The Tor Browser / annotate

security/nss/lib/ssl/sslinfo.c@b8a032363ba2 (annotated)

security/nss/lib/ssl/sslinfo.c

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4 #include "ssl.h"
michael@0 5 #include "sslimpl.h"
michael@0 6 #include "sslproto.h"
michael@0 7
michael@0 8 static const char *
michael@0 9 ssl_GetCompressionMethodName(SSLCompressionMethod compression)
michael@0 10 {
michael@0 11 switch (compression) {
michael@0 12 case ssl_compression_null:
michael@0 13 return "NULL";
michael@0 14 #ifdef NSS_ENABLE_ZLIB
michael@0 15 case ssl_compression_deflate:
michael@0 16 return "DEFLATE";
michael@0 17 #endif
michael@0 18 default:
michael@0 19 return "???";
michael@0 20 }
michael@0 21 }
michael@0 22
michael@0 23 SECStatus
michael@0 24 SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
michael@0 25 {
michael@0 26 sslSocket * ss;
michael@0 27 SSLChannelInfo inf;
michael@0 28 sslSessionID * sid;
michael@0 29
michael@0 30 if (!info || len < sizeof inf.length) {
michael@0 31 PORT_SetError(SEC_ERROR_INVALID_ARGS);
michael@0 32 return SECFailure;
michael@0 33 }
michael@0 34
michael@0 35 ss = ssl_FindSocket(fd);
michael@0 36 if (!ss) {
michael@0 37 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo",
michael@0 38 SSL_GETPID(), fd));
michael@0 39 return SECFailure;
michael@0 40 }
michael@0 41
michael@0 42 memset(&inf, 0, sizeof inf);
michael@0 43 inf.length = PR_MIN(sizeof inf, len);
michael@0 44
michael@0 45 if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
michael@0 46 sid = ss->sec.ci.sid;
michael@0 47 inf.protocolVersion = ss->version;
michael@0 48 inf.authKeyBits = ss->sec.authKeyBits;
michael@0 49 inf.keaKeyBits = ss->sec.keaKeyBits;
michael@0 50 if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
michael@0 51 inf.cipherSuite = ss->sec.cipherType | 0xff00;
michael@0 52 inf.compressionMethod = ssl_compression_null;
michael@0 53 inf.compressionMethodName = "N/A";
michael@0 54 } else if (ss->ssl3.initialized) { /* SSL3 and TLS */
michael@0 55 ssl_GetSpecReadLock(ss);
michael@0 56 /* XXX The cipher suite should be in the specs and this
michael@0 57 * function should get it from cwSpec rather than from the "hs".
michael@0 58 * See bug 275744 comment 69 and bug 766137.
michael@0 59 */
michael@0 60 inf.cipherSuite = ss->ssl3.hs.cipher_suite;
michael@0 61 inf.compressionMethod = ss->ssl3.cwSpec->compression_method;
michael@0 62 ssl_ReleaseSpecReadLock(ss);
michael@0 63 inf.compressionMethodName =
michael@0 64 ssl_GetCompressionMethodName(inf.compressionMethod);
michael@0 65 }
michael@0 66 if (sid) {
michael@0 67 inf.creationTime = sid->creationTime;
michael@0 68 inf.lastAccessTime = sid->lastAccessTime;
michael@0 69 inf.expirationTime = sid->expirationTime;
michael@0 70 if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
michael@0 71 inf.sessionIDLength = SSL2_SESSIONID_BYTES;
michael@0 72 memcpy(inf.sessionID, sid->u.ssl2.sessionID,
michael@0 73 SSL2_SESSIONID_BYTES);
michael@0 74 } else {
michael@0 75 unsigned int sidLen = sid->u.ssl3.sessionIDLength;
michael@0 76 sidLen = PR_MIN(sidLen, sizeof inf.sessionID);
michael@0 77 inf.sessionIDLength = sidLen;
michael@0 78 memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen);
michael@0 79 }
michael@0 80 }
michael@0 81 }
michael@0 82
michael@0 83 memcpy(info, &inf, inf.length);
michael@0 84
michael@0 85 return SECSuccess;
michael@0 86 }
michael@0 87
michael@0 88
michael@0 89 #define CS(x) x, #x
michael@0 90 #define CK(x) x | 0xff00, #x
michael@0 91
michael@0 92 #define S_DSA "DSA", ssl_auth_dsa
michael@0 93 #define S_RSA "RSA", ssl_auth_rsa
michael@0 94 #define S_KEA "KEA", ssl_auth_kea
michael@0 95 #define S_ECDSA "ECDSA", ssl_auth_ecdsa
michael@0 96
michael@0 97 #define K_DHE "DHE", kt_dh
michael@0 98 #define K_RSA "RSA", kt_rsa
michael@0 99 #define K_KEA "KEA", kt_kea
michael@0 100 #define K_ECDH "ECDH", kt_ecdh
michael@0 101 #define K_ECDHE "ECDHE", kt_ecdh
michael@0 102
michael@0 103 #define C_SEED "SEED", calg_seed
michael@0 104 #define C_CAMELLIA "CAMELLIA", calg_camellia
michael@0 105 #define C_AES "AES", calg_aes
michael@0 106 #define C_RC4 "RC4", calg_rc4
michael@0 107 #define C_RC2 "RC2", calg_rc2
michael@0 108 #define C_DES "DES", calg_des
michael@0 109 #define C_3DES "3DES", calg_3des
michael@0 110 #define C_NULL "NULL", calg_null
michael@0 111 #define C_SJ "SKIPJACK", calg_sj
michael@0 112 #define C_AESGCM "AES-GCM", calg_aes_gcm
michael@0 113
michael@0 114 #define B_256 256, 256, 256
michael@0 115 #define B_128 128, 128, 128
michael@0 116 #define B_3DES 192, 156, 112
michael@0 117 #define B_SJ 96, 80, 80
michael@0 118 #define B_DES 64, 56, 56
michael@0 119 #define B_56 128, 56, 56
michael@0 120 #define B_40 128, 40, 40
michael@0 121 #define B_0 0, 0, 0
michael@0 122
michael@0 123 #define M_AEAD_128 "AEAD", ssl_mac_aead, 128
michael@0 124 #define M_SHA256 "SHA256", ssl_hmac_sha256, 256
michael@0 125 #define M_SHA "SHA1", ssl_mac_sha, 160
michael@0 126 #define M_MD5 "MD5", ssl_mac_md5, 128
michael@0 127 #define M_NULL "NULL", ssl_mac_null, 0
michael@0 128
michael@0 129 static const SSLCipherSuiteInfo suiteInfo[] = {
michael@0 130 /* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC> <FIPS> */
michael@0 131 {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
michael@0 132
michael@0 133 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
michael@0 134 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
michael@0 135 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
michael@0 136 {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
michael@0 137 {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
michael@0 138 {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
michael@0 139 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, },
michael@0 140 {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
michael@0 141
michael@0 142 {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
michael@0 143 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
michael@0 144 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
michael@0 145 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
michael@0 146 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
michael@0 147 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
michael@0 148 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
michael@0 149 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
michael@0 150 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
michael@0 151 {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
michael@0 152 {0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
michael@0 153 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
michael@0 154 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
michael@0 155
michael@0 156 {0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
michael@0 157 {0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
michael@0 158 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
michael@0 159 {0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
michael@0 160
michael@0 161 {0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
michael@0 162 {0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
michael@0 163 {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, },
michael@0 164 {0,CS(TLS_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
michael@0 165
michael@0 166 {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA, 0, 1, 0, },
michael@0 167 {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
michael@0 168 {0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
michael@0 169 {0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
michael@0 170 {0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA256, 0, 1, 0, },
michael@0 171 {0,CS(TLS_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
michael@0 172 {0,CS(TLS_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
michael@0 173
michael@0 174 #ifndef NSS_DISABLE_ECC
michael@0 175 /* ECC cipher suites */
michael@0 176 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
michael@0 177 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
michael@0 178
michael@0 179 {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, },
michael@0 180 {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, },
michael@0 181 {0,CS(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
michael@0 182 {0,CS(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0, },
michael@0 183 {0,CS(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0, },
michael@0 184
michael@0 185 {0,CS(TLS_ECDHE_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, },
michael@0 186 {0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
michael@0 187 {0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
michael@0 188 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
michael@0 189 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
michael@0 190 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
michael@0 191
michael@0 192 {0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, },
michael@0 193 {0,CS(TLS_ECDH_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, },
michael@0 194 {0,CS(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
michael@0 195 {0,CS(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0, },
michael@0 196 {0,CS(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0, },
michael@0 197
michael@0 198 {0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, },
michael@0 199 {0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
michael@0 200 {0,CS(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
michael@0 201 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
michael@0 202 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
michael@0 203 {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
michael@0 204 #endif /* NSS_DISABLE_ECC */
michael@0 205
michael@0 206 /* SSL 2 table */
michael@0 207 {0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
michael@0 208 {0,CK(SSL_CK_RC2_128_CBC_WITH_MD5), S_RSA, K_RSA, C_RC2, B_128, M_MD5, 0, 0, 0, },
michael@0 209 {0,CK(SSL_CK_DES_192_EDE3_CBC_WITH_MD5), S_RSA, K_RSA, C_3DES,B_3DES,M_MD5, 0, 0, 0, },
michael@0 210 {0,CK(SSL_CK_DES_64_CBC_WITH_MD5), S_RSA, K_RSA, C_DES, B_DES, M_MD5, 0, 0, 0, },
michael@0 211 {0,CK(SSL_CK_RC4_128_EXPORT40_WITH_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
michael@0 212 {0,CK(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, }
michael@0 213 };
michael@0 214
michael@0 215 #define NUM_SUITEINFOS ((sizeof suiteInfo) / (sizeof suiteInfo[0]))
michael@0 216
michael@0 217
michael@0 218 SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
michael@0 219 SSLCipherSuiteInfo *info, PRUintn len)
michael@0 220 {
michael@0 221 unsigned int i;
michael@0 222
michael@0 223 len = PR_MIN(len, sizeof suiteInfo[0]);
michael@0 224 if (!info || len < sizeof suiteInfo[0].length) {
michael@0 225 PORT_SetError(SEC_ERROR_INVALID_ARGS);
michael@0 226 return SECFailure;
michael@0 227 }
michael@0 228 for (i = 0; i < NUM_SUITEINFOS; i++) {
michael@0 229 if (suiteInfo[i].cipherSuite == cipherSuite) {
michael@0 230 memcpy(info, &suiteInfo[i], len);
michael@0 231 info->length = len;
michael@0 232 return SECSuccess;
michael@0 233 }
michael@0 234 }
michael@0 235 PORT_SetError(SEC_ERROR_INVALID_ARGS);
michael@0 236 return SECFailure;
michael@0 237 }
michael@0 238
michael@0 239 /* This function might be a candidate to be public.
michael@0 240 * Disables all export ciphers in the default set of enabled ciphers.
michael@0 241 */
michael@0 242 SECStatus
michael@0 243 SSL_DisableDefaultExportCipherSuites(void)
michael@0 244 {
michael@0 245 const SSLCipherSuiteInfo * pInfo = suiteInfo;
michael@0 246 unsigned int i;
michael@0 247 SECStatus rv;
michael@0 248
michael@0 249 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
michael@0 250 if (pInfo->isExportable) {
michael@0 251 rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE);
michael@0 252 PORT_Assert(rv == SECSuccess);
michael@0 253 }
michael@0 254 }
michael@0 255 return SECSuccess;
michael@0 256 }
michael@0 257
michael@0 258 /* This function might be a candidate to be public,
michael@0 259 * except that it takes an sslSocket pointer as an argument.
michael@0 260 * A Public version would take a PRFileDesc pointer.
michael@0 261 * Disables all export ciphers in the default set of enabled ciphers.
michael@0 262 */
michael@0 263 SECStatus
michael@0 264 SSL_DisableExportCipherSuites(PRFileDesc * fd)
michael@0 265 {
michael@0 266 const SSLCipherSuiteInfo * pInfo = suiteInfo;
michael@0 267 unsigned int i;
michael@0 268 SECStatus rv;
michael@0 269
michael@0 270 for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
michael@0 271 if (pInfo->isExportable) {
michael@0 272 rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE);
michael@0 273 PORT_Assert(rv == SECSuccess);
michael@0 274 }
michael@0 275 }
michael@0 276 return SECSuccess;
michael@0 277 }
michael@0 278
michael@0 279 /* Tells us if the named suite is exportable
michael@0 280 * returns false for unknown suites.
michael@0 281 */
michael@0 282 PRBool
michael@0 283 SSL_IsExportCipherSuite(PRUint16 cipherSuite)
michael@0 284 {
michael@0 285 unsigned int i;
michael@0 286 for (i = 0; i < NUM_SUITEINFOS; i++) {
michael@0 287 if (suiteInfo[i].cipherSuite == cipherSuite) {
michael@0 288 return (PRBool)(suiteInfo[i].isExportable);
michael@0 289 }
michael@0 290 }
michael@0 291 return PR_FALSE;
michael@0 292 }
michael@0 293
michael@0 294 SECItem*
michael@0 295 SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
michael@0 296 {
michael@0 297 SECItem *sniName = NULL;
michael@0 298 sslSocket *ss;
michael@0 299 char *name = NULL;
michael@0 300
michael@0 301 ss = ssl_FindSocket(fd);
michael@0 302 if (!ss) {
michael@0 303 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo",
michael@0 304 SSL_GETPID(), fd));
michael@0 305 return NULL;
michael@0 306 }
michael@0 307
michael@0 308 if (ss->sec.isServer) {
michael@0 309 if (ss->version > SSL_LIBRARY_VERSION_3_0 &&
michael@0 310 ss->ssl3.initialized) { /* TLS */
michael@0 311 SECItem *crsName;
michael@0 312 ssl_GetSpecReadLock(ss); /*********************************/
michael@0 313 crsName = &ss->ssl3.cwSpec->srvVirtName;
michael@0 314 if (crsName->data) {
michael@0 315 sniName = SECITEM_DupItem(crsName);
michael@0 316 }
michael@0 317 ssl_ReleaseSpecReadLock(ss); /*----------------------------*/
michael@0 318 }
michael@0 319 return sniName;
michael@0 320 }
michael@0 321 name = SSL_RevealURL(fd);
michael@0 322 if (name) {
michael@0 323 sniName = PORT_ZNew(SECItem);
michael@0 324 if (!sniName) {
michael@0 325 PORT_Free(name);
michael@0 326 return NULL;
michael@0 327 }
michael@0 328 sniName->data = (void*)name;
michael@0 329 sniName->len = PORT_Strlen(name);
michael@0 330 }
michael@0 331 return sniName;
michael@0 332 }
michael@0 333
michael@0 334 SECStatus
michael@0 335 SSL_ExportKeyingMaterial(PRFileDesc *fd,
michael@0 336 const char *label, unsigned int labelLen,
michael@0 337 PRBool hasContext,
michael@0 338 const unsigned char *context, unsigned int contextLen,
michael@0 339 unsigned char *out, unsigned int outLen)
michael@0 340 {
michael@0 341 sslSocket *ss;
michael@0 342 unsigned char *val = NULL;
michael@0 343 unsigned int valLen, i;
michael@0 344 SECStatus rv = SECFailure;
michael@0 345
michael@0 346 ss = ssl_FindSocket(fd);
michael@0 347 if (!ss) {
michael@0 348 SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",
michael@0 349 SSL_GETPID(), fd));
michael@0 350 return SECFailure;
michael@0 351 }
michael@0 352
michael@0 353 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {
michael@0 354 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
michael@0 355 return SECFailure;
michael@0 356 }
michael@0 357
michael@0 358 /* construct PRF arguments */
michael@0 359 valLen = SSL3_RANDOM_LENGTH * 2;
michael@0 360 if (hasContext) {
michael@0 361 valLen += 2 /* PRUint16 length */ + contextLen;
michael@0 362 }
michael@0 363 val = PORT_Alloc(valLen);
michael@0 364 if (!val) {
michael@0 365 return SECFailure;
michael@0 366 }
michael@0 367 i = 0;
michael@0 368 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
michael@0 369 i += SSL3_RANDOM_LENGTH;
michael@0 370 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
michael@0 371 i += SSL3_RANDOM_LENGTH;
michael@0 372 if (hasContext) {
michael@0 373 val[i++] = contextLen >> 8;
michael@0 374 val[i++] = contextLen;
michael@0 375 PORT_Memcpy(val + i, context, contextLen);
michael@0 376 i += contextLen;
michael@0 377 }
michael@0 378 PORT_Assert(i == valLen);
michael@0 379
michael@0 380 /* Allow TLS keying material to be exported sooner, when the master
michael@0 381 * secret is available and we have sent ChangeCipherSpec.
michael@0 382 */
michael@0 383 ssl_GetSpecReadLock(ss);
michael@0 384 if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
michael@0 385 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
michael@0 386 rv = SECFailure;
michael@0 387 } else {
michael@0 388 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
michael@0 389 valLen, out, outLen);
michael@0 390 }
michael@0 391 ssl_ReleaseSpecReadLock(ss);
michael@0 392
michael@0 393 PORT_ZFree(val, valLen);
michael@0 394 return rv;
michael@0 395 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial