Update NSS libSSL to NSS_3_15_BETA2.

net/third_party/nss/ssl/ssl3ext.c

 /*
  * SSL3 Protocol
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* TLS extension code moved here from ssl3ecc.c */
-/* $Id: ssl3ext.c,v 1.28 2012/09/21 00:28:05 wtc%google.com Exp $ */
+/* $Id$ */
 
 #include "nssrenam.h"
 #include "nss.h"
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "pk11pub.h"
 #ifdef NO_PKCS11_BYPASS
 #include "blapit.h"
 #else
@@ skipping 38 matching lines @@
 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
                                                PRUint32 maxBytes);
 static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append,
     PRUint32 maxBytes);
 static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
     SECItem *data);
 static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss,
     PRUint16 ex_type, SECItem *data);
 static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
     PRUint32 maxBytes);
+static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
+    PRBool      append, PRUint32    maxBytes);
+static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
+    PRUint16 ex_type, SECItem *data);
+static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
+                                                  PRUint16 ex_type,
+                                                  SECItem *data);
+static PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
+                                              PRUint32 maxBytes);
 
 /*
  * Write bytes.  Using this function means the SECItem structure
  * cannot be freed.  The caller is expected to call this function
  * on a shallow copy of the structure.
  */
 static SECStatus
 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes)
 {
     if (bytes > item->len)
@@ skipping 141 matching lines @@
 static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
     { ssl_server_name_xtn,        &ssl3_HandleServerNameXtn },
 #ifdef NSS_ENABLE_ECC
     { ssl_elliptic_curves_xtn,    &ssl3_HandleSupportedCurvesXtn },
     { ssl_ec_point_formats_xtn,   &ssl3_HandleSupportedPointFormatsXtn },
 #endif
     { ssl_session_ticket_xtn,     &ssl3_ServerHandleSessionTicketXtn },
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
     { ssl_next_proto_nego_xtn,    &ssl3_ServerHandleNextProtoNegoXtn },
     { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
+    { ssl_cert_status_xtn,        &ssl3_ServerHandleStatusRequestXtn },
     { -1, NULL }
 };
 
 /* These two tables are used by the client, to handle server hello
  * extensions. */
 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
     { ssl_server_name_xtn,        &ssl3_HandleServerNameXtn },
     /* TODO: add a handler for ssl_ec_point_formats_xtn */
     { ssl_session_ticket_xtn,     &ssl3_ClientHandleSessionTicketXtn },
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
@@ skipping 456 matching lines @@
         ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
                 ssl_channel_id_xtn;
     }
 
     return extension_length;
 
 loser:
     return -1;
 }
 
-SECStatus
+static SECStatus
 ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
-                                  SECItem *data)
+                                 SECItem *data)
 {
-    /* If we didn't request this extension, then the server may not echo it. */
-    if (!ss->opt.enableOCSPStapling)
-        return SECFailure;
-
     /* The echoed extension must be empty. */
     if (data->len != 0)
-        return SECFailure;
-
-    ss->ssl3.hs.may_get_cert_status = PR_TRUE;
+       return SECFailure;
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
 
     return SECSuccess;
 }
 
+static PRInt32
+ssl3_ServerSendStatusRequestXtn(
+                        sslSocket * ss,
+                        PRBool      append,
+                        PRUint32    maxBytes)
+{
+    PRInt32 extension_length;
+    SECStatus rv;
+
+    if (!ss->certStatusArray)
+        return 0;
+
+    extension_length = 2 + 2;
+    if (append && maxBytes >= extension_length) {
+        /* extension_type */
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+    }
+
+    return extension_length;
+}
+
 /* ssl3_ClientSendStatusRequestXtn builds the status_request extension on the
  * client side. See RFC 4366 section 3.6. */
-PRInt32
+static PRInt32
 ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
-                                PRUint32 maxBytes)
+                               PRUint32 maxBytes)
 {
     PRInt32 extension_length;
 
     if (!ss->opt.enableOCSPStapling)
-        return 0;
+       return 0;
 
     /* extension_type (2-bytes) +
      * length(extension_data) (2-bytes) +
      * status_type (1) +
      * responder_id_list length (2) +
      * request_extensions length (2)
      */
     extension_length = 9;
 
     if (append && maxBytes >= extension_length) {
-        SECStatus rv;
-        TLSExtensionData *xtnData;
+       SECStatus rv;
+       TLSExtensionData *xtnData;
 
-        /* extension_type */
-        rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
-        if (rv != SECSuccess)
-            return -1;
-        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-        if (rv != SECSuccess)
-            return -1;
-        rv = ssl3_AppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
-        if (rv != SECSuccess)
-            return -1;
-        /* A zero length responder_id_list means that the responders are
-         * implicitly known to the server. */
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess)
-            return -1;
-        /* A zero length request_extensions means that there are no extensions.
-         * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
-         * means that the server can replay a cached OCSP response to us. */
-        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess)
-            return -1;
+       /* extension_type */
+       rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+       if (rv != SECSuccess)
+           return -1;
+       rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+       if (rv != SECSuccess)
+           return -1;
+       rv = ssl3_AppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
+       if (rv != SECSuccess)
+           return -1;
+       /* A zero length responder_id_list means that the responders are
+        * implicitly known to the server. */
+       rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+       if (rv != SECSuccess)
+           return -1;
+       /* A zero length request_extensions means that there are no extensions.
+        * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
+        * means that the server can replay a cached OCSP response to us. */
+       rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+       if (rv != SECSuccess)
+           return -1;
 
-        xtnData = &ss->xtnData;
-        xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
+       xtnData = &ss->xtnData;
+       xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
     } else if (maxBytes < extension_length) {
-        PORT_Assert(0);
-        return 0;
+       PORT_Assert(0);
+       return 0;
     }
     return extension_length;
 }
 
 /*
  * NewSessionTicket
  * Called from ssl3_HandleFinished
  */
 SECStatus
 ssl3_SendNewSessionTicket(sslSocket *ss)
@@ skipping 420 matching lines @@
             != SECSuccess)
             return SECFailure;
 
         /* Get session ticket keys. */
 #ifndef NO_PKCS11_BYPASS
         if (ss->opt.bypassPKCS11) {
             rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
                 &mac_key, &mac_key_length);
         } else 
 #endif
-    {
+        {
             rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
                 &mac_key_pkcs11);
         }
         if (rv != SECSuccess) {
             SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.",
                         SSL_GETPID(), ss->fd));
             goto loser;
         }
 
         /* If the ticket sent by the client was generated under a key different
@@ skipping 17 matching lines @@
                     sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess)
                 goto no_ticket;
             HMAC_Begin(hmac_ctx);
             HMAC_Update(hmac_ctx, extension_data.data,
                 extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
             if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
                     sizeof(computed_mac)) != SECSuccess)
                 goto no_ticket;
         } else 
 #endif
-    {
+        {
             SECItem macParam;
             macParam.data = NULL;
             macParam.len = 0;
             hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
                 CKA_SIGN, mac_key_pkcs11, &macParam);
             if (!hmac_ctx_pkcs11) {
                 SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
                             SSL_GETPID(), ss->fd, PORT_GetError()));
                 goto no_ticket;
             } else {
@@ skipping 43 matching lines @@
             }
 
             rv = AES_Decrypt(aes_ctx, decrypted_state->data,
                 &decrypted_state->len, decrypted_state->len,
                 enc_session_ticket.encrypted_state.data,
                 enc_session_ticket.encrypted_state.len);
             if (rv != SECSuccess)
                 goto no_ticket;
         } else 
 #endif
-    {
+        {
             SECItem ivItem;
             ivItem.data = enc_session_ticket.iv;
             ivItem.len = AES_BLOCK_SIZE;
             aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
                 CKA_DECRYPT, aes_key_pkcs11, &ivItem);
             if (!aes_ctx_pkcs11) {
                 SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
                             SSL_GETPID(), ss->fd));
                 goto no_ticket;
             }
@@ skipping 423 matching lines @@
         if (rv != SECSuccess) return -1;
         if (!ss->sec.isServer) {
             TLSExtensionData *xtnData = &ss->xtnData;
             xtnData->advertised[xtnData->numAdvertised++] = 
                                                    ssl_renegotiation_info_xtn;
         }
     }
     return needed;
 }
 
+static SECStatus
+ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
+                                  SECItem *data)
+{
+    SECStatus rv = SECSuccess;
+    PRUint32 len = 0;
+
+    /* remember that we got this extension. */
+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
+    PORT_Assert(ss->sec.isServer);
+    /* prepare to send back the appropriate response */
+    rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
+                                            ssl3_ServerSendStatusRequestXtn);
+    return rv;
+}
+
 /* This function runs in both the client and server.  */
 static SECStatus
 ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv = SECSuccess;
     PRUint32 len = 0;
 
     if (ss->firstHsDone) {
         len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes 
                                : ss->ssl3.hs.finishedBytes * 2;
@@ skipping 214 matching lines @@
         return SECSuccess;
     }
 
     /* OK, we have a valid cipher and we've selected it */
     ss->ssl3.dtlsSRTPCipherSuite = cipher;
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
 
     return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn,
                                                    ssl3_SendUseSRTPXtn);
 }