Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(301)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/ssl3ext.c

Issue 16195008: Support the new supported_signature_algorithms field of the (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public 4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 7
8 /* TLS extension code moved here from ssl3ecc.c */ 8 /* TLS extension code moved here from ssl3ecc.c */
9 /* $Id$ */ 9 /* $Id$ */
10 10
(...skipping 2052 matching lines...) Expand 10 before | Expand all | Expand 10 after
2063 } 2063 }
2064 2064
2065 /* Keep track of negotiated extensions. */ 2065 /* Keep track of negotiated extensions. */
2066 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; 2066 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
2067 2067
2068 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data, 2068 rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data,
2069 &data->len); 2069 &data->len);
2070 if (rv != SECSuccess) { 2070 if (rv != SECSuccess) {
2071 return SECFailure; 2071 return SECFailure;
2072 } 2072 }
2073 /* Trailing data or odd-length parameters is invalid. */ 2073 /* Trailing data, empty value, or odd-length value is invalid. */
2074 if (data->len != 0 || (algorithms.len & 1) != 0) { 2074 if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
2075 PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); 2075 PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
2076 return SECFailure; 2076 return SECFailure;
2077 } 2077 }
2078 2078
2079 numAlgorithms = algorithms.len/2; 2079 numAlgorithms = algorithms.len/2;
2080 2080
2081 if (numAlgorithms == 0) {
2082 return SECSuccess;
2083 }
2084 /* We don't care to process excessive numbers of algorithms. */ 2081 /* We don't care to process excessive numbers of algorithms. */
2085 if (numAlgorithms > 512) { 2082 if (numAlgorithms > 512) {
2086 numAlgorithms = 512; 2083 numAlgorithms = 512;
2087 } 2084 }
2088 2085
2089 ss->ssl3.hs.clientSigAndHash = 2086 ss->ssl3.hs.clientSigAndHash =
2090 PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); 2087 PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
2091 if (!ss->ssl3.hs.clientSigAndHash) { 2088 if (!ss->ssl3.hs.clientSigAndHash) {
2092 return SECFailure; 2089 return SECFailure;
2093 } 2090 }
(...skipping 24 matching lines...) Expand all
2118 } 2115 }
2119 2116
2120 return SECSuccess; 2117 return SECSuccess;
2121 } 2118 }
2122 2119
2123 /* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS 2120 /* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS
2124 * 1.2 ClientHellos. */ 2121 * 1.2 ClientHellos. */
2125 static PRInt32 2122 static PRInt32
2126 ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2123 ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
2127 { 2124 {
2128 static const unsigned char signatureAlgorithms[] = {
2129 /* This block is the contents of our signature_algorithms extension, in
2130 * wire format. See
2131 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
2132 tls_hash_sha256, tls_sig_rsa,
2133 tls_hash_sha384, tls_sig_rsa,
2134 tls_hash_sha1, tls_sig_rsa,
2135 #ifdef NSS_ENABLE_ECC
2136 tls_hash_sha256, tls_sig_ecdsa,
2137 tls_hash_sha384, tls_sig_ecdsa,
2138 tls_hash_sha1, tls_sig_ecdsa,
2139 #endif
2140 tls_hash_sha256, tls_sig_dsa,
2141 tls_hash_sha1, tls_sig_dsa,
2142 };
2143 PRInt32 extension_length; 2125 PRInt32 extension_length;
2144 2126
2145 if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { 2127 if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
2146 return 0; 2128 return 0;
2147 } 2129 }
2148 2130
2149 extension_length = 2131 extension_length =
2150 2 /* extension type */ + 2132 2 /* extension type */ +
2151 2 /* extension length */ + 2133 2 /* extension length */ +
2152 2 /* supported_signature_algorithms length */ + 2134 2 /* supported_signature_algorithms length */ +
2153 » sizeof(signatureAlgorithms); 2135 » ssl3_SizeOfSupportedSignatureAlgorithms();
2154 2136
2155 if (append && maxBytes >= extension_length) { 2137 if (append && maxBytes >= extension_length) {
2156 SECStatus rv; 2138 SECStatus rv;
2157 rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); 2139 rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
2158 if (rv != SECSuccess) 2140 if (rv != SECSuccess)
2159 goto loser; 2141 goto loser;
2160 rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); 2142 rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
2161 if (rv != SECSuccess) 2143 if (rv != SECSuccess)
2162 goto loser; 2144 goto loser;
2163 » rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, 2145 » rv = ssl3_AppendSupportedSignatureAlgorithms(ss);
2164 » » » » » sizeof(signatureAlgorithms), 2);
2165 if (rv != SECSuccess) 2146 if (rv != SECSuccess)
2166 goto loser; 2147 goto loser;
2167 ss->xtnData.advertised[ss->xtnData.numAdvertised++] = 2148 ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
2168 ssl_signature_algorithms_xtn; 2149 ssl_signature_algorithms_xtn;
2169 } else if (maxBytes < extension_length) { 2150 } else if (maxBytes < extension_length) {
2170 PORT_Assert(0); 2151 PORT_Assert(0);
2171 return 0; 2152 return 0;
2172 } 2153 }
2173 2154
2174 return extension_length; 2155 return extension_length;
2175 2156
2176 loser: 2157 loser:
2177 return -1; 2158 return -1;
2178 } 2159 }
OLDNEW
« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698