| OLD | NEW |
|---|
| 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| 2 /* | 2 /* |
| 3 * SSL3 Protocol | 3 * SSL3 Protocol |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 | 8 |
| 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
| 10 | 10 |
| (...skipping 5193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5204 } | 5204 } |
| 5205 | 5205 |
| 5206 /* When we attempt session resumption (only), we must lock the sid to | 5206 /* When we attempt session resumption (only), we must lock the sid to |
| 5207 * prevent races with other resumption connections that receive a | 5207 * prevent races with other resumption connections that receive a |
| 5208 * NewSessionTicket that will cause the ticket in the sid to be replaced. | 5208 * NewSessionTicket that will cause the ticket in the sid to be replaced. |
| 5209 * Once we've copied the session ticket into our ClientHello message, it | 5209 * Once we've copied the session ticket into our ClientHello message, it |
| 5210 * is OK for the ticket to change, so we just need to make sure we hold | 5210 * is OK for the ticket to change, so we just need to make sure we hold |
| 5211 * the lock across the calls to ssl3_CallHelloExtensionSenders. | 5211 * the lock across the calls to ssl3_CallHelloExtensionSenders. |
| 5212 */ | 5212 */ |
| 5213 if (sid->u.ssl3.lock) { | 5213 if (sid->u.ssl3.lock) { |
| 5214 PR_RWLock_Rlock(sid->u.ssl3.lock); | 5214 NSSRWLock_LockRead(sid->u.ssl3.lock); |
| 5215 } | 5215 } |
| 5216 | 5216 |
| 5217 if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) { | 5217 if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) { |
| 5218 PRUint32 maxBytes = 65535; /* 2^16 - 1 */ | 5218 PRUint32 maxBytes = 65535; /* 2^16 - 1 */ |
| 5219 PRInt32 extLen; | 5219 PRInt32 extLen; |
| 5220 | 5220 |
| 5221 extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL); | 5221 extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL); |
| 5222 if (extLen < 0) { | 5222 if (extLen < 0) { |
| 5223 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5223 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5224 return SECFailure; | 5224 return SECFailure; |
| 5225 } | 5225 } |
| 5226 maxBytes -= extLen; | 5226 maxBytes -= extLen; |
| 5227 total_exten_len += extLen; | 5227 total_exten_len += extLen; |
| 5228 | 5228 |
| 5229 if (total_exten_len > 0) | 5229 if (total_exten_len > 0) |
| 5230 total_exten_len += 2; | 5230 total_exten_len += 2; |
| 5231 } | 5231 } |
| 5232 | 5232 |
| 5233 #if defined(NSS_ENABLE_ECC) | 5233 #if defined(NSS_ENABLE_ECC) |
| 5234 if (!total_exten_len || !isTLS) { | 5234 if (!total_exten_len || !isTLS) { |
| 5235 /* not sending the elliptic_curves and ec_point_formats extensions */ | 5235 /* not sending the elliptic_curves and ec_point_formats extensions */ |
| 5236 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ | 5236 ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ |
| 5237 } | 5237 } |
| 5238 #endif | 5238 #endif |
| 5239 | 5239 |
| 5240 if (IS_DTLS(ss)) { | 5240 if (IS_DTLS(ss)) { |
| 5241 ssl3_DisableNonDTLSSuites(ss); | 5241 ssl3_DisableNonDTLSSuites(ss); |
| 5242 } | 5242 } |
| 5243 | 5243 |
| 5244 if (!ssl3_HasGCMSupport()) { | 5244 if (!ssl3_HasGCMSupport()) { |
| 5245 ssl3_DisableGCMSuites(ss); | 5245 ssl3_DisableGCMSuites(ss); |
| 5246 } | 5246 } |
| 5247 | 5247 |
| 5248 /* how many suites are permitted by policy and user preference? */ | 5248 /* how many suites are permitted by policy and user preference? */ |
| 5249 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); | 5249 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); |
| 5250 if (!num_suites) { | 5250 if (!num_suites) { |
| 5251 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5251 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5252 return SECFailure; /* count_cipher_suites has set error code. */ | 5252 return SECFailure; /* count_cipher_suites has set error code. */ |
| 5253 } | 5253 } |
| 5254 | 5254 |
| 5255 fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume || | 5255 fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume || |
| 5256 ss->version < sid->version); | 5256 ss->version < sid->version); |
| 5257 /* make room for SCSV */ | 5257 /* make room for SCSV */ |
| 5258 if (ss->ssl3.hs.sendingSCSV) { | 5258 if (ss->ssl3.hs.sendingSCSV) { |
| 5259 ++num_suites; | 5259 ++num_suites; |
| 5260 } | 5260 } |
| 5261 if (fallbackSCSV) { | 5261 if (fallbackSCSV) { |
| (...skipping 24 matching lines...) Expand all Loading... |
| 5286 if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) { | 5286 if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) { |
| 5287 paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length); | 5287 paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length); |
| 5288 total_exten_len += paddingExtensionLen; | 5288 total_exten_len += paddingExtensionLen; |
| 5289 length += paddingExtensionLen; | 5289 length += paddingExtensionLen; |
| 5290 } else { | 5290 } else { |
| 5291 paddingExtensionLen = 0; | 5291 paddingExtensionLen = 0; |
| 5292 } | 5292 } |
| 5293 | 5293 |
| 5294 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); | 5294 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); |
| 5295 if (rv != SECSuccess) { | 5295 if (rv != SECSuccess) { |
| 5296 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5296 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5297 return rv; /* err set by ssl3_AppendHandshake* */ | 5297 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5298 } | 5298 } |
| 5299 | 5299 |
| 5300 if (ss->firstHsDone) { | 5300 if (ss->firstHsDone) { |
| 5301 /* The client hello version must stay unchanged to work around | 5301 /* The client hello version must stay unchanged to work around |
| 5302 * the Windows SChannel bug described above. */ | 5302 * the Windows SChannel bug described above. */ |
| 5303 PORT_Assert(ss->version == ss->clientHelloVersion); | 5303 PORT_Assert(ss->version == ss->clientHelloVersion); |
| 5304 } | 5304 } |
| 5305 ss->clientHelloVersion = ss->version; | 5305 ss->clientHelloVersion = ss->version; |
| 5306 if (IS_DTLS(ss)) { | 5306 if (IS_DTLS(ss)) { |
| 5307 PRUint16 version; | 5307 PRUint16 version; |
| 5308 | 5308 |
| 5309 version = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion); | 5309 version = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion); |
| 5310 rv = ssl3_AppendHandshakeNumber(ss, version, 2); | 5310 rv = ssl3_AppendHandshakeNumber(ss, version, 2); |
| 5311 } else { | 5311 } else { |
| 5312 rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2); | 5312 rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2); |
| 5313 } | 5313 } |
| 5314 if (rv != SECSuccess) { | 5314 if (rv != SECSuccess) { |
| 5315 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5315 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5316 return rv; /* err set by ssl3_AppendHandshake* */ | 5316 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5317 } | 5317 } |
| 5318 | 5318 |
| 5319 if (!resending) { /* Don't re-generate if we are in DTLS re-sending mode */ | 5319 if (!resending) { /* Don't re-generate if we are in DTLS re-sending mode */ |
| 5320 rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random); | 5320 rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random); |
| 5321 if (rv != SECSuccess) { | 5321 if (rv != SECSuccess) { |
| 5322 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5322 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5323 return rv; /* err set by GetNewRandom. */ | 5323 return rv; /* err set by GetNewRandom. */ |
| 5324 } | 5324 } |
| 5325 } | 5325 } |
| 5326 rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random, | 5326 rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random, |
| 5327 SSL3_RANDOM_LENGTH); | 5327 SSL3_RANDOM_LENGTH); |
| 5328 if (rv != SECSuccess) { | 5328 if (rv != SECSuccess) { |
| 5329 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5329 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5330 return rv; /* err set by ssl3_AppendHandshake* */ | 5330 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5331 } | 5331 } |
| 5332 | 5332 |
| 5333 if (sid) | 5333 if (sid) |
| 5334 rv = ssl3_AppendHandshakeVariable( | 5334 rv = ssl3_AppendHandshakeVariable( |
| 5335 ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); | 5335 ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); |
| 5336 else | 5336 else |
| 5337 rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); | 5337 rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); |
| 5338 if (rv != SECSuccess) { | 5338 if (rv != SECSuccess) { |
| 5339 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5339 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5340 return rv; /* err set by ssl3_AppendHandshake* */ | 5340 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5341 } | 5341 } |
| 5342 | 5342 |
| 5343 if (IS_DTLS(ss)) { | 5343 if (IS_DTLS(ss)) { |
| 5344 rv = ssl3_AppendHandshakeVariable( | 5344 rv = ssl3_AppendHandshakeVariable( |
| 5345 ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1); | 5345 ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1); |
| 5346 if (rv != SECSuccess) { | 5346 if (rv != SECSuccess) { |
| 5347 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5347 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5348 return rv; /* err set by ssl3_AppendHandshake* */ | 5348 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5349 } | 5349 } |
| 5350 } | 5350 } |
| 5351 | 5351 |
| 5352 rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2); | 5352 rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2); |
| 5353 if (rv != SECSuccess) { | 5353 if (rv != SECSuccess) { |
| 5354 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5354 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5355 return rv; /* err set by ssl3_AppendHandshake* */ | 5355 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5356 } | 5356 } |
| 5357 | 5357 |
| 5358 if (ss->ssl3.hs.sendingSCSV) { | 5358 if (ss->ssl3.hs.sendingSCSV) { |
| 5359 /* Add the actual SCSV */ | 5359 /* Add the actual SCSV */ |
| 5360 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, | 5360 rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, |
| 5361 sizeof(ssl3CipherSuite)); | 5361 sizeof(ssl3CipherSuite)); |
| 5362 if (rv != SECSuccess) { | 5362 if (rv != SECSuccess) { |
| 5363 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5363 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5364 return rv; /* err set by ssl3_AppendHandshake* */ | 5364 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5365 } | 5365 } |
| 5366 actual_count++; | 5366 actual_count++; |
| 5367 } | 5367 } |
| 5368 if (fallbackSCSV) { | 5368 if (fallbackSCSV) { |
| 5369 rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV, | 5369 rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV, |
| 5370 sizeof(ssl3CipherSuite)); | 5370 sizeof(ssl3CipherSuite)); |
| 5371 if (rv != SECSuccess) { | 5371 if (rv != SECSuccess) { |
| 5372 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5372 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5373 return rv; /* err set by ssl3_AppendHandshake* */ | 5373 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5374 } | 5374 } |
| 5375 actual_count++; | 5375 actual_count++; |
| 5376 } | 5376 } |
| 5377 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 5377 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| 5378 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; | 5378 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
| 5379 if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { | 5379 if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { |
| 5380 actual_count++; | 5380 actual_count++; |
| 5381 if (actual_count > num_suites) { | 5381 if (actual_count > num_suites) { |
| 5382 » » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5382 » » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock);
} |
| 5383 /* set error card removal/insertion error */ | 5383 /* set error card removal/insertion error */ |
| 5384 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); | 5384 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); |
| 5385 return SECFailure; | 5385 return SECFailure; |
| 5386 } | 5386 } |
| 5387 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, | 5387 rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, |
| 5388 sizeof(ssl3CipherSuite)); | 5388 sizeof(ssl3CipherSuite)); |
| 5389 if (rv != SECSuccess) { | 5389 if (rv != SECSuccess) { |
| 5390 » » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5390 » » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock);
} |
| 5391 return rv; /* err set by ssl3_AppendHandshake* */ | 5391 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5392 } | 5392 } |
| 5393 } | 5393 } |
| 5394 } | 5394 } |
| 5395 | 5395 |
| 5396 /* if cards were removed or inserted between count_cipher_suites and | 5396 /* if cards were removed or inserted between count_cipher_suites and |
| 5397 * generating our list, detect the error here rather than send it off to | 5397 * generating our list, detect the error here rather than send it off to |
| 5398 * the server.. */ | 5398 * the server.. */ |
| 5399 if (actual_count != num_suites) { | 5399 if (actual_count != num_suites) { |
| 5400 /* Card removal/insertion error */ | 5400 /* Card removal/insertion error */ |
| 5401 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5401 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5402 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); | 5402 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); |
| 5403 return SECFailure; | 5403 return SECFailure; |
| 5404 } | 5404 } |
| 5405 | 5405 |
| 5406 rv = ssl3_AppendHandshakeNumber(ss, numCompressionMethods, 1); | 5406 rv = ssl3_AppendHandshakeNumber(ss, numCompressionMethods, 1); |
| 5407 if (rv != SECSuccess) { | 5407 if (rv != SECSuccess) { |
| 5408 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5408 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5409 return rv; /* err set by ssl3_AppendHandshake* */ | 5409 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5410 } | 5410 } |
| 5411 for (i = 0; i < compressionMethodsCount; i++) { | 5411 for (i = 0; i < compressionMethodsCount; i++) { |
| 5412 if (!compressionEnabled(ss, compressions[i])) | 5412 if (!compressionEnabled(ss, compressions[i])) |
| 5413 continue; | 5413 continue; |
| 5414 rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1); | 5414 rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1); |
| 5415 if (rv != SECSuccess) { | 5415 if (rv != SECSuccess) { |
| 5416 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5416 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5417 return rv; /* err set by ssl3_AppendHandshake* */ | 5417 return rv; /* err set by ssl3_AppendHandshake* */ |
| 5418 } | 5418 } |
| 5419 } | 5419 } |
| 5420 | 5420 |
| 5421 if (total_exten_len) { | 5421 if (total_exten_len) { |
| 5422 PRUint32 maxBytes = total_exten_len - 2; | 5422 PRUint32 maxBytes = total_exten_len - 2; |
| 5423 PRInt32 extLen; | 5423 PRInt32 extLen; |
| 5424 | 5424 |
| 5425 rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2); | 5425 rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2); |
| 5426 if (rv != SECSuccess) { | 5426 if (rv != SECSuccess) { |
| 5427 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5427 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5428 return rv; /* err set by AppendHandshake. */ | 5428 return rv; /* err set by AppendHandshake. */ |
| 5429 } | 5429 } |
| 5430 | 5430 |
| 5431 extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL); | 5431 extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL); |
| 5432 if (extLen < 0) { | 5432 if (extLen < 0) { |
| 5433 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5433 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5434 return SECFailure; | 5434 return SECFailure; |
| 5435 } | 5435 } |
| 5436 maxBytes -= extLen; | 5436 maxBytes -= extLen; |
| 5437 | 5437 |
| 5438 extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes); | 5438 extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes); |
| 5439 if (extLen < 0) { | 5439 if (extLen < 0) { |
| 5440 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } | 5440 » if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); } |
| 5441 return SECFailure; | 5441 return SECFailure; |
| 5442 } | 5442 } |
| 5443 maxBytes -= extLen; | 5443 maxBytes -= extLen; |
| 5444 | 5444 |
| 5445 PORT_Assert(!maxBytes); | 5445 PORT_Assert(!maxBytes); |
| 5446 } | 5446 } |
| 5447 | 5447 |
| 5448 if (sid->u.ssl3.lock) { | 5448 if (sid->u.ssl3.lock) { |
| 5449 PR_RWLock_Unlock(sid->u.ssl3.lock); | 5449 NSSRWLock_UnlockRead(sid->u.ssl3.lock); |
| 5450 } | 5450 } |
| 5451 | 5451 |
| 5452 if (ss->xtnData.sentSessionTicketInClientHello) { | 5452 if (ss->xtnData.sentSessionTicketInClientHello) { |
| 5453 SSL_AtomicIncrementLong(&ssl3stats.sch_sid_stateless_resumes); | 5453 SSL_AtomicIncrementLong(&ssl3stats.sch_sid_stateless_resumes); |
| 5454 } | 5454 } |
| 5455 | 5455 |
| 5456 if (ss->ssl3.hs.sendingSCSV) { | 5456 if (ss->ssl3.hs.sendingSCSV) { |
| 5457 /* Since we sent the SCSV, pretend we sent empty RI extension. */ | 5457 /* Since we sent the SCSV, pretend we sent empty RI extension. */ |
| 5458 TLSExtensionData *xtnData = &ss->xtnData; | 5458 TLSExtensionData *xtnData = &ss->xtnData; |
| 5459 xtnData->advertised[xtnData->numAdvertised++] = | 5459 xtnData->advertised[xtnData->numAdvertised++] = |
| (...skipping 7381 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12841 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12841 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
| 12842 } | 12842 } |
| 12843 } | 12843 } |
| 12844 | 12844 |
| 12845 ss->ssl3.initialized = PR_FALSE; | 12845 ss->ssl3.initialized = PR_FALSE; |
| 12846 | 12846 |
| 12847 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12847 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 12848 } | 12848 } |
| 12849 | 12849 |
| 12850 /* End of ssl3con.c */ | 12850 /* End of ssl3con.c */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 129413003:
Use NSSRWLock instead of PRRWLock in sslSessionID. This avoids the bugs (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/