Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslsock.c

Issue 111853013: Update net/third_party/nss to NSS 3.15.4. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Update the comment in sslenum.c for the two CHACHA20 cipher suites Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/sslsecur.c ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * vtables (and methods that call through them) for the 4 types of 2 * vtables (and methods that call through them) for the 4 types of
3 * SSLSockets supported. Only one type is still supported. 3 * SSLSockets supported. Only one type is still supported.
4 * Various other functions. 4 * Various other functions.
5 * 5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public 6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * License, v. 2.0. If a copy of the MPL was not distributed with this
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
9 #include "seccomon.h" 9 #include "seccomon.h"
10 #include "cert.h" 10 #include "cert.h"
(...skipping 10 matching lines...) Expand all
21 #include "nss.h" 21 #include "nss.h"
22 22
23 /* This is a bodge to allow this code to be compiled against older NSS headers 23 /* This is a bodge to allow this code to be compiled against older NSS headers
24 * that don't contain the TLS 1.2 changes. */ 24 * that don't contain the TLS 1.2 changes. */
25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
27 #endif 27 #endif
28 28
29 #define SET_ERROR_CODE /* reminder */ 29 #define SET_ERROR_CODE /* reminder */
30 30
31 struct cipherPolicyStr {
32 int cipher;
33 unsigned char export; /* policy value for export policy */
34 unsigned char france; /* policy value for france policy */
35 };
36
37 typedef struct cipherPolicyStr cipherPolicy;
38
39 /* This table contains two preconfigured policies: Export and France.
40 ** It is used only by the functions NSS_SetDomesticPolicy,
41 ** NSS_SetExportPolicy, and NSS_SetFrancePolicy.
42 ** Order of entries is not important.
43 */
44 static cipherPolicy ssl_ciphers[] = { /* Export France */
45 { SSL_EN_RC4_128_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
46 { SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED },
47 { SSL_EN_RC2_128_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
48 { SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED },
49 { SSL_EN_DES_64_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
50 { SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
51 { SSL_RSA_WITH_RC4_128_MD5, SSL_RESTRICTED, SSL_NOT_ALLOWED },
52 { SSL_RSA_WITH_RC4_128_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED },
53 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
54 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED },
55 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
56 { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
57 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, SSL_ALLOWED },
58 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, SSL_ALLOWED },
59 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
60 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
61 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
62 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
63 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
64 { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, SSL_ALLOWED },
65 { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
66 { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, SSL_ALLOWED },
67 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
68 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
69 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
70 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
71 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
72 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
73 { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
74 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
75 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
76 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
77 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
78 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
79 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
80 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
81 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
82 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
83 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
84 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
85 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
86 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED },
87 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED },
88 #ifdef NSS_ENABLE_ECC
89 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
90 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
91 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
92 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
93 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
94 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
95 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
96 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
97 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
98 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
99 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
100 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
101 { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
102 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
103 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
104 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
105 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
106 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
107 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
108 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
109 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
110 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
111 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
112 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
113 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
114 { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
115 #endif /* NSS_ENABLE_ECC */
116 { 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }
117 };
118
119 static const sslSocketOps ssl_default_ops = { /* No SSL. */ 31 static const sslSocketOps ssl_default_ops = { /* No SSL. */
120 ssl_DefConnect, 32 ssl_DefConnect,
121 NULL, 33 NULL,
122 ssl_DefBind, 34 ssl_DefBind,
123 ssl_DefListen, 35 ssl_DefListen,
124 ssl_DefShutdown, 36 ssl_DefShutdown,
125 ssl_DefClose, 37 ssl_DefClose,
126 ssl_DefRecv, 38 ssl_DefRecv,
127 ssl_DefSend, 39 ssl_DefSend,
128 ssl_DefRead, 40 ssl_DefRead,
(...skipping 1264 matching lines...) Expand 10 before | Expand all | Expand 10 after
1393 } else { 1305 } else {
1394 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); 1306 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
1395 } 1307 }
1396 return rv; 1308 return rv;
1397 } 1309 }
1398 1310
1399 SECStatus 1311 SECStatus
1400 NSS_SetDomesticPolicy(void) 1312 NSS_SetDomesticPolicy(void)
1401 { 1313 {
1402 SECStatus status = SECSuccess; 1314 SECStatus status = SECSuccess;
1403 cipherPolicy * policy; 1315 const PRUint16 *cipher;
1404 1316
1405 for (policy = ssl_ciphers; policy->cipher != 0; ++policy) { 1317 for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
1406 » status = SSL_SetPolicy(policy->cipher, SSL_ALLOWED); 1318 » status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
1407 if (status != SECSuccess) 1319 if (status != SECSuccess)
1408 break; 1320 break;
1409 } 1321 }
1410 return status; 1322 return status;
1411 } 1323 }
1412 1324
1413 SECStatus 1325 SECStatus
1414 NSS_SetExportPolicy(void) 1326 NSS_SetExportPolicy(void)
1415 { 1327 {
1416 return NSS_SetDomesticPolicy(); 1328 return NSS_SetDomesticPolicy();
(...skipping 284 matching lines...) Expand 10 before | Expand all | Expand 10 after
1701 return SECFailure; 1613 return SECFailure;
1702 } 1614 }
1703 1615
1704 *cipher = ss->ssl3.dtlsSRTPCipherSuite; 1616 *cipher = ss->ssl3.dtlsSRTPCipherSuite;
1705 return SECSuccess; 1617 return SECSuccess;
1706 } 1618 }
1707 1619
1708 PRFileDesc * 1620 PRFileDesc *
1709 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) 1621 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
1710 { 1622 {
1711 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
1712 PR_NOT_REACHED("not implemented");
1713 return NULL;
1714
1715 #if 0
1716 sslSocket * sm = NULL, *ss = NULL; 1623 sslSocket * sm = NULL, *ss = NULL;
1717 int i; 1624 int i;
1718 sslServerCerts * mc = NULL; 1625 sslServerCerts * mc = NULL;
1719 sslServerCerts * sc = NULL; 1626 sslServerCerts * sc = NULL;
1720 1627
1721 if (model == NULL) { 1628 if (model == NULL) {
1722 PR_SetError(SEC_ERROR_INVALID_ARGS, 0); 1629 PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
1723 return NULL; 1630 return NULL;
1724 } 1631 }
1725 sm = ssl_FindSocket(model); 1632 sm = ssl_FindSocket(model);
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
1833 ss->handshakeCallbackData = sm->handshakeCallbackData; 1740 ss->handshakeCallbackData = sm->handshakeCallbackData;
1834 if (sm->pkcs11PinArg) 1741 if (sm->pkcs11PinArg)
1835 ss->pkcs11PinArg = sm->pkcs11PinArg; 1742 ss->pkcs11PinArg = sm->pkcs11PinArg;
1836 if (sm->getChannelID) 1743 if (sm->getChannelID)
1837 ss->getChannelID = sm->getChannelID; 1744 ss->getChannelID = sm->getChannelID;
1838 if (sm->getChannelIDArg) 1745 if (sm->getChannelIDArg)
1839 ss->getChannelIDArg = sm->getChannelIDArg; 1746 ss->getChannelIDArg = sm->getChannelIDArg;
1840 return fd; 1747 return fd;
1841 loser: 1748 loser:
1842 return NULL; 1749 return NULL;
1843 #endif
1844 } 1750 }
1845 1751
1846 PRBool 1752 PRBool
1847 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, 1753 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
1848 SSL3ProtocolVersion version) 1754 SSL3ProtocolVersion version)
1849 { 1755 {
1850 switch (protocolVariant) { 1756 switch (protocolVariant) {
1851 case ssl_variant_stream: 1757 case ssl_variant_stream:
1852 return (version >= SSL_LIBRARY_VERSION_3_0 && 1758 return (version >= SSL_LIBRARY_VERSION_3_0 &&
1853 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); 1759 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
(...skipping 1336 matching lines...) Expand 10 before | Expand all | Expand 10 after
3190 if (status != SECSuccess) { 3096 if (status != SECSuccess) {
3191 loser: 3097 loser:
3192 ssl_DestroySocketContents(ss); 3098 ssl_DestroySocketContents(ss);
3193 ssl_DestroyLocks(ss); 3099 ssl_DestroyLocks(ss);
3194 PORT_Free(ss); 3100 PORT_Free(ss);
3195 ss = NULL; 3101 ss = NULL;
3196 } 3102 }
3197 } 3103 }
3198 return ss; 3104 return ss;
3199 } 3105 }
3106
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/sslsecur.c ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698