OLD | NEW |
1 /* | 1 /* |
2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
4 * Various other functions. | 4 * Various other functions. |
5 * | 5 * |
6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
9 #include "seccomon.h" | 9 #include "seccomon.h" |
10 #include "cert.h" | 10 #include "cert.h" |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
82 PR_FALSE, /* enableSessionTickets */ | 82 PR_FALSE, /* enableSessionTickets */ |
83 PR_FALSE, /* enableDeflate */ | 83 PR_FALSE, /* enableDeflate */ |
84 2, /* enableRenegotiation (default: requires extension) */ | 84 2, /* enableRenegotiation (default: requires extension) */ |
85 PR_FALSE, /* requireSafeNegotiation */ | 85 PR_FALSE, /* requireSafeNegotiation */ |
86 PR_FALSE, /* enableFalseStart */ | 86 PR_FALSE, /* enableFalseStart */ |
87 PR_TRUE, /* cbcRandomIV */ | 87 PR_TRUE, /* cbcRandomIV */ |
88 PR_FALSE, /* enableOCSPStapling */ | 88 PR_FALSE, /* enableOCSPStapling */ |
89 PR_TRUE, /* enableNPN */ | 89 PR_TRUE, /* enableNPN */ |
90 PR_FALSE, /* enableALPN */ | 90 PR_FALSE, /* enableALPN */ |
91 PR_FALSE, /* enableSignedCertTimestamps */ | 91 PR_FALSE, /* enableSignedCertTimestamps */ |
92 PR_FALSE /* enableFallbackSCSV */ | 92 PR_FALSE, /* enableFallbackSCSV */ |
| 93 PR_FALSE /* enableEncryptThenMAC */ |
93 }; | 94 }; |
94 | 95 |
95 /* | 96 /* |
96 * default range of enabled SSL/TLS protocols | 97 * default range of enabled SSL/TLS protocols |
97 */ | 98 */ |
98 static SSLVersionRange versions_defaults_stream = { | 99 static SSLVersionRange versions_defaults_stream = { |
99 SSL_LIBRARY_VERSION_3_0, | 100 SSL_LIBRARY_VERSION_3_0, |
100 SSL_LIBRARY_VERSION_TLS_1_0 | 101 SSL_LIBRARY_VERSION_TLS_1_0 |
101 }; | 102 }; |
102 | 103 |
(...skipping 687 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
790 break; | 791 break; |
791 | 792 |
792 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: | 793 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
793 ss->opt.enableSignedCertTimestamps = on; | 794 ss->opt.enableSignedCertTimestamps = on; |
794 break; | 795 break; |
795 | 796 |
796 case SSL_ENABLE_FALLBACK_SCSV: | 797 case SSL_ENABLE_FALLBACK_SCSV: |
797 ss->opt.enableFallbackSCSV = on; | 798 ss->opt.enableFallbackSCSV = on; |
798 break; | 799 break; |
799 | 800 |
| 801 case SSL_ENABLE_ENCRYPT_THEN_MAC: |
| 802 ss->opt.enableEncryptThenMAC = on; |
| 803 break; |
| 804 |
800 default: | 805 default: |
801 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 806 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
802 rv = SECFailure; | 807 rv = SECFailure; |
803 } | 808 } |
804 | 809 |
805 /* We can't use the macros for releasing the locks here, | 810 /* We can't use the macros for releasing the locks here, |
806 * because ss->opt.noLocks might have changed just above. | 811 * because ss->opt.noLocks might have changed just above. |
807 * We must release these locks (monitors) here, if we aquired them above, | 812 * We must release these locks (monitors) here, if we aquired them above, |
808 * regardless of the current value of ss->opt.noLocks. | 813 * regardless of the current value of ss->opt.noLocks. |
809 */ | 814 */ |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
866 on = ss->opt.requireSafeNegotiation; break; | 871 on = ss->opt.requireSafeNegotiation; break; |
867 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; | 872 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; |
868 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; | 873 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; |
869 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; | 874 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; |
870 case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break; | 875 case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break; |
871 case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break; | 876 case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break; |
872 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: | 877 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
873 on = ss->opt.enableSignedCertTimestamps; | 878 on = ss->opt.enableSignedCertTimestamps; |
874 break; | 879 break; |
875 case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; | 880 case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; |
| 881 case SSL_ENABLE_ENCRYPT_THEN_MAC: on = ss->opt.enableEncryptThenMAC; break; |
876 | 882 |
877 default: | 883 default: |
878 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 884 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
879 rv = SECFailure; | 885 rv = SECFailure; |
880 } | 886 } |
881 | 887 |
882 ssl_ReleaseSSL3HandshakeLock(ss); | 888 ssl_ReleaseSSL3HandshakeLock(ss); |
883 ssl_Release1stHandshakeLock(ss); | 889 ssl_Release1stHandshakeLock(ss); |
884 | 890 |
885 *pOn = on; | 891 *pOn = on; |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
935 on = ssl_defaults.enableOCSPStapling; | 941 on = ssl_defaults.enableOCSPStapling; |
936 break; | 942 break; |
937 case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break; | 943 case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break; |
938 case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break; | 944 case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break; |
939 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: | 945 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
940 on = ssl_defaults.enableSignedCertTimestamps; | 946 on = ssl_defaults.enableSignedCertTimestamps; |
941 break; | 947 break; |
942 case SSL_ENABLE_FALLBACK_SCSV: | 948 case SSL_ENABLE_FALLBACK_SCSV: |
943 on = ssl_defaults.enableFallbackSCSV; | 949 on = ssl_defaults.enableFallbackSCSV; |
944 break; | 950 break; |
| 951 case SSL_ENABLE_ENCRYPT_THEN_MAC: |
| 952 on = ssl_defaults.enableEncryptThenMAC; |
| 953 break; |
945 | 954 |
946 default: | 955 default: |
947 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 956 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
948 rv = SECFailure; | 957 rv = SECFailure; |
949 } | 958 } |
950 | 959 |
951 *pOn = on; | 960 *pOn = on; |
952 return rv; | 961 return rv; |
953 } | 962 } |
954 | 963 |
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1118 break; | 1127 break; |
1119 | 1128 |
1120 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: | 1129 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: |
1121 ssl_defaults.enableSignedCertTimestamps = on; | 1130 ssl_defaults.enableSignedCertTimestamps = on; |
1122 break; | 1131 break; |
1123 | 1132 |
1124 case SSL_ENABLE_FALLBACK_SCSV: | 1133 case SSL_ENABLE_FALLBACK_SCSV: |
1125 ssl_defaults.enableFallbackSCSV = on; | 1134 ssl_defaults.enableFallbackSCSV = on; |
1126 break; | 1135 break; |
1127 | 1136 |
| 1137 case SSL_ENABLE_ENCRYPT_THEN_MAC: |
| 1138 ssl_defaults.enableEncryptThenMAC = on; |
| 1139 break; |
| 1140 |
1128 default: | 1141 default: |
1129 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1142 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1130 return SECFailure; | 1143 return SECFailure; |
1131 } | 1144 } |
1132 return SECSuccess; | 1145 return SECSuccess; |
1133 } | 1146 } |
1134 | 1147 |
1135 /* function tells us if the cipher suite is one that we no longer support. */ | 1148 /* function tells us if the cipher suite is one that we no longer support. */ |
1136 static PRBool | 1149 static PRBool |
1137 ssl_IsRemovedCipherSuite(PRInt32 suite) | 1150 ssl_IsRemovedCipherSuite(PRInt32 suite) |
(...skipping 1981 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3119 loser: | 3132 loser: |
3120 ssl_DestroySocketContents(ss); | 3133 ssl_DestroySocketContents(ss); |
3121 ssl_DestroyLocks(ss); | 3134 ssl_DestroyLocks(ss); |
3122 PORT_Free(ss); | 3135 PORT_Free(ss); |
3123 ss = NULL; | 3136 ss = NULL; |
3124 } | 3137 } |
3125 } | 3138 } |
3126 return ss; | 3139 return ss; |
3127 } | 3140 } |
3128 | 3141 |
OLD | NEW |