OLD | NEW |
1 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c | 1 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c |
2 index 1167d6d..dabe333 100644 | 2 index c5cb1eb..299e414 100644 |
3 --- a/ssl/ssl3con.c | 3 --- a/lib/ssl/ssl3con.c |
4 +++ b/ssl/ssl3con.c | 4 +++ b/lib/ssl/ssl3con.c |
5 @@ -8,6 +8,7 @@ | 5 @@ -8,6 +8,7 @@ |
6 | 6 |
7 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 7 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
8 | 8 |
9 +#define _GNU_SOURCE 1 | 9 +#define _GNU_SOURCE 1 |
10 #include "cert.h" | 10 #include "cert.h" |
11 #include "ssl.h" | 11 #include "ssl.h" |
12 #include "cryptohi.h" /* for DSAU_ stuff */ | 12 #include "cryptohi.h" /* for DSAU_ stuff */ |
13 @@ -44,6 +45,9 @@ | 13 @@ -46,6 +47,9 @@ |
14 #ifdef NSS_ENABLE_ZLIB | 14 #ifdef NSS_ENABLE_ZLIB |
15 #include "zlib.h" | 15 #include "zlib.h" |
16 #endif | 16 #endif |
17 +#ifdef LINUX | 17 +#ifdef LINUX |
18 +#include <dlfcn.h> | 18 +#include <dlfcn.h> |
19 +#endif | 19 +#endif |
20 | 20 |
21 #ifndef PK11_SETATTRS | 21 #ifndef PK11_SETATTRS |
22 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ | 22 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ |
23 @@ -1874,6 +1878,63 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out, | 23 @@ -1897,6 +1901,63 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out, |
24 return 13; | 24 return 13; |
25 } | 25 } |
26 | 26 |
27 +typedef SECStatus (*PK11CryptFcn)( | 27 +typedef SECStatus (*PK11CryptFcn)( |
28 + PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism, SECItem *param, | 28 + PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism, SECItem *param, |
29 + unsigned char *out, unsigned int *outLen, unsigned int maxLen, | 29 + unsigned char *out, unsigned int *outLen, unsigned int maxLen, |
30 + const unsigned char *in, unsigned int inLen); | 30 + const unsigned char *in, unsigned int inLen); |
31 + | 31 + |
32 +static PK11CryptFcn pk11_encrypt = NULL; | 32 +static PK11CryptFcn pk11_encrypt = NULL; |
33 +static PK11CryptFcn pk11_decrypt = NULL; | 33 +static PK11CryptFcn pk11_decrypt = NULL; |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
77 + PR_FALSE); | 77 + PR_FALSE); |
78 + PORT_Assert(rv == SECSuccess); /* else is coding error */ | 78 + PORT_Assert(rv == SECSuccess); /* else is coding error */ |
79 + } | 79 + } |
80 + } | 80 + } |
81 + return SECSuccess; | 81 + return SECSuccess; |
82 +} | 82 +} |
83 + | 83 + |
84 static SECStatus | 84 static SECStatus |
85 ssl3_AESGCM(ssl3KeyMaterial *keys, | 85 ssl3_AESGCM(ssl3KeyMaterial *keys, |
86 PRBool doDecrypt, | 86 PRBool doDecrypt, |
87 @@ -1925,10 +1986,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, | 87 @@ -1948,10 +2009,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, |
88 gcmParams.ulTagBits = tagSize * 8; | 88 gcmParams.ulTagBits = tagSize * 8; |
89 | 89 |
90 if (doDecrypt) { | 90 if (doDecrypt) { |
91 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 91 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
92 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 92 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
93 maxout, in, inlen); | 93 maxout, in, inlen); |
94 } else { | 94 } else { |
95 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 95 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
96 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 96 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
97 maxout, in, inlen); | 97 maxout, in, inlen); |
98 } | 98 } |
99 *outlen += (int) uOutLen; | 99 *outlen += (int) uOutLen; |
100 @@ -5162,6 +5223,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) | 100 @@ -5337,6 +5398,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
101 ssl3_DisableNonDTLSSuites(ss); | 101 ssl3_DisableNonDTLSSuites(ss); |
102 } | 102 } |
103 | 103 |
104 + if (!ssl3_HasGCMSupport()) { | 104 + if (!ssl3_HasGCMSupport()) { |
105 + ssl3_DisableGCMSuites(ss); | 105 + ssl3_DisableGCMSuites(ss); |
106 + } | 106 + } |
107 + | 107 + |
108 /* how many suites are permitted by policy and user preference? */ | 108 /* how many suites are permitted by policy and user preference? */ |
109 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); | 109 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); |
110 if (!num_suites) { | 110 if (!num_suites) { |
111 @@ -8172,6 +8237,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUi
nt32 length) | 111 @@ -8400,6 +8465,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUi
nt32 length) |
112 ssl3_DisableNonDTLSSuites(ss); | 112 ssl3_DisableNonDTLSSuites(ss); |
113 } | 113 } |
114 | 114 |
115 + if (!ssl3_HasGCMSupport()) { | 115 + if (!ssl3_HasGCMSupport()) { |
116 + ssl3_DisableGCMSuites(ss); | 116 + ssl3_DisableGCMSuites(ss); |
117 + } | 117 + } |
118 + | 118 + |
119 #ifdef PARANOID | 119 #ifdef PARANOID |
120 /* Look for a matching cipher suite. */ | 120 /* Look for a matching cipher suite. */ |
121 j = ssl3_config_match_init(ss); | 121 j = ssl3_config_match_init(ss); |
OLD | NEW |