Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1280)

Unified Diff: lib/ssl/sslsock.c

Issue 290970043: Bug 1252849 - Remove export-grade cipher suites
Patch Set: Initialize keyData[] and random[] to zero Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « lib/ssl/sslsecur.c ('k') | lib/ssl/sslt.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: lib/ssl/sslsock.c
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
index 7b91392ca354b34b35fdff7060f74bf6c6d6f3b0..24a39ffbc0ad52229dfa0f220c6609cc077a3666 100644
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -72,7 +72,7 @@ static sslOptions ssl_defaults = {
PR_FALSE,
/* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
PR_TRUE, /* detectRollBack */
- PR_FALSE, /* noStepDown */
+ PR_FALSE, /* unusedBit15 */
PR_FALSE, /* bypassPKCS11 */
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
@@ -278,7 +278,6 @@ ssl_DupSocket(sslSocket *os)
sc->serverKeyBits = oc->serverKeyBits;
ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : SECITEM_DupArray(NULL, os->certStatusArray[i]);
}
- ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : ssl3_GetKeyPairRef(os->stepDownKeyPair);
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
ss->dheKeyPair = !os->dheKeyPair ? NULL : ssl3_GetKeyPairRef(os->dheKeyPair);
ss->dheParams = os->dheParams;
@@ -390,10 +389,6 @@ ssl_DestroySocketContents(sslSocket *ss)
SECITEM_FreeItem(&ss->signedCertTimestamps[i], PR_FALSE);
}
}
- if (ss->stepDownKeyPair) {
- ssl3_FreeKeyPair(ss->stepDownKeyPair);
- ss->stepDownKeyPair = NULL;
- }
if (ss->ephemeralECDHKeyPair) {
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
ss->ephemeralECDHKeyPair = NULL;
@@ -695,12 +690,6 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
ss->opt.detectRollBack = on;
break;
- case SSL_NO_STEP_DOWN:
- ss->opt.noStepDown = on;
- if (on)
- SSL_DisableExportCipherSuites(fd);
- break;
-
case SSL_BYPASS_PKCS11:
if (ss->handshakeBegun) {
PORT_SetError(PR_INVALID_STATE_ERROR);
@@ -869,9 +858,6 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
case SSL_ROLLBACK_DETECTION:
on = ss->opt.detectRollBack;
break;
- case SSL_NO_STEP_DOWN:
- on = ss->opt.noStepDown;
- break;
case SSL_BYPASS_PKCS11:
on = ss->opt.bypassPKCS11;
break;
@@ -980,9 +966,6 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
case SSL_ROLLBACK_DETECTION:
on = ssl_defaults.detectRollBack;
break;
- case SSL_NO_STEP_DOWN:
- on = ssl_defaults.noStepDown;
- break;
case SSL_BYPASS_PKCS11:
on = ssl_defaults.bypassPKCS11;
break;
@@ -1120,12 +1103,6 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
ssl_defaults.detectRollBack = on;
break;
- case SSL_NO_STEP_DOWN:
- ssl_defaults.noStepDown = on;
- if (on)
- SSL_DisableDefaultExportCipherSuites();
- break;
-
case SSL_BYPASS_PKCS11:
if (PR_FALSE != on) {
if (PR_SUCCESS == SSL_BypassSetup()) {
@@ -1318,10 +1295,6 @@ ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
{
if (ssl_IsRemovedCipherSuite(which))
return SECSuccess;
- if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
return ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
}
@@ -1365,10 +1338,6 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
}
if (ssl_IsRemovedCipherSuite(which))
return SECSuccess;
- if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
return ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
}
@@ -1982,12 +1951,6 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
sc->serverKeyBits = mc->serverKeyBits;
}
}
- if (sm->stepDownKeyPair) {
- if (ss->stepDownKeyPair) {
- ssl3_FreeKeyPair(ss->stepDownKeyPair);
- }
- ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair);
- }
if (sm->ephemeralECDHKeyPair) {
if (ss->ephemeralECDHKeyPair) {
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
@@ -3459,7 +3422,6 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
sc->serverKeyBits = 0;
ss->certStatusArray[i] = NULL;
}
- ss->stepDownKeyPair = NULL;
ss->dheParams = NULL;
ss->dheKeyPair = NULL;
« no previous file with comments | « lib/ssl/sslsecur.c ('k') | lib/ssl/sslt.h » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b