| OLD | NEW |
| 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| 2 /* | 2 /* |
| 3 * SSL3 Protocol | 3 * SSL3 Protocol |
| 4 * | 4 * |
| 5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
| 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 7 * | 7 * |
| 8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
| 9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
| 10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 62 | 62 |
| 63 #include "pk11func.h" | 63 #include "pk11func.h" |
| 64 #include "secmod.h" | 64 #include "secmod.h" |
| 65 #include "blapi.h" | 65 #include "blapi.h" |
| 66 | 66 |
| 67 #include <stdio.h> | 67 #include <stdio.h> |
| 68 #ifdef NSS_ENABLE_ZLIB | 68 #ifdef NSS_ENABLE_ZLIB |
| 69 #include "zlib.h" | 69 #include "zlib.h" |
| 70 #endif | 70 #endif |
| 71 | 71 |
| 72 /* DSA_SIGNATURE_LEN is deprecated and replaced by DSA1_SIGNATURE_LEN |
| 73 * in NSS 3.14. Provide a backup definition when compiling against an |
| 74 * older system NSS library. |
| 75 */ |
| 76 #ifndef DSA1_SIGNATURE_LEN |
| 77 #define DSA1_SIGNATURE_LEN 40 /* Bytes */ |
| 78 #endif |
| 79 |
| 72 #ifndef PK11_SETATTRS | 80 #ifndef PK11_SETATTRS |
| 73 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ | 81 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ |
| 74 (x)->pValue=(v); (x)->ulValueLen = (l); | 82 (x)->pValue=(v); (x)->ulValueLen = (l); |
| 75 #endif | 83 #endif |
| 76 | 84 |
| 77 static void ssl3_CleanupPeerCerts(sslSocket *ss); | 85 static void ssl3_CleanupPeerCerts(sslSocket *ss); |
| 78 static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid); | 86 static void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid); |
| 79 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, | 87 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, |
| 80 PK11SlotInfo * serverKeySlot); | 88 PK11SlotInfo * serverKeySlot); |
| 81 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); | 89 static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); |
| (...skipping 823 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 905 | 913 |
| 906 switch (key->keyType) { | 914 switch (key->keyType) { |
| 907 case rsaKey: | 915 case rsaKey: |
| 908 hashItem.data = hash->md5; | 916 hashItem.data = hash->md5; |
| 909 hashItem.len = sizeof(SSL3Hashes); | 917 hashItem.len = sizeof(SSL3Hashes); |
| 910 break; | 918 break; |
| 911 case dsaKey: | 919 case dsaKey: |
| 912 hashItem.data = hash->sha; | 920 hashItem.data = hash->sha; |
| 913 hashItem.len = sizeof(hash->sha); | 921 hashItem.len = sizeof(hash->sha); |
| 914 /* Allow DER encoded DSA signatures in SSL 3.0 */ | 922 /* Allow DER encoded DSA signatures in SSL 3.0 */ |
| 915 » if (isTLS || buf->len != DSA_SIGNATURE_LEN) { | 923 » if (isTLS || buf->len != DSA1_SIGNATURE_LEN) { |
| 916 signature = DSAU_DecodeDerSig(buf); | 924 signature = DSAU_DecodeDerSig(buf); |
| 917 if (!signature) { | 925 if (!signature) { |
| 918 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); | 926 PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); |
| 919 return SECFailure; | 927 return SECFailure; |
| 920 } | 928 } |
| 921 buf = signature; | 929 buf = signature; |
| 922 } | 930 } |
| 923 break; | 931 break; |
| 924 | 932 |
| 925 #ifdef NSS_ENABLE_ECC | 933 #ifdef NSS_ENABLE_ECC |
| (...skipping 9932 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10858 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 10866 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
| 10859 } | 10867 } |
| 10860 } | 10868 } |
| 10861 | 10869 |
| 10862 ss->ssl3.initialized = PR_FALSE; | 10870 ss->ssl3.initialized = PR_FALSE; |
| 10863 | 10871 |
| 10864 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 10872 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 10865 } | 10873 } |
| 10866 | 10874 |
| 10867 /* End of ssl3con.c */ | 10875 /* End of ssl3con.c */ |
| OLD | NEW |