| OLD | NEW |
|---|
| 1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c | 1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c |
| 2 --- a/nss/lib/ssl/ssl3con.c 2013-07-31 14:17:20.669282120 -0700 | 2 --- a/nss/lib/ssl/ssl3con.c 2013-07-31 14:17:20.669282120 -0700 |
| 3 +++ b/nss/lib/ssl/ssl3con.c 2013-07-31 14:28:56.549496061 -0700 | 3 +++ b/nss/lib/ssl/ssl3con.c 2013-07-31 14:28:56.549496061 -0700 |
| 4 @@ -9912,8 +9912,10 @@ ssl3_SendNextProto(sslSocket *ss) | 4 @@ -9912,8 +9912,10 @@ ssl3_SendNextProto(sslSocket *ss) |
| 5 int padding_len; | 5 int padding_len; |
| 6 static const unsigned char padding[32] = {0}; | 6 static const unsigned char padding[32] = {0}; |
| 7 | 7 |
| 8 - if (ss->ssl3.nextProto.len == 0) | 8 - if (ss->ssl3.nextProto.len == 0) |
| 9 + if (ss->ssl3.nextProto.len == 0 || | 9 + if (ss->ssl3.nextProto.len == 0 || |
| 10 + ss->ssl3.nextProtoState == SSL_NEXT_PROTO_SELECTED) { | 10 + ss->ssl3.nextProtoState == SSL_NEXT_PROTO_SELECTED) { |
| (...skipping 27 matching lines...) Expand all Loading... |
| 38 /* TODO: add a handler for ssl_ec_point_formats_xtn */ | 38 /* TODO: add a handler for ssl_ec_point_formats_xtn */ |
| 39 - { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, | 39 - { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
| 40 - { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 40 - { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 41 - { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, | 41 - { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
| 42 - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, | 42 - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, |
| 43 - { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, | 43 - { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, |
| 44 - { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, | 44 - { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
| 45 + { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, | 45 + { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
| 46 + { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 46 + { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 47 + { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, | 47 + { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
| 48 + { ssl_application_layer_protocol, &ssl3_ClientHandleAppProtoXtn }, | 48 + { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, |
| 49 + { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, | 49 + { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, |
| 50 + { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, | 50 + { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, |
| 51 + { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, | 51 + { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
| 52 { -1, NULL } | 52 { -1, NULL } |
| 53 }; | 53 }; |
| 54 | 54 |
| 55 @@ -270,17 +275,18 @@ static const ssl3HelloExtensionHandler s | 55 @@ -270,17 +275,18 @@ static const ssl3HelloExtensionHandler s |
| 56 */ | 56 */ |
| 57 static const | 57 static const |
| 58 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { | 58 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { |
| 59 - { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, | 59 - { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, |
| 60 - { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, | 60 - { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, |
| 61 + { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, | 61 + { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, |
| 62 + { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, | 62 + { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, |
| 63 #ifdef NSS_ENABLE_ECC | 63 #ifdef NSS_ENABLE_ECC |
| 64 - { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, | 64 - { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, |
| 65 - { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, | 65 - { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, |
| 66 + { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, | 66 + { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, |
| 67 + { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, | 67 + { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, |
| 68 #endif | 68 #endif |
| 69 - { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, | 69 - { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
| 70 - { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, | 70 - { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
| 71 - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, | 71 - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, |
| 72 - { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, | 72 - { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, |
| 73 - { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, | 73 - { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, |
| 74 + { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, | 74 + { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
| 75 + { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, | 75 + { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
| 76 + { ssl_application_layer_protocol, &ssl3_ClientSendAppProtoXtn }, | 76 + { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn }, |
| 77 + { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, | 77 + { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, |
| 78 + { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, | 78 + { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, |
| 79 + { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, | 79 + { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, |
| 80 { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn } | 80 { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn } |
| 81 /* any extra entries will appear as { 0, NULL } */ | 81 /* any extra entries will appear as { 0, NULL } */ |
| 82 }; | 82 }; |
| 83 @@ -605,6 +611,11 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc | 83 @@ -605,6 +611,11 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc |
| 84 | 84 |
| 85 PORT_Assert(!ss->firstHsDone); | 85 PORT_Assert(!ss->firstHsDone); |
| 86 | 86 |
| 87 + if (ssl3_ExtensionNegotiated(ss, ssl_application_layer_protocol)) { | 87 + if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) { |
| 88 + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | 88 + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
| 89 + return SECFailure; | 89 + return SECFailure; |
| 90 + } | 90 + } |
| 91 + | 91 + |
| 92 rv = ssl3_ValidateNextProtoNego(data->data, data->len); | 92 rv = ssl3_ValidateNextProtoNego(data->data, data->len); |
| 93 if (rv != SECSuccess) | 93 if (rv != SECSuccess) |
| 94 return rv; | 94 return rv; |
| 95 @@ -638,6 +649,44 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc | 95 @@ -638,6 +649,44 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc |
| 96 return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); | 96 return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); |
| 97 } | 97 } |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 157 + if (!ss->opt.nextProtoNego.data || ss->firstHsDone) { | 157 + if (!ss->opt.nextProtoNego.data || ss->firstHsDone) { |
| 158 + return 0; | 158 + return 0; |
| 159 + } | 159 + } |
| 160 + | 160 + |
| 161 + extension_length = 2 /* extension type */ + 2 /* extension length */ + | 161 + extension_length = 2 /* extension type */ + 2 /* extension length */ + |
| 162 + 2 /* protocol name list length */ + | 162 + 2 /* protocol name list length */ + |
| 163 + ss->opt.nextProtoNego.len; | 163 + ss->opt.nextProtoNego.len; |
| 164 + | 164 + |
| 165 + if (append && maxBytes >= extension_length) { | 165 + if (append && maxBytes >= extension_length) { |
| 166 + SECStatus rv; | 166 + SECStatus rv; |
| 167 +» rv = ssl3_AppendHandshakeNumber(ss, ssl_application_layer_protocol, 2); | 167 +» rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); |
| 168 + if (rv != SECSuccess) | 168 + if (rv != SECSuccess) |
| 169 + goto loser; | 169 + goto loser; |
| 170 + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); | 170 + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); |
| 171 + if (rv != SECSuccess) | 171 + if (rv != SECSuccess) |
| 172 + goto loser; | 172 + goto loser; |
| 173 + rv = ssl3_AppendHandshakeVariable(ss, ss->opt.nextProtoNego.data, | 173 + rv = ssl3_AppendHandshakeVariable(ss, ss->opt.nextProtoNego.data, |
| 174 + ss->opt.nextProtoNego.len, 2); | 174 + ss->opt.nextProtoNego.len, 2); |
| 175 + if (rv != SECSuccess) | 175 + if (rv != SECSuccess) |
| 176 + goto loser; | 176 + goto loser; |
| 177 + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = | 177 + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = |
| 178 +» » ssl_application_layer_protocol; | 178 +» » ssl_app_layer_protocol_xtn; |
| 179 + } else if (maxBytes < extension_length) { | 179 + } else if (maxBytes < extension_length) { |
| 180 + return 0; | 180 + return 0; |
| 181 + } | 181 + } |
| 182 | 182 |
| 183 return extension_length; | 183 return extension_length; |
| 184 | 184 |
| 185 diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h | 185 diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h |
| 186 --- a/nss/lib/ssl/ssl.h 2013-07-31 14:10:35.113325316 -0700 | 186 --- a/nss/lib/ssl/ssl.h 2013-07-31 14:10:35.113325316 -0700 |
| 187 +++ b/nss/lib/ssl/ssl.h 2013-07-31 14:28:56.589496647 -0700 | 187 +++ b/nss/lib/ssl/ssl.h 2013-07-31 14:28:56.589496647 -0700 |
| 188 @@ -203,6 +203,11 @@ SSL_IMPORT SECStatus SSL_SetNextProtoCal | 188 @@ -203,6 +203,11 @@ SSL_IMPORT SECStatus SSL_SetNextProtoCal |
| (...skipping 18 matching lines...) Expand all Loading... |
| 207 } SSLNextProtoState; | 207 } SSLNextProtoState; |
| 208 | 208 |
| 209 /* SSL_GetNextProto can be used in the HandshakeCallback or any time after | 209 /* SSL_GetNextProto can be used in the HandshakeCallback or any time after |
| 210 diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h | 210 diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h |
| 211 --- a/nss/lib/ssl/sslt.h 2013-07-31 14:13:43.806096237 -0700 | 211 --- a/nss/lib/ssl/sslt.h 2013-07-31 14:13:43.806096237 -0700 |
| 212 +++ b/nss/lib/ssl/sslt.h 2013-07-31 14:28:56.609496941 -0700 | 212 +++ b/nss/lib/ssl/sslt.h 2013-07-31 14:28:56.609496941 -0700 |
| 213 @@ -195,12 +195,13 @@ typedef enum { | 213 @@ -195,12 +195,13 @@ typedef enum { |
| 214 #endif | 214 #endif |
| 215 ssl_signature_algorithms_xtn = 13, | 215 ssl_signature_algorithms_xtn = 13, |
| 216 ssl_use_srtp_xtn = 14, | 216 ssl_use_srtp_xtn = 14, |
| 217 + ssl_application_layer_protocol = 16, | 217 + ssl_app_layer_protocol_xtn = 16, |
| 218 ssl_session_ticket_xtn = 35, | 218 ssl_session_ticket_xtn = 35, |
| 219 ssl_next_proto_nego_xtn = 13172, | 219 ssl_next_proto_nego_xtn = 13172, |
| 220 ssl_channel_id_xtn = 30031, | 220 ssl_channel_id_xtn = 30031, |
| 221 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ | 221 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ |
| 222 } SSLExtensionType; | 222 } SSLExtensionType; |
| 223 | 223 |
| 224 -#define SSL_MAX_EXTENSIONS 10 | 224 -#define SSL_MAX_EXTENSIONS 10 |
| 225 +#define SSL_MAX_EXTENSIONS 11 | 225 +#define SSL_MAX_EXTENSIONS 11 |
| 226 | 226 |
| 227 #endif /* __sslt_h_ */ | 227 #endif /* __sslt_h_ */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 20598007:
NSS: rename ALPN extension to have _xtn suffix. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src