OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 #include "ssl.h" | 4 #include "ssl.h" |
5 #include "sslimpl.h" | 5 #include "sslimpl.h" |
6 #include "sslproto.h" | 6 #include "sslproto.h" |
7 | 7 |
8 static const char * | 8 static const char * |
9 ssl_GetCompressionMethodName(SSLCompressionMethod compression) | 9 ssl_GetCompressionMethodName(SSLCompressionMethod compression) |
10 { | 10 { |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
121 | 121 |
122 #define B_256 256, 256, 256 | 122 #define B_256 256, 256, 256 |
123 #define B_128 128, 128, 128 | 123 #define B_128 128, 128, 128 |
124 #define B_3DES 192, 156, 112 | 124 #define B_3DES 192, 156, 112 |
125 #define B_SJ 96, 80, 80 | 125 #define B_SJ 96, 80, 80 |
126 #define B_DES 64, 56, 56 | 126 #define B_DES 64, 56, 56 |
127 #define B_56 128, 56, 56 | 127 #define B_56 128, 56, 56 |
128 #define B_40 128, 40, 40 | 128 #define B_40 128, 40, 40 |
129 #define B_0 0, 0, 0 | 129 #define B_0 0, 0, 0 |
130 | 130 |
| 131 #define M_AEAD_128 "AEAD", ssl_mac_aead, 128 |
131 #define M_SHA256 "SHA256", ssl_hmac_sha256, 256 | 132 #define M_SHA256 "SHA256", ssl_hmac_sha256, 256 |
132 #define M_SHA "SHA1", ssl_mac_sha, 160 | 133 #define M_SHA "SHA1", ssl_mac_sha, 160 |
133 #define M_MD5 "MD5", ssl_mac_md5, 128 | 134 #define M_MD5 "MD5", ssl_mac_md5, 128 |
134 #define M_NULL "NULL", ssl_mac_null, 0 | 135 #define M_NULL "NULL", ssl_mac_null, 0 |
135 | 136 |
136 static const SSLCipherSuiteInfo suiteInfo[] = { | 137 static const SSLCipherSuiteInfo suiteInfo[] = { |
137 /* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC>
<FIPS> */ | 138 /* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC>
<FIPS> */ |
138 {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_N
ULL, 1, 0, 0, }, | 139 {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, |
139 | 140 |
140 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, | 141 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, |
141 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, | 142 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, |
142 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, | 143 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, |
143 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, | 144 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, |
144 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, | 145 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA,
1, 0, 0, }, |
145 {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, | 146 {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M
_SHA, 0, 0, 0, }, |
146 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, | 147 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA2
56, 1, 0, 0, }, |
147 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA,
1, 0, 0, }, | 148 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA,
1, 0, 0, }, |
148 | 149 |
149 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, | 150 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, |
150 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, | 151 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, |
151 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA,
0, 0, 0, }, | 152 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA,
0, 0, 0, }, |
152 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, | 153 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, |
153 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_N
ULL, 1, 0, 0, }, | 154 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_A
EAD_128, 1, 0, 0, }, |
154 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, | 155 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, |
155 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, | 156 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA,
1, 0, 0, }, |
156 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA,
1, 0, 0, }, | 157 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA,
1, 0, 0, }, |
157 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, | 158 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M
_SHA, 0, 0, 0, }, |
158 {0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA,
0, 0, 0, }, | 159 {0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA,
0, 0, 0, }, |
159 {0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5,
0, 0, 0, }, | 160 {0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5,
0, 0, 0, }, |
160 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, | 161 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA2
56, 1, 0, 0, }, |
161 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA,
1, 0, 0, }, | 162 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA,
1, 0, 0, }, |
162 | 163 |
163 {0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, | 164 {0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, |
164 {0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, | 165 {0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, |
165 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA,
1, 0, 1, }, | 166 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA,
1, 0, 1, }, |
166 {0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, | 167 {0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA,
1, 0, 0, }, |
167 | 168 |
168 {0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA,
0, 0, 0, }, | 169 {0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA,
0, 0, 0, }, |
169 {0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA,
0, 0, 0, }, | 170 {0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA,
0, 0, 0, }, |
170 {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA,
0, 0, 1, }, | 171 {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA,
0, 0, 1, }, |
171 {0,CS(SSL_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA,
0, 0, 0, }, | 172 {0,CS(SSL_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA,
0, 0, 0, }, |
172 | 173 |
173 {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA,
0, 1, 0, }, | 174 {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA,
0, 1, 0, }, |
174 {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA,
0, 1, 0, }, | 175 {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA,
0, 1, 0, }, |
175 {0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5,
0, 1, 0, }, | 176 {0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5,
0, 1, 0, }, |
176 {0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5,
0, 1, 0, }, | 177 {0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5,
0, 1, 0, }, |
177 {0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA2
56, 0, 1, 0, }, | 178 {0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA2
56, 0, 1, 0, }, |
178 {0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA,
0, 1, 0, }, | 179 {0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA,
0, 1, 0, }, |
179 {0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5,
0, 1, 0, }, | 180 {0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5,
0, 1, 0, }, |
180 | 181 |
181 #ifdef NSS_ENABLE_ECC | 182 #ifdef NSS_ENABLE_ECC |
182 /* ECC cipher suites */ | 183 /* ECC cipher suites */ |
183 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M
_NULL, 1, 0, 0, }, | 184 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M
_AEAD_128, 1, 0, 0, }, |
184 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_12
8, M_NULL, 1, 0, 0, }, | 185 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_12
8, M_AEAD_128, 1, 0, 0, }, |
185 | 186 |
186 {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SH
A, 0, 0, 0, }, | 187 {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SH
A, 0, 0, 0, }, |
187 {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_S
HA, 0, 0, 0, }, | 188 {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_S
HA, 0, 0, 0, }, |
188 {0,CS(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDH, C_3DES, B_3DES, M
_SHA, 1, 0, 0, }, | 189 {0,CS(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDH, C_3DES, B_3DES, M
_SHA, 1, 0, 0, }, |
189 {0,CS(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_128, M_S
HA, 1, 0, 0, }, | 190 {0,CS(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_128, M_S
HA, 1, 0, 0, }, |
190 {0,CS(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_256, M_S
HA, 1, 0, 0, }, | 191 {0,CS(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_256, M_S
HA, 1, 0, 0, }, |
191 | 192 |
192 {0,CS(TLS_ECDHE_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDHE, C_NULL, B_0, M_S
HA, 0, 0, 0, }, | 193 {0,CS(TLS_ECDHE_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDHE, C_NULL, B_0, M_S
HA, 0, 0, 0, }, |
193 {0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128, M_
SHA, 0, 0, 0, }, | 194 {0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128, M_
SHA, 0, 0, 0, }, |
194 {0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES,
M_SHA, 1, 0, 0, }, | 195 {0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES,
M_SHA, 1, 0, 0, }, |
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
404 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, | 405 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, |
405 valLen, out, outLen); | 406 valLen, out, outLen); |
406 } | 407 } |
407 ssl_ReleaseSpecReadLock(ss); | 408 ssl_ReleaseSpecReadLock(ss); |
408 ssl_ReleaseSSL3HandshakeLock(ss); | 409 ssl_ReleaseSSL3HandshakeLock(ss); |
409 ssl_ReleaseRecvBufLock(ss); | 410 ssl_ReleaseRecvBufLock(ss); |
410 | 411 |
411 PORT_ZFree(val, valLen); | 412 PORT_ZFree(val, valLen); |
412 return rv; | 413 return rv; |
413 } | 414 } |
OLD | NEW |