| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Various SSL functions. | 2 * Various SSL functions. |
| 3 * | 3 * |
| 4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
| 5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 7 #include "cert.h" | 7 #include "cert.h" |
| 8 #include "secitem.h" | 8 #include "secitem.h" |
| 9 #include "keyhi.h" | 9 #include "keyhi.h" |
| 10 #include "ssl.h" | 10 #include "ssl.h" |
| (...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 270 return SECFailure; | 270 return SECFailure; |
| 271 } | 271 } |
| 272 | 272 |
| 273 if (!ss->opt.useSecurity) | 273 if (!ss->opt.useSecurity) |
| 274 return SECSuccess; | 274 return SECSuccess; |
| 275 | 275 |
| 276 ssl_Get1stHandshakeLock(ss); | 276 ssl_Get1stHandshakeLock(ss); |
| 277 | 277 |
| 278 /* SSL v2 protocol does not support subsequent handshakes. */ | 278 /* SSL v2 protocol does not support subsequent handshakes. */ |
| 279 if (ss->version < SSL_LIBRARY_VERSION_3_0) { | 279 if (ss->version < SSL_LIBRARY_VERSION_3_0) { |
| 280 » PORT_SetError(SEC_ERROR_INVALID_ARGS); | 280 » PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); |
| 281 rv = SECFailure; | 281 rv = SECFailure; |
| 282 } else { | 282 } else { |
| 283 ssl_GetSSL3HandshakeLock(ss); | 283 ssl_GetSSL3HandshakeLock(ss); |
| 284 rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */ | 284 rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */ |
| 285 ssl_ReleaseSSL3HandshakeLock(ss); | 285 ssl_ReleaseSSL3HandshakeLock(ss); |
| 286 } | 286 } |
| 287 | 287 |
| 288 ssl_Release1stHandshakeLock(ss); | 288 ssl_Release1stHandshakeLock(ss); |
| 289 | 289 |
| 290 return rv; | 290 return rv; |
| (...skipping 939 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1230 ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len) | 1230 ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len) |
| 1231 { | 1231 { |
| 1232 return ssl_SecureRecv(ss, buf, len, 0); | 1232 return ssl_SecureRecv(ss, buf, len, 0); |
| 1233 } | 1233 } |
| 1234 | 1234 |
| 1235 /* Caller holds the SSL Socket's write lock. SSL_LOCK_WRITER(ss) */ | 1235 /* Caller holds the SSL Socket's write lock. SSL_LOCK_WRITER(ss) */ |
| 1236 int | 1236 int |
| 1237 ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags) | 1237 ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags) |
| 1238 { | 1238 { |
| 1239 int rv = 0; | 1239 int rv = 0; |
| 1240 PRBool falseStart = PR_FALSE; | |
| 1241 | 1240 |
| 1242 SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes", | 1241 SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes", |
| 1243 SSL_GETPID(), ss->fd, len)); | 1242 SSL_GETPID(), ss->fd, len)); |
| 1244 | 1243 |
| 1245 if (ss->shutdownHow & ssl_SHUTDOWN_SEND) { | 1244 if (ss->shutdownHow & ssl_SHUTDOWN_SEND) { |
| 1246 PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); | 1245 PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); |
| 1247 rv = PR_FAILURE; | 1246 rv = PR_FAILURE; |
| 1248 goto done; | 1247 goto done; |
| 1249 } | 1248 } |
| 1250 if (flags) { | 1249 if (flags) { |
| (...skipping 14 matching lines...) Expand all Loading... |
| 1265 } | 1264 } |
| 1266 ssl_ReleaseXmitBufLock(ss); | 1265 ssl_ReleaseXmitBufLock(ss); |
| 1267 if (rv < 0) { | 1266 if (rv < 0) { |
| 1268 goto done; | 1267 goto done; |
| 1269 } | 1268 } |
| 1270 | 1269 |
| 1271 if (len > 0) | 1270 if (len > 0) |
| 1272 ss->writerThread = PR_GetCurrentThread(); | 1271 ss->writerThread = PR_GetCurrentThread(); |
| 1273 /* If any of these is non-zero, the initial handshake is not done. */ | 1272 /* If any of these is non-zero, the initial handshake is not done. */ |
| 1274 if (!ss->firstHsDone) { | 1273 if (!ss->firstHsDone) { |
| 1274 PRBool falseStart = PR_FALSE; |
| 1275 ssl_Get1stHandshakeLock(ss); | 1275 ssl_Get1stHandshakeLock(ss); |
| 1276 if (ss->opt.enableFalseStart && | 1276 if (ss->opt.enableFalseStart && |
| 1277 ss->version >= SSL_LIBRARY_VERSION_3_0) { | 1277 ss->version >= SSL_LIBRARY_VERSION_3_0) { |
| 1278 ssl_GetSSL3HandshakeLock(ss); | 1278 ssl_GetSSL3HandshakeLock(ss); |
| 1279 falseStart = ss->ssl3.hs.canFalseStart; | 1279 falseStart = ss->ssl3.hs.canFalseStart; |
| 1280 ssl_ReleaseSSL3HandshakeLock(ss); | 1280 ssl_ReleaseSSL3HandshakeLock(ss); |
| 1281 } | 1281 } |
| 1282 if (!falseStart && | 1282 if (!falseStart && |
| 1283 (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { | 1283 (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { |
| 1284 rv = ssl_Do1stHandshake(ss); | 1284 rv = ssl_Do1stHandshake(ss); |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1391 | 1391 |
| 1392 return rv; | 1392 return rv; |
| 1393 } | 1393 } |
| 1394 | 1394 |
| 1395 /* | 1395 /* |
| 1396 * Allow the application to pass the set of trust anchors | 1396 * Allow the application to pass the set of trust anchors |
| 1397 */ | 1397 */ |
| 1398 SECStatus | 1398 SECStatus |
| 1399 SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *certList) | 1399 SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *certList) |
| 1400 { | 1400 { |
| 1401 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); | |
| 1402 PR_NOT_REACHED("not implemented"); | |
| 1403 return SECFailure; | |
| 1404 #if 0 | |
| 1405 sslSocket * ss = ssl_FindSocket(fd); | 1401 sslSocket * ss = ssl_FindSocket(fd); |
| 1406 CERTDistNames *names = NULL; | 1402 CERTDistNames *names = NULL; |
| 1407 | 1403 |
| 1408 if (!certList) { | 1404 if (!certList) { |
| 1409 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1405 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1410 return SECFailure; | 1406 return SECFailure; |
| 1411 } | 1407 } |
| 1412 if (!ss) { | 1408 if (!ss) { |
| 1413 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetTrustAnchors", | 1409 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetTrustAnchors", |
| 1414 SSL_GETPID(), fd)); | 1410 SSL_GETPID(), fd)); |
| 1415 return SECFailure; | 1411 return SECFailure; |
| 1416 } | 1412 } |
| 1417 | 1413 |
| 1418 names = CERT_DistNamesFromCertList(certList); | 1414 names = CERT_DistNamesFromCertList(certList); |
| 1419 if (names == NULL) { | 1415 if (names == NULL) { |
| 1420 return SECFailure; | 1416 return SECFailure; |
| 1421 } | 1417 } |
| 1422 ssl_Get1stHandshakeLock(ss); | 1418 ssl_Get1stHandshakeLock(ss); |
| 1423 ssl_GetSSL3HandshakeLock(ss); | 1419 ssl_GetSSL3HandshakeLock(ss); |
| 1424 if (ss->ssl3.ca_list) { | 1420 if (ss->ssl3.ca_list) { |
| 1425 CERT_FreeDistNames(ss->ssl3.ca_list); | 1421 CERT_FreeDistNames(ss->ssl3.ca_list); |
| 1426 } | 1422 } |
| 1427 ss->ssl3.ca_list = names; | 1423 ss->ssl3.ca_list = names; |
| 1428 ssl_ReleaseSSL3HandshakeLock(ss); | 1424 ssl_ReleaseSSL3HandshakeLock(ss); |
| 1429 ssl_Release1stHandshakeLock(ss); | 1425 ssl_Release1stHandshakeLock(ss); |
| 1430 | 1426 |
| 1431 return SECSuccess; | 1427 return SECSuccess; |
| 1432 #endif | |
| 1433 } | 1428 } |
| 1434 | 1429 |
| 1435 /* | 1430 /* |
| 1436 ** Returns Negative number on error, zero or greater on success. | 1431 ** Returns Negative number on error, zero or greater on success. |
| 1437 ** Returns the amount of data immediately available to be read. | 1432 ** Returns the amount of data immediately available to be read. |
| 1438 */ | 1433 */ |
| 1439 int | 1434 int |
| 1440 SSL_DataPending(PRFileDesc *fd) | 1435 SSL_DataPending(PRFileDesc *fd) |
| 1441 { | 1436 { |
| 1442 sslSocket *ss; | 1437 sslSocket *ss; |
| (...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1719 if (!ss) { | 1714 if (!ss) { |
| 1720 SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook", | 1715 SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook", |
| 1721 SSL_GETPID(), fd)); | 1716 SSL_GETPID(), fd)); |
| 1722 return SECFailure; | 1717 return SECFailure; |
| 1723 } | 1718 } |
| 1724 | 1719 |
| 1725 ss->sniSocketConfig = func; | 1720 ss->sniSocketConfig = func; |
| 1726 ss->sniSocketConfigArg = arg; | 1721 ss->sniSocketConfigArg = arg; |
| 1727 return SECSuccess; | 1722 return SECSuccess; |
| 1728 } | 1723 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 111853013:
Update net/third_party/nss to NSS 3.15.4. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/