OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 #include "ssl.h" | 4 #include "ssl.h" |
5 #include "sslimpl.h" | 5 #include "sslimpl.h" |
6 #include "sslproto.h" | 6 #include "sslproto.h" |
7 | 7 |
8 static const char * | 8 static const char * |
9 ssl_GetCompressionMethodName(SSLCompressionMethod compression) | 9 ssl_GetCompressionMethodName(SSLCompressionMethod compression) |
10 { | 10 { |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
60 inf.cipherSuite = ss->ssl3.hs.cipher_suite; | 60 inf.cipherSuite = ss->ssl3.hs.cipher_suite; |
61 inf.compressionMethod = ss->ssl3.cwSpec->compression_method; | 61 inf.compressionMethod = ss->ssl3.cwSpec->compression_method; |
62 ssl_ReleaseSpecReadLock(ss); | 62 ssl_ReleaseSpecReadLock(ss); |
63 inf.compressionMethodName = | 63 inf.compressionMethodName = |
64 ssl_GetCompressionMethodName(inf.compressionMethod); | 64 ssl_GetCompressionMethodName(inf.compressionMethod); |
65 } | 65 } |
66 if (sid) { | 66 if (sid) { |
67 inf.creationTime = sid->creationTime; | 67 inf.creationTime = sid->creationTime; |
68 inf.lastAccessTime = sid->lastAccessTime; | 68 inf.lastAccessTime = sid->lastAccessTime; |
69 inf.expirationTime = sid->expirationTime; | 69 inf.expirationTime = sid->expirationTime; |
| 70 inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecret
Used; |
| 71 |
70 if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ | 72 if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ |
71 inf.sessionIDLength = SSL2_SESSIONID_BYTES; | 73 inf.sessionIDLength = SSL2_SESSIONID_BYTES; |
72 memcpy(inf.sessionID, sid->u.ssl2.sessionID, | 74 memcpy(inf.sessionID, sid->u.ssl2.sessionID, |
73 SSL2_SESSIONID_BYTES); | 75 SSL2_SESSIONID_BYTES); |
74 } else { | 76 } else { |
75 unsigned int sidLen = sid->u.ssl3.sessionIDLength; | 77 unsigned int sidLen = sid->u.ssl3.sessionIDLength; |
76 sidLen = PR_MIN(sidLen, sizeof inf.sessionID); | 78 sidLen = PR_MIN(sidLen, sizeof inf.sessionID); |
77 inf.sessionIDLength = sidLen; | 79 inf.sessionIDLength = sidLen; |
78 memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen); | 80 memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen); |
79 } | 81 } |
80 } | 82 } |
81 } | 83 } |
82 | 84 |
83 memcpy(info, &inf, inf.length); | 85 memcpy(info, &inf, inf.length); |
84 | 86 |
85 return SECSuccess; | 87 return SECSuccess; |
86 } | 88 } |
87 | 89 |
| 90 SECStatus |
| 91 SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, |
| 92 SSLPreliminaryChannelInfo *info, |
| 93 PRUintn len) |
| 94 { |
| 95 sslSocket *ss; |
| 96 SSLPreliminaryChannelInfo inf; |
| 97 |
| 98 if (!info || len < sizeof inf.length) { |
| 99 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 100 return SECFailure; |
| 101 } |
| 102 |
| 103 ss = ssl_FindSocket(fd); |
| 104 if (!ss) { |
| 105 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo", |
| 106 SSL_GETPID(), fd)); |
| 107 return SECFailure; |
| 108 } |
| 109 |
| 110 if (ss->version < SSL_LIBRARY_VERSION_3_0) { |
| 111 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION); |
| 112 return SECFailure; |
| 113 } |
| 114 |
| 115 memset(&inf, 0, sizeof(inf)); |
| 116 inf.length = PR_MIN(sizeof(inf), len); |
| 117 |
| 118 inf.valuesSet = ss->ssl3.hs.preliminaryInfo; |
| 119 inf.protocolVersion = ss->version; |
| 120 inf.cipherSuite = ss->ssl3.hs.cipher_suite; |
| 121 |
| 122 memcpy(info, &inf, inf.length); |
| 123 return SECSuccess; |
| 124 } |
| 125 |
88 | 126 |
89 #define CS(x) x, #x | 127 #define CS(x) x, #x |
90 #define CK(x) x | 0xff00, #x | 128 #define CK(x) x | 0xff00, #x |
91 | 129 |
92 #define S_DSA "DSA", ssl_auth_dsa | 130 #define S_DSA "DSA", ssl_auth_dsa |
93 #define S_RSA "RSA", ssl_auth_rsa | 131 #define S_RSA "RSA", ssl_auth_rsa |
94 #define S_KEA "KEA", ssl_auth_kea | 132 #define S_KEA "KEA", ssl_auth_kea |
95 #define S_ECDSA "ECDSA", ssl_auth_ecdsa | 133 #define S_ECDSA "ECDSA", ssl_auth_ecdsa |
96 | 134 |
97 #define K_DHE "DHE", kt_dh | 135 #define K_DHE "DHE", kt_dh |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
129 | 167 |
130 static const SSLCipherSuiteInfo suiteInfo[] = { | 168 static const SSLCipherSuiteInfo suiteInfo[] = { |
131 /* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC>
<FIPS> */ | 169 /* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC>
<FIPS> */ |
132 {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, | 170 {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, |
133 | 171 |
134 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, | 172 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, |
135 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, | 173 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, |
136 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, | 174 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, |
137 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, | 175 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, |
138 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, | 176 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, |
| 177 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, |
139 {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, | 178 {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, |
140 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, | 179 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, |
141 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA,
1, 0, 0, }, | 180 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA,
1, 0, 0, }, |
142 | 181 |
143 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, | 182 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, |
144 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, | 183 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, |
145 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA,
0, 0, 0, }, | 184 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA,
0, 0, 0, }, |
146 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, | 185 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, |
147 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, | 186 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, |
148 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, | 187 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, |
| 188 {0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, |
149 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, | 189 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, |
| 190 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, |
150 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA,
1, 0, 0, }, | 191 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA,
1, 0, 0, }, |
151 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, | 192 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, |
152 {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA,
0, 0, 0, }, | 193 {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA,
0, 0, 0, }, |
153 {0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5,
0, 0, 0, }, | 194 {0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5,
0, 0, 0, }, |
154 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, | 195 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, |
155 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA,
1, 0, 0, }, | 196 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA,
1, 0, 0, }, |
156 | 197 |
157 {0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, | 198 {0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, |
158 {0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, | 199 {0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, |
159 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA,
1, 0, 1, }, | 200 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA,
1, 0, 1, }, |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
240 } | 281 } |
241 | 282 |
242 /* This function might be a candidate to be public. | 283 /* This function might be a candidate to be public. |
243 * Disables all export ciphers in the default set of enabled ciphers. | 284 * Disables all export ciphers in the default set of enabled ciphers. |
244 */ | 285 */ |
245 SECStatus | 286 SECStatus |
246 SSL_DisableDefaultExportCipherSuites(void) | 287 SSL_DisableDefaultExportCipherSuites(void) |
247 { | 288 { |
248 const SSLCipherSuiteInfo * pInfo = suiteInfo; | 289 const SSLCipherSuiteInfo * pInfo = suiteInfo; |
249 unsigned int i; | 290 unsigned int i; |
250 SECStatus rv; | |
251 | 291 |
252 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { | 292 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { |
253 if (pInfo->isExportable) { | 293 if (pInfo->isExportable) { |
254 » rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE); | 294 » PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FA
LSE)); |
255 » PORT_Assert(rv == SECSuccess); | |
256 } | 295 } |
257 } | 296 } |
258 return SECSuccess; | 297 return SECSuccess; |
259 } | 298 } |
260 | 299 |
261 /* This function might be a candidate to be public, | 300 /* This function might be a candidate to be public, |
262 * except that it takes an sslSocket pointer as an argument. | 301 * except that it takes an sslSocket pointer as an argument. |
263 * A Public version would take a PRFileDesc pointer. | 302 * A Public version would take a PRFileDesc pointer. |
264 * Disables all export ciphers in the default set of enabled ciphers. | 303 * Disables all export ciphers in the default set of enabled ciphers. |
265 */ | 304 */ |
266 SECStatus | 305 SECStatus |
267 SSL_DisableExportCipherSuites(PRFileDesc * fd) | 306 SSL_DisableExportCipherSuites(PRFileDesc * fd) |
268 { | 307 { |
269 const SSLCipherSuiteInfo * pInfo = suiteInfo; | 308 const SSLCipherSuiteInfo * pInfo = suiteInfo; |
270 unsigned int i; | 309 unsigned int i; |
271 SECStatus rv; | |
272 | 310 |
273 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { | 311 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { |
274 if (pInfo->isExportable) { | 312 if (pInfo->isExportable) { |
275 » rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE); | 313 » PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE
)); |
276 » PORT_Assert(rv == SECSuccess); | |
277 } | 314 } |
278 } | 315 } |
279 return SECSuccess; | 316 return SECSuccess; |
280 } | 317 } |
281 | 318 |
282 /* Tells us if the named suite is exportable | 319 /* Tells us if the named suite is exportable |
283 * returns false for unknown suites. | 320 * returns false for unknown suites. |
284 */ | 321 */ |
285 PRBool | 322 PRBool |
286 SSL_IsExportCipherSuite(PRUint16 cipherSuite) | 323 SSL_IsExportCipherSuite(PRUint16 cipherSuite) |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
400 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, | 437 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, |
401 valLen, out, outLen); | 438 valLen, out, outLen); |
402 } | 439 } |
403 ssl_ReleaseSpecReadLock(ss); | 440 ssl_ReleaseSpecReadLock(ss); |
404 ssl_ReleaseSSL3HandshakeLock(ss); | 441 ssl_ReleaseSSL3HandshakeLock(ss); |
405 ssl_ReleaseRecvBufLock(ss); | 442 ssl_ReleaseRecvBufLock(ss); |
406 | 443 |
407 PORT_ZFree(val, valLen); | 444 PORT_ZFree(val, valLen); |
408 return rv; | 445 return rv; |
409 } | 446 } |
OLD | NEW |