Bug 881841, update to NSS_3_15_1_BETA1, r=wtc

This commit is contained in:
Kai Engert 2013-06-11 21:07:58 +02:00
parent 8c194c46a4
commit 512c1d629b
32 changed files with 1232 additions and 233 deletions

View File

@ -1 +1 @@
NSS_3_15_RTM
NSS_3_15_1_BETA1

View File

@ -1519,7 +1519,7 @@ static void luUpgradeMerge(enum usage_level ul, const char *command)
FPS "%-20s \n%-20s Cert database directory to upgrade from\n",
" --source-dir certdir", "");
FPS "%-20s \n%-20s Cert & Key database prefix of the upgrade database\n",
" --soruce-prefix dbprefix", "");
" --source-prefix dbprefix", "");
FPS "%-20s \n%-20s Unique identifier for the upgrade database\n",
" --upgrade-id uniqueID", "");
FPS "%-20s \n%-20s Name of the token while it is in upgrade state\n",

View File

@ -3596,6 +3596,10 @@ SECU_GetSSLVersionFromName(const char *buf, size_t bufLen, PRUint16 *version)
*version = SSL_LIBRARY_VERSION_TLS_1_1;
return SECSuccess;
}
if (!PL_strncasecmp(buf, "tls1.2", bufLen)) {
*version = SSL_LIBRARY_VERSION_TLS_1_2;
return SECSuccess;
}
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}

View File

@ -174,7 +174,7 @@ PrintParameterUsage()
fputs(
"-V [min]:[max] restricts the set of enabled SSL/TLS protocol versions.\n"
" All versions are enabled by default.\n"
" Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1\n"
" Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
" Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
"-B bypasses the PKCS11 layer for SSL encryption and MACing\n"
"-q checks for bypassability\n"

View File

@ -1020,7 +1020,7 @@ void print_ssl3_handshake(unsigned char *recordBuf,
case 15: PR_FPUTS("certificate_verify)\n" ); break;
case 16: PR_FPUTS("client_key_exchange)\n" ); break;
case 20: PR_FPUTS("finished)\n" ); break;
case 22: PR_FPUTS("certificate_status_request)\n" ); break;
case 22: PR_FPUTS("certificate_status)\n" ); break;
default: PR_FPUTS("unknown)\n" ); break;
}
@ -1318,7 +1318,7 @@ void print_ssl3_handshake(unsigned char *recordBuf,
}
break;
case 22: /*certificate_status_request*/
case 22: /* certificate_status */
{
SECItem data;
PRFileDesc *ofd;

View File

@ -163,7 +163,7 @@ Usage(const char *progName)
" -P means do a specified percentage of full handshakes (0-100)\n"
" -V [min]:[max] restricts the set of enabled SSL/TLS protocols versions.\n"
" All versions are enabled by default.\n"
" Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1\n"
" Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
" Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
" -U means enable throttling up threads\n"
" -B bypasses the PKCS11 layer for SSL encryption and MACing\n"

View File

@ -203,7 +203,7 @@ static void PrintParameterUsage(void)
fprintf(stderr,
"%-20s Restricts the set of enabled SSL/TLS protocols versions.\n"
"%-20s All versions are enabled by default.\n"
"%-20s Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1\n"
"%-20s Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
"%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n",
"-V [min]:[max]", "", "", "");
fprintf(stderr, "%-20s Prints only payload data. Skips HTTP header.\n", "-S");

View File

@ -49,7 +49,7 @@ CERTSignedCrl *
SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type);
PRBool
SEC_CertNicknameConflict(const char *nickname, SECItem *derSubject,
SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
CERTCertDBHandle *handle);
CERTSignedCrl *
SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type);

View File

@ -32,7 +32,7 @@
#include "dev.h"
PRBool
SEC_CertNicknameConflict(const char *nickname, SECItem *derSubject,
SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
CERTCertDBHandle *handle)
{
CERTCertificate *cert;

View File

@ -33,12 +33,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.15" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VERSION "3.15.1" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
#define NSS_VMAJOR 3
#define NSS_VMINOR 15
#define NSS_VPATCH 0
#define NSS_VPATCH 1
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
#define NSS_BETA PR_TRUE
#ifndef RC_INVOKED

View File

@ -1495,6 +1495,13 @@ SECMOD_CloseUserDB(PK11SlotInfo *slot)
}
rv = secmod_UserDBOp(slot, CKO_NETSCAPE_DELSLOT, sendSpec);
PR_smprintf_free(sendSpec);
/* if we are in the delay period for the "isPresent" call, reset
* the delay since we know things have probably changed... */
if (slot->nssToken && slot->nssToken->slot) {
nssSlot_ResetDelay(slot->nssToken->slot);
/* force the slot info structures to properly reset */
(void)PK11_IsPresent(slot);
}
return rv;
}

View File

@ -697,7 +697,7 @@ merge_object_instances (
for (ci = instances, i = 0; *ci; ci++, i++) {
nssCryptokiObject *instance = nssCryptokiObject_Clone(*ci);
if (instance) {
if (nssPKIObject_AddInstance(to, instance) == SECSuccess) {
if (nssPKIObject_AddInstance(to, instance) == PR_SUCCESS) {
continue;
}
nssCryptokiObject_Destroy(instance);

View File

@ -25,11 +25,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define SOFTOKEN_VERSION "3.15" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VERSION "3.15.1" SOFTOKEN_ECC_STRING " Beta"
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 15
#define SOFTOKEN_VPATCH 0
#define SOFTOKEN_VPATCH 1
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
#define SOFTOKEN_BETA PR_TRUE
#endif /* _SOFTKVER_H_ */

View File

@ -403,3 +403,12 @@ ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, (SSL_ERROR_BASE + 124),
ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 125),
"SSL received an unexpected Certificate Status handshake message.")
ER3(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, (SSL_ERROR_BASE + 126),
"Unsupported hash algorithm used by TLS peer.")
ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127),
"Digest function failed.")
ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
"Incorrect signature algorithm specified in a digitally-signed element.")

View File

@ -764,7 +764,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
ec_curve =
ssl3_GetCurveWithECKeyStrength(
ssl3_GetSupportedECCCurveMask(NULL),
ssl3_GetSupportedECCurveMask(NULL),
requiredECCbits);
rv = ssl3_ECName2Params(NULL, ec_curve, &ecParams);
if (rv == SECFailure) {

File diff suppressed because it is too large Load Diff

View File

@ -207,9 +207,10 @@ params2ecName(SECKEYECParams * params)
/* Caller must set hiLevel error code. */
static SECStatus
ssl3_ComputeECDHKeyHash(SECItem ec_params, SECItem server_ecpoint,
SSL3Random *client_rand, SSL3Random *server_rand,
SSL3Hashes *hashes, PRBool bypassPKCS11)
ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
SECItem ec_params, SECItem server_ecpoint,
SSL3Random *client_rand, SSL3Random *server_rand,
SSL3Hashes *hashes, PRBool bypassPKCS11)
{
PRUint8 * hashBuf;
PRUint8 * pBuf;
@ -245,11 +246,14 @@ ssl3_ComputeECDHKeyHash(SECItem ec_params, SECItem server_ecpoint,
pBuf += server_ecpoint.len;
PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
rv = ssl3_ComputeCommonKeyHash(hashBuf, bufLen, hashes, bypassPKCS11);
rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes,
bypassPKCS11);
PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen));
PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result", hashes->md5, MD5_LENGTH));
PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result", hashes->sha, SHA1_LENGTH));
PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result",
hashes->u.s.md5, MD5_LENGTH));
PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result",
hashes->u.s.sha, SHA1_LENGTH));
if (hashBuf != buf)
PORT_Free(hashBuf);
@ -263,7 +267,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
{
PK11SymKey * pms = NULL;
SECStatus rv = SECFailure;
PRBool isTLS;
PRBool isTLS, isTLS12;
CK_MECHANISM_TYPE target;
SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */
SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */
@ -272,6 +276,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
/* Generate ephemeral EC keypair */
if (svrPubKey->keyType != ecKey) {
@ -290,8 +295,13 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
pubKey->u.ec.publicValue.data,
pubKey->u.ec.publicValue.len));
if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH;
else target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
if (isTLS12) {
target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
} else if (isTLS) {
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
} else {
target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
}
/* Determine the PMS */
pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL,
@ -355,7 +365,7 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
SECStatus rv;
SECKEYPublicKey clntPubKey;
CK_MECHANISM_TYPE target;
PRBool isTLS;
PRBool isTLS, isTLS12;
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
@ -374,9 +384,15 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
}
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH;
else target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
if (isTLS12) {
target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
} else if (isTLS) {
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
} else {
target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
}
/* Determine the PMS */
pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL,
@ -572,7 +588,7 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
{
PLArenaPool * arena = NULL;
SECKEYPublicKey *peerKey = NULL;
PRBool isTLS;
PRBool isTLS, isTLS12;
SECStatus rv;
int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
SSL3AlertDescription desc = illegal_parameter;
@ -582,8 +598,12 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SECItem ec_params = {siBuffer, NULL, 0};
SECItem ec_point = {siBuffer, NULL, 0};
unsigned char paramBuf[3]; /* only for curve_type == named_curve */
SSL3SignatureAndHashAlgorithm sigAndHash;
sigAndHash.hashAlg = SEC_OID_UNKNOWN;
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
/* XXX This works only for named curves, revisit this when
* we support generic curves.
@ -615,6 +635,19 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
goto alert_loser;
}
if (isTLS12) {
rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
&sigAndHash);
if (rv != SECSuccess) {
goto loser; /* malformed or unsupported. */
}
rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
&sigAndHash, ss->sec.peerCert);
if (rv != SECSuccess) {
goto loser;
}
}
rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
if (rv != SECSuccess) {
goto loser; /* malformed. */
@ -637,10 +670,10 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
/*
* check to make sure the hash is signed by right guy
*/
rv = ssl3_ComputeECDHKeyHash(ec_params, ec_point,
&ss->ssl3.hs.client_random,
&ss->ssl3.hs.server_random,
&hashes, ss->opt.bypassPKCS11);
rv = ssl3_ComputeECDHKeyHash(sigAndHash.hashAlg, ec_params, ec_point,
&ss->ssl3.hs.client_random,
&ss->ssl3.hs.server_random,
&hashes, ss->opt.bypassPKCS11);
if (rv != SECSuccess) {
errCode =
@ -704,12 +737,14 @@ no_memory: /* no-memory error has already been set. */
}
SECStatus
ssl3_SendECDHServerKeyExchange(sslSocket *ss)
ssl3_SendECDHServerKeyExchange(
sslSocket *ss,
const SSL3SignatureAndHashAlgorithm *sigAndHash)
{
const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
SECStatus rv = SECFailure;
int length;
PRBool isTLS;
PRBool isTLS, isTLS12;
SECItem signed_hash = {siBuffer, NULL, 0};
SSL3Hashes hashes;
@ -719,7 +754,6 @@ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
ECName curve;
SSL3KEAType certIndex;
/* Generate ephemeral ECDH key pair and send the public key */
curve = ssl3_GetCurveNameForServerSocket(ss);
if (curve == ec_noName) {
@ -748,16 +782,19 @@ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
goto loser;
}
rv = ssl3_ComputeECDHKeyHash(ec_params, ecdhePub->u.ec.publicValue,
&ss->ssl3.hs.client_random,
&ss->ssl3.hs.server_random,
&hashes, ss->opt.bypassPKCS11);
rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg,
ec_params,
ecdhePub->u.ec.publicValue,
&ss->ssl3.hs.client_random,
&ss->ssl3.hs.server_random,
&hashes, ss->opt.bypassPKCS11);
if (rv != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
goto loser;
}
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
/* XXX SSLKEAType isn't really a good choice for
* indexing certificates but that's all we have
@ -781,7 +818,7 @@ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
length = ec_params.len +
1 + ecdhePub->u.ec.publicValue.len +
2 + signed_hash.len;
(isTLS12 ? 2 : 0) + 2 + signed_hash.len;
rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
if (rv != SECSuccess) {
@ -799,6 +836,13 @@ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
goto loser; /* err set by AppendHandshake. */
}
if (isTLS12) {
rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
if (rv != SECSuccess) {
goto loser; /* err set by AppendHandshake. */
}
}
rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
signed_hash.len, 2);
if (rv != SECSuccess) {
@ -851,6 +895,7 @@ static const ssl3CipherSuite ecdh_rsa_suites[] = {
static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
@ -860,6 +905,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
static const ssl3CipherSuite ecdhe_rsa_suites[] = {
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
@ -870,11 +916,13 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
static const ssl3CipherSuite ecSuites[] = {
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
@ -1005,14 +1053,14 @@ static const PRUint8 tlsECList[56] = {
BE(24), BE(25)
};
static const PRUint8 ECPtFmt[6] = {
static const PRUint8 ecPtFmt[6] = {
BE(11), /* Extension type */
BE( 2), /* octets that follow */
1, /* octets that follow */
0 /* uncompressed type only */
};
/* This function already presumes we can do ECC, ssl_IsECCEnabled must be
/* This function already presumes we can do ECC, ssl3_IsECCEnabled must be
* called before this function. It looks to see if we have a token which
* is capable of doing smaller than SuiteB curves. If the token can, we
* presume the token can do the whole SSL suite of curves. If it can't we
@ -1021,10 +1069,11 @@ static const PRUint8 ECPtFmt[6] = {
static PRBool
ssl3_SuiteBOnly(sslSocket *ss)
{
/* look to see if we can handle certs less than 163 bits */
/* See if we can support small curves (like 163). If not, assume we can
* only support Suite-B curves (P-256, P-384, P-521). */
PK11SlotInfo *slot =
PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
ss ? ss->pkcs11PinArg : NULL);
ss ? ss->pkcs11PinArg : NULL);
if (!slot) {
/* nope, presume we can only do suite B */
@ -1044,22 +1093,22 @@ ssl3_SendSupportedCurvesXtn(
PRBool append,
PRUint32 maxBytes)
{
int ECListSize = 0;
const PRUint8 *ECList = NULL;
PRInt32 ecListSize = 0;
const PRUint8 *ecList = NULL;
if (!ss || !ssl3_IsECCEnabled(ss))
return 0;
if (ssl3_SuiteBOnly(ss)) {
ECListSize = sizeof (suiteBECList);
ECList = suiteBECList;
ecListSize = sizeof suiteBECList;
ecList = suiteBECList;
} else {
ECListSize = sizeof (tlsECList);
ECList = tlsECList;
ecListSize = sizeof tlsECList;
ecList = tlsECList;
}
if (append && maxBytes >= ECListSize) {
SECStatus rv = ssl3_AppendHandshake(ss, ECList, ECListSize);
if (append && maxBytes >= ecListSize) {
SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
if (rv != SECSuccess)
return -1;
if (!ss->sec.isServer) {
@ -1068,11 +1117,11 @@ ssl3_SendSupportedCurvesXtn(
ssl_elliptic_curves_xtn;
}
}
return ECListSize;
return ecListSize;
}
PRInt32
ssl3_GetSupportedECCCurveMask(sslSocket *ss)
PRUint32
ssl3_GetSupportedECCurveMask(sslSocket *ss)
{
if (ssl3_SuiteBOnly(ss)) {
return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
@ -1091,8 +1140,8 @@ ssl3_SendSupportedPointFormatsXtn(
{
if (!ss || !ssl3_IsECCEnabled(ss))
return 0;
if (append && maxBytes >= (sizeof ECPtFmt)) {
SECStatus rv = ssl3_AppendHandshake(ss, ECPtFmt, (sizeof ECPtFmt));
if (append && maxBytes >= (sizeof ecPtFmt)) {
SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
if (rv != SECSuccess)
return -1;
if (!ss->sec.isServer) {
@ -1101,7 +1150,7 @@ ssl3_SendSupportedPointFormatsXtn(
ssl_ec_point_formats_xtn;
}
}
return (sizeof ECPtFmt);
return (sizeof ecPtFmt);
}
/* Just make sure that the remote client supports uncompressed points,

View File

@ -69,6 +69,10 @@ static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
SECItem *data);
static PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
PRUint32 maxBytes);
static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data);
/*
* Write bytes. Using this function means the SECItem structure
@ -231,6 +235,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
{ ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
{ ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
{ ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
{ -1, NULL }
};
@ -269,7 +274,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
{ ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
/* any extra entries will appear as { 0, NULL } */
};
@ -1998,3 +2004,131 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn,
ssl3_SendUseSRTPXtn);
}
/* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension
* from a client.
* See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
static SECStatus
ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
{
SECStatus rv;
SECItem algorithms;
const unsigned char *b;
unsigned int numAlgorithms, i;
/* Ignore this extension if we aren't doing TLS 1.2 or greater. */
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
return SECSuccess;
}
/* Keep track of negotiated extensions. */
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data,
&data->len);
if (rv != SECSuccess) {
return SECFailure;
}
/* Trailing data, empty value, or odd-length value is invalid. */
if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
return SECFailure;
}
numAlgorithms = algorithms.len/2;
/* We don't care to process excessive numbers of algorithms. */
if (numAlgorithms > 512) {
numAlgorithms = 512;
}
ss->ssl3.hs.clientSigAndHash =
PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
if (!ss->ssl3.hs.clientSigAndHash) {
return SECFailure;
}
ss->ssl3.hs.numClientSigAndHash = 0;
b = algorithms.data;
for (i = 0; i < numAlgorithms; i++) {
unsigned char tls_hash = *(b++);
unsigned char tls_sig = *(b++);
SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash);
if (hash == SEC_OID_UNKNOWN) {
/* We ignore formats that we don't understand. */
continue;
}
/* tls_sig support will be checked later in
* ssl3_PickSignatureHashAlgorithm. */
ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash;
ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig;
ss->ssl3.hs.numClientSigAndHash++;
}
if (!ss->ssl3.hs.numClientSigAndHash) {
/* We didn't understand any of the client's requested signature
* formats. We'll use the defaults. */
PORT_Free(ss->ssl3.hs.clientSigAndHash);
ss->ssl3.hs.clientSigAndHash = NULL;
}
return SECSuccess;
}
/* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS
* 1.2 ClientHellos. */
static PRInt32
ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
{
static const unsigned char signatureAlgorithms[] = {
/* This block is the contents of our signature_algorithms extension, in
* wire format. See
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
tls_hash_sha256, tls_sig_rsa,
tls_hash_sha384, tls_sig_rsa,
tls_hash_sha1, tls_sig_rsa,
#ifdef NSS_ENABLE_ECC
tls_hash_sha256, tls_sig_ecdsa,
tls_hash_sha384, tls_sig_ecdsa,
tls_hash_sha1, tls_sig_ecdsa,
#endif
tls_hash_sha256, tls_sig_dsa,
tls_hash_sha1, tls_sig_dsa,
};
PRInt32 extension_length;
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
return 0;
}
extension_length =
2 /* extension type */ +
2 /* extension length */ +
2 /* supported_signature_algorithms length */ +
sizeof(signatureAlgorithms);
if (append && maxBytes >= extension_length) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
if (rv != SECSuccess)
goto loser;
rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
if (rv != SECSuccess)
goto loser;
rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms,
sizeof(signatureAlgorithms), 2);
if (rv != SECSuccess)
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_signature_algorithms_xtn;
} else if (maxBytes < extension_length) {
PORT_Assert(0);
return 0;
}
return extension_length;
loser:
return -1;
}

View File

@ -210,11 +210,51 @@ typedef struct {
} u;
} SSL3ServerParams;
/* This enum reflects HashAlgorithm enum from
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
*
* When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
enum {
tls_hash_md5 = 1,
tls_hash_sha1 = 2,
tls_hash_sha224 = 3,
tls_hash_sha256 = 4,
tls_hash_sha384 = 5,
tls_hash_sha512 = 6
};
/* This enum reflects SignatureAlgorithm enum from
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
typedef enum {
tls_sig_rsa = 1,
tls_sig_dsa = 2,
tls_sig_ecdsa = 3
} TLSSignatureAlgorithm;
typedef struct {
SECOidTag hashAlg;
TLSSignatureAlgorithm sigAlg;
} SSL3SignatureAndHashAlgorithm;
/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
* prior to 1.2. */
typedef struct {
PRUint8 md5[16];
PRUint8 sha[20];
} SSL3HashesIndividually;
/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
* which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually
* struct. */
typedef struct {
unsigned int len;
SECOidTag hashAlg;
union {
PRUint8 raw[64];
SSL3HashesIndividually s;
} u;
} SSL3Hashes;
typedef struct {
union {
SSL3Opaque anonymous;
@ -272,7 +312,7 @@ typedef enum {
sender_server = 0x53525652
} SSL3Sender;
typedef SSL3Hashes SSL3Finished;
typedef SSL3HashesIndividually SSL3Finished;
typedef struct {
SSL3Opaque verify_data[12];

View File

@ -25,6 +25,8 @@
*
* If new ECC cipher suites are added, also update the ssl3CipherSuite arrays
* in ssl3ecc.c.
*
* Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h.
*/
const PRUint16 SSL_ImplementedCiphers[] = {
/* 256-bit */
@ -35,6 +37,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
#ifdef NSS_ENABLE_ECC
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
@ -42,18 +45,22 @@ const PRUint16 SSL_ImplementedCiphers[] = {
#endif /* NSS_ENABLE_ECC */
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
/* 128-bit */
#ifdef NSS_ENABLE_ECC
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
#endif /* NSS_ENABLE_ECC */
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
TLS_DHE_DSS_WITH_RC4_128_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
#ifdef NSS_ENABLE_ECC
TLS_ECDH_RSA_WITH_RC4_128_SHA,
@ -66,6 +73,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
SSL_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
/* 112-bit 3DES */
#ifdef NSS_ENABLE_ECC
@ -103,6 +111,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_ECDH_ECDSA_WITH_NULL_SHA,
#endif /* NSS_ENABLE_ECC */
SSL_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_SHA256,
SSL_RSA_WITH_NULL_MD5,
/* SSL2 cipher suites. */

View File

@ -189,6 +189,10 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = (SSL_ERROR_BASE + 124),
SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 125),
SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126),
SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */

View File

@ -60,6 +60,7 @@ typedef SSLSignType SSL3SignType;
#define mac_sha ssl_mac_sha
#define hmac_md5 ssl_hmac_md5
#define hmac_sha ssl_hmac_sha
#define hmac_sha256 ssl_hmac_sha256
#define SET_ERROR_CODE /* reminder */
#define SEND_ALERT /* reminder */
@ -141,7 +142,7 @@ typedef enum { SSLAppOpRead = 0,
/* Mask of the 25 named curves we support. */
#define SSL3_ALL_SUPPORTED_CURVES_MASK 0x3fffffe
/* only 3 curves, suite B*/
/* Mask of only 3 curves, suite B */
#define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
#ifndef BPB
@ -279,9 +280,9 @@ typedef struct {
} ssl3CipherSuiteCfg;
#ifdef NSS_ENABLE_ECC
#define ssl_V3_SUITES_IMPLEMENTED 50
#define ssl_V3_SUITES_IMPLEMENTED 57
#else
#define ssl_V3_SUITES_IMPLEMENTED 30
#define ssl_V3_SUITES_IMPLEMENTED 35
#endif /* NSS_ENABLE_ECC */
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
@ -777,6 +778,7 @@ typedef struct SSL3HandshakeStateStr {
PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
PK11Context * md5; /* handshake running hashes */
PK11Context * sha;
PK11Context * tls12_handshake_hash;
const ssl3KEADef * kea_def;
ssl3CipherSuite cipher_suite;
const ssl3CipherSuiteDef *suite_def;
@ -798,7 +800,7 @@ const ssl3CipherSuiteDef *suite_def;
PRUint16 finishedBytes; /* size of single finished below */
union {
TLSFinished tFinished[2]; /* client, then server */
SSL3Hashes sFinished[2];
SSL3Finished sFinished[2];
SSL3Opaque data[72];
} finishedMsgs;
#ifdef NSS_ENABLE_ECC
@ -813,6 +815,12 @@ const ssl3CipherSuiteDef *suite_def;
/* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */
PRBool cacheSID;
/* clientSigAndHash contains the contents of the signature_algorithms
* extension (if any) from the client. This is only valid for TLS 1.2
* or later. */
SSL3SignatureAndHashAlgorithm *clientSigAndHash;
unsigned int numClientSigAndHash;
/* This group of values is used for DTLS */
PRUint16 sendMessageSeq; /* The sending message sequence
* number */
@ -1426,7 +1434,7 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch,
* runtime to determine which versions are supported by the version of libssl
* in use.
*/
#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_1
#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2
/* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */
#define SSL3_ALL_VERSIONS_DISABLED(vrange) \
@ -1491,7 +1499,7 @@ extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
extern SECStatus ssl3_DisableECCSuites(sslSocket * ss,
const ssl3CipherSuite * suite);
extern PRInt32 ssl3_GetSupportedECCCurveMask(sslSocket *ss);
extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss);
/* Macro for finding a curve equivalent in strength to RSA key's */
@ -1586,10 +1594,12 @@ extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss,
SSL3Opaque *b, PRUint32 length,
SECKEYPublicKey *srvrPubKey,
SECKEYPrivateKey *srvrPrivKey);
extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss);
extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss,
const SSL3SignatureAndHashAlgorithm *sigAndHash);
#endif
extern SECStatus ssl3_ComputeCommonKeyHash(PRUint8 * hashBuf,
extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg,
PRUint8 * hashBuf,
unsigned int bufLen, SSL3Hashes *hashes,
PRBool bypassPKCS11);
extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName);
@ -1602,12 +1612,21 @@ extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num,
PRInt32 lenSize);
extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss,
const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss,
const SSL3SignatureAndHashAlgorithm* sigAndHash);
extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length);
extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length);
extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
PRInt32 bytes, SSL3Opaque **b, PRUint32 *length);
extern SECOidTag ssl3_TLSHashAlgorithmToOID(int hashFunc);
extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency(
const SSL3SignatureAndHashAlgorithm *sigAndHash,
CERTCertificate* cert);
extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss,
SSL3Opaque **b, PRUint32 *length,
SSL3SignatureAndHashAlgorithm *out);
extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key,
SECItem *buf, PRBool isTLS);
extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash,

View File

@ -127,6 +127,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
#define B_40 128, 40, 40
#define B_0 0, 0, 0
#define M_SHA256 "SHA256", ssl_hmac_sha256, 256
#define M_SHA "SHA1", ssl_mac_sha, 160
#define M_MD5 "MD5", ssl_mac_md5, 128
@ -134,20 +135,24 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
/* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC> <FIPS> */
{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
{0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
@ -164,6 +169,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
{0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA256, 0, 1, 0, },
{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
@ -179,6 +185,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
{0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, },
@ -191,6 +198,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
#endif /* NSS_ENABLE_ECC */

View File

@ -15,6 +15,7 @@
#define SSL_LIBRARY_VERSION_3_0 0x0300
#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303
/* Note: this is the internal format, not the wire format */
#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302
@ -132,6 +133,9 @@
#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A
#define TLS_RSA_WITH_NULL_SHA256 0x003B
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
@ -146,6 +150,8 @@
#define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085
@ -195,6 +201,9 @@
#define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018
#define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
/* Netscape "experimental" cipher suites. */
#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1

View File

@ -77,19 +77,22 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
{
/* some decisions derived from SSL_GetChannelInfo */
sslSocket * sslsocket = NULL;
SECStatus rv = SECFailure;
PRBool enoughFirstHsDone = PR_FALSE;
if (!pYes)
return rv;
if (!pYes) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
sslsocket = ssl_FindSocket(socket);
if (!sslsocket) {
SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
SSL_GETPID(), socket));
return rv;
return SECFailure;
}
*pYes = PR_FALSE;
if (sslsocket->firstHsDone) {
enoughFirstHsDone = PR_TRUE;
} else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) {
@ -109,9 +112,8 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
ssl_GetSSL3HandshakeLock(sslsocket);
*pYes = ssl3_ExtensionNegotiated(sslsocket, extId);
ssl_ReleaseSSL3HandshakeLock(sslsocket);
rv = SECSuccess;
}
}
return rv;
return SECSuccess;
}

View File

@ -30,8 +30,8 @@ struct cipherPolicyStr {
typedef struct cipherPolicyStr cipherPolicy;
/* This table contains two preconfigured policies: Export and France.
** It is used only by the functions SSL_SetDomesticPolicy,
** SSL_SetExportPolicy, and SSL_SetFrancyPolicy.
** It is used only by the functions NSS_SetDomesticPolicy,
** NSS_SetExportPolicy, and NSS_SetFrancePolicy.
** Order of entries is not important.
*/
static cipherPolicy ssl_ciphers[] = { /* Export France */
@ -54,14 +54,19 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
{ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
{ SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, SSL_ALLOWED },
{ SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
{ TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, SSL_ALLOWED },
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
@ -81,6 +86,7 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
{ TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
@ -91,6 +97,7 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
#endif /* NSS_ENABLE_ECC */
{ 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }
@ -775,17 +782,20 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
rv = SECFailure;
} else {
if (PR_FALSE != on) {
if (PR_SUCCESS == SSL_BypassSetup() ) {
/* PKCS#11 bypass is not supported with TLS 1.2. */
if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) {
ss->opt.bypassPKCS11 = PR_FALSE;
} else if (PR_SUCCESS == SSL_BypassSetup() ) {
#ifdef NO_PKCS11_BYPASS
ss->opt.bypassPKCS11 = PR_FALSE;
ss->opt.bypassPKCS11 = PR_FALSE;
#else
ss->opt.bypassPKCS11 = on;
ss->opt.bypassPKCS11 = on;
#endif
} else {
rv = SECFailure;
}
} else {
ss->opt.bypassPKCS11 = PR_FALSE;
ss->opt.bypassPKCS11 = PR_FALSE;
}
}
break;
@ -1870,6 +1880,10 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
ssl_GetSSL3HandshakeLock(ss);
ss->vrange = *vrange;
/* PKCS#11 bypass is not supported with TLS 1.2. */
if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) {
ss->opt.bypassPKCS11 = PR_FALSE;
}
ssl_ReleaseSSL3HandshakeLock(ss);
ssl_Release1stHandshakeLock(ss);

View File

@ -88,7 +88,8 @@ typedef enum {
ssl_mac_md5 = 1,
ssl_mac_sha = 2,
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
ssl_hmac_sha = 4 /* TLS HMAC version of mac_sha */
ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
ssl_hmac_sha256 = 5
} SSLMACAlgorithm;
typedef enum {
@ -179,12 +180,13 @@ typedef enum {
ssl_elliptic_curves_xtn = 10,
ssl_ec_point_formats_xtn = 11,
#endif
ssl_signature_algorithms_xtn = 13,
ssl_use_srtp_xtn = 14,
ssl_session_ticket_xtn = 35,
ssl_next_proto_nego_xtn = 13172,
ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
} SSLExtensionType;
#define SSL_MAX_EXTENSIONS 8
#define SSL_MAX_EXTENSIONS 9
#endif /* __sslt_h_ */

View File

@ -19,12 +19,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
#define NSSUTIL_VERSION "3.15"
#define NSSUTIL_VERSION "3.15.1 Beta"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 15
#define NSSUTIL_VPATCH 0
#define NSSUTIL_VPATCH 1
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
#define NSSUTIL_BETA PR_TRUE
SEC_BEGIN_PROTOS

View File

@ -1931,12 +1931,9 @@ SECOID_Init(void)
/* initialize any policy flags that are disabled by default */
xOids[SEC_OID_MD2 ].notPolicyFlags = ~0;
xOids[SEC_OID_MD4 ].notPolicyFlags = ~0;
xOids[SEC_OID_MD5 ].notPolicyFlags = ~0;
xOids[SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
xOids[SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
xOids[SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
xOids[SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC].notPolicyFlags = ~0;
xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0;
}
envVal = PR_GetEnv("NSS_HASH_ALG_SUPPORT");

View File

@ -88,8 +88,8 @@ ssl_init()
ECC_STRING=""
fi
CSHORT="-c ABCDEF:0041:0084cdefgijklmnvyz"
CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:0041:0084cdefgijklmnvyz"
CSHORT="-c ABCDEF:003B:003C:003D:0041:0084cdefgijklmnvyz"
CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:003B:003C:003D:0041:0084cdefgijklmnvyz"
if [ "${OS_ARCH}" != "WINNT" ]; then
ulimit -n 1000 # make sure we have enough file descriptors
@ -305,6 +305,9 @@ ssl_cov()
if [ "$testmax" = "TLS11" ]; then
VMAX="tls1.1"
fi
if [ "$testmax" = "TLS12" ]; then
VMAX="tls1.2"
fi
# These five tests need an EC cert signed with RSA
# This requires a different certificate loaded in selfserv

View File

@ -71,6 +71,22 @@
noECC TLS11 v TLS11_RSA_WITH_AES_128_CBC_SHA
noECC TLS11 y TLS11_RSA_WITH_AES_256_CBC_SHA
noECC TLS11 z TLS11_RSA_WITH_NULL_SHA
#
noECC TLS12 c TLS12_RSA_WITH_RC4_128_MD5
noECC TLS12 d TLS12_RSA_WITH_3DES_EDE_CBC_SHA
noECC TLS12 e TLS12_RSA_WITH_DES_CBC_SHA
noECC TLS12 i TLS12_RSA_WITH_NULL_MD5
noECC TLS12 j TLS12_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
noECC TLS12 k TLS12_RSA_FIPS_WITH_DES_CBC_SHA
noECC TLS12 l TLS12_RSA_EXPORT_WITH_DES_CBC_SHA (new)
noECC TLS12 m TLS12_RSA_EXPORT_WITH_RC4_56_SHA (new)
noECC TLS12 n TLS12_RSA_WITH_RC4_128_SHA
noECC TLS12 v TLS12_RSA_WITH_AES_128_CBC_SHA
noECC TLS12 y TLS12_RSA_WITH_AES_256_CBC_SHA
noECC TLS12 z TLS12_RSA_WITH_NULL_SHA
noECC TLS12 :003B TLS12_RSA_WITH_NULL_SHA256
noECC TLS12 :003C TLS12_RSA_WITH_AES_128_CBC_SHA256
noECC TLS12 :003D TLS12_RSA_WITH_AES_256_CBC_SHA256
#
# ECC ciphers (TLS)
#
@ -115,3 +131,26 @@
ECC TLS11 :C012 TLS11_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ECC TLS11 :C013 TLS11_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECC TLS11 :C014 TLS11_ECDHE_RSA_WITH_AES_256_CBC_SHA
#
ECC TLS12 :C001 TLS12_ECDH_ECDSA_WITH_NULL_SHA
ECC TLS12 :C002 TLS12_ECDH_ECDSA_WITH_RC4_128_SHA
ECC TLS12 :C003 TLS12_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
ECC TLS12 :C004 TLS12_ECDH_ECDSA_WITH_AES_128_CBC_SHA
ECC TLS12 :C005 TLS12_ECDH_ECDSA_WITH_AES_256_CBC_SHA
ECC TLS12 :C006 TLS12_ECDHE_ECDSA_WITH_NULL_SHA
ECC TLS12 :C007 TLS12_ECDHE_ECDSA_WITH_RC4_128_SHA
ECC TLS12 :C008 TLS12_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
ECC TLS12 :C009 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ECC TLS12 :C00A TLS12_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ECC TLS12 :C00B TLS12_ECDH_RSA_WITH_NULL_SHA
ECC TLS12 :C00C TLS12_ECDH_RSA_WITH_RC4_128_SHA
ECC TLS12 :C00D TLS12_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
ECC TLS12 :C00E TLS12_ECDH_RSA_WITH_AES_128_CBC_SHA
ECC TLS12 :C00F TLS12_ECDH_RSA_WITH_AES_256_CBC_SHA
ECC TLS12 :C010 TLS12_ECDHE_RSA_WITH_NULL_SHA
ECC TLS12 :C011 TLS12_ECDHE_RSA_WITH_RC4_128_SHA
ECC TLS12 :C012 TLS12_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ECC TLS12 :C013 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECC TLS12 :C014 TLS12_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECC TLS12 :C023 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ECC TLS12 :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256

View File

@ -36,9 +36,11 @@
# ############################ ECC ciphers ############################
#
ECC 0 -c_:C009 -V_ssl3:_-c_100_-C_:C009_-N Stress TLS ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
ECC 0 -c_:C023 -V_ssl3:_-c_100_-C_:C023_-N Stress TLS ECDHE-ECDSA AES 128 CBC with SHA256 (no reuse)
ECC 0 -c_:C004 -V_ssl3:_-c_100_-C_:C004_-N Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse)
ECC 0 -c_:C00E -V_ssl3:_-c_100_-C_:C00E_-N Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
ECC 0 -c_:C013 -V_ssl3:_-c_1000_-C_:C013 Stress TLS ECDHE-RSA AES 128 CBC with SHA
ECC 0 -c_:C027 -V_ssl3:_-c_1000_-C_:C027 Stress TLS ECDHE-RSA AES 128 CBC with SHA256
ECC 0 -c_:C004_-u -V_ssl3:_-c_1000_-C_:C004_-u Stress TLS ECDH-ECDSA AES 128 CBC with SHA (session ticket)
#
# add client auth versions here...