michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: #include "ssl.h" michael@0: #include "sslimpl.h" michael@0: #include "sslproto.h" michael@0: michael@0: static const char * michael@0: ssl_GetCompressionMethodName(SSLCompressionMethod compression) michael@0: { michael@0: switch (compression) { michael@0: case ssl_compression_null: michael@0: return "NULL"; michael@0: #ifdef NSS_ENABLE_ZLIB michael@0: case ssl_compression_deflate: michael@0: return "DEFLATE"; michael@0: #endif michael@0: default: michael@0: return "???"; michael@0: } michael@0: } michael@0: michael@0: SECStatus michael@0: SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) michael@0: { michael@0: sslSocket * ss; michael@0: SSLChannelInfo inf; michael@0: sslSessionID * sid; michael@0: michael@0: if (!info || len < sizeof inf.length) { michael@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); michael@0: return SECFailure; michael@0: } michael@0: michael@0: ss = ssl_FindSocket(fd); michael@0: if (!ss) { michael@0: SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo", michael@0: SSL_GETPID(), fd)); michael@0: return SECFailure; michael@0: } michael@0: michael@0: memset(&inf, 0, sizeof inf); michael@0: inf.length = PR_MIN(sizeof inf, len); michael@0: michael@0: if (ss->opt.useSecurity && ss->enoughFirstHsDone) { michael@0: sid = ss->sec.ci.sid; michael@0: inf.protocolVersion = ss->version; michael@0: inf.authKeyBits = ss->sec.authKeyBits; michael@0: inf.keaKeyBits = ss->sec.keaKeyBits; michael@0: if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ michael@0: inf.cipherSuite = ss->sec.cipherType | 0xff00; michael@0: inf.compressionMethod = ssl_compression_null; michael@0: inf.compressionMethodName = "N/A"; michael@0: } else if (ss->ssl3.initialized) { /* SSL3 and TLS */ michael@0: ssl_GetSpecReadLock(ss); michael@0: /* XXX The cipher suite should be in the specs and this michael@0: * function should get it from cwSpec rather than from the "hs". michael@0: * See bug 275744 comment 69 and bug 766137. michael@0: */ michael@0: inf.cipherSuite = ss->ssl3.hs.cipher_suite; michael@0: inf.compressionMethod = ss->ssl3.cwSpec->compression_method; michael@0: ssl_ReleaseSpecReadLock(ss); michael@0: inf.compressionMethodName = michael@0: ssl_GetCompressionMethodName(inf.compressionMethod); michael@0: } michael@0: if (sid) { michael@0: inf.creationTime = sid->creationTime; michael@0: inf.lastAccessTime = sid->lastAccessTime; michael@0: inf.expirationTime = sid->expirationTime; michael@0: if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ michael@0: inf.sessionIDLength = SSL2_SESSIONID_BYTES; michael@0: memcpy(inf.sessionID, sid->u.ssl2.sessionID, michael@0: SSL2_SESSIONID_BYTES); michael@0: } else { michael@0: unsigned int sidLen = sid->u.ssl3.sessionIDLength; michael@0: sidLen = PR_MIN(sidLen, sizeof inf.sessionID); michael@0: inf.sessionIDLength = sidLen; michael@0: memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen); michael@0: } michael@0: } michael@0: } michael@0: michael@0: memcpy(info, &inf, inf.length); michael@0: michael@0: return SECSuccess; michael@0: } michael@0: michael@0: michael@0: #define CS(x) x, #x michael@0: #define CK(x) x | 0xff00, #x michael@0: michael@0: #define S_DSA "DSA", ssl_auth_dsa michael@0: #define S_RSA "RSA", ssl_auth_rsa michael@0: #define S_KEA "KEA", ssl_auth_kea michael@0: #define S_ECDSA "ECDSA", ssl_auth_ecdsa michael@0: michael@0: #define K_DHE "DHE", kt_dh michael@0: #define K_RSA "RSA", kt_rsa michael@0: #define K_KEA "KEA", kt_kea michael@0: #define K_ECDH "ECDH", kt_ecdh michael@0: #define K_ECDHE "ECDHE", kt_ecdh michael@0: michael@0: #define C_SEED "SEED", calg_seed michael@0: #define C_CAMELLIA "CAMELLIA", calg_camellia michael@0: #define C_AES "AES", calg_aes michael@0: #define C_RC4 "RC4", calg_rc4 michael@0: #define C_RC2 "RC2", calg_rc2 michael@0: #define C_DES "DES", calg_des michael@0: #define C_3DES "3DES", calg_3des michael@0: #define C_NULL "NULL", calg_null michael@0: #define C_SJ "SKIPJACK", calg_sj michael@0: #define C_AESGCM "AES-GCM", calg_aes_gcm michael@0: michael@0: #define B_256 256, 256, 256 michael@0: #define B_128 128, 128, 128 michael@0: #define B_3DES 192, 156, 112 michael@0: #define B_SJ 96, 80, 80 michael@0: #define B_DES 64, 56, 56 michael@0: #define B_56 128, 56, 56 michael@0: #define B_40 128, 40, 40 michael@0: #define B_0 0, 0, 0 michael@0: michael@0: #define M_AEAD_128 "AEAD", ssl_mac_aead, 128 michael@0: #define M_SHA256 "SHA256", ssl_hmac_sha256, 256 michael@0: #define M_SHA "SHA1", ssl_mac_sha, 160 michael@0: #define M_MD5 "MD5", ssl_mac_md5, 128 michael@0: #define M_NULL "NULL", ssl_mac_null, 0 michael@0: michael@0: static const SSLCipherSuiteInfo suiteInfo[] = { michael@0: /* <------ Cipher suite --------------------> */ michael@0: {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, michael@0: michael@0: {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, michael@0: {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, }, michael@0: {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, }, michael@0: michael@0: {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, michael@0: {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, michael@0: {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, michael@0: {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, }, michael@0: {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, }, michael@0: michael@0: {0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, michael@0: {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, }, michael@0: {0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, michael@0: michael@0: {0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, michael@0: {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, }, michael@0: {0,CS(TLS_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, }, michael@0: michael@0: {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA, 0, 1, 0, }, michael@0: {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, }, michael@0: {0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, }, michael@0: {0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, }, michael@0: {0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA256, 0, 1, 0, }, michael@0: {0,CS(TLS_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, }, michael@0: {0,CS(TLS_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, }, michael@0: michael@0: #ifndef NSS_DISABLE_ECC michael@0: /* ECC cipher suites */ michael@0: {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, michael@0: michael@0: {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0, }, michael@0: michael@0: {0,CS(TLS_ECDHE_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, michael@0: michael@0: {0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_ECDH_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0, }, michael@0: michael@0: {0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, michael@0: {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, michael@0: #endif /* NSS_DISABLE_ECC */ michael@0: michael@0: /* SSL 2 table */ michael@0: {0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, michael@0: {0,CK(SSL_CK_RC2_128_CBC_WITH_MD5), S_RSA, K_RSA, C_RC2, B_128, M_MD5, 0, 0, 0, }, michael@0: {0,CK(SSL_CK_DES_192_EDE3_CBC_WITH_MD5), S_RSA, K_RSA, C_3DES,B_3DES,M_MD5, 0, 0, 0, }, michael@0: {0,CK(SSL_CK_DES_64_CBC_WITH_MD5), S_RSA, K_RSA, C_DES, B_DES, M_MD5, 0, 0, 0, }, michael@0: {0,CK(SSL_CK_RC4_128_EXPORT40_WITH_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, }, michael@0: {0,CK(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, } michael@0: }; michael@0: michael@0: #define NUM_SUITEINFOS ((sizeof suiteInfo) / (sizeof suiteInfo[0])) michael@0: michael@0: michael@0: SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, michael@0: SSLCipherSuiteInfo *info, PRUintn len) michael@0: { michael@0: unsigned int i; michael@0: michael@0: len = PR_MIN(len, sizeof suiteInfo[0]); michael@0: if (!info || len < sizeof suiteInfo[0].length) { michael@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); michael@0: return SECFailure; michael@0: } michael@0: for (i = 0; i < NUM_SUITEINFOS; i++) { michael@0: if (suiteInfo[i].cipherSuite == cipherSuite) { michael@0: memcpy(info, &suiteInfo[i], len); michael@0: info->length = len; michael@0: return SECSuccess; michael@0: } michael@0: } michael@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); michael@0: return SECFailure; michael@0: } michael@0: michael@0: /* This function might be a candidate to be public. michael@0: * Disables all export ciphers in the default set of enabled ciphers. michael@0: */ michael@0: SECStatus michael@0: SSL_DisableDefaultExportCipherSuites(void) michael@0: { michael@0: const SSLCipherSuiteInfo * pInfo = suiteInfo; michael@0: unsigned int i; michael@0: SECStatus rv; michael@0: michael@0: for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { michael@0: if (pInfo->isExportable) { michael@0: rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE); michael@0: PORT_Assert(rv == SECSuccess); michael@0: } michael@0: } michael@0: return SECSuccess; michael@0: } michael@0: michael@0: /* This function might be a candidate to be public, michael@0: * except that it takes an sslSocket pointer as an argument. michael@0: * A Public version would take a PRFileDesc pointer. michael@0: * Disables all export ciphers in the default set of enabled ciphers. michael@0: */ michael@0: SECStatus michael@0: SSL_DisableExportCipherSuites(PRFileDesc * fd) michael@0: { michael@0: const SSLCipherSuiteInfo * pInfo = suiteInfo; michael@0: unsigned int i; michael@0: SECStatus rv; michael@0: michael@0: for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { michael@0: if (pInfo->isExportable) { michael@0: rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE); michael@0: PORT_Assert(rv == SECSuccess); michael@0: } michael@0: } michael@0: return SECSuccess; michael@0: } michael@0: michael@0: /* Tells us if the named suite is exportable michael@0: * returns false for unknown suites. michael@0: */ michael@0: PRBool michael@0: SSL_IsExportCipherSuite(PRUint16 cipherSuite) michael@0: { michael@0: unsigned int i; michael@0: for (i = 0; i < NUM_SUITEINFOS; i++) { michael@0: if (suiteInfo[i].cipherSuite == cipherSuite) { michael@0: return (PRBool)(suiteInfo[i].isExportable); michael@0: } michael@0: } michael@0: return PR_FALSE; michael@0: } michael@0: michael@0: SECItem* michael@0: SSL_GetNegotiatedHostInfo(PRFileDesc *fd) michael@0: { michael@0: SECItem *sniName = NULL; michael@0: sslSocket *ss; michael@0: char *name = NULL; michael@0: michael@0: ss = ssl_FindSocket(fd); michael@0: if (!ss) { michael@0: SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo", michael@0: SSL_GETPID(), fd)); michael@0: return NULL; michael@0: } michael@0: michael@0: if (ss->sec.isServer) { michael@0: if (ss->version > SSL_LIBRARY_VERSION_3_0 && michael@0: ss->ssl3.initialized) { /* TLS */ michael@0: SECItem *crsName; michael@0: ssl_GetSpecReadLock(ss); /*********************************/ michael@0: crsName = &ss->ssl3.cwSpec->srvVirtName; michael@0: if (crsName->data) { michael@0: sniName = SECITEM_DupItem(crsName); michael@0: } michael@0: ssl_ReleaseSpecReadLock(ss); /*----------------------------*/ michael@0: } michael@0: return sniName; michael@0: } michael@0: name = SSL_RevealURL(fd); michael@0: if (name) { michael@0: sniName = PORT_ZNew(SECItem); michael@0: if (!sniName) { michael@0: PORT_Free(name); michael@0: return NULL; michael@0: } michael@0: sniName->data = (void*)name; michael@0: sniName->len = PORT_Strlen(name); michael@0: } michael@0: return sniName; michael@0: } michael@0: michael@0: SECStatus michael@0: SSL_ExportKeyingMaterial(PRFileDesc *fd, michael@0: const char *label, unsigned int labelLen, michael@0: PRBool hasContext, michael@0: const unsigned char *context, unsigned int contextLen, michael@0: unsigned char *out, unsigned int outLen) michael@0: { michael@0: sslSocket *ss; michael@0: unsigned char *val = NULL; michael@0: unsigned int valLen, i; michael@0: SECStatus rv = SECFailure; michael@0: michael@0: ss = ssl_FindSocket(fd); michael@0: if (!ss) { michael@0: SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial", michael@0: SSL_GETPID(), fd)); michael@0: return SECFailure; michael@0: } michael@0: michael@0: if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) { michael@0: PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION); michael@0: return SECFailure; michael@0: } michael@0: michael@0: /* construct PRF arguments */ michael@0: valLen = SSL3_RANDOM_LENGTH * 2; michael@0: if (hasContext) { michael@0: valLen += 2 /* PRUint16 length */ + contextLen; michael@0: } michael@0: val = PORT_Alloc(valLen); michael@0: if (!val) { michael@0: return SECFailure; michael@0: } michael@0: i = 0; michael@0: PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); michael@0: i += SSL3_RANDOM_LENGTH; michael@0: PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); michael@0: i += SSL3_RANDOM_LENGTH; michael@0: if (hasContext) { michael@0: val[i++] = contextLen >> 8; michael@0: val[i++] = contextLen; michael@0: PORT_Memcpy(val + i, context, contextLen); michael@0: i += contextLen; michael@0: } michael@0: PORT_Assert(i == valLen); michael@0: michael@0: /* Allow TLS keying material to be exported sooner, when the master michael@0: * secret is available and we have sent ChangeCipherSpec. michael@0: */ michael@0: ssl_GetSpecReadLock(ss); michael@0: if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) { michael@0: PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); michael@0: rv = SECFailure; michael@0: } else { michael@0: rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, michael@0: valLen, out, outLen); michael@0: } michael@0: ssl_ReleaseSpecReadLock(ss); michael@0: michael@0: PORT_ZFree(val, valLen); michael@0: return rv; michael@0: }