summaryrefslogtreecommitdiff
path: root/security/nss/lib/ssl/ssl3ext.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/ssl/ssl3ext.c')
-rw-r--r--security/nss/lib/ssl/ssl3ext.c42
1 files changed, 27 insertions, 15 deletions
diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c
index 0da41be12d..271084cf73 100644
--- a/security/nss/lib/ssl/ssl3ext.c
+++ b/security/nss/lib/ssl/ssl3ext.c
@@ -87,6 +87,10 @@ static const ssl3ExtensionHandler serverCertificateHandlers[] = {
{ -1, NULL }
};
+static const ssl3ExtensionHandler certificateRequestHandlers[] = {
+ { -1, NULL }
+};
+
/* Tables of functions to format TLS hello extensions, one function per
* extension.
* These static tables are for the formatting of client hello extensions.
@@ -122,6 +126,7 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS]
{ ssl_tls13_cookie_xtn, &tls13_ClientSendHrrCookieXtn },
{ ssl_tls13_psk_key_exchange_modes_xtn,
&tls13_ClientSendPskKeyExchangeModesXtn },
+ { ssl_padding_xtn, &ssl3_ClientSendPaddingExtension },
/* The pre_shared_key extension MUST be last. */
{ ssl_tls13_pre_shared_key_xtn, &tls13_ClientSendPreSharedKeyXtn },
/* any extra entries will appear as { 0, NULL } */
@@ -167,22 +172,22 @@ ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type)
* buffer so they can only be used during ClientHello processing.
*/
SECStatus
-ssl3_ParseExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length)
+ssl3_ParseExtensions(sslSocket *ss, PRUint8 **b, PRUint32 *length)
{
/* Clean out the extensions list. */
ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
while (*length) {
SECStatus rv;
- PRInt32 extension_type;
+ PRUint32 extension_type;
SECItem extension_data = { siBuffer, NULL, 0 };
TLSExtension *extension;
PRCList *cursor;
/* Get the extension's type field */
- extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
- if (extension_type < 0) { /* failure to decode extension_type */
- return SECFailure; /* alert already sent */
+ rv = ssl3_ConsumeHandshakeNumber(ss, &extension_type, 2, b, length);
+ if (rv != SECSuccess) {
+ return SECFailure; /* alert already sent */
}
SSL_TRC(10, ("%d: SSL3[%d]: parsing extension %d",
@@ -249,7 +254,10 @@ ssl3_HandleParsedExtensions(sslSocket *ss,
SSL3HandshakeType handshakeMessage)
{
const ssl3ExtensionHandler *handlers;
- PRBool isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
+ /* HelloRetryRequest doesn't set ss->version. It might be safe to
+ * do so, but we weren't entirely sure. TODO(ekr@rtfm.com). */
+ PRBool isTLS13 = (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) ||
+ (handshakeMessage == hello_retry_request);
PRCList *cursor;
switch (handshakeMessage) {
@@ -277,6 +285,10 @@ ssl3_HandleParsedExtensions(sslSocket *ss,
PORT_Assert(!ss->sec.isServer);
handlers = serverCertificateHandlers;
break;
+ case certificate_request:
+ PORT_Assert(!ss->sec.isServer);
+ handlers = certificateRequestHandlers;
+ break;
default:
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
PORT_Assert(0);
@@ -348,7 +360,7 @@ ssl3_HandleParsedExtensions(sslSocket *ss,
* ssl3_HandleParsedExtensions. */
SECStatus
ssl3_HandleExtensions(sslSocket *ss,
- SSL3Opaque **b, PRUint32 *length,
+ PRUint8 **b, PRUint32 *length,
SSL3HandshakeType handshakeMessage)
{
SECStatus rv;
@@ -488,7 +500,7 @@ ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num,
SECStatus
ssl3_ExtAppendHandshakeVariable(const sslSocket *ss,
- const SSL3Opaque *src, PRInt32 bytes,
+ const PRUint8 *src, PRInt32 bytes,
PRInt32 lenSize)
{
return ssl3_AppendHandshakeVariable((sslSocket *)ss, src, bytes, lenSize);
@@ -508,22 +520,22 @@ ssl3_ExtDecodeError(const sslSocket *ss)
}
SECStatus
-ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRInt32 bytes,
- SSL3Opaque **b, PRUint32 *length)
+ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes,
+ PRUint8 **b, PRUint32 *length)
{
return ssl3_ConsumeHandshake((sslSocket *)ss, v, bytes, b, length);
}
-PRInt32
-ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRInt32 bytes,
- SSL3Opaque **b, PRUint32 *length)
+SECStatus
+ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num,
+ PRUint32 bytes, PRUint8 **b, PRUint32 *length)
{
- return ssl3_ConsumeHandshakeNumber((sslSocket *)ss, bytes, b, length);
+ return ssl3_ConsumeHandshakeNumber((sslSocket *)ss, num, bytes, b, length);
}
SECStatus
ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
- PRInt32 bytes, SSL3Opaque **b,
+ PRUint32 bytes, PRUint8 **b,
PRUint32 *length)
{
return ssl3_ConsumeHandshakeVariable((sslSocket *)ss, i, bytes, b, length);