Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(596)

Side by Side Diff: net/third_party/nss/ssl/ssl3ext.c

Issue 10424013: Support TLS Channel IDs in NSS (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: resync from trunk Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
73 PK11SymKey **aes_key, PK11SymKey **mac_key); 73 PK11SymKey **aes_key, PK11SymKey **mac_key);
74 static SECStatus ssl3_GetSessionTicketKeys(const unsigned char **aes_key, 74 static SECStatus ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
75 PRUint32 *aes_key_length, const unsigned char **mac_key, 75 PRUint32 *aes_key_length, const unsigned char **mac_key,
76 PRUint32 *mac_key_length); 76 PRUint32 *mac_key_length);
77 static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss, 77 static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss,
78 PRBool append, PRUint32 maxBytes); 78 PRBool append, PRUint32 maxBytes);
79 static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, 79 static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss,
80 PRUint16 ex_type, SECItem *data); 80 PRUint16 ex_type, SECItem *data);
81 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, 81 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
82 PRUint16 ex_type, SECItem *data); 82 PRUint16 ex_type, SECItem *data);
83 static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss,
84 PRUint16 ex_type, SECItem *data);
83 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, 85 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
84 PRUint16 ex_type, SECItem *data); 86 PRUint16 ex_type, SECItem *data);
85 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, 87 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
86 PRUint32 maxBytes); 88 PRUint32 maxBytes);
89 static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
90 PRUint32 maxBytes);
87 91
88 /* 92 /*
89 * Write bytes. Using this function means the SECItem structure 93 * Write bytes. Using this function means the SECItem structure
90 * cannot be freed. The caller is expected to call this function 94 * cannot be freed. The caller is expected to call this function
91 * on a shallow copy of the structure. 95 * on a shallow copy of the structure.
92 */ 96 */
93 static SECStatus 97 static SECStatus
94 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes) 98 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes)
95 { 99 {
96 if (bytes > item->len) 100 if (bytes > item->len)
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after
246 }; 250 };
247 251
248 /* These two tables are used by the client, to handle server hello 252 /* These two tables are used by the client, to handle server hello
249 * extensions. */ 253 * extensions. */
250 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { 254 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
251 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, 255 { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
252 /* TODO: add a handler for ssl_ec_point_formats_xtn */ 256 /* TODO: add a handler for ssl_ec_point_formats_xtn */
253 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, 257 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
254 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, 258 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
255 { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, 259 { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
260 { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
256 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, 261 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
257 { -1, NULL } 262 { -1, NULL }
258 }; 263 };
259 264
260 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { 265 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
261 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, 266 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
262 { -1, NULL } 267 { -1, NULL }
263 }; 268 };
264 269
265 /* Tables of functions to format TLS hello extensions, one function per 270 /* Tables of functions to format TLS hello extensions, one function per
266 * extension. 271 * extension.
267 * These static tables are for the formatting of client hello extensions. 272 * These static tables are for the formatting of client hello extensions.
268 * The server's table of hello senders is dynamic, in the socket struct, 273 * The server's table of hello senders is dynamic, in the socket struct,
269 * and sender functions are registered there. 274 * and sender functions are registered there.
270 */ 275 */
271 static const 276 static const
272 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { 277 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
273 { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, 278 { ssl_server_name_xtn, &ssl3_SendServerNameXtn },
274 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, 279 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
275 #ifdef NSS_ENABLE_ECC 280 #ifdef NSS_ENABLE_ECC
276 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, 281 { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
277 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, 282 { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
278 #endif 283 #endif
279 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, 284 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
280 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, 285 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
286 { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
281 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } 287 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }
282 /* any extra entries will appear as { 0, NULL } */ 288 /* any extra entries will appear as { 0, NULL } */
283 }; 289 };
284 290
285 static const 291 static const
286 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { 292 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
287 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } 293 { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
288 /* any extra entries will appear as { 0, NULL } */ 294 /* any extra entries will appear as { 0, NULL } */
289 }; 295 };
290 296
(...skipping 370 matching lines...) Expand 10 before | Expand all | Expand 10 after
661 } else if (maxBytes < extension_length) { 667 } else if (maxBytes < extension_length) {
662 return 0; 668 return 0;
663 } 669 }
664 670
665 return extension_length; 671 return extension_length;
666 672
667 loser: 673 loser:
668 return -1; 674 return -1;
669 } 675 }
670 676
677 static SECStatus
678 ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type,
679 SECItem *data)
680 {
681 PORT_Assert(ss->ssl3.channelIDCallback != NULL);
682
683 if (data->len) {
684 PORT_SetError(SSL_ERROR_BAD_CHANNEL_ID_DATA);
685 return SECFailure;
686 }
687 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
688 return SECSuccess;
689 }
690
691 static PRInt32
692 ssl3_ClientSendChannelIDXtn(sslSocket * ss, PRBool append,
693 PRUint32 maxBytes)
694 {
695 PRInt32 extension_length = 4;
696
697 if (!ss->ssl3.channelIDCallback)
698 return 0;
699
700 if (maxBytes < extension_length) {
701 PORT_Assert(0);
702 return 0;
703 }
704
705 if (append) {
706 SECStatus rv;
707 rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2);
708 if (rv != SECSuccess)
709 goto loser;
710 rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
711 if (rv != SECSuccess)
712 goto loser;
713 ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
714 ssl_channel_id_xtn;
715 }
716
717 return extension_length;
718
719 loser:
720 return -1;
721 }
722
671 SECStatus 723 SECStatus
672 ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, 724 ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
673 SECItem *data) 725 SECItem *data)
674 { 726 {
675 /* If we didn't request this extension, then the server may not echo it. */ 727 /* If we didn't request this extension, then the server may not echo it. */
676 if (!ss->opt.enableOCSPStapling) 728 if (!ss->opt.enableOCSPStapling)
677 return SECFailure; 729 return SECFailure;
678 730
679 /* The echoed extension must be empty. */ 731 /* The echoed extension must be empty. */
680 if (data->len != 0) 732 if (data->len != 0)
(...skipping 1042 matching lines...) Expand 10 before | Expand all | Expand 10 after
1723 ss->peerRequestedProtection = 1; 1775 ss->peerRequestedProtection = 1;
1724 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; 1776 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
1725 if (ss->sec.isServer) { 1777 if (ss->sec.isServer) {
1726 /* prepare to send back the appropriate response */ 1778 /* prepare to send back the appropriate response */
1727 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, 1779 rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
1728 ssl3_SendRenegotiationInfoXtn); 1780 ssl3_SendRenegotiationInfoXtn);
1729 } 1781 }
1730 return rv; 1782 return rv;
1731 } 1783 }
1732 1784
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698