| OLD | NEW |
|---|
| 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| 2 /* | 2 /* |
| 3 * SSL3 Protocol | 3 * SSL3 Protocol |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 | 8 |
| 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
| 10 | 10 |
| (...skipping 6621 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6632 /* get a new sid */ | 6632 /* get a new sid */ |
| 6633 ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE); | 6633 ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE); |
| 6634 if (sid == NULL) { | 6634 if (sid == NULL) { |
| 6635 goto alert_loser; /* memory error is set. */ | 6635 goto alert_loser; /* memory error is set. */ |
| 6636 } | 6636 } |
| 6637 | 6637 |
| 6638 sid->version = ss->version; | 6638 sid->version = ss->version; |
| 6639 sid->u.ssl3.sessionIDLength = sidBytes.len; | 6639 sid->u.ssl3.sessionIDLength = sidBytes.len; |
| 6640 PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); | 6640 PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); |
| 6641 | 6641 |
| 6642 /* Copy Signed Certificate Timestamps, if any. */ |
| 6643 if (ss->xtnData.signedCertTimestamps.data) { |
| 6644 rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps, |
| 6645 &ss->xtnData.signedCertTimestamps); |
| 6646 if (rv != SECSuccess) |
| 6647 goto loser; |
| 6648 } |
| 6649 |
| 6642 ss->ssl3.hs.isResuming = PR_FALSE; | 6650 ss->ssl3.hs.isResuming = PR_FALSE; |
| 6643 ss->ssl3.hs.ws = wait_server_cert; | 6651 ss->ssl3.hs.ws = wait_server_cert; |
| 6644 | 6652 |
| 6645 winner: | 6653 winner: |
| 6654 /* Clean up the temporary pointer to the handshake buffer. */ |
| 6655 ss->xtnData.signedCertTimestamps.data = NULL; |
| 6656 ss->xtnData.signedCertTimestamps.len = 0; |
| 6657 |
| 6646 /* If we will need a ChannelID key then we make the callback now. This | 6658 /* If we will need a ChannelID key then we make the callback now. This |
| 6647 * allows the handshake to be restarted cleanly if the callback returns | 6659 * allows the handshake to be restarted cleanly if the callback returns |
| 6648 * SECWouldBlock. */ | 6660 * SECWouldBlock. */ |
| 6649 if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { | 6661 if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { |
| 6650 rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, | 6662 rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, |
| 6651 &ss->ssl3.channelIDPub, &ss->ssl3.channelID); | 6663 &ss->ssl3.channelIDPub, &ss->ssl3.channelID); |
| 6652 if (rv == SECWouldBlock) { | 6664 if (rv == SECWouldBlock) { |
| 6653 ssl3_SetAlwaysBlock(ss); | 6665 ssl3_SetAlwaysBlock(ss); |
| 6654 return rv; | 6666 return rv; |
| 6655 } | 6667 } |
| 6656 if (rv != SECSuccess || | 6668 if (rv != SECSuccess || |
| 6657 ss->ssl3.channelIDPub == NULL || | 6669 ss->ssl3.channelIDPub == NULL || |
| 6658 ss->ssl3.channelID == NULL) { | 6670 ss->ssl3.channelID == NULL) { |
| 6659 PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); | 6671 PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); |
| 6660 desc = internal_error; | 6672 desc = internal_error; |
| 6661 goto alert_loser; | 6673 goto alert_loser; |
| 6662 } | 6674 } |
| 6663 } | 6675 } |
| 6664 | 6676 |
| 6665 return SECSuccess; | 6677 return SECSuccess; |
| 6666 | 6678 |
| 6667 alert_loser: | 6679 alert_loser: |
| 6668 (void)SSL3_SendAlert(ss, alert_fatal, desc); | 6680 (void)SSL3_SendAlert(ss, alert_fatal, desc); |
| 6669 | 6681 |
| 6670 loser: | 6682 loser: |
| 6683 /* Clean up the temporary pointer to the handshake buffer. */ |
| 6684 ss->xtnData.signedCertTimestamps.data = NULL; |
| 6685 ss->xtnData.signedCertTimestamps.len = 0; |
| 6671 errCode = ssl_MapLowLevelError(errCode); | 6686 errCode = ssl_MapLowLevelError(errCode); |
| 6672 return SECFailure; | 6687 return SECFailure; |
| 6673 } | 6688 } |
| 6674 | 6689 |
| 6675 /* ssl3_BigIntGreaterThanOne returns true iff |mpint|, taken as an unsigned, | 6690 /* ssl3_BigIntGreaterThanOne returns true iff |mpint|, taken as an unsigned, |
| 6676 * big-endian integer is > 1 */ | 6691 * big-endian integer is > 1 */ |
| 6677 static PRBool | 6692 static PRBool |
| 6678 ssl3_BigIntGreaterThanOne(const SECItem* mpint) { | 6693 ssl3_BigIntGreaterThanOne(const SECItem* mpint) { |
| 6679 unsigned char firstNonZeroByte = 0; | 6694 unsigned char firstNonZeroByte = 0; |
| 6680 unsigned int i; | 6695 unsigned int i; |
| (...skipping 5952 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12633 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12648 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
| 12634 } | 12649 } |
| 12635 } | 12650 } |
| 12636 | 12651 |
| 12637 ss->ssl3.initialized = PR_FALSE; | 12652 ss->ssl3.initialized = PR_FALSE; |
| 12638 | 12653 |
| 12639 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12654 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 12640 } | 12655 } |
| 12641 | 12656 |
| 12642 /* End of ssl3con.c */ | 12657 /* End of ssl3con.c */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 64553002:
Certificate Transparency TLS extension patch for NSS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master