Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1532)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslinfo.c

Issue 1844813002: Uprev NSS to 3.23 on iOS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: One more GN fix Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslinit.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 #include "ssl.h" 4 #include "ssl.h"
5 #include "sslimpl.h" 5 #include "sslimpl.h"
6 #include "sslproto.h" 6 #include "sslproto.h"
7 7
8 static const char * 8 static const char *
9 ssl_GetCompressionMethodName(SSLCompressionMethod compression) 9 ssl_GetCompressionMethodName(SSLCompressionMethod compression)
10 { 10 {
11 switch (compression) { 11 switch (compression) {
12 case ssl_compression_null: 12 case ssl_compression_null:
13 » return "NULL"; 13 return "NULL";
14 #ifdef NSS_ENABLE_ZLIB 14 #ifdef NSS_ENABLE_ZLIB
15 case ssl_compression_deflate: 15 case ssl_compression_deflate:
16 » return "DEFLATE"; 16 return "DEFLATE";
17 #endif 17 #endif
18 default: 18 default:
19 » return "???"; 19 return "???";
20 } 20 }
21 } 21 }
22 22
23 SECStatus 23 SECStatus
24 SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) 24 SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
25 { 25 {
26 sslSocket * ss; 26 sslSocket *ss;
27 SSLChannelInfo inf; 27 SSLChannelInfo inf;
28 sslSessionID * sid; 28 sslSessionID *sid;
29 29
30 if (!info || len < sizeof inf.length) { 30 /* Check if we can properly return the length of data written and that
31 » PORT_SetError(SEC_ERROR_INVALID_ARGS); 31 * we're not asked to return more information than we know how to provide.
32 » return SECFailure; 32 */
33 if (!info || len < sizeof inf.length || len > sizeof inf) {
34 PORT_SetError(SEC_ERROR_INVALID_ARGS);
35 return SECFailure;
33 } 36 }
34 37
35 ss = ssl_FindSocket(fd); 38 ss = ssl_FindSocket(fd);
36 if (!ss) { 39 if (!ss) {
37 » SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo", 40 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo",
38 » » SSL_GETPID(), fd)); 41 SSL_GETPID(), fd));
39 » return SECFailure; 42 return SECFailure;
40 } 43 }
41 44
42 memset(&inf, 0, sizeof inf); 45 memset(&inf, 0, sizeof inf);
43 inf.length = PR_MIN(sizeof inf, len); 46 inf.length = PR_MIN(sizeof inf, len);
44 47
45 if (ss->opt.useSecurity && ss->enoughFirstHsDone) { 48 if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
46 sid = ss->sec.ci.sid; 49 sid = ss->sec.ci.sid;
47 » inf.protocolVersion = ss->version; 50 inf.protocolVersion = ss->version;
48 » inf.authKeyBits = ss->sec.authKeyBits; 51 inf.authKeyBits = ss->sec.authKeyBits;
49 » inf.keaKeyBits = ss->sec.keaKeyBits; 52 inf.keaKeyBits = ss->sec.keaKeyBits;
50 » if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ 53 if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
51 » inf.cipherSuite = ss->sec.cipherType | 0xff00; 54 inf.cipherSuite = ss->sec.cipherType | 0xff00;
52 » inf.compressionMethod = ssl_compression_null; 55 inf.compressionMethod = ssl_compression_null;
53 » inf.compressionMethodName = "N/A"; 56 inf.compressionMethodName = "N/A";
54 » } else if (ss->ssl3.initialized) { » /* SSL3 and TLS */ 57 } else if (ss->ssl3.initialized) { /* SSL3 and TLS */
55 » ssl_GetSpecReadLock(ss); 58 ssl_GetSpecReadLock(ss);
56 » /* XXX The cipher suite should be in the specs and this 59 /* XXX The cipher suite should be in the specs and this
57 » * function should get it from cwSpec rather than from the "hs". 60 * function should get it from cwSpec rather than from the "hs".
58 » * See bug 275744 comment 69 and bug 766137. 61 * See bug 275744 comment 69 and bug 766137.
59 » */ 62 */
60 » inf.cipherSuite = ss->ssl3.hs.cipher_suite; 63 inf.cipherSuite = ss->ssl3.hs.cipher_suite;
61 » inf.compressionMethod = ss->ssl3.cwSpec->compression_method; 64 inf.compressionMethod = ss->ssl3.cwSpec->compression_method;
62 » ssl_ReleaseSpecReadLock(ss); 65 ssl_ReleaseSpecReadLock(ss);
63 » inf.compressionMethodName = 66 inf.compressionMethodName =
64 » » ssl_GetCompressionMethodName(inf.compressionMethod); 67 ssl_GetCompressionMethodName(inf.compressionMethod);
65 » } 68 }
66 » if (sid) { 69 if (sid) {
67 » inf.creationTime = sid->creationTime; 70 inf.creationTime = sid->creationTime;
68 » inf.lastAccessTime = sid->lastAccessTime; 71 inf.lastAccessTime = sid->lastAccessTime;
69 » inf.expirationTime = sid->expirationTime; 72 inf.expirationTime = sid->expirationTime;
70 inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecret Used; 73 inf.extendedMasterSecretUsed =
74 (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ||
75 sid->u.ssl3.keys.extendedMasterSecretUsed)
76 ? PR_TRUE
77 : PR_FALSE;
71 78
72 » if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ 79 if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
73 » inf.sessionIDLength = SSL2_SESSIONID_BYTES; 80 inf.sessionIDLength = SSL2_SESSIONID_BYTES;
74 » » memcpy(inf.sessionID, sid->u.ssl2.sessionID, 81 memcpy(inf.sessionID, sid->u.ssl2.sessionID,
75 » » SSL2_SESSIONID_BYTES); 82 SSL2_SESSIONID_BYTES);
76 » } else { 83 } else {
77 » » unsigned int sidLen = sid->u.ssl3.sessionIDLength; 84 unsigned int sidLen = sid->u.ssl3.sessionIDLength;
78 » sidLen = PR_MIN(sidLen, sizeof inf.sessionID); 85 sidLen = PR_MIN(sidLen, sizeof inf.sessionID);
79 » inf.sessionIDLength = sidLen; 86 inf.sessionIDLength = sidLen;
80 » » memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen); 87 memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen);
81 » } 88 }
82 » } 89 }
83 } 90 }
84 91
85 memcpy(info, &inf, inf.length); 92 memcpy(info, &inf, inf.length);
86 93
87 return SECSuccess; 94 return SECSuccess;
88 } 95 }
89 96
90 SECStatus 97 SECStatus
91 SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, 98 SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
92 SSLPreliminaryChannelInfo *info, 99 SSLPreliminaryChannelInfo *info,
93 PRUintn len) 100 PRUintn len)
94 { 101 {
95 sslSocket *ss; 102 sslSocket *ss;
96 SSLPreliminaryChannelInfo inf; 103 SSLPreliminaryChannelInfo inf;
97 104
98 if (!info || len < sizeof inf.length) { 105 /* Check if we can properly return the length of data written and that
106 * we're not asked to return more information than we know how to provide.
107 */
108 if (!info || len < sizeof inf.length || len > sizeof inf) {
99 PORT_SetError(SEC_ERROR_INVALID_ARGS); 109 PORT_SetError(SEC_ERROR_INVALID_ARGS);
100 return SECFailure; 110 return SECFailure;
101 } 111 }
102 112
103 ss = ssl_FindSocket(fd); 113 ss = ssl_FindSocket(fd);
104 if (!ss) { 114 if (!ss) {
105 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo", 115 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo",
106 SSL_GETPID(), fd)); 116 SSL_GETPID(), fd));
107 return SECFailure; 117 return SECFailure;
108 } 118 }
109 119
110 if (ss->version < SSL_LIBRARY_VERSION_3_0) { 120 if (ss->version < SSL_LIBRARY_VERSION_3_0) {
111 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION); 121 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
112 return SECFailure; 122 return SECFailure;
113 } 123 }
114 124
115 memset(&inf, 0, sizeof(inf)); 125 memset(&inf, 0, sizeof(inf));
116 inf.length = PR_MIN(sizeof(inf), len); 126 inf.length = PR_MIN(sizeof(inf), len);
117 127
118 inf.valuesSet = ss->ssl3.hs.preliminaryInfo; 128 inf.valuesSet = ss->ssl3.hs.preliminaryInfo;
119 inf.protocolVersion = ss->version; 129 inf.protocolVersion = ss->version;
120 inf.cipherSuite = ss->ssl3.hs.cipher_suite; 130 inf.cipherSuite = ss->ssl3.hs.cipher_suite;
121 131
122 memcpy(info, &inf, inf.length); 132 memcpy(info, &inf, inf.length);
123 return SECSuccess; 133 return SECSuccess;
124 } 134 }
125 135
126
127 #define CS(x) x, #x 136 #define CS(x) x, #x
128 #define CK(x) x | 0xff00, #x 137 #define CK(x) x | 0xff00, #x
129 138
130 #define S_DSA "DSA", ssl_auth_dsa 139 #define S_DSA "DSA", ssl_auth_dsa
131 #define S_RSA» "RSA", ssl_auth_rsa 140 #define S_RSA "RSA", ssl_auth_rsa
132 #define S_KEA "KEA", ssl_auth_kea 141 #define S_KEA "KEA", ssl_auth_kea
133 #define S_ECDSA "ECDSA", ssl_auth_ecdsa 142 #define S_ECDSA "ECDSA", ssl_auth_ecdsa
134 143
135 #define K_DHE» "DHE", kt_dh 144 #define K_DHE "DHE", kt_dh
136 #define K_RSA» "RSA", kt_rsa 145 #define K_RSA "RSA", kt_rsa
137 #define K_KEA» "KEA", kt_kea 146 #define K_KEA "KEA", kt_kea
138 #define K_ECDH» "ECDH", kt_ecdh 147 #define K_ECDH "ECDH", kt_ecdh
139 #define K_ECDHE»"ECDHE", kt_ecdh 148 #define K_ECDHE "ECDHE", kt_ecdh
140 149
141 #define C_SEED »"SEED", calg_seed 150 #define C_SEED "SEED", calg_seed
142 #define C_CAMELLIA "CAMELLIA", calg_camellia 151 #define C_CAMELLIA "CAMELLIA", calg_camellia
143 #define C_AES» "AES", calg_aes 152 #define C_AES "AES", calg_aes
144 #define C_RC4» "RC4", calg_rc4 153 #define C_RC4 "RC4", calg_rc4
145 #define C_RC2» "RC2", calg_rc2 154 #define C_RC2 "RC2", calg_rc2
146 #define C_DES» "DES", calg_des 155 #define C_DES "DES", calg_des
147 #define C_3DES» "3DES", calg_3des 156 #define C_3DES "3DES", calg_3des
148 #define C_NULL "NULL", calg_null 157 #define C_NULL "NULL", calg_null
149 #define C_SJ » "SKIPJACK", calg_sj 158 #define C_SJ "SKIPJACK", calg_sj
150 #define C_AESGCM "AES-GCM", calg_aes_gcm 159 #define C_AESGCM "AES-GCM", calg_aes_gcm
151 #define C_CHACHA20 "CHACHA20POLY1305", calg_chacha20 160 #define C_CHACHA20 "CHACHA20POLY1305", calg_chacha20
152 161
153 #define B_256» 256, 256, 256 162 #define B_256 256, 256, 256
154 #define B_128» 128, 128, 128 163 #define B_128 128, 128, 128
155 #define B_3DES 192, 156, 112 164 #define B_3DES 192, 156, 112
156 #define B_SJ 96, 80, 80 165 #define B_SJ 96, 80, 80
157 #define B_DES 64, 56, 56 166 #define B_DES 64, 56, 56
158 #define B_56 128, 56, 56 167 #define B_56 128, 56, 56
159 #define B_40 128, 40, 40 168 #define B_40 128, 40, 40
160 #define B_0 » 0, 0, 0 169 #define B_0 0, 0, 0
161 170
162 #define M_AEAD_128 "AEAD", ssl_mac_aead, 128 171 #define M_AEAD_128 "AEAD", ssl_mac_aead, 128
163 #define M_SHA256 "SHA256", ssl_hmac_sha256, 256 172 #define M_SHA256 "SHA256", ssl_hmac_sha256, 256
164 #define M_SHA» "SHA1", ssl_mac_sha, 160 173 #define M_SHA "SHA1", ssl_mac_sha, 160
165 #define M_MD5» "MD5", ssl_mac_md5, 128 174 #define M_MD5 "MD5", ssl_mac_md5, 128
166 #define M_NULL» "NULL", ssl_mac_null, 0 175 #define M_NULL "NULL", ssl_mac_null, 0
167 176
177 /* clang-format off */
168 static const SSLCipherSuiteInfo suiteInfo[] = { 178 static const SSLCipherSuiteInfo suiteInfo[] = {
169 /* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC> <FIPS> */ 179 /* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <M AC> <FIPS> */
170 {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_A EAD_128, 1, 0, 0, }, 180 {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0 },
171 181 {0,CS(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_DHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 },
172 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M _SHA, 0, 0, 0, }, 182
173 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M _SHA, 0, 0, 0, }, 183 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_25 6, M_SHA, 0, 0, 0 },
174 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA2 56, 1, 0, 0, }, 184 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_25 6, M_SHA, 0, 0, 0 },
175 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, 185 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_ SHA256, 1, 0, 0 },
176 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, 186 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_ SHA, 1, 0, 0 },
177 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA2 56, 1, 0, 0, }, 187 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_ SHA, 1, 0, 0 },
178 {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M _SHA, 0, 0, 0, }, 188 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_ SHA256, 1, 0, 0 },
179 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA2 56, 1, 0, 0, }, 189 {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_25 6, M_SHA, 0, 0, 0 },
180 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, }, 190 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_ SHA256, 1, 0, 0 },
181 191 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_ SHA, 1, 0, 0 },
182 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M _SHA, 0, 0, 0, }, 192
183 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M _SHA, 0, 0, 0, }, 193 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_12 8, M_SHA, 0, 0, 0 },
184 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, }, 194 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_12 8, M_SHA, 0, 0, 0 },
185 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA2 56, 1, 0, 0, }, 195 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_ SHA, 0, 0, 0 },
186 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_A EAD_128, 1, 0, 0, }, 196 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_ SHA256, 1, 0, 0 },
187 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, 197 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0 },
188 {0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_A EAD_128, 1, 0, 0, }, 198 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_ SHA, 1, 0, 0 },
189 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, 199 {0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0 },
190 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA2 56, 1, 0, 0, }, 200 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_ SHA, 1, 0, 0 },
191 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, }, 201 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_ SHA256, 1, 0, 0 },
192 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M _SHA, 0, 0, 0, }, 202 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_ SHA, 1, 0, 0 },
193 {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, 203 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_12 8, M_SHA, 0, 0, 0 },
194 {0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, 204 {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_ SHA, 0, 0, 0 },
195 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA2 56, 1, 0, 0, }, 205 {0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_ MD5, 0, 0, 0 },
196 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, }, 206 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_ SHA256, 1, 0, 0 },
197 207 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_ SHA, 1, 0, 0 },
198 {0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, 208
199 {0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, 209 {0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_ SHA, 1, 0, 0 },
200 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, }, 210 {0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_ SHA, 1, 0, 0 },
201 {0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, 211 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_ SHA, 1, 0, 1 },
202 212 {0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_ SHA, 1, 0, 0 },
203 {0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, 213
204 {0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, 214 {0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_ SHA, 0, 0, 0 },
205 {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, }, 215 {0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_ SHA, 0, 0, 0 },
206 {0,CS(TLS_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, }, 216 {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_ SHA, 0, 0, 1 },
207 217 {0,CS(TLS_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_ SHA, 0, 0, 0 },
208 {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA, 0, 1, 0, }, 218
209 {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, }, 219 {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_ SHA, 0, 1, 0 },
210 {0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, }, 220 {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_ SHA, 0, 1, 0 },
211 {0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, }, 221 {0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_ MD5, 0, 1, 0 },
212 {0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA2 56, 0, 1, 0, }, 222 {0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_ MD5, 0, 1, 0 },
213 {0,CS(TLS_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, }, 223 {0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_ SHA256, 0, 1, 0 },
214 {0,CS(TLS_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, }, 224 {0,CS(TLS_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_ SHA, 0, 1, 0 },
215 225 {0,CS(TLS_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_ MD5, 0, 1, 0 },
216 #ifndef NSS_DISABLE_ECC 226
217 /* ECC cipher suites */ 227 #ifndef NSS_DISABLE_ECC
218 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M _AEAD_128, 1, 0, 0, }, 228 /* ECC cipher suites */
219 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_12 8, M_AEAD_128, 1, 0, 0, }, 229 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_12 8, M_AEAD_128, 1, 0, 0 },
220 230 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0 },
221 {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SH A, 0, 0, 0, }, 231
222 {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_S HA, 0, 0, 0, }, 232 {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0 },
223 {0,CS(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDH, C_3DES, B_3DES, M _SHA, 1, 0, 0, }, 233 {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0 },
224 {0,CS(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_128, M_S HA, 1, 0, 0, }, 234 {0,CS(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDH, C_3DES, B_3DE S, M_SHA, 1, 0, 0 },
225 {0,CS(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_256, M_S HA, 1, 0, 0, }, 235 {0,CS(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0 },
226 236 {0,CS(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0 },
227 {0,CS(TLS_ECDHE_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDHE, C_NULL, B_0, M_S HA, 0, 0, 0, }, 237
228 {0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128, M_ SHA, 0, 0, 0, }, 238 {0,CS(TLS_ECDHE_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0 },
229 {0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, }, 239 {0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128 , M_SHA, 0, 0, 0 },
230 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_ SHA, 1, 0, 0, }, 240 {0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3D ES, M_SHA, 1, 0, 0 },
231 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, 241 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128 , M_SHA, 1, 0, 0 },
232 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_ SHA, 1, 0, 0, }, 242 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_1 28, M_SHA256, 1, 0, 0 },
233 {0,CS(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305),S_ECDSA,K_ECDHE,C_CHACHA20,B_256,M _AEAD_128,0, 0, 0, }, 243 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256 , M_SHA, 1, 0, 0 },
234 244 {0,CS(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), S_ECDSA, K_ECDHE, C_CH ACHA20, B_256, M_AEAD_128, 0, 0, 0 },
235 {0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, }, 245
236 {0,CS(TLS_ECDH_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDH, C_RC4, B_128, M_SHA , 0, 0, 0, }, 246 {0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_ SHA, 0, 0, 0 },
237 {0,CS(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDH, C_3DES, B_3DES, M_S HA, 1, 0, 0, }, 247 {0,CS(TLS_ECDH_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDH, C_RC4, B_128, M _SHA, 0, 0, 0 },
238 {0,CS(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDH, C_AES, B_128, M_SHA , 1, 0, 0, }, 248 {0,CS(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0 },
239 {0,CS(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDH, C_AES, B_256, M_SHA , 1, 0, 0, }, 249 {0,CS(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDH, C_AES, B_128, M _SHA, 1, 0, 0 },
240 {0,CS(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305), S_RSA,K_ECDHE,C_CHACHA20,B_256,M_A EAD_128, 0, 0, 0, }, 250 {0,CS(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDH, C_AES, B_256, M _SHA, 1, 0, 0 },
241 251
242 {0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA , 0, 0, 0, }, 252 {0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M _SHA, 0, 0, 0 },
243 {0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SH A, 0, 0, 0, }, 253 {0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0 },
244 {0,CS(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDHE, C_3DES, B_3DES, M_ SHA, 1, 0, 0, }, 254 {0,CS(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDHE, C_3DES, B_3DES , M_SHA, 1, 0, 0 },
245 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SH A, 1, 0, 0, }, 255 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0 },
246 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SH A256, 1, 0, 0, }, 256 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0 },
247 {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SH A, 1, 0, 0, }, 257 {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0 },
248 #endif /* NSS_DISABLE_ECC */ 258 {0,CS(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_ECDHE, C_CHACHA 20, B_256, M_AEAD_128, 0, 0, 0 },
249 259 #endif /* NSS_DISABLE_ECC */
250 /* SSL 2 table */ 260
251 {0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, 261 /* SSL 2 table */
252 {0,CK(SSL_CK_RC2_128_CBC_WITH_MD5), S_RSA, K_RSA, C_RC2, B_128, M_MD5, 0, 0, 0, }, 262 {0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_ MD5, 0, 0, 0 },
253 {0,CK(SSL_CK_DES_192_EDE3_CBC_WITH_MD5), S_RSA, K_RSA, C_3DES,B_3DES,M_MD5, 0, 0, 0, }, 263 {0,CK(SSL_CK_RC2_128_CBC_WITH_MD5), S_RSA, K_RSA, C_RC2, B_128, M_ MD5, 0, 0, 0 },
254 {0,CK(SSL_CK_DES_64_CBC_WITH_MD5), S_RSA, K_RSA, C_DES, B_DES, M_MD5, 0, 0, 0, }, 264 {0,CK(SSL_CK_DES_192_EDE3_CBC_WITH_MD5), S_RSA, K_RSA, C_3DES,B_3DES,M_ MD5, 0, 0, 0 },
255 {0,CK(SSL_CK_RC4_128_EXPORT40_WITH_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, }, 265 {0,CK(SSL_CK_DES_64_CBC_WITH_MD5), S_RSA, K_RSA, C_DES, B_DES, M_ MD5, 0, 0, 0 },
256 {0,CK(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, } 266 {0,CK(SSL_CK_RC4_128_EXPORT40_WITH_MD5), S_RSA, K_RSA, C_RC4, B_40, M_ MD5, 0, 1, 0 },
267 {0,CK(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5), S_RSA, K_RSA, C_RC2, B_40, M_ MD5, 0, 1, 0 }
257 }; 268 };
269 /* clang-format on */
258 270
259 #define NUM_SUITEINFOS ((sizeof suiteInfo) / (sizeof suiteInfo[0])) 271 #define NUM_SUITEINFOS ((sizeof suiteInfo) / (sizeof suiteInfo[0]))
260 272
261 273 SECStatus
262 SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, 274 SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
263 SSLCipherSuiteInfo *info, PRUintn len) 275 SSLCipherSuiteInfo *info, PRUintn len)
264 { 276 {
265 unsigned int i; 277 unsigned int i;
266 278
279 /* Check if we can properly return the length of data written and that
280 * we're not asked to return more information than we know how to provide.
281 */
282 if (!info || len < sizeof suiteInfo[0].length ||
283 len > sizeof suiteInfo[0]) {
284 PORT_SetError(SEC_ERROR_INVALID_ARGS);
285 return SECFailure;
286 }
267 len = PR_MIN(len, sizeof suiteInfo[0]); 287 len = PR_MIN(len, sizeof suiteInfo[0]);
268 if (!info || len < sizeof suiteInfo[0].length) {
269 PORT_SetError(SEC_ERROR_INVALID_ARGS);
270 return SECFailure;
271 }
272 for (i = 0; i < NUM_SUITEINFOS; i++) { 288 for (i = 0; i < NUM_SUITEINFOS; i++) {
273 » if (suiteInfo[i].cipherSuite == cipherSuite) { 289 if (suiteInfo[i].cipherSuite == cipherSuite) {
274 » memcpy(info, &suiteInfo[i], len); 290 memcpy(info, &suiteInfo[i], len);
275 » info->length = len; 291 info->length = len;
276 » return SECSuccess; 292 return SECSuccess;
277 » } 293 }
278 } 294 }
279 PORT_SetError(SEC_ERROR_INVALID_ARGS); 295 PORT_SetError(SEC_ERROR_INVALID_ARGS);
280 return SECFailure; 296 return SECFailure;
281 } 297 }
282 298
283 /* This function might be a candidate to be public. 299 /* This function might be a candidate to be public.
284 * Disables all export ciphers in the default set of enabled ciphers. 300 * Disables all export ciphers in the default set of enabled ciphers.
285 */ 301 */
286 SECStatus 302 SECStatus
287 SSL_DisableDefaultExportCipherSuites(void) 303 SSL_DisableDefaultExportCipherSuites(void)
288 { 304 {
289 const SSLCipherSuiteInfo * pInfo = suiteInfo; 305 const SSLCipherSuiteInfo *pInfo = suiteInfo;
290 unsigned int i; 306 unsigned int i;
291 307
292 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { 308 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
293 » if (pInfo->isExportable) { 309 if (pInfo->isExportable) {
294 » PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FA LSE)); 310 PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FA LSE));
295 » } 311 }
296 } 312 }
297 return SECSuccess; 313 return SECSuccess;
298 } 314 }
299 315
300 /* This function might be a candidate to be public, 316 /* This function might be a candidate to be public,
301 * except that it takes an sslSocket pointer as an argument. 317 * except that it takes an sslSocket pointer as an argument.
302 * A Public version would take a PRFileDesc pointer. 318 * A Public version would take a PRFileDesc pointer.
303 * Disables all export ciphers in the default set of enabled ciphers. 319 * Disables all export ciphers in the default set of enabled ciphers.
304 */ 320 */
305 SECStatus 321 SECStatus
306 SSL_DisableExportCipherSuites(PRFileDesc * fd) 322 SSL_DisableExportCipherSuites(PRFileDesc *fd)
307 { 323 {
308 const SSLCipherSuiteInfo * pInfo = suiteInfo; 324 const SSLCipherSuiteInfo *pInfo = suiteInfo;
309 unsigned int i; 325 unsigned int i;
310 326
311 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { 327 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
312 » if (pInfo->isExportable) { 328 if (pInfo->isExportable) {
313 » PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE )); 329 PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE ));
314 » } 330 }
315 } 331 }
316 return SECSuccess; 332 return SECSuccess;
317 } 333 }
318 334
319 /* Tells us if the named suite is exportable 335 /* Tells us if the named suite is exportable
320 * returns false for unknown suites. 336 * returns false for unknown suites.
321 */ 337 */
322 PRBool 338 PRBool
323 SSL_IsExportCipherSuite(PRUint16 cipherSuite) 339 SSL_IsExportCipherSuite(PRUint16 cipherSuite)
324 { 340 {
325 unsigned int i; 341 unsigned int i;
326 for (i = 0; i < NUM_SUITEINFOS; i++) { 342 for (i = 0; i < NUM_SUITEINFOS; i++) {
327 » if (suiteInfo[i].cipherSuite == cipherSuite) { 343 if (suiteInfo[i].cipherSuite == cipherSuite) {
328 » return (PRBool)(suiteInfo[i].isExportable); 344 return (PRBool)(suiteInfo[i].isExportable);
329 » } 345 }
330 } 346 }
331 return PR_FALSE; 347 return PR_FALSE;
332 } 348 }
333 349
334 SECItem* 350 SECItem *
335 SSL_GetNegotiatedHostInfo(PRFileDesc *fd) 351 SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
336 { 352 {
337 SECItem *sniName = NULL; 353 SECItem *sniName = NULL;
338 sslSocket *ss; 354 sslSocket *ss;
339 char *name = NULL; 355 char *name = NULL;
340 356
341 ss = ssl_FindSocket(fd); 357 ss = ssl_FindSocket(fd);
342 if (!ss) { 358 if (!ss) {
343 » SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo", 359 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo",
344 » » SSL_GETPID(), fd)); 360 SSL_GETPID(), fd));
345 » return NULL; 361 return NULL;
346 } 362 }
347 363
348 if (ss->sec.isServer) { 364 if (ss->sec.isServer) {
349 if (ss->version > SSL_LIBRARY_VERSION_3_0 && 365 if (ss->version > SSL_LIBRARY_VERSION_3_0 &&
350 ss->ssl3.initialized) { /* TLS */ 366 ss->ssl3.initialized) { /* TLS */
351 SECItem *crsName; 367 SECItem *crsName;
352 ssl_GetSpecReadLock(ss); /*********************************/ 368 ssl_GetSpecReadLock(ss); /*********************************/
353 crsName = &ss->ssl3.cwSpec->srvVirtName; 369 crsName = &ss->ssl3.cwSpec->srvVirtName;
354 if (crsName->data) { 370 if (crsName->data) {
355 sniName = SECITEM_DupItem(crsName); 371 sniName = SECITEM_DupItem(crsName);
356 } 372 }
357 ssl_ReleaseSpecReadLock(ss); /*----------------------------*/ 373 ssl_ReleaseSpecReadLock(ss); /*----------------------------*/
358 } 374 }
359 return sniName; 375 return sniName;
360 } 376 }
361 name = SSL_RevealURL(fd); 377 name = SSL_RevealURL(fd);
362 if (name) { 378 if (name) {
363 sniName = PORT_ZNew(SECItem); 379 sniName = PORT_ZNew(SECItem);
364 if (!sniName) { 380 if (!sniName) {
365 PORT_Free(name); 381 PORT_Free(name);
366 return NULL; 382 return NULL;
367 } 383 }
368 sniName->data = (void*)name; 384 sniName->data = (void *)name;
369 sniName->len = PORT_Strlen(name); 385 sniName->len = PORT_Strlen(name);
370 } 386 }
371 return sniName; 387 return sniName;
372 } 388 }
373 389
374 SECStatus 390 SECStatus
375 SSL_ExportKeyingMaterial(PRFileDesc *fd, 391 SSL_ExportKeyingMaterial(PRFileDesc *fd,
376 const char *label, unsigned int labelLen, 392 const char *label, unsigned int labelLen,
377 PRBool hasContext, 393 PRBool hasContext,
378 const unsigned char *context, unsigned int contextLen, 394 const unsigned char *context, unsigned int contextLen,
379 unsigned char *out, unsigned int outLen) 395 unsigned char *out, unsigned int outLen)
380 { 396 {
381 sslSocket *ss; 397 sslSocket *ss;
382 unsigned char *val = NULL; 398 unsigned char *val = NULL;
383 unsigned int valLen, i; 399 unsigned int valLen, i;
384 SECStatus rv = SECFailure; 400 SECStatus rv = SECFailure;
385 401
386 ss = ssl_FindSocket(fd); 402 ss = ssl_FindSocket(fd);
387 if (!ss) { 403 if (!ss) {
388 » SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial", 404 SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",
389 » » SSL_GETPID(), fd)); 405 SSL_GETPID(), fd));
390 » return SECFailure; 406 return SECFailure;
391 } 407 }
392 408
393 ssl_GetRecvBufLock(ss); 409 ssl_GetRecvBufLock(ss);
394 ssl_GetSSL3HandshakeLock(ss); 410 ssl_GetSSL3HandshakeLock(ss);
395 411
396 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) { 412 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {
397 » PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION); 413 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
398 » ssl_ReleaseSSL3HandshakeLock(ss); 414 ssl_ReleaseSSL3HandshakeLock(ss);
399 » ssl_ReleaseRecvBufLock(ss); 415 ssl_ReleaseRecvBufLock(ss);
400 » return SECFailure; 416 return SECFailure;
401 } 417 }
402 418
403 /* construct PRF arguments */ 419 /* construct PRF arguments */
404 valLen = SSL3_RANDOM_LENGTH * 2; 420 valLen = SSL3_RANDOM_LENGTH * 2;
405 if (hasContext) { 421 if (hasContext) {
406 » valLen += 2 /* PRUint16 length */ + contextLen; 422 valLen += 2 /* PRUint16 length */ + contextLen;
407 } 423 }
408 val = PORT_Alloc(valLen); 424 val = PORT_Alloc(valLen);
409 if (!val) { 425 if (!val) {
410 » ssl_ReleaseSSL3HandshakeLock(ss); 426 ssl_ReleaseSSL3HandshakeLock(ss);
411 » ssl_ReleaseRecvBufLock(ss); 427 ssl_ReleaseRecvBufLock(ss);
412 » return SECFailure; 428 return SECFailure;
413 } 429 }
414 i = 0; 430 i = 0;
415
416 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); 431 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
417 i += SSL3_RANDOM_LENGTH; 432 i += SSL3_RANDOM_LENGTH;
418 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); 433 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
419 i += SSL3_RANDOM_LENGTH; 434 i += SSL3_RANDOM_LENGTH;
420
421 if (hasContext) { 435 if (hasContext) {
422 » val[i++] = contextLen >> 8; 436 val[i++] = contextLen >> 8;
423 » val[i++] = contextLen; 437 val[i++] = contextLen;
424 » PORT_Memcpy(val + i, context, contextLen); 438 PORT_Memcpy(val + i, context, contextLen);
425 » i += contextLen; 439 i += contextLen;
426 } 440 }
427 PORT_Assert(i == valLen); 441 PORT_Assert(i == valLen);
428 442
429 /* Allow TLS keying material to be exported sooner, when the master 443 /* Allow TLS keying material to be exported sooner, when the master
430 * secret is available and we have sent ChangeCipherSpec. 444 * secret is available and we have sent ChangeCipherSpec.
431 */ 445 */
432 ssl_GetSpecReadLock(ss); 446 ssl_GetSpecReadLock(ss);
433 if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) { 447 if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
434 » PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); 448 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
435 » rv = SECFailure; 449 rv = SECFailure;
436 } else { 450 } else {
437 » rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, 451 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
438 » » » » » valLen, out, outLen); 452 valLen, out, outLen);
439 } 453 }
440 ssl_ReleaseSpecReadLock(ss); 454 ssl_ReleaseSpecReadLock(ss);
441 ssl_ReleaseSSL3HandshakeLock(ss); 455 ssl_ReleaseSSL3HandshakeLock(ss);
442 ssl_ReleaseRecvBufLock(ss); 456 ssl_ReleaseRecvBufLock(ss);
443 457
444 PORT_ZFree(val, valLen); 458 PORT_ZFree(val, valLen);
445 return rv; 459 return rv;
446 } 460 }
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslinit.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698