diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-17 00:56:40 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-17 00:56:40 +0000 |
| commit | e7bad86e5d70c158115cefb90dc50a2c5fd84f39 (patch) | |
| tree | a54dc8b704dceb8ec1decb60b1dcdc6088180526 | |
| parent | 81e0a85082ccf4b14f48ed5229baa2cbd8642ad4 (diff) | |
| download | chromium_src-e7bad86e5d70c158115cefb90dc50a2c5fd84f39.zip chromium_src-e7bad86e5d70c158115cefb90dc50a2c5fd84f39.tar.gz chromium_src-e7bad86e5d70c158115cefb90dc50a2c5fd84f39.tar.bz2 | |
Revert the workaround for servers that use tiny DH keys.
Add the new error code ERR_SSL_WEAK_SERVER_KEY for these
broken servers.
Use the new SSL_RENEGOTIATE_TRANSITIONAL option. On the
client side it is equivalent to SSL_RENEGOTIATE_UNRESTRICTED.
R=agl
BUG=51694
TEST=Visit https://portal-plumprod.cgc.enbridge.com and
https://www.citylink.com.au. The network error page
should display the error message:
Error 129 (net::ERR_SSL_WEAK_SERVER_KEY): Unknown error.
Review URL: http://codereview.chromium.org/3149012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56283 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | net/base/net_error_list.h | 3 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 4 | ||||
| -rw-r--r-- | net/third_party/nss/README.chromium | 10 | ||||
| -rw-r--r-- | net/third_party/nss/patches/deprioritizedhe.patch | 58 | ||||
| -rw-r--r-- | net/third_party/nss/patches/weakserverkey.patch | 52 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/ssl3con.c | 6 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslenum.c | 2 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslerr.h | 2 |
8 files changed, 69 insertions, 68 deletions
diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h index 1a0e242..5fe0846 100644 --- a/net/base/net_error_list.h +++ b/net/base/net_error_list.h @@ -168,6 +168,9 @@ NET_ERROR(PROXY_AUTH_REQUESTED, -127) // A known TLS strict server didn't offer the renegotiation extension. NET_ERROR(SSL_UNSAFE_NEGOTIATION, -128) +// The SSL server is using a weak cryptographic key. +NET_ERROR(SSL_WEAK_SERVER_KEY, -129) + // Certificate error codes // // The values of certificate error codes must be consecutive. diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 0b256f4..23d6436 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -207,6 +207,8 @@ int MapNSPRError(PRErrorCode err) { return ERR_SSL_BAD_RECORD_MAC_ALERT; case SSL_ERROR_UNSAFE_NEGOTIATION: return ERR_SSL_UNSAFE_NEGOTIATION; + case SSL_ERROR_WEAK_SERVER_KEY: + return ERR_SSL_WEAK_SERVER_KEY; default: { if (IS_SSL_ERROR(err)) { @@ -521,7 +523,7 @@ int SSLClientSocketNSS::InitializeSSLOptions() { // http://extendedsubset.com/?p=8 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, - SSL_RENEGOTIATE_UNRESTRICTED); + SSL_RENEGOTIATE_TRANSITIONAL); } if (rv != SECSuccess) LOG(INFO) << "SSL_ENABLE_RENEGOTIATION failed."; diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium index a16796e..4c4fb36 100644 --- a/net/third_party/nss/README.chromium +++ b/net/third_party/nss/README.chromium @@ -28,13 +28,11 @@ Patches: they're available when we resume a session. patches/cachecerts.patch - * List TLS_DHE_RSA_WITH_AES_256_CBC_SHA after TLS_RSA_WITH_AES_256_CBC_SHA - in ClientHello to communicate securely with some servers that use - 256-bit DH keys. Remove this patch when we upgrade to NSS 3.12.7, - which rejects DH keys shorter than 512 bits. - patches/deprioritizedhe.patch + * Add the SSL_ERROR_WEAK_SERVER_KEY error code for a weak server key in + the Server Key Exchange handshake message. + patches/weakserverkey.patch http://crbug.com/51694 - https://bugzilla.mozilla.org/show_bug.cgi?id=583337 + https://bugzilla.mozilla.org/show_bug.cgi?id=587234 The ssl/bodge directory contains files taken from the NSS repo that we required for building libssl outside of its usual build environment. diff --git a/net/third_party/nss/patches/deprioritizedhe.patch b/net/third_party/nss/patches/deprioritizedhe.patch deleted file mode 100644 index 8784015..0000000 --- a/net/third_party/nss/patches/deprioritizedhe.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c ---- a/security/nss/lib/ssl/ssl3con.c -+++ b/security/nss/lib/ssl/ssl3con.c -@@ -106,24 +106,24 @@ static SECStatus Null_Cipher(void *ctx, - static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { - /* cipher_suite policy enabled is_present*/ - #ifdef NSS_ENABLE_ECC - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - #endif /* NSS_ENABLE_ECC */ - { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, -- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - #ifdef NSS_ENABLE_ECC - { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - #endif /* NSS_ENABLE_ECC */ - { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, -+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - - #ifdef NSS_ENABLE_ECC - { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - #endif /* NSS_ENABLE_ECC */ - { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, -diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c ---- a/security/nss/lib/ssl/sslenum.c -+++ b/security/nss/lib/ssl/sslenum.c -@@ -61,24 +61,24 @@ - const PRUint16 SSL_ImplementedCiphers[] = { - /* 256-bit */ - #ifdef NSS_ENABLE_ECC - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - #endif /* NSS_ENABLE_ECC */ - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, -- TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA, - #ifdef NSS_ENABLE_ECC - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - #endif /* NSS_ENABLE_ECC */ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA, -+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - - /* 128-bit */ - #ifdef NSS_ENABLE_ECC - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_RC4_128_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - #endif /* NSS_ENABLE_ECC */ diff --git a/net/third_party/nss/patches/weakserverkey.patch b/net/third_party/nss/patches/weakserverkey.patch new file mode 100644 index 0000000..5eb84dc --- /dev/null +++ b/net/third_party/nss/patches/weakserverkey.patch @@ -0,0 +1,52 @@ +Index: mozilla/security/nss/lib/ssl/ssl3con.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v +retrieving revision 1.144 +diff -p -u -8 -r1.144 ssl3con.c +--- mozilla/security/nss/lib/ssl/ssl3con.c 12 Aug 2010 01:15:38 -0000 1.144 ++++ mozilla/security/nss/lib/ssl/ssl3con.c 13 Aug 2010 23:23:40 -0000 +@@ -5299,18 +5299,20 @@ ssl3_HandleServerKeyExchange(sslSocket * + SECItem dh_p = {siBuffer, NULL, 0}; + SECItem dh_g = {siBuffer, NULL, 0}; + SECItem dh_Ys = {siBuffer, NULL, 0}; + + rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); + if (rv != SECSuccess) { + goto loser; /* malformed. */ + } +- if (dh_p.len < 512/8) ++ if (dh_p.len < 512/8) { ++ errCode = SSL_ERROR_WEAK_SERVER_KEY; + goto alert_loser; ++ } + rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length); + if (rv != SECSuccess) { + goto loser; /* malformed. */ + } + if (dh_g.len == 0 || dh_g.len > dh_p.len + 1 || + (dh_g.len == 1 && dh_g.data[0] == 0)) + goto alert_loser; + rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); +Index: mozilla/security/nss/lib/ssl/sslerr.h +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslerr.h,v +retrieving revision 1.11 +diff -p -u -8 -r1.11 sslerr.h +--- mozilla/security/nss/lib/ssl/sslerr.h 24 Jun 2010 09:24:18 -0000 1.11 ++++ mozilla/security/nss/lib/ssl/sslerr.h 13 Aug 2010 23:23:40 -0000 +@@ -196,13 +196,15 @@ SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICK + SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110), + + SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111), + SSL_ERROR_RENEGOTIATION_NOT_ALLOWED = (SSL_ERROR_BASE + 112), + SSL_ERROR_UNSAFE_NEGOTIATION = (SSL_ERROR_BASE + 113), + + SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), + ++SSL_ERROR_WEAK_SERVER_KEY = (SSL_ERROR_BASE + 115), ++ + SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ + } SSLErrorCodes; + #endif /* NO_SECURITY_ERROR_ENUM */ + + #endif /* __SSL_ERR_H_ */ diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index 0a138d7..050223a 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -110,6 +110,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { #endif /* NSS_ENABLE_ECC */ { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, + { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, #ifdef NSS_ENABLE_ECC { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, @@ -117,7 +118,6 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { #endif /* NSS_ENABLE_ECC */ { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, #ifdef NSS_ENABLE_ECC { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, @@ -5312,8 +5312,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_p.len < 512/8) + if (dh_p.len < 512/8) { + errCode = SSL_ERROR_WEAK_SERVER_KEY; goto alert_loser; + } rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ diff --git a/net/third_party/nss/ssl/sslenum.c b/net/third_party/nss/ssl/sslenum.c index a70a728..b8aa8cc 100644 --- a/net/third_party/nss/ssl/sslenum.c +++ b/net/third_party/nss/ssl/sslenum.c @@ -66,6 +66,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { #endif /* NSS_ENABLE_ECC */ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, #ifdef NSS_ENABLE_ECC TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, @@ -73,7 +74,6 @@ const PRUint16 SSL_ImplementedCiphers[] = { #endif /* NSS_ENABLE_ECC */ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* 128-bit */ #ifdef NSS_ENABLE_ECC diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h index 2f021e7..bd72f97 100644 --- a/net/third_party/nss/ssl/sslerr.h +++ b/net/third_party/nss/ssl/sslerr.h @@ -201,6 +201,8 @@ SSL_ERROR_UNSAFE_NEGOTIATION = (SSL_ERROR_BASE + 113), SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), +SSL_ERROR_WEAK_SERVER_KEY = (SSL_ERROR_BASE + 115), + SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ |