mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-03 02:25:34 +00:00
Bug 881841, update to NSS_3_15_1_BETA1, r=wtc
This commit is contained in:
parent
8c194c46a4
commit
512c1d629b
@ -1 +1 @@
|
||||
NSS_3_15_RTM
|
||||
NSS_3_15_1_BETA1
|
||||
|
@ -1519,7 +1519,7 @@ static void luUpgradeMerge(enum usage_level ul, const char *command)
|
||||
FPS "%-20s \n%-20s Cert database directory to upgrade from\n",
|
||||
" --source-dir certdir", "");
|
||||
FPS "%-20s \n%-20s Cert & Key database prefix of the upgrade database\n",
|
||||
" --soruce-prefix dbprefix", "");
|
||||
" --source-prefix dbprefix", "");
|
||||
FPS "%-20s \n%-20s Unique identifier for the upgrade database\n",
|
||||
" --upgrade-id uniqueID", "");
|
||||
FPS "%-20s \n%-20s Name of the token while it is in upgrade state\n",
|
||||
|
@ -3596,6 +3596,10 @@ SECU_GetSSLVersionFromName(const char *buf, size_t bufLen, PRUint16 *version)
|
||||
*version = SSL_LIBRARY_VERSION_TLS_1_1;
|
||||
return SECSuccess;
|
||||
}
|
||||
if (!PL_strncasecmp(buf, "tls1.2", bufLen)) {
|
||||
*version = SSL_LIBRARY_VERSION_TLS_1_2;
|
||||
return SECSuccess;
|
||||
}
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
@ -174,7 +174,7 @@ PrintParameterUsage()
|
||||
fputs(
|
||||
"-V [min]:[max] restricts the set of enabled SSL/TLS protocol versions.\n"
|
||||
" All versions are enabled by default.\n"
|
||||
" Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1\n"
|
||||
" Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
|
||||
" Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
|
||||
"-B bypasses the PKCS11 layer for SSL encryption and MACing\n"
|
||||
"-q checks for bypassability\n"
|
||||
|
@ -1020,7 +1020,7 @@ void print_ssl3_handshake(unsigned char *recordBuf,
|
||||
case 15: PR_FPUTS("certificate_verify)\n" ); break;
|
||||
case 16: PR_FPUTS("client_key_exchange)\n" ); break;
|
||||
case 20: PR_FPUTS("finished)\n" ); break;
|
||||
case 22: PR_FPUTS("certificate_status_request)\n" ); break;
|
||||
case 22: PR_FPUTS("certificate_status)\n" ); break;
|
||||
default: PR_FPUTS("unknown)\n" ); break;
|
||||
}
|
||||
|
||||
@ -1318,7 +1318,7 @@ void print_ssl3_handshake(unsigned char *recordBuf,
|
||||
}
|
||||
break;
|
||||
|
||||
case 22: /*certificate_status_request*/
|
||||
case 22: /* certificate_status */
|
||||
{
|
||||
SECItem data;
|
||||
PRFileDesc *ofd;
|
||||
|
@ -163,7 +163,7 @@ Usage(const char *progName)
|
||||
" -P means do a specified percentage of full handshakes (0-100)\n"
|
||||
" -V [min]:[max] restricts the set of enabled SSL/TLS protocols versions.\n"
|
||||
" All versions are enabled by default.\n"
|
||||
" Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1\n"
|
||||
" Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
|
||||
" Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
|
||||
" -U means enable throttling up threads\n"
|
||||
" -B bypasses the PKCS11 layer for SSL encryption and MACing\n"
|
||||
|
@ -203,7 +203,7 @@ static void PrintParameterUsage(void)
|
||||
fprintf(stderr,
|
||||
"%-20s Restricts the set of enabled SSL/TLS protocols versions.\n"
|
||||
"%-20s All versions are enabled by default.\n"
|
||||
"%-20s Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1\n"
|
||||
"%-20s Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
|
||||
"%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n",
|
||||
"-V [min]:[max]", "", "", "");
|
||||
fprintf(stderr, "%-20s Prints only payload data. Skips HTTP header.\n", "-S");
|
||||
|
@ -49,7 +49,7 @@ CERTSignedCrl *
|
||||
SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type);
|
||||
|
||||
PRBool
|
||||
SEC_CertNicknameConflict(const char *nickname, SECItem *derSubject,
|
||||
SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
|
||||
CERTCertDBHandle *handle);
|
||||
CERTSignedCrl *
|
||||
SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type);
|
||||
|
@ -32,7 +32,7 @@
|
||||
#include "dev.h"
|
||||
|
||||
PRBool
|
||||
SEC_CertNicknameConflict(const char *nickname, SECItem *derSubject,
|
||||
SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
|
||||
CERTCertDBHandle *handle)
|
||||
{
|
||||
CERTCertificate *cert;
|
||||
|
@ -33,12 +33,12 @@
|
||||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define NSS_VERSION "3.15" _NSS_ECC_STRING _NSS_CUSTOMIZED
|
||||
#define NSS_VERSION "3.15.1" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
|
||||
#define NSS_VMAJOR 3
|
||||
#define NSS_VMINOR 15
|
||||
#define NSS_VPATCH 0
|
||||
#define NSS_VPATCH 1
|
||||
#define NSS_VBUILD 0
|
||||
#define NSS_BETA PR_FALSE
|
||||
#define NSS_BETA PR_TRUE
|
||||
|
||||
#ifndef RC_INVOKED
|
||||
|
||||
|
@ -1495,6 +1495,13 @@ SECMOD_CloseUserDB(PK11SlotInfo *slot)
|
||||
}
|
||||
rv = secmod_UserDBOp(slot, CKO_NETSCAPE_DELSLOT, sendSpec);
|
||||
PR_smprintf_free(sendSpec);
|
||||
/* if we are in the delay period for the "isPresent" call, reset
|
||||
* the delay since we know things have probably changed... */
|
||||
if (slot->nssToken && slot->nssToken->slot) {
|
||||
nssSlot_ResetDelay(slot->nssToken->slot);
|
||||
/* force the slot info structures to properly reset */
|
||||
(void)PK11_IsPresent(slot);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -697,7 +697,7 @@ merge_object_instances (
|
||||
for (ci = instances, i = 0; *ci; ci++, i++) {
|
||||
nssCryptokiObject *instance = nssCryptokiObject_Clone(*ci);
|
||||
if (instance) {
|
||||
if (nssPKIObject_AddInstance(to, instance) == SECSuccess) {
|
||||
if (nssPKIObject_AddInstance(to, instance) == PR_SUCCESS) {
|
||||
continue;
|
||||
}
|
||||
nssCryptokiObject_Destroy(instance);
|
||||
|
@ -25,11 +25,11 @@
|
||||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define SOFTOKEN_VERSION "3.15" SOFTOKEN_ECC_STRING
|
||||
#define SOFTOKEN_VERSION "3.15.1" SOFTOKEN_ECC_STRING " Beta"
|
||||
#define SOFTOKEN_VMAJOR 3
|
||||
#define SOFTOKEN_VMINOR 15
|
||||
#define SOFTOKEN_VPATCH 0
|
||||
#define SOFTOKEN_VPATCH 1
|
||||
#define SOFTOKEN_VBUILD 0
|
||||
#define SOFTOKEN_BETA PR_FALSE
|
||||
#define SOFTOKEN_BETA PR_TRUE
|
||||
|
||||
#endif /* _SOFTKVER_H_ */
|
||||
|
@ -403,3 +403,12 @@ ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, (SSL_ERROR_BASE + 124),
|
||||
|
||||
ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 125),
|
||||
"SSL received an unexpected Certificate Status handshake message.")
|
||||
|
||||
ER3(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, (SSL_ERROR_BASE + 126),
|
||||
"Unsupported hash algorithm used by TLS peer.")
|
||||
|
||||
ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127),
|
||||
"Digest function failed.")
|
||||
|
||||
ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
|
||||
"Incorrect signature algorithm specified in a digitally-signed element.")
|
||||
|
@ -764,7 +764,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
||||
|
||||
ec_curve =
|
||||
ssl3_GetCurveWithECKeyStrength(
|
||||
ssl3_GetSupportedECCCurveMask(NULL),
|
||||
ssl3_GetSupportedECCurveMask(NULL),
|
||||
requiredECCbits);
|
||||
rv = ssl3_ECName2Params(NULL, ec_curve, &ecParams);
|
||||
if (rv == SECFailure) {
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -207,9 +207,10 @@ params2ecName(SECKEYECParams * params)
|
||||
|
||||
/* Caller must set hiLevel error code. */
|
||||
static SECStatus
|
||||
ssl3_ComputeECDHKeyHash(SECItem ec_params, SECItem server_ecpoint,
|
||||
SSL3Random *client_rand, SSL3Random *server_rand,
|
||||
SSL3Hashes *hashes, PRBool bypassPKCS11)
|
||||
ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
|
||||
SECItem ec_params, SECItem server_ecpoint,
|
||||
SSL3Random *client_rand, SSL3Random *server_rand,
|
||||
SSL3Hashes *hashes, PRBool bypassPKCS11)
|
||||
{
|
||||
PRUint8 * hashBuf;
|
||||
PRUint8 * pBuf;
|
||||
@ -245,11 +246,14 @@ ssl3_ComputeECDHKeyHash(SECItem ec_params, SECItem server_ecpoint,
|
||||
pBuf += server_ecpoint.len;
|
||||
PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
|
||||
|
||||
rv = ssl3_ComputeCommonKeyHash(hashBuf, bufLen, hashes, bypassPKCS11);
|
||||
rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes,
|
||||
bypassPKCS11);
|
||||
|
||||
PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen));
|
||||
PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result", hashes->md5, MD5_LENGTH));
|
||||
PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result", hashes->sha, SHA1_LENGTH));
|
||||
PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result",
|
||||
hashes->u.s.md5, MD5_LENGTH));
|
||||
PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result",
|
||||
hashes->u.s.sha, SHA1_LENGTH));
|
||||
|
||||
if (hashBuf != buf)
|
||||
PORT_Free(hashBuf);
|
||||
@ -263,7 +267,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
|
||||
{
|
||||
PK11SymKey * pms = NULL;
|
||||
SECStatus rv = SECFailure;
|
||||
PRBool isTLS;
|
||||
PRBool isTLS, isTLS12;
|
||||
CK_MECHANISM_TYPE target;
|
||||
SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */
|
||||
SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */
|
||||
@ -272,6 +276,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
|
||||
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
|
||||
|
||||
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
|
||||
isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
||||
|
||||
/* Generate ephemeral EC keypair */
|
||||
if (svrPubKey->keyType != ecKey) {
|
||||
@ -290,8 +295,13 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
|
||||
pubKey->u.ec.publicValue.data,
|
||||
pubKey->u.ec.publicValue.len));
|
||||
|
||||
if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH;
|
||||
else target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
|
||||
if (isTLS12) {
|
||||
target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
|
||||
} else if (isTLS) {
|
||||
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
|
||||
} else {
|
||||
target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
|
||||
}
|
||||
|
||||
/* Determine the PMS */
|
||||
pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL,
|
||||
@ -355,7 +365,7 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
|
||||
SECStatus rv;
|
||||
SECKEYPublicKey clntPubKey;
|
||||
CK_MECHANISM_TYPE target;
|
||||
PRBool isTLS;
|
||||
PRBool isTLS, isTLS12;
|
||||
|
||||
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
||||
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
|
||||
@ -374,9 +384,15 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
|
||||
}
|
||||
|
||||
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
|
||||
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
||||
|
||||
if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH;
|
||||
else target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
|
||||
if (isTLS12) {
|
||||
target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
|
||||
} else if (isTLS) {
|
||||
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
|
||||
} else {
|
||||
target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
|
||||
}
|
||||
|
||||
/* Determine the PMS */
|
||||
pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL,
|
||||
@ -572,7 +588,7 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
{
|
||||
PLArenaPool * arena = NULL;
|
||||
SECKEYPublicKey *peerKey = NULL;
|
||||
PRBool isTLS;
|
||||
PRBool isTLS, isTLS12;
|
||||
SECStatus rv;
|
||||
int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
|
||||
SSL3AlertDescription desc = illegal_parameter;
|
||||
@ -582,8 +598,12 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
SECItem ec_params = {siBuffer, NULL, 0};
|
||||
SECItem ec_point = {siBuffer, NULL, 0};
|
||||
unsigned char paramBuf[3]; /* only for curve_type == named_curve */
|
||||
SSL3SignatureAndHashAlgorithm sigAndHash;
|
||||
|
||||
sigAndHash.hashAlg = SEC_OID_UNKNOWN;
|
||||
|
||||
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
|
||||
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
||||
|
||||
/* XXX This works only for named curves, revisit this when
|
||||
* we support generic curves.
|
||||
@ -615,6 +635,19 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
goto alert_loser;
|
||||
}
|
||||
|
||||
if (isTLS12) {
|
||||
rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
|
||||
&sigAndHash);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* malformed or unsupported. */
|
||||
}
|
||||
rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
|
||||
&sigAndHash, ss->sec.peerCert);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
|
||||
rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* malformed. */
|
||||
@ -637,10 +670,10 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
/*
|
||||
* check to make sure the hash is signed by right guy
|
||||
*/
|
||||
rv = ssl3_ComputeECDHKeyHash(ec_params, ec_point,
|
||||
&ss->ssl3.hs.client_random,
|
||||
&ss->ssl3.hs.server_random,
|
||||
&hashes, ss->opt.bypassPKCS11);
|
||||
rv = ssl3_ComputeECDHKeyHash(sigAndHash.hashAlg, ec_params, ec_point,
|
||||
&ss->ssl3.hs.client_random,
|
||||
&ss->ssl3.hs.server_random,
|
||||
&hashes, ss->opt.bypassPKCS11);
|
||||
|
||||
if (rv != SECSuccess) {
|
||||
errCode =
|
||||
@ -704,12 +737,14 @@ no_memory: /* no-memory error has already been set. */
|
||||
}
|
||||
|
||||
SECStatus
|
||||
ssl3_SendECDHServerKeyExchange(sslSocket *ss)
|
||||
ssl3_SendECDHServerKeyExchange(
|
||||
sslSocket *ss,
|
||||
const SSL3SignatureAndHashAlgorithm *sigAndHash)
|
||||
{
|
||||
const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
|
||||
const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
|
||||
SECStatus rv = SECFailure;
|
||||
int length;
|
||||
PRBool isTLS;
|
||||
PRBool isTLS, isTLS12;
|
||||
SECItem signed_hash = {siBuffer, NULL, 0};
|
||||
SSL3Hashes hashes;
|
||||
|
||||
@ -719,7 +754,6 @@ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
|
||||
ECName curve;
|
||||
SSL3KEAType certIndex;
|
||||
|
||||
|
||||
/* Generate ephemeral ECDH key pair and send the public key */
|
||||
curve = ssl3_GetCurveNameForServerSocket(ss);
|
||||
if (curve == ec_noName) {
|
||||
@ -748,16 +782,19 @@ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
|
||||
goto loser;
|
||||
}
|
||||
|
||||
rv = ssl3_ComputeECDHKeyHash(ec_params, ecdhePub->u.ec.publicValue,
|
||||
&ss->ssl3.hs.client_random,
|
||||
&ss->ssl3.hs.server_random,
|
||||
&hashes, ss->opt.bypassPKCS11);
|
||||
rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg,
|
||||
ec_params,
|
||||
ecdhePub->u.ec.publicValue,
|
||||
&ss->ssl3.hs.client_random,
|
||||
&ss->ssl3.hs.server_random,
|
||||
&hashes, ss->opt.bypassPKCS11);
|
||||
if (rv != SECSuccess) {
|
||||
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
|
||||
goto loser;
|
||||
}
|
||||
|
||||
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
|
||||
isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
||||
|
||||
/* XXX SSLKEAType isn't really a good choice for
|
||||
* indexing certificates but that's all we have
|
||||
@ -781,7 +818,7 @@ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
|
||||
|
||||
length = ec_params.len +
|
||||
1 + ecdhePub->u.ec.publicValue.len +
|
||||
2 + signed_hash.len;
|
||||
(isTLS12 ? 2 : 0) + 2 + signed_hash.len;
|
||||
|
||||
rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
|
||||
if (rv != SECSuccess) {
|
||||
@ -799,6 +836,13 @@ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
|
||||
goto loser; /* err set by AppendHandshake. */
|
||||
}
|
||||
|
||||
if (isTLS12) {
|
||||
rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* err set by AppendHandshake. */
|
||||
}
|
||||
}
|
||||
|
||||
rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
|
||||
signed_hash.len, 2);
|
||||
if (rv != SECSuccess) {
|
||||
@ -851,6 +895,7 @@ static const ssl3CipherSuite ecdh_rsa_suites[] = {
|
||||
static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
|
||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
@ -860,6 +905,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
|
||||
static const ssl3CipherSuite ecdhe_rsa_suites[] = {
|
||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
@ -870,11 +916,13 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
|
||||
static const ssl3CipherSuite ecSuites[] = {
|
||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
@ -1005,14 +1053,14 @@ static const PRUint8 tlsECList[56] = {
|
||||
BE(24), BE(25)
|
||||
};
|
||||
|
||||
static const PRUint8 ECPtFmt[6] = {
|
||||
static const PRUint8 ecPtFmt[6] = {
|
||||
BE(11), /* Extension type */
|
||||
BE( 2), /* octets that follow */
|
||||
1, /* octets that follow */
|
||||
0 /* uncompressed type only */
|
||||
};
|
||||
|
||||
/* This function already presumes we can do ECC, ssl_IsECCEnabled must be
|
||||
/* This function already presumes we can do ECC, ssl3_IsECCEnabled must be
|
||||
* called before this function. It looks to see if we have a token which
|
||||
* is capable of doing smaller than SuiteB curves. If the token can, we
|
||||
* presume the token can do the whole SSL suite of curves. If it can't we
|
||||
@ -1021,10 +1069,11 @@ static const PRUint8 ECPtFmt[6] = {
|
||||
static PRBool
|
||||
ssl3_SuiteBOnly(sslSocket *ss)
|
||||
{
|
||||
/* look to see if we can handle certs less than 163 bits */
|
||||
/* See if we can support small curves (like 163). If not, assume we can
|
||||
* only support Suite-B curves (P-256, P-384, P-521). */
|
||||
PK11SlotInfo *slot =
|
||||
PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
|
||||
ss ? ss->pkcs11PinArg : NULL);
|
||||
ss ? ss->pkcs11PinArg : NULL);
|
||||
|
||||
if (!slot) {
|
||||
/* nope, presume we can only do suite B */
|
||||
@ -1044,22 +1093,22 @@ ssl3_SendSupportedCurvesXtn(
|
||||
PRBool append,
|
||||
PRUint32 maxBytes)
|
||||
{
|
||||
int ECListSize = 0;
|
||||
const PRUint8 *ECList = NULL;
|
||||
PRInt32 ecListSize = 0;
|
||||
const PRUint8 *ecList = NULL;
|
||||
|
||||
if (!ss || !ssl3_IsECCEnabled(ss))
|
||||
return 0;
|
||||
|
||||
if (ssl3_SuiteBOnly(ss)) {
|
||||
ECListSize = sizeof (suiteBECList);
|
||||
ECList = suiteBECList;
|
||||
ecListSize = sizeof suiteBECList;
|
||||
ecList = suiteBECList;
|
||||
} else {
|
||||
ECListSize = sizeof (tlsECList);
|
||||
ECList = tlsECList;
|
||||
ecListSize = sizeof tlsECList;
|
||||
ecList = tlsECList;
|
||||
}
|
||||
|
||||
if (append && maxBytes >= ECListSize) {
|
||||
SECStatus rv = ssl3_AppendHandshake(ss, ECList, ECListSize);
|
||||
if (append && maxBytes >= ecListSize) {
|
||||
SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
|
||||
if (rv != SECSuccess)
|
||||
return -1;
|
||||
if (!ss->sec.isServer) {
|
||||
@ -1068,11 +1117,11 @@ ssl3_SendSupportedCurvesXtn(
|
||||
ssl_elliptic_curves_xtn;
|
||||
}
|
||||
}
|
||||
return ECListSize;
|
||||
return ecListSize;
|
||||
}
|
||||
|
||||
PRInt32
|
||||
ssl3_GetSupportedECCCurveMask(sslSocket *ss)
|
||||
PRUint32
|
||||
ssl3_GetSupportedECCurveMask(sslSocket *ss)
|
||||
{
|
||||
if (ssl3_SuiteBOnly(ss)) {
|
||||
return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
|
||||
@ -1091,8 +1140,8 @@ ssl3_SendSupportedPointFormatsXtn(
|
||||
{
|
||||
if (!ss || !ssl3_IsECCEnabled(ss))
|
||||
return 0;
|
||||
if (append && maxBytes >= (sizeof ECPtFmt)) {
|
||||
SECStatus rv = ssl3_AppendHandshake(ss, ECPtFmt, (sizeof ECPtFmt));
|
||||
if (append && maxBytes >= (sizeof ecPtFmt)) {
|
||||
SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
|
||||
if (rv != SECSuccess)
|
||||
return -1;
|
||||
if (!ss->sec.isServer) {
|
||||
@ -1101,7 +1150,7 @@ ssl3_SendSupportedPointFormatsXtn(
|
||||
ssl_ec_point_formats_xtn;
|
||||
}
|
||||
}
|
||||
return (sizeof ECPtFmt);
|
||||
return (sizeof ecPtFmt);
|
||||
}
|
||||
|
||||
/* Just make sure that the remote client supports uncompressed points,
|
||||
|
@ -69,6 +69,10 @@ static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
|
||||
SECItem *data);
|
||||
static PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
|
||||
PRUint32 maxBytes);
|
||||
static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
|
||||
PRUint32 maxBytes);
|
||||
static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
|
||||
SECItem *data);
|
||||
|
||||
/*
|
||||
* Write bytes. Using this function means the SECItem structure
|
||||
@ -231,6 +235,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
|
||||
{ ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
|
||||
{ ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
|
||||
{ ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
|
||||
{ ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
|
||||
{ -1, NULL }
|
||||
};
|
||||
|
||||
@ -269,7 +274,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
||||
{ ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
|
||||
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
|
||||
{ ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
|
||||
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }
|
||||
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
|
||||
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
|
||||
/* any extra entries will appear as { 0, NULL } */
|
||||
};
|
||||
|
||||
@ -1998,3 +2004,131 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
|
||||
return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn,
|
||||
ssl3_SendUseSRTPXtn);
|
||||
}
|
||||
|
||||
/* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension
|
||||
* from a client.
|
||||
* See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
||||
static SECStatus
|
||||
ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
|
||||
{
|
||||
SECStatus rv;
|
||||
SECItem algorithms;
|
||||
const unsigned char *b;
|
||||
unsigned int numAlgorithms, i;
|
||||
|
||||
/* Ignore this extension if we aren't doing TLS 1.2 or greater. */
|
||||
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
/* Keep track of negotiated extensions. */
|
||||
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
|
||||
|
||||
rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data,
|
||||
&data->len);
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure;
|
||||
}
|
||||
/* Trailing data, empty value, or odd-length value is invalid. */
|
||||
if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
numAlgorithms = algorithms.len/2;
|
||||
|
||||
/* We don't care to process excessive numbers of algorithms. */
|
||||
if (numAlgorithms > 512) {
|
||||
numAlgorithms = 512;
|
||||
}
|
||||
|
||||
ss->ssl3.hs.clientSigAndHash =
|
||||
PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
|
||||
if (!ss->ssl3.hs.clientSigAndHash) {
|
||||
return SECFailure;
|
||||
}
|
||||
ss->ssl3.hs.numClientSigAndHash = 0;
|
||||
|
||||
b = algorithms.data;
|
||||
for (i = 0; i < numAlgorithms; i++) {
|
||||
unsigned char tls_hash = *(b++);
|
||||
unsigned char tls_sig = *(b++);
|
||||
SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash);
|
||||
|
||||
if (hash == SEC_OID_UNKNOWN) {
|
||||
/* We ignore formats that we don't understand. */
|
||||
continue;
|
||||
}
|
||||
/* tls_sig support will be checked later in
|
||||
* ssl3_PickSignatureHashAlgorithm. */
|
||||
ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash;
|
||||
ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig;
|
||||
ss->ssl3.hs.numClientSigAndHash++;
|
||||
}
|
||||
|
||||
if (!ss->ssl3.hs.numClientSigAndHash) {
|
||||
/* We didn't understand any of the client's requested signature
|
||||
* formats. We'll use the defaults. */
|
||||
PORT_Free(ss->ssl3.hs.clientSigAndHash);
|
||||
ss->ssl3.hs.clientSigAndHash = NULL;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
/* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS
|
||||
* 1.2 ClientHellos. */
|
||||
static PRInt32
|
||||
ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
|
||||
{
|
||||
static const unsigned char signatureAlgorithms[] = {
|
||||
/* This block is the contents of our signature_algorithms extension, in
|
||||
* wire format. See
|
||||
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
||||
tls_hash_sha256, tls_sig_rsa,
|
||||
tls_hash_sha384, tls_sig_rsa,
|
||||
tls_hash_sha1, tls_sig_rsa,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
tls_hash_sha256, tls_sig_ecdsa,
|
||||
tls_hash_sha384, tls_sig_ecdsa,
|
||||
tls_hash_sha1, tls_sig_ecdsa,
|
||||
#endif
|
||||
tls_hash_sha256, tls_sig_dsa,
|
||||
tls_hash_sha1, tls_sig_dsa,
|
||||
};
|
||||
PRInt32 extension_length;
|
||||
|
||||
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
extension_length =
|
||||
2 /* extension type */ +
|
||||
2 /* extension length */ +
|
||||
2 /* supported_signature_algorithms length */ +
|
||||
sizeof(signatureAlgorithms);
|
||||
|
||||
if (append && maxBytes >= extension_length) {
|
||||
SECStatus rv;
|
||||
rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms,
|
||||
sizeof(signatureAlgorithms), 2);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
||||
ssl_signature_algorithms_xtn;
|
||||
} else if (maxBytes < extension_length) {
|
||||
PORT_Assert(0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return extension_length;
|
||||
|
||||
loser:
|
||||
return -1;
|
||||
}
|
||||
|
@ -210,11 +210,51 @@ typedef struct {
|
||||
} u;
|
||||
} SSL3ServerParams;
|
||||
|
||||
/* This enum reflects HashAlgorithm enum from
|
||||
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
||||
*
|
||||
* When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
|
||||
enum {
|
||||
tls_hash_md5 = 1,
|
||||
tls_hash_sha1 = 2,
|
||||
tls_hash_sha224 = 3,
|
||||
tls_hash_sha256 = 4,
|
||||
tls_hash_sha384 = 5,
|
||||
tls_hash_sha512 = 6
|
||||
};
|
||||
|
||||
/* This enum reflects SignatureAlgorithm enum from
|
||||
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
||||
typedef enum {
|
||||
tls_sig_rsa = 1,
|
||||
tls_sig_dsa = 2,
|
||||
tls_sig_ecdsa = 3
|
||||
} TLSSignatureAlgorithm;
|
||||
|
||||
typedef struct {
|
||||
SECOidTag hashAlg;
|
||||
TLSSignatureAlgorithm sigAlg;
|
||||
} SSL3SignatureAndHashAlgorithm;
|
||||
|
||||
/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
|
||||
* prior to 1.2. */
|
||||
typedef struct {
|
||||
PRUint8 md5[16];
|
||||
PRUint8 sha[20];
|
||||
} SSL3HashesIndividually;
|
||||
|
||||
/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
|
||||
* which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually
|
||||
* struct. */
|
||||
typedef struct {
|
||||
unsigned int len;
|
||||
SECOidTag hashAlg;
|
||||
union {
|
||||
PRUint8 raw[64];
|
||||
SSL3HashesIndividually s;
|
||||
} u;
|
||||
} SSL3Hashes;
|
||||
|
||||
|
||||
typedef struct {
|
||||
union {
|
||||
SSL3Opaque anonymous;
|
||||
@ -272,7 +312,7 @@ typedef enum {
|
||||
sender_server = 0x53525652
|
||||
} SSL3Sender;
|
||||
|
||||
typedef SSL3Hashes SSL3Finished;
|
||||
typedef SSL3HashesIndividually SSL3Finished;
|
||||
|
||||
typedef struct {
|
||||
SSL3Opaque verify_data[12];
|
||||
|
@ -25,6 +25,8 @@
|
||||
*
|
||||
* If new ECC cipher suites are added, also update the ssl3CipherSuite arrays
|
||||
* in ssl3ecc.c.
|
||||
*
|
||||
* Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h.
|
||||
*/
|
||||
const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
/* 256-bit */
|
||||
@ -35,6 +37,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
||||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
@ -42,18 +45,22 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
|
||||
/* 128-bit */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_RC4_128_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
@ -66,6 +73,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
SSL_RSA_WITH_RC4_128_SHA,
|
||||
SSL_RSA_WITH_RC4_128_MD5,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
|
||||
/* 112-bit 3DES */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
@ -103,6 +111,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
TLS_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
SSL_RSA_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_SHA256,
|
||||
SSL_RSA_WITH_NULL_MD5,
|
||||
|
||||
/* SSL2 cipher suites. */
|
||||
|
@ -189,6 +189,10 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = (SSL_ERROR_BASE + 124),
|
||||
|
||||
SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 125),
|
||||
|
||||
SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126),
|
||||
SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
|
||||
SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
|
||||
|
||||
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
|
||||
} SSLErrorCodes;
|
||||
#endif /* NO_SECURITY_ERROR_ENUM */
|
||||
|
@ -60,6 +60,7 @@ typedef SSLSignType SSL3SignType;
|
||||
#define mac_sha ssl_mac_sha
|
||||
#define hmac_md5 ssl_hmac_md5
|
||||
#define hmac_sha ssl_hmac_sha
|
||||
#define hmac_sha256 ssl_hmac_sha256
|
||||
|
||||
#define SET_ERROR_CODE /* reminder */
|
||||
#define SEND_ALERT /* reminder */
|
||||
@ -141,7 +142,7 @@ typedef enum { SSLAppOpRead = 0,
|
||||
|
||||
/* Mask of the 25 named curves we support. */
|
||||
#define SSL3_ALL_SUPPORTED_CURVES_MASK 0x3fffffe
|
||||
/* only 3 curves, suite B*/
|
||||
/* Mask of only 3 curves, suite B */
|
||||
#define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
|
||||
|
||||
#ifndef BPB
|
||||
@ -279,9 +280,9 @@ typedef struct {
|
||||
} ssl3CipherSuiteCfg;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 50
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 57
|
||||
#else
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 30
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 35
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
|
||||
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
|
||||
@ -777,6 +778,7 @@ typedef struct SSL3HandshakeStateStr {
|
||||
PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
|
||||
PK11Context * md5; /* handshake running hashes */
|
||||
PK11Context * sha;
|
||||
PK11Context * tls12_handshake_hash;
|
||||
const ssl3KEADef * kea_def;
|
||||
ssl3CipherSuite cipher_suite;
|
||||
const ssl3CipherSuiteDef *suite_def;
|
||||
@ -798,7 +800,7 @@ const ssl3CipherSuiteDef *suite_def;
|
||||
PRUint16 finishedBytes; /* size of single finished below */
|
||||
union {
|
||||
TLSFinished tFinished[2]; /* client, then server */
|
||||
SSL3Hashes sFinished[2];
|
||||
SSL3Finished sFinished[2];
|
||||
SSL3Opaque data[72];
|
||||
} finishedMsgs;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
@ -813,6 +815,12 @@ const ssl3CipherSuiteDef *suite_def;
|
||||
/* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */
|
||||
PRBool cacheSID;
|
||||
|
||||
/* clientSigAndHash contains the contents of the signature_algorithms
|
||||
* extension (if any) from the client. This is only valid for TLS 1.2
|
||||
* or later. */
|
||||
SSL3SignatureAndHashAlgorithm *clientSigAndHash;
|
||||
unsigned int numClientSigAndHash;
|
||||
|
||||
/* This group of values is used for DTLS */
|
||||
PRUint16 sendMessageSeq; /* The sending message sequence
|
||||
* number */
|
||||
@ -1426,7 +1434,7 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch,
|
||||
* runtime to determine which versions are supported by the version of libssl
|
||||
* in use.
|
||||
*/
|
||||
#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_1
|
||||
#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2
|
||||
|
||||
/* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */
|
||||
#define SSL3_ALL_VERSIONS_DISABLED(vrange) \
|
||||
@ -1491,7 +1499,7 @@ extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
|
||||
extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
|
||||
extern SECStatus ssl3_DisableECCSuites(sslSocket * ss,
|
||||
const ssl3CipherSuite * suite);
|
||||
extern PRInt32 ssl3_GetSupportedECCCurveMask(sslSocket *ss);
|
||||
extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss);
|
||||
|
||||
|
||||
/* Macro for finding a curve equivalent in strength to RSA key's */
|
||||
@ -1586,10 +1594,12 @@ extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss,
|
||||
SSL3Opaque *b, PRUint32 length,
|
||||
SECKEYPublicKey *srvrPubKey,
|
||||
SECKEYPrivateKey *srvrPrivKey);
|
||||
extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss);
|
||||
extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss,
|
||||
const SSL3SignatureAndHashAlgorithm *sigAndHash);
|
||||
#endif
|
||||
|
||||
extern SECStatus ssl3_ComputeCommonKeyHash(PRUint8 * hashBuf,
|
||||
extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg,
|
||||
PRUint8 * hashBuf,
|
||||
unsigned int bufLen, SSL3Hashes *hashes,
|
||||
PRBool bypassPKCS11);
|
||||
extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName);
|
||||
@ -1602,12 +1612,21 @@ extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num,
|
||||
PRInt32 lenSize);
|
||||
extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss,
|
||||
const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
|
||||
extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss,
|
||||
const SSL3SignatureAndHashAlgorithm* sigAndHash);
|
||||
extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes,
|
||||
SSL3Opaque **b, PRUint32 *length);
|
||||
extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
|
||||
SSL3Opaque **b, PRUint32 *length);
|
||||
extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
|
||||
PRInt32 bytes, SSL3Opaque **b, PRUint32 *length);
|
||||
extern SECOidTag ssl3_TLSHashAlgorithmToOID(int hashFunc);
|
||||
extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency(
|
||||
const SSL3SignatureAndHashAlgorithm *sigAndHash,
|
||||
CERTCertificate* cert);
|
||||
extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss,
|
||||
SSL3Opaque **b, PRUint32 *length,
|
||||
SSL3SignatureAndHashAlgorithm *out);
|
||||
extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key,
|
||||
SECItem *buf, PRBool isTLS);
|
||||
extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash,
|
||||
|
@ -127,6 +127,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
|
||||
#define B_40 128, 40, 40
|
||||
#define B_0 0, 0, 0
|
||||
|
||||
#define M_SHA256 "SHA256", ssl_hmac_sha256, 256
|
||||
#define M_SHA "SHA1", ssl_mac_sha, 160
|
||||
#define M_MD5 "MD5", ssl_mac_md5, 128
|
||||
|
||||
@ -134,20 +135,24 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
||||
/* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC> <FIPS> */
|
||||
{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
|
||||
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
|
||||
|
||||
{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
||||
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
|
||||
{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
|
||||
@ -164,6 +169,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
||||
{0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
|
||||
{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
|
||||
{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
|
||||
{0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA256, 0, 1, 0, },
|
||||
{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
|
||||
{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
|
||||
|
||||
@ -179,6 +185,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
||||
{0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
||||
|
||||
{0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, },
|
||||
@ -191,6 +198,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
|
||||
|
@ -15,6 +15,7 @@
|
||||
#define SSL_LIBRARY_VERSION_3_0 0x0300
|
||||
#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
|
||||
#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
|
||||
#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303
|
||||
/* Note: this is the internal format, not the wire format */
|
||||
#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302
|
||||
|
||||
@ -132,6 +133,9 @@
|
||||
#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
|
||||
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
|
||||
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A
|
||||
#define TLS_RSA_WITH_NULL_SHA256 0x003B
|
||||
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
|
||||
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
|
||||
|
||||
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
|
||||
#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
|
||||
@ -146,6 +150,8 @@
|
||||
#define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
|
||||
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
|
||||
#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
|
||||
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
|
||||
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
|
||||
|
||||
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
|
||||
#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085
|
||||
@ -195,6 +201,9 @@
|
||||
#define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018
|
||||
#define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019
|
||||
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
|
||||
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
|
||||
|
||||
/* Netscape "experimental" cipher suites. */
|
||||
#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
|
||||
#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
|
||||
|
@ -77,19 +77,22 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
|
||||
{
|
||||
/* some decisions derived from SSL_GetChannelInfo */
|
||||
sslSocket * sslsocket = NULL;
|
||||
SECStatus rv = SECFailure;
|
||||
PRBool enoughFirstHsDone = PR_FALSE;
|
||||
|
||||
if (!pYes)
|
||||
return rv;
|
||||
if (!pYes) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
sslsocket = ssl_FindSocket(socket);
|
||||
if (!sslsocket) {
|
||||
SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
|
||||
SSL_GETPID(), socket));
|
||||
return rv;
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
*pYes = PR_FALSE;
|
||||
|
||||
if (sslsocket->firstHsDone) {
|
||||
enoughFirstHsDone = PR_TRUE;
|
||||
} else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) {
|
||||
@ -109,9 +112,8 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
|
||||
ssl_GetSSL3HandshakeLock(sslsocket);
|
||||
*pYes = ssl3_ExtensionNegotiated(sslsocket, extId);
|
||||
ssl_ReleaseSSL3HandshakeLock(sslsocket);
|
||||
rv = SECSuccess;
|
||||
}
|
||||
}
|
||||
|
||||
return rv;
|
||||
return SECSuccess;
|
||||
}
|
||||
|
@ -30,8 +30,8 @@ struct cipherPolicyStr {
|
||||
typedef struct cipherPolicyStr cipherPolicy;
|
||||
|
||||
/* This table contains two preconfigured policies: Export and France.
|
||||
** It is used only by the functions SSL_SetDomesticPolicy,
|
||||
** SSL_SetExportPolicy, and SSL_SetFrancyPolicy.
|
||||
** It is used only by the functions NSS_SetDomesticPolicy,
|
||||
** NSS_SetExportPolicy, and NSS_SetFrancePolicy.
|
||||
** Order of entries is not important.
|
||||
*/
|
||||
static cipherPolicy ssl_ciphers[] = { /* Export France */
|
||||
@ -54,14 +54,19 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
|
||||
{ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
|
||||
{ SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, SSL_ALLOWED },
|
||||
{ SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
|
||||
{ TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, SSL_ALLOWED },
|
||||
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
@ -81,6 +86,7 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
|
||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
|
||||
{ TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
@ -91,6 +97,7 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
|
||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
{ 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }
|
||||
@ -775,17 +782,20 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
|
||||
rv = SECFailure;
|
||||
} else {
|
||||
if (PR_FALSE != on) {
|
||||
if (PR_SUCCESS == SSL_BypassSetup() ) {
|
||||
/* PKCS#11 bypass is not supported with TLS 1.2. */
|
||||
if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
||||
ss->opt.bypassPKCS11 = PR_FALSE;
|
||||
} else if (PR_SUCCESS == SSL_BypassSetup() ) {
|
||||
#ifdef NO_PKCS11_BYPASS
|
||||
ss->opt.bypassPKCS11 = PR_FALSE;
|
||||
ss->opt.bypassPKCS11 = PR_FALSE;
|
||||
#else
|
||||
ss->opt.bypassPKCS11 = on;
|
||||
ss->opt.bypassPKCS11 = on;
|
||||
#endif
|
||||
} else {
|
||||
rv = SECFailure;
|
||||
}
|
||||
} else {
|
||||
ss->opt.bypassPKCS11 = PR_FALSE;
|
||||
ss->opt.bypassPKCS11 = PR_FALSE;
|
||||
}
|
||||
}
|
||||
break;
|
||||
@ -1870,6 +1880,10 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
|
||||
ssl_GetSSL3HandshakeLock(ss);
|
||||
|
||||
ss->vrange = *vrange;
|
||||
/* PKCS#11 bypass is not supported with TLS 1.2. */
|
||||
if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
||||
ss->opt.bypassPKCS11 = PR_FALSE;
|
||||
}
|
||||
|
||||
ssl_ReleaseSSL3HandshakeLock(ss);
|
||||
ssl_Release1stHandshakeLock(ss);
|
||||
|
@ -88,7 +88,8 @@ typedef enum {
|
||||
ssl_mac_md5 = 1,
|
||||
ssl_mac_sha = 2,
|
||||
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
|
||||
ssl_hmac_sha = 4 /* TLS HMAC version of mac_sha */
|
||||
ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
|
||||
ssl_hmac_sha256 = 5
|
||||
} SSLMACAlgorithm;
|
||||
|
||||
typedef enum {
|
||||
@ -179,12 +180,13 @@ typedef enum {
|
||||
ssl_elliptic_curves_xtn = 10,
|
||||
ssl_ec_point_formats_xtn = 11,
|
||||
#endif
|
||||
ssl_signature_algorithms_xtn = 13,
|
||||
ssl_use_srtp_xtn = 14,
|
||||
ssl_session_ticket_xtn = 35,
|
||||
ssl_next_proto_nego_xtn = 13172,
|
||||
ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
|
||||
} SSLExtensionType;
|
||||
|
||||
#define SSL_MAX_EXTENSIONS 8
|
||||
#define SSL_MAX_EXTENSIONS 9
|
||||
|
||||
#endif /* __sslt_h_ */
|
||||
|
@ -19,12 +19,12 @@
|
||||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
|
||||
*/
|
||||
#define NSSUTIL_VERSION "3.15"
|
||||
#define NSSUTIL_VERSION "3.15.1 Beta"
|
||||
#define NSSUTIL_VMAJOR 3
|
||||
#define NSSUTIL_VMINOR 15
|
||||
#define NSSUTIL_VPATCH 0
|
||||
#define NSSUTIL_VPATCH 1
|
||||
#define NSSUTIL_VBUILD 0
|
||||
#define NSSUTIL_BETA PR_FALSE
|
||||
#define NSSUTIL_BETA PR_TRUE
|
||||
|
||||
SEC_BEGIN_PROTOS
|
||||
|
||||
|
@ -1931,12 +1931,9 @@ SECOID_Init(void)
|
||||
/* initialize any policy flags that are disabled by default */
|
||||
xOids[SEC_OID_MD2 ].notPolicyFlags = ~0;
|
||||
xOids[SEC_OID_MD4 ].notPolicyFlags = ~0;
|
||||
xOids[SEC_OID_MD5 ].notPolicyFlags = ~0;
|
||||
xOids[SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
|
||||
xOids[SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
|
||||
xOids[SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
|
||||
xOids[SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC].notPolicyFlags = ~0;
|
||||
xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0;
|
||||
}
|
||||
|
||||
envVal = PR_GetEnv("NSS_HASH_ALG_SUPPORT");
|
||||
|
@ -88,8 +88,8 @@ ssl_init()
|
||||
ECC_STRING=""
|
||||
fi
|
||||
|
||||
CSHORT="-c ABCDEF:0041:0084cdefgijklmnvyz"
|
||||
CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:0041:0084cdefgijklmnvyz"
|
||||
CSHORT="-c ABCDEF:003B:003C:003D:0041:0084cdefgijklmnvyz"
|
||||
CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:003B:003C:003D:0041:0084cdefgijklmnvyz"
|
||||
|
||||
if [ "${OS_ARCH}" != "WINNT" ]; then
|
||||
ulimit -n 1000 # make sure we have enough file descriptors
|
||||
@ -305,6 +305,9 @@ ssl_cov()
|
||||
if [ "$testmax" = "TLS11" ]; then
|
||||
VMAX="tls1.1"
|
||||
fi
|
||||
if [ "$testmax" = "TLS12" ]; then
|
||||
VMAX="tls1.2"
|
||||
fi
|
||||
|
||||
# These five tests need an EC cert signed with RSA
|
||||
# This requires a different certificate loaded in selfserv
|
||||
|
@ -71,6 +71,22 @@
|
||||
noECC TLS11 v TLS11_RSA_WITH_AES_128_CBC_SHA
|
||||
noECC TLS11 y TLS11_RSA_WITH_AES_256_CBC_SHA
|
||||
noECC TLS11 z TLS11_RSA_WITH_NULL_SHA
|
||||
#
|
||||
noECC TLS12 c TLS12_RSA_WITH_RC4_128_MD5
|
||||
noECC TLS12 d TLS12_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
noECC TLS12 e TLS12_RSA_WITH_DES_CBC_SHA
|
||||
noECC TLS12 i TLS12_RSA_WITH_NULL_MD5
|
||||
noECC TLS12 j TLS12_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
||||
noECC TLS12 k TLS12_RSA_FIPS_WITH_DES_CBC_SHA
|
||||
noECC TLS12 l TLS12_RSA_EXPORT_WITH_DES_CBC_SHA (new)
|
||||
noECC TLS12 m TLS12_RSA_EXPORT_WITH_RC4_56_SHA (new)
|
||||
noECC TLS12 n TLS12_RSA_WITH_RC4_128_SHA
|
||||
noECC TLS12 v TLS12_RSA_WITH_AES_128_CBC_SHA
|
||||
noECC TLS12 y TLS12_RSA_WITH_AES_256_CBC_SHA
|
||||
noECC TLS12 z TLS12_RSA_WITH_NULL_SHA
|
||||
noECC TLS12 :003B TLS12_RSA_WITH_NULL_SHA256
|
||||
noECC TLS12 :003C TLS12_RSA_WITH_AES_128_CBC_SHA256
|
||||
noECC TLS12 :003D TLS12_RSA_WITH_AES_256_CBC_SHA256
|
||||
#
|
||||
# ECC ciphers (TLS)
|
||||
#
|
||||
@ -115,3 +131,26 @@
|
||||
ECC TLS11 :C012 TLS11_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
ECC TLS11 :C013 TLS11_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
||||
ECC TLS11 :C014 TLS11_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||
#
|
||||
ECC TLS12 :C001 TLS12_ECDH_ECDSA_WITH_NULL_SHA
|
||||
ECC TLS12 :C002 TLS12_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||
ECC TLS12 :C003 TLS12_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
ECC TLS12 :C004 TLS12_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||
ECC TLS12 :C005 TLS12_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
ECC TLS12 :C006 TLS12_ECDHE_ECDSA_WITH_NULL_SHA
|
||||
ECC TLS12 :C007 TLS12_ECDHE_ECDSA_WITH_RC4_128_SHA
|
||||
ECC TLS12 :C008 TLS12_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
ECC TLS12 :C009 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||
ECC TLS12 :C00A TLS12_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
||||
ECC TLS12 :C00B TLS12_ECDH_RSA_WITH_NULL_SHA
|
||||
ECC TLS12 :C00C TLS12_ECDH_RSA_WITH_RC4_128_SHA
|
||||
ECC TLS12 :C00D TLS12_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
ECC TLS12 :C00E TLS12_ECDH_RSA_WITH_AES_128_CBC_SHA
|
||||
ECC TLS12 :C00F TLS12_ECDH_RSA_WITH_AES_256_CBC_SHA
|
||||
ECC TLS12 :C010 TLS12_ECDHE_RSA_WITH_NULL_SHA
|
||||
ECC TLS12 :C011 TLS12_ECDHE_RSA_WITH_RC4_128_SHA
|
||||
ECC TLS12 :C012 TLS12_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
ECC TLS12 :C013 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
||||
ECC TLS12 :C014 TLS12_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||
ECC TLS12 :C023 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
ECC TLS12 :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
|
@ -36,9 +36,11 @@
|
||||
# ############################ ECC ciphers ############################
|
||||
#
|
||||
ECC 0 -c_:C009 -V_ssl3:_-c_100_-C_:C009_-N Stress TLS ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
|
||||
ECC 0 -c_:C023 -V_ssl3:_-c_100_-C_:C023_-N Stress TLS ECDHE-ECDSA AES 128 CBC with SHA256 (no reuse)
|
||||
ECC 0 -c_:C004 -V_ssl3:_-c_100_-C_:C004_-N Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse)
|
||||
ECC 0 -c_:C00E -V_ssl3:_-c_100_-C_:C00E_-N Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
|
||||
ECC 0 -c_:C013 -V_ssl3:_-c_1000_-C_:C013 Stress TLS ECDHE-RSA AES 128 CBC with SHA
|
||||
ECC 0 -c_:C027 -V_ssl3:_-c_1000_-C_:C027 Stress TLS ECDHE-RSA AES 128 CBC with SHA256
|
||||
ECC 0 -c_:C004_-u -V_ssl3:_-c_1000_-C_:C004_-u Stress TLS ECDH-ECDSA AES 128 CBC with SHA (session ticket)
|
||||
#
|
||||
# add client auth versions here...
|
||||
|
Loading…
Reference in New Issue
Block a user