| Index: net/third_party/nss/ssl/sslinfo.c
|
| diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c
|
| index 845d9f02cf9bee5db14adfe41a574ba9fbfaa0ef..bef3190f367315ba5eb494df49d09cab665d709a 100644
|
| --- a/net/third_party/nss/ssl/sslinfo.c
|
| +++ b/net/third_party/nss/ssl/sslinfo.c
|
| @@ -67,6 +67,8 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
|
| inf.creationTime = sid->creationTime;
|
| inf.lastAccessTime = sid->lastAccessTime;
|
| inf.expirationTime = sid->expirationTime;
|
| + inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecretUsed;
|
| +
|
| if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
|
| inf.sessionIDLength = SSL2_SESSIONID_BYTES;
|
| memcpy(inf.sessionID, sid->u.ssl2.sessionID,
|
| @@ -85,6 +87,42 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
|
| return SECSuccess;
|
| }
|
|
|
| +SECStatus
|
| +SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
|
| + SSLPreliminaryChannelInfo *info,
|
| + PRUintn len)
|
| +{
|
| + sslSocket *ss;
|
| + SSLPreliminaryChannelInfo inf;
|
| +
|
| + if (!info || len < sizeof inf.length) {
|
| + PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| + return SECFailure;
|
| + }
|
| +
|
| + ss = ssl_FindSocket(fd);
|
| + if (!ss) {
|
| + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo",
|
| + SSL_GETPID(), fd));
|
| + return SECFailure;
|
| + }
|
| +
|
| + if (ss->version < SSL_LIBRARY_VERSION_3_0) {
|
| + PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
|
| + return SECFailure;
|
| + }
|
| +
|
| + memset(&inf, 0, sizeof(inf));
|
| + inf.length = PR_MIN(sizeof(inf), len);
|
| +
|
| + inf.valuesSet = ss->ssl3.hs.preliminaryInfo;
|
| + inf.protocolVersion = ss->version;
|
| + inf.cipherSuite = ss->ssl3.hs.cipher_suite;
|
| +
|
| + memcpy(info, &inf, inf.length);
|
| + return SECSuccess;
|
| +}
|
| +
|
|
|
| #define CS(x) x, #x
|
| #define CK(x) x | 0xff00, #x
|
| @@ -136,6 +174,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
| {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
|
| {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
| {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
| +{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
|
| {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
|
| {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, },
|
| {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
|
| @@ -146,7 +185,9 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
| {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
| {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
| {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
| +{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
| {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
| +{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
| {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
|
| {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
|
| {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
| @@ -247,12 +288,10 @@ SSL_DisableDefaultExportCipherSuites(void)
|
| {
|
| const SSLCipherSuiteInfo * pInfo = suiteInfo;
|
| unsigned int i;
|
| - SECStatus rv;
|
|
|
| for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
|
| if (pInfo->isExportable) {
|
| - rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE);
|
| - PORT_Assert(rv == SECSuccess);
|
| + PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE));
|
| }
|
| }
|
| return SECSuccess;
|
| @@ -268,12 +307,10 @@ SSL_DisableExportCipherSuites(PRFileDesc * fd)
|
| {
|
| const SSLCipherSuiteInfo * pInfo = suiteInfo;
|
| unsigned int i;
|
| - SECStatus rv;
|
|
|
| for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
|
| if (pInfo->isExportable) {
|
| - rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE);
|
| - PORT_Assert(rv == SECSuccess);
|
| + PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE));
|
| }
|
| }
|
| return SECSuccess;
|
|
|
Chromium Code Reviews
Issue 1511123006:
Uprev NSS (in libssl) to NSS 3.21 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master