mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-26 06:11:37 +00:00
Bug 1414735 - Upgrade Firefox to NSS 3.35, r=franziskus UPGRADE_NSS_RELEASE
MozReview-Commit-ID: 6hDnHCWVeWz --HG-- extra : rebase_source : 4bf98010c7afefe9bc0f2da240bb676bd82496b6
This commit is contained in:
Martin Thomson
parent
135158086d
commit
195dbda63e
@ -1915,7 +1915,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
|
||||
_USE_SYSTEM_NSS=1 )
|
||||
|
||||
if test -n "$_USE_SYSTEM_NSS"; then
|
||||
AM_PATH_NSS(3.34, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
|
||||
AM_PATH_NSS(3.35, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
|
||||
fi
|
||||
|
||||
if test -n "$MOZ_SYSTEM_NSS"; then
|
||||
|
||||
@ -75,7 +75,7 @@ namespace {
|
||||
// 0 means no override 1->4 are 1.0, 1.1, 1.2, 1.3, 4->7 unused
|
||||
// bits 3-5 (mask 0x38) specify the tls fallback limit
|
||||
// 0 means no override, values 1->4 match prefs
|
||||
// bit 6 (mask 0x40) specifies use of SSL_AltServerHelloType on handshake
|
||||
// bit 6 (mask 0x40) specifies use of SSL_AltHandshakeType on handshake
|
||||
|
||||
enum {
|
||||
kTLSProviderFlagMaxVersion10 = 0x01,
|
||||
@ -94,7 +94,7 @@ static uint32_t getTLSProviderFlagFallbackLimit(uint32_t flags)
|
||||
return (flags & 0x38) >> 3;
|
||||
}
|
||||
|
||||
static bool getTLSProviderFlagAltServerHello(uint32_t flags)
|
||||
static bool getTLSProviderFlagAltHandshake(uint32_t flags)
|
||||
{
|
||||
return (flags & 0x40);
|
||||
}
|
||||
@ -2601,13 +2601,13 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
|
||||
}
|
||||
}
|
||||
|
||||
// enabling alternative server hello
|
||||
if (getTLSProviderFlagAltServerHello(infoObject->GetProviderTlsFlags())) {
|
||||
// enabling alternative handshake
|
||||
if (getTLSProviderFlagAltHandshake(infoObject->GetProviderTlsFlags())) {
|
||||
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
|
||||
("[%p] nsSSLIOLayerSetOptions: Use AltServerHello\n", fd));
|
||||
if (SECSuccess != SSL_UseAltServerHelloType(fd, PR_TRUE)) {
|
||||
("[%p] nsSSLIOLayerSetOptions: Use AltHandshake\n", fd));
|
||||
if (SECSuccess != SSL_UseAltHandshakeType(fd, PR_TRUE)) {
|
||||
MOZ_LOG(gPIPNSSLog, LogLevel::Error,
|
||||
("[%p] nsSSLIOLayerSetOptions: Use AltServerHello failed\n", fd));
|
||||
("[%p] nsSSLIOLayerSetOptions: Use AltHandshake failed\n", fd));
|
||||
// continue on default path
|
||||
}
|
||||
}
|
||||
|
||||
@ -1 +1 @@
|
||||
NSS_3_34_BETA1
|
||||
de7e5e67e878
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
Functions changes summary: 0 Removed, 0 Changed, 4 Added functions
|
||||
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
|
||||
|
||||
4 Added functions:
|
||||
|
||||
'function SECItem* SEC_CreateSignatureAlgorithmParameters(SECItem*, SECOidTag, SECOidTag, const SECItem*, const SECKEYPrivateKey*)' {SEC_CreateSignatureAlgorithmParameters@@NSS_3.34}
|
||||
'function SECStatus SEC_DerSignDataWithAlgorithmID(SECItem*, const unsigned char*, int, SECKEYPrivateKey*, SECAlgorithmID*)' {SEC_DerSignDataWithAlgorithmID@@NSS_3.34}
|
||||
'function SECStatus SEC_SignDataWithAlgorithmID(SECItem*, const unsigned char*, int, SECKEYPrivateKey*, SECAlgorithmID*)' {SEC_SignDataWithAlgorithmID@@NSS_3.34}
|
||||
'function void SGN_NewContextWithAlgorithmID(SECAlgorithmID*, SECKEYPrivateKey*)' {SGN_NewContextWithAlgorithmID@@NSS_3.34}
|
||||
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
Functions changes summary: 0 Removed, 1 Changed, 0 Added function
|
||||
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
|
||||
|
||||
1 function with some indirect sub-type change:
|
||||
|
||||
[C]'function SECStatus SSL_GetChannelInfo(SSLChannelInfo*, PRUintn)' at sslinfo.c:26:1 has some indirect sub-type changes:
|
||||
parameter 1 of type 'SSLChannelInfo*' has sub-type changes:
|
||||
in pointed to type 'typedef SSLChannelInfo' at sslt.h:288:1:
|
||||
underlying type 'struct SSLChannelInfoStr' at sslt.h:229:1 changed:
|
||||
type size changed from 896 to 960 bits
|
||||
2 data member insertions:
|
||||
'SSLNamedGroup SSLChannelInfoStr::originalKeaGroup', at offset 864 (in bits) at sslt.h:281:1
|
||||
'PRBool SSLChannelInfoStr::resumed', at offset 896 (in bits) at sslt.h:284:1
|
||||
|
||||
|
||||
@ -1 +1 @@
|
||||
NSS_3_33_BRANCH
|
||||
NSS_3_34_BRANCH
|
||||
|
||||
@ -252,7 +252,7 @@ PrintParameterUsage(void)
|
||||
"%-20s The following values are valid:\n"
|
||||
"%-20s P256, P384, P521, x25519, FF2048, FF3072, FF4096, FF6144, FF8192\n",
|
||||
"-I", "", "");
|
||||
fprintf(stderr, "%-20s Enable alternate content type for TLS 1.3 ServerHello\n", "-X alt-server-hello");
|
||||
fprintf(stderr, "%-20s Enable alternative TLS 1.3 handshake\n", "-X alt-server-hello");
|
||||
}
|
||||
|
||||
static void
|
||||
@ -1183,7 +1183,7 @@ run_client(void)
|
||||
|
||||
/* Alternate ServerHello content type (TLS 1.3 only) */
|
||||
if (enableAltServerHello) {
|
||||
rv = SSL_UseAltServerHelloType(s, PR_TRUE);
|
||||
rv = SSL_UseAltHandshakeType(s, PR_TRUE);
|
||||
if (rv != SECSuccess) {
|
||||
SECU_PrintError(progName, "error enabling alternate ServerHello type");
|
||||
error = 1;
|
||||
|
||||
@ -10,4 +10,3 @@
|
||||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
#include <cassert>
|
||||
#include <vector>
|
||||
|
||||
std::vector<uint8_t> hex_string_to_bytes(std::string s) {
|
||||
static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) {
|
||||
std::vector<uint8_t> bytes;
|
||||
for (size_t i = 0; i < s.length(); i += 2) {
|
||||
bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
|
||||
|
||||
@ -11,6 +11,7 @@ CPPSRCS = \
|
||||
pk11_chacha20poly1305_unittest.cc \
|
||||
pk11_curve25519_unittest.cc \
|
||||
pk11_ecdsa_unittest.cc \
|
||||
pk11_encrypt_derive_unittest.cc \
|
||||
pk11_export_unittest.cc \
|
||||
pk11_pbkdf2_unittest.cc \
|
||||
pk11_prf_unittest.cc \
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
'pk11_chacha20poly1305_unittest.cc',
|
||||
'pk11_curve25519_unittest.cc',
|
||||
'pk11_ecdsa_unittest.cc',
|
||||
'pk11_encrypt_derive_unittest.cc',
|
||||
'pk11_pbkdf2_unittest.cc',
|
||||
'pk11_prf_unittest.cc',
|
||||
'pk11_prng_unittest.cc',
|
||||
|
||||
@ -40,12 +40,12 @@ SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
|
||||
// Ensure we don't overrun hs.client_random.
|
||||
rnd_len = PR_MIN(SSL3_RANDOM_LENGTH, rnd_len);
|
||||
|
||||
// Zero the client_random struct.
|
||||
PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
|
||||
// Zero the client_random.
|
||||
PORT_Memset(ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
|
||||
|
||||
// Copy over the challenge bytes.
|
||||
size_t offset = SSL3_RANDOM_LENGTH - rnd_len;
|
||||
PORT_Memcpy(&ss->ssl3.hs.client_random.rand[offset], rnd, rnd_len);
|
||||
PORT_Memcpy(ss->ssl3.hs.client_random + offset, rnd, rnd_len);
|
||||
|
||||
// Rehash the SSLv2 client hello message.
|
||||
return ssl3_UpdateHandshakeHashes(ss, msg, msg_len);
|
||||
|
||||
@ -14,6 +14,7 @@ CSRCS = \
|
||||
CPPSRCS = \
|
||||
ssl_0rtt_unittest.cc \
|
||||
ssl_agent_unittest.cc \
|
||||
ssl_alths_unittest.cc \
|
||||
ssl_auth_unittest.cc \
|
||||
ssl_cert_ext_unittest.cc \
|
||||
ssl_ciphersuite_unittest.cc \
|
||||
|
||||
@ -1079,10 +1079,6 @@ TEST_P(TlsBogusExtensionTest13, AddBogusExtensionHelloRetryRequest) {
|
||||
Run(kTlsHandshakeHelloRetryRequest);
|
||||
}
|
||||
|
||||
TEST_P(TlsBogusExtensionTest13, AddVersionExtensionServerHello) {
|
||||
Run(kTlsHandshakeServerHello, ssl_tls13_supported_versions_xtn);
|
||||
}
|
||||
|
||||
TEST_P(TlsBogusExtensionTest13, AddVersionExtensionEncryptedExtensions) {
|
||||
Run(kTlsHandshakeEncryptedExtensions, ssl_tls13_supported_versions_xtn);
|
||||
}
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
'selfencrypt_unittest.cc',
|
||||
'ssl_0rtt_unittest.cc',
|
||||
'ssl_agent_unittest.cc',
|
||||
'ssl_alths_unittest.cc',
|
||||
'ssl_auth_unittest.cc',
|
||||
'ssl_cert_ext_unittest.cc',
|
||||
'ssl_ciphersuite_unittest.cc',
|
||||
|
||||
@ -11,7 +11,6 @@
|
||||
#include "ssl.h"
|
||||
#include "sslerr.h"
|
||||
#include "sslproto.h"
|
||||
#include "ssl3prot.h"
|
||||
|
||||
extern "C" {
|
||||
// This is not something that should make you happy.
|
||||
@ -104,9 +103,9 @@ TEST_P(TlsConnectGeneric, CaptureAlertServer) {
|
||||
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
|
||||
server_->SetPacketFilter(alert_recorder);
|
||||
|
||||
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
|
||||
ConnectExpectAlert(server_, kTlsAlertDecodeError);
|
||||
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
|
||||
EXPECT_EQ(kTlsAlertIllegalParameter, alert_recorder->description());
|
||||
EXPECT_EQ(kTlsAlertDecodeError, alert_recorder->description());
|
||||
}
|
||||
|
||||
TEST_P(TlsConnectGenericPre13, CaptureAlertClient) {
|
||||
@ -307,42 +306,6 @@ TEST_F(TlsConnectStreamTls13, NegotiateShortHeaders) {
|
||||
Connect();
|
||||
}
|
||||
|
||||
TEST_F(TlsConnectStreamTls13, ClientAltHandshakeType) {
|
||||
client_->SetAltHandshakeTypeEnabled();
|
||||
auto filter = std::make_shared<TlsHeaderRecorder>();
|
||||
server_->SetPacketFilter(filter);
|
||||
Connect();
|
||||
ASSERT_EQ(kTlsHandshakeType, filter->header(0)->content_type());
|
||||
}
|
||||
|
||||
TEST_F(TlsConnectStreamTls13, ServerAltHandshakeType) {
|
||||
server_->SetAltHandshakeTypeEnabled();
|
||||
auto filter = std::make_shared<TlsHeaderRecorder>();
|
||||
server_->SetPacketFilter(filter);
|
||||
Connect();
|
||||
ASSERT_EQ(kTlsHandshakeType, filter->header(0)->content_type());
|
||||
}
|
||||
|
||||
TEST_F(TlsConnectStreamTls13, BothAltHandshakeType) {
|
||||
client_->SetAltHandshakeTypeEnabled();
|
||||
server_->SetAltHandshakeTypeEnabled();
|
||||
auto header_filter = std::make_shared<TlsHeaderRecorder>();
|
||||
auto sh_filter = std::make_shared<TlsInspectorRecordHandshakeMessage>(
|
||||
kTlsHandshakeServerHello);
|
||||
std::vector<std::shared_ptr<PacketFilter>> filters = {header_filter,
|
||||
sh_filter};
|
||||
auto chained = std::make_shared<ChainedPacketFilter>(filters);
|
||||
server_->SetPacketFilter(chained);
|
||||
header_filter->SetAgent(server_.get());
|
||||
header_filter->EnableDecryption();
|
||||
Connect();
|
||||
ASSERT_EQ(kTlsAltHandshakeType, header_filter->header(0)->content_type());
|
||||
ASSERT_EQ(kTlsHandshakeType, header_filter->header(1)->content_type());
|
||||
uint32_t ver;
|
||||
ASSERT_TRUE(sh_filter->buffer().Read(0, 2, &ver));
|
||||
ASSERT_EQ((uint32_t)(0x7a00 | TLS_1_3_DRAFT_VERSION), ver);
|
||||
}
|
||||
|
||||
INSTANTIATE_TEST_CASE_P(
|
||||
GenericStream, TlsConnectGeneric,
|
||||
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
|
||||
|
||||
@ -10,6 +10,8 @@
|
||||
|
||||
#include "databuffer.h"
|
||||
#include "gtest_utils.h"
|
||||
#include "tls_connect.h"
|
||||
#include "tls_filter.h"
|
||||
|
||||
namespace nss_test {
|
||||
|
||||
@ -51,8 +53,8 @@ class TlsPaddingTest
|
||||
<< " total length=" << plaintext_.len() << std::endl;
|
||||
std::cerr << "Plaintext: " << plaintext_ << std::endl;
|
||||
sslBuffer s;
|
||||
s.buf = const_cast<unsigned char *>(
|
||||
static_cast<const unsigned char *>(plaintext_.data()));
|
||||
s.buf = const_cast<unsigned char*>(
|
||||
static_cast<const unsigned char*>(plaintext_.data()));
|
||||
s.len = plaintext_.len();
|
||||
SECStatus rv = ssl_RemoveTLSCBCPadding(&s, kMacSize);
|
||||
if (expect_success) {
|
||||
@ -99,6 +101,75 @@ TEST_P(TlsPaddingTest, LastByteOfPadWrong) {
|
||||
}
|
||||
}
|
||||
|
||||
class RecordReplacer : public TlsRecordFilter {
|
||||
public:
|
||||
RecordReplacer(size_t size)
|
||||
: TlsRecordFilter(), enabled_(false), size_(size) {}
|
||||
|
||||
PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
|
||||
const DataBuffer& data,
|
||||
DataBuffer* changed) override {
|
||||
if (!enabled_) {
|
||||
return KEEP;
|
||||
}
|
||||
|
||||
EXPECT_EQ(kTlsApplicationDataType, header.content_type());
|
||||
changed->Allocate(size_);
|
||||
|
||||
for (size_t i = 0; i < size_; ++i) {
|
||||
changed->data()[i] = i & 0xff;
|
||||
}
|
||||
|
||||
enabled_ = false;
|
||||
return CHANGE;
|
||||
}
|
||||
|
||||
void Enable() { enabled_ = true; }
|
||||
|
||||
private:
|
||||
bool enabled_;
|
||||
size_t size_;
|
||||
};
|
||||
|
||||
TEST_F(TlsConnectStreamTls13, LargeRecord) {
|
||||
EnsureTlsSetup();
|
||||
|
||||
const size_t record_limit = 16384;
|
||||
auto replacer = std::make_shared<RecordReplacer>(record_limit);
|
||||
client_->SetTlsRecordFilter(replacer);
|
||||
replacer->EnableDecryption();
|
||||
Connect();
|
||||
|
||||
replacer->Enable();
|
||||
client_->SendData(10);
|
||||
WAIT_(server_->received_bytes() == record_limit, 2000);
|
||||
ASSERT_EQ(record_limit, server_->received_bytes());
|
||||
}
|
||||
|
||||
TEST_F(TlsConnectStreamTls13, TooLargeRecord) {
|
||||
EnsureTlsSetup();
|
||||
|
||||
const size_t record_limit = 16384;
|
||||
auto replacer = std::make_shared<RecordReplacer>(record_limit + 1);
|
||||
client_->SetTlsRecordFilter(replacer);
|
||||
replacer->EnableDecryption();
|
||||
Connect();
|
||||
|
||||
replacer->Enable();
|
||||
ExpectAlert(server_, kTlsAlertRecordOverflow);
|
||||
client_->SendData(10); // This is expanded.
|
||||
|
||||
uint8_t buf[record_limit + 2];
|
||||
PRInt32 rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
|
||||
EXPECT_GT(0, rv);
|
||||
EXPECT_EQ(SSL_ERROR_RX_RECORD_TOO_LONG, PORT_GetError());
|
||||
|
||||
// Read the server alert.
|
||||
rv = PR_Read(client_->ssl_fd(), buf, sizeof(buf));
|
||||
EXPECT_GT(0, rv);
|
||||
EXPECT_EQ(SSL_ERROR_RECORD_OVERFLOW_ALERT, PORT_GetError());
|
||||
}
|
||||
|
||||
const static size_t kContentSizesArr[] = {
|
||||
1, kMacSize - 1, kMacSize, 30, 31, 32, 36, 256, 257, 287, 288};
|
||||
|
||||
|
||||
@ -387,7 +387,7 @@ void TlsAgent::SetShortHeadersEnabled() {
|
||||
void TlsAgent::SetAltHandshakeTypeEnabled() {
|
||||
EXPECT_TRUE(EnsureTlsSetup());
|
||||
|
||||
SECStatus rv = SSL_UseAltServerHelloType(ssl_fd(), true);
|
||||
SECStatus rv = SSL_UseAltHandshakeType(ssl_fd(), PR_TRUE);
|
||||
EXPECT_EQ(SECSuccess, rv);
|
||||
}
|
||||
|
||||
|
||||
@ -363,6 +363,15 @@ PacketFilter::Action TlsInspectorReplaceHandshakeMessage::FilterHandshake(
|
||||
return KEEP;
|
||||
}
|
||||
|
||||
PacketFilter::Action TlsRecordRecorder::FilterRecord(
|
||||
const TlsRecordHeader& header, const DataBuffer& input,
|
||||
DataBuffer* output) {
|
||||
if (!filter_ || (header.content_type() == ct_)) {
|
||||
records_.push_back({header, input});
|
||||
}
|
||||
return KEEP;
|
||||
}
|
||||
|
||||
PacketFilter::Action TlsConversationRecorder::FilterRecord(
|
||||
const TlsRecordHeader& header, const DataBuffer& input,
|
||||
DataBuffer* output) {
|
||||
|
||||
@ -63,6 +63,11 @@ class TlsRecordHeader : public TlsVersioned {
|
||||
uint64_t sequence_number_;
|
||||
};
|
||||
|
||||
struct TlsRecord {
|
||||
const TlsRecordHeader header;
|
||||
const DataBuffer buffer;
|
||||
};
|
||||
|
||||
// Abstract filter that operates on entire (D)TLS records.
|
||||
class TlsRecordFilter : public PacketFilter {
|
||||
public:
|
||||
@ -221,6 +226,28 @@ class TlsInspectorReplaceHandshakeMessage : public TlsHandshakeFilter {
|
||||
DataBuffer buffer_;
|
||||
};
|
||||
|
||||
class TlsRecordRecorder : public TlsRecordFilter {
|
||||
public:
|
||||
TlsRecordRecorder(uint8_t ct) : filter_(true), ct_(ct), records_() {}
|
||||
TlsRecordRecorder()
|
||||
: filter_(false),
|
||||
ct_(content_handshake), // dummy (<optional> is C++14)
|
||||
records_() {}
|
||||
virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
|
||||
const DataBuffer& input,
|
||||
DataBuffer* output);
|
||||
|
||||
size_t count() const { return records_.size(); }
|
||||
void Clear() { records_.clear(); }
|
||||
|
||||
const TlsRecord& record(size_t i) const { return records_[i]; }
|
||||
|
||||
private:
|
||||
bool filter_;
|
||||
uint8_t ct_;
|
||||
std::vector<TlsRecord> records_;
|
||||
};
|
||||
|
||||
// Make a copy of the complete conversation.
|
||||
class TlsConversationRecorder : public TlsRecordFilter {
|
||||
public:
|
||||
@ -246,12 +273,17 @@ class TlsHeaderRecorder : public TlsRecordFilter {
|
||||
std::vector<TlsRecordHeader> headers_;
|
||||
};
|
||||
|
||||
// Runs multiple packet filters in series.
|
||||
typedef std::initializer_list<std::shared_ptr<PacketFilter>>
|
||||
ChainedPacketFilterInit;
|
||||
|
||||
// Runs multiple packet filters in series.
|
||||
class ChainedPacketFilter : public PacketFilter {
|
||||
public:
|
||||
ChainedPacketFilter() {}
|
||||
ChainedPacketFilter(const std::vector<std::shared_ptr<PacketFilter>> filters)
|
||||
: filters_(filters.begin(), filters.end()) {}
|
||||
ChainedPacketFilter(ChainedPacketFilterInit il) : filters_(il) {}
|
||||
virtual ~ChainedPacketFilter() {}
|
||||
|
||||
virtual PacketFilter::Action Filter(const DataBuffer& input,
|
||||
|
||||
@ -8,6 +8,8 @@
|
||||
#ifndef FREEBL_POLY1305_H_
|
||||
#define FREEBL_POLY1305_H_
|
||||
|
||||
#include "stddef.h"
|
||||
|
||||
typedef unsigned char poly1305_state[512];
|
||||
|
||||
/* Poly1305Init sets up |state| so that it can be used to calculate an
|
||||
|
||||
@ -22,9 +22,9 @@
|
||||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define NSS_VERSION "3.34" _NSS_CUSTOMIZED " Beta"
|
||||
#define NSS_VERSION "3.35" _NSS_CUSTOMIZED " Beta"
|
||||
#define NSS_VMAJOR 3
|
||||
#define NSS_VMINOR 34
|
||||
#define NSS_VMINOR 35
|
||||
#define NSS_VPATCH 0
|
||||
#define NSS_VBUILD 0
|
||||
#define NSS_BETA PR_TRUE
|
||||
|
||||
@ -421,11 +421,20 @@ static const struct mechanismList mechanisms[] = {
|
||||
#endif
|
||||
/* --------------------- Secret Key Operations ------------------------ */
|
||||
{ CKM_GENERIC_SECRET_KEY_GEN, { 1, 32, CKF_GENERATE }, PR_TRUE },
|
||||
{ CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_GENERATE }, PR_FALSE },
|
||||
{ CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
|
||||
{ CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_GENERATE }, PR_FALSE },
|
||||
{ CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
|
||||
{ CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_EXTRACT_KEY_FROM_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_DES3_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_DES3_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_AES_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_AES_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_CAMELLIA_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_CAMELLIA_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_SEED_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_SEED_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
|
||||
|
||||
/* ---------------------- SSL Key Derivations ------------------------- */
|
||||
{ CKM_SSL3_PRE_MASTER_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_FALSE },
|
||||
{ CKM_SSL3_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
|
||||
@ -1524,8 +1524,7 @@ NSC_DecryptUpdate(CK_SESSION_HANDLE hSession,
|
||||
maxout -= padoutlen;
|
||||
}
|
||||
/* now save the final block for the next decrypt or the final */
|
||||
PORT_Memcpy(context->padBuf, &pEncryptedPart[ulEncryptedPartLen -
|
||||
context->blockSize],
|
||||
PORT_Memcpy(context->padBuf, &pEncryptedPart[ulEncryptedPartLen - context->blockSize],
|
||||
context->blockSize);
|
||||
context->padDataLength = context->blockSize;
|
||||
ulEncryptedPartLen -= context->padDataLength;
|
||||
@ -6241,6 +6240,43 @@ sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len,
|
||||
return CKR_MECHANISM_INVALID;
|
||||
}
|
||||
|
||||
/*
|
||||
* Handle the derive from a block encryption cipher
|
||||
*/
|
||||
CK_RV
|
||||
sftk_DeriveEncrypt(SFTKCipher encrypt, void *cipherInfo,
|
||||
int blockSize, SFTKObject *key, CK_ULONG keySize,
|
||||
unsigned char *data, CK_ULONG len)
|
||||
{
|
||||
/* large enough for a 512-bit key */
|
||||
unsigned char tmpdata[SFTK_MAX_DERIVE_KEY_SIZE];
|
||||
SECStatus rv;
|
||||
unsigned int outLen;
|
||||
CK_RV crv;
|
||||
|
||||
if ((len % blockSize) != 0) {
|
||||
return CKR_MECHANISM_PARAM_INVALID;
|
||||
}
|
||||
if (len > SFTK_MAX_DERIVE_KEY_SIZE) {
|
||||
return CKR_MECHANISM_PARAM_INVALID;
|
||||
}
|
||||
if (keySize && (len < keySize)) {
|
||||
return CKR_MECHANISM_PARAM_INVALID;
|
||||
}
|
||||
if (keySize == 0) {
|
||||
keySize = len;
|
||||
}
|
||||
|
||||
rv = (*encrypt)(cipherInfo, &tmpdata, &outLen, len, data, len);
|
||||
if (rv != SECSuccess) {
|
||||
crv = sftk_MapCryptError(PORT_GetError());
|
||||
return crv;
|
||||
}
|
||||
|
||||
crv = sftk_forceAttribute(key, CKA_VALUE, tmpdata, keySize);
|
||||
return crv;
|
||||
}
|
||||
|
||||
/*
|
||||
* SSL Key generation given pre master secret
|
||||
*/
|
||||
@ -6899,6 +6935,172 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
|
||||
break;
|
||||
}
|
||||
|
||||
case CKM_DES3_ECB_ENCRYPT_DATA:
|
||||
case CKM_DES3_CBC_ENCRYPT_DATA: {
|
||||
void *cipherInfo;
|
||||
unsigned char des3key[MAX_DES3_KEY_SIZE];
|
||||
CK_DES_CBC_ENCRYPT_DATA_PARAMS *desEncryptPtr;
|
||||
int mode;
|
||||
unsigned char *iv;
|
||||
unsigned char *data;
|
||||
CK_ULONG len;
|
||||
|
||||
if (mechanism == CKM_DES3_ECB_ENCRYPT_DATA) {
|
||||
stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)
|
||||
pMechanism->pParameter;
|
||||
mode = NSS_DES_EDE3;
|
||||
iv = NULL;
|
||||
data = stringPtr->pData;
|
||||
len = stringPtr->ulLen;
|
||||
} else {
|
||||
mode = NSS_DES_EDE3_CBC;
|
||||
desEncryptPtr =
|
||||
(CK_DES_CBC_ENCRYPT_DATA_PARAMS *)
|
||||
pMechanism->pParameter;
|
||||
iv = desEncryptPtr->iv;
|
||||
data = desEncryptPtr->pData;
|
||||
len = desEncryptPtr->length;
|
||||
}
|
||||
if (att->attrib.ulValueLen == 16) {
|
||||
PORT_Memcpy(des3key, att->attrib.pValue, 16);
|
||||
PORT_Memcpy(des3key + 16, des3key, 8);
|
||||
} else if (att->attrib.ulValueLen == 24) {
|
||||
PORT_Memcpy(des3key, att->attrib.pValue, 24);
|
||||
} else {
|
||||
crv = CKR_KEY_SIZE_RANGE;
|
||||
break;
|
||||
}
|
||||
cipherInfo = DES_CreateContext(des3key, iv, mode, PR_TRUE);
|
||||
PORT_Memset(des3key, 0, 24);
|
||||
if (cipherInfo == NULL) {
|
||||
crv = CKR_HOST_MEMORY;
|
||||
break;
|
||||
}
|
||||
crv = sftk_DeriveEncrypt((SFTKCipher)DES_Encrypt,
|
||||
cipherInfo, 8, key, keySize,
|
||||
data, len);
|
||||
DES_DestroyContext(cipherInfo, PR_TRUE);
|
||||
break;
|
||||
}
|
||||
|
||||
case CKM_AES_ECB_ENCRYPT_DATA:
|
||||
case CKM_AES_CBC_ENCRYPT_DATA: {
|
||||
void *cipherInfo;
|
||||
CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
|
||||
int mode;
|
||||
unsigned char *iv;
|
||||
unsigned char *data;
|
||||
CK_ULONG len;
|
||||
|
||||
if (mechanism == CKM_AES_ECB_ENCRYPT_DATA) {
|
||||
mode = NSS_AES;
|
||||
iv = NULL;
|
||||
stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
|
||||
data = stringPtr->pData;
|
||||
len = stringPtr->ulLen;
|
||||
} else {
|
||||
aesEncryptPtr =
|
||||
(CK_AES_CBC_ENCRYPT_DATA_PARAMS *)pMechanism->pParameter;
|
||||
mode = NSS_AES_CBC;
|
||||
iv = aesEncryptPtr->iv;
|
||||
data = aesEncryptPtr->pData;
|
||||
len = aesEncryptPtr->length;
|
||||
}
|
||||
|
||||
cipherInfo = AES_CreateContext((unsigned char *)att->attrib.pValue,
|
||||
iv, mode, PR_TRUE,
|
||||
att->attrib.ulValueLen, 16);
|
||||
if (cipherInfo == NULL) {
|
||||
crv = CKR_HOST_MEMORY;
|
||||
break;
|
||||
}
|
||||
crv = sftk_DeriveEncrypt((SFTKCipher)AES_Encrypt,
|
||||
cipherInfo, 16, key, keySize,
|
||||
data, len);
|
||||
AES_DestroyContext(cipherInfo, PR_TRUE);
|
||||
break;
|
||||
}
|
||||
|
||||
case CKM_CAMELLIA_ECB_ENCRYPT_DATA:
|
||||
case CKM_CAMELLIA_CBC_ENCRYPT_DATA: {
|
||||
void *cipherInfo;
|
||||
CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
|
||||
int mode;
|
||||
unsigned char *iv;
|
||||
unsigned char *data;
|
||||
CK_ULONG len;
|
||||
|
||||
if (mechanism == CKM_CAMELLIA_ECB_ENCRYPT_DATA) {
|
||||
stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)
|
||||
pMechanism->pParameter;
|
||||
aesEncryptPtr = NULL;
|
||||
mode = NSS_CAMELLIA;
|
||||
data = stringPtr->pData;
|
||||
len = stringPtr->ulLen;
|
||||
iv = NULL;
|
||||
} else {
|
||||
stringPtr = NULL;
|
||||
aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
|
||||
pMechanism->pParameter;
|
||||
mode = NSS_CAMELLIA_CBC;
|
||||
iv = aesEncryptPtr->iv;
|
||||
data = aesEncryptPtr->pData;
|
||||
len = aesEncryptPtr->length;
|
||||
}
|
||||
|
||||
cipherInfo = Camellia_CreateContext((unsigned char *)att->attrib.pValue,
|
||||
iv, mode, PR_TRUE,
|
||||
att->attrib.ulValueLen);
|
||||
if (cipherInfo == NULL) {
|
||||
crv = CKR_HOST_MEMORY;
|
||||
break;
|
||||
}
|
||||
crv = sftk_DeriveEncrypt((SFTKCipher)Camellia_Encrypt,
|
||||
cipherInfo, 16, key, keySize,
|
||||
data, len);
|
||||
Camellia_DestroyContext(cipherInfo, PR_TRUE);
|
||||
break;
|
||||
}
|
||||
|
||||
case CKM_SEED_ECB_ENCRYPT_DATA:
|
||||
case CKM_SEED_CBC_ENCRYPT_DATA: {
|
||||
void *cipherInfo;
|
||||
CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
|
||||
int mode;
|
||||
unsigned char *iv;
|
||||
unsigned char *data;
|
||||
CK_ULONG len;
|
||||
|
||||
if (mechanism == CKM_SEED_ECB_ENCRYPT_DATA) {
|
||||
mode = NSS_SEED;
|
||||
stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)
|
||||
pMechanism->pParameter;
|
||||
aesEncryptPtr = NULL;
|
||||
data = stringPtr->pData;
|
||||
len = stringPtr->ulLen;
|
||||
iv = NULL;
|
||||
} else {
|
||||
mode = NSS_SEED_CBC;
|
||||
aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
|
||||
pMechanism->pParameter;
|
||||
iv = aesEncryptPtr->iv;
|
||||
data = aesEncryptPtr->pData;
|
||||
len = aesEncryptPtr->length;
|
||||
}
|
||||
|
||||
cipherInfo = SEED_CreateContext((unsigned char *)att->attrib.pValue,
|
||||
iv, mode, PR_TRUE);
|
||||
if (cipherInfo == NULL) {
|
||||
crv = CKR_HOST_MEMORY;
|
||||
break;
|
||||
}
|
||||
crv = sftk_DeriveEncrypt((SFTKCipher)SEED_Encrypt,
|
||||
cipherInfo, 16, key, keySize,
|
||||
data, len);
|
||||
SEED_DestroyContext(cipherInfo, PR_TRUE);
|
||||
break;
|
||||
}
|
||||
|
||||
case CKM_CONCATENATE_BASE_AND_KEY: {
|
||||
SFTKObject *newKey;
|
||||
|
||||
|
||||
@ -17,9 +17,9 @@
|
||||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define SOFTOKEN_VERSION "3.34" SOFTOKEN_ECC_STRING " Beta"
|
||||
#define SOFTOKEN_VERSION "3.35" SOFTOKEN_ECC_STRING " Beta"
|
||||
#define SOFTOKEN_VMAJOR 3
|
||||
#define SOFTOKEN_VMINOR 34
|
||||
#define SOFTOKEN_VMINOR 35
|
||||
#define SOFTOKEN_VPATCH 0
|
||||
#define SOFTOKEN_VBUILD 0
|
||||
#define SOFTOKEN_BETA PR_TRUE
|
||||
|
||||
@ -9,6 +9,9 @@
|
||||
#define _SOFTOKNT_H_
|
||||
|
||||
#define NSS_SOFTOKEN_DEFAULT_CHUNKSIZE 2048
|
||||
#define DES_BLOCK_SIZE 8 /* bytes */
|
||||
#define MAX_DES3_KEY_SIZE 24 /* DES_BLOCK_SIZE * 3 */
|
||||
#define SFTK_MAX_DERIVE_KEY_SIZE 64
|
||||
|
||||
/*
|
||||
* FIPS 140-2 auditing
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -111,7 +111,7 @@ ssl_ECPubKey2NamedGroup(const SECKEYPublicKey *pubKey)
|
||||
static SECStatus
|
||||
ssl3_ComputeECDHKeyHash(SSLHashType hashAlg,
|
||||
SECItem ec_params, SECItem server_ecpoint,
|
||||
SSL3Random *client_rand, SSL3Random *server_rand,
|
||||
PRUint8 *client_rand, PRUint8 *server_rand,
|
||||
SSL3Hashes *hashes)
|
||||
{
|
||||
PRUint8 *hashBuf;
|
||||
@ -597,8 +597,8 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length)
|
||||
* check to make sure the hash is signed by right guy
|
||||
*/
|
||||
rv = ssl3_ComputeECDHKeyHash(hashAlg, ec_params, ec_point,
|
||||
&ss->ssl3.hs.client_random,
|
||||
&ss->ssl3.hs.server_random,
|
||||
ss->ssl3.hs.client_random,
|
||||
ss->ssl3.hs.server_random,
|
||||
&hashes);
|
||||
|
||||
if (rv != SECSuccess) {
|
||||
@ -711,8 +711,8 @@ ssl3_SendECDHServerKeyExchange(sslSocket *ss)
|
||||
}
|
||||
rv = ssl3_ComputeECDHKeyHash(hashAlg, ec_params,
|
||||
pubKey->u.ec.publicValue,
|
||||
&ss->ssl3.hs.client_random,
|
||||
&ss->ssl3.hs.server_random,
|
||||
ss->ssl3.hs.client_random,
|
||||
ss->ssl3.hs.server_random,
|
||||
&hashes);
|
||||
if (rv != SECSuccess) {
|
||||
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
|
||||
|
||||
@ -802,7 +802,7 @@ ssl3_ClientHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData
|
||||
}
|
||||
|
||||
PRUint32 ssl_ticket_lifetime = 2 * 24 * 60 * 60; /* 2 days in seconds */
|
||||
#define TLS_EX_SESS_TICKET_VERSION (0x0106)
|
||||
#define TLS_EX_SESS_TICKET_VERSION (0x0107)
|
||||
|
||||
/*
|
||||
* Called from ssl3_SendNewSessionTicket, tls13_SendNewSessionTicket
|
||||
@ -894,6 +894,7 @@ ssl3_EncodeSessionTicket(sslSocket *ss,
|
||||
+ 1 /* extendedMasterSecretUsed */
|
||||
+ sizeof(ticket->ticket_lifetime_hint) /* ticket lifetime hint */
|
||||
+ sizeof(ticket->flags) /* ticket flags */
|
||||
+ 1 /* alt handshake type */
|
||||
+ 1 + alpnSelection->len /* alpn value + length field */
|
||||
+ 4; /* maxEarlyData */
|
||||
|
||||
@ -1040,6 +1041,11 @@ ssl3_EncodeSessionTicket(sslSocket *ss,
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
}
|
||||
/* Alternative handshake type. */
|
||||
rv = ssl3_AppendNumberToItem(
|
||||
&plaintext, ss->sec.ci.sid->u.ssl3.altHandshakeType, 1);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
|
||||
rv = ssl3_AppendNumberToItem(&plaintext, ssl_max_early_data_size, 4);
|
||||
if (rv != SECSuccess)
|
||||
@ -1306,6 +1312,14 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &len);
|
||||
if (rv != SECSuccess) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
PORT_Assert(temp == PR_TRUE || temp == PR_FALSE);
|
||||
parsedTicket->altHandshakeType = temp;
|
||||
|
||||
rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
|
||||
if (rv != SECSuccess) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
@ -1370,6 +1384,7 @@ ssl_CreateSIDFromTicket(sslSocket *ss, const SECItem *rawTicket,
|
||||
sid->u.ssl3.masterValid = PR_TRUE;
|
||||
sid->u.ssl3.keys.resumable = PR_TRUE;
|
||||
sid->u.ssl3.keys.extendedMasterSecretUsed = parsedTicket->extendedMasterSecretUsed;
|
||||
sid->u.ssl3.altHandshakeType = parsedTicket->altHandshakeType;
|
||||
|
||||
/* Copy over client cert from session ticket if there is one. */
|
||||
if (parsedTicket->peer_cert.data != NULL) {
|
||||
|
||||
@ -395,7 +395,8 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
||||
SSL3Ciphertext cText;
|
||||
PRBool keepGoing = PR_TRUE;
|
||||
|
||||
SSL_TRC(30, ("ssl3_GatherCompleteHandshake"));
|
||||
SSL_TRC(30, ("%d: SSL3[%d]: ssl3_GatherCompleteHandshake",
|
||||
SSL_GETPID(), ss->fd));
|
||||
|
||||
/* ssl3_HandleRecord may end up eventually calling ssl_FinishHandshake,
|
||||
* which requires the 1stHandshakeLock, which must be acquired before the
|
||||
@ -508,7 +509,6 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
||||
if (IS_DTLS(ss)) {
|
||||
sslSequenceNumber seq_num;
|
||||
|
||||
cText.version = dtls_DTLSVersionToTLSVersion(cText.version);
|
||||
/* DTLS sequence number */
|
||||
PORT_Memcpy(&seq_num, &ss->gs.hdr[3], sizeof(seq_num));
|
||||
cText.seq_num = PR_ntohll(seq_num);
|
||||
|
||||
@ -151,9 +151,7 @@ typedef struct {
|
||||
PRUint8 empty;
|
||||
} SSL3HelloRequest;
|
||||
|
||||
typedef struct {
|
||||
PRUint8 rand[SSL3_RANDOM_LENGTH];
|
||||
} SSL3Random;
|
||||
typedef PRUint8 SSL3Random[SSL3_RANDOM_LENGTH];
|
||||
|
||||
typedef struct {
|
||||
PRUint8 id[32];
|
||||
|
||||
@ -22,13 +22,12 @@ SEC_BEGIN_PROTOS
|
||||
? ((SECStatus(*) arglist)SSL_GetExperimentalAPI(name))args \
|
||||
: SECFailure)
|
||||
|
||||
/* Allow the ServerHello to be record type 24. Experiment to test:
|
||||
* https://github.com/tlswg/tls13-spec/pull/1051
|
||||
/* Make the TLS 1.3 handshake mimic TLS 1.2 session resumption.
|
||||
* This will either become part of the standard or be disabled
|
||||
* after we have tested it.
|
||||
*/
|
||||
#define SSL_UseAltServerHelloType(fd, enable) \
|
||||
SSL_EXPERIMENTAL_API("SSL_UseAltServerHelloType", \
|
||||
#define SSL_UseAltHandshakeType(fd, enable) \
|
||||
SSL_EXPERIMENTAL_API("SSL_UseAltHandshakeType", \
|
||||
(PRFileDesc * _fd, PRBool _enable), \
|
||||
(fd, enable))
|
||||
|
||||
|
||||
@ -229,8 +229,6 @@ struct sslSocketOpsStr {
|
||||
#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
|
||||
#define ssl_SEND_FLAG_NO_BUFFER 0x20000000
|
||||
#define ssl_SEND_FLAG_NO_RETRANSMIT 0x08000000 /* DTLS only */
|
||||
#define ssl_SEND_FLAG_CAP_RECORD_VERSION \
|
||||
0x04000000 /* TLS only */
|
||||
#define ssl_SEND_FLAG_MASK 0x7f000000
|
||||
|
||||
/*
|
||||
@ -500,6 +498,7 @@ struct ssl3CipherSpecStr {
|
||||
sslSequenceNumber write_seq_num;
|
||||
sslSequenceNumber read_seq_num;
|
||||
SSL3ProtocolVersion version;
|
||||
SSL3ProtocolVersion recordVersion;
|
||||
ssl3KeyMaterial client;
|
||||
ssl3KeyMaterial server;
|
||||
SECItem msItem;
|
||||
@ -609,6 +608,8 @@ struct sslSessionIDStr {
|
||||
* Used for TLS 1.3. */
|
||||
SECItem alpnSelection;
|
||||
|
||||
PRBool altHandshakeType;
|
||||
|
||||
/* This lock is lazily initialized by CacheSID when a sid is first
|
||||
* cached. Before then, there is no need to lock anything because
|
||||
* the sid isn't being shared by anything.
|
||||
@ -886,7 +887,8 @@ typedef struct SSL3HandshakeStateStr {
|
||||
ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def
|
||||
* we use for TLS 1.3 */
|
||||
PRBool shortHeaders; /* Assigned if we are doing short headers. */
|
||||
PRBool altHandshakeType; /* Assigned if we are doing the wrapped handshake. */
|
||||
PRBool altHandshakeType; /* Alternative ServerHello content type. */
|
||||
SECItem fakeSid; /* ... (server) the SID the client used. */
|
||||
} SSL3HandshakeState;
|
||||
|
||||
/*
|
||||
@ -1022,6 +1024,7 @@ typedef struct SessionTicketStr {
|
||||
PRUint32 flags;
|
||||
SECItem srvName; /* negotiated server name */
|
||||
SECItem alpnSelection;
|
||||
PRBool altHandshakeType;
|
||||
PRUint32 maxEarlyData;
|
||||
} SessionTicket;
|
||||
|
||||
@ -1653,6 +1656,10 @@ extern SECStatus ssl_ClientReadVersion(sslSocket *ss, PRUint8 **b,
|
||||
extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
|
||||
SSL3ProtocolVersion peerVersion,
|
||||
PRBool allowLargerPeerVersion);
|
||||
extern SECStatus ssl_ClientSetCipherSuite(sslSocket *ss,
|
||||
SSL3ProtocolVersion version,
|
||||
ssl3CipherSuite suite,
|
||||
PRBool initHashes);
|
||||
|
||||
extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
|
||||
|
||||
@ -1826,6 +1833,7 @@ SECStatus ssl3_CompleteHandleCertificateRequest(
|
||||
sslSocket *ss, const SSLSignatureScheme *signatureSchemes,
|
||||
unsigned int signatureSchemeCount, CERTDistNames *ca_list);
|
||||
SECStatus ssl3_SendServerHello(sslSocket *ss);
|
||||
SECStatus ssl3_SendChangeCipherSpecsInt(sslSocket *ss);
|
||||
SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss,
|
||||
ssl3CipherSpec *spec,
|
||||
SSL3Hashes *hashes,
|
||||
|
||||
@ -468,9 +468,9 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
|
||||
return SECFailure;
|
||||
}
|
||||
i = 0;
|
||||
PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
|
||||
PORT_Memcpy(val + i, ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH);
|
||||
i += SSL3_RANDOM_LENGTH;
|
||||
PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
|
||||
PORT_Memcpy(val + i, ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH);
|
||||
i += SSL3_RANDOM_LENGTH;
|
||||
if (hasContext) {
|
||||
val[i++] = contextLen >> 8;
|
||||
|
||||
@ -3875,7 +3875,7 @@ struct {
|
||||
void *function;
|
||||
} ssl_experimental_functions[] = {
|
||||
#ifndef SSL_DISABLE_EXPERIMENTAL_API
|
||||
EXP(UseAltServerHelloType),
|
||||
EXP(UseAltHandshakeType),
|
||||
#endif
|
||||
{ "", NULL }
|
||||
};
|
||||
|
||||
@ -133,9 +133,6 @@ const char keylogLabelExporterSecret[] = "EXPORTER_SECRET";
|
||||
? ss->ssl3.hs.client##name \
|
||||
: ss->ssl3.hs.server##name)
|
||||
|
||||
const SSL3ProtocolVersion kTlsRecordVersion = SSL_LIBRARY_VERSION_TLS_1_0;
|
||||
const SSL3ProtocolVersion kDtlsRecordVersion = SSL_LIBRARY_VERSION_TLS_1_1;
|
||||
|
||||
/* Belt and suspenders in case we ever add a TLS 1.4. */
|
||||
PR_STATIC_ASSERT(SSL_LIBRARY_VERSION_MAX_SUPPORTED <=
|
||||
SSL_LIBRARY_VERSION_TLS_1_3);
|
||||
@ -1728,7 +1725,9 @@ tls13_HandleHelloRetryRequest(sslSocket *ss, PRUint8 *b, PRUint32 length)
|
||||
/* Version. */
|
||||
rv = ssl_ClientReadVersion(ss, &b, &length, &version);
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure; /* alert already sent */
|
||||
FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST,
|
||||
protocol_version);
|
||||
return SECFailure;
|
||||
}
|
||||
if (version > ss->vrange.max || version < SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST,
|
||||
@ -1941,6 +1940,13 @@ tls13_SendServerHelloSequence(sslSocket *ss)
|
||||
return rv; /* err code is set. */
|
||||
}
|
||||
|
||||
if (ss->ssl3.hs.altHandshakeType) {
|
||||
rv = ssl3_SendChangeCipherSpecsInt(ss);
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
rv = tls13_SendEncryptedServerSequence(ss);
|
||||
if (rv != SECSuccess) {
|
||||
err = PORT_GetError();
|
||||
@ -2704,27 +2710,61 @@ loser:
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
static SECStatus
|
||||
tls13_SetupPendingCipherSpec(sslSocket *ss)
|
||||
void
|
||||
tls13_SetSpecRecordVersion(sslSocket *ss, ssl3CipherSpec *spec)
|
||||
{
|
||||
const SSL3ProtocolVersion kTlsRecordVersion = SSL_LIBRARY_VERSION_TLS_1_0;
|
||||
const SSL3ProtocolVersion kTlsAltRecordVersion = SSL_LIBRARY_VERSION_TLS_1_2;
|
||||
const SSL3ProtocolVersion kDtlsRecordVersion = SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
|
||||
|
||||
/* Set the record version. */
|
||||
if (IS_DTLS(ss)) {
|
||||
spec->recordVersion = kDtlsRecordVersion;
|
||||
} else if (spec->epoch == TrafficKeyEarlyApplicationData) {
|
||||
/* For early data, the previous session determines the record type that
|
||||
* is used (and not what this session might negotiate). */
|
||||
if (ss->sec.ci.sid && ss->sec.ci.sid->u.ssl3.altHandshakeType) {
|
||||
spec->recordVersion = kTlsAltRecordVersion;
|
||||
} else {
|
||||
spec->recordVersion = kTlsRecordVersion;
|
||||
}
|
||||
} else if (ss->ssl3.hs.altHandshakeType) {
|
||||
spec->recordVersion = kTlsAltRecordVersion;
|
||||
} else {
|
||||
spec->recordVersion = kTlsRecordVersion;
|
||||
}
|
||||
SSL_TRC(10, ("%d: TLS13[%d]: Set record version to 0x%04x",
|
||||
SSL_GETPID(), ss->fd, spec->recordVersion));
|
||||
}
|
||||
|
||||
static SECStatus
|
||||
tls13_SetupPendingCipherSpec(sslSocket *ss, ssl3CipherSpec *spec)
|
||||
{
|
||||
ssl3CipherSpec *pSpec;
|
||||
ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite;
|
||||
const ssl3BulkCipherDef *bulk = ssl_GetBulkCipherDef(
|
||||
ssl_LookupCipherSuiteDef(suite));
|
||||
|
||||
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
||||
|
||||
ssl_GetSpecWriteLock(ss); /*******************************/
|
||||
|
||||
pSpec = ss->ssl3.pwSpec;
|
||||
/* Version isn't set when we send 0-RTT data. */
|
||||
pSpec->version = PR_MAX(SSL_LIBRARY_VERSION_TLS_1_3, ss->version);
|
||||
spec->version = PR_MAX(SSL_LIBRARY_VERSION_TLS_1_3, ss->version);
|
||||
|
||||
SSL_TRC(3, ("%d: TLS13[%d]: Set Pending Cipher Suite to 0x%04x",
|
||||
SSL_GETPID(), ss->fd, suite));
|
||||
pSpec->cipher_def = bulk;
|
||||
|
||||
ssl_ReleaseSpecWriteLock(ss); /*******************************/
|
||||
spec->cipher_def = ssl_GetBulkCipherDef(ssl_LookupCipherSuiteDef(suite));
|
||||
switch (spec->cipher_def->calg) {
|
||||
case ssl_calg_aes_gcm:
|
||||
spec->aead = tls13_AESGCM;
|
||||
break;
|
||||
case ssl_calg_chacha20:
|
||||
spec->aead = tls13_ChaCha20Poly1305;
|
||||
break;
|
||||
default:
|
||||
PORT_Assert(0);
|
||||
return SECFailure;
|
||||
break;
|
||||
}
|
||||
|
||||
tls13_SetSpecRecordVersion(ss, spec);
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
@ -2754,29 +2794,6 @@ tls13_SetCipherSpec(sslSocket *ss, TrafficKeyType type,
|
||||
PR_APPEND_LINK(&spec->link, &ss->ssl3.hs.cipherSpecs);
|
||||
ss->ssl3.pwSpec = ss->ssl3.prSpec = spec;
|
||||
|
||||
rv = tls13_SetupPendingCipherSpec(ss);
|
||||
if (rv != SECSuccess)
|
||||
return SECFailure;
|
||||
|
||||
switch (spec->cipher_def->calg) {
|
||||
case calg_aes_gcm:
|
||||
spec->aead = tls13_AESGCM;
|
||||
break;
|
||||
case calg_chacha20:
|
||||
spec->aead = tls13_ChaCha20Poly1305;
|
||||
break;
|
||||
default:
|
||||
PORT_Assert(0);
|
||||
return SECFailure;
|
||||
break;
|
||||
}
|
||||
|
||||
rv = tls13_DeriveTrafficKeys(ss, spec, type, direction,
|
||||
deleteSecret);
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* We use the epoch for cipher suite identification, so increment
|
||||
* it in both TLS and DTLS. */
|
||||
if ((*specp)->epoch == PR_UINT16_MAX) {
|
||||
@ -2794,6 +2811,17 @@ tls13_SetCipherSpec(sslSocket *ss, TrafficKeyType type,
|
||||
dtls_InitRecvdRecords(&spec->recvdRecords);
|
||||
}
|
||||
|
||||
/* This depends on spec having a valid direction and epoch. */
|
||||
rv = tls13_SetupPendingCipherSpec(ss, spec);
|
||||
if (rv != SECSuccess)
|
||||
return SECFailure;
|
||||
|
||||
rv = tls13_DeriveTrafficKeys(ss, spec, type, direction,
|
||||
deleteSecret);
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
if (type == TrafficKeyEarlyApplicationData) {
|
||||
spec->earlyDataRemaining =
|
||||
ss->sec.ci.sid->u.ssl3.locked.sessionTicket.max_early_data_size;
|
||||
@ -3745,6 +3773,14 @@ tls13_SendClientSecondRound(sslSocket *ss)
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure; /* Error code already set. */
|
||||
}
|
||||
} else if (ss->ssl3.hs.zeroRttState == ssl_0rtt_none &&
|
||||
ss->ssl3.hs.altHandshakeType) {
|
||||
ssl_GetXmitBufLock(ss); /*******************************/
|
||||
rv = ssl3_SendChangeCipherSpecsInt(ss);
|
||||
ssl_ReleaseXmitBufLock(ss); /*******************************/
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
rv = tls13_SetCipherSpec(ss, TrafficKeyHandshake,
|
||||
@ -4046,7 +4082,8 @@ static const struct {
|
||||
{ ssl_cert_status_xtn, ExtensionSendCertificate },
|
||||
{ ssl_tls13_ticket_early_data_info_xtn, ExtensionNewSessionTicket },
|
||||
{ ssl_tls13_cookie_xtn, ExtensionSendHrr },
|
||||
{ ssl_tls13_short_header_xtn, ExtensionSendClear }
|
||||
{ ssl_tls13_short_header_xtn, ExtensionSendClear },
|
||||
{ ssl_tls13_supported_versions_xtn, ExtensionSendClear }
|
||||
};
|
||||
|
||||
PRBool
|
||||
@ -4239,9 +4276,8 @@ tls13_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* Check the version number in the record */
|
||||
if ((IS_DTLS(ss) && cText->version != kDtlsRecordVersion) ||
|
||||
(!IS_DTLS(ss) && cText->version != kTlsRecordVersion)) {
|
||||
/* Check the version number in the record. */
|
||||
if (cText->version != crSpec->recordVersion) {
|
||||
/* Do we need a better error here? */
|
||||
SSL_TRC(3,
|
||||
("%d: TLS13[%d]: record has bogus version",
|
||||
@ -4364,8 +4400,21 @@ tls13_MaybeDo0RTTHandshake(sslSocket *ss)
|
||||
ss->xtnData.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
|
||||
rv = SECITEM_CopyItem(NULL, &ss->xtnData.nextProto,
|
||||
&ss->sec.ci.sid->u.ssl3.alpnSelection);
|
||||
if (rv != SECSuccess)
|
||||
return rv;
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
|
||||
/* If the alternative handshake type option is enabled and the last session
|
||||
* had the alternative handshake type, then send CCS. */
|
||||
if (ss->opt.enableAltHandshaketype &&
|
||||
ss->sec.ci.sid->u.ssl3.altHandshakeType) {
|
||||
ssl_GetXmitBufLock(ss);
|
||||
rv = ssl3_SendChangeCipherSpecsInt(ss);
|
||||
ssl_ReleaseXmitBufLock(ss);
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
|
||||
/* Cipher suite already set in tls13_SetupClientHello. */
|
||||
@ -4377,13 +4426,14 @@ tls13_MaybeDo0RTTHandshake(sslSocket *ss)
|
||||
keylogLabelClientEarlyTrafficSecret,
|
||||
NULL,
|
||||
&ss->ssl3.hs.clientEarlyTrafficSecret);
|
||||
if (rv != SECSuccess)
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
rv = tls13_SetCipherSpec(ss, TrafficKeyEarlyApplicationData,
|
||||
CipherSpecWrite, PR_TRUE);
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
@ -4504,7 +4554,7 @@ tls13_EncodeAltDraftVersion(SSL3ProtocolVersion version)
|
||||
{
|
||||
#ifdef TLS_1_3_DRAFT_VERSION
|
||||
if (version == SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
return 0x7a00 | TLS_1_3_DRAFT_VERSION;
|
||||
return 0x7e02;
|
||||
}
|
||||
#endif
|
||||
return (PRUint16)version;
|
||||
@ -4541,10 +4591,17 @@ tls13_NegotiateVersion(sslSocket *ss, const TLSExtension *supported_versions)
|
||||
ss->version = version;
|
||||
return SECSuccess;
|
||||
}
|
||||
if (ss->opt.enableAltHandshaketype && !IS_DTLS(ss) &&
|
||||
if (ss->opt.enableAltHandshaketype &&
|
||||
!IS_DTLS(ss) &&
|
||||
supported == alt_wire) {
|
||||
ss->version = version;
|
||||
rv = ssl3_RegisterExtensionSender(ss, &ss->xtnData,
|
||||
ssl_tls13_supported_versions_xtn,
|
||||
tls13_ServerSendSupportedVersionsXtn);
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure;
|
||||
}
|
||||
ss->ssl3.hs.altHandshakeType = PR_TRUE;
|
||||
ss->version = version;
|
||||
return SECSuccess;
|
||||
}
|
||||
}
|
||||
@ -4555,13 +4612,13 @@ tls13_NegotiateVersion(sslSocket *ss, const TLSExtension *supported_versions)
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SSLExp_UseAltServerHelloType(PRFileDesc *fd, PRBool enable)
|
||||
SSLExp_UseAltHandshakeType(PRFileDesc *fd, PRBool enable)
|
||||
{
|
||||
sslSocket *ss;
|
||||
|
||||
ss = ssl_FindSocket(fd);
|
||||
if (!ss) {
|
||||
SSL_DBG(("%d: SSL[%d]: bad socket in SSLExp_UseAltServerHelloType",
|
||||
if (!ss || IS_DTLS(ss)) {
|
||||
SSL_DBG(("%d: SSL[%d]: bad socket in SSLExp_UseAltHandshakeType",
|
||||
SSL_GETPID(), fd));
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
|
||||
@ -85,6 +85,7 @@ PRUint16 tls13_EncodeAltDraftVersion(SSL3ProtocolVersion version);
|
||||
SECStatus tls13_NegotiateVersion(sslSocket *ss,
|
||||
const TLSExtension *supported_versions);
|
||||
SECStatus tls13_SendNewSessionTicket(sslSocket *ss);
|
||||
SECStatus SSLExp_UseAltServerHelloType(PRFileDesc *fd, PRBool enable);
|
||||
SECStatus SSLExp_UseAltHandshakeType(PRFileDesc *fd, PRBool enable);
|
||||
void tls13_SetSpecRecordVersion(sslSocket *ss, ssl3CipherSpec *spec);
|
||||
|
||||
#endif /* __tls13con_h_ */
|
||||
|
||||
@ -873,7 +873,12 @@ tls13_ClientHandleTicketEarlyDataInfoXtn(const sslSocket *ss, TLSExtensionData *
|
||||
|
||||
/*
|
||||
* struct {
|
||||
* select (Handshake.msg_type) {
|
||||
* case client_hello:
|
||||
* ProtocolVersion versions<2..254>;
|
||||
* case server_hello:
|
||||
* ProtocolVersion version;
|
||||
* };
|
||||
* } SupportedVersions;
|
||||
*/
|
||||
PRInt32
|
||||
@ -888,7 +893,7 @@ tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnD
|
||||
return 0;
|
||||
}
|
||||
|
||||
SSL_TRC(3, ("%d: TLS13[%d]: send supported_versions extension",
|
||||
SSL_TRC(3, ("%d: TLS13[%d]: client send supported_versions extension",
|
||||
SSL_GETPID(), ss->fd));
|
||||
|
||||
/* Extension type, extension len fiels, vector len field,
|
||||
@ -941,6 +946,50 @@ tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnD
|
||||
return extensions_len;
|
||||
}
|
||||
|
||||
PRInt32
|
||||
tls13_ServerSendSupportedVersionsXtn(const sslSocket *ss,
|
||||
TLSExtensionData *xtnData,
|
||||
PRBool append, PRUint32 maxBytes)
|
||||
{
|
||||
SECStatus rv;
|
||||
PRInt32 extensions_len;
|
||||
|
||||
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
PORT_Assert(0); /* Can't happen. */
|
||||
return SECSuccess;
|
||||
}
|
||||
if (!ss->ssl3.hs.altHandshakeType) {
|
||||
PORT_Assert(0); /* Can't happen. */
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SSL_TRC(3, ("%d: TLS13[%d]: server send supported_versions extension",
|
||||
SSL_GETPID(), ss->fd));
|
||||
|
||||
extensions_len = 2 + 2 + 2; /* type, len, version */
|
||||
if (maxBytes < (PRUint32)extensions_len) {
|
||||
PORT_Assert(0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (append) {
|
||||
rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_supported_versions_xtn, 2);
|
||||
if (rv != SECSuccess)
|
||||
return -1;
|
||||
|
||||
rv = ssl3_ExtAppendHandshakeNumber(ss, 2, 2);
|
||||
if (rv != SECSuccess)
|
||||
return -1;
|
||||
|
||||
rv = ssl3_ExtAppendHandshakeNumber(
|
||||
ss, tls13_EncodeAltDraftVersion(SSL_LIBRARY_VERSION_TLS_1_3), 2);
|
||||
if (rv != SECSuccess) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
return extensions_len;
|
||||
}
|
||||
|
||||
/*
|
||||
* struct {
|
||||
* opaque cookie<1..2^16-1>;
|
||||
|
||||
@ -53,6 +53,10 @@ SECStatus tls13_ClientHandleTicketEarlyDataInfoXtn(
|
||||
PRInt32 tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
|
||||
PRBool append,
|
||||
PRUint32 maxBytes);
|
||||
PRInt32 tls13_ServerSendSupportedVersionsXtn(const sslSocket *ss,
|
||||
TLSExtensionData *xtnData,
|
||||
PRBool append,
|
||||
PRUint32 maxBytes);
|
||||
SECStatus tls13_ClientHandleHrrCookie(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
|
||||
SECItem *data);
|
||||
PRInt32 tls13_ClientSendHrrCookieXtn(const sslSocket *ss, TLSExtensionData *xtnData,
|
||||
|
||||
@ -19,9 +19,9 @@
|
||||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
|
||||
*/
|
||||
#define NSSUTIL_VERSION "3.34 Beta"
|
||||
#define NSSUTIL_VERSION "3.35 Beta"
|
||||
#define NSSUTIL_VMAJOR 3
|
||||
#define NSSUTIL_VMINOR 34
|
||||
#define NSSUTIL_VMINOR 35
|
||||
#define NSSUTIL_VPATCH 0
|
||||
#define NSSUTIL_VBUILD 0
|
||||
#define NSSUTIL_BETA PR_TRUE
|
||||
|
||||
@ -242,7 +242,7 @@ static int
|
||||
pk11uri_CompareByPosition(const char *a, const char *b,
|
||||
const char **attr_names, size_t num_attr_names)
|
||||
{
|
||||
int i, j;
|
||||
size_t i, j;
|
||||
|
||||
for (i = 0; i < num_attr_names; i++) {
|
||||
if (strcmp(a, attr_names[i]) == 0) {
|
||||
|
||||
@ -789,7 +789,7 @@ unsigned int
|
||||
NSS_SecureMemcmpZero(const void *mem, size_t n)
|
||||
{
|
||||
PRUint8 zero = 0;
|
||||
int i;
|
||||
size_t i;
|
||||
for (i = 0; i < n; ++i) {
|
||||
zero |= *(PRUint8 *)((uintptr_t)mem + i);
|
||||
}
|
||||
|
||||
@ -21,16 +21,17 @@
|
||||
|
||||
# Generate input to certutil
|
||||
certscript() {
|
||||
ca=n
|
||||
while [ $# -gt 0 ]; do
|
||||
case $1 in
|
||||
sign) echo 0 ;;
|
||||
kex) echo 2 ;;
|
||||
ca) echo 5;echo 6 ;;
|
||||
ca) echo 5;echo 6;ca=y ;;
|
||||
esac; shift
|
||||
done;
|
||||
echo 9
|
||||
echo n
|
||||
echo ${ca:-n}
|
||||
echo $ca
|
||||
echo
|
||||
echo n
|
||||
}
|
||||
@ -50,9 +51,9 @@ make_cert() {
|
||||
p256) type_args='-q nistp256';type=ec ;;
|
||||
p384) type_args='-q secp384r1';type=ec ;;
|
||||
p521) type_args='-q secp521r1';type=ec ;;
|
||||
rsa_ca) type_args='-g 1024';trust='CT,CT,CT';ca=y;type=rsa ;;
|
||||
rsa_ca) type_args='-g 1024';trust='CT,CT,CT';type=rsa ;;
|
||||
rsa_chain) type_args='-g 1024';sign='-c rsa_ca';type=rsa;;
|
||||
rsapss_ca) type_args='-g 1024 --pss';trust='CT,CT,CT';ca=y;type=rsa ;;
|
||||
rsapss_ca) type_args='-g 1024 --pss';trust='CT,CT,CT';type=rsa ;;
|
||||
rsapss_chain) type_args='-g 1024';sign='-c rsa_pss_ca';type=rsa;;
|
||||
rsa_ca_rsapss_chain) type_args='-g 1024 --pss-sign';sign='-c rsa_ca';type=rsa;;
|
||||
ecdh_rsa) type_args='-q nistp256';sign='-c rsa_ca';type=ec ;;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user