocks(ss); | 3099 ssl_DestroyLocks(ss); |
| 3194 PORT_Free(ss); | 3100 PORT_Free(ss); |
| 3195 ss = NULL; | 3101 ss = NULL; |
| 3196 } | 3102 } |
| 3197 } | 3103 } |
| 3198 return ss; | 3104 return ss; |
| 3199 } | 3105 } |
| 3106 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 111853013:
Update net/third_party/nss to NSS 3.15.4. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/