| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 #include "ssl.h" | 4 #include "ssl.h" |
| 5 #include "sslimpl.h" | 5 #include "sslimpl.h" |
| 6 #include "sslproto.h" | 6 #include "sslproto.h" |
| 7 | 7 |
| 8 static const char * | 8 static const char * |
| 9 ssl_GetCompressionMethodName(SSLCompressionMethod compression) | 9 ssl_GetCompressionMethodName(SSLCompressionMethod compression) |
| 10 { | 10 { |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 60 inf.cipherSuite = ss->ssl3.hs.cipher_suite; | 60 inf.cipherSuite = ss->ssl3.hs.cipher_suite; |
| 61 inf.compressionMethod = ss->ssl3.cwSpec->compression_method; | 61 inf.compressionMethod = ss->ssl3.cwSpec->compression_method; |
| 62 ssl_ReleaseSpecReadLock(ss); | 62 ssl_ReleaseSpecReadLock(ss); |
| 63 inf.compressionMethodName = | 63 inf.compressionMethodName = |
| 64 ssl_GetCompressionMethodName(inf.compressionMethod); | 64 ssl_GetCompressionMethodName(inf.compressionMethod); |
| 65 } | 65 } |
| 66 if (sid) { | 66 if (sid) { |
| 67 inf.creationTime = sid->creationTime; | 67 inf.creationTime = sid->creationTime; |
| 68 inf.lastAccessTime = sid->lastAccessTime; | 68 inf.lastAccessTime = sid->lastAccessTime; |
| 69 inf.expirationTime = sid->expirationTime; | 69 inf.expirationTime = sid->expirationTime; |
| 70 inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecret
Used; |
| 71 |
| 70 if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ | 72 if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ |
| 71 inf.sessionIDLength = SSL2_SESSIONID_BYTES; | 73 inf.sessionIDLength = SSL2_SESSIONID_BYTES; |
| 72 memcpy(inf.sessionID, sid->u.ssl2.sessionID, | 74 memcpy(inf.sessionID, sid->u.ssl2.sessionID, |
| 73 SSL2_SESSIONID_BYTES); | 75 SSL2_SESSIONID_BYTES); |
| 74 } else { | 76 } else { |
| 75 unsigned int sidLen = sid->u.ssl3.sessionIDLength; | 77 unsigned int sidLen = sid->u.ssl3.sessionIDLength; |
| 76 sidLen = PR_MIN(sidLen, sizeof inf.sessionID); | 78 sidLen = PR_MIN(sidLen, sizeof inf.sessionID); |
| 77 inf.sessionIDLength = sidLen; | 79 inf.sessionIDLength = sidLen; |
| 78 memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen); | 80 memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen); |
| 79 } | 81 } |
| 80 } | 82 } |
| 81 } | 83 } |
| 82 | 84 |
| 83 memcpy(info, &inf, inf.length); | 85 memcpy(info, &inf, inf.length); |
| 84 | 86 |
| 85 return SECSuccess; | 87 return SECSuccess; |
| 86 } | 88 } |
| 87 | 89 |
| 90 SECStatus |
| 91 SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, |
| 92 SSLPreliminaryChannelInfo *info, |
| 93 PRUintn len) |
| 94 { |
| 95 sslSocket *ss; |
| 96 SSLPreliminaryChannelInfo inf; |
| 97 |
| 98 if (!info || len < sizeof inf.length) { |
| 99 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 100 return SECFailure; |
| 101 } |
| 102 |
| 103 ss = ssl_FindSocket(fd); |
| 104 if (!ss) { |
| 105 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo", |
| 106 SSL_GETPID(), fd)); |
| 107 return SECFailure; |
| 108 } |
| 109 |
| 110 if (ss->version < SSL_LIBRARY_VERSION_3_0) { |
| 111 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION); |
| 112 return SECFailure; |
| 113 } |
| 114 |
| 115 memset(&inf, 0, sizeof(inf)); |
| 116 inf.length = PR_MIN(sizeof(inf), len); |
| 117 |
| 118 inf.valuesSet = ss->ssl3.hs.preliminaryInfo; |
| 119 inf.protocolVersion = ss->version; |
| 120 inf.cipherSuite = ss->ssl3.hs.cipher_suite; |
| 121 |
| 122 memcpy(info, &inf, inf.length); |
| 123 return SECSuccess; |
| 124 } |
| 125 |
| 88 | 126 |
| 89 #define CS(x) x, #x | 127 #define CS(x) x, #x |
| 90 #define CK(x) x | 0xff00, #x | 128 #define CK(x) x | 0xff00, #x |
| 91 | 129 |
| 92 #define S_DSA "DSA", ssl_auth_dsa | 130 #define S_DSA "DSA", ssl_auth_dsa |
| 93 #define S_RSA "RSA", ssl_auth_rsa | 131 #define S_RSA "RSA", ssl_auth_rsa |
| 94 #define S_KEA "KEA", ssl_auth_kea | 132 #define S_KEA "KEA", ssl_auth_kea |
| 95 #define S_ECDSA "ECDSA", ssl_auth_ecdsa | 133 #define S_ECDSA "ECDSA", ssl_auth_ecdsa |
| 96 | 134 |
| 97 #define K_DHE "DHE", kt_dh | 135 #define K_DHE "DHE", kt_dh |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 129 | 167 |
| 130 static const SSLCipherSuiteInfo suiteInfo[] = { | 168 static const SSLCipherSuiteInfo suiteInfo[] = { |
| 131 /* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC>
<FIPS> */ | 169 /* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC>
<FIPS> */ |
| 132 {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, | 170 {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, |
| 133 | 171 |
| 134 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, | 172 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, |
| 135 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, | 173 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, |
| 136 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, | 174 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, |
| 137 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, | 175 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, |
| 138 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, | 176 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, |
| 177 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, |
| 139 {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, | 178 {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, |
| 140 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, | 179 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, |
| 141 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA,
1, 0, 0, }, | 180 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA,
1, 0, 0, }, |
| 142 | 181 |
| 143 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, | 182 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, |
| 144 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, | 183 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, |
| 145 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA,
0, 0, 0, }, | 184 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA,
0, 0, 0, }, |
| 146 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, | 185 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, |
| 147 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, | 186 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, |
| 148 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, | 187 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, |
| 188 {0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, |
| 149 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, | 189 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, |
| 190 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, |
| 150 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA,
1, 0, 0, }, | 191 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA,
1, 0, 0, }, |
| 151 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, | 192 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, |
| 152 {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA,
0, 0, 0, }, | 193 {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA,
0, 0, 0, }, |
| 153 {0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5,
0, 0, 0, }, | 194 {0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5,
0, 0, 0, }, |
| 154 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, | 195 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, |
| 155 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA,
1, 0, 0, }, | 196 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA,
1, 0, 0, }, |
| 156 | 197 |
| 157 {0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, | 198 {0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, |
| 158 {0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, | 199 {0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, |
| 159 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA,
1, 0, 1, }, | 200 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA,
1, 0, 1, }, |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 240 } | 281 } |
| 241 | 282 |
| 242 /* This function might be a candidate to be public. | 283 /* This function might be a candidate to be public. |
| 243 * Disables all export ciphers in the default set of enabled ciphers. | 284 * Disables all export ciphers in the default set of enabled ciphers. |
| 244 */ | 285 */ |
| 245 SECStatus | 286 SECStatus |
| 246 SSL_DisableDefaultExportCipherSuites(void) | 287 SSL_DisableDefaultExportCipherSuites(void) |
| 247 { | 288 { |
| 248 const SSLCipherSuiteInfo * pInfo = suiteInfo; | 289 const SSLCipherSuiteInfo * pInfo = suiteInfo; |
| 249 unsigned int i; | 290 unsigned int i; |
| 250 SECStatus rv; | |
| 251 | 291 |
| 252 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { | 292 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { |
| 253 if (pInfo->isExportable) { | 293 if (pInfo->isExportable) { |
| 254 » rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE); | 294 » PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FA
LSE)); |
| 255 » PORT_Assert(rv == SECSuccess); | |
| 256 } | 295 } |
| 257 } | 296 } |
| 258 return SECSuccess; | 297 return SECSuccess; |
| 259 } | 298 } |
| 260 | 299 |
| 261 /* This function might be a candidate to be public, | 300 /* This function might be a candidate to be public, |
| 262 * except that it takes an sslSocket pointer as an argument. | 301 * except that it takes an sslSocket pointer as an argument. |
| 263 * A Public version would take a PRFileDesc pointer. | 302 * A Public version would take a PRFileDesc pointer. |
| 264 * Disables all export ciphers in the default set of enabled ciphers. | 303 * Disables all export ciphers in the default set of enabled ciphers. |
| 265 */ | 304 */ |
| 266 SECStatus | 305 SECStatus |
| 267 SSL_DisableExportCipherSuites(PRFileDesc * fd) | 306 SSL_DisableExportCipherSuites(PRFileDesc * fd) |
| 268 { | 307 { |
| 269 const SSLCipherSuiteInfo * pInfo = suiteInfo; | 308 const SSLCipherSuiteInfo * pInfo = suiteInfo; |
| 270 unsigned int i; | 309 unsigned int i; |
| 271 SECStatus rv; | |
| 272 | 310 |
| 273 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { | 311 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { |
| 274 if (pInfo->isExportable) { | 312 if (pInfo->isExportable) { |
| 275 » rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE); | 313 » PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE
)); |
| 276 » PORT_Assert(rv == SECSuccess); | |
| 277 } | 314 } |
| 278 } | 315 } |
| 279 return SECSuccess; | 316 return SECSuccess; |
| 280 } | 317 } |
| 281 | 318 |
| 282 /* Tells us if the named suite is exportable | 319 /* Tells us if the named suite is exportable |
| 283 * returns false for unknown suites. | 320 * returns false for unknown suites. |
| 284 */ | 321 */ |
| 285 PRBool | 322 PRBool |
| 286 SSL_IsExportCipherSuite(PRUint16 cipherSuite) | 323 SSL_IsExportCipherSuite(PRUint16 cipherSuite) |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 400 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, | 437 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, |
| 401 valLen, out, outLen); | 438 valLen, out, outLen); |
| 402 } | 439 } |
| 403 ssl_ReleaseSpecReadLock(ss); | 440 ssl_ReleaseSpecReadLock(ss); |
| 404 ssl_ReleaseSSL3HandshakeLock(ss); | 441 ssl_ReleaseSSL3HandshakeLock(ss); |
| 405 ssl_ReleaseRecvBufLock(ss); | 442 ssl_ReleaseRecvBufLock(ss); |
| 406 | 443 |
| 407 PORT_ZFree(val, valLen); | 444 PORT_ZFree(val, valLen); |
| 408 return rv; | 445 return rv; |
| 409 } | 446 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1511123006:
Uprev NSS (in libssl) to NSS 3.21 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master