"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "nss/lib/ssl/ssl3ext.c" between
nss-3.61.tar.gz and nss-3.62.tar.gz

About: NSS is a set of libraries, APIs, utilities, and documentation designed to support cross-platform development of security-enabled client and server applications. It provides a complete implementation of the crypto libraries used by Mozilla and other companies.

ssl3ext.c  (nss-3.61)	:	ssl3ext.c  (nss-3.62)
skipping to change at line 18		skipping to change at line 18
/* TLS extension code moved here from ssl3ecc.c */		/* TLS extension code moved here from ssl3ecc.c */
#include "nssrenam.h"		#include "nssrenam.h"
#include "nss.h"		#include "nss.h"
#include "pk11pub.h"		#include "pk11pub.h"
#include "ssl.h"		#include "ssl.h"
#include "sslimpl.h"		#include "sslimpl.h"
#include "sslproto.h"		#include "sslproto.h"
#include "ssl3exthandle.h"		#include "ssl3exthandle.h"
		#include "tls13ech.h"
#include "tls13err.h"		#include "tls13err.h"
#include "tls13exthandle.h"		#include "tls13exthandle.h"
#include "tls13subcerts.h"		#include "tls13subcerts.h"
/* Callback function that handles a received extension. */		/* Callback function that handles a received extension. */
typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss,		typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss,
TLSExtensionData *xtnData,		TLSExtensionData *xtnData,
SECItem *data);		SECItem *data);
/* Row in a table of hello extension handlers. */		/* Row in a table of hello extension handlers. */
skipping to change at line 57		skipping to change at line 58
{ ssl_signature_algorithms_xtn, &ssl3_HandleSigAlgsXtn },		{ ssl_signature_algorithms_xtn, &ssl3_HandleSigAlgsXtn },
{ ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },		{ ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
{ ssl_signed_cert_timestamp_xtn, &ssl3_ServerHandleSignedCertTimestampXtn },		{ ssl_signed_cert_timestamp_xtn, &ssl3_ServerHandleSignedCertTimestampXtn },
{ ssl_delegated_credentials_xtn, &tls13_ServerHandleDelegatedCredentialsXtn },		{ ssl_delegated_credentials_xtn, &tls13_ServerHandleDelegatedCredentialsXtn },
{ ssl_tls13_key_share_xtn, &tls13_ServerHandleKeyShareXtn },		{ ssl_tls13_key_share_xtn, &tls13_ServerHandleKeyShareXtn },
{ ssl_tls13_pre_shared_key_xtn, &tls13_ServerHandlePreSharedKeyXtn },		{ ssl_tls13_pre_shared_key_xtn, &tls13_ServerHandlePreSharedKeyXtn },
{ ssl_tls13_early_data_xtn, &tls13_ServerHandleEarlyDataXtn },		{ ssl_tls13_early_data_xtn, &tls13_ServerHandleEarlyDataXtn },
{ ssl_tls13_psk_key_exchange_modes_xtn, &tls13_ServerHandlePskModesXtn },		{ ssl_tls13_psk_key_exchange_modes_xtn, &tls13_ServerHandlePskModesXtn },
{ ssl_tls13_cookie_xtn, &tls13_ServerHandleCookieXtn },		{ ssl_tls13_cookie_xtn, &tls13_ServerHandleCookieXtn },
{ ssl_tls13_post_handshake_auth_xtn, &tls13_ServerHandlePostHandshakeAuthXtn },		{ ssl_tls13_post_handshake_auth_xtn, &tls13_ServerHandlePostHandshakeAuthXtn },
		{ ssl_tls13_ech_is_inner_xtn, &tls13_ServerHandleEchIsInnerXtn },
{ ssl_record_size_limit_xtn, &ssl_HandleRecordSizeLimitXtn },		{ ssl_record_size_limit_xtn, &ssl_HandleRecordSizeLimitXtn },
{ 0, NULL }		{ 0, NULL }
};		};
/* These two tables are used by the client, to handle server hello		/* These two tables are used by the client, to handle server hello
* extensions. */		* extensions. */
static const ssl3ExtensionHandler serverHelloHandlersTLS[] = {		static const ssl3ExtensionHandler serverHelloHandlersTLS[] = {
{ ssl_server_name_xtn, &ssl3_HandleServerNameXtn },		{ ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
/* TODO: add a handler for ssl_ec_point_formats_xtn */		/* TODO: add a handler for ssl_ec_point_formats_xtn */
{ ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },		{ ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
skipping to change at line 838		skipping to change at line 840
{		{
*append = PR_TRUE;		*append = PR_TRUE;
return SECSuccess;		return SECSuccess;
}		}
/* Takes the size of the ClientHello, less the record header, and determines how		/* Takes the size of the ClientHello, less the record header, and determines how
* much padding is required. */		* much padding is required. */
static unsigned int		static unsigned int
ssl_CalculatePaddingExtLen(const sslSocket *ss, unsigned int clientHelloLength)		ssl_CalculatePaddingExtLen(const sslSocket *ss, unsigned int clientHelloLength)
{		{
unsigned int recordLength = 1 /* handshake message type */ +
3 /* handshake message length */ +
clientHelloLength;
unsigned int extensionLen;		unsigned int extensionLen;
/* Don't pad for DTLS, for SSLv3, or for renegotiation. */		/* Don't pad for DTLS, for SSLv3, or for renegotiation. */
if (IS_DTLS(ss) ||		if (IS_DTLS(ss) ||
ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_0 ||		ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_0 ||
ss->firstHsDone) {		ss->firstHsDone) {
return 0;		return 0;
}		}
/* A padding extension may be included to ensure that the record containing		/* A padding extension may be included to ensure that the record containing
* the ClientHello doesn't have a length between 256 and 511 bytes		* the ClientHello doesn't have a length between 256 and 511 bytes
* (inclusive). Initial ClientHello records with such lengths trigger bugs		* (inclusive). Initial ClientHello records with such lengths trigger bugs
* in F5 devices. */		* in F5 devices. */
if (recordLength < 256 || recordLength >= 512) {		if (clientHelloLength < 256 || clientHelloLength >= 512) {
return 0;		return 0;
}		}
extensionLen = 512 - recordLength;		extensionLen = 512 - clientHelloLength;
/* Extensions take at least four bytes to encode. Always include at least		/* Extensions take at least four bytes to encode. Always include at least
* one byte of data if we are padding. Some servers will time out or		* one byte of data if we are padding. Some servers will time out or
* terminate the connection if the last ClientHello extension is empty. */		* terminate the connection if the last ClientHello extension is empty. */
if (extensionLen < 5) {		if (extensionLen < 5) {
extensionLen = 5;		extensionLen = 5;
}		}
return extensionLen - 4;		return extensionLen - 4;
}		}
skipping to change at line 1023		skipping to change at line 1022
tls13_DestroyKeyShares(&xtnData->remoteKeyShares);		tls13_DestroyKeyShares(&xtnData->remoteKeyShares);
SECITEM_FreeItem(&xtnData->certReqContext, PR_FALSE);		SECITEM_FreeItem(&xtnData->certReqContext, PR_FALSE);
SECITEM_FreeItem(&xtnData->applicationToken, PR_FALSE);		SECITEM_FreeItem(&xtnData->applicationToken, PR_FALSE);
if (xtnData->certReqAuthorities.arena) {		if (xtnData->certReqAuthorities.arena) {
PORT_FreeArena(xtnData->certReqAuthorities.arena, PR_FALSE);		PORT_FreeArena(xtnData->certReqAuthorities.arena, PR_FALSE);
xtnData->certReqAuthorities.arena = NULL;		xtnData->certReqAuthorities.arena = NULL;
}		}
PORT_Free(xtnData->advertised);		PORT_Free(xtnData->advertised);
tls13_DestroyDelegatedCredential(xtnData->peerDelegCred);		tls13_DestroyDelegatedCredential(xtnData->peerDelegCred);
/* ECH State */		tls13_DestroyEchXtnState(xtnData->ech);
SECITEM_FreeItem(&xtnData->innerCh, PR_FALSE);		xtnData->ech = NULL;
SECITEM_FreeItem(&xtnData->echSenderPubKey, PR_FALSE);
SECITEM_FreeItem(&xtnData->echConfigId, PR_FALSE);
SECITEM_FreeItem(&xtnData->echRetryConfigs, PR_FALSE);
xtnData->echRetryConfigsValid = PR_FALSE;
}		}
/* Free everything that has been allocated and then reset back to		/* Free everything that has been allocated and then reset back to
* the starting state. */		* the starting state. */
void		void
ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss)		ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss)
{		{
ssl3_DestroyExtensionData(xtnData);		ssl3_DestroyExtensionData(xtnData);
ssl3_InitExtensionData(xtnData, ss);		ssl3_InitExtensionData(xtnData, ss);
}		}
End of changes. 6 change blocks.
11 lines changed or deleted		6 lines changed or added

---