OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 /* $Id$ */ | 8 /* $Id$ */ |
9 | 9 |
10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
90 */ | 90 */ |
91 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { | 91 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { |
92 /* cipher_suite policy enabled is_present*/ | 92 /* cipher_suite policy enabled is_present*/ |
93 #ifdef NSS_ENABLE_ECC | 93 #ifdef NSS_ENABLE_ECC |
94 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 94 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
95 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 95 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
96 #endif /* NSS_ENABLE_ECC */ | 96 #endif /* NSS_ENABLE_ECC */ |
97 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 97 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
98 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 98 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
99 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 99 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
| 100 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
100 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 101 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
101 #ifdef NSS_ENABLE_ECC | 102 #ifdef NSS_ENABLE_ECC |
102 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 103 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
103 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 104 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
104 #endif /* NSS_ENABLE_ECC */ | 105 #endif /* NSS_ENABLE_ECC */ |
105 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 106 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
106 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 107 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
| 108 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
107 | 109 |
108 #ifdef NSS_ENABLE_ECC | 110 #ifdef NSS_ENABLE_ECC |
109 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 111 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
110 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 112 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
| 113 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
111 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 114 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
112 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 115 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
| 116 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
113 #endif /* NSS_ENABLE_ECC */ | 117 #endif /* NSS_ENABLE_ECC */ |
114 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 118 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
115 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 119 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
116 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 120 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
117 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 121 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
| 122 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
118 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 123 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
119 #ifdef NSS_ENABLE_ECC | 124 #ifdef NSS_ENABLE_ECC |
120 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 125 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
121 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 126 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
122 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 127 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
123 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 128 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
124 #endif /* NSS_ENABLE_ECC */ | 129 #endif /* NSS_ENABLE_ECC */ |
125 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 130 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
126 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 131 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
127 { SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 132 { SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
128 { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, | 133 { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, |
129 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 134 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
| 135 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
130 | 136 |
131 #ifdef NSS_ENABLE_ECC | 137 #ifdef NSS_ENABLE_ECC |
132 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 138 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
133 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 139 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
134 #endif /* NSS_ENABLE_ECC */ | 140 #endif /* NSS_ENABLE_ECC */ |
135 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 141 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
136 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 142 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, |
137 #ifdef NSS_ENABLE_ECC | 143 #ifdef NSS_ENABLE_ECC |
138 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 144 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
139 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 145 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
(...skipping 12 matching lines...) Expand all Loading... |
152 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 158 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, |
153 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 159 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, |
154 | 160 |
155 #ifdef NSS_ENABLE_ECC | 161 #ifdef NSS_ENABLE_ECC |
156 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 162 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, |
157 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 163 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, |
158 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 164 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, |
159 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 165 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, |
160 #endif /* NSS_ENABLE_ECC */ | 166 #endif /* NSS_ENABLE_ECC */ |
161 { SSL_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 167 { SSL_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
| 168 { TLS_RSA_WITH_NULL_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
162 { SSL_RSA_WITH_NULL_MD5, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 169 { SSL_RSA_WITH_NULL_MD5, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, |
163 | 170 |
164 }; | 171 }; |
165 | 172 |
166 /* This list of SSL3 compression methods is sorted in descending order of | 173 /* This list of SSL3 compression methods is sorted in descending order of |
167 * precedence (desirability). It only includes compression methods we | 174 * precedence (desirability). It only includes compression methods we |
168 * implement. | 175 * implement. |
169 */ | 176 */ |
170 static const /*SSLCompressionMethod*/ uint8 compressions [] = { | 177 static const /*SSLCompressionMethod*/ uint8 compressions [] = { |
171 #ifdef NSS_ENABLE_ZLIB | 178 #ifdef NSS_ENABLE_ZLIB |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
275 }; | 282 }; |
276 | 283 |
277 /* must use ssl_LookupCipherSuiteDef to access */ | 284 /* must use ssl_LookupCipherSuiteDef to access */ |
278 static const ssl3CipherSuiteDef cipher_suite_defs[] = | 285 static const ssl3CipherSuiteDef cipher_suite_defs[] = |
279 { | 286 { |
280 /* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */ | 287 /* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */ |
281 | 288 |
282 {SSL_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null}, | 289 {SSL_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null}, |
283 {SSL_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa}, | 290 {SSL_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa}, |
284 {SSL_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa}, | 291 {SSL_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa}, |
| 292 {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa}, |
285 {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export}, | 293 {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export}, |
286 {SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa}, | 294 {SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa}, |
287 {SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa}, | 295 {SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa}, |
288 {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, | 296 {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, |
289 cipher_rc2_40, mac_md5, kea_rsa_export}, | 297 cipher_rc2_40, mac_md5, kea_rsa_export}, |
290 #if 0 /* not implemented */ | 298 #if 0 /* not implemented */ |
291 {SSL_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa}, | 299 {SSL_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa}, |
292 {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, | 300 {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, |
293 cipher_des40, mac_sha, kea_rsa_export}, | 301 cipher_des40, mac_sha, kea_rsa_export}, |
294 #endif | 302 #endif |
(...skipping 24 matching lines...) Expand all Loading... |
319 {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export}, | 327 {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export}, |
320 {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, | 328 {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, |
321 cipher_des40, mac_sha, kea_dh_anon_export}, | 329 cipher_des40, mac_sha, kea_dh_anon_export}, |
322 {SSL_DH_ANON_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon}, | 330 {SSL_DH_ANON_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon}, |
323 {SSL_DH_ANON_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon}, | 331 {SSL_DH_ANON_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon}, |
324 #endif | 332 #endif |
325 | 333 |
326 | 334 |
327 /* New TLS cipher suites */ | 335 /* New TLS cipher suites */ |
328 {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa}, | 336 {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa}, |
| 337 {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa}, |
329 {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss}, | 338 {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss}, |
330 {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa}, | 339 {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa}, |
| 340 {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_r
sa}, |
331 {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa}, | 341 {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa}, |
| 342 {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa}, |
332 {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss}, | 343 {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss}, |
333 {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa}, | 344 {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa}, |
| 345 {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_r
sa}, |
334 #if 0 | 346 #if 0 |
335 {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss}, | 347 {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss}, |
336 {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa}, | 348 {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa}, |
337 {TLS_DH_ANON_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon}, | 349 {TLS_DH_ANON_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon}, |
338 {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss}, | 350 {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss}, |
339 {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa}, | 351 {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa}, |
340 {TLS_DH_ANON_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon}, | 352 {TLS_DH_ANON_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon}, |
341 #endif | 353 #endif |
342 | 354 |
343 {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa}, | 355 {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa}, |
(...skipping 21 matching lines...) Expand all Loading... |
365 {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, | 377 {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, |
366 {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, | 378 {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, |
367 {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa}
, | 379 {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa}
, |
368 {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecds
a}, | 380 {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecds
a}, |
369 {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecds
a}, | 381 {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecds
a}, |
370 | 382 |
371 {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa
}, | 383 {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa
}, |
372 {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa
}, | 384 {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa
}, |
373 {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecds
a}, | 385 {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecds
a}, |
374 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ec
dsa}, | 386 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ec
dsa}, |
| 387 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_e
cdhe_ecdsa}, |
375 {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ec
dsa}, | 388 {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ec
dsa}, |
376 | 389 |
377 {TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_rsa}, | 390 {TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_rsa}, |
378 {TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_rsa}, | 391 {TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_rsa}, |
379 {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_rsa}, | 392 {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_rsa}, |
380 {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_rsa}, | 393 {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_rsa}, |
381 {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_rsa}, | 394 {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_rsa}, |
382 | 395 |
383 {TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa
}, | 396 {TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa
}, |
384 {TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa
}, | 397 {TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa
}, |
385 {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa
}, | 398 {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa
}, |
386 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa
}, | 399 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa
}, |
| 400 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecd
he_rsa}, |
387 {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa
}, | 401 {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa
}, |
388 | 402 |
389 #if 0 | 403 #if 0 |
390 {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon
}, | 404 {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon
}, |
391 {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon
}, | 405 {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon
}, |
392 {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon
}, | 406 {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon
}, |
393 {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon
}, | 407 {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon
}, |
394 {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon
}, | 408 {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon
}, |
395 #endif | 409 #endif |
396 #endif /* NSS_ENABLE_ECC */ | 410 #endif /* NSS_ENABLE_ECC */ |
(...skipping 26 matching lines...) Expand all Loading... |
423 { calg_camellia , CKM_CAMELLIA_CBC }, | 437 { calg_camellia , CKM_CAMELLIA_CBC }, |
424 { calg_seed , CKM_SEED_CBC }, | 438 { calg_seed , CKM_SEED_CBC }, |
425 /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */ | 439 /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */ |
426 }; | 440 }; |
427 | 441 |
428 #define mmech_null (CK_MECHANISM_TYPE)0x80000000L | 442 #define mmech_null (CK_MECHANISM_TYPE)0x80000000L |
429 #define mmech_md5 CKM_SSL3_MD5_MAC | 443 #define mmech_md5 CKM_SSL3_MD5_MAC |
430 #define mmech_sha CKM_SSL3_SHA1_MAC | 444 #define mmech_sha CKM_SSL3_SHA1_MAC |
431 #define mmech_md5_hmac CKM_MD5_HMAC | 445 #define mmech_md5_hmac CKM_MD5_HMAC |
432 #define mmech_sha_hmac CKM_SHA_1_HMAC | 446 #define mmech_sha_hmac CKM_SHA_1_HMAC |
| 447 #define mmech_sha256_hmac CKM_SHA256_HMAC |
433 | 448 |
434 static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */ | 449 static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */ |
| 450 /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */ |
435 /* mac mmech pad_size mac_size */ | 451 /* mac mmech pad_size mac_size */ |
436 { mac_null, mmech_null, 0, 0 }, | 452 { mac_null, mmech_null, 0, 0 }, |
437 { mac_md5, mmech_md5, 48, MD5_LENGTH }, | 453 { mac_md5, mmech_md5, 48, MD5_LENGTH }, |
438 { mac_sha, mmech_sha, 40, SHA1_LENGTH}, | 454 { mac_sha, mmech_sha, 40, SHA1_LENGTH}, |
439 {hmac_md5, mmech_md5_hmac, 48, MD5_LENGTH }, | 455 {hmac_md5, mmech_md5_hmac, 0, MD5_LENGTH }, |
440 {hmac_sha, mmech_sha_hmac, 40, SHA1_LENGTH}, | 456 {hmac_sha, mmech_sha_hmac, 0, SHA1_LENGTH}, |
| 457 {hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH}, |
441 }; | 458 }; |
442 | 459 |
443 /* indexed by SSL3BulkCipher */ | 460 /* indexed by SSL3BulkCipher */ |
444 const char * const ssl3_cipherName[] = { | 461 const char * const ssl3_cipherName[] = { |
445 "NULL", | 462 "NULL", |
446 "RC4", | 463 "RC4", |
447 "RC4-40", | 464 "RC4-40", |
448 "RC4-56", | 465 "RC4-56", |
449 "RC2-CBC", | 466 "RC2-CBC", |
450 "RC2-CBC-40", | 467 "RC2-CBC-40", |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
573 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: | 590 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: |
574 /* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented | 591 /* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented |
575 * SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented | 592 * SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented |
576 * SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented | 593 * SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented |
577 * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented | 594 * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented |
578 * SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented | 595 * SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented |
579 * SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented | 596 * SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented |
580 * SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented | 597 * SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented |
581 */ | 598 */ |
582 return version <= SSL_LIBRARY_VERSION_TLS_1_0; | 599 return version <= SSL_LIBRARY_VERSION_TLS_1_0; |
| 600 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: |
| 601 case TLS_RSA_WITH_AES_256_CBC_SHA256: |
| 602 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: |
| 603 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: |
| 604 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: |
| 605 case TLS_RSA_WITH_AES_128_CBC_SHA256: |
| 606 case TLS_RSA_WITH_NULL_SHA256: |
| 607 return version >= SSL_LIBRARY_VERSION_TLS_1_2; |
583 default: | 608 default: |
584 return PR_TRUE; | 609 return PR_TRUE; |
585 } | 610 } |
586 } | 611 } |
587 | 612 |
588 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ | 613 /* return pointer to ssl3CipherSuiteDef for suite, or NULL */ |
589 /* XXX This does a linear search. A binary search would be better. */ | 614 /* XXX This does a linear search. A binary search would be better. */ |
590 static const ssl3CipherSuiteDef * | 615 static const ssl3CipherSuiteDef * |
591 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) | 616 ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) |
592 { | 617 { |
(...skipping 734 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1327 if (IS_DTLS(ss)) { | 1352 if (IS_DTLS(ss)) { |
1328 /* Double-check that we did not pick an RC4 suite */ | 1353 /* Double-check that we did not pick an RC4 suite */ |
1329 PORT_Assert((suite_def->bulk_cipher_alg != cipher_rc4) && | 1354 PORT_Assert((suite_def->bulk_cipher_alg != cipher_rc4) && |
1330 (suite_def->bulk_cipher_alg != cipher_rc4_40) && | 1355 (suite_def->bulk_cipher_alg != cipher_rc4_40) && |
1331 (suite_def->bulk_cipher_alg != cipher_rc4_56)); | 1356 (suite_def->bulk_cipher_alg != cipher_rc4_56)); |
1332 } | 1357 } |
1333 | 1358 |
1334 cipher = suite_def->bulk_cipher_alg; | 1359 cipher = suite_def->bulk_cipher_alg; |
1335 kea = suite_def->key_exchange_alg; | 1360 kea = suite_def->key_exchange_alg; |
1336 mac = suite_def->mac_alg; | 1361 mac = suite_def->mac_alg; |
1337 if (isTLS) | 1362 if (mac <= ssl_mac_sha && isTLS) |
1338 mac += 2; | 1363 mac += 2; |
1339 | 1364 |
1340 ss->ssl3.hs.suite_def = suite_def; | 1365 ss->ssl3.hs.suite_def = suite_def; |
1341 ss->ssl3.hs.kea_def = &kea_defs[kea]; | 1366 ss->ssl3.hs.kea_def = &kea_defs[kea]; |
1342 PORT_Assert(ss->ssl3.hs.kea_def->kea == kea); | 1367 PORT_Assert(ss->ssl3.hs.kea_def->kea == kea); |
1343 | 1368 |
1344 pwSpec->cipher_def = &bulk_cipher_defs[cipher]; | 1369 pwSpec->cipher_def = &bulk_cipher_defs[cipher]; |
1345 PORT_Assert(pwSpec->cipher_def->cipher == cipher); | 1370 PORT_Assert(pwSpec->cipher_def->cipher == cipher); |
1346 | 1371 |
1347 pwSpec->mac_def = &mac_defs[mac]; | 1372 pwSpec->mac_def = &mac_defs[mac]; |
(...skipping 705 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2053 case ssl_mac_sha: | 2078 case ssl_mac_sha: |
2054 pad_bytes = 40; | 2079 pad_bytes = 40; |
2055 hashObj = HASH_GetRawHashObject(HASH_AlgSHA1); | 2080 hashObj = HASH_GetRawHashObject(HASH_AlgSHA1); |
2056 break; | 2081 break; |
2057 case ssl_hmac_md5: /* used with TLS */ | 2082 case ssl_hmac_md5: /* used with TLS */ |
2058 hashObj = HASH_GetRawHashObject(HASH_AlgMD5); | 2083 hashObj = HASH_GetRawHashObject(HASH_AlgMD5); |
2059 break; | 2084 break; |
2060 case ssl_hmac_sha: /* used with TLS */ | 2085 case ssl_hmac_sha: /* used with TLS */ |
2061 hashObj = HASH_GetRawHashObject(HASH_AlgSHA1); | 2086 hashObj = HASH_GetRawHashObject(HASH_AlgSHA1); |
2062 break; | 2087 break; |
| 2088 case ssl_hmac_sha256: /* used with TLS */ |
| 2089 hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); |
| 2090 break; |
2063 default: | 2091 default: |
2064 break; | 2092 break; |
2065 } | 2093 } |
2066 if (!hashObj) { | 2094 if (!hashObj) { |
2067 PORT_Assert(0); | 2095 PORT_Assert(0); |
2068 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 2096 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
2069 return SECFailure; | 2097 return SECFailure; |
2070 } | 2098 } |
2071 | 2099 |
2072 if (!isTLS) { | 2100 if (!isTLS) { |
(...skipping 1437 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3510 if (!pwSpec->master_secret) { | 3538 if (!pwSpec->master_secret) { |
3511 PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); | 3539 PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); |
3512 return SECFailure; | 3540 return SECFailure; |
3513 } | 3541 } |
3514 /* | 3542 /* |
3515 * generate the key material | 3543 * generate the key material |
3516 */ | 3544 */ |
3517 key_material_params.ulMacSizeInBits = pwSpec->mac_size * BPB; | 3545 key_material_params.ulMacSizeInBits = pwSpec->mac_size * BPB; |
3518 key_material_params.ulKeySizeInBits = cipher_def->secret_key_size* BPB; | 3546 key_material_params.ulKeySizeInBits = cipher_def->secret_key_size* BPB; |
3519 key_material_params.ulIVSizeInBits = cipher_def->iv_size * BPB; | 3547 key_material_params.ulIVSizeInBits = cipher_def->iv_size * BPB; |
| 3548 if (cipher_def->type == type_block && |
| 3549 pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) { |
| 3550 /* Block ciphers in >= TLS 1.1 use a per-record, explicit IV. */ |
| 3551 key_material_params.ulIVSizeInBits = 0; |
| 3552 memset(pwSpec->client.write_iv, 0, cipher_def->iv_size); |
| 3553 memset(pwSpec->server.write_iv, 0, cipher_def->iv_size); |
| 3554 } |
3520 | 3555 |
3521 key_material_params.bIsExport = (CK_BBOOL)(kea_def->is_limited); | 3556 key_material_params.bIsExport = (CK_BBOOL)(kea_def->is_limited); |
3522 /* was: (CK_BBOOL)(cipher_def->keygen_mode != kg_strong); */ | 3557 /* was: (CK_BBOOL)(cipher_def->keygen_mode != kg_strong); */ |
3523 | 3558 |
3524 key_material_params.RandomInfo.pClientRandom = cr; | 3559 key_material_params.RandomInfo.pClientRandom = cr; |
3525 key_material_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; | 3560 key_material_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; |
3526 key_material_params.RandomInfo.pServerRandom = sr; | 3561 key_material_params.RandomInfo.pServerRandom = sr; |
3527 key_material_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; | 3562 key_material_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; |
3528 key_material_params.pReturnedKeyMaterial = &returnedKeys; | 3563 key_material_params.pReturnedKeyMaterial = &returnedKeys; |
3529 | 3564 |
(...skipping 8414 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
11944 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 11979 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
11945 } | 11980 } |
11946 } | 11981 } |
11947 | 11982 |
11948 ss->ssl3.initialized = PR_FALSE; | 11983 ss->ssl3.initialized = PR_FALSE; |
11949 | 11984 |
11950 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 11985 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
11951 } | 11986 } |
11952 | 11987 |
11953 /* End of ssl3con.c */ | 11988 /* End of ssl3con.c */ |
OLD | NEW |