| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * SSL3 Protocol | 2 * SSL3 Protocol |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 1173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1184 ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); | 1184 ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); |
| 1185 return SECFailure; | 1185 return SECFailure; |
| 1186 | 1186 |
| 1187 loser: | 1187 loser: |
| 1188 /* no common curve supported */ | 1188 /* no common curve supported */ |
| 1189 ssl3_DisableECCSuites(ss, ecSuites); | 1189 ssl3_DisableECCSuites(ss, ecSuites); |
| 1190 return SECFailure; | 1190 return SECFailure; |
| 1191 } | 1191 } |
| 1192 | 1192 |
| 1193 #endif /* NSS_ENABLE_ECC */ | 1193 #endif /* NSS_ENABLE_ECC */ |
| 1194 |
| 1195 /* send user mapping indication using info from ss->sec.userlogin |
| 1196 * called from ssl3_CallHelloExtensionSenders */ |
| 1197 PRInt32 |
| 1198 ssl3_SendSRPHelloExtension(sslSocket * ss, PRBool append, |
| 1199 PRUint32 maxBytes) |
| 1200 { |
| 1201 SECItem * user = ss->sec.userName; |
| 1202 |
| 1203 if (user == NULL) |
| 1204 return 0; /* no credentials, no extension */ |
| 1205 |
| 1206 if (append && maxBytes >= user->len + 5) { |
| 1207 SECStatus rv; |
| 1208 /* extension_type 6 */ |
| 1209 rv = ssl3_AppendHandshakeNumber(ss, 12, 2); |
| 1210 if (rv != SECSuccess) return 0; |
| 1211 /* length of extension */ |
| 1212 rv = ssl3_AppendHandshakeNumber(ss, user->len + 1, 2); |
| 1213 if (rv != SECSuccess) return 0; |
| 1214 /* length of data */ |
| 1215 rv = ssl3_AppendHandshakeNumber(ss, user->len, 1); |
| 1216 if (rv != SECSuccess) return 0; |
| 1217 /* extension_data = srp user name */ |
| 1218 rv = ssl3_AppendHandshake(ss, user->data, user->len); |
| 1219 if (rv != SECSuccess) return 0; |
| 1220 } |
| 1221 return user->len+5; |
| 1222 } |
| 1223 |
| 1224 SECStatus |
| 1225 ssl3_HandleSRPHelloExtension(sslSocket *ss, PRUint16 ext, SECItem *data) |
| 1226 { |
| 1227 SECStatus rv; |
| 1228 SECItem username; |
| 1229 |
| 1230 rv = ssl3_ConsumeHandshakeVariable(ss, &username, 1, &data->data, &data-
>len); |
| 1231 if (rv != SECSuccess) |
| 1232 return rv; |
| 1233 |
| 1234 /* enforce SRP username length constrain */ |
| 1235 if (data->len > MAX_SRP_USERNAME_LENGTH) |
| 1236 data->len = MAX_SRP_USERNAME_LENGTH; |
| 1237 |
| 1238 ss->sec.userName = PORT_ZAlloc(sizeof(SECItem)); |
| 1239 if (!ss->sec.userName) |
| 1240 goto no_memory; |
| 1241 |
| 1242 rv = SECITEM_CopyItem(NULL, ss->sec.userName, &username); |
| 1243 if (rv != SECSuccess) |
| 1244 goto no_memory; |
| 1245 |
| 1246 return rv; |
| 1247 no_memory: |
| 1248 ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); |
| 1249 return SECFailure; |
| 1250 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6804032:
Add TLS-SRP (RFC 5054) support
Base URL: http://git.chromium.org/git/chromium.git@trunk