| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Various SSL functions. | 2 * Various SSL functions. |
| 3 * | 3 * |
| 4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
| 5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 7 #include "cert.h" | 7 #include "cert.h" |
| 8 #include "secitem.h" | 8 #include "secitem.h" |
| 9 #include "keyhi.h" | 9 #include "keyhi.h" |
| 10 #include "ssl.h" | 10 #include "ssl.h" |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 131 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 131 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| 132 | 132 |
| 133 SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", SSL_GETPID(), ss->fd)); | 133 SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", SSL_GETPID(), ss->fd)); |
| 134 | 134 |
| 135 ss->firstHsDone = PR_TRUE; | 135 ss->firstHsDone = PR_TRUE; |
| 136 ss->enoughFirstHsDone = PR_TRUE; | 136 ss->enoughFirstHsDone = PR_TRUE; |
| 137 ss->gs.writeOffset = 0; | 137 ss->gs.writeOffset = 0; |
| 138 ss->gs.readOffset = 0; | 138 ss->gs.readOffset = 0; |
| 139 | 139 |
| 140 if (ss->handshakeCallback) { | 140 if (ss->handshakeCallback) { |
| 141 PORT_Assert(ss->version < SSL_LIBRARY_VERSION_3_0 || |
| 142 (ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == |
| 143 ssl_preinfo_all); |
| 141 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | 144 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
| 142 } | 145 } |
| 143 } | 146 } |
| 144 | 147 |
| 145 /* | 148 /* |
| 146 * Handshake function that blocks. Used to force a | 149 * Handshake function that blocks. Used to force a |
| 147 * retry on a connection on the next read/write. | 150 * retry on a connection on the next read/write. |
| 148 */ | 151 */ |
| 149 static SECStatus | 152 static SECStatus |
| 150 ssl3_AlwaysBlock(sslSocket *ss) | 153 ssl3_AlwaysBlock(sslSocket *ss) |
| (...skipping 496 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 647 ** length record) then this will force it to be correct. | 650 ** length record) then this will force it to be correct. |
| 648 */ | 651 */ |
| 649 PORT_SetError(PR_WOULD_BLOCK_ERROR); | 652 PORT_SetError(PR_WOULD_BLOCK_ERROR); |
| 650 rv = SECFailure; | 653 rv = SECFailure; |
| 651 goto done; | 654 goto done; |
| 652 } | 655 } |
| 653 SSL_TRC(30, ("%d: SSL[%d]: partial data ready, available=%d", | 656 SSL_TRC(30, ("%d: SSL[%d]: partial data ready, available=%d", |
| 654 SSL_GETPID(), ss->fd, available)); | 657 SSL_GETPID(), ss->fd, available)); |
| 655 } | 658 } |
| 656 | 659 |
| 660 if (IS_DTLS(ss) && (len < available)) { |
| 661 /* DTLS does not allow you to do partial reads */ |
| 662 SSL_TRC(30, ("%d: SSL[%d]: DTLS short read. len=%d available=%d", |
| 663 SSL_GETPID(), ss->fd, len, available)); |
| 664 ss->gs.readOffset += available; |
| 665 PORT_SetError(SSL_ERROR_RX_SHORT_DTLS_READ); |
| 666 rv = SECFailure; |
| 667 goto done; |
| 668 } |
| 669 |
| 657 /* Dole out clear data to reader */ | 670 /* Dole out clear data to reader */ |
| 658 amount = PR_MIN(len, available); | 671 amount = PR_MIN(len, available); |
| 659 PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount); | 672 PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount); |
| 660 if (!(flags & PR_MSG_PEEK)) { | 673 if (!(flags & PR_MSG_PEEK)) { |
| 661 ss->gs.readOffset += amount; | 674 ss->gs.readOffset += amount; |
| 662 } | 675 } |
| 663 PORT_Assert(ss->gs.readOffset <= ss->gs.writeOffset); | 676 PORT_Assert(ss->gs.readOffset <= ss->gs.writeOffset); |
| 664 rv = amount; | 677 rv = amount; |
| 665 | 678 |
| 666 SSL_TRC(30, ("%d: SSL[%d]: amount=%d available=%d", | 679 SSL_TRC(30, ("%d: SSL[%d]: amount=%d available=%d", |
| (...skipping 19 matching lines...) Expand all Loading... |
| 686 | 699 |
| 687 if (!cert) goto loser; | 700 if (!cert) goto loser; |
| 688 | 701 |
| 689 tag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm)); | 702 tag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm)); |
| 690 | 703 |
| 691 switch (tag) { | 704 switch (tag) { |
| 692 case SEC_OID_X500_RSA_ENCRYPTION: | 705 case SEC_OID_X500_RSA_ENCRYPTION: |
| 693 case SEC_OID_PKCS1_RSA_ENCRYPTION: | 706 case SEC_OID_PKCS1_RSA_ENCRYPTION: |
| 694 keaType = kt_rsa; | 707 keaType = kt_rsa; |
| 695 break; | 708 break; |
| 709 case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */ |
| 696 case SEC_OID_X942_DIFFIE_HELMAN_KEY: | 710 case SEC_OID_X942_DIFFIE_HELMAN_KEY: |
| 697 keaType = kt_dh; | 711 keaType = kt_dh; |
| 698 break; | 712 break; |
| 699 #ifndef NSS_DISABLE_ECC | 713 #ifndef NSS_DISABLE_ECC |
| 700 case SEC_OID_ANSIX962_EC_PUBLIC_KEY: | 714 case SEC_OID_ANSIX962_EC_PUBLIC_KEY: |
| 701 keaType = kt_ecdh; | 715 keaType = kt_ecdh; |
| 702 break; | 716 break; |
| 703 #endif /* NSS_DISABLE_ECC */ | 717 #endif /* NSS_DISABLE_ECC */ |
| 704 default: | 718 default: |
| 705 keaType = kt_null; | 719 keaType = kt_null; |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 782 if (keyPair) { | 796 if (keyPair) { |
| 783 SECKEY_CacheStaticFlags(keyPair->privKey); | 797 SECKEY_CacheStaticFlags(keyPair->privKey); |
| 784 sc->serverKeyPair = ssl3_GetKeyPairRef(keyPair); | 798 sc->serverKeyPair = ssl3_GetKeyPairRef(keyPair); |
| 785 } | 799 } |
| 786 if (kea == kt_rsa && cert && sc->serverKeyBits > 512 && | 800 if (kea == kt_rsa && cert && sc->serverKeyBits > 512 && |
| 787 !ss->opt.noStepDown && !ss->stepDownKeyPair) { | 801 !ss->opt.noStepDown && !ss->stepDownKeyPair) { |
| 788 if (ssl3_CreateRSAStepDownKeys(ss) != SECSuccess) { | 802 if (ssl3_CreateRSAStepDownKeys(ss) != SECSuccess) { |
| 789 goto loser; | 803 goto loser; |
| 790 } | 804 } |
| 791 } | 805 } |
| 806 if (kea == ssl_kea_dh || kea == ssl_kea_rsa) { |
| 807 if (ssl3_SelectDHParams(ss) != SECSuccess) { |
| 808 goto loser; |
| 809 } |
| 810 } |
| 792 return SECSuccess; | 811 return SECSuccess; |
| 793 | 812 |
| 794 loser: | 813 loser: |
| 795 if (localCertChain) { | 814 if (localCertChain) { |
| 796 CERT_DestroyCertificateList(localCertChain); | 815 CERT_DestroyCertificateList(localCertChain); |
| 797 } | 816 } |
| 798 if (sc->serverCert != NULL) { | 817 if (sc->serverCert != NULL) { |
| 799 CERT_DestroyCertificate(sc->serverCert); | 818 CERT_DestroyCertificate(sc->serverCert); |
| 800 sc->serverCert = NULL; | 819 sc->serverCert = NULL; |
| 801 } | 820 } |
| (...skipping 368 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1170 | 1189 |
| 1171 return rv; | 1190 return rv; |
| 1172 } | 1191 } |
| 1173 | 1192 |
| 1174 /************************************************************************/ | 1193 /************************************************************************/ |
| 1175 | 1194 |
| 1176 | 1195 |
| 1177 int | 1196 int |
| 1178 ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags) | 1197 ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags) |
| 1179 { | 1198 { |
| 1180 sslSecurityInfo *sec; | |
| 1181 int rv = 0; | 1199 int rv = 0; |
| 1182 | 1200 |
| 1183 sec = &ss->sec; | |
| 1184 | |
| 1185 if (ss->shutdownHow & ssl_SHUTDOWN_RCV) { | 1201 if (ss->shutdownHow & ssl_SHUTDOWN_RCV) { |
| 1186 PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); | 1202 PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); |
| 1187 return PR_FAILURE; | 1203 return PR_FAILURE; |
| 1188 } | 1204 } |
| 1189 if (flags & ~PR_MSG_PEEK) { | 1205 if (flags & ~PR_MSG_PEEK) { |
| 1190 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); | 1206 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); |
| 1191 return PR_FAILURE; | 1207 return PR_FAILURE; |
| 1192 } | 1208 } |
| 1193 | 1209 |
| 1194 if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) { | 1210 if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) { |
| (...skipping 517 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1712 if (!ss) { | 1728 if (!ss) { |
| 1713 SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook", | 1729 SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook", |
| 1714 SSL_GETPID(), fd)); | 1730 SSL_GETPID(), fd)); |
| 1715 return SECFailure; | 1731 return SECFailure; |
| 1716 } | 1732 } |
| 1717 | 1733 |
| 1718 ss->sniSocketConfig = func; | 1734 ss->sniSocketConfig = func; |
| 1719 ss->sniSocketConfigArg = arg; | 1735 ss->sniSocketConfigArg = arg; |
| 1720 return SECSuccess; | 1736 return SECSuccess; |
| 1721 } | 1737 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1511123006:
Uprev NSS (in libssl) to NSS 3.21 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master