OLD | NEW |
(Empty) | |
| 1 diff --git a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h |
| 2 index 47468a0..bd93bc5 100644 |
| 3 --- a/nss/lib/ssl/ssl.h |
| 4 +++ b/nss/lib/ssl/ssl.h |
| 5 @@ -267,6 +267,12 @@ SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 ciphe
r, PRBool enabled); |
| 6 SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); |
| 7 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); |
| 8 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); |
| 9 +/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|, |
| 10 + * which must be an array of cipher suite ids of length |len|. All the given |
| 11 + * cipher suite ids must appear in the array that is returned by |
| 12 + * |SSL_GetImplementedCiphers| and may only appear once, at most. */ |
| 13 +SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers
, |
| 14 + size_t len); |
| 15 |
| 16 /* SSLChannelBindingType enumerates the types of supported channel binding |
| 17 * values. See RFC 5929. */ |
| 18 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c |
| 19 index 882e356..ab22891 100644 |
| 20 --- a/nss/lib/ssl/ssl3con.c |
| 21 +++ b/nss/lib/ssl/ssl3con.c |
| 22 @@ -12365,6 +12365,45 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which
, PRBool *enabled) |
| 23 return rv; |
| 24 } |
| 25 |
| 26 +SECStatus |
| 27 +ssl3_CipherOrderSet(sslSocket *ss, const PRUint16 *ciphers, size_t len) |
| 28 +{ |
| 29 + size_t i, done; |
| 30 + |
| 31 + for (i = done = 0; i < len; i++) { |
| 32 + PRUint16 id = ciphers[i]; |
| 33 + size_t existingIndex, j; |
| 34 + char found = 0; |
| 35 + |
| 36 + for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
| 37 + if (ss->cipherSuites[j].cipher_suite == id) { |
| 38 + existingIndex = j; |
| 39 + found = 1; |
| 40 + break; |
| 41 + } |
| 42 + } |
| 43 + |
| 44 + if (!found) { |
| 45 + PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); |
| 46 + return SECFailure; |
| 47 + } |
| 48 + |
| 49 + if (existingIndex != done) { |
| 50 + const ssl3CipherSuiteCfg temp = ss->cipherSuites[done]; |
| 51 + ss->cipherSuites[done] = ss->cipherSuites[existingIndex]; |
| 52 + ss->cipherSuites[existingIndex] = temp; |
| 53 + } |
| 54 + done++; |
| 55 + } |
| 56 + |
| 57 + /* Disable all cipher suites that weren't included. */ |
| 58 + for (; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| 59 + ss->cipherSuites[i].enabled = 0; |
| 60 + } |
| 61 + |
| 62 + return SECSuccess; |
| 63 +} |
| 64 + |
| 65 /* copy global default policy into socket. */ |
| 66 void |
| 67 ssl3_InitSocketPolicy(sslSocket *ss) |
| 68 diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h |
| 69 index 9c789bf..63a06c9 100644 |
| 70 --- a/nss/lib/ssl/sslimpl.h |
| 71 +++ b/nss/lib/ssl/sslimpl.h |
| 72 @@ -1672,6 +1672,7 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3Cip
herSuite which, PRBool |
| 73 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBoo
l *on); |
| 74 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enable
d); |
| 75 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabl
ed); |
| 76 +extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const PRUint16 *cipher, siz
e_t len); |
| 77 |
| 78 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); |
| 79 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); |
| 80 diff --git a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c |
| 81 index 072fad5..931ba32 100644 |
| 82 --- a/nss/lib/ssl/sslsock.c |
| 83 +++ b/nss/lib/ssl/sslsock.c |
| 84 @@ -1327,6 +1327,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool e
nabled) |
| 85 return rv; |
| 86 } |
| 87 |
| 88 +SECStatus |
| 89 +SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, size_t len) |
| 90 +{ |
| 91 + sslSocket *ss = ssl_FindSocket(fd); |
| 92 + |
| 93 + if (!ss) { |
| 94 + SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(), |
| 95 + fd)); |
| 96 + return SECFailure; |
| 97 + } |
| 98 + return ssl3_CipherOrderSet(ss, ciphers, len); |
| 99 +} |
| 100 + |
| 101 SECStatus |
| 102 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled) |
| 103 { |
OLD | NEW |