Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(138)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslsock.c

Issue 166273026: Implement the encrypt-then-MAC TLS extension. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Remove nss_ssl_util.cc from the CL Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * vtables (and methods that call through them) for the 4 types of 2 * vtables (and methods that call through them) for the 4 types of
3 * SSLSockets supported. Only one type is still supported. 3 * SSLSockets supported. Only one type is still supported.
4 * Various other functions. 4 * Various other functions.
5 * 5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public 6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * License, v. 2.0. If a copy of the MPL was not distributed with this
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
9 #include "seccomon.h" 9 #include "seccomon.h"
10 #include "cert.h" 10 #include "cert.h"
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after
82 PR_FALSE, /* enableSessionTickets */ 82 PR_FALSE, /* enableSessionTickets */
83 PR_FALSE, /* enableDeflate */ 83 PR_FALSE, /* enableDeflate */
84 2, /* enableRenegotiation (default: requires extension) */ 84 2, /* enableRenegotiation (default: requires extension) */
85 PR_FALSE, /* requireSafeNegotiation */ 85 PR_FALSE, /* requireSafeNegotiation */
86 PR_FALSE, /* enableFalseStart */ 86 PR_FALSE, /* enableFalseStart */
87 PR_TRUE, /* cbcRandomIV */ 87 PR_TRUE, /* cbcRandomIV */
88 PR_FALSE, /* enableOCSPStapling */ 88 PR_FALSE, /* enableOCSPStapling */
89 PR_TRUE, /* enableNPN */ 89 PR_TRUE, /* enableNPN */
90 PR_FALSE, /* enableALPN */ 90 PR_FALSE, /* enableALPN */
91 PR_FALSE, /* enableSignedCertTimestamps */ 91 PR_FALSE, /* enableSignedCertTimestamps */
92 PR_FALSE /* enableFallbackSCSV */ 92 PR_FALSE, /* enableFallbackSCSV */
93 PR_FALSE /* enableEncryptThenMAC */
93 }; 94 };
94 95
95 /* 96 /*
96 * default range of enabled SSL/TLS protocols 97 * default range of enabled SSL/TLS protocols
97 */ 98 */
98 static SSLVersionRange versions_defaults_stream = { 99 static SSLVersionRange versions_defaults_stream = {
99 SSL_LIBRARY_VERSION_3_0, 100 SSL_LIBRARY_VERSION_3_0,
100 SSL_LIBRARY_VERSION_TLS_1_0 101 SSL_LIBRARY_VERSION_TLS_1_0
101 }; 102 };
102 103
(...skipping 687 matching lines...) Expand 10 before | Expand all | Expand 10 after
790 break; 791 break;
791 792
792 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: 793 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
793 ss->opt.enableSignedCertTimestamps = on; 794 ss->opt.enableSignedCertTimestamps = on;
794 break; 795 break;
795 796
796 case SSL_ENABLE_FALLBACK_SCSV: 797 case SSL_ENABLE_FALLBACK_SCSV:
797 ss->opt.enableFallbackSCSV = on; 798 ss->opt.enableFallbackSCSV = on;
798 break; 799 break;
799 800
801 case SSL_ENABLE_ENCRYPT_THEN_MAC:
802 ss->opt.enableEncryptThenMAC = on;
803 break;
804
800 default: 805 default:
801 PORT_SetError(SEC_ERROR_INVALID_ARGS); 806 PORT_SetError(SEC_ERROR_INVALID_ARGS);
802 rv = SECFailure; 807 rv = SECFailure;
803 } 808 }
804 809
805 /* We can't use the macros for releasing the locks here, 810 /* We can't use the macros for releasing the locks here,
806 * because ss->opt.noLocks might have changed just above. 811 * because ss->opt.noLocks might have changed just above.
807 * We must release these locks (monitors) here, if we aquired them above, 812 * We must release these locks (monitors) here, if we aquired them above,
808 * regardless of the current value of ss->opt.noLocks. 813 * regardless of the current value of ss->opt.noLocks.
809 */ 814 */
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
866 on = ss->opt.requireSafeNegotiation; break; 871 on = ss->opt.requireSafeNegotiation; break;
867 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; 872 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
868 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; 873 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
869 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; 874 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
870 case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break; 875 case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break;
871 case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break; 876 case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;
872 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: 877 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
873 on = ss->opt.enableSignedCertTimestamps; 878 on = ss->opt.enableSignedCertTimestamps;
874 break; 879 break;
875 case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; 880 case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
881 case SSL_ENABLE_ENCRYPT_THEN_MAC: on = ss->opt.enableEncryptThenMAC; break;
876 882
877 default: 883 default:
878 PORT_SetError(SEC_ERROR_INVALID_ARGS); 884 PORT_SetError(SEC_ERROR_INVALID_ARGS);
879 rv = SECFailure; 885 rv = SECFailure;
880 } 886 }
881 887
882 ssl_ReleaseSSL3HandshakeLock(ss); 888 ssl_ReleaseSSL3HandshakeLock(ss);
883 ssl_Release1stHandshakeLock(ss); 889 ssl_Release1stHandshakeLock(ss);
884 890
885 *pOn = on; 891 *pOn = on;
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
935 on = ssl_defaults.enableOCSPStapling; 941 on = ssl_defaults.enableOCSPStapling;
936 break; 942 break;
937 case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break; 943 case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break;
938 case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break; 944 case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break;
939 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: 945 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
940 on = ssl_defaults.enableSignedCertTimestamps; 946 on = ssl_defaults.enableSignedCertTimestamps;
941 break; 947 break;
942 case SSL_ENABLE_FALLBACK_SCSV: 948 case SSL_ENABLE_FALLBACK_SCSV:
943 on = ssl_defaults.enableFallbackSCSV; 949 on = ssl_defaults.enableFallbackSCSV;
944 break; 950 break;
951 case SSL_ENABLE_ENCRYPT_THEN_MAC:
952 on = ssl_defaults.enableEncryptThenMAC;
953 break;
945 954
946 default: 955 default:
947 PORT_SetError(SEC_ERROR_INVALID_ARGS); 956 PORT_SetError(SEC_ERROR_INVALID_ARGS);
948 rv = SECFailure; 957 rv = SECFailure;
949 } 958 }
950 959
951 *pOn = on; 960 *pOn = on;
952 return rv; 961 return rv;
953 } 962 }
954 963
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after
1118 break; 1127 break;
1119 1128
1120 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS: 1129 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
1121 ssl_defaults.enableSignedCertTimestamps = on; 1130 ssl_defaults.enableSignedCertTimestamps = on;
1122 break; 1131 break;
1123 1132
1124 case SSL_ENABLE_FALLBACK_SCSV: 1133 case SSL_ENABLE_FALLBACK_SCSV:
1125 ssl_defaults.enableFallbackSCSV = on; 1134 ssl_defaults.enableFallbackSCSV = on;
1126 break; 1135 break;
1127 1136
1137 case SSL_ENABLE_ENCRYPT_THEN_MAC:
1138 ssl_defaults.enableEncryptThenMAC = on;
1139 break;
1140
1128 default: 1141 default:
1129 PORT_SetError(SEC_ERROR_INVALID_ARGS); 1142 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1130 return SECFailure; 1143 return SECFailure;
1131 } 1144 }
1132 return SECSuccess; 1145 return SECSuccess;
1133 } 1146 }
1134 1147
1135 /* function tells us if the cipher suite is one that we no longer support. */ 1148 /* function tells us if the cipher suite is one that we no longer support. */
1136 static PRBool 1149 static PRBool
1137 ssl_IsRemovedCipherSuite(PRInt32 suite) 1150 ssl_IsRemovedCipherSuite(PRInt32 suite)
(...skipping 1981 matching lines...) Expand 10 before | Expand all | Expand 10 after
3119 loser: 3132 loser:
3120 ssl_DestroySocketContents(ss); 3133 ssl_DestroySocketContents(ss);
3121 ssl_DestroyLocks(ss); 3134 ssl_DestroyLocks(ss);
3122 PORT_Free(ss); 3135 PORT_Free(ss);
3123 ss = NULL; 3136 ss = NULL;
3124 } 3137 }
3125 } 3138 }
3126 return ss; 3139 return ss;
3127 } 3140 }
3128 3141
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698