OLD | NEW |
1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h | 1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h |
2 index db09425..437a822 100644 | 2 index 3550580..70665a1 100644 |
3 --- a/lib/ssl/ssl.h | 3 --- a/lib/ssl/ssl.h |
4 +++ b/lib/ssl/ssl.h | 4 +++ b/lib/ssl/ssl.h |
5 @@ -387,6 +387,13 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd, | 5 @@ -387,6 +387,13 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd, |
6 */ | 6 */ |
7 SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled
); | 7 SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled
); |
8 | 8 |
9 +/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|, | 9 +/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|, |
10 + * which must be an array of cipher suite ids of length |len|. All the given | 10 + * which must be an array of cipher suite ids of length |len|. All the given |
11 + * cipher suite ids must appear in the array that is returned by | 11 + * cipher suite ids must appear in the array that is returned by |
12 + * |SSL_GetImplementedCiphers| and may only appear once, at most. */ | 12 + * |SSL_GetImplementedCiphers| and may only appear once, at most. */ |
13 +SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers
, | 13 +SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers
, |
14 + unsigned int len); | 14 + unsigned int len); |
15 + | 15 + |
16 /* SSLChannelBindingType enumerates the types of supported channel binding | 16 /* SSLChannelBindingType enumerates the types of supported channel binding |
17 * values. See RFC 5929. */ | 17 * values. See RFC 5929. */ |
18 typedef enum SSLChannelBindingType { | 18 typedef enum SSLChannelBindingType { |
19 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c | 19 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c |
20 index 5c09f25..572bba9 100644 | 20 index d7d186a..b100b9b 100644 |
21 --- a/lib/ssl/ssl3con.c | 21 --- a/lib/ssl/ssl3con.c |
22 +++ b/lib/ssl/ssl3con.c | 22 +++ b/lib/ssl/ssl3con.c |
23 @@ -13390,6 +13390,46 @@ SSL_SignatureMaxCount() { | 23 @@ -13797,6 +13797,46 @@ SSL_SignatureMaxCount() |
24 return MAX_SIGNATURE_ALGORITHMS; | 24 return MAX_SIGNATURE_ALGORITHMS; |
25 } | 25 } |
26 | 26 |
27 +SECStatus | 27 +SECStatus |
28 +ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphers, unsigned int
len) | 28 +ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphers, unsigned int
len) |
29 +{ | 29 +{ |
30 + /* |i| iterates over |ciphers| while |done| and |j| iterate over | 30 + /* |i| iterates over |ciphers| while |done| and |j| iterate over |
31 + * |ss->cipherSuites|. */ | 31 + * |ss->cipherSuites|. */ |
32 + unsigned int i, done; | 32 + unsigned int i, done; |
33 + | 33 + |
34 + for (i = done = 0; i < len; i++) { | 34 + for (i = done = 0; i < len; i++) { |
35 +» PRUint16 id = ciphers[i]; | 35 + PRUint16 id = ciphers[i]; |
36 +» unsigned int existingIndex, j; | 36 + unsigned int existingIndex, j; |
37 +» PRBool found = PR_FALSE; | 37 + PRBool found = PR_FALSE; |
38 + | 38 + |
39 +» for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) { | 39 + for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
40 +» if (ss->cipherSuites[j].cipher_suite == id) { | 40 + if (ss->cipherSuites[j].cipher_suite == id) { |
41 +» » existingIndex = j; | 41 + existingIndex = j; |
42 +» » found = PR_TRUE; | 42 + found = PR_TRUE; |
43 +» » break; | 43 + break; |
44 +» } | 44 + } |
45 +» } | 45 + } |
46 + | 46 + |
47 +» if (!found) { | 47 + if (!found) { |
48 +» continue; | 48 + continue; |
49 +» } | 49 + } |
50 + | 50 + |
51 +» if (existingIndex != done) { | 51 + if (existingIndex != done) { |
52 +» const ssl3CipherSuiteCfg temp = ss->cipherSuites[done]; | 52 + const ssl3CipherSuiteCfg temp = ss->cipherSuites[done]; |
53 +» ss->cipherSuites[done] = ss->cipherSuites[existingIndex]; | 53 + ss->cipherSuites[done] = ss->cipherSuites[existingIndex]; |
54 +» ss->cipherSuites[existingIndex] = temp; | 54 + ss->cipherSuites[existingIndex] = temp; |
55 +» } | 55 + } |
56 +» done++; | 56 + done++; |
57 + } | 57 + } |
58 + | 58 + |
59 + /* Disable all cipher suites that weren't included. */ | 59 + /* Disable all cipher suites that weren't included. */ |
60 + for (; done < ssl_V3_SUITES_IMPLEMENTED; done++) { | 60 + for (; done < ssl_V3_SUITES_IMPLEMENTED; done++) { |
61 +» ss->cipherSuites[done].enabled = 0; | 61 + ss->cipherSuites[done].enabled = 0; |
62 + } | 62 + } |
63 + | 63 + |
64 + return SECSuccess; | 64 + return SECSuccess; |
65 +} | 65 +} |
66 + | 66 + |
67 /* copy global default policy into socket. */ | 67 /* copy global default policy into socket. */ |
68 void | 68 void |
69 ssl3_InitSocketPolicy(sslSocket *ss) | 69 ssl3_InitSocketPolicy(sslSocket *ss) |
70 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h | 70 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h |
71 index 080debe..3403091 100644 | 71 index c0e3a0b..f56ab53 100644 |
72 --- a/lib/ssl/sslimpl.h | 72 --- a/lib/ssl/sslimpl.h |
73 +++ b/lib/ssl/sslimpl.h | 73 +++ b/lib/ssl/sslimpl.h |
74 @@ -1786,6 +1786,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3Cip
herSuite which, PRBool | 74 @@ -1835,6 +1835,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3Cip
herSuite which, PRBool |
75 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBoo
l *on); | 75 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBoo
l *on); |
76 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enable
d); | 76 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enable
d); |
77 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabl
ed); | 77 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabl
ed); |
78 +extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciph
er, | 78 +extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciph
er, |
79 +» » » » unsigned int len); | 79 + unsigned int len); |
80 | 80 |
81 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); | 81 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); |
82 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); | 82 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); |
83 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c | 83 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c |
84 index 28e3543..8ad1517 100644 | 84 index e312d82..e82c916 100644 |
85 --- a/lib/ssl/sslsock.c | 85 --- a/lib/ssl/sslsock.c |
86 +++ b/lib/ssl/sslsock.c | 86 +++ b/lib/ssl/sslsock.c |
87 @@ -1369,6 +1369,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool e
nabled) | 87 @@ -1500,6 +1500,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool e
nabled) |
88 } | 88 } |
89 | 89 |
90 SECStatus | 90 SECStatus |
91 +SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len) | 91 +SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len) |
92 +{ | 92 +{ |
93 + sslSocket *ss = ssl_FindSocket(fd); | 93 + sslSocket *ss = ssl_FindSocket(fd); |
94 + | 94 + |
95 + if (!ss) { | 95 + if (!ss) { |
96 +» SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(), | 96 + SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(), |
97 +» » fd)); | 97 + fd)); |
98 +» return SECFailure; | 98 + return SECFailure; |
99 + } | 99 + } |
100 + return ssl3_CipherOrderSet(ss, ciphers, len); | 100 + return ssl3_CipherOrderSet(ss, ciphers, len); |
101 +} | 101 +} |
102 + | 102 + |
103 +SECStatus | 103 +SECStatus |
104 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled) | 104 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled) |
105 { | 105 { |
106 SECStatus rv; | 106 SECStatus rv; |
OLD | NEW |