Left: | ||
Right: |
OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
10 | 10 |
(...skipping 817 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
828 } | 828 } |
829 /* return NULL and let the caller handle it. */ | 829 /* return NULL and let the caller handle it. */ |
830 PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); | 830 PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); |
831 return NULL; | 831 return NULL; |
832 } | 832 } |
833 | 833 |
834 static PRBool | 834 static PRBool |
835 ssl_NamedGroupTypeEnabled(const sslSocket *ss, NamedGroupType groupType) | 835 ssl_NamedGroupTypeEnabled(const sslSocket *ss, NamedGroupType groupType) |
836 { | 836 { |
837 unsigned int i; | 837 unsigned int i; |
838 for (i = 0; i < ssl_named_group_count; ++i) { | 838 for (i = 0; i < ss->namedGroupPreferenceCount; ++i) { |
839 if (ssl_named_groups[i].type == groupType && | 839 if (ss->namedGroupPreferences[i].type == groupType && |
840 ssl_NamedGroupEnabled(ss, &ssl_named_groups[i])) { | 840 ssl_NamedGroupEnabled(ss, &ss->namedGroupPreferences[i])) { |
841 return PR_TRUE; | 841 return PR_TRUE; |
842 } | 842 } |
843 } | 843 } |
844 return PR_FALSE; | 844 return PR_FALSE; |
845 } | 845 } |
846 | 846 |
847 static PRBool | 847 static PRBool |
848 ssl_KEAEnabled(const sslSocket *ss, SSLKEAType keaType) | 848 ssl_KEAEnabled(const sslSocket *ss, SSLKEAType keaType) |
849 { | 849 { |
850 switch (keaType) { | 850 switch (keaType) { |
(...skipping 11697 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
12548 /* fill in the sid */ | 12548 /* fill in the sid */ |
12549 sid->u.ssl3.cipherSuite = | 12549 sid->u.ssl3.cipherSuite = |
12550 ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ? ss->ssl3.hs.origCipherSuite : ss->ssl3.hs.cipher_suite; | 12550 ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ? ss->ssl3.hs.origCipherSuite : ss->ssl3.hs.cipher_suite; |
12551 sid->u.ssl3.compression = ss->ssl3.hs.compression; | 12551 sid->u.ssl3.compression = ss->ssl3.hs.compression; |
12552 sid->u.ssl3.policy = ss->ssl3.policy; | 12552 sid->u.ssl3.policy = ss->ssl3.policy; |
12553 sid->version = ss->version; | 12553 sid->version = ss->version; |
12554 sid->authType = ss->sec.authType; | 12554 sid->authType = ss->sec.authType; |
12555 sid->authKeyBits = ss->sec.authKeyBits; | 12555 sid->authKeyBits = ss->sec.authKeyBits; |
12556 sid->keaType = ss->sec.keaType; | 12556 sid->keaType = ss->sec.keaType; |
12557 sid->keaKeyBits = ss->sec.keaKeyBits; | 12557 sid->keaKeyBits = ss->sec.keaKeyBits; |
12558 sid->namedGroups = ss->namedGroups; | 12558 sid->namedGroupPreferenceCount = ss->namedGroupPreferenceCount; |
12559 PORT_Memcpy(sid->namedGroupPreferences, ss->namedGroupPreferences, | |
12560 ss->namedGroupPreferenceCount * sizeof(namedGroupDef)); | |
12559 sid->lastAccessTime = sid->creationTime = ssl_Time(); | 12561 sid->lastAccessTime = sid->creationTime = ssl_Time(); |
12560 sid->expirationTime = sid->creationTime + ssl3_sid_timeout; | 12562 sid->expirationTime = sid->creationTime + ssl3_sid_timeout; |
12561 sid->localCert = CERT_DupCertificate(ss->sec.localCert); | 12563 sid->localCert = CERT_DupCertificate(ss->sec.localCert); |
12562 if (ss->sec.isServer) { | 12564 if (ss->sec.isServer) { |
12563 memcpy(&sid->certType, &ss->sec.serverCert->certType, sizeof(sid->certTy pe)); | 12565 memcpy(&sid->certType, &ss->sec.serverCert->certType, sizeof(sid->certTy pe)); |
12564 } else { | 12566 } else { |
12565 sid->certType.authType = ssl_auth_null; | 12567 sid->certType.authType = ssl_auth_null; |
12566 } | 12568 } |
12567 | 12569 |
12568 if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT && | 12570 if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT && |
(...skipping 530 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
13099 unsigned int c = a ^ b; | 13101 unsigned int c = a ^ b; |
13100 c--; | 13102 c--; |
13101 return DUPLICATE_MSB_TO_ALL_8(c); | 13103 return DUPLICATE_MSB_TO_ALL_8(c); |
13102 } | 13104 } |
13103 | 13105 |
13104 /* ssl_constantTimeSelect return a if mask is 0xFF and b if mask is 0x00 */ | 13106 /* ssl_constantTimeSelect return a if mask is 0xFF and b if mask is 0x00 */ |
13105 static unsigned char | 13107 static unsigned char |
13106 ssl_constantTimeSelect(unsigned char mask, unsigned char a, unsigned char b) | 13108 ssl_constantTimeSelect(unsigned char mask, unsigned char a, unsigned char b) |
13107 { | 13109 { |
13108 return (mask & a) | (~mask & b); | 13110 return (mask & a) | (~mask & b); |
13109 } | 13111 } |
ekr-rietveld
2016/09/10 19:09:50
I am assuming that the rest of this file is rebase
franziskus
2016/09/12 03:55:15
Acknowledged.
| |
13110 | 13112 |
13111 static SECStatus | 13113 static SECStatus |
13112 ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext, | 13114 ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext, |
13113 unsigned int blockSize, | 13115 unsigned int blockSize, |
13114 unsigned int macSize) | 13116 unsigned int macSize) |
13115 { | 13117 { |
13116 unsigned int paddingLength, good, t; | 13118 unsigned int paddingLength, good, t; |
13117 const unsigned int overhead = 1 /* padding length byte */ + macSize; | 13119 const unsigned int overhead = 1 /* padding length byte */ + macSize; |
13118 | 13120 |
13119 /* These lengths are all public so we can test them in non-constant | 13121 /* These lengths are all public so we can test them in non-constant |
(...skipping 1178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
14298 } | 14300 } |
14299 } | 14301 } |
14300 } | 14302 } |
14301 | 14303 |
14302 rv = ssl3_ConstrainRangeByPolicy(); | 14304 rv = ssl3_ConstrainRangeByPolicy(); |
14303 | 14305 |
14304 return rv; | 14306 return rv; |
14305 } | 14307 } |
14306 | 14308 |
14307 /* End of ssl3con.c */ | 14309 /* End of ssl3con.c */ |
OLD | NEW |