| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
| 3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
| 4 * Various other functions. | 4 * Various other functions. |
| 5 * | 5 * |
| 6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
| 7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 9 #include "seccomon.h" | 9 #include "seccomon.h" |
| 10 #include "cert.h" | 10 #include "cert.h" |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 #include "nss.h" | 21 #include "nss.h" |
| 22 | 22 |
| 23 /* This is a bodge to allow this code to be compiled against older NSS headers | 23 /* This is a bodge to allow this code to be compiled against older NSS headers |
| 24 * that don't contain the TLS 1.2 changes. */ | 24 * that don't contain the TLS 1.2 changes. */ |
| 25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 | 25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 |
| 26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) | 26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
| 27 #endif | 27 #endif |
| 28 | 28 |
| 29 #define SET_ERROR_CODE /* reminder */ | 29 #define SET_ERROR_CODE /* reminder */ |
| 30 | 30 |
| 31 struct cipherPolicyStr { | |
| 32 int cipher; | |
| 33 unsigned char export; /* policy value for export policy */ | |
| 34 unsigned char france; /* policy value for france policy */ | |
| 35 }; | |
| 36 | |
| 37 typedef struct cipherPolicyStr cipherPolicy; | |
| 38 | |
| 39 /* This table contains two preconfigured policies: Export and France. | |
| 40 ** It is used only by the functions NSS_SetDomesticPolicy, | |
| 41 ** NSS_SetExportPolicy, and NSS_SetFrancePolicy. | |
| 42 ** Order of entries is not important. | |
| 43 */ | |
| 44 static cipherPolicy ssl_ciphers[] = { /* Export France */ | |
| 45 { SSL_EN_RC4_128_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 46 { SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 47 { SSL_EN_RC2_128_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 48 { SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 49 { SSL_EN_DES_64_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 50 { SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 51 { SSL_RSA_WITH_RC4_128_MD5, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
| 52 { SSL_RSA_WITH_RC4_128_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
| 53 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 54 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED }, | |
| 55 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 56 { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 57 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 58 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 59 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 60 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 61 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 62 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 63 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 64 { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, SSL_ALLOWED }, | |
| 65 { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 66 { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, SSL_ALLOWED }, | |
| 67 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 68 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 69 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 70 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 71 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 72 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 73 { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 74 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 75 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 76 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 77 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 78 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 79 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 80 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 81 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 82 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 83 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 84 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 85 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 86 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED }, | |
| 87 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED }, | |
| 88 #ifdef NSS_ENABLE_ECC | |
| 89 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 90 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 91 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 92 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 93 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 94 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 95 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 96 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 97 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 98 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 99 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 100 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 101 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 102 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 103 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 104 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 105 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 106 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED }, | |
| 107 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 108 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 109 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 110 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 111 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 112 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, | |
| 113 #endif /* NSS_ENABLE_ECC */ | |
| 114 { 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED } | |
| 115 }; | |
| 116 | |
| 117 static const sslSocketOps ssl_default_ops = { /* No SSL. */ | 31 static const sslSocketOps ssl_default_ops = { /* No SSL. */ |
| 118 ssl_DefConnect, | 32 ssl_DefConnect, |
| 119 NULL, | 33 NULL, |
| 120 ssl_DefBind, | 34 ssl_DefBind, |
| 121 ssl_DefListen, | 35 ssl_DefListen, |
| 122 ssl_DefShutdown, | 36 ssl_DefShutdown, |
| 123 ssl_DefClose, | 37 ssl_DefClose, |
| 124 ssl_DefRecv, | 38 ssl_DefRecv, |
| 125 ssl_DefSend, | 39 ssl_DefSend, |
| 126 ssl_DefRead, | 40 ssl_DefRead, |
| (...skipping 1221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1348 } else { | 1262 } else { |
| 1349 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); | 1263 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); |
| 1350 } | 1264 } |
| 1351 return rv; | 1265 return rv; |
| 1352 } | 1266 } |
| 1353 | 1267 |
| 1354 SECStatus | 1268 SECStatus |
| 1355 NSS_SetDomesticPolicy(void) | 1269 NSS_SetDomesticPolicy(void) |
| 1356 { | 1270 { |
| 1357 SECStatus status = SECSuccess; | 1271 SECStatus status = SECSuccess; |
| 1358 cipherPolicy * policy; | 1272 const PRUint16 *cipher; |
| 1359 | 1273 |
| 1360 for (policy = ssl_ciphers; policy->cipher != 0; ++policy) { | 1274 for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) { |
| 1361 » status = SSL_SetPolicy(policy->cipher, SSL_ALLOWED); | 1275 » status = SSL_SetPolicy(*cipher, SSL_ALLOWED); |
| 1362 if (status != SECSuccess) | 1276 if (status != SECSuccess) |
| 1363 break; | 1277 break; |
| 1364 } | 1278 } |
| 1365 return status; | 1279 return status; |
| 1366 } | 1280 } |
| 1367 | 1281 |
| 1368 SECStatus | 1282 SECStatus |
| 1369 NSS_SetExportPolicy(void) | 1283 NSS_SetExportPolicy(void) |
| 1370 { | 1284 { |
| 1371 return NSS_SetDomesticPolicy(); | 1285 return NSS_SetDomesticPolicy(); |
| (...skipping 1747 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3119 loser: | 3033 loser: |
| 3120 ssl_DestroySocketContents(ss); | 3034 ssl_DestroySocketContents(ss); |
| 3121 ssl_DestroyLocks(ss); | 3035 ssl_DestroyLocks(ss); |
| 3122 PORT_Free(ss); | 3036 PORT_Free(ss); |
| 3123 ss = NULL; | 3037 ss = NULL; |
| 3124 } | 3038 } |
| 3125 } | 3039 } |
| 3126 return ss; | 3040 return ss; |
| 3127 } | 3041 } |
| 3128 | 3042 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 23279007:
Initialize the 'policy' setting of all cipher suites to SSL_ALLOWED, (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/