Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-13 13:25:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove fortezza support from libSSL and related commands. Bug 239960.

Browse Source 
ON PERFORMANCE_HACKS_BRANCH.  r=rrelyea.
This commit is contained in:
nelsonb%netscape.com 2005-04-06 19:43:19 +00:00
parent d7eef06aeb
commit 17a1f014fd
29 changed files with 118 additions and 1366 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
security/nss/cmd/SSLsample/server.c
View File

@ -102,14 +102,11 @@ Usage(const char *progName)
"E SSL2 DES 64 CBC WITH MD5\n"
"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
"\n"
"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
"c SSL3 RSA WITH RC4 128 MD5\n"
"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
"e SSL3 RSA WITH DES CBC SHA\n"
"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
"h SSL3 FORTEZZA DMS WITH NULL SHA\n"
"i SSL3 RSA WITH NULL MD5\n"
"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
"k SSL3 RSA FIPS WITH DES CBC SHA\n"

6
security/nss/cmd/SSLsample/sslsample.c
View File

@ -50,14 +50,14 @@ int ssl2CipherSuites[] = {
};
int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */

3
security/nss/cmd/manifest.mn
View File

@ -72,7 +72,6 @@ DIRS = lib \
SSLsample \
ssltap \
strsclnt \
swfort \
symkeyutil \
tstclnt \
vfychain \
@ -81,6 +80,7 @@ DIRS = lib \
$(NULL)
TEMPORARILY_DONT_BUILD = \
sha1test \
$(NULL)
# rsaperf \
@ -92,5 +92,6 @@ TEMPORARILY_DONT_BUILD = \
# to build (requires allxpstr.h)
#
DONT_BULD = jar \
swfort \
perror \
$(NULL)

5
security/nss/cmd/modutil/modutil.c
View File

@ -749,11 +749,10 @@ usage()
"---------------------------------------------------------------------------\n"
"\n"
"Mechanism lists are colon-separated. The following mechanisms are recognized:\n"
"RSA, DSA, RC2, RC4, RC5, DES, DH, FORTEZZA, SHA1, MD5, MD2, SSL, TLS, RANDOM,\n"
" FRIENDLY\n"
"RSA, DSA, RC2, RC4, RC5, DES, DH, SHA1, MD5, MD2, SSL, TLS, RANDOM, FRIENDLY\n"
"\n"
"Cipher lists are colon-separated. The following ciphers are recognized:\n"
"FORTEZZA\n"
"\n"
"\nQuestions or bug reports should be sent to modutil-support@netscape.com.\n"
);

2
security/nss/cmd/platlibs.mk
View File

@ -66,7 +66,6 @@ EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
$(CRYPTOLIB) \
$(DIST)/lib/$(LIB_PREFIX)swfci.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
@ -116,7 +115,6 @@ EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)swfci.$(LIB_SUFFIX) \
$(CRYPTOLIB) \
$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \

11
security/nss/cmd/selfserv/selfserv.c
View File

@ -133,14 +133,14 @@ const int ssl2CipherSuites[] = {
};
const int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
@ -253,14 +253,11 @@ Usage(const char *progName)
"T TLS ECDHE RSA WITH AES 128 CBC SHA\n"
#endif /* NSS_ENABLE_ECC */
"\n"
"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
"c SSL3 RSA WITH RC4 128 MD5\n"
"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
"e SSL3 RSA WITH DES CBC SHA\n"
"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
"h SSL3 FORTEZZA DMS WITH NULL SHA\n"
"i SSL3 RSA WITH NULL MD5\n"
"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
"k SSL3 RSA FIPS WITH DES CBC SHA\n"
@ -1895,7 +1892,7 @@ main(int argc, char **argv)
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
if (cipher > 0) {
SECStatus status;
status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
if (status != SECSuccess)

7
security/nss/cmd/sslstrength/sslstrength.c
View File

@ -91,18 +91,11 @@ struct CipherPolicy ciphers[] = {
{ 'd',SSL_EN_DES_64_CBC_WITH_MD5, "SSL_EN_DES_64_CBC_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'e',SSL_EN_RC4_128_EXPORT40_WITH_MD5, "SSL_EN_RC4_128_EXPORT40_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_ALLOWED },
{ 'f',SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, "SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_ALLOWED },
#ifdef FORTEZZA
{ 'g',SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",1,SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'h',SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, "SSL_FORTEZZA_DMS_WITH_RC4_128_SHA",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
#endif
{ 'i',SSL_RSA_WITH_RC4_128_MD5, "SSL_RSA_WITH_RC4_128_MD5 (ssl3)",1, SSL_ALLOWED,SSL_RESTRICTED },
{ 'j',SSL_RSA_WITH_3DES_EDE_CBC_SHA, "SSL_RSA_WITH_3DES_EDE_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_RESTRICTED },
{ 'k',SSL_RSA_WITH_DES_CBC_SHA, "SSL_RSA_WITH_DES_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'l',SSL_RSA_EXPORT_WITH_RC4_40_MD5, "SSL_RSA_EXPORT_WITH_RC4_40_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
{ 'm',SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
#ifdef FORTEZZA
{ 'n',SSL_FORTEZZA_DMS_WITH_NULL_SHA, "SSL_FORTEZZA_DMS_WITH_NULL_SHA",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
#endif
{ 'o',SSL_RSA_WITH_NULL_MD5, "SSL_RSA_WITH_NULL_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
{ 'p',SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'q',SSL_RSA_FIPS_WITH_DES_CBC_SHA, "SSL_RSA_FIPS_WITH_DES_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED }

8
security/nss/cmd/strsclnt/strsclnt.c
View File

@ -111,14 +111,14 @@ int ssl2CipherSuites[] = {
};
int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
@ -1053,7 +1053,7 @@ client_main(
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
if (cipher > 0) {
SECStatus rv;
rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
if (rv != SECSuccess) {

11
security/nss/cmd/tstclnt/tstclnt.c
View File

@ -108,14 +108,14 @@ int ssl2CipherSuites[] = {
};
int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
@ -257,14 +257,11 @@ static void Usage(const char *progName)
"T TLS ECDHE RSA WITH AES 128 CBC SHA\n"
#endif /* NSS_ENABLE_ECC */
"\n"
"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
"c SSL3 RSA WITH RC4 128 MD5\n"
"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
"e SSL3 RSA WITH DES CBC SHA\n"
"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
"h SSL3 FORTEZZA DMS WITH NULL SHA\n"
"i SSL3 RSA WITH NULL MD5\n"
"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
"k SSL3 RSA FIPS WITH DES CBC SHA\n"
@ -670,7 +667,7 @@ int main(int argc, char **argv)
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
if (cipher > 0) {
SECStatus status;
status = SSL_CipherPrefSet(s, cipher, SSL_ALLOWED);
if (status != SECSuccess)

2
security/nss/cmd/vfyserv/vfyserv.c
View File

@ -444,7 +444,7 @@ main(int argc, char **argv)
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
if (cipher > 0) {
SSL_CipherPrefSetDefault(cipher, PR_TRUE);
}
}

6
security/nss/cmd/vfyserv/vfyutil.c
View File

@ -53,14 +53,14 @@ int ssl2CipherSuites[] = {
};
int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */

4
security/nss/lib/manifest.mn
View File

@ -47,7 +47,6 @@ DEPTH = ../..
# smime
# ckfw (builtins module)
# crmf jar (not dll's)
# fortcrypt
DIRS = util freebl softoken \
base asn1 dev pki pki1 \
certdb certhigh pk11wrap cryptohi nss \
@ -55,9 +54,10 @@ DIRS = util freebl softoken \
pkcs12 pkcs7 smime \
crmf jar \
ckfw \
fortcrypt \
$(NULL)
# fortcrypt is no longer built
# NSS 4.0 build - pure stan libraries
ifdef PURE_STAN_BUILD
DIRS = base asn1 dev pki pki1

8
security/nss/lib/ssl/nsskea.c
View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: nsskea.c,v 1.4 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
/* $Id: nsskea.c,v 1.5 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#include "cert.h"
#include "ssl.h" /* for SSLKEAType */
@ -58,12 +58,6 @@ NSS_FindCertKEAType(CERTCertificate * cert)
case SEC_OID_PKCS1_RSA_ENCRYPTION:
keaType = kt_rsa;
break;
case SEC_OID_MISSI_KEA_DSS_OLD:
case SEC_OID_MISSI_KEA_DSS:
case SEC_OID_MISSI_DSS_OLD:
case SEC_OID_MISSI_DSS:
keaType = kt_fortezza;
break;
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
keaType = kt_dh;
break;

96
security/nss/lib/ssl/preenc.h
View File

@ -1,8 +1,7 @@
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */
/*
* Functions and types used by https servers to send (download) pre-encrypted
* files over SSL connections that use Fortezza ciphersuites.
* Fortezza support is removed.
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
@ -39,7 +38,12 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: preenc.h,v 1.3 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
/* $Id: preenc.h,v 1.4 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
/* Fortezza support is removed.
* This file remains so that old programs will continue to compile,
* But this functionality is no longer supported or implemented.
*/
#include "seccomon.h"
#include "prio.h"
@ -48,53 +52,44 @@ typedef struct PEHeaderStr PEHeader;
#define PE_MIME_TYPE "application/pre-encrypted"
/*
* unencrypted header. The 'top' half of this header is generic. The union
* is type specific, and may include bulk cipher type information
* (Fortezza supports only Fortezza Bulk encryption). Only fortezza
* pre-encrypted is defined.
*/
typedef struct PEFortezzaHeaderStr PEFortezzaHeader;
typedef struct PEFortezzaGeneratedHeaderStr PEFortezzaGeneratedHeader;
typedef struct PEFixedKeyHeaderStr PEFixedKeyHeader;
typedef struct PERSAKeyHeaderStr PERSAKeyHeader;
struct PEFortezzaHeaderStr {
unsigned char key[12]; /* Ks wrapped MEK */
unsigned char iv[24]; /* iv for this MEK */
unsigned char hash[20]; /* SHA hash of file */
unsigned char serial[8]; /* serial number of the card that owns
* Ks */
unsigned char key[12];
unsigned char iv[24];
unsigned char hash[20];
unsigned char serial[8];
};
struct PEFortezzaGeneratedHeaderStr {
unsigned char key[12]; /* TEK wrapped MEK */
unsigned char iv[24]; /* iv for this MEK */
unsigned char hash[20]; /* SHA hash of file */
unsigned char Ra[128]; /* RA to generate TEK */
unsigned char Y[128]; /* Y to generate TEK */
unsigned char key[12];
unsigned char iv[24];
unsigned char hash[20];
unsigned char Ra[128];
unsigned char Y[128];
};
struct PEFixedKeyHeaderStr {
unsigned char pkcs11Mech[4]; /* Symetric key operation */
unsigned char labelLen[2]; /* length of the token label */
unsigned char keyIDLen[2]; /* length of the token Key ID */
unsigned char ivLen[2]; /* length of IV */
unsigned char keyLen[2]; /* length of key (DES3_ECB encrypted) */
unsigned char data[1]; /* start of data */
unsigned char pkcs11Mech[4];
unsigned char labelLen[2];
unsigned char keyIDLen[2];
unsigned char ivLen[2];
unsigned char keyLen[2];
unsigned char data[1];
};
struct PERSAKeyHeaderStr {
unsigned char pkcs11Mech[4]; /* Symetric key operation */
unsigned char issuerLen[2]; /* length of cert issuer */
unsigned char serialLen[2]; /* length of the cert serial */
unsigned char ivLen[2]; /* length of IV */
unsigned char keyLen[2]; /* length of key (RSA encrypted) */
unsigned char data[1]; /* start of data */
unsigned char pkcs11Mech[4];
unsigned char issuerLen[2];
unsigned char serialLen[2];
unsigned char ivLen[2];
unsigned char keyLen[2];
unsigned char data[1];
};
/* macros to get at the variable length data fields */
#define PEFIXED_Label(header) (header->data)
#define PEFIXED_KeyID(header) (&header->data[GetInt2(header->labelLen)])
#define PEFIXED_IV(header) (&header->data[GetInt2(header->labelLen)\
@ -108,10 +103,10 @@ struct PERSAKeyHeaderStr {
#define PERSA_Key(header) (&header->data[GetInt2(header->issuerLen)\
+GetInt2(header->serialLen)+GetInt2(header->keyLen)])
struct PEHeaderStr {
unsigned char magic [2]; /* always 0xC0DE */
unsigned char len [2]; /* length of PEHeader */
unsigned char type [2]; /* FORTEZZA, DIFFIE-HELMAN, RSA */
unsigned char version[2]; /* version number: 1.0 */
unsigned char magic [2];
unsigned char len [2];
unsigned char type [2];
unsigned char version[2];
union {
PEFortezzaHeader fortezza;
PEFortezzaGeneratedHeader g_fortezza;
@ -124,12 +119,9 @@ struct PEHeaderStr {
#define PE_INTRO_LEN 4
#define PE_BASE_HEADER_LEN 8
#define PRE_BLOCK_SIZE 8 /* for decryption blocks */
#define PRE_BLOCK_SIZE 8
/*
* Platform neutral encode/decode macros.
*/
#define GetInt2(c) ((c[0] << 8) | c[1])
#define GetInt4(c) (((unsigned long)c[0] << 24)|((unsigned long)c[1] << 16)\
|((unsigned long)c[2] << 8)| ((unsigned long)c[3]))
@ -137,28 +129,18 @@ struct PEHeaderStr {
#define PutInt4(c,i) ((c[0]=((i) >> 24) & 0xff),(c[1]=((i) >> 16) & 0xff),\
(c[2] = ((i) >> 8) & 0xff), (c[3] = (i) & 0xff))
/*
* magic numbers.
*/
#define PRE_MAGIC 0xc0de
#define PRE_VERSION 0x1010
#define PRE_FORTEZZA_FILE 0x00ff /* pre-encrypted file on disk */
#define PRE_FORTEZZA_STREAM 0x00f5 /* pre-encrypted file in stream */
#define PRE_FORTEZZA_GEN_STREAM 0x00f6 /* Generated pre-encrypted file */
#define PRE_FIXED_FILE 0x000f /* fixed key on disk */
#define PRE_RSA_FILE 0x001f /* RSA in file */
#define PRE_FIXED_STREAM 0x0005 /* fixed key in stream */
#define PRE_FORTEZZA_FILE 0x00ff
#define PRE_FORTEZZA_STREAM 0x00f5
#define PRE_FORTEZZA_GEN_STREAM 0x00f6
#define PRE_FIXED_FILE 0x000f
#define PRE_RSA_FILE 0x001f
#define PRE_FIXED_STREAM 0x0005
/*
* internal implementation info
*/
/* convert an existing stream header to a version with local parameters */
PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *,
int *headerSize);
/* convert an existing file header to one suitable for streaming out */
PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *,
int *headerSize);

199
security/nss/lib/ssl/prelib.c
View File

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: prelib.c,v 1.4 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
/* $Id: prelib.c,v 1.5 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#include "cert.h"
#include "ssl.h"
@ -50,205 +50,18 @@
#include "preenc.h"
#include "pk11func.h"
static unsigned char fromHex(char x) {
if ((x >= '0') && (x <= '9')) return x-'0';
if ((x >= 'a') && (x <= 'f')) return x-'a'+10;
return x-'A'+10;
}
PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *inHeader,
int *headerSize)
int *headerSize)
{
PK11SymKey *key, *tek, *Ks;
sslSocket *ss;
PK11SlotInfo *slot;
CK_TOKEN_INFO info;
int oldHeaderSize;
PEHeader *header;
SECStatus rv;
SECItem item;
int i;
if (fd == NULL) {
/* XXX set an error */
return NULL;
}
ss = ssl_FindSocket(fd);
if (ss == NULL) {
return NULL;
}
PORT_Assert(ss->ssl3 != NULL);
if (ss->ssl3 == NULL) {
return NULL;
}
if (GetInt2(inHeader->magic) != PRE_MAGIC) {
return NULL;
}
oldHeaderSize = GetInt2(inHeader->len);
header = (PEHeader *) PORT_ZAlloc(oldHeaderSize);
if (header == NULL) {
return NULL;
}
switch (GetInt2(inHeader->type)) {
case PRE_FORTEZZA_FILE:
case PRE_FORTEZZA_GEN_STREAM:
case PRE_FIXED_FILE:
case PRE_RSA_FILE:
default:
*headerSize = oldHeaderSize;
PORT_Memcpy(header,inHeader,oldHeaderSize);
return header;
case PRE_FORTEZZA_STREAM:
*headerSize = PE_BASE_HEADER_LEN + sizeof(PEFortezzaHeader);
PutInt2(header->magic,PRE_MAGIC);
PutInt2(header->len,*headerSize);
PutInt2(header->type, PRE_FORTEZZA_FILE);
PORT_Memcpy(header->version,inHeader->version,sizeof(header->version));
PORT_Memcpy(header->u.fortezza.hash,inHeader->u.fortezza.hash,
sizeof(header->u.fortezza.hash));
PORT_Memcpy(header->u.fortezza.iv,inHeader->u.fortezza.iv,
sizeof(header->u.fortezza.iv));
/* get the kea context from the session */
tek = ss->ssl3->fortezza.tek;
if (tek == NULL) {
PORT_Free(header);
return NULL;
}
/* get the slot and the serial number */
slot = PK11_GetSlotFromKey(tek);
if (slot == NULL) {
PORT_Free(header);
return NULL;
}
rv = PK11_GetTokenInfo(slot,&info);
if (rv != SECSuccess) {
PORT_Free(header);
PK11_FreeSlot(slot);
return NULL;
}
/* Look up the Token Fixed Key */
Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, ss->pkcs11PinArg);
PK11_FreeSlot(slot);
if (Ks == NULL) {
PORT_Free(header);
return NULL;
}
/* unwrap the key with the TEK */
item.data = inHeader->u.fortezza.key;
item.len = sizeof(inHeader->u.fortezza.key);
key = PK11_UnwrapSymKey(tek,CKM_SKIPJACK_WRAP,
NULL, &item, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
if (key == NULL) {
PORT_Free(header);
PK11_FreeSymKey(Ks);
return NULL;
}
/* rewrap with the local Ks */
item.data = header->u.fortezza.key;
item.len = sizeof(header->u.fortezza.key);
rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, Ks, key, &item);
PK11_FreeSymKey(Ks);
PK11_FreeSymKey(key);
if (rv != SECSuccess) {
PORT_Free(header);
return NULL;
}
/* copy our local serial number into header */
for (i=0; i < sizeof(header->u.fortezza.serial); i++) {
header->u.fortezza.serial[i] =
(fromHex(info.serialNumber[i*2]) << 4) |
fromHex(info.serialNumber[i*2 + 1]);
}
break;
case PRE_FIXED_STREAM:
/* not implemented yet */
PORT_Free(header);
return NULL;
}
return(header);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return NULL;
}
/*
* this one needs to allocate space and work for RSA & FIXED key files as well
*/
PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *header,
int *headerSize)
{
PK11SymKey *key, *tek, *Ks;
sslSocket *ss;
PK11SlotInfo *slot;
SECStatus rv;
SECItem item;
*headerSize = 0; /* hack */
if (fd == NULL) {
/* XXX set an error */
return NULL;
}
ss = ssl_FindSocket(fd);
if (ss == NULL) {
return NULL;
}
PORT_Assert(ss->ssl3 != NULL);
if (ss->ssl3 == NULL) {
return NULL;
}
/* get the kea context from the session */
tek = ss->ssl3->fortezza.tek;
if (tek == NULL) {
return NULL;
}
slot = PK11_GetSlotFromKey(tek);
if (slot == NULL) return NULL;
Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, PK11_GetWindow(tek));
PK11_FreeSlot(slot);
if (Ks == NULL) return NULL;
/* unwrap with the local Ks */
item.data = header->u.fortezza.key;
item.len = sizeof(header->u.fortezza.key);
/* rewrap the key with the TEK */
key = PK11_UnwrapSymKey(Ks,CKM_SKIPJACK_WRAP,
NULL, &item, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
if (key == NULL) {
PK11_FreeSymKey(Ks);
return NULL;
}
rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, tek, key, &item);
PK11_FreeSymKey(Ks);
PK11_FreeSymKey(key);
if (rv != SECSuccess) {
return NULL;
}
/* copy over our local serial number */
PORT_Memset(header->u.fortezza.serial,0,sizeof(header->u.fortezza.serial));
/* change type to stream */
PutInt2(header->type, PRE_FORTEZZA_STREAM);
return(header);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return NULL;
}

4
security/nss/lib/ssl/ssl.h
View File

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: ssl.h,v 1.19 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
/* $Id: ssl.h,v 1.20 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#ifndef __ssl_h_
#define __ssl_h_
@ -190,7 +190,7 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
#define SSL_SECURITY_STATUS_OFF 0
#define SSL_SECURITY_STATUS_ON_HIGH 1
#define SSL_SECURITY_STATUS_ON_LOW 2
#define SSL_SECURITY_STATUS_FORTEZZA 3
#define SSL_SECURITY_STATUS_FORTEZZA 3 /* NO LONGER SUPPORTED */
/*
** Return the certificate for our SSL peer. If the client calls this

1007
security/nss/lib/ssl/ssl3con.c
View File

File diff suppressed because it is too large Load Diff

19
security/nss/lib/ssl/ssl3prot.h
View File

@ -1,4 +1,4 @@
/*
/* Private header file of libSSL.
* Various and sundry protocol constants. DON'T CHANGE THESE. These
* values are defined by the SSL 3.0 protocol specification.
*
@ -38,7 +38,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: ssl3prot.h,v 1.6 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
/* $Id: ssl3prot.h,v 1.7 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#ifndef __ssl3proto_h_
#define __ssl3proto_h_
@ -206,7 +206,6 @@ typedef enum {
kea_dhe_rsa_export,
kea_dh_anon,
kea_dh_anon_export,
kea_fortezza,
kea_rsa_fips,
kea_ecdh_ecdsa,
kea_ecdhe_ecdsa,
@ -259,7 +258,6 @@ typedef enum {
ct_RSA_fixed_ECDH = 8,
ct_ECDSA_fixed_ECDH = 9,
ct_Fortezza = 20
} SSL3ClientCertificateType;
typedef SECItem *SSL3DistinquishedName;
@ -271,18 +269,6 @@ typedef struct {
typedef SECItem SSL3EncryptedPreMasterSecret;
/* Following struct is the format of a Fortezza ClientKeyExchange message. */
typedef struct {
SECItem y_c;
SSL3Opaque r_c [128];
SSL3Opaque y_signature [40];
SSL3Opaque wrapped_client_write_key [12];
SSL3Opaque wrapped_server_write_key [12];
SSL3Opaque client_write_iv [24];
SSL3Opaque server_write_iv [24];
SSL3Opaque master_secret_iv [24];
SSL3Opaque encrypted_preMasterSecret[48];
} SSL3FortezzaKeys;
typedef SSL3Opaque SSL3MasterSecret[48];
@ -299,7 +285,6 @@ typedef struct {
union {
SSL3EncryptedPreMasterSecret rsa;
SSL3ClientDiffieHellmanPublic diffie_helman;
SSL3FortezzaKeys fortezza;
} exchange_keys;
} SSL3ClientKeyExchange;

5
security/nss/lib/ssl/sslauth.c
View File

@ -33,7 +33,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslauth.c,v 1.11 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
/* $Id: sslauth.c,v 1.12 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#include "cert.h"
#include "secitem.h"
#include "ssl.h"
@ -117,8 +117,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
cipherName = ssl3_cipherName[ss->sec.cipherType];
}
if (cipherName && PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE;
/* do same key stuff for fortezza */
if (cp) {
*cp = PORT_Strdup(cipherName);
}

4
security/nss/lib/ssl/sslcon.c
View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslcon.c,v 1.24 2004/06/24 02:02:39 nelsonb%netscape.com Exp $ */
/* $Id: sslcon.c,v 1.25 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#include "nssrenam.h"
#include "cert.h"
@ -145,7 +145,7 @@ const char * const ssl_cipherName[] = {
"DES-CBC",
"DES-EDE3-CBC",
"unknown",
"Fortezza",
"unknown", /* was fortezza, NO LONGER USED */
};

7
security/nss/lib/ssl/sslenum.c
View File

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslenum.c,v 1.9 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
/* $Id: sslenum.c,v 1.10 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#include "ssl.h"
#include "sslproto.h"
@ -56,7 +56,6 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_RSA_WITH_AES_256_CBC_SHA,
/* 128-bit */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,
#ifdef NSS_ENABLE_ECC
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
@ -84,9 +83,6 @@ const PRUint16 SSL_ImplementedCiphers[] = {
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
/* 80 bit skipjack */
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* KEA + SkipJack */
/* 56-bit DES "domestic" cipher suites */
SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA,
@ -106,7 +102,6 @@ const PRUint16 SSL_ImplementedCiphers[] = {
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
/* ciphersuites with no encryption */
SSL_FORTEZZA_DMS_WITH_NULL_SHA,
#ifdef NSS_ENABLE_ECC
TLS_ECDH_RSA_WITH_NULL_SHA,
TLS_ECDH_ECDSA_WITH_NULL_SHA,

18
security/nss/lib/ssl/sslimpl.h
View File

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslimpl.h,v 1.36 2005/04/05 03:48:20 nelsonb%netscape.com Exp $ */
/* $Id: sslimpl.h,v 1.37 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#ifndef __sslimpl_h_
#define __sslimpl_h_
@ -84,7 +84,7 @@ typedef SSLSignType SSL3SignType;
#define calg_des ssl_calg_des
#define calg_3des ssl_calg_3des
#define calg_idea ssl_calg_idea
#define calg_fortezza ssl_calg_fortezza
#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */
#define calg_aes ssl_calg_aes
#define mac_null ssl_mac_null
@ -414,7 +414,6 @@ typedef enum {
cipher_3des,
cipher_des40,
cipher_idea,
cipher_fortezza,
cipher_aes_128,
cipher_aes_256,
cipher_missing /* reserved for no such supported cipher */
@ -522,7 +521,6 @@ struct sslSessionIDStr {
SSL3CompressionMethod compression;
PRBool resumable;
int policy;
PRBool hasFortezza;
ssl3SidKeys keys;
CK_MECHANISM_TYPE masterWrapMech;
/* mechanism used to wrap master secret */
@ -560,11 +558,6 @@ struct sslSessionIDStr {
char masterValid;
char clAuthValid;
/* the following values are used only in the client, and only
* with fortezza.
*/
SSL3Opaque clientWriteSave[80];
int clientWriteSaveLen;
} ssl3;
} u;
};
@ -660,12 +653,7 @@ const ssl3CipherSuiteDef *suite_def;
/* protected by recvBufLock */
} SSL3HandshakeState;
struct SSL3FortezzaKEAParamsStr {
unsigned char R_s[128]; /* server's "random" public key */
PK11SymKey * tek;
};
typedef struct SSL3FortezzaKEAParamsStr SSL3FortezzaKEAParams;
/*
** This is the "ssl3" struct, as in "ss->ssl3".
@ -704,7 +692,7 @@ struct ssl3StateStr {
/* chain while we are trying to validate it. */
CERTDistNames * ca_list;
/* used by server. trusted CAs for this socket. */
SSL3FortezzaKEAParams fortezza;
};
typedef struct {

7
security/nss/lib/ssl/sslinfo.c
View File

@ -34,7 +34,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslinfo.c,v 1.9 2005/04/05 03:48:20 nelsonb%netscape.com Exp $ */
/* $Id: sslinfo.c,v 1.10 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#include "ssl.h"
#include "sslimpl.h"
#include "sslproto.h"
@ -100,8 +100,6 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
return SECSuccess;
}
#define kt_kea kt_fortezza
#define calg_sj calg_fortezza
#define CS(x) x, #x
#define CK(x) x | 0xff00, #x
@ -143,7 +141,6 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 0, 0, 0, },
{0,CS(SSL_FORTEZZA_DMS_WITH_RC4_128_SHA), S_KEA, K_KEA, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 0, 0, 0, },
@ -156,7 +153,6 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
{0,CS(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA),S_KEA, K_KEA, C_SJ, B_SJ, M_SHA, 1, 0, 0, },
{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 1, 0, 1, },
@ -166,7 +162,6 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 1, 1, 0, },
{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
{0,CS(SSL_FORTEZZA_DMS_WITH_NULL_SHA), S_KEA, K_KEA, C_NULL,B_0, M_SHA, 0, 1, 0, },
{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },

8
security/nss/lib/ssl/sslproto.h
View File

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslproto.h,v 1.6 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
/* $Id: sslproto.h,v 1.7 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#ifndef __sslproto_h_
#define __sslproto_h_
@ -139,9 +139,9 @@
#define SSL_DH_ANON_WITH_DES_CBC_SHA 0x001a
#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA 0x001b
#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c
#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d
#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e
#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */
#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */
#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */
/* New TLS cipher suites */
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F

9
security/nss/lib/ssl/sslsecur.c
View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsecur.c,v 1.27 2005/04/05 03:48:20 nelsonb%netscape.com Exp $ */
/* $Id: sslsecur.c,v 1.28 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#include "cert.h"
#include "secitem.h"
#include "keyhi.h"
@ -574,12 +574,7 @@ ssl_FindCertKEAType(CERTCertificate * cert)
case SEC_OID_PKCS1_RSA_ENCRYPTION:
keaType = kt_rsa;
break;
case SEC_OID_MISSI_KEA_DSS_OLD:
case SEC_OID_MISSI_KEA_DSS:
case SEC_OID_MISSI_DSS_OLD:
case SEC_OID_MISSI_DSS:
keaType = kt_fortezza;
break;
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
keaType = kt_dh;
break;

8
security/nss/lib/ssl/sslsnce.c
View File

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsnce.c,v 1.31 2005/03/09 05:20:44 nelsonb%netscape.com Exp $ */
/* $Id: sslsnce.c,v 1.32 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server
* cache sids!
@ -147,7 +147,7 @@ struct sidCacheEntryStr {
/* 2 */ PRUint16 compression; /* SSL3CompressionMethod */
/*122 */ ssl3SidKeys keys; /* keys and ivs, wrapped as needed. */
/* 1 */ PRUint8 hasFortezza;
/* 1 */ PRUint8 unused; /* was hasFortezza; */
/* 1 */ PRUint8 resumable;
/* 4 */ PRUint32 masterWrapMech;
@ -442,7 +442,6 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
to->u.ssl3.compression = (uint16)from->u.ssl3.compression;
to->u.ssl3.resumable = from->u.ssl3.resumable;
to->u.ssl3.hasFortezza = from->u.ssl3.hasFortezza;
to->u.ssl3.keys = from->u.ssl3.keys;
to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType;
@ -518,7 +517,6 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
to->u.ssl3.compression = (SSL3CompressionMethod)from->u.ssl3.compression;
to->u.ssl3.resumable = from->u.ssl3.resumable;
to->u.ssl3.hasFortezza = from->u.ssl3.hasFortezza;
to->u.ssl3.keys = from->u.ssl3.keys;
to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType;
@ -544,8 +542,6 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
to->u.ssl3.clAuthSeries = 0;
to->u.ssl3.clAuthValid = PR_FALSE;
to->u.ssl3.clientWriteSaveLen = 0;
if (from->u.ssl3.certIndex != -1 && pcce) {
SECItem derCert;

5
security/nss/lib/ssl/sslsock.c
View File

@ -40,7 +40,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsock.c,v 1.35 2005/04/05 03:48:20 nelsonb%netscape.com Exp $ */
/* $Id: sslsock.c,v 1.36 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#include "seccomon.h"
#include "cert.h"
#include "keyhi.h"
@ -71,8 +71,6 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
{ SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED },
{ SSL_EN_DES_64_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_RSA_WITH_RC4_128_MD5, SSL_RESTRICTED, SSL_NOT_ALLOWED },
{ SSL_RSA_WITH_RC4_128_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED },
{ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
@ -81,7 +79,6 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
{ SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, SSL_ALLOWED },
{ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, SSL_ALLOWED },
{ SSL_FORTEZZA_DMS_WITH_NULL_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },

8
security/nss/lib/ssl/sslt.h
View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslt.h,v 1.6 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
/* $Id: sslt.h,v 1.7 2005/04/06 19:43:17 nelsonb%netscape.com Exp $ */
#ifndef __sslt_h_
#define __sslt_h_
@ -66,7 +66,7 @@ typedef enum {
ssl_kea_null = 0,
ssl_kea_rsa = 1,
ssl_kea_dh = 2,
ssl_kea_fortezza = 3,
ssl_kea_fortezza = 3, /* deprecated, now unused */
ssl_kea_ecdh = 4,
ssl_kea_size /* number of ssl_kea_ algorithms */
} SSLKEAType;
@ -79,7 +79,7 @@ typedef enum {
#define kt_null ssl_kea_null
#define kt_rsa ssl_kea_rsa
#define kt_dh ssl_kea_dh
#define kt_fortezza ssl_kea_fortezza
#define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */
#define kt_ecdh ssl_kea_ecdh
#define kt_kea_size ssl_kea_size
@ -105,7 +105,7 @@ typedef enum {
ssl_calg_des = 3,
ssl_calg_3des = 4,
ssl_calg_idea = 5,
ssl_calg_fortezza = 6, /* skipjack */
ssl_calg_fortezza = 6, /* deprecated, now unused */
ssl_calg_aes = 7 /* coming soon */
} SSLCipherAlgorithm;

4
security/nss/pkg/solaris/SUNWtlsd/prototype
View File

@ -38,7 +38,7 @@
#
# ***** END LICENSE BLOCK *****
#
#ident "$Id: prototype,v 1.4 2005/02/28 17:45:19 christophe.ravel.bugs%sun.com Exp $"
#ident "$Id: prototype,v 1.5 2005/04/06 19:43:19 nelsonb%netscape.com Exp $"
#
# This required package information file contains a list of package contents.
# The 'pkgmk' command uses this file to identify the contents of a package
@ -160,6 +160,4 @@ f none usr/include/mps/ssl.h 0644 root bin
f none usr/include/mps/sslerr.h 0644 root bin
f none usr/include/mps/sslproto.h 0644 root bin
f none usr/include/mps/sslt.h 0644 root bin
f none usr/include/mps/swfort.h 0644 root bin
f none usr/include/mps/swfortt.h 0644 root bin
f none usr/include/mps/watcomfx.h 0644 root bin