1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ssl/sslinfo.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,395 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +#include "ssl.h"
1.8 +#include "sslimpl.h"
1.9 +#include "sslproto.h"
1.10 +
1.11 +static const char *
1.12 +ssl_GetCompressionMethodName(SSLCompressionMethod compression)
1.13 +{
1.14 + switch (compression) {
1.15 + case ssl_compression_null:
1.16 + return "NULL";
1.17 +#ifdef NSS_ENABLE_ZLIB
1.18 + case ssl_compression_deflate:
1.19 + return "DEFLATE";
1.20 +#endif
1.21 + default:
1.22 + return "???";
1.23 + }
1.24 +}
1.25 +
1.26 +SECStatus
1.27 +SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
1.28 +{
1.29 + sslSocket * ss;
1.30 + SSLChannelInfo inf;
1.31 + sslSessionID * sid;
1.32 +
1.33 + if (!info || len < sizeof inf.length) {
1.34 + PORT_SetError(SEC_ERROR_INVALID_ARGS);
1.35 + return SECFailure;
1.36 + }
1.37 +
1.38 + ss = ssl_FindSocket(fd);
1.39 + if (!ss) {
1.40 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo",
1.41 + SSL_GETPID(), fd));
1.42 + return SECFailure;
1.43 + }
1.44 +
1.45 + memset(&inf, 0, sizeof inf);
1.46 + inf.length = PR_MIN(sizeof inf, len);
1.47 +
1.48 + if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
1.49 + sid = ss->sec.ci.sid;
1.50 + inf.protocolVersion = ss->version;
1.51 + inf.authKeyBits = ss->sec.authKeyBits;
1.52 + inf.keaKeyBits = ss->sec.keaKeyBits;
1.53 + if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
1.54 + inf.cipherSuite = ss->sec.cipherType | 0xff00;
1.55 + inf.compressionMethod = ssl_compression_null;
1.56 + inf.compressionMethodName = "N/A";
1.57 + } else if (ss->ssl3.initialized) { /* SSL3 and TLS */
1.58 + ssl_GetSpecReadLock(ss);
1.59 + /* XXX The cipher suite should be in the specs and this
1.60 + * function should get it from cwSpec rather than from the "hs".
1.61 + * See bug 275744 comment 69 and bug 766137.
1.62 + */
1.63 + inf.cipherSuite = ss->ssl3.hs.cipher_suite;
1.64 + inf.compressionMethod = ss->ssl3.cwSpec->compression_method;
1.65 + ssl_ReleaseSpecReadLock(ss);
1.66 + inf.compressionMethodName =
1.67 + ssl_GetCompressionMethodName(inf.compressionMethod);
1.68 + }
1.69 + if (sid) {
1.70 + inf.creationTime = sid->creationTime;
1.71 + inf.lastAccessTime = sid->lastAccessTime;
1.72 + inf.expirationTime = sid->expirationTime;
1.73 + if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
1.74 + inf.sessionIDLength = SSL2_SESSIONID_BYTES;
1.75 + memcpy(inf.sessionID, sid->u.ssl2.sessionID,
1.76 + SSL2_SESSIONID_BYTES);
1.77 + } else {
1.78 + unsigned int sidLen = sid->u.ssl3.sessionIDLength;
1.79 + sidLen = PR_MIN(sidLen, sizeof inf.sessionID);
1.80 + inf.sessionIDLength = sidLen;
1.81 + memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen);
1.82 + }
1.83 + }
1.84 + }
1.85 +
1.86 + memcpy(info, &inf, inf.length);
1.87 +
1.88 + return SECSuccess;
1.89 +}
1.90 +
1.91 +
1.92 +#define CS(x) x, #x
1.93 +#define CK(x) x | 0xff00, #x
1.94 +
1.95 +#define S_DSA "DSA", ssl_auth_dsa
1.96 +#define S_RSA "RSA", ssl_auth_rsa
1.97 +#define S_KEA "KEA", ssl_auth_kea
1.98 +#define S_ECDSA "ECDSA", ssl_auth_ecdsa
1.99 +
1.100 +#define K_DHE "DHE", kt_dh
1.101 +#define K_RSA "RSA", kt_rsa
1.102 +#define K_KEA "KEA", kt_kea
1.103 +#define K_ECDH "ECDH", kt_ecdh
1.104 +#define K_ECDHE "ECDHE", kt_ecdh
1.105 +
1.106 +#define C_SEED "SEED", calg_seed
1.107 +#define C_CAMELLIA "CAMELLIA", calg_camellia
1.108 +#define C_AES "AES", calg_aes
1.109 +#define C_RC4 "RC4", calg_rc4
1.110 +#define C_RC2 "RC2", calg_rc2
1.111 +#define C_DES "DES", calg_des
1.112 +#define C_3DES "3DES", calg_3des
1.113 +#define C_NULL "NULL", calg_null
1.114 +#define C_SJ "SKIPJACK", calg_sj
1.115 +#define C_AESGCM "AES-GCM", calg_aes_gcm
1.116 +
1.117 +#define B_256 256, 256, 256
1.118 +#define B_128 128, 128, 128
1.119 +#define B_3DES 192, 156, 112
1.120 +#define B_SJ 96, 80, 80
1.121 +#define B_DES 64, 56, 56
1.122 +#define B_56 128, 56, 56
1.123 +#define B_40 128, 40, 40
1.124 +#define B_0 0, 0, 0
1.125 +
1.126 +#define M_AEAD_128 "AEAD", ssl_mac_aead, 128
1.127 +#define M_SHA256 "SHA256", ssl_hmac_sha256, 256
1.128 +#define M_SHA "SHA1", ssl_mac_sha, 160
1.129 +#define M_MD5 "MD5", ssl_mac_md5, 128
1.130 +#define M_NULL "NULL", ssl_mac_null, 0
1.131 +
1.132 +static const SSLCipherSuiteInfo suiteInfo[] = {
1.133 +/* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC> <FIPS> */
1.134 +{0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
1.135 +
1.136 +{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
1.137 +{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
1.138 +{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
1.139 +{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
1.140 +{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
1.141 +{0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
1.142 +{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, },
1.143 +{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
1.144 +
1.145 +{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
1.146 +{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
1.147 +{0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
1.148 +{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
1.149 +{0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
1.150 +{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
1.151 +{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
1.152 +{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
1.153 +{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
1.154 +{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
1.155 +{0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
1.156 +{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
1.157 +{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
1.158 +
1.159 +{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
1.160 +{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
1.161 +{0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
1.162 +{0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
1.163 +
1.164 +{0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
1.165 +{0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
1.166 +{0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, },
1.167 +{0,CS(TLS_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
1.168 +
1.169 +{0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA, 0, 1, 0, },
1.170 +{0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
1.171 +{0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
1.172 +{0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
1.173 +{0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA256, 0, 1, 0, },
1.174 +{0,CS(TLS_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
1.175 +{0,CS(TLS_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
1.176 +
1.177 +#ifndef NSS_DISABLE_ECC
1.178 +/* ECC cipher suites */
1.179 +{0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
1.180 +{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
1.181 +
1.182 +{0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, },
1.183 +{0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, },
1.184 +{0,CS(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
1.185 +{0,CS(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0, },
1.186 +{0,CS(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0, },
1.187 +
1.188 +{0,CS(TLS_ECDHE_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, },
1.189 +{0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
1.190 +{0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
1.191 +{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
1.192 +{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
1.193 +{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
1.194 +
1.195 +{0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, },
1.196 +{0,CS(TLS_ECDH_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, },
1.197 +{0,CS(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
1.198 +{0,CS(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0, },
1.199 +{0,CS(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0, },
1.200 +
1.201 +{0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, },
1.202 +{0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
1.203 +{0,CS(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
1.204 +{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
1.205 +{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
1.206 +{0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
1.207 +#endif /* NSS_DISABLE_ECC */
1.208 +
1.209 +/* SSL 2 table */
1.210 +{0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
1.211 +{0,CK(SSL_CK_RC2_128_CBC_WITH_MD5), S_RSA, K_RSA, C_RC2, B_128, M_MD5, 0, 0, 0, },
1.212 +{0,CK(SSL_CK_DES_192_EDE3_CBC_WITH_MD5), S_RSA, K_RSA, C_3DES,B_3DES,M_MD5, 0, 0, 0, },
1.213 +{0,CK(SSL_CK_DES_64_CBC_WITH_MD5), S_RSA, K_RSA, C_DES, B_DES, M_MD5, 0, 0, 0, },
1.214 +{0,CK(SSL_CK_RC4_128_EXPORT40_WITH_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
1.215 +{0,CK(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, }
1.216 +};
1.217 +
1.218 +#define NUM_SUITEINFOS ((sizeof suiteInfo) / (sizeof suiteInfo[0]))
1.219 +
1.220 +
1.221 +SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
1.222 + SSLCipherSuiteInfo *info, PRUintn len)
1.223 +{
1.224 + unsigned int i;
1.225 +
1.226 + len = PR_MIN(len, sizeof suiteInfo[0]);
1.227 + if (!info || len < sizeof suiteInfo[0].length) {
1.228 + PORT_SetError(SEC_ERROR_INVALID_ARGS);
1.229 + return SECFailure;
1.230 + }
1.231 + for (i = 0; i < NUM_SUITEINFOS; i++) {
1.232 + if (suiteInfo[i].cipherSuite == cipherSuite) {
1.233 + memcpy(info, &suiteInfo[i], len);
1.234 + info->length = len;
1.235 + return SECSuccess;
1.236 + }
1.237 + }
1.238 + PORT_SetError(SEC_ERROR_INVALID_ARGS);
1.239 + return SECFailure;
1.240 +}
1.241 +
1.242 +/* This function might be a candidate to be public.
1.243 + * Disables all export ciphers in the default set of enabled ciphers.
1.244 + */
1.245 +SECStatus
1.246 +SSL_DisableDefaultExportCipherSuites(void)
1.247 +{
1.248 + const SSLCipherSuiteInfo * pInfo = suiteInfo;
1.249 + unsigned int i;
1.250 + SECStatus rv;
1.251 +
1.252 + for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
1.253 + if (pInfo->isExportable) {
1.254 + rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE);
1.255 + PORT_Assert(rv == SECSuccess);
1.256 + }
1.257 + }
1.258 + return SECSuccess;
1.259 +}
1.260 +
1.261 +/* This function might be a candidate to be public,
1.262 + * except that it takes an sslSocket pointer as an argument.
1.263 + * A Public version would take a PRFileDesc pointer.
1.264 + * Disables all export ciphers in the default set of enabled ciphers.
1.265 + */
1.266 +SECStatus
1.267 +SSL_DisableExportCipherSuites(PRFileDesc * fd)
1.268 +{
1.269 + const SSLCipherSuiteInfo * pInfo = suiteInfo;
1.270 + unsigned int i;
1.271 + SECStatus rv;
1.272 +
1.273 + for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
1.274 + if (pInfo->isExportable) {
1.275 + rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE);
1.276 + PORT_Assert(rv == SECSuccess);
1.277 + }
1.278 + }
1.279 + return SECSuccess;
1.280 +}
1.281 +
1.282 +/* Tells us if the named suite is exportable
1.283 + * returns false for unknown suites.
1.284 + */
1.285 +PRBool
1.286 +SSL_IsExportCipherSuite(PRUint16 cipherSuite)
1.287 +{
1.288 + unsigned int i;
1.289 + for (i = 0; i < NUM_SUITEINFOS; i++) {
1.290 + if (suiteInfo[i].cipherSuite == cipherSuite) {
1.291 + return (PRBool)(suiteInfo[i].isExportable);
1.292 + }
1.293 + }
1.294 + return PR_FALSE;
1.295 +}
1.296 +
1.297 +SECItem*
1.298 +SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
1.299 +{
1.300 + SECItem *sniName = NULL;
1.301 + sslSocket *ss;
1.302 + char *name = NULL;
1.303 +
1.304 + ss = ssl_FindSocket(fd);
1.305 + if (!ss) {
1.306 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo",
1.307 + SSL_GETPID(), fd));
1.308 + return NULL;
1.309 + }
1.310 +
1.311 + if (ss->sec.isServer) {
1.312 + if (ss->version > SSL_LIBRARY_VERSION_3_0 &&
1.313 + ss->ssl3.initialized) { /* TLS */
1.314 + SECItem *crsName;
1.315 + ssl_GetSpecReadLock(ss); /*********************************/
1.316 + crsName = &ss->ssl3.cwSpec->srvVirtName;
1.317 + if (crsName->data) {
1.318 + sniName = SECITEM_DupItem(crsName);
1.319 + }
1.320 + ssl_ReleaseSpecReadLock(ss); /*----------------------------*/
1.321 + }
1.322 + return sniName;
1.323 + }
1.324 + name = SSL_RevealURL(fd);
1.325 + if (name) {
1.326 + sniName = PORT_ZNew(SECItem);
1.327 + if (!sniName) {
1.328 + PORT_Free(name);
1.329 + return NULL;
1.330 + }
1.331 + sniName->data = (void*)name;
1.332 + sniName->len = PORT_Strlen(name);
1.333 + }
1.334 + return sniName;
1.335 +}
1.336 +
1.337 +SECStatus
1.338 +SSL_ExportKeyingMaterial(PRFileDesc *fd,
1.339 + const char *label, unsigned int labelLen,
1.340 + PRBool hasContext,
1.341 + const unsigned char *context, unsigned int contextLen,
1.342 + unsigned char *out, unsigned int outLen)
1.343 +{
1.344 + sslSocket *ss;
1.345 + unsigned char *val = NULL;
1.346 + unsigned int valLen, i;
1.347 + SECStatus rv = SECFailure;
1.348 +
1.349 + ss = ssl_FindSocket(fd);
1.350 + if (!ss) {
1.351 + SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",
1.352 + SSL_GETPID(), fd));
1.353 + return SECFailure;
1.354 + }
1.355 +
1.356 + if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {
1.357 + PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
1.358 + return SECFailure;
1.359 + }
1.360 +
1.361 + /* construct PRF arguments */
1.362 + valLen = SSL3_RANDOM_LENGTH * 2;
1.363 + if (hasContext) {
1.364 + valLen += 2 /* PRUint16 length */ + contextLen;
1.365 + }
1.366 + val = PORT_Alloc(valLen);
1.367 + if (!val) {
1.368 + return SECFailure;
1.369 + }
1.370 + i = 0;
1.371 + PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
1.372 + i += SSL3_RANDOM_LENGTH;
1.373 + PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
1.374 + i += SSL3_RANDOM_LENGTH;
1.375 + if (hasContext) {
1.376 + val[i++] = contextLen >> 8;
1.377 + val[i++] = contextLen;
1.378 + PORT_Memcpy(val + i, context, contextLen);
1.379 + i += contextLen;
1.380 + }
1.381 + PORT_Assert(i == valLen);
1.382 +
1.383 + /* Allow TLS keying material to be exported sooner, when the master
1.384 + * secret is available and we have sent ChangeCipherSpec.
1.385 + */
1.386 + ssl_GetSpecReadLock(ss);
1.387 + if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
1.388 + PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
1.389 + rv = SECFailure;
1.390 + } else {
1.391 + rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
1.392 + valLen, out, outLen);
1.393 + }
1.394 + ssl_ReleaseSpecReadLock(ss);
1.395 +
1.396 + PORT_ZFree(val, valLen);
1.397 + return rv;
1.398 +}
