diff options
author | wtc%google.com <devnull@localhost> | 2008-02-03 04:29:37 +0000 |
---|---|---|
committer | wtc%google.com <devnull@localhost> | 2008-02-03 04:29:37 +0000 |
commit | 75a6ce0afcb0dafa048b95fde0da71d4eb0463cc (patch) | |
tree | 703152177878f6c555801456a64e472edfb131aa | |
parent | c143cc80be3f0ebb7a5ec566552502916619f333 (diff) | |
download | nss-hg-75a6ce0afcb0dafa048b95fde0da71d4eb0463cc.tar.gz |
Bug 403563: shortened "enableSessionTicketExtension" to
"enableSessionTickets". Changed "TLS1" to "TLS". Some reformatting.
-rw-r--r-- | security/nss/cmd/selfserv/selfserv.c | 11 | ||||
-rw-r--r-- | security/nss/cmd/strsclnt/strsclnt.c | 13 | ||||
-rw-r--r-- | security/nss/cmd/tstclnt/tstclnt.c | 7 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl.h | 4 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 6 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3ecc.c | 4 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3ext.c | 37 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3prot.h | 4 | ||||
-rw-r--r-- | security/nss/lib/ssl/sslimpl.h | 16 | ||||
-rw-r--r-- | security/nss/lib/ssl/sslsock.c | 10 |
10 files changed, 55 insertions, 57 deletions
diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c index 09dc360d7..1819b186a 100644 --- a/security/nss/cmd/selfserv/selfserv.c +++ b/security/nss/cmd/selfserv/selfserv.c @@ -199,7 +199,7 @@ Usage(const char *progName) " 3 -r's mean request, not require, cert on second handshake.\n" " 4 -r's mean request and require, cert on second handshake.\n" "-s means disable SSL socket locking for performance\n" -"-u means enable Session Ticket extension for TLS1.\n" +"-u means enable Session Ticket extension for TLS.\n" "-v means verbose output\n" "-x means use export policy.\n" "-L seconds means log statistics every 'seconds' seconds (default=30).\n" @@ -667,7 +667,7 @@ PRBool disableStepDown = PR_FALSE; PRBool bypassPKCS11 = PR_FALSE; PRBool disableLocking = PR_FALSE; PRBool testbypass = PR_FALSE; -PRBool enableSessionTicketExtension = PR_FALSE; +PRBool enableSessionTickets = PR_FALSE; static const char stopCmd[] = { "GET /stop " }; static const char getCmd[] = { "GET " }; @@ -1450,9 +1450,8 @@ server_main( errExit("error disabling SSL socket locking "); } } - if (enableSessionTicketExtension) { - rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, - PR_TRUE); + if (enableSessionTickets) { + rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); if (rv != SECSuccess) { errExit("error enabling Session Ticket extension "); } @@ -1794,7 +1793,7 @@ main(int argc, char **argv) if ( maxThreads < MIN_THREADS ) maxThreads = MIN_THREADS; break; - case 'u': enableSessionTicketExtension = PR_TRUE; break; + case 'u': enableSessionTickets = PR_TRUE; break; case 'v': verbose++; break; diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index 61d33da0d..0bd63ec32 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -160,7 +160,7 @@ static PRBool disableTLS = PR_FALSE; static PRBool bypassPKCS11 = PR_FALSE; static PRBool disableLocking = PR_FALSE; static PRBool ignoreErrors = PR_FALSE; -static PRBool enableSessionTicketExtension = PR_FALSE; +static PRBool enableSessionTickets = PR_FALSE; PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; @@ -1236,9 +1236,8 @@ client_main( } } - if (enableSessionTicketExtension) { - rv = SSL_OptionSet(model_sock, - SSL_ENABLE_SESSION_TICKETS, PR_TRUE); + if (enableSessionTickets) { + rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); if (rv != SECSuccess) errExit("SSL_OptionSet SSL_ENABLE_SESSION_TICKETS"); } @@ -1394,7 +1393,7 @@ main(int argc, char **argv) max_threads = active_threads = tmpInt; break; - case 'u': enableSessionTicketExtension = PR_TRUE; break; + case 'u': enableSessionTickets = PR_TRUE; break; case 'v': verbose++; break; @@ -1511,9 +1510,9 @@ main(int argc, char **argv) } if (!NoReuse) - exitVal = (enableSessionTicketExtension && + exitVal = (enableSessionTickets && (connections - ssl3stats->hsh_sid_stateless_resumes > 1)) || - (!enableSessionTicketExtension && + (!enableSessionTickets && ((ssl3stats->hsh_sid_cache_misses > 1) || (ssl3stats->hsh_sid_stateless_resumes != 0))) || (ssl3stats->hsh_sid_cache_not_ok != 0) || diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index aa576573f..5c11fb700 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -519,7 +519,7 @@ int main(int argc, char **argv) int bypassPKCS11 = 0; int disableLocking = 0; int useExportPolicy = 0; - int enableSessionTicketExtension = 0; + int enableSessionTickets = 0; PRSocketOptionData opt; PRNetAddr addr; PRPollDesc pollset[2]; @@ -588,7 +588,7 @@ int main(int argc, char **argv) case 's': disableLocking = 1; break; - case 'u': enableSessionTicketExtension = PR_TRUE; break; + case 'u': enableSessionTickets = PR_TRUE; break; case 'v': verbose++; break; @@ -837,8 +837,7 @@ int main(int argc, char **argv) } /* enable Session Ticket extension. */ - rv = SSL_OptionSet(s, SSL_ENABLE_SESSION_TICKETS, - enableSessionTicketExtension); + rv = SSL_OptionSet(s, SSL_ENABLE_SESSION_TICKETS, enableSessionTickets); if (rv != SECSuccess) { SECU_PrintError(progName, "error enabling Session Ticket extension"); return 1; diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index a0811c8ce..aca8cf8b4 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -112,8 +112,8 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd); /* step-down keys if needed. */ #define SSL_BYPASS_PKCS11 16 /* use PKCS#11 for pub key only */ #define SSL_NO_LOCKS 17 /* Don't use locks for protection */ -#define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS1 SessionTicket * - * extension (off by default) */ +#define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */ + /* extension (off by default) */ #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index ef533bfb6..681900a8a 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -3507,7 +3507,7 @@ ssl3_SendClientHello(sslSocket *ss) /* We might be starting a session renegotiation in which case we should * clear previous state. */ - PORT_Memset(&ss->xtnData, 0, sizeof(TLS1ExtensionData)); + PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes", SSL_GETPID(), ss->fd )); @@ -5627,7 +5627,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* We might be starting a session renegotiation in which case we should * clear previous state. */ - PORT_Memset(&ss->xtnData, 0, sizeof(TLS1ExtensionData)); + PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); ss->statelessResume = PR_FALSE; /* OpenSSL 0.9.8g sends TLS extensions even when negotiating SSL3, @@ -8411,7 +8411,7 @@ ssl3_InitState(sslSocket *ss) #endif ssl_ReleaseSpecWriteLock(ss); - PORT_Memset(&ss->xtnData, 0, sizeof(TLS1ExtensionData)); + PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); rv = ssl3_NewHandshakeHashes(ss); if (rv == SECSuccess) { diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 327730b58..acdb86fa6 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -1059,7 +1059,7 @@ ssl3_SendSupportedCurvesExt( if (rv != SECSuccess) return -1; if (!ss->sec.isServer) { - TLS1ExtensionData *xtnData = &ss->xtnData; + TLSExtensionData *xtnData = &ss->xtnData; xtnData->advertised[xtnData->numAdvertised++] = elliptic_curves_xtn; } } @@ -1082,7 +1082,7 @@ ssl3_SendSupportedPointExt( if (rv != SECSuccess) return -1; if (!ss->sec.isServer) { - TLS1ExtensionData *xtnData = &ss->xtnData; + TLSExtensionData *xtnData = &ss->xtnData; xtnData->advertised[xtnData->numAdvertised++] = elliptic_point_formats_xtn; } diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 27c47b245..e4b0a2d53 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -270,14 +270,14 @@ arrayContainsExtension(PRUint16 *array, PRUint32 array_len, PRUint16 ex_type) PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) { - TLS1ExtensionData *xtnData = &ss->xtnData; + TLSExtensionData *xtnData = &ss->xtnData; return arrayContainsExtension(xtnData->negotiated, xtnData->numNegotiated, ex_type); } PRBool ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) { - TLS1ExtensionData *xtnData = &ss->xtnData; + TLSExtensionData *xtnData = &ss->xtnData; return arrayContainsExtension(xtnData->advertised, xtnData->numAdvertised, ex_type); } @@ -320,7 +320,7 @@ ssl3_SendServerNameExt( rv = ssl3_AppendHandshakeVariable(ss, (unsigned char *)ss->url, len, 2); if (rv != SECSuccess) return -1; if (!ss->sec.isServer) { - TLS1ExtensionData *xtnData = &ss->xtnData; + TLSExtensionData *xtnData = &ss->xtnData; xtnData->advertised[xtnData->numAdvertised++] = server_name_xtn; } } @@ -350,7 +350,7 @@ ssl3_SendSessionTicketExt( NewSessionTicket *session_ticket = NULL; /* Ignore the SessionTicket extension if processing is disabled. */ - if (!ss->opt.enableSessionTicketExtension) + if (!ss->opt.enableSessionTickets) return 0; /* Empty extension length = extension_type (2-bytes) + @@ -396,7 +396,7 @@ ssl3_SendSessionTicketExt( goto loser; if (!ss->sec.isServer) { - TLS1ExtensionData *xtnData = &ss->xtnData; + TLSExtensionData *xtnData = &ss->xtnData; xtnData->advertised[xtnData->numAdvertised++] = session_ticket_xtn; } } else if (maxBytes < extension_length) { @@ -448,7 +448,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) HMACContext *hmac_ctx; CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; PK11Context *hmac_ctx_pkcs11; - unsigned char computed_mac[TLS1_EX_SESS_TICKET_MAC_LENGTH]; + unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; unsigned int computed_mac_length; unsigned char iv[AES_BLOCK_SIZE]; SECItem ivItem; @@ -461,7 +461,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); - ticket.ticket_lifetime_hint = TLS1_EX_SESS_TICKET_LIFETIME_HINT; + ticket.ticket_lifetime_hint = TLS_EX_SESS_TICKET_LIFETIME_HINT; cert_length = (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) ? 3 + ss->sec.ci.sid->peerCert->derCert.len : 0; @@ -538,7 +538,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) + AES_BLOCK_SIZE /* iv */ + 2 /* length field for NewSessionTicket.ticket.encrypted_state */ + ciphertext_length /* encrypted_state */ - + TLS1_EX_SESS_TICKET_MAC_LENGTH; /* mac */ + + TLS_EX_SESS_TICKET_MAC_LENGTH; /* mac */ if (SECITEM_AllocItem(NULL, &plaintext_item, ciphertext_length) == NULL) goto loser; @@ -546,7 +546,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) plaintext = plaintext_item; /* ticket_version */ - rv = ssl3_AppendNumberToItem(&plaintext, TLS1_EX_SESS_TICKET_VERSION, + rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION, sizeof(PRUint16)); if (rv != SECSuccess) goto loser; @@ -634,8 +634,9 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (!aes_ctx_pkcs11) goto loser; - rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data, (int *)&ciphertext.len, - ciphertext.len, plaintext_item.data, plaintext_item.len); + rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data, + (int *)&ciphertext.len, ciphertext.len, + plaintext_item.data, plaintext_item.len); PK11_Finalize(aes_ctx_pkcs11); PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); if (rv != SECSuccess) goto loser; @@ -740,7 +741,7 @@ ssl3_ServerHandleSessionTicketExt(sslSocket *ss, PRUint16 ex_type, /* Ignore the SessionTicket extension if processing is disabled. */ - if (!ss->opt.enableSessionTicketExtension) + if (!ss->opt.enableSessionTickets) return SECSuccess; /* Keep track of negotiated extensions. */ @@ -756,7 +757,7 @@ ssl3_ServerHandleSessionTicketExt(sslSocket *ss, PRUint16 ex_type, int i; SECItem extension_data; EncryptedSessionTicket enc_session_ticket; - unsigned char computed_mac[TLS1_EX_SESS_TICKET_MAC_LENGTH]; + unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; unsigned int computed_mac_length; const SECHashObject *hashObj; const unsigned char *aes_key; @@ -833,7 +834,7 @@ ssl3_ServerHandleSessionTicketExt(sslSocket *ss, PRUint16 ex_type, goto no_ticket; HMAC_Begin(hmac_ctx); HMAC_Update(hmac_ctx, extension_data.data, - extension_data.len - TLS1_EX_SESS_TICKET_MAC_LENGTH); + extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, sizeof(computed_mac)) != SECSuccess) goto no_ticket; @@ -853,7 +854,7 @@ ssl3_ServerHandleSessionTicketExt(sslSocket *ss, PRUint16 ex_type, } rv = PK11_DigestBegin(hmac_ctx_pkcs11); rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data, - extension_data.len - TLS1_EX_SESS_TICKET_MAC_LENGTH); + extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); if (rv != SECSuccess) { PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); goto no_ticket; @@ -1040,7 +1041,7 @@ ssl3_ServerHandleSessionTicketExt(sslSocket *ss, PRUint16 ex_type, */ if (parsed_session_ticket->timestamp != 0 && parsed_session_ticket->timestamp + - TLS1_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) { + TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) { sid = ssl3_NewSessionID(ss, PR_TRUE); if (sid == NULL) { @@ -1150,7 +1151,7 @@ ssl3_ParseEncryptedSessionTicket(sslSocket *ss, SECItem *data, 2, &data->data, &data->len) != SECSuccess) return SECFailure; if (ssl3_ConsumeFromItem(data, &enc_session_ticket->mac, - TLS1_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess) + TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess) return SECFailure; if (data->len != 0) /* Make sure that we have consumed all bytes. */ return SECFailure; @@ -1175,7 +1176,7 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SECStatus rv; PRInt32 extension_type; SECItem extension_data; - TLS1ExtensionData *xtnData = &ss->xtnData; + TLSExtensionData *xtnData = &ss->xtnData; const ssl3HelloExtensionHandler * handler; /* Get the extension's type field */ diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h index e45d18bd7..178972ad1 100644 --- a/security/nss/lib/ssl/ssl3prot.h +++ b/security/nss/lib/ssl/ssl3prot.h @@ -309,7 +309,7 @@ typedef struct { } TLSFinished; /* - * TLS1 extension related data structures and constants. + * TLS extension related data structures and constants. */ /* SessionTicket extension related data structures. */ @@ -355,6 +355,6 @@ typedef enum { } ExtensionType; -#define TLS1_EX_SESS_TICKET_MAC_LENGTH 32 +#define TLS_EX_SESS_TICKET_MAC_LENGTH 32 #endif /* __ssl3proto_h_ */ diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 7aacf4f98..197da937f 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -336,7 +336,7 @@ typedef struct sslOptionsStr { unsigned int noStepDown : 1; /* 15 */ unsigned int bypassPKCS11 : 1; /* 16 */ unsigned int noLocks : 1; /* 17 */ - unsigned int enableSessionTicketExtension : 1; /* 18 */ + unsigned int enableSessionTickets : 1; /* 18 */ } sslOptions; typedef enum { sslHandshakingUndetermined = 0, @@ -703,12 +703,12 @@ typedef enum { } SSL3WaitState; /* - * TLS1 Extension related constants and data structures. + * TLS extension related constants and data structures. */ -typedef struct TLS1ExtensionDataStr TLS1ExtensionData; +typedef struct TLSExtensionDataStr TLSExtensionData; typedef struct SessionTicketDataStr SessionTicketData; -struct TLS1ExtensionDataStr { +struct TLSExtensionDataStr { /* registered callbacks that send server hello extensions */ ssl3HelloExtensionSender senders[MAX_EXTENSION_SENDERS]; /* Keep track of the extensions that are negotiated. */ @@ -1083,11 +1083,11 @@ const unsigned char * preferredCipher; ssl3State ssl3; /* - * TLS1 Extension related data. + * TLS extension related data. */ /* True when the current session is a stateless resume. */ PRBool statelessResume; - TLS1ExtensionData xtnData; + TLSExtensionData xtnData; }; @@ -1489,8 +1489,8 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, PK11SymKey **aesKey, PK11SymKey **macKey); /* Tell clients to consider tickets valid for this long. */ -#define TLS1_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ -#define TLS1_EX_SESS_TICKET_VERSION (0x0100) +#define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ +#define TLS_EX_SESS_TICKET_VERSION (0x0100) /* Construct a new NSPR socket for the app to use */ extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index cbd735606..96c6bf9c9 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -178,7 +178,7 @@ static sslOptions ssl_defaults = { PR_FALSE, /* noStepDown */ PR_FALSE, /* bypassPKCS11 */ PR_FALSE, /* noLocks */ - PR_FALSE, /* enableSessionTicketExtension */ + PR_FALSE, /* enableSessionTickets */ }; sslSessionIDLookupFunc ssl_sid_lookup; @@ -701,7 +701,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) break; case SSL_ENABLE_SESSION_TICKETS: - ss->opt.enableSessionTicketExtension = on; + ss->opt.enableSessionTickets = on; break; default: @@ -760,7 +760,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_BYPASS_PKCS11: on = ss->opt.bypassPKCS11; break; case SSL_NO_LOCKS: on = ss->opt.noLocks; break; case SSL_ENABLE_SESSION_TICKETS: - on = ss->opt.enableSessionTicketExtension; + on = ss->opt.enableSessionTickets; break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -803,7 +803,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break; case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break; case SSL_ENABLE_SESSION_TICKETS: - on = ssl_defaults.enableSessionTicketExtension; + on = ssl_defaults.enableSessionTickets; break; default: @@ -933,7 +933,7 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) break; case SSL_ENABLE_SESSION_TICKETS: - ssl_defaults.enableSessionTicketExtension = on; + ssl_defaults.enableSessionTickets = on; break; default: |