diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-02-06 11:46:26 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-06 11:46:26 +0100 |
commit | f017b749ea9f1586d2308504553d40bf4cc5439d (patch) | |
tree | c6033924a0de9be1ab140596e305898c651bf57e /security/nss/lib/ssl/ssl3ext.c | |
parent | 7c728b3c7680662fc4e92b5d03697b8339560b08 (diff) | |
download | UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.gz UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.lz UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.xz UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.zip |
Update NSS to 3.32.1-RTM
Diffstat (limited to 'security/nss/lib/ssl/ssl3ext.c')
-rw-r--r-- | security/nss/lib/ssl/ssl3ext.c | 42 |
1 files changed, 27 insertions, 15 deletions
diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 0da41be12..271084cf7 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -87,6 +87,10 @@ static const ssl3ExtensionHandler serverCertificateHandlers[] = { { -1, NULL } }; +static const ssl3ExtensionHandler certificateRequestHandlers[] = { + { -1, NULL } +}; + /* Tables of functions to format TLS hello extensions, one function per * extension. * These static tables are for the formatting of client hello extensions. @@ -122,6 +126,7 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] { ssl_tls13_cookie_xtn, &tls13_ClientSendHrrCookieXtn }, { ssl_tls13_psk_key_exchange_modes_xtn, &tls13_ClientSendPskKeyExchangeModesXtn }, + { ssl_padding_xtn, &ssl3_ClientSendPaddingExtension }, /* The pre_shared_key extension MUST be last. */ { ssl_tls13_pre_shared_key_xtn, &tls13_ClientSendPreSharedKeyXtn }, /* any extra entries will appear as { 0, NULL } */ @@ -167,22 +172,22 @@ ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type) * buffer so they can only be used during ClientHello processing. */ SECStatus -ssl3_ParseExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) +ssl3_ParseExtensions(sslSocket *ss, PRUint8 **b, PRUint32 *length) { /* Clean out the extensions list. */ ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions); while (*length) { SECStatus rv; - PRInt32 extension_type; + PRUint32 extension_type; SECItem extension_data = { siBuffer, NULL, 0 }; TLSExtension *extension; PRCList *cursor; /* Get the extension's type field */ - extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length); - if (extension_type < 0) { /* failure to decode extension_type */ - return SECFailure; /* alert already sent */ + rv = ssl3_ConsumeHandshakeNumber(ss, &extension_type, 2, b, length); + if (rv != SECSuccess) { + return SECFailure; /* alert already sent */ } SSL_TRC(10, ("%d: SSL3[%d]: parsing extension %d", @@ -249,7 +254,10 @@ ssl3_HandleParsedExtensions(sslSocket *ss, SSL3HandshakeType handshakeMessage) { const ssl3ExtensionHandler *handlers; - PRBool isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3; + /* HelloRetryRequest doesn't set ss->version. It might be safe to + * do so, but we weren't entirely sure. TODO(ekr@rtfm.com). */ + PRBool isTLS13 = (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) || + (handshakeMessage == hello_retry_request); PRCList *cursor; switch (handshakeMessage) { @@ -277,6 +285,10 @@ ssl3_HandleParsedExtensions(sslSocket *ss, PORT_Assert(!ss->sec.isServer); handlers = serverCertificateHandlers; break; + case certificate_request: + PORT_Assert(!ss->sec.isServer); + handlers = certificateRequestHandlers; + break; default: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); PORT_Assert(0); @@ -348,7 +360,7 @@ ssl3_HandleParsedExtensions(sslSocket *ss, * ssl3_HandleParsedExtensions. */ SECStatus ssl3_HandleExtensions(sslSocket *ss, - SSL3Opaque **b, PRUint32 *length, + PRUint8 **b, PRUint32 *length, SSL3HandshakeType handshakeMessage) { SECStatus rv; @@ -488,7 +500,7 @@ ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num, SECStatus ssl3_ExtAppendHandshakeVariable(const sslSocket *ss, - const SSL3Opaque *src, PRInt32 bytes, + const PRUint8 *src, PRInt32 bytes, PRInt32 lenSize) { return ssl3_AppendHandshakeVariable((sslSocket *)ss, src, bytes, lenSize); @@ -508,22 +520,22 @@ ssl3_ExtDecodeError(const sslSocket *ss) } SECStatus -ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRInt32 bytes, - SSL3Opaque **b, PRUint32 *length) +ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes, + PRUint8 **b, PRUint32 *length) { return ssl3_ConsumeHandshake((sslSocket *)ss, v, bytes, b, length); } -PRInt32 -ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRInt32 bytes, - SSL3Opaque **b, PRUint32 *length) +SECStatus +ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num, + PRUint32 bytes, PRUint8 **b, PRUint32 *length) { - return ssl3_ConsumeHandshakeNumber((sslSocket *)ss, bytes, b, length); + return ssl3_ConsumeHandshakeNumber((sslSocket *)ss, num, bytes, b, length); } SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i, - PRInt32 bytes, SSL3Opaque **b, + PRUint32 bytes, PRUint8 **b, PRUint32 *length) { return ssl3_ConsumeHandshakeVariable((sslSocket *)ss, i, bytes, b, length); |