OLD | NEW |
1 /* | 1 /* |
2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
4 * Various other functions. | 4 * Various other functions. |
5 * | 5 * |
6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
9 #include "seccomon.h" | 9 #include "seccomon.h" |
10 #include "cert.h" | 10 #include "cert.h" |
(...skipping 1414 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1425 { | 1425 { |
1426 return ssl_ImportFD(model, fd, ssl_variant_stream); | 1426 return ssl_ImportFD(model, fd, ssl_variant_stream); |
1427 } | 1427 } |
1428 | 1428 |
1429 PRFileDesc * | 1429 PRFileDesc * |
1430 DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd) | 1430 DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd) |
1431 { | 1431 { |
1432 return ssl_ImportFD(model, fd, ssl_variant_datagram); | 1432 return ssl_ImportFD(model, fd, ssl_variant_datagram); |
1433 } | 1433 } |
1434 | 1434 |
| 1435 /* SSL_SetNextProtoCallback is used to select an application protocol |
| 1436 * for ALPN and NPN. For ALPN, this runs on the server; for NPN it |
| 1437 * runs on the client. */ |
| 1438 /* Note: The ALPN version doesn't allow for the use of a default, setting a |
| 1439 * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */ |
1435 SECStatus | 1440 SECStatus |
1436 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback, | 1441 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback, |
1437 void *arg) | 1442 void *arg) |
1438 { | 1443 { |
1439 sslSocket *ss = ssl_FindSocket(fd); | 1444 sslSocket *ss = ssl_FindSocket(fd); |
1440 | 1445 |
1441 if (!ss) { | 1446 if (!ss) { |
1442 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETP
ID(), | 1447 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETP
ID(), |
1443 fd)); | 1448 fd)); |
1444 return SECFailure; | 1449 return SECFailure; |
1445 } | 1450 } |
1446 | 1451 |
1447 ssl_GetSSL3HandshakeLock(ss); | 1452 ssl_GetSSL3HandshakeLock(ss); |
1448 ss->nextProtoCallback = callback; | 1453 ss->nextProtoCallback = callback; |
1449 ss->nextProtoArg = arg; | 1454 ss->nextProtoArg = arg; |
1450 ssl_ReleaseSSL3HandshakeLock(ss); | 1455 ssl_ReleaseSSL3HandshakeLock(ss); |
1451 | 1456 |
1452 return SECSuccess; | 1457 return SECSuccess; |
1453 } | 1458 } |
1454 | 1459 |
1455 /* ssl_NextProtoNegoCallback is set as an NPN callback for the case when | 1460 /* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when |
1456 * SSL_SetNextProtoNego is used. | 1461 * SSL_SetNextProtoNego is used. |
1457 */ | 1462 */ |
1458 static SECStatus | 1463 static SECStatus |
1459 ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd, | 1464 ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd, |
1460 const unsigned char *protos, unsigned int protos_len, | 1465 const unsigned char *protos, unsigned int protos_len, |
1461 unsigned char *protoOut, unsigned int *protoOutLen, | 1466 unsigned char *protoOut, unsigned int *protoOutLen, |
1462 unsigned int protoMaxLen) | 1467 unsigned int protoMaxLen) |
1463 { | 1468 { |
1464 unsigned int i, j; | 1469 unsigned int i, j; |
1465 const unsigned char *result; | 1470 const unsigned char *result; |
1466 sslSocket *ss = ssl_FindSocket(fd); | 1471 sslSocket *ss = ssl_FindSocket(fd); |
1467 | 1472 |
1468 if (!ss) { | 1473 if (!ss) { |
1469 SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback", | 1474 SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback", |
1470 SSL_GETPID(), fd)); | 1475 SSL_GETPID(), fd)); |
1471 return SECFailure; | 1476 return SECFailure; |
1472 } | 1477 } |
1473 | 1478 |
1474 if (protos_len == 0) { | |
1475 /* The server supports the extension, but doesn't have any protocols | |
1476 * configured. In this case we request our favoured protocol. */ | |
1477 goto pick_first; | |
1478 } | |
1479 | |
1480 /* For each protocol in server preference, see if we support it. */ | 1479 /* For each protocol in server preference, see if we support it. */ |
1481 for (i = 0; i < protos_len; ) { | 1480 for (i = 0; i < protos_len; ) { |
1482 for (j = 0; j < ss->opt.nextProtoNego.len; ) { | 1481 for (j = 0; j < ss->opt.nextProtoNego.len; ) { |
1483 if (protos[i] == ss->opt.nextProtoNego.data[j] && | 1482 if (protos[i] == ss->opt.nextProtoNego.data[j] && |
1484 PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1], | 1483 PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1], |
1485 protos[i]) == 0) { | 1484 protos[i]) == 0) { |
1486 /* We found a match. */ | 1485 /* We found a match. */ |
1487 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED; | 1486 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED; |
1488 result = &protos[i]; | 1487 result = &protos[i]; |
1489 goto found; | 1488 goto found; |
1490 } | 1489 } |
1491 j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j]; | 1490 j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j]; |
1492 } | 1491 } |
1493 i += 1 + (unsigned int)protos[i]; | 1492 i += 1 + (unsigned int)protos[i]; |
1494 } | 1493 } |
1495 | 1494 |
1496 pick_first: | 1495 /* The other side supports the extension, and either doesn't have any |
| 1496 * protocols configured, or none of its options match ours. In this case we |
| 1497 * request our favoured protocol. */ |
| 1498 /* This will be treated as a failure for ALPN. */ |
1497 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP; | 1499 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP; |
1498 result = ss->opt.nextProtoNego.data; | 1500 result = ss->opt.nextProtoNego.data; |
1499 | 1501 |
1500 found: | 1502 found: |
1501 if (protoMaxLen < result[0]) { | 1503 if (protoMaxLen < result[0]) { |
1502 PORT_SetError(SEC_ERROR_OUTPUT_LEN); | 1504 PORT_SetError(SEC_ERROR_OUTPUT_LEN); |
1503 return SECFailure; | 1505 return SECFailure; |
1504 } | 1506 } |
1505 memcpy(protoOut, result + 1, result[0]); | 1507 memcpy(protoOut, result + 1, result[0]); |
1506 *protoOutLen = result[0]; | 1508 *protoOutLen = result[0]; |
(...skipping 1612 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3119 loser: | 3121 loser: |
3120 ssl_DestroySocketContents(ss); | 3122 ssl_DestroySocketContents(ss); |
3121 ssl_DestroyLocks(ss); | 3123 ssl_DestroyLocks(ss); |
3122 PORT_Free(ss); | 3124 PORT_Free(ss); |
3123 ss = NULL; | 3125 ss = NULL; |
3124 } | 3126 } |
3125 } | 3127 } |
3126 return ss; | 3128 return ss; |
3127 } | 3129 } |
3128 | 3130 |
OLD | NEW |