OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* ECC code moved here from ssl3con.c */ | 9 /* ECC code moved here from ssl3con.c */ |
10 | 10 |
(...skipping 674 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
685 &ss->ssl3.hs.client_random, | 685 &ss->ssl3.hs.client_random, |
686 &ss->ssl3.hs.server_random, | 686 &ss->ssl3.hs.server_random, |
687 &hashes, ss->opt.bypassPKCS11); | 687 &hashes, ss->opt.bypassPKCS11); |
688 | 688 |
689 if (rv != SECSuccess) { | 689 if (rv != SECSuccess) { |
690 errCode = | 690 errCode = |
691 ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); | 691 ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); |
692 goto alert_loser; | 692 goto alert_loser; |
693 } | 693 } |
694 rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature, | 694 rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature, |
695 isTLS, ss->pkcs11PinArg); | 695 ss->ssl3.prSpec->version, ss->pkcs11PinArg); |
696 if (rv != SECSuccess) { | 696 if (rv != SECSuccess) { |
697 errCode = | 697 errCode = |
698 ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); | 698 ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); |
699 goto alert_loser; | 699 goto alert_loser; |
700 } | 700 } |
701 | 701 |
702 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 702 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
703 if (arena == NULL) { | 703 if (arena == NULL) { |
704 goto no_memory; | 704 goto no_memory; |
705 } | 705 } |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
821 /* XXX SSLKEAType isn't really a good choice for | 821 /* XXX SSLKEAType isn't really a good choice for |
822 * indexing certificates but that's all we have | 822 * indexing certificates but that's all we have |
823 * for now. | 823 * for now. |
824 */ | 824 */ |
825 if (kea_def->kea == kea_ecdhe_rsa) | 825 if (kea_def->kea == kea_ecdhe_rsa) |
826 certIndex = kt_rsa; | 826 certIndex = kt_rsa; |
827 else /* kea_def->kea == kea_ecdhe_ecdsa */ | 827 else /* kea_def->kea == kea_ecdhe_ecdsa */ |
828 certIndex = kt_ecdh; | 828 certIndex = kt_ecdh; |
829 | 829 |
830 rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, | 830 rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, |
831 &signed_hash, isTLS); | 831 &signed_hash, ss->ssl3.prSpec->version); |
832 if (rv != SECSuccess) { | 832 if (rv != SECSuccess) { |
833 goto loser; /* ssl3_SignHashes has set err. */ | 833 goto loser; /* ssl3_SignHashes has set err. */ |
834 } | 834 } |
835 if (signed_hash.data == NULL) { | 835 if (signed_hash.data == NULL) { |
836 /* how can this happen and rv == SECSuccess ?? */ | 836 /* how can this happen and rv == SECSuccess ?? */ |
837 PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); | 837 PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); |
838 goto loser; | 838 goto loser; |
839 } | 839 } |
840 | 840 |
841 length = ec_params.len + | 841 length = ec_params.len + |
(...skipping 435 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1277 } | 1277 } |
1278 /* Our EC cert doesn't contain a mutually supported curve. | 1278 /* Our EC cert doesn't contain a mutually supported curve. |
1279 * Disable all ECC cipher suites that require an EC cert | 1279 * Disable all ECC cipher suites that require an EC cert |
1280 */ | 1280 */ |
1281 ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); | 1281 ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); |
1282 ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); | 1282 ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); |
1283 return SECSuccess; | 1283 return SECSuccess; |
1284 } | 1284 } |
1285 | 1285 |
1286 #endif /* NSS_DISABLE_ECC */ | 1286 #endif /* NSS_DISABLE_ECC */ |
OLD | NEW |