| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * vtables (and methods that call through them) for the 4 types of | 2 * vtables (and methods that call through them) for the 4 types of |
| 3 * SSLSockets supported. Only one type is still supported. | 3 * SSLSockets supported. Only one type is still supported. |
| 4 * Various other functions. | 4 * Various other functions. |
| 5 * | 5 * |
| 6 * ***** BEGIN LICENSE BLOCK ***** | 6 * ***** BEGIN LICENSE BLOCK ***** |
| 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 8 * | 8 * |
| 9 * The contents of this file are subject to the Mozilla Public License Version | 9 * The contents of this file are subject to the Mozilla Public License Version |
| 10 * 1.1 (the "License"); you may not use this file except in compliance with | 10 * 1.1 (the "License"); you may not use this file except in compliance with |
| (...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 187 PR_FALSE, /* enableFalseStart */ | 187 PR_FALSE, /* enableFalseStart */ |
| 188 PR_TRUE, /* cbcRandomIV */ | 188 PR_TRUE, /* cbcRandomIV */ |
| 189 PR_FALSE, /* enableOCSPStapling */ | 189 PR_FALSE, /* enableOCSPStapling */ |
| 190 PR_FALSE, /* enableOBCerts */ | 190 PR_FALSE, /* enableOBCerts */ |
| 191 PR_FALSE, /* encryptClientCerts */ | 191 PR_FALSE, /* encryptClientCerts */ |
| 192 }; | 192 }; |
| 193 | 193 |
| 194 /* | 194 /* |
| 195 * default range of enabled SSL/TLS protocols | 195 * default range of enabled SSL/TLS protocols |
| 196 */ | 196 */ |
| 197 static SSLVersionRange versions_defaults = { | 197 static SSLVersionRange versions_defaults_stream = { |
| 198 SSL_LIBRARY_VERSION_3_0, | 198 SSL_LIBRARY_VERSION_3_0, |
| 199 SSL_LIBRARY_VERSION_TLS_1_0 | 199 SSL_LIBRARY_VERSION_TLS_1_0 |
| 200 }; | 200 }; |
| 201 | 201 |
| 202 static SSLVersionRange versions_defaults_datagram = { |
| 203 SSL_LIBRARY_VERSION_TLS_1_1, |
| 204 SSL_LIBRARY_VERSION_TLS_1_1 |
| 205 }; |
| 206 |
| 207 #define VERSIONS_DEFAULTS(variant) \ |
| 208 (variant == ssl_variant_stream ? &versions_defaults_stream : \ |
| 209 &versions_defaults_datagram) |
| 210 |
| 202 sslSessionIDLookupFunc ssl_sid_lookup; | 211 sslSessionIDLookupFunc ssl_sid_lookup; |
| 203 sslSessionIDCacheFunc ssl_sid_cache; | 212 sslSessionIDCacheFunc ssl_sid_cache; |
| 204 sslSessionIDUncacheFunc ssl_sid_uncache; | 213 sslSessionIDUncacheFunc ssl_sid_uncache; |
| 205 | 214 |
| 206 static PRBool ssl_inited = PR_FALSE; | 215 static PRBool ssl_inited = PR_FALSE; |
| 207 static PRDescIdentity ssl_layer_id; | 216 static PRDescIdentity ssl_layer_id; |
| 208 | 217 |
| 209 PRBool locksEverDisabled; /* implicitly PR_FALSE */ | 218 PRBool locksEverDisabled; /* implicitly PR_FALSE */ |
| 210 PRBool ssl_force_locks; /* implicitly PR_FALSE */ | 219 PRBool ssl_force_locks; /* implicitly PR_FALSE */ |
| 211 int ssl_lock_readers = 1; /* default true. */ | 220 int ssl_lock_readers = 1; /* default true. */ |
| 212 char ssl_debug; | 221 char ssl_debug; |
| 213 char ssl_trace; | 222 char ssl_trace; |
| 214 FILE * ssl_trace_iob; | 223 FILE * ssl_trace_iob; |
| 215 FILE * ssl_keylog_iob; | 224 FILE * ssl_keylog_iob; |
| 216 char lockStatus[] = "Locks are ENABLED. "; | 225 char lockStatus[] = "Locks are ENABLED. "; |
| 217 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */ | 226 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */ |
| 218 | 227 |
| 219 /* forward declarations. */ | 228 /* forward declarations. */ |
| 220 static sslSocket *ssl_NewSocket(PRBool makeLocks); | 229 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant); |
| 221 static SECStatus ssl_MakeLocks(sslSocket *ss); | 230 static SECStatus ssl_MakeLocks(sslSocket *ss); |
| 222 static void ssl_SetDefaultsFromEnvironment(void); | 231 static void ssl_SetDefaultsFromEnvironment(void); |
| 223 static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, | 232 static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, |
| 224 PRDescIdentity id); | 233 PRDescIdentity id); |
| 225 | 234 |
| 226 /************************************************************************/ | 235 /************************************************************************/ |
| 227 | 236 |
| 228 /* | 237 /* |
| 229 ** Lookup a socket structure from a file descriptor. | 238 ** Lookup a socket structure from a file descriptor. |
| 230 ** Only functions called through the PRIOMethods table should use this. | 239 ** Only functions called through the PRIOMethods table should use this. |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 274 ss->fd = layer; | 283 ss->fd = layer; |
| 275 return ss; | 284 return ss; |
| 276 } | 285 } |
| 277 | 286 |
| 278 sslSocket * | 287 sslSocket * |
| 279 ssl_DupSocket(sslSocket *os) | 288 ssl_DupSocket(sslSocket *os) |
| 280 { | 289 { |
| 281 sslSocket *ss; | 290 sslSocket *ss; |
| 282 SECStatus rv; | 291 SECStatus rv; |
| 283 | 292 |
| 284 ss = ssl_NewSocket((PRBool)(!os->opt.noLocks)); | 293 /* Not implemented for datagram */ |
| 294 if (IS_DTLS(os)) { |
| 295 » PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); |
| 296 » return NULL; |
| 297 } |
| 298 |
| 299 ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant); |
| 285 if (ss) { | 300 if (ss) { |
| 286 ss->opt = os->opt; | 301 ss->opt = os->opt; |
| 287 ss->opt.useSocks = PR_FALSE; | 302 ss->opt.useSocks = PR_FALSE; |
| 288 ss->vrange = os->vrange; | 303 ss->vrange = os->vrange; |
| 289 | 304 |
| 290 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); | 305 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); |
| 291 ss->url = !os->url ? NULL : PORT_Strdup(os->url); | 306 ss->url = !os->url ? NULL : PORT_Strdup(os->url); |
| 292 | 307 |
| 293 ss->ops = os->ops; | 308 ss->ops = os->ops; |
| 294 ss->rTimeout = os->rTimeout; | 309 ss->rTimeout = os->rTimeout; |
| (...skipping 396 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 691 case SSL_HANDSHAKE_AS_SERVER: | 706 case SSL_HANDSHAKE_AS_SERVER: |
| 692 if ( ss->opt.handshakeAsClient && on ) { | 707 if ( ss->opt.handshakeAsClient && on ) { |
| 693 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 708 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 694 rv = SECFailure; | 709 rv = SECFailure; |
| 695 break; | 710 break; |
| 696 } | 711 } |
| 697 ss->opt.handshakeAsServer = on; | 712 ss->opt.handshakeAsServer = on; |
| 698 break; | 713 break; |
| 699 | 714 |
| 700 case SSL_ENABLE_TLS: | 715 case SSL_ENABLE_TLS: |
| 716 if (IS_DTLS(ss)) { |
| 717 if (on) { |
| 718 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 719 rv = SECFailure; /* not allowed */ |
| 720 } |
| 721 break; |
| 722 } |
| 701 ssl_EnableTLS(&ss->vrange, on); | 723 ssl_EnableTLS(&ss->vrange, on); |
| 702 ss->preferredCipher = NULL; | 724 ss->preferredCipher = NULL; |
| 703 if (ss->cipherSpecs) { | 725 if (ss->cipherSpecs) { |
| 704 PORT_Free(ss->cipherSpecs); | 726 PORT_Free(ss->cipherSpecs); |
| 705 ss->cipherSpecs = NULL; | 727 ss->cipherSpecs = NULL; |
| 706 ss->sizeCipherSpecs = 0; | 728 ss->sizeCipherSpecs = 0; |
| 707 } | 729 } |
| 708 break; | 730 break; |
| 709 | 731 |
| 710 case SSL_ENABLE_SSL3: | 732 case SSL_ENABLE_SSL3: |
| 733 if (IS_DTLS(ss)) { |
| 734 if (on) { |
| 735 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 736 rv = SECFailure; /* not allowed */ |
| 737 } |
| 738 break; |
| 739 } |
| 711 ssl_EnableSSL3(&ss->vrange, on); | 740 ssl_EnableSSL3(&ss->vrange, on); |
| 712 ss->preferredCipher = NULL; | 741 ss->preferredCipher = NULL; |
| 713 if (ss->cipherSpecs) { | 742 if (ss->cipherSpecs) { |
| 714 PORT_Free(ss->cipherSpecs); | 743 PORT_Free(ss->cipherSpecs); |
| 715 ss->cipherSpecs = NULL; | 744 ss->cipherSpecs = NULL; |
| 716 ss->sizeCipherSpecs = 0; | 745 ss->sizeCipherSpecs = 0; |
| 717 } | 746 } |
| 718 break; | 747 break; |
| 719 | 748 |
| 720 case SSL_ENABLE_SSL2: | 749 case SSL_ENABLE_SSL2: |
| 750 if (IS_DTLS(ss)) { |
| 751 if (on) { |
| 752 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 753 rv = SECFailure; /* not allowed */ |
| 754 } |
| 755 break; |
| 756 } |
| 721 ss->opt.enableSSL2 = on; | 757 ss->opt.enableSSL2 = on; |
| 722 if (on) { | 758 if (on) { |
| 723 ss->opt.v2CompatibleHello = on; | 759 ss->opt.v2CompatibleHello = on; |
| 724 } | 760 } |
| 725 ss->preferredCipher = NULL; | 761 ss->preferredCipher = NULL; |
| 726 if (ss->cipherSpecs) { | 762 if (ss->cipherSpecs) { |
| 727 PORT_Free(ss->cipherSpecs); | 763 PORT_Free(ss->cipherSpecs); |
| 728 ss->cipherSpecs = NULL; | 764 ss->cipherSpecs = NULL; |
| 729 ss->sizeCipherSpecs = 0; | 765 ss->sizeCipherSpecs = 0; |
| 730 } | 766 } |
| 731 break; | 767 break; |
| 732 | 768 |
| 733 case SSL_NO_CACHE: | 769 case SSL_NO_CACHE: |
| 734 ss->opt.noCache = on; | 770 ss->opt.noCache = on; |
| 735 break; | 771 break; |
| 736 | 772 |
| 737 case SSL_ENABLE_FDX: | 773 case SSL_ENABLE_FDX: |
| 738 if (on && ss->opt.noLocks) { | 774 if (on && ss->opt.noLocks) { |
| 739 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 775 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 740 rv = SECFailure; | 776 rv = SECFailure; |
| 741 } | 777 } |
| 742 ss->opt.fdx = on; | 778 ss->opt.fdx = on; |
| 743 break; | 779 break; |
| 744 | 780 |
| 745 case SSL_V2_COMPATIBLE_HELLO: | 781 case SSL_V2_COMPATIBLE_HELLO: |
| 782 if (IS_DTLS(ss)) { |
| 783 if (on) { |
| 784 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 785 rv = SECFailure; /* not allowed */ |
| 786 } |
| 787 break; |
| 788 } |
| 746 ss->opt.v2CompatibleHello = on; | 789 ss->opt.v2CompatibleHello = on; |
| 747 if (!on) { | 790 if (!on) { |
| 748 ss->opt.enableSSL2 = on; | 791 ss->opt.enableSSL2 = on; |
| 749 } | 792 } |
| 750 break; | 793 break; |
| 751 | 794 |
| 752 case SSL_ROLLBACK_DETECTION: | 795 case SSL_ROLLBACK_DETECTION: |
| 753 ss->opt.detectRollBack = on; | 796 ss->opt.detectRollBack = on; |
| 754 break; | 797 break; |
| 755 | 798 |
| (...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 931 ssl_SetDefaultsFromEnvironment(); | 974 ssl_SetDefaultsFromEnvironment(); |
| 932 | 975 |
| 933 switch (which) { | 976 switch (which) { |
| 934 case SSL_SOCKS: on = PR_FALSE; break; | 977 case SSL_SOCKS: on = PR_FALSE; break; |
| 935 case SSL_SECURITY: on = ssl_defaults.useSecurity; break; | 978 case SSL_SECURITY: on = ssl_defaults.useSecurity; break; |
| 936 case SSL_REQUEST_CERTIFICATE: on = ssl_defaults.requestCertificate; break; | 979 case SSL_REQUEST_CERTIFICATE: on = ssl_defaults.requestCertificate; break; |
| 937 case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break; | 980 case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break; |
| 938 case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break; | 981 case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break; |
| 939 case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break; | 982 case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break; |
| 940 case SSL_ENABLE_TLS: | 983 case SSL_ENABLE_TLS: |
| 941 » on = versions_defaults.max >= SSL_LIBRARY_VERSION_TLS_1_0; | 984 » on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0; |
| 942 break; | 985 break; |
| 943 case SSL_ENABLE_SSL3: | 986 case SSL_ENABLE_SSL3: |
| 944 » on = versions_defaults.min == SSL_LIBRARY_VERSION_3_0; | 987 » on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0; |
| 945 break; | 988 break; |
| 946 case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break; | 989 case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break; |
| 947 case SSL_NO_CACHE: on = ssl_defaults.noCache; break; | 990 case SSL_NO_CACHE: on = ssl_defaults.noCache; break; |
| 948 case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break; | 991 case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break; |
| 949 case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break; | 992 case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break; |
| 950 case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break; | 993 case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break; |
| 951 case SSL_NO_STEP_DOWN: on = ssl_defaults.noStepDown; break; | 994 case SSL_NO_STEP_DOWN: on = ssl_defaults.noStepDown; break; |
| 952 case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break; | 995 case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break; |
| 953 case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break; | 996 case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break; |
| 954 case SSL_ENABLE_SESSION_TICKETS: | 997 case SSL_ENABLE_SESSION_TICKETS: |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1027 | 1070 |
| 1028 case SSL_HANDSHAKE_AS_SERVER: | 1071 case SSL_HANDSHAKE_AS_SERVER: |
| 1029 if ( ssl_defaults.handshakeAsClient && on ) { | 1072 if ( ssl_defaults.handshakeAsClient && on ) { |
| 1030 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1073 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1031 return SECFailure; | 1074 return SECFailure; |
| 1032 } | 1075 } |
| 1033 ssl_defaults.handshakeAsServer = on; | 1076 ssl_defaults.handshakeAsServer = on; |
| 1034 break; | 1077 break; |
| 1035 | 1078 |
| 1036 case SSL_ENABLE_TLS: | 1079 case SSL_ENABLE_TLS: |
| 1037 » ssl_EnableTLS(&versions_defaults, on); | 1080 » ssl_EnableTLS(&versions_defaults_stream, on); |
| 1038 break; | 1081 break; |
| 1039 | 1082 |
| 1040 case SSL_ENABLE_SSL3: | 1083 case SSL_ENABLE_SSL3: |
| 1041 » ssl_EnableSSL3(&versions_defaults, on); | 1084 » ssl_EnableSSL3(&versions_defaults_stream, on); |
| 1042 break; | 1085 break; |
| 1043 | 1086 |
| 1044 case SSL_ENABLE_SSL2: | 1087 case SSL_ENABLE_SSL2: |
| 1045 ssl_defaults.enableSSL2 = on; | 1088 ssl_defaults.enableSSL2 = on; |
| 1046 if (on) { | 1089 if (on) { |
| 1047 ssl_defaults.v2CompatibleHello = on; | 1090 ssl_defaults.v2CompatibleHello = on; |
| 1048 } | 1091 } |
| 1049 break; | 1092 break; |
| 1050 | 1093 |
| 1051 case SSL_NO_CACHE: | 1094 case SSL_NO_CACHE: |
| (...skipping 301 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1353 | 1396 |
| 1354 SECStatus | 1397 SECStatus |
| 1355 NSS_SetFrancePolicy(void) | 1398 NSS_SetFrancePolicy(void) |
| 1356 { | 1399 { |
| 1357 return NSS_SetDomesticPolicy(); | 1400 return NSS_SetDomesticPolicy(); |
| 1358 } | 1401 } |
| 1359 | 1402 |
| 1360 | 1403 |
| 1361 | 1404 |
| 1362 /* LOCKS ??? XXX */ | 1405 /* LOCKS ??? XXX */ |
| 1363 PRFileDesc * | 1406 static PRFileDesc * |
| 1364 SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd) | 1407 ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant) |
| 1365 { | 1408 { |
| 1366 sslSocket * ns = NULL; | 1409 sslSocket * ns = NULL; |
| 1367 PRStatus rv; | 1410 PRStatus rv; |
| 1368 PRNetAddr addr; | 1411 PRNetAddr addr; |
| 1369 SECStatus status = ssl_Init(); | 1412 SECStatus status = ssl_Init(); |
| 1370 | 1413 |
| 1371 if (status != SECSuccess) { | 1414 if (status != SECSuccess) { |
| 1372 return NULL; | 1415 return NULL; |
| 1373 } | 1416 } |
| 1374 | 1417 |
| 1375 if (model == NULL) { | 1418 if (model == NULL) { |
| 1376 /* Just create a default socket if we're given NULL for the model */ | 1419 /* Just create a default socket if we're given NULL for the model */ |
| 1377 » ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks)); | 1420 » ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant); |
| 1378 } else { | 1421 } else { |
| 1379 sslSocket * ss = ssl_FindSocket(model); | 1422 sslSocket * ss = ssl_FindSocket(model); |
| 1380 » if (ss == NULL) { | 1423 » if (ss == NULL || ss->protocolVariant != variant) { |
| 1381 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", | 1424 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", |
| 1382 SSL_GETPID(), model)); | 1425 SSL_GETPID(), model)); |
| 1383 return NULL; | 1426 return NULL; |
| 1384 } | 1427 } |
| 1385 ns = ssl_DupSocket(ss); | 1428 ns = ssl_DupSocket(ss); |
| 1386 } | 1429 } |
| 1387 if (ns == NULL) | 1430 if (ns == NULL) |
| 1388 return NULL; | 1431 return NULL; |
| 1389 | 1432 |
| 1390 rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER); | 1433 rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER); |
| 1391 if (rv != PR_SUCCESS) { | 1434 if (rv != PR_SUCCESS) { |
| 1392 ssl_FreeSocket(ns); | 1435 ssl_FreeSocket(ns); |
| 1393 SET_ERROR_CODE | 1436 SET_ERROR_CODE |
| 1394 return NULL; | 1437 return NULL; |
| 1395 } | 1438 } |
| 1396 #ifdef _WIN32 | 1439 #ifdef _WIN32 |
| 1397 PR_Sleep(PR_INTERVAL_NO_WAIT); /* workaround NT winsock connect bug. */ | 1440 PR_Sleep(PR_INTERVAL_NO_WAIT); /* workaround NT winsock connect bug. */ |
| 1398 #endif | 1441 #endif |
| 1399 ns = ssl_FindSocket(fd); | 1442 ns = ssl_FindSocket(fd); |
| 1400 PORT_Assert(ns); | 1443 PORT_Assert(ns); |
| 1401 if (ns) | 1444 if (ns) |
| 1402 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr)); | 1445 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr)); |
| 1403 return fd; | 1446 return fd; |
| 1404 } | 1447 } |
| 1405 | 1448 |
| 1449 PRFileDesc * |
| 1450 SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd) |
| 1451 { |
| 1452 return ssl_ImportFD(model, fd, ssl_variant_stream); |
| 1453 } |
| 1454 |
| 1455 PRFileDesc * |
| 1456 DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd) |
| 1457 { |
| 1458 return ssl_ImportFD(model, fd, ssl_variant_datagram); |
| 1459 } |
| 1460 |
| 1406 SECStatus | 1461 SECStatus |
| 1407 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback, | 1462 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback, |
| 1408 void *arg) | 1463 void *arg) |
| 1409 { | 1464 { |
| 1410 sslSocket *ss = ssl_FindSocket(fd); | 1465 sslSocket *ss = ssl_FindSocket(fd); |
| 1411 | 1466 |
| 1412 if (!ss) { | 1467 if (!ss) { |
| 1413 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETP
ID(), | 1468 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETP
ID(), |
| 1414 fd)); | 1469 fd)); |
| 1415 return SECFailure; | 1470 return SECFailure; |
| (...skipping 244 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1660 return fd; | 1715 return fd; |
| 1661 loser: | 1716 loser: |
| 1662 return NULL; | 1717 return NULL; |
| 1663 #endif | 1718 #endif |
| 1664 } | 1719 } |
| 1665 | 1720 |
| 1666 PRBool | 1721 PRBool |
| 1667 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, | 1722 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, |
| 1668 SSL3ProtocolVersion version) | 1723 SSL3ProtocolVersion version) |
| 1669 { | 1724 { |
| 1670 return protocolVariant == ssl_variant_stream && | 1725 switch (protocolVariant) { |
| 1671 » version >= SSL_LIBRARY_VERSION_3_0 && | 1726 case ssl_variant_stream: |
| 1672 » version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED; | 1727 » return (version >= SSL_LIBRARY_VERSION_3_0 && |
| 1728 » » version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); |
| 1729 case ssl_variant_datagram: |
| 1730 » return (version >= SSL_LIBRARY_VERSION_TLS_1_1 && |
| 1731 » » version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); |
| 1732 default: |
| 1733 » /* Can't get here */ |
| 1734 » PORT_Assert(PR_FALSE); |
| 1735 » return PR_FALSE; |
| 1736 } |
| 1673 } | 1737 } |
| 1674 | 1738 |
| 1675 /* Returns PR_TRUE if the given version range is valid and | 1739 /* Returns PR_TRUE if the given version range is valid and |
| 1676 ** fully supported; otherwise, returns PR_FALSE. | 1740 ** fully supported; otherwise, returns PR_FALSE. |
| 1677 */ | 1741 */ |
| 1678 static PRBool | 1742 static PRBool |
| 1679 ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant, | 1743 ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant, |
| 1680 const SSLVersionRange *vrange) | 1744 const SSLVersionRange *vrange) |
| 1681 { | 1745 { |
| 1682 return vrange && | 1746 return vrange && |
| 1683 vrange->min <= vrange->max && | 1747 vrange->min <= vrange->max && |
| 1684 ssl3_VersionIsSupported(protocolVariant, vrange->min) && | 1748 ssl3_VersionIsSupported(protocolVariant, vrange->min) && |
| 1685 ssl3_VersionIsSupported(protocolVariant, vrange->max); | 1749 ssl3_VersionIsSupported(protocolVariant, vrange->max); |
| 1686 } | 1750 } |
| 1687 | 1751 |
| 1688 SECStatus | 1752 SECStatus |
| 1689 SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant, | 1753 SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant, |
| 1690 SSLVersionRange *vrange) | 1754 SSLVersionRange *vrange) |
| 1691 { | 1755 { |
| 1692 if (protocolVariant != ssl_variant_stream || !vrange) { | 1756 if (!vrange) { |
| 1693 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1757 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1694 return SECFailure; | 1758 return SECFailure; |
| 1695 } | 1759 } |
| 1696 | 1760 |
| 1697 vrange->min = SSL_LIBRARY_VERSION_3_0; | 1761 switch (protocolVariant) { |
| 1698 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; | 1762 case ssl_variant_stream: |
| 1763 » vrange->min = SSL_LIBRARY_VERSION_3_0; |
| 1764 » vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; |
| 1765 » break; |
| 1766 case ssl_variant_datagram: |
| 1767 » vrange->min = SSL_LIBRARY_VERSION_TLS_1_1; |
| 1768 » vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; |
| 1769 » break; |
| 1770 default: |
| 1771 » PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1772 » return SECFailure; |
| 1773 } |
| 1699 | 1774 |
| 1700 return SECSuccess; | 1775 return SECSuccess; |
| 1701 } | 1776 } |
| 1702 | 1777 |
| 1703 SECStatus | 1778 SECStatus |
| 1704 SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant, | 1779 SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant, |
| 1705 SSLVersionRange *vrange) | 1780 SSLVersionRange *vrange) |
| 1706 { | 1781 { |
| 1707 if (protocolVariant != ssl_variant_stream || !vrange) { | 1782 if ((protocolVariant != ssl_variant_stream && |
| 1783 » protocolVariant != ssl_variant_datagram) || !vrange) { |
| 1708 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1784 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1709 return SECFailure; | 1785 return SECFailure; |
| 1710 } | 1786 } |
| 1711 | 1787 |
| 1712 *vrange = versions_defaults; | 1788 *vrange = *VERSIONS_DEFAULTS(protocolVariant); |
| 1713 | 1789 |
| 1714 return SECSuccess; | 1790 return SECSuccess; |
| 1715 } | 1791 } |
| 1716 | 1792 |
| 1717 SECStatus | 1793 SECStatus |
| 1718 SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant, | 1794 SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant, |
| 1719 const SSLVersionRange *vrange) | 1795 const SSLVersionRange *vrange) |
| 1720 { | 1796 { |
| 1721 if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) { | 1797 if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) { |
| 1722 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); | 1798 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); |
| 1723 return SECFailure; | 1799 return SECFailure; |
| 1724 } | 1800 } |
| 1725 | 1801 |
| 1726 versions_defaults = *vrange; | 1802 *VERSIONS_DEFAULTS(protocolVariant) = *vrange; |
| 1727 | 1803 |
| 1728 return SECSuccess; | 1804 return SECSuccess; |
| 1729 } | 1805 } |
| 1730 | 1806 |
| 1731 SECStatus | 1807 SECStatus |
| 1732 SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange) | 1808 SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange) |
| 1733 { | 1809 { |
| 1734 sslSocket *ss = ssl_FindSocket(fd); | 1810 sslSocket *ss = ssl_FindSocket(fd); |
| 1735 | 1811 |
| 1736 if (!ss) { | 1812 if (!ss) { |
| (...skipping 1086 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2823 SSL_TRACE(("SSL: cbcRandomIV set to 0")); | 2899 SSL_TRACE(("SSL: cbcRandomIV set to 0")); |
| 2824 } | 2900 } |
| 2825 } | 2901 } |
| 2826 #endif /* NSS_HAVE_GETENV */ | 2902 #endif /* NSS_HAVE_GETENV */ |
| 2827 } | 2903 } |
| 2828 | 2904 |
| 2829 /* | 2905 /* |
| 2830 ** Create a newsocket structure for a file descriptor. | 2906 ** Create a newsocket structure for a file descriptor. |
| 2831 */ | 2907 */ |
| 2832 static sslSocket * | 2908 static sslSocket * |
| 2833 ssl_NewSocket(PRBool makeLocks) | 2909 ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant) |
| 2834 { | 2910 { |
| 2835 sslSocket *ss; | 2911 sslSocket *ss; |
| 2836 | 2912 |
| 2837 ssl_SetDefaultsFromEnvironment(); | 2913 ssl_SetDefaultsFromEnvironment(); |
| 2838 | 2914 |
| 2839 if (ssl_force_locks) | 2915 if (ssl_force_locks) |
| 2840 makeLocks = PR_TRUE; | 2916 makeLocks = PR_TRUE; |
| 2841 | 2917 |
| 2842 /* Make a new socket and get it ready */ | 2918 /* Make a new socket and get it ready */ |
| 2843 ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket)); | 2919 ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket)); |
| 2844 if (ss) { | 2920 if (ss) { |
| 2845 /* This should be of type SSLKEAType, but CC on IRIX | 2921 /* This should be of type SSLKEAType, but CC on IRIX |
| 2846 * complains during the for loop. | 2922 * complains during the for loop. |
| 2847 */ | 2923 */ |
| 2848 int i; | 2924 int i; |
| 2849 SECStatus status; | 2925 SECStatus status; |
| 2850 | 2926 |
| 2851 ss->opt = ssl_defaults; | 2927 ss->opt = ssl_defaults; |
| 2852 ss->opt.useSocks = PR_FALSE; | 2928 ss->opt.useSocks = PR_FALSE; |
| 2853 ss->opt.noLocks = !makeLocks; | 2929 ss->opt.noLocks = !makeLocks; |
| 2854 » ss->vrange = versions_defaults; | 2930 » ss->vrange = *VERSIONS_DEFAULTS(protocolVariant); |
| 2855 | 2931 |
| 2856 ss->peerID = NULL; | 2932 ss->peerID = NULL; |
| 2857 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; | 2933 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; |
| 2858 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; | 2934 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; |
| 2859 ss->cTimeout = PR_INTERVAL_NO_TIMEOUT; | 2935 ss->cTimeout = PR_INTERVAL_NO_TIMEOUT; |
| 2860 ss->cipherSpecs = NULL; | 2936 ss->cipherSpecs = NULL; |
| 2861 ss->sizeCipherSpecs = 0; /* produced lazily */ | 2937 ss->sizeCipherSpecs = 0; /* produced lazily */ |
| 2862 ss->preferredCipher = NULL; | 2938 ss->preferredCipher = NULL; |
| 2863 ss->url = NULL; | 2939 ss->url = NULL; |
| 2864 | 2940 |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2900 if (status != SECSuccess) | 2976 if (status != SECSuccess) |
| 2901 goto loser; | 2977 goto loser; |
| 2902 status = ssl_InitGather(&ss->gs); | 2978 status = ssl_InitGather(&ss->gs); |
| 2903 if (status != SECSuccess) { | 2979 if (status != SECSuccess) { |
| 2904 loser: | 2980 loser: |
| 2905 ssl_DestroySocketContents(ss); | 2981 ssl_DestroySocketContents(ss); |
| 2906 ssl_DestroyLocks(ss); | 2982 ssl_DestroyLocks(ss); |
| 2907 PORT_Free(ss); | 2983 PORT_Free(ss); |
| 2908 ss = NULL; | 2984 ss = NULL; |
| 2909 } | 2985 } |
| 2986 ss->protocolVariant = protocolVariant; |
| 2910 } | 2987 } |
| 2911 return ss; | 2988 return ss; |
| 2912 } | 2989 } |
| 2913 | 2990 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9764001:
Add DTLS support to NSS, contributed by Eric Rescorla. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/