OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 6594 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6605 /* get a new sid */ | 6605 /* get a new sid */ |
6606 ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE); | 6606 ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE); |
6607 if (sid == NULL) { | 6607 if (sid == NULL) { |
6608 goto alert_loser; /* memory error is set. */ | 6608 goto alert_loser; /* memory error is set. */ |
6609 } | 6609 } |
6610 | 6610 |
6611 sid->version = ss->version; | 6611 sid->version = ss->version; |
6612 sid->u.ssl3.sessionIDLength = sidBytes.len; | 6612 sid->u.ssl3.sessionIDLength = sidBytes.len; |
6613 PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); | 6613 PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); |
6614 | 6614 |
6615 /* Copy Signed Certificate Timestamps, if any. */ | |
wtc
2013/11/08 19:51:31
So if session resumption succeeds, we ignore any S
ekasper
2013/11/18 17:47:18
Correct.
| |
6616 if (ss->xtnData.signedCertTimestamps.data) { | |
6617 rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps, | |
6618 &ss->xtnData.signedCertTimestamps); | |
6619 if (rv != SECSuccess) | |
6620 goto loser; | |
6621 } | |
6622 | |
6623 /* Clean up the temporary pointer to the handshake buffer. */ | |
6624 ss->xtnData.signedCertTimestamps.data = NULL; | |
6625 ss->xtnData.signedCertTimestamps.len = 0; | |
wtc
2013/11/08 19:51:31
Nit: these three lines can be moved into the prece
ekasper
2013/11/18 17:47:18
Actually, uh, they belong to the winner: block bel
| |
6626 | |
6615 ss->ssl3.hs.isResuming = PR_FALSE; | 6627 ss->ssl3.hs.isResuming = PR_FALSE; |
6616 ss->ssl3.hs.ws = wait_server_cert; | 6628 ss->ssl3.hs.ws = wait_server_cert; |
6617 | 6629 |
6618 winner: | 6630 winner: |
6619 /* If we will need a ChannelID key then we make the callback now. This | 6631 /* If we will need a ChannelID key then we make the callback now. This |
6620 * allows the handshake to be restarted cleanly if the callback returns | 6632 * allows the handshake to be restarted cleanly if the callback returns |
6621 * SECWouldBlock. */ | 6633 * SECWouldBlock. */ |
6622 if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { | 6634 if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { |
6623 rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, | 6635 rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, |
6624 &ss->ssl3.channelIDPub, &ss->ssl3.channelID); | 6636 &ss->ssl3.channelIDPub, &ss->ssl3.channelID); |
6625 if (rv == SECWouldBlock) { | 6637 if (rv == SECWouldBlock) { |
6626 ssl3_SetAlwaysBlock(ss); | 6638 ssl3_SetAlwaysBlock(ss); |
6627 return rv; | 6639 return rv; |
6628 } | 6640 } |
6629 if (rv != SECSuccess || | 6641 if (rv != SECSuccess || |
6630 ss->ssl3.channelIDPub == NULL || | 6642 ss->ssl3.channelIDPub == NULL || |
6631 ss->ssl3.channelID == NULL) { | 6643 ss->ssl3.channelID == NULL) { |
6632 PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); | 6644 PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); |
6633 desc = internal_error; | 6645 desc = internal_error; |
6634 goto alert_loser; | 6646 goto alert_loser; |
6635 } | 6647 } |
6636 } | 6648 } |
6637 | 6649 |
6638 return SECSuccess; | 6650 return SECSuccess; |
6639 | 6651 |
6640 alert_loser: | 6652 alert_loser: |
6641 (void)SSL3_SendAlert(ss, alert_fatal, desc); | 6653 (void)SSL3_SendAlert(ss, alert_fatal, desc); |
6642 | 6654 |
6643 loser: | 6655 loser: |
6656 /* Clean up the temporary pointer to the handshake buffer. */ | |
6657 ss->xtnData.signedCertTimestamps.data = NULL; | |
6658 ss->xtnData.signedCertTimestamps.len = 0; | |
6644 errCode = ssl_MapLowLevelError(errCode); | 6659 errCode = ssl_MapLowLevelError(errCode); |
6645 return SECFailure; | 6660 return SECFailure; |
6646 } | 6661 } |
6647 | 6662 |
6648 /* ssl3_BigIntGreaterThanOne returns true iff |mpint|, taken as an unsigned, | 6663 /* ssl3_BigIntGreaterThanOne returns true iff |mpint|, taken as an unsigned, |
6649 * big-endian integer is > 1 */ | 6664 * big-endian integer is > 1 */ |
6650 static PRBool | 6665 static PRBool |
6651 ssl3_BigIntGreaterThanOne(const SECItem* mpint) { | 6666 ssl3_BigIntGreaterThanOne(const SECItem* mpint) { |
6652 unsigned char firstNonZeroByte = 0; | 6667 unsigned char firstNonZeroByte = 0; |
6653 unsigned int i; | 6668 unsigned int i; |
(...skipping 5909 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12563 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12578 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
12564 } | 12579 } |
12565 } | 12580 } |
12566 | 12581 |
12567 ss->ssl3.initialized = PR_FALSE; | 12582 ss->ssl3.initialized = PR_FALSE; |
12568 | 12583 |
12569 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12584 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
12570 } | 12585 } |
12571 | 12586 |
12572 /* End of ssl3con.c */ | 12587 /* End of ssl3con.c */ |
OLD | NEW |