Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-20 00:35:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
a394235094
gecko-dev/security/nss/external_tests/ssl_gtest/libssl_internals.c
Kai Engert c50d0b99ce Bug 1277255, land NSS_3_25_BETA1, r=franziskus
2016-06-02 22:33:04 +02:00

144 lines
3.7 KiB
C
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
/* This file contains functions for frobbing the internals of libssl */
#include "libssl_internals.h"
#include "nss.h"
#include "seccomon.h"
#include "ssl.h"
#include "sslimpl.h"
SECStatus
SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd)
{
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
return SECFailure;
}
++ss->clientHelloVersion;
return SECSuccess;
}
PRUint32
SSLInt_DetermineKEABits(PRUint16 serverKeyBits, SSLAuthType authAlgorithm) {
// For ECDSA authentication we expect a curve for key exchange with the
// same strength as the one used for the certificate's signature.
if (authAlgorithm == ssl_auth_ecdsa ||
authAlgorithm == ssl_auth_ecdh_rsa ||
authAlgorithm == ssl_auth_ecdh_ecdsa) {
return serverKeyBits;
}
PORT_Assert(authAlgorithm == ssl_auth_rsa_decrypt ||
authAlgorithm == ssl_auth_rsa_sign);
PRUint32 minKeaBits;
#ifdef NSS_ECC_MORE_THAN_SUITE_B
// P-192 is the smallest curve we want to use.
minKeaBits = 192U;
#else
// P-256 is the smallest supported curve.
minKeaBits = 256U;
#endif
return PR_MAX(SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyBits), minKeaBits);
}
/* Use this function to update the ClientRandom of a client's handshake state
* after replacing its ClientHello message. We for example need to do this
* when replacing an SSLv3 ClientHello with its SSLv2 equivalent. */
SECStatus
SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd, size_t rnd_len,
uint8_t *msg, size_t msg_len)
{
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
return SECFailure;
}
SECStatus rv = ssl3_InitState(ss);
if (rv != SECSuccess) {
return rv;
}
rv = ssl3_RestartHandshakeHashes(ss);
if (rv != SECSuccess) {
return rv;
}
// Zero the client_random struct.
PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
// Copy over the challenge bytes.
size_t offset = SSL3_RANDOM_LENGTH - rnd_len;
PORT_Memcpy(&ss->ssl3.hs.client_random.rand[offset], rnd, rnd_len);
// Rehash the SSLv2 client hello message.
return ssl3_UpdateHandshakeHashes(ss, msg, msg_len);
}
PRBool
SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext)
{
sslSocket *ss = ssl_FindSocket(fd);
return (PRBool)(ss && ssl3_ExtensionNegotiated(ss, ext));
}
void
SSLInt_ClearSessionTicketKey()
{
ssl3_SessionTicketShutdown(NULL, NULL);
NSS_UnregisterShutdown(ssl3_SessionTicketShutdown, NULL);
}
SECStatus
SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu)
{
sslSocket *ss = ssl_FindSocket(fd);
if (ss) {
ss->ssl3.mtu = mtu;
return SECSuccess;
}
return SECFailure;
}
PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd)
{
PRCList *cur_p;
PRInt32 ct = 0;
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
return -1;
}
for (cur_p = PR_NEXT_LINK(&ss->ssl3.hs.cipherSpecs);
cur_p != &ss->ssl3.hs.cipherSpecs;
cur_p = PR_NEXT_LINK(cur_p)) {
++ct;
}
return ct;
}
/* Force a timer expiry by backdating when the timer was started.
* We could set the remaining time to 0 but then backoff would not
* work properly if we decide to test it. */
void SSLInt_ForceTimerExpiry(PRFileDesc *fd)
{
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
return;
}
if (!ss->ssl3.hs.rtTimerCb)
return;
ss->ssl3.hs.rtTimerStarted = PR_IntervalNow() -
PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs + 1);
}
Reference in New Issue View Git Blame Copy Permalink