Index: net/third_party/nss/ssl/sslinfo.c |
diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c |
index 845d9f02cf9bee5db14adfe41a574ba9fbfaa0ef..bef3190f367315ba5eb494df49d09cab665d709a 100644 |
--- a/net/third_party/nss/ssl/sslinfo.c |
+++ b/net/third_party/nss/ssl/sslinfo.c |
@@ -67,6 +67,8 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) |
inf.creationTime = sid->creationTime; |
inf.lastAccessTime = sid->lastAccessTime; |
inf.expirationTime = sid->expirationTime; |
+ inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecretUsed; |
+ |
if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ |
inf.sessionIDLength = SSL2_SESSIONID_BYTES; |
memcpy(inf.sessionID, sid->u.ssl2.sessionID, |
@@ -85,6 +87,42 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) |
return SECSuccess; |
} |
+SECStatus |
+SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, |
+ SSLPreliminaryChannelInfo *info, |
+ PRUintn len) |
+{ |
+ sslSocket *ss; |
+ SSLPreliminaryChannelInfo inf; |
+ |
+ if (!info || len < sizeof inf.length) { |
+ PORT_SetError(SEC_ERROR_INVALID_ARGS); |
+ return SECFailure; |
+ } |
+ |
+ ss = ssl_FindSocket(fd); |
+ if (!ss) { |
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo", |
+ SSL_GETPID(), fd)); |
+ return SECFailure; |
+ } |
+ |
+ if (ss->version < SSL_LIBRARY_VERSION_3_0) { |
+ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION); |
+ return SECFailure; |
+ } |
+ |
+ memset(&inf, 0, sizeof(inf)); |
+ inf.length = PR_MIN(sizeof(inf), len); |
+ |
+ inf.valuesSet = ss->ssl3.hs.preliminaryInfo; |
+ inf.protocolVersion = ss->version; |
+ inf.cipherSuite = ss->ssl3.hs.cipher_suite; |
+ |
+ memcpy(info, &inf, inf.length); |
+ return SECSuccess; |
+} |
+ |
#define CS(x) x, #x |
#define CK(x) x | 0xff00, #x |
@@ -136,6 +174,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { |
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, |
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, |
{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, |
+{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, |
{0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, |
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, }, |
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, }, |
@@ -146,7 +185,9 @@ static const SSLCipherSuiteInfo suiteInfo[] = { |
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, |
{0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, |
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, |
+{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, |
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, |
+{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, |
{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, }, |
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, |
{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, |
@@ -247,12 +288,10 @@ SSL_DisableDefaultExportCipherSuites(void) |
{ |
const SSLCipherSuiteInfo * pInfo = suiteInfo; |
unsigned int i; |
- SECStatus rv; |
for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { |
if (pInfo->isExportable) { |
- rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE); |
- PORT_Assert(rv == SECSuccess); |
+ PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE)); |
} |
} |
return SECSuccess; |
@@ -268,12 +307,10 @@ SSL_DisableExportCipherSuites(PRFileDesc * fd) |
{ |
const SSLCipherSuiteInfo * pInfo = suiteInfo; |
unsigned int i; |
- SECStatus rv; |
for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { |
if (pInfo->isExportable) { |
- rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE); |
- PORT_Assert(rv == SECSuccess); |
+ PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE)); |
} |
} |
return SECSuccess; |