OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 12347 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12358 pref = suite->enabled; | 12358 pref = suite->enabled; |
12359 rv = SECSuccess; | 12359 rv = SECSuccess; |
12360 } else { | 12360 } else { |
12361 pref = SSL_NOT_ALLOWED; | 12361 pref = SSL_NOT_ALLOWED; |
12362 rv = SECFailure; /* err code was set by Lookup. */ | 12362 rv = SECFailure; /* err code was set by Lookup. */ |
12363 } | 12363 } |
12364 *enabled = pref; | 12364 *enabled = pref; |
12365 return rv; | 12365 return rv; |
12366 } | 12366 } |
12367 | 12367 |
12368 SECStatus | |
12369 ssl3_CipherOrderSet(sslSocket *ss, const PRUint16 *ciphers, size_t len) | |
12370 { | |
12371 size_t i, done; | |
wtc
2013/11/19 23:00:44
Nit: use unsigned int.
agl
2013/11/20 18:21:07
Done.
| |
12372 | |
12373 for (i = done = 0; i < len; i++) { | |
wtc
2013/11/19 23:00:44
It seems that |done| is always equal to |i|, so we
agl
2013/11/20 18:21:07
Done.
| |
12374 PRUint16 id = ciphers[i]; | |
12375 size_t existingIndex, j; | |
12376 char found = 0; | |
wtc
2013/11/19 23:00:44
Nit: Use PRBool and PR_FALSE, PR_TRUE instead of c
agl
2013/11/20 18:21:07
Done.
| |
12377 | |
12378 for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) { | |
wtc
2013/11/19 23:00:44
This valid cipher suite check is quadratic. We sho
agl
2013/11/20 18:21:07
It might be possible to use a model socket because
wtc
2013/11/22 01:14:16
I think you're right, although if the |ciphers| in
| |
12379 if (ss->cipherSuites[j].cipher_suite == id) { | |
12380 existingIndex = j; | |
12381 found = 1; | |
12382 break; | |
12383 } | |
12384 } | |
12385 | |
12386 if (!found) { | |
12387 PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); | |
12388 return SECFailure; | |
12389 } | |
12390 | |
12391 if (existingIndex != done) { | |
12392 const ssl3CipherSuiteCfg temp = ss->cipherSuites[done]; | |
12393 ss->cipherSuites[done] = ss->cipherSuites[existingIndex]; | |
12394 ss->cipherSuites[existingIndex] = temp; | |
12395 } | |
12396 done++; | |
12397 } | |
12398 | |
12399 /* Disable all cipher suites that weren't included. */ | |
12400 for (; i < ssl_V3_SUITES_IMPLEMENTED; i++) { | |
12401 ss->cipherSuites[i].enabled = 0; | |
12402 } | |
12403 | |
12404 return SECSuccess; | |
12405 } | |
12406 | |
12368 /* copy global default policy into socket. */ | 12407 /* copy global default policy into socket. */ |
12369 void | 12408 void |
12370 ssl3_InitSocketPolicy(sslSocket *ss) | 12409 ssl3_InitSocketPolicy(sslSocket *ss) |
12371 { | 12410 { |
12372 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); | 12411 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); |
12373 } | 12412 } |
12374 | 12413 |
12375 SECStatus | 12414 SECStatus |
12376 ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, | 12415 ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, |
12377 unsigned char *out, | 12416 unsigned char *out, |
(...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12590 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12629 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
12591 } | 12630 } |
12592 } | 12631 } |
12593 | 12632 |
12594 ss->ssl3.initialized = PR_FALSE; | 12633 ss->ssl3.initialized = PR_FALSE; |
12595 | 12634 |
12596 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12635 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
12597 } | 12636 } |
12598 | 12637 |
12599 /* End of ssl3con.c */ | 12638 /* End of ssl3con.c */ |
OLD | NEW |