Chromium Code Reviews Chromium Code Reviews
Issue 21564003:
NSS: remove cipher policy framework.
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
| 3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
| 4 * Various other functions. | 4 * Various other functions. |
| 5 * | 5 * |
| 6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
| 7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 9 #include "seccomon.h" | 9 #include "seccomon.h" |
| 10 #include "cert.h" | 10 #include "cert.h" |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 21 #include "nss.h" | 21 #include "nss.h" |
| 22 | 22 |
| 23 /* This is a bodge to allow this code to be compiled against older NSS headers | 23 /* This is a bodge to allow this code to be compiled against older NSS headers |
| 24 * that don't contain the TLS 1.2 changes. */ | 24 * that don't contain the TLS 1.2 changes. */ |
| 25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 | 25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 |
| 26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) | 26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
| 27 #endif | 27 #endif |
| 28 | 28 |
| 29 #define SET_ERROR_CODE /* reminder */ | 29 #define SET_ERROR_CODE /* reminder */ |
| 30 | 30 |
| 31 struct cipherPolicyStr { | |
| 32 int cipher; | |
| 33 unsigned char export; /* policy value for export policy */ | |
| 34 unsigned char france; /* policy value for france policy */ | |
| 35 }; | |
| 36 | |
| 37 typedef struct cipherPolicyStr cipherPolicy; | |
| 38 | |
| 39 /* This table contains two preconfigured policies: Export and France. | |
| 40 ** It is used only by the functions NSS_SetDomesticPolicy, | |
| 41 ** NSS_SetExportPolicy, and NSS_SetFrancePolicy. | |
| 42 ** Order of entries is not important. | |
| 43 */ | |
| 44 static cipherPolicy ssl_ciphers[] = { /* Export France */ | |
| 45 { SSL_EN_RC4_128_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 46 { SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 47 { SSL_EN_RC2_128_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 48 { SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 49 { SSL_EN_DES_64_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 50 { SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 51 { SSL_RSA_WITH_RC4_128_MD5, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
| 52 { SSL_RSA_WITH_RC4_128_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
| 53 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 54 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
| 55 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 56 { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 57 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 58 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 59 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 60 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 61 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 62 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 63 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 64 { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 65 { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 66 { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, SSL_ALLOWED }, | |
| 67 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 68 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 69 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 70 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 71 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 72 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 73 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 74 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 75 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 76 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 77 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 78 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 79 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 80 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 81 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 82 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 83 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 84 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED }, | |
| 85 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED }, | |
| 86 #ifdef NSS_ENABLE_ECC | |
| 87 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 88 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 89 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 90 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 91 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 92 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 93 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 94 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 95 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 96 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 97 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 98 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 99 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 100 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 101 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 102 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 103 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 104 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 105 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 106 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 107 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 108 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 109 #endif /* NSS_ENABLE_ECC */ | |
| 110 { 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED } | |
| 111 }; | |
| 112 | |
| 113 static const sslSocketOps ssl_default_ops = { /* No SSL. */ | 31 static const sslSocketOps ssl_default_ops = { /* No SSL. */ |
| 114 ssl_DefConnect, | 32 ssl_DefConnect, |
| 115 NULL, | 33 NULL, |
| 116 ssl_DefBind, | 34 ssl_DefBind, |
| 117 ssl_DefListen, | 35 ssl_DefListen, |
| 118 ssl_DefShutdown, | 36 ssl_DefShutdown, |
| 119 ssl_DefClose, | 37 ssl_DefClose, |
| 120 ssl_DefRecv, | 38 ssl_DefRecv, |
| 121 ssl_DefSend, | 39 ssl_DefSend, |
| 122 ssl_DefRead, | 40 ssl_DefRead, |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 284 | 202 |
| 285 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); | 203 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); |
| 286 ss->url = !os->url ? NULL : PORT_Strdup(os->url); | 204 ss->url = !os->url ? NULL : PORT_Strdup(os->url); |
| 287 | 205 |
| 288 ss->ops = os->ops; | 206 ss->ops = os->ops; |
| 289 ss->rTimeout = os->rTimeout; | 207 ss->rTimeout = os->rTimeout; |
| 290 ss->wTimeout = os->wTimeout; | 208 ss->wTimeout = os->wTimeout; |
| 291 ss->cTimeout = os->cTimeout; | 209 ss->cTimeout = os->cTimeout; |
| 292 ss->dbHandle = os->dbHandle; | 210 ss->dbHandle = os->dbHandle; |
| 293 | 211 |
| 294 » /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */ | 212 » /* copy ssl2&3 prefs, even if it's not selected (yet) */ |
| 295 » ss->allowedByPolicy» = os->allowedByPolicy; | |
| 296 » ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; | |
| 297 ss->chosenPreference = os->chosenPreference; | 213 ss->chosenPreference = os->chosenPreference; |
| 298 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites) ; | 214 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites) ; |
| 299 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, | 215 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, |
| 300 sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); | 216 sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); |
| 301 ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; | 217 ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; |
| 302 | 218 |
| 303 if (os->cipherSpecs) { | 219 if (os->cipherSpecs) { |
| 304 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); | 220 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); |
| 305 if (ss->cipherSpecs) | 221 if (ss->cipherSpecs) |
| 306 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, | 222 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, |
| (...skipping 864 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1171 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: | 1087 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: |
| 1172 case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA: | 1088 case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA: |
| 1173 return PR_TRUE; | 1089 return PR_TRUE; |
| 1174 default: | 1090 default: |
| 1175 return PR_FALSE; | 1091 return PR_FALSE; |
| 1176 } | 1092 } |
| 1177 } | 1093 } |
| 1178 | 1094 |
| 1179 /* Part of the public NSS API. | 1095 /* Part of the public NSS API. |
| 1180 * Since this is a global (not per-socket) setting, we cannot use the | 1096 * Since this is a global (not per-socket) setting, we cannot use the |
| 1181 * HandshakeLock to protect this. Probably want a global lock. | 1097 * HandshakeLock to protect this. Probably want a global lock. |
|
wtc
2013/08/08 21:26:28
I think lines 1096-1097 (or perhaps the entire com
agl
2013/08/09 15:53:49
Done.
| |
| 1182 */ | 1098 */ |
| 1183 SECStatus | 1099 SECStatus |
| 1184 SSL_SetPolicy(long which, int policy) | 1100 SSL_SetPolicy(long which, int policy) |
| 1185 { | 1101 { |
| 1186 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) { | 1102 return SECSuccess; |
| 1187 » /* one of the two old FIPS ciphers */ | |
| 1188 » if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) | |
| 1189 » which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; | |
| 1190 » else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) | |
| 1191 » which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; | |
| 1192 } | |
| 1193 if (ssl_IsRemovedCipherSuite(which)) | |
| 1194 » return SECSuccess; | |
| 1195 return SSL_CipherPolicySet(which, policy); | |
| 1196 } | 1103 } |
| 1197 | 1104 |
| 1198 SECStatus | 1105 SECStatus |
| 1199 SSL_CipherPolicySet(PRInt32 which, PRInt32 policy) | 1106 SSL_CipherPolicySet(PRInt32 which, PRInt32 policy) |
| 1200 { | 1107 { |
| 1201 SECStatus rv = ssl_Init(); | 1108 return SECSuccess; |
| 1202 | |
| 1203 if (rv != SECSuccess) { | |
| 1204 » return rv; | |
| 1205 } | |
| 1206 | |
| 1207 if (ssl_IsRemovedCipherSuite(which)) { | |
| 1208 » rv = SECSuccess; | |
| 1209 } else if (SSL_IS_SSL2_CIPHER(which)) { | |
| 1210 » rv = ssl2_SetPolicy(which, policy); | |
| 1211 } else { | |
| 1212 » rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); | |
| 1213 } | |
| 1214 return rv; | |
| 1215 } | 1109 } |
| 1216 | 1110 |
| 1217 SECStatus | 1111 SECStatus |
| 1218 SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) | 1112 SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) |
| 1219 { | 1113 { |
| 1220 SECStatus rv; | 1114 *oPolicy = 0; |
|
wtc
2013/08/08 21:26:28
I think we should set *oPolicy to SSL_ALLOWED.
agl
2013/08/09 15:53:49
Done.
| |
| 1221 | 1115 return SECSuccess; |
| 1222 if (!oPolicy) { | |
| 1223 » PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
| 1224 » return SECFailure; | |
| 1225 } | |
| 1226 if (ssl_IsRemovedCipherSuite(which)) { | |
| 1227 » *oPolicy = SSL_NOT_ALLOWED; | |
| 1228 » rv = SECSuccess; | |
| 1229 } else if (SSL_IS_SSL2_CIPHER(which)) { | |
| 1230 » rv = ssl2_GetPolicy(which, oPolicy); | |
| 1231 } else { | |
| 1232 » rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy); | |
| 1233 } | |
| 1234 return rv; | |
| 1235 } | 1116 } |
| 1236 | 1117 |
| 1237 /* Part of the public NSS API. | 1118 /* Part of the public NSS API. |
| 1238 * Since this is a global (not per-socket) setting, we cannot use the | 1119 * Since this is a global (not per-socket) setting, we cannot use the |
| 1239 * HandshakeLock to protect this. Probably want a global lock. | 1120 * HandshakeLock to protect this. Probably want a global lock. |
| 1240 * These changes have no effect on any sslSockets already created. | 1121 * These changes have no effect on any sslSockets already created. |
| 1241 */ | 1122 */ |
| 1242 SECStatus | 1123 SECStatus |
| 1243 SSL_EnableCipher(long which, PRBool enabled) | 1124 SSL_EnableCipher(long which, PRBool enabled) |
| 1244 { | 1125 { |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1343 rv = ssl2_CipherPrefGet(ss, which, enabled); | 1224 rv = ssl2_CipherPrefGet(ss, which, enabled); |
| 1344 } else { | 1225 } else { |
| 1345 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); | 1226 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); |
| 1346 } | 1227 } |
| 1347 return rv; | 1228 return rv; |
| 1348 } | 1229 } |
| 1349 | 1230 |
| 1350 SECStatus | 1231 SECStatus |
| 1351 NSS_SetDomesticPolicy(void) | 1232 NSS_SetDomesticPolicy(void) |
| 1352 { | 1233 { |
| 1353 SECStatus status = SECSuccess; | 1234 return SECSuccess; |
| 1354 cipherPolicy * policy; | |
| 1355 | |
| 1356 for (policy = ssl_ciphers; policy->cipher != 0; ++policy) { | |
| 1357 » status = SSL_SetPolicy(policy->cipher, SSL_ALLOWED); | |
| 1358 » if (status != SECSuccess) | |
| 1359 » break; | |
| 1360 } | |
| 1361 return status; | |
| 1362 } | 1235 } |
| 1363 | 1236 |
| 1364 SECStatus | 1237 SECStatus |
| 1365 NSS_SetExportPolicy(void) | 1238 NSS_SetExportPolicy(void) |
| 1366 { | 1239 { |
| 1367 return NSS_SetDomesticPolicy(); | 1240 return SECSuccess; |
| 1368 } | 1241 } |
| 1369 | 1242 |
| 1370 SECStatus | 1243 SECStatus |
| 1371 NSS_SetFrancePolicy(void) | 1244 NSS_SetFrancePolicy(void) |
| 1372 { | 1245 { |
| 1373 return NSS_SetDomesticPolicy(); | 1246 return SECSuccess; |
| 1374 } | 1247 } |
| 1375 | 1248 |
| 1376 SECStatus | 1249 SECStatus |
| 1377 SSL_GetChannelBinding(PRFileDesc *fd, | 1250 SSL_GetChannelBinding(PRFileDesc *fd, |
| 1378 SSLChannelBindingType binding_type, | 1251 SSLChannelBindingType binding_type, |
| 1379 unsigned char *out, | 1252 unsigned char *out, |
| 1380 unsigned int *outLen, | 1253 unsigned int *outLen, |
| 1381 unsigned int outLenMax) { | 1254 unsigned int outLenMax) { |
| 1382 sslSocket *ss = ssl_FindSocket(fd); | 1255 sslSocket *ss = ssl_FindSocket(fd); |
| 1383 | 1256 |
| (...skipping 1706 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3090 ss->getPlatformClientAuthDataArg = NULL; | 2963 ss->getPlatformClientAuthDataArg = NULL; |
| 3091 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 2964 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 3092 ss->handleBadCert = NULL; | 2965 ss->handleBadCert = NULL; |
| 3093 ss->badCertArg = NULL; | 2966 ss->badCertArg = NULL; |
| 3094 ss->pkcs11PinArg = NULL; | 2967 ss->pkcs11PinArg = NULL; |
| 3095 ss->ephemeralECDHKeyPair = NULL; | 2968 ss->ephemeralECDHKeyPair = NULL; |
| 3096 ss->getChannelID = NULL; | 2969 ss->getChannelID = NULL; |
| 3097 ss->getChannelIDArg = NULL; | 2970 ss->getChannelIDArg = NULL; |
| 3098 | 2971 |
| 3099 ssl_ChooseOps(ss); | 2972 ssl_ChooseOps(ss); |
| 3100 » ssl2_InitSocketPolicy(ss); | 2973 » ssl2_InitSocketCipherSuites(ss); |
| 3101 » ssl3_InitSocketPolicy(ss); | 2974 » ssl3_InitSocketCipherSuites(ss); |
| 3102 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); | 2975 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); |
| 3103 | 2976 |
| 3104 if (makeLocks) { | 2977 if (makeLocks) { |
| 3105 status = ssl_MakeLocks(ss); | 2978 status = ssl_MakeLocks(ss); |
| 3106 if (status != SECSuccess) | 2979 if (status != SECSuccess) |
| 3107 goto loser; | 2980 goto loser; |
| 3108 } | 2981 } |
| 3109 status = ssl_CreateSecurityInfo(ss); | 2982 status = ssl_CreateSecurityInfo(ss); |
| 3110 if (status != SECSuccess) | 2983 if (status != SECSuccess) |
| 3111 goto loser; | 2984 goto loser; |
| 3112 status = ssl_InitGather(&ss->gs); | 2985 status = ssl_InitGather(&ss->gs); |
| 3113 if (status != SECSuccess) { | 2986 if (status != SECSuccess) { |
| 3114 loser: | 2987 loser: |
| 3115 ssl_DestroySocketContents(ss); | 2988 ssl_DestroySocketContents(ss); |
| 3116 ssl_DestroyLocks(ss); | 2989 ssl_DestroyLocks(ss); |
| 3117 PORT_Free(ss); | 2990 PORT_Free(ss); |
| 3118 ss = NULL; | 2991 ss = NULL; |
| 3119 } | 2992 } |
| 3120 ss->protocolVariant = protocolVariant; | 2993 ss->protocolVariant = protocolVariant; |
| 3121 } | 2994 } |
| 3122 return ss; | 2995 return ss; |
| 3123 } | 2996 } |
| 3124 | 2997 |
| OLD | NEW |
