| OLD | NEW |
|---|
| 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| 2 /* | 2 /* |
| 3 * SSL3 Protocol | 3 * SSL3 Protocol |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 | 8 |
| 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
| 10 | 10 |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 92 | 92 |
| 93 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ | 93 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ |
| 94 #define MIN_SEND_BUF_LENGTH 4000 | 94 #define MIN_SEND_BUF_LENGTH 4000 |
| 95 | 95 |
| 96 /* This list of SSL3 cipher suites is sorted in descending order of | 96 /* This list of SSL3 cipher suites is sorted in descending order of |
| 97 * precedence (desirability). It only includes cipher suites we implement. | 97 * precedence (desirability). It only includes cipher suites we implement. |
| 98 * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites | 98 * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites |
| 99 * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c) | 99 * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c) |
| 100 */ | 100 */ |
| 101 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { | 101 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { |
| 102 /* cipher_suite policy enabled is_present*/ | 102 /* cipher_suite policy enabled isPresent */ |
| 103 #ifdef NSS_ENABLE_ECC | 103 #ifdef NSS_ENABLE_ECC |
| 104 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 104 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 105 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 105 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 106 #endif /* NSS_ENABLE_ECC */ | 106 #endif /* NSS_ENABLE_ECC */ |
| 107 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 107 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 108 { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 108 { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 109 | 109 |
| 110 #ifdef NSS_ENABLE_ECC | 110 #ifdef NSS_ENABLE_ECC |
| 111 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 111 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 112 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 112 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 113 #endif /* NSS_ENABLE_ECC */ | 113 #endif /* NSS_ENABLE_ECC */ |
| 114 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 114 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 115 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 115 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 116 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 116 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 117 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 117 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 118 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 118 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 119 #ifdef NSS_ENABLE_ECC | 119 #ifdef NSS_ENABLE_ECC |
| 120 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 120 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 121 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 121 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 122 #endif /* NSS_ENABLE_ECC */ | 122 #endif /* NSS_ENABLE_ECC */ |
| 123 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 123 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 124 { TLS_RSA_WITH_AES_256_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 124 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 125 { TLS_RSA_WITH_AES_256_CBC_SHA256,» SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 125 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 126 | 126 |
| 127 #ifdef NSS_ENABLE_ECC | 127 #ifdef NSS_ENABLE_ECC |
| 128 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 128 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 129 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 129 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 130 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 130 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 131 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 131 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 132 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 132 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 133 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 133 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 134 #endif /* NSS_ENABLE_ECC */ | 134 #endif /* NSS_ENABLE_ECC */ |
| 135 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 135 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 136 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 136 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 137 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 137 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 138 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 138 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 139 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 139 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 140 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 140 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 141 #ifdef NSS_ENABLE_ECC | 141 #ifdef NSS_ENABLE_ECC |
| 142 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 142 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 143 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 143 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 144 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 144 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 145 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 145 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 146 #endif /* NSS_ENABLE_ECC */ | 146 #endif /* NSS_ENABLE_ECC */ |
| 147 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 147 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 148 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 148 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 149 { SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 149 { SSL_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 150 { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, | 150 { SSL_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 151 { TLS_RSA_WITH_AES_128_CBC_SHA, » SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 151 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 152 { TLS_RSA_WITH_AES_128_CBC_SHA256,» SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 152 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 153 | 153 |
| 154 #ifdef NSS_ENABLE_ECC | 154 #ifdef NSS_ENABLE_ECC |
| 155 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 155 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 156 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 156 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 157 #endif /* NSS_ENABLE_ECC */ | 157 #endif /* NSS_ENABLE_ECC */ |
| 158 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 158 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 159 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, | 159 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 160 #ifdef NSS_ENABLE_ECC | 160 #ifdef NSS_ENABLE_ECC |
| 161 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 161 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 162 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 162 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 163 #endif /* NSS_ENABLE_ECC */ | 163 #endif /* NSS_ENABLE_ECC */ |
| 164 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 164 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 165 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, | 165 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
| 166 | 166 |
| 167 | 167 |
| 168 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 168 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 169 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 169 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 170 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 170 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 171 { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 171 { SSL_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 172 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 172 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 173 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 173 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 174 | 174 |
| 175 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 175 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 176 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 176 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 177 | 177 |
| 178 #ifdef NSS_ENABLE_ECC | 178 #ifdef NSS_ENABLE_ECC |
| 179 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 179 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 180 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 180 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 181 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 181 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 182 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE, PR_FALSE}, | 182 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 183 #endif /* NSS_ENABLE_ECC */ | 183 #endif /* NSS_ENABLE_ECC */ |
| 184 { SSL_RSA_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 184 { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 185 { TLS_RSA_WITH_NULL_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 185 { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 186 { SSL_RSA_WITH_NULL_MD5, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, | 186 { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
| 187 | |
| 188 }; | 187 }; |
| 189 | 188 |
| 190 /* This list of SSL3 compression methods is sorted in descending order of | 189 /* This list of SSL3 compression methods is sorted in descending order of |
| 191 * precedence (desirability). It only includes compression methods we | 190 * precedence (desirability). It only includes compression methods we |
| 192 * implement. | 191 * implement. |
| 193 */ | 192 */ |
| 194 static const /*SSLCompressionMethod*/ PRUint8 compressions [] = { | 193 static const /*SSLCompressionMethod*/ PRUint8 compressions [] = { |
| 195 #ifdef NSS_ENABLE_ZLIB | 194 #ifdef NSS_ENABLE_ZLIB |
| 196 ssl_compression_deflate, | 195 ssl_compression_deflate, |
| 197 #endif | 196 #endif |
| (...skipping 603 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 801 } | 800 } |
| 802 | 801 |
| 803 /* return number of cipher suites that match policy and enabled state */ | 802 /* return number of cipher suites that match policy and enabled state */ |
| 804 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ | 803 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ |
| 805 static int | 804 static int |
| 806 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) | 805 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) |
| 807 { | 806 { |
| 808 int i, count = 0; | 807 int i, count = 0; |
| 809 | 808 |
| 810 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { | 809 if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
| 811 » return 0; | 810 » return 0; |
| 812 } | 811 } |
| 813 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | 812 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| 814 if (config_match(&ss->cipherSuites[i], policy, enabled)) | 813 if (config_match(&ss->cipherSuites[i], policy, enabled)) |
| 815 count++; | 814 count++; |
| 816 } | 815 } |
| 817 if (count <= 0) { | 816 if (count <= 0) { |
| 818 PORT_SetError(SSL_ERROR_SSL_DISABLED); | 817 PORT_SetError(SSL_ERROR_SSL_DISABLED); |
| 819 } | 818 } |
| 820 return count; | 819 return count; |
| 821 } | 820 } |
| (...skipping 7131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7953 ss->ssl3.hs.suite_def = | 7952 ss->ssl3.hs.suite_def = |
| 7954 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); | 7953 ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); |
| 7955 goto suite_found; | 7954 goto suite_found; |
| 7956 } | 7955 } |
| 7957 } | 7956 } |
| 7958 } | 7957 } |
| 7959 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; | 7958 errCode = SSL_ERROR_NO_CYPHER_OVERLAP; |
| 7960 goto alert_loser; | 7959 goto alert_loser; |
| 7961 | 7960 |
| 7962 suite_found: | 7961 suite_found: |
| 7963 /* Look for a matching compression algorithm. */ | 7962 /* Select a compression algorithm. */ |
| 7964 for (i = 0; i < comps.len; i++) { | 7963 for (i = 0; i < comps.len; i++) { |
| 7965 if (!compressionEnabled(ss, comps.data[i])) | 7964 if (!compressionEnabled(ss, comps.data[i])) |
| 7966 continue; | 7965 continue; |
| 7967 for (j = 0; j < compressionMethodsCount; j++) { | 7966 for (j = 0; j < compressionMethodsCount; j++) { |
| 7968 if (comps.data[i] == compressions[j]) { | 7967 if (comps.data[i] == compressions[j]) { |
| 7969 ss->ssl3.hs.compression = | 7968 ss->ssl3.hs.compression = |
| 7970 (SSLCompressionMethod)compressions[j]; | 7969 (SSLCompressionMethod)compressions[j]; |
| 7971 goto compression_found; | 7970 goto compression_found; |
| 7972 } | 7971 } |
| 7973 } | 7972 } |
| (...skipping 4327 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12301 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12300 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
| 12302 } | 12301 } |
| 12303 } | 12302 } |
| 12304 | 12303 |
| 12305 ss->ssl3.initialized = PR_FALSE; | 12304 ss->ssl3.initialized = PR_FALSE; |
| 12306 | 12305 |
| 12307 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12306 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 12308 } | 12307 } |
| 12309 | 12308 |
| 12310 /* End of ssl3con.c */ | 12309 /* End of ssl3con.c */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 23279007:
Initialize the 'policy' setting of all cipher suites to SSL_ALLOWED, (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/