"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "nss/lib/ssl/ssl3ext.c" between
nss-3.61.tar.gz and nss-3.62.tar.gz

About: NSS is a set of libraries, APIs, utilities, and documentation designed to support cross-platform development of security-enabled client and server applications. It provides a complete implementation of the crypto libraries used by Mozilla and other companies.

ssl3ext.c  (nss-3.61):ssl3ext.c  (nss-3.62)
skipping to change at line 18 skipping to change at line 18
/* TLS extension code moved here from ssl3ecc.c */ /* TLS extension code moved here from ssl3ecc.c */
#include "nssrenam.h" #include "nssrenam.h"
#include "nss.h" #include "nss.h"
#include "pk11pub.h" #include "pk11pub.h"
#include "ssl.h" #include "ssl.h"
#include "sslimpl.h" #include "sslimpl.h"
#include "sslproto.h" #include "sslproto.h"
#include "ssl3exthandle.h" #include "ssl3exthandle.h"
#include "tls13ech.h"
#include "tls13err.h" #include "tls13err.h"
#include "tls13exthandle.h" #include "tls13exthandle.h"
#include "tls13subcerts.h" #include "tls13subcerts.h"
/* Callback function that handles a received extension. */ /* Callback function that handles a received extension. */
typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss, typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss,
TLSExtensionData *xtnData, TLSExtensionData *xtnData,
SECItem *data); SECItem *data);
/* Row in a table of hello extension handlers. */ /* Row in a table of hello extension handlers. */
skipping to change at line 57 skipping to change at line 58
{ ssl_signature_algorithms_xtn, &ssl3_HandleSigAlgsXtn }, { ssl_signature_algorithms_xtn, &ssl3_HandleSigAlgsXtn },
{ ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn }, { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
{ ssl_signed_cert_timestamp_xtn, &ssl3_ServerHandleSignedCertTimestampXtn }, { ssl_signed_cert_timestamp_xtn, &ssl3_ServerHandleSignedCertTimestampXtn },
{ ssl_delegated_credentials_xtn, &tls13_ServerHandleDelegatedCredentialsXtn }, { ssl_delegated_credentials_xtn, &tls13_ServerHandleDelegatedCredentialsXtn },
{ ssl_tls13_key_share_xtn, &tls13_ServerHandleKeyShareXtn }, { ssl_tls13_key_share_xtn, &tls13_ServerHandleKeyShareXtn },
{ ssl_tls13_pre_shared_key_xtn, &tls13_ServerHandlePreSharedKeyXtn }, { ssl_tls13_pre_shared_key_xtn, &tls13_ServerHandlePreSharedKeyXtn },
{ ssl_tls13_early_data_xtn, &tls13_ServerHandleEarlyDataXtn }, { ssl_tls13_early_data_xtn, &tls13_ServerHandleEarlyDataXtn },
{ ssl_tls13_psk_key_exchange_modes_xtn, &tls13_ServerHandlePskModesXtn }, { ssl_tls13_psk_key_exchange_modes_xtn, &tls13_ServerHandlePskModesXtn },
{ ssl_tls13_cookie_xtn, &tls13_ServerHandleCookieXtn }, { ssl_tls13_cookie_xtn, &tls13_ServerHandleCookieXtn },
{ ssl_tls13_post_handshake_auth_xtn, &tls13_ServerHandlePostHandshakeAuthXtn }, { ssl_tls13_post_handshake_auth_xtn, &tls13_ServerHandlePostHandshakeAuthXtn },
{ ssl_tls13_ech_is_inner_xtn, &tls13_ServerHandleEchIsInnerXtn },
{ ssl_record_size_limit_xtn, &ssl_HandleRecordSizeLimitXtn }, { ssl_record_size_limit_xtn, &ssl_HandleRecordSizeLimitXtn },
{ 0, NULL } { 0, NULL }
}; };
/* These two tables are used by the client, to handle server hello /* These two tables are used by the client, to handle server hello
* extensions. */ * extensions. */
static const ssl3ExtensionHandler serverHelloHandlersTLS[] = { static const ssl3ExtensionHandler serverHelloHandlersTLS[] = {
{ ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
/* TODO: add a handler for ssl_ec_point_formats_xtn */ /* TODO: add a handler for ssl_ec_point_formats_xtn */
{ ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
skipping to change at line 838 skipping to change at line 840
{ {
*append = PR_TRUE; *append = PR_TRUE;
return SECSuccess; return SECSuccess;
} }
/* Takes the size of the ClientHello, less the record header, and determines how /* Takes the size of the ClientHello, less the record header, and determines how
* much padding is required. */ * much padding is required. */
static unsigned int static unsigned int
ssl_CalculatePaddingExtLen(const sslSocket *ss, unsigned int clientHelloLength) ssl_CalculatePaddingExtLen(const sslSocket *ss, unsigned int clientHelloLength)
{ {
unsigned int recordLength = 1 /* handshake message type */ +
3 /* handshake message length */ +
clientHelloLength;
unsigned int extensionLen; unsigned int extensionLen;
/* Don't pad for DTLS, for SSLv3, or for renegotiation. */ /* Don't pad for DTLS, for SSLv3, or for renegotiation. */
if (IS_DTLS(ss) || if (IS_DTLS(ss) ||
ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_0 || ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_0 ||
ss->firstHsDone) { ss->firstHsDone) {
return 0; return 0;
} }
/* A padding extension may be included to ensure that the record containing /* A padding extension may be included to ensure that the record containing
* the ClientHello doesn't have a length between 256 and 511 bytes * the ClientHello doesn't have a length between 256 and 511 bytes
* (inclusive). Initial ClientHello records with such lengths trigger bugs * (inclusive). Initial ClientHello records with such lengths trigger bugs
* in F5 devices. */ * in F5 devices. */
if (recordLength < 256 || recordLength >= 512) { if (clientHelloLength < 256 || clientHelloLength >= 512) {
return 0; return 0;
} }
extensionLen = 512 - recordLength; extensionLen = 512 - clientHelloLength;
/* Extensions take at least four bytes to encode. Always include at least /* Extensions take at least four bytes to encode. Always include at least
* one byte of data if we are padding. Some servers will time out or * one byte of data if we are padding. Some servers will time out or
* terminate the connection if the last ClientHello extension is empty. */ * terminate the connection if the last ClientHello extension is empty. */
if (extensionLen < 5) { if (extensionLen < 5) {
extensionLen = 5; extensionLen = 5;
} }
return extensionLen - 4; return extensionLen - 4;
} }
skipping to change at line 1023 skipping to change at line 1022
tls13_DestroyKeyShares(&xtnData->remoteKeyShares); tls13_DestroyKeyShares(&xtnData->remoteKeyShares);
SECITEM_FreeItem(&xtnData->certReqContext, PR_FALSE); SECITEM_FreeItem(&xtnData->certReqContext, PR_FALSE);
SECITEM_FreeItem(&xtnData->applicationToken, PR_FALSE); SECITEM_FreeItem(&xtnData->applicationToken, PR_FALSE);
if (xtnData->certReqAuthorities.arena) { if (xtnData->certReqAuthorities.arena) {
PORT_FreeArena(xtnData->certReqAuthorities.arena, PR_FALSE); PORT_FreeArena(xtnData->certReqAuthorities.arena, PR_FALSE);
xtnData->certReqAuthorities.arena = NULL; xtnData->certReqAuthorities.arena = NULL;
} }
PORT_Free(xtnData->advertised); PORT_Free(xtnData->advertised);
tls13_DestroyDelegatedCredential(xtnData->peerDelegCred); tls13_DestroyDelegatedCredential(xtnData->peerDelegCred);
/* ECH State */ tls13_DestroyEchXtnState(xtnData->ech);
SECITEM_FreeItem(&xtnData->innerCh, PR_FALSE); xtnData->ech = NULL;
SECITEM_FreeItem(&xtnData->echSenderPubKey, PR_FALSE);
SECITEM_FreeItem(&xtnData->echConfigId, PR_FALSE);
SECITEM_FreeItem(&xtnData->echRetryConfigs, PR_FALSE);
xtnData->echRetryConfigsValid = PR_FALSE;
} }
/* Free everything that has been allocated and then reset back to /* Free everything that has been allocated and then reset back to
* the starting state. */ * the starting state. */
void void
ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss) ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss)
{ {
ssl3_DestroyExtensionData(xtnData); ssl3_DestroyExtensionData(xtnData);
ssl3_InitExtensionData(xtnData, ss); ssl3_InitExtensionData(xtnData, ss);
} }
 End of changes. 6 change blocks. 
11 lines changed or deleted 6 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)