"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "nss/lib/ssl/ssl3con.c" between
nss-3.61.tar.gz and nss-3.62.tar.gz

About: NSS is a set of libraries, APIs, utilities, and documentation designed to support cross-platform development of security-enabled client and server applications. It provides a complete implementation of the crypto libraries used by Mozilla and other companies.

ssl3con.c  (nss-3.61):ssl3con.c  (nss-3.62)
skipping to change at line 73 skipping to change at line 73
static SECStatus ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, static SECStatus ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss,
PRUint8 *b, PRUint8 *b,
PRUint32 length); PRUint32 length);
static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType); static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash); static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme); PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
PRBool ssl_IsRsaeSignatureScheme(SSLSignatureScheme scheme); PRBool ssl_IsRsaeSignatureScheme(SSLSignatureScheme scheme);
PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme); PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme);
PRBool ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme); PRBool ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme);
static SECStatus ssl3_UpdateDefaultHandshakeHashes(sslSocket *ss,
const unsigned char *b,
unsigned int l);
const PRUint8 ssl_hello_retry_random[] = { const PRUint8 ssl_hello_retry_random[] = {
0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C
}; };
PR_STATIC_ASSERT(PR_ARRAY_SIZE(ssl_hello_retry_random) == SSL3_RANDOM_LENGTH); PR_STATIC_ASSERT(PR_ARRAY_SIZE(ssl_hello_retry_random) == SSL3_RANDOM_LENGTH);
/* This list of SSL3 cipher suites is sorted in descending order of /* This list of SSL3 cipher suites is sorted in descending order of
skipping to change at line 3851 skipping to change at line 3854
} }
if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) { if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
return SECFailure; return SECFailure;
} }
} }
} }
if (ss->ssl3.hs.hashType != handshake_hash_record && if (ss->ssl3.hs.hashType != handshake_hash_record &&
ss->ssl3.hs.messages.len > 0) { ss->ssl3.hs.messages.len > 0) {
if (ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf, /* When doing ECH, ssl3_UpdateHandshakeHashes will store outer messages
ss->ssl3.hs.messages.len) != SECSuccess) into
{ * the both the outer and inner transcripts. ssl3_UpdateDefaultHandshake
Hashes
* uses only the default context (which is the outer when doing ECH). */
if (ssl3_UpdateDefaultHandshakeHashes(ss, ss->ssl3.hs.messages.buf,
ss->ssl3.hs.messages.len) != SECSu
ccess) {
return SECFailure; return SECFailure;
} }
sslBuffer_Clear(&ss->ssl3.hs.messages); /* When doing ECH, deriving accept_confirmation requires all messages
* up to SH, then a synthetic SH. Don't free the buffers just yet. */
if (!ss->ssl3.hs.echHpkeCtx) {
sslBuffer_Clear(&ss->ssl3.hs.messages);
}
} }
if (ss->ssl3.hs.shaEchInner && if (ss->ssl3.hs.shaEchInner &&
ss->ssl3.hs.echInnerMessages.len > 0) { ss->ssl3.hs.echInnerMessages.len > 0) {
if (PK11_DigestOp(ss->ssl3.hs.shaEchInner, ss->ssl3.hs.echInnerMessages. buf, if (PK11_DigestOp(ss->ssl3.hs.shaEchInner, ss->ssl3.hs.echInnerMessages. buf,
ss->ssl3.hs.echInnerMessages.len) != SECSuccess) { ss->ssl3.hs.echInnerMessages.len) != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
return SECFailure; return SECFailure;
} }
sslBuffer_Clear(&ss->ssl3.hs.echInnerMessages); if (!ss->ssl3.hs.echHpkeCtx) {
sslBuffer_Clear(&ss->ssl3.hs.echInnerMessages);
}
} }
return SECSuccess; return SECSuccess;
} }
void void
ssl3_RestartHandshakeHashes(sslSocket *ss) ssl3_RestartHandshakeHashes(sslSocket *ss)
{ {
SSL_TRC(30, ("%d: SSL3[%d]: reset handshake hashes", SSL_TRC(30, ("%d: SSL3[%d]: reset handshake hashes",
SSL_GETPID(), ss->fd)); SSL_GETPID(), ss->fd));
skipping to change at line 3896 skipping to change at line 3908
if (ss->ssl3.hs.shaEchInner) { if (ss->ssl3.hs.shaEchInner) {
PK11_DestroyContext(ss->ssl3.hs.shaEchInner, PR_TRUE); PK11_DestroyContext(ss->ssl3.hs.shaEchInner, PR_TRUE);
ss->ssl3.hs.shaEchInner = NULL; ss->ssl3.hs.shaEchInner = NULL;
} }
if (ss->ssl3.hs.shaPostHandshake) { if (ss->ssl3.hs.shaPostHandshake) {
PK11_DestroyContext(ss->ssl3.hs.shaPostHandshake, PR_TRUE); PK11_DestroyContext(ss->ssl3.hs.shaPostHandshake, PR_TRUE);
ss->ssl3.hs.shaPostHandshake = NULL; ss->ssl3.hs.shaPostHandshake = NULL;
} }
} }
/* For TLS 1.3 EncryptedClientHello, add the provided buffer to the /* Add the provided bytes to the handshake hash context. When doing
* given hash context. This is only needed for the initial CH, * TLS 1.3 ECH, |target| may be provided to specify only the inner/outer
* after which ssl3_UpdateHandshakeHashes will update both contexts * transcript, else the input is added to both contexts. This happens
* until ssl3_CoalesceEchHandshakeHashes. */ * only on the client. On the server, only the default context is used. */
SECStatus
ssl3_UpdateExplicitHandshakeTranscript(sslSocket *ss, const unsigned char *b,
unsigned int l, sslBuffer *target)
{
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
PORT_Assert(ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3);
if (ss->sec.isServer) {
/* Only the client maintains two states at the outset. */
PORT_Assert(target != &ss->ssl3.hs.echInnerMessages);
}
return sslBuffer_Append(target, b, l);
}
static SECStatus
ssl3_UpdateOuterHandshakeHashes(sslSocket *ss, const unsigned char *b,
unsigned int l)
{
return ssl3_UpdateExplicitHandshakeTranscript(ss, b, l,
&ss->ssl3.hs.messages);
}
static SECStatus
ssl3_UpdateInnerHandshakeHashes(sslSocket *ss, const unsigned char *b,
unsigned int l)
{
return ssl3_UpdateExplicitHandshakeTranscript(ss, b, l,
&ss->ssl3.hs.echInnerMessages)
;
}
/*
* Handshake messages
*/
/* Called from ssl3_InitHandshakeHashes()
** ssl3_AppendHandshake()
** ssl3_HandleV2ClientHello()
** ssl3_HandleHandshakeMessage()
** Caller must hold the ssl3Handshake lock.
*/
SECStatus SECStatus
ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned int l ssl3_UpdateHandshakeHashesInt(sslSocket *ss, const unsigned char *b,
) unsigned int l, sslBuffer *target)
{ {
SECStatus rv = SECSuccess;
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
SECStatus rv = SECSuccess;
PRBool explicit = (target != NULL);
PRBool appendToEchInner = !ss->sec.isServer &&
ss->ssl3.hs.echHpkeCtx &&
!explicit;
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
PORT_Assert(target != &ss->ssl3.hs.echInnerMessages ||
!ss->sec.isServer);
if (target == NULL) {
/* Default context. */
target = &ss->ssl3.hs.messages;
}
/* With TLS 1.3, and versions TLS.1.1 and older, we keep the hash(es) /* With TLS 1.3, and versions TLS.1.1 and older, we keep the hash(es)
* always up to date. However, we must initially buffer the handshake * always up to date. However, we must initially buffer the handshake
* messages, until we know what to do. * messages, until we know what to do.
* If ss->ssl3.hs.hashType != handshake_hash_unknown, * If ss->ssl3.hs.hashType != handshake_hash_unknown,
* it means we know what to do. We calculate (hash our input), * it means we know what to do. We calculate (hash our input),
* and we stop appending to the buffer. * and we stop appending to the buffer.
* *
* With TLS 1.2, we always append all handshake messages, * With TLS 1.2, we always append all handshake messages,
* and never update the hash, because the hash function we must use for * and never update the hash, because the hash function we must use for
* certificate_verify might be different from the hash function we use * certificate_verify might be different from the hash function we use
* when signing other handshake hashes. */ * when signing other handshake hashes. */
if (ss->ssl3.hs.hashType == handshake_hash_unknown || if (ss->ssl3.hs.hashType == handshake_hash_unknown ||
ss->ssl3.hs.hashType == handshake_hash_record) { ss->ssl3.hs.hashType == handshake_hash_record) {
rv = sslBuffer_Append(&ss->ssl3.hs.messages, b, l); rv = sslBuffer_Append(target, b, l);
if (rv != SECSuccess) { if (rv != SECSuccess) {
return SECFailure; return SECFailure;
} }
if (!ss->sec.isServer && ss->ssl3.hs.echHpkeCtx) { if (appendToEchInner) {
return ssl3_UpdateInnerHandshakeHashes(ss, b, l); return sslBuffer_Append(&ss->ssl3.hs.echInnerMessages, b, l);
} }
return SECSuccess; return SECSuccess;
} }
PRINT_BUF(90, (ss, "handshake hash input:", b, l)); PRINT_BUF(90, (ss, "handshake hash input:", b, l));
if (ss->ssl3.hs.hashType == handshake_hash_single) { if (ss->ssl3.hs.hashType == handshake_hash_single) {
PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3); PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l); if (target == &ss->ssl3.hs.messages) {
if (rv != SECSuccess) { rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l);
ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); if (rv != SECSuccess) {
return rv; ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
return rv;
}
}
if (ss->ssl3.hs.shaEchInner &&
(target == &ss->ssl3.hs.echInnerMessages || !explicit)) {
rv = PK11_DigestOp(ss->ssl3.hs.shaEchInner, b, l);
if (rv != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
return rv;
}
} }
} else if (ss->ssl3.hs.hashType == handshake_hash_combo) { } else if (ss->ssl3.hs.hashType == handshake_hash_combo) {
rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l);
if (rv != SECSuccess) { if (rv != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
return rv; return rv;
} }
rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l); rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l);
if (rv != SECSuccess) { if (rv != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
return rv; return rv;
} }
} }
return rv; return rv;
} }
static SECStatus
ssl3_UpdateDefaultHandshakeHashes(sslSocket *ss, const unsigned char *b,
unsigned int l)
{
return ssl3_UpdateHandshakeHashesInt(ss, b, l,
&ss->ssl3.hs.messages);
}
static SECStatus
ssl3_UpdateInnerHandshakeHashes(sslSocket *ss, const unsigned char *b,
unsigned int l)
{
return ssl3_UpdateHandshakeHashesInt(ss, b, l,
&ss->ssl3.hs.echInnerMessages);
}
/*
* Handshake messages
*/
/* Called from ssl3_InitHandshakeHashes()
** ssl3_AppendHandshake()
** ssl3_HandleV2ClientHello()
** ssl3_HandleHandshakeMessage()
** Caller must hold the ssl3Handshake lock.
*/
SECStatus
ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned int l
)
{
return ssl3_UpdateHandshakeHashesInt(ss, b, l, NULL);
}
SECStatus SECStatus
ssl3_UpdatePostHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned i nt l) ssl3_UpdatePostHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned i nt l)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
PRINT_BUF(90, (ss, "post handshake hash input:", b, l)); PRINT_BUF(90, (ss, "post handshake hash input:", b, l));
PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_single); PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_single);
skipping to change at line 5516 skipping to change at line 5544
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto loser; goto loser;
} }
} }
rv = ssl3_AppendHandshake(ss, chBuf.buf, chBuf.len); rv = ssl3_AppendHandshake(ss, chBuf.buf, chBuf.len);
} else { } else {
rv = tls13_ConstructClientHelloWithEch(ss, sid, !requestingResume, &chBu f, &extensionBuf); rv = tls13_ConstructClientHelloWithEch(ss, sid, !requestingResume, &chBu f, &extensionBuf);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto loser; /* code set */ goto loser; /* code set */
} }
rv = ssl3_UpdateOuterHandshakeHashes(ss, chBuf.buf, chBuf.len); rv = ssl3_UpdateDefaultHandshakeHashes(ss, chBuf.buf, chBuf.len);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto loser; /* code set */ goto loser; /* code set */
} }
if (IS_DTLS(ss)) { if (IS_DTLS(ss)) {
rv = dtls_StageHandshakeMessage(ss); rv = dtls_StageHandshakeMessage(ss);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto loser; goto loser;
} }
} }
skipping to change at line 7067 skipping to change at line 7095
dtls_ReceivedFirstMessageInFlight(ss); dtls_ReceivedFirstMessageInFlight(ss);
if (isHelloRetry) { if (isHelloRetry) {
rv = tls13_HandleHelloRetryRequest(ss, savedMsg, savedLength); rv = tls13_HandleHelloRetryRequest(ss, savedMsg, savedLength);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto loser; goto loser;
} }
return SECSuccess; return SECSuccess;
} }
rv = tls13_MaybeHandleEchSignal(ss);
if (rv != SECSuccess) {
goto alert_loser;
}
rv = ssl3_HandleParsedExtensions(ss, ssl_hs_server_hello); rv = ssl3_HandleParsedExtensions(ss, ssl_hs_server_hello);
ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions); ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto alert_loser; goto alert_loser;
} }
rv = ssl_HashHandshakeMessage(ss, ssl_hs_server_hello, rv = ssl_HashHandshakeMessage(ss, ssl_hs_server_hello,
savedMsg, savedLength); savedMsg, savedLength);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto loser; goto loser;
} }
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) { if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
rv = tls13_HandleServerHelloPart2(ss); rv = tls13_HandleServerHelloPart2(ss, savedMsg, savedLength);
if (rv != SECSuccess) { if (rv != SECSuccess) {
errCode = PORT_GetError(); errCode = PORT_GetError();
goto loser; goto loser;
} }
} else { } else {
rv = ssl3_HandleServerHelloPart2(ss, &sidBytes, &errCode); rv = ssl3_HandleServerHelloPart2(ss, &sidBytes, &errCode);
if (rv != SECSuccess) if (rv != SECSuccess)
goto loser; goto loser;
} }
ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_ech;
return SECSuccess; return SECSuccess;
alert_loser: alert_loser:
(void)SSL3_SendAlert(ss, alert_fatal, desc); (void)SSL3_SendAlert(ss, alert_fatal, desc);
loser: loser:
/* Clean up the temporary pointer to the handshake buffer. */ /* Clean up the temporary pointer to the handshake buffer. */
ss->xtnData.signedCertTimestamps.len = 0; ss->xtnData.signedCertTimestamps.len = 0;
ssl_MapLowLevelError(errCode); ssl_MapLowLevelError(errCode);
return SECFailure; return SECFailure;
skipping to change at line 8631 skipping to change at line 8655
ssl_GenerateServerRandom(sslSocket *ss) ssl_GenerateServerRandom(sslSocket *ss)
{ {
SECStatus rv; SECStatus rv;
PRUint8 *downgradeSentinel; PRUint8 *downgradeSentinel;
rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random); rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random);
if (rv != SECSuccess) { if (rv != SECSuccess) {
return SECFailure; return SECFailure;
} }
if (ss->ssl3.hs.echAccepted) {
rv = tls13_WriteServerEchSignal(ss);
if (rv != SECSuccess) {
return SECFailure;
}
}
if (ss->version == ss->vrange.max) { if (ss->version == ss->vrange.max) {
return SECSuccess; return SECSuccess;
} }
#ifdef DTLS_1_3_DRAFT_VERSION #ifdef DTLS_1_3_DRAFT_VERSION
if (IS_DTLS(ss)) { if (IS_DTLS(ss)) {
return SECSuccess; return SECSuccess;
} }
#endif #endif
/* /*
skipping to change at line 9778 skipping to change at line 9795
if (rv != SECSuccess) { if (rv != SECSuccess) {
return SECFailure; return SECFailure;
} }
if (SSL_BUFFER_LEN(extensionBuf)) { if (SSL_BUFFER_LEN(extensionBuf)) {
rv = sslBuffer_AppendBufferVariable(messageBuf, extensionBuf, 2); rv = sslBuffer_AppendBufferVariable(messageBuf, extensionBuf, 2);
if (rv != SECSuccess) { if (rv != SECSuccess) {
return SECFailure; return SECFailure;
} }
} }
if (!helloRetry && ssl3_ExtensionNegotiated(ss, ssl_tls13_ech_is_inner_xtn))
{
/* Signal ECH acceptance if we handled handled both CHOuter/CHInner (i.e
.
* in shared mode), or if we received a CHInner in split/backend mode. *
/
if (ss->ssl3.hs.echAccepted || ss->opt.enableTls13BackendEch) {
return tls13_WriteServerEchSignal(ss, SSL_BUFFER_BASE(messageBuf),
SSL_BUFFER_LEN(messageBuf));
}
}
return SECSuccess; return SECSuccess;
} }
/* The negotiated version number has been already placed in ss->version. /* The negotiated version number has been already placed in ss->version.
** **
** Called from: ssl3_HandleClientHello (resuming session), ** Called from: ssl3_HandleClientHello (resuming session),
** ssl3_SendServerHelloSequence <- ssl3_HandleClientHello (new session), ** ssl3_SendServerHelloSequence <- ssl3_HandleClientHello (new session),
** ssl3_SendServerHelloSequence <- ssl3_HandleV2ClientHello (new session) ** ssl3_SendServerHelloSequence <- ssl3_HandleV2ClientHello (new session)
*/ */
SECStatus SECStatus
skipping to change at line 12287 skipping to change at line 12313
{ {
return ssl_HashHandshakeMessageInt(ss, ct, ss->ssl3.hs.recvMessageSeq, return ssl_HashHandshakeMessageInt(ss, ct, ss->ssl3.hs.recvMessageSeq,
b, length, ssl3_UpdateHandshakeHashes); b, length, ssl3_UpdateHandshakeHashes);
} }
SECStatus SECStatus
ssl_HashHandshakeMessageDefault(sslSocket *ss, SSLHandshakeType ct, ssl_HashHandshakeMessageDefault(sslSocket *ss, SSLHandshakeType ct,
const PRUint8 *b, PRUint32 length) const PRUint8 *b, PRUint32 length)
{ {
return ssl_HashHandshakeMessageInt(ss, ct, ss->ssl3.hs.recvMessageSeq, return ssl_HashHandshakeMessageInt(ss, ct, ss->ssl3.hs.recvMessageSeq,
b, length, ssl3_UpdateOuterHandshakeHashe s); b, length, ssl3_UpdateDefaultHandshakeHas hes);
} }
SECStatus SECStatus
ssl_HashHandshakeMessageEchInner(sslSocket *ss, SSLHandshakeType ct, ssl_HashHandshakeMessageEchInner(sslSocket *ss, SSLHandshakeType ct,
const PRUint8 *b, PRUint32 length) const PRUint8 *b, PRUint32 length)
{ {
return ssl_HashHandshakeMessageInt(ss, ct, ss->ssl3.hs.recvMessageSeq, return ssl_HashHandshakeMessageInt(ss, ct, ss->ssl3.hs.recvMessageSeq,
b, length, ssl3_UpdateInnerHandshakeHashe s); b, length, ssl3_UpdateInnerHandshakeHashe s);
} }
SECStatus SECStatus
skipping to change at line 13850 skipping to change at line 13876
ss->ssl3.hs.zeroRttState = ssl_0rtt_none; ss->ssl3.hs.zeroRttState = ssl_0rtt_none;
/* Destroy TLS 1.3 buffered early data. */ /* Destroy TLS 1.3 buffered early data. */
tls13_DestroyEarlyData(&ss->ssl3.hs.bufferedEarlyData); tls13_DestroyEarlyData(&ss->ssl3.hs.bufferedEarlyData);
/* Destroy TLS 1.3 PSKs. */ /* Destroy TLS 1.3 PSKs. */
tls13_DestroyPskList(&ss->ssl3.hs.psks); tls13_DestroyPskList(&ss->ssl3.hs.psks);
/* TLS 1.3 ECH state. */ /* TLS 1.3 ECH state. */
PK11_HPKE_DestroyContext(ss->ssl3.hs.echHpkeCtx, PR_TRUE); PK11_HPKE_DestroyContext(ss->ssl3.hs.echHpkeCtx, PR_TRUE);
PORT_Free((void *)ss->ssl3.hs.echPublicName); /* CONST */ PORT_Free((void *)ss->ssl3.hs.echPublicName); /* CONST */
sslBuffer_Clear(&ss->ssl3.hs.greaseEchBuf);
} }
/* /*
* parse the policy value for a single algorithm in a cipher_suite, * parse the policy value for a single algorithm in a cipher_suite,
* return TRUE if we disallow by the cipher suite by policy * return TRUE if we disallow by the cipher suite by policy
* (we don't have to parse any more algorithm policies on this cipher suite), * (we don't have to parse any more algorithm policies on this cipher suite),
* otherwise return FALSE. * otherwise return FALSE.
* 1. If we don't have the required policy, disable by default, disallow by * 1. If we don't have the required policy, disable by default, disallow by
* policy and return TRUE (no more processing needed). * policy and return TRUE (no more processing needed).
* 2. If we have the required policy, and we are disabled, return FALSE, * 2. If we have the required policy, and we are disabled, return FALSE,
 End of changes. 21 change blocks. 
73 lines changed or deleted 104 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)