diff options
| author | rsleevi <rsleevi@chromium.org> | 2015-05-27 14:58:19 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-05-27 21:58:56 +0000 |
| commit | bd29bd8fc050ffcb7e3513dc0ddacb9589681824 (patch) | |
| tree | fac050864dd6486e6ff086a0426a220796fa68f9 /net/third_party/nss | |
| parent | 7e202d1a79abfe327b6f015839830528dea4d19b (diff) | |
| download | chromium_src-bd29bd8fc050ffcb7e3513dc0ddacb9589681824.zip chromium_src-bd29bd8fc050ffcb7e3513dc0ddacb9589681824.tar.gz chromium_src-bd29bd8fc050ffcb7e3513dc0ddacb9589681824.tar.bz2 | |
Uprev libssl from 3.18.0 RTM to 3.19.0 RTM
BUG=492448
R=davidben@chromium.org
Review URL: https://codereview.chromium.org/1156003004
Cr-Commit-Position: refs/heads/master@{#331665}
Diffstat (limited to 'net/third_party/nss')
26 files changed, 516 insertions, 459 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium index cbc8b4e..f47896d 100644 --- a/net/third_party/nss/README.chromium +++ b/net/third_party/nss/README.chromium @@ -1,6 +1,6 @@ Name: Network Security Services (NSS) URL: http://www.mozilla.org/projects/security/pki/nss/ -Version: 3.18 RTM +Version: 3.19 RTM Security Critical: Yes License: MPL 2 License File: NOT_SHIPPED @@ -11,7 +11,7 @@ This directory includes a copy of NSS's libssl from the hg repo at: The same module appears in crypto/third_party/nss (and third_party/nss on some platforms), so we don't repeat the license file here. -The snapshot was updated to the hg tag: NSS_3_18_RTM +The snapshot was updated to the hg tag: NSS_3_19_RTM Patches: diff --git a/net/third_party/nss/patches/aesgcmchromium.patch b/net/third_party/nss/patches/aesgcmchromium.patch index e735837..6172a09 100644 --- a/net/third_party/nss/patches/aesgcmchromium.patch +++ b/net/third_party/nss/patches/aesgcmchromium.patch @@ -1,5 +1,5 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index da0abfb..375ed6a 100644 +index 1167d6d..dabe333 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -8,6 +8,7 @@ @@ -97,7 +97,7 @@ index da0abfb..375ed6a 100644 maxout, in, inlen); } *outlen += (int) uOutLen; -@@ -5147,6 +5208,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5162,6 +5223,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) ssl3_DisableNonDTLSSuites(ss); } @@ -108,7 +108,7 @@ index da0abfb..375ed6a 100644 /* how many suites are permitted by policy and user preference? */ num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); if (!num_suites) { -@@ -8159,6 +8224,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -8172,6 +8237,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ssl3_DisableNonDTLSSuites(ss); } diff --git a/net/third_party/nss/patches/cachecerts.patch b/net/third_party/nss/patches/cachecerts.patch index adb7e3e..18fcc24 100644 --- a/net/third_party/nss/patches/cachecerts.patch +++ b/net/third_party/nss/patches/cachecerts.patch @@ -1,5 +1,5 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 529eb42..ebaee61 100644 +index 163572c..60af5b0 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -43,6 +43,7 @@ @@ -10,7 +10,7 @@ index 529eb42..ebaee61 100644 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, PK11SlotInfo * serverKeySlot); static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); -@@ -6534,6 +6535,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6549,6 +6550,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* copy the peer cert from the SID */ if (sid->peerCert != NULL) { ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); @@ -18,7 +18,7 @@ index 529eb42..ebaee61 100644 } /* NULL value for PMS signifies re-use of the old MS */ -@@ -8127,6 +8129,7 @@ compression_found: +@@ -8140,6 +8142,7 @@ compression_found: ss->sec.ci.sid = sid; if (sid->peerCert != NULL) { ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); @@ -26,7 +26,7 @@ index 529eb42..ebaee61 100644 } /* -@@ -9750,6 +9753,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss) +@@ -9763,6 +9766,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss) ss->ssl3.peerCertChain = NULL; } @@ -71,7 +71,7 @@ index 529eb42..ebaee61 100644 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete * ssl3 CertificateStatus message. * Caller must hold Handshake and RecvBuf locks. -@@ -10028,6 +10069,7 @@ ssl3_AuthCertificate(sslSocket *ss) +@@ -10041,6 +10082,7 @@ ssl3_AuthCertificate(sslSocket *ss) } ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert); @@ -80,7 +80,7 @@ index 529eb42..ebaee61 100644 if (!ss->sec.isServer) { CERTCertificate *cert = ss->sec.peerCert; diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 858ae0c..88a7039 100644 +index 1b38a52..086f6d2 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -597,6 +597,8 @@ typedef enum { never_cached, diff --git a/net/third_party/nss/patches/cachelocks.patch b/net/third_party/nss/patches/cachelocks.patch index a019b6d..66a539b 100644 --- a/net/third_party/nss/patches/cachelocks.patch +++ b/net/third_party/nss/patches/cachelocks.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index adaa9a4..708a4c7 100644 +index 6819b03..6a4a443 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -5733,7 +5733,6 @@ SSL3_ShutdownServerCache(void) +@@ -5748,7 +5748,6 @@ SSL3_ShutdownServerCache(void) } PZ_Unlock(symWrapKeysLock); @@ -10,7 +10,7 @@ index adaa9a4..708a4c7 100644 return SECSuccess; } -@@ -5785,7 +5784,7 @@ getWrappingKey( sslSocket * ss, +@@ -5800,7 +5799,7 @@ getWrappingKey( sslSocket * ss, pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType]; @@ -20,10 +20,10 @@ index adaa9a4..708a4c7 100644 PZ_Lock(symWrapKeysLock); diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 643570f..62f822a 100644 +index 88b2eba..c4c87b4 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1917,9 +1917,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void); +@@ -1924,9 +1924,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void); extern SECStatus ssl_FreeSymWrapKeysLock(void); diff --git a/net/third_party/nss/patches/chacha20poly1305.patch b/net/third_party/nss/patches/chacha20poly1305.patch index 2a4c564..a9017f1 100644 --- a/net/third_party/nss/patches/chacha20poly1305.patch +++ b/net/third_party/nss/patches/chacha20poly1305.patch @@ -1,5 +1,5 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 375ed6a..adaa9a4 100644 +index dabe333..6819b03 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -41,6 +41,21 @@ @@ -135,10 +135,10 @@ index 375ed6a..adaa9a4 100644 } diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c -index 003ed78..d5d6c9c 100644 +index 9b91270..31e0774 100644 --- a/ssl/ssl3ecc.c +++ b/ssl/ssl3ecc.c -@@ -920,6 +920,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = { +@@ -921,6 +921,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, @@ -146,7 +146,7 @@ index 003ed78..d5d6c9c 100644 TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0 /* end of list marker */ -@@ -931,6 +932,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { +@@ -932,6 +933,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, @@ -154,7 +154,7 @@ index 003ed78..d5d6c9c 100644 TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0 /* end of list marker */ -@@ -943,6 +945,7 @@ static const ssl3CipherSuite ecSuites[] = { +@@ -944,6 +946,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, @@ -162,7 +162,7 @@ index 003ed78..d5d6c9c 100644 TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, -@@ -950,6 +953,7 @@ static const ssl3CipherSuite ecSuites[] = { +@@ -951,6 +954,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, @@ -200,7 +200,7 @@ index 09ce43f..a036627 100644 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 88f559a..643570f 100644 +index ea71975..88b2eba 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -65,6 +65,7 @@ typedef SSLSignType SSL3SignType; diff --git a/net/third_party/nss/patches/channelid.patch b/net/third_party/nss/patches/channelid.patch index 9fc6012..e2b9854 100644 --- a/net/third_party/nss/patches/channelid.patch +++ b/net/third_party/nss/patches/channelid.patch @@ -55,7 +55,7 @@ index 593dd00..716537d 100644 ** How long should we wait before retransmitting the next flight of ** the DTLS handshake? Returns SECFailure if not DTLS or not in a diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 1852806..45c3454 100644 +index 29e8f1c..c0e8e79 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateStatus( sslSocket *ss); @@ -66,7 +66,7 @@ index 1852806..45c3454 100644 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); static SECStatus ssl3_SendServerHello( sslSocket *ss); static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); -@@ -6281,6 +6282,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6296,6 +6297,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } #endif /* NSS_PLATFORM_CLIENT_AUTH */ @@ -82,7 +82,7 @@ index 1852806..45c3454 100644 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); if (temp < 0) { goto loser; /* alert has been sent */ -@@ -6563,7 +6573,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6578,7 +6588,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto alert_loser; /* err code was set */ } @@ -91,10 +91,10 @@ index 1852806..45c3454 100644 } while (0); if (sid_match) -@@ -6589,6 +6599,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) - - ss->ssl3.hs.isResuming = PR_FALSE; - ss->ssl3.hs.ws = wait_server_cert; +@@ -6613,6 +6623,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) + } else { + ss->ssl3.hs.ws = wait_cert_request; + } + +winner: + /* If we will need a ChannelID key then we make the callback now. This @@ -119,7 +119,7 @@ index 1852806..45c3454 100644 return SECSuccess; alert_loser: -@@ -7550,7 +7581,14 @@ ssl3_SendClientSecondRound(sslSocket *ss) +@@ -7565,7 +7596,14 @@ ssl3_SendClientSecondRound(sslSocket *ss) if (rv != SECSuccess) { goto loser; /* err code was set. */ } @@ -134,7 +134,7 @@ index 1852806..45c3454 100644 if (ss->opt.enableFalseStart) { if (!ss->ssl3.hs.authCertificatePending) { /* When we fix bug 589047, we will need to know whether we are -@@ -7587,6 +7625,33 @@ ssl3_SendClientSecondRound(sslSocket *ss) +@@ -7602,6 +7640,33 @@ ssl3_SendClientSecondRound(sslSocket *ss) ssl_ReleaseXmitBufLock(ss); /*******************************/ @@ -168,7 +168,7 @@ index 1852806..45c3454 100644 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) ss->ssl3.hs.ws = wait_new_session_ticket; else -@@ -10582,6 +10647,184 @@ ssl3_RecordKeyLog(sslSocket *ss) +@@ -10590,6 +10655,184 @@ ssl3_RecordKeyLog(sslSocket *ss) } /* called from ssl3_SendClientSecondRound @@ -353,7 +353,7 @@ index 1852806..45c3454 100644 * ssl3_HandleClientHello * ssl3_HandleFinished */ -@@ -10841,11 +11084,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, +@@ -10849,11 +11092,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER; } @@ -374,7 +374,7 @@ index 1852806..45c3454 100644 } if (IS_DTLS(ss)) { -@@ -12325,6 +12573,11 @@ ssl3_DestroySSL3Info(sslSocket *ss) +@@ -12333,6 +12581,11 @@ ssl3_DestroySSL3Info(sslSocket *ss) ssl_FreePlatformKey(ss->ssl3.platformClientKey); #endif /* NSS_PLATFORM_CLIENT_AUTH */ @@ -387,13 +387,13 @@ index 1852806..45c3454 100644 ssl3_CleanupPeerCerts(ss); diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c -index 9345be8..b6ed17d 100644 +index 0a2288a..4d17587 100644 --- a/ssl/ssl3ext.c +++ b/ssl/ssl3ext.c -@@ -68,6 +68,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); - static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, - SECItem *data); +@@ -73,6 +73,10 @@ static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); + static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); +static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss, + PRUint16 ex_type, SECItem *data); +static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append, @@ -401,23 +401,23 @@ index 9345be8..b6ed17d 100644 static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, -@@ -264,6 +268,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { +@@ -269,6 +273,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, + { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, { -1, NULL } }; -@@ -291,6 +296,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { +@@ -296,6 +301,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, + { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, -@@ -910,6 +916,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) +@@ -930,6 +936,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } static SECStatus @@ -538,7 +538,7 @@ index 12dbb1d..24bf893 100644 } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index c6ac398..57346cb 100644 +index 2cf0b3a..e11860e 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -711,6 +711,14 @@ struct sslSessionIDStr { @@ -556,7 +556,7 @@ index c6ac398..57346cb 100644 /* This lock is lazily initialized by CacheSID when a sid is first * cached. Before then, there is no need to lock anything because * the sid isn't being shared by anything. -@@ -980,6 +988,9 @@ struct ssl3StateStr { +@@ -986,6 +994,9 @@ struct ssl3StateStr { CERTCertificateList *clientCertChain; /* used by client */ PRBool sendEmptyCert; /* used by client */ @@ -566,7 +566,7 @@ index c6ac398..57346cb 100644 int policy; /* This says what cipher suites we can do, and should * be either SSL_ALLOWED or SSL_RESTRICTED -@@ -1257,6 +1268,8 @@ const unsigned char * preferredCipher; +@@ -1264,6 +1275,8 @@ const unsigned char * preferredCipher; void *pkcs11PinArg; SSLNextProtoCallback nextProtoCallback; void *nextProtoArg; @@ -575,7 +575,7 @@ index c6ac398..57346cb 100644 PRIntervalTime rTimeout; /* timeout for NSPR I/O */ PRIntervalTime wTimeout; /* timeout for NSPR I/O */ -@@ -1603,6 +1616,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, +@@ -1610,6 +1623,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, SECKEYPrivateKey * key, CERTCertificateList *certChain); @@ -649,7 +649,7 @@ index d44336e..5c6751a 100644 * this implementation exists to maintain link-time compatibility. */ diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index a939781..d3f3bf4 100644 +index 9431fe4..042f24f 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -288,6 +288,8 @@ ssl_DupSocket(sslSocket *os) diff --git a/net/third_party/nss/patches/cipherorder.patch b/net/third_party/nss/patches/cipherorder.patch index 8943990..2cbf2f7 100644 --- a/net/third_party/nss/patches/cipherorder.patch +++ b/net/third_party/nss/patches/cipherorder.patch @@ -17,10 +17,10 @@ index e9f5fb0..be6d88e 100644 * values. See RFC 5929. */ typedef enum SSLChannelBindingType { diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 3421e0b..c1f30a3 100644 +index 54c5b80..26b87c6 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -12623,6 +12623,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled) +@@ -12631,6 +12631,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled) return rv; } @@ -68,10 +68,10 @@ index 3421e0b..c1f30a3 100644 void ssl3_InitSocketPolicy(sslSocket *ss) diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 2f61a46..f796a14 100644 +index 0fd0a89..d12228e 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1747,6 +1747,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool +@@ -1754,6 +1754,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on); extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled); extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled); @@ -81,7 +81,7 @@ index 2f61a46..f796a14 100644 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index 80f4e67..13634c6 100644 +index 72058f5..09a0fb5 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -1316,6 +1316,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) diff --git a/net/third_party/nss/patches/clientauth.patch b/net/third_party/nss/patches/clientauth.patch index 18e3b88..83206b0 100644 --- a/net/third_party/nss/patches/clientauth.patch +++ b/net/third_party/nss/patches/clientauth.patch @@ -52,7 +52,7 @@ index 91a47a6..4e7d52e 100644 /* ** SNI extension processing callback function. diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index ebaee61..40ae885 100644 +index 60af5b0..b9014ef 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -2503,6 +2503,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) { @@ -65,7 +65,7 @@ index ebaee61..40ae885 100644 if (!sid || !sid->u.ssl3.clAuthValid) { return PR_TRUE; } -@@ -6163,25 +6166,36 @@ ssl3_SendCertificateVerify(sslSocket *ss) +@@ -6178,25 +6181,36 @@ ssl3_SendCertificateVerify(sslSocket *ss) isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); @@ -119,7 +119,7 @@ index ebaee61..40ae885 100644 if (rv != SECSuccess) { goto done; /* err code was set by ssl3_SignHashes */ } -@@ -6260,6 +6274,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6275,6 +6289,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); ss->ssl3.clientPrivateKey = NULL; } @@ -132,7 +132,7 @@ index ebaee61..40ae885 100644 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); if (temp < 0) { -@@ -6887,6 +6907,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss, +@@ -6904,6 +6924,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss, goto done; } @@ -151,7 +151,7 @@ index ebaee61..40ae885 100644 /* If the key is a 1024-bit RSA or DSA key, assume conservatively that * it may be unable to sign SHA-256 hashes. This is the case for older * Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and -@@ -6985,6 +7017,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -7002,6 +7034,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem cert_types = {siBuffer, NULL, 0}; SECItem algorithms = {siBuffer, NULL, 0}; CERTDistNames ca_list; @@ -162,7 +162,7 @@ index ebaee61..40ae885 100644 SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake", SSL_GETPID(), ss->fd)); -@@ -7001,6 +7037,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -7017,6 +7053,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert(ss->ssl3.clientCertChain == NULL); PORT_Assert(ss->ssl3.clientCertificate == NULL); PORT_Assert(ss->ssl3.clientPrivateKey == NULL); @@ -170,7 +170,7 @@ index ebaee61..40ae885 100644 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); -@@ -7080,6 +7117,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -7096,6 +7133,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) desc = no_certificate; ss->ssl3.hs.ws = wait_hello_done; @@ -189,7 +189,7 @@ index ebaee61..40ae885 100644 if (ss->getClientAuthData != NULL) { /* XXX Should pass cert_types and algorithms in this call!! */ rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg, -@@ -7089,12 +7138,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -7105,12 +7154,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } else { rv = SECFailure; /* force it to send a no_certificate alert */ } @@ -245,7 +245,7 @@ index ebaee61..40ae885 100644 /* check what the callback function returned */ if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) { /* we are missing either the key or cert */ -@@ -7156,6 +7248,10 @@ loser: +@@ -7172,6 +7264,10 @@ loser: done: if (arena != NULL) PORT_FreeArena(arena, PR_FALSE); @@ -256,7 +256,7 @@ index ebaee61..40ae885 100644 return rv; } -@@ -7273,7 +7369,8 @@ ssl3_SendClientSecondRound(sslSocket *ss) +@@ -7288,7 +7384,8 @@ ssl3_SendClientSecondRound(sslSocket *ss) sendClientCert = !ss->ssl3.sendEmptyCert && ss->ssl3.clientCertChain != NULL && @@ -266,7 +266,7 @@ index ebaee61..40ae885 100644 if (!sendClientCert && ss->ssl3.hs.hashType == handshake_hash_single && -@@ -12140,6 +12237,10 @@ ssl3_DestroySSL3Info(sslSocket *ss) +@@ -12148,6 +12245,10 @@ ssl3_DestroySSL3Info(sslSocket *ss) if (ss->ssl3.clientPrivateKey != NULL) SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); @@ -278,10 +278,10 @@ index ebaee61..40ae885 100644 if (ss->ssl3.peerCertArena != NULL) ssl3_CleanupPeerCerts(ss); diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c -index 3660866..9345be8 100644 +index 28d21c4..0a2288a 100644 --- a/ssl/ssl3ext.c +++ b/ssl/ssl3ext.c -@@ -10,8 +10,8 @@ +@@ -11,8 +11,8 @@ #include "nssrenam.h" #include "nss.h" #include "ssl.h" @@ -325,7 +325,7 @@ index ed74d94..7f9c43b 100644 SECStatus SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg) diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 88a7039..cda1869 100644 +index 086f6d2..bbc9bd2 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -20,6 +20,7 @@ @@ -367,7 +367,7 @@ index 88a7039..cda1869 100644 /* -@@ -955,6 +973,10 @@ struct ssl3StateStr { +@@ -961,6 +979,10 @@ struct ssl3StateStr { CERTCertificate * clientCertificate; /* used by client */ SECKEYPrivateKey * clientPrivateKey; /* used by client */ @@ -378,7 +378,7 @@ index 88a7039..cda1869 100644 CERTCertificateList *clientCertChain; /* used by client */ PRBool sendEmptyCert; /* used by client */ -@@ -1216,6 +1238,10 @@ const unsigned char * preferredCipher; +@@ -1223,6 +1245,10 @@ const unsigned char * preferredCipher; void *authCertificateArg; SSLGetClientAuthData getClientAuthData; void *getClientAuthDataArg; @@ -389,7 +389,7 @@ index 88a7039..cda1869 100644 SSLSNISocketConfig sniSocketConfig; void *sniSocketConfigArg; SSLBadCertHandler handleBadCert; -@@ -1856,6 +1882,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit); +@@ -1863,6 +1889,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit); extern SECStatus ssl_FreeSessionCacheLocks(void); @@ -417,7 +417,7 @@ index 88a7039..cda1869 100644 /**************** DTLS-specific functions **************/ extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg); diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index 90bc457..fccc664 100644 +index 282bb85..6c09992 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -275,6 +275,10 @@ ssl_DupSocket(sslSocket *os) diff --git a/net/third_party/nss/patches/dh1024.patch b/net/third_party/nss/patches/dh1024.patch index 99fbcc7..3b76da0 100644 --- a/net/third_party/nss/patches/dh1024.patch +++ b/net/third_party/nss/patches/dh1024.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 89c98ea..861d434 100644 +index a67a9d1..02b0dda 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -6946,7 +6946,8 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6964,7 +6964,8 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed. */ } diff --git a/net/third_party/nss/patches/didhandshakeresume.patch b/net/third_party/nss/patches/didhandshakeresume.patch index f4b04be..06f024c 100644 --- a/net/third_party/nss/patches/didhandshakeresume.patch +++ b/net/third_party/nss/patches/didhandshakeresume.patch @@ -13,7 +13,7 @@ index 4e7d52e..34142fc 100644 ** How long should we wait before retransmitting the next flight of ** the DTLS handshake? Returns SECFailure if not DTLS or not in a diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index fccc664..688f399 100644 +index 6c09992..1a9c584 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -1897,6 +1897,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd) diff --git a/net/third_party/nss/patches/getrequestedclientcerttypes.patch b/net/third_party/nss/patches/getrequestedclientcerttypes.patch index db1464c..dbd6a15 100644 --- a/net/third_party/nss/patches/getrequestedclientcerttypes.patch +++ b/net/third_party/nss/patches/getrequestedclientcerttypes.patch @@ -20,10 +20,10 @@ index 34142fc..e2d1b09 100644 #ifdef SSL_DEPRECATED_FUNCTION /* deprecated! diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 40ae885..cb59cc1 100644 +index b9014ef..800c28e 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -7045,6 +7045,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -7061,6 +7061,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) goto loser; /* malformed, alert has been sent */ @@ -33,7 +33,7 @@ index 40ae885..cb59cc1 100644 if (isTLS12) { rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); if (rv != SECSuccess) -@@ -7246,6 +7249,7 @@ loser: +@@ -7262,6 +7265,7 @@ loser: PORT_SetError(errCode); rv = SECFailure; done: @@ -42,10 +42,10 @@ index 40ae885..cb59cc1 100644 PORT_FreeArena(arena, PR_FALSE); #ifdef NSS_PLATFORM_CLIENT_AUTH diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index cda1869..9f59f5a 100644 +index bbc9bd2..46e618a 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1231,6 +1231,10 @@ struct sslSocketStr { +@@ -1238,6 +1238,10 @@ struct sslSocketStr { unsigned int sizeCipherSpecs; const unsigned char * preferredCipher; @@ -57,7 +57,7 @@ index cda1869..9f59f5a 100644 /* Callbacks */ diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index 688f399..a939781 100644 +index 1a9c584..9431fe4 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -1911,6 +1911,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) { diff --git a/net/third_party/nss/patches/norenegotiatelock.patch b/net/third_party/nss/patches/norenegotiatelock.patch index 9ffde05..4d512e4 100644 --- a/net/third_party/nss/patches/norenegotiatelock.patch +++ b/net/third_party/nss/patches/norenegotiatelock.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 424c1fb..89c98ea 100644 +index f5afab7..a67a9d1 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -5532,9 +5532,7 @@ ssl3_HandleHelloRequest(sslSocket *ss) +@@ -5547,9 +5547,7 @@ ssl3_HandleHelloRequest(sslSocket *ss) return SECFailure; } if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { diff --git a/net/third_party/nss/patches/nssrwlock.patch b/net/third_party/nss/patches/nssrwlock.patch index c5e2b57..d56dbfb 100644 --- a/net/third_party/nss/patches/nssrwlock.patch +++ b/net/third_party/nss/patches/nssrwlock.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 17c368e..424c1fb 100644 +index 0ac85da..f5afab7 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -5246,7 +5246,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5261,7 +5261,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) * the lock across the calls to ssl3_CallHelloExtensionSenders. */ if (sid->u.ssl3.lock) { @@ -11,7 +11,7 @@ index 17c368e..424c1fb 100644 } if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) { -@@ -5255,7 +5255,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5270,7 +5270,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL); if (extLen < 0) { @@ -20,7 +20,7 @@ index 17c368e..424c1fb 100644 return SECFailure; } total_exten_len += extLen; -@@ -5282,7 +5282,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5297,7 +5297,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) /* how many suites are permitted by policy and user preference? */ num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); if (!num_suites) { @@ -29,7 +29,7 @@ index 17c368e..424c1fb 100644 return SECFailure; /* count_cipher_suites has set error code. */ } -@@ -5327,7 +5327,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5342,7 +5342,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); if (rv != SECSuccess) { @@ -38,7 +38,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } -@@ -5346,21 +5346,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5361,21 +5361,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2); } if (rv != SECSuccess) { @@ -63,7 +63,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } -@@ -5370,7 +5370,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5385,7 +5385,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) else rv = ssl3_AppendHandshakeNumber(ss, 0, 1); if (rv != SECSuccess) { @@ -72,7 +72,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } -@@ -5378,14 +5378,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5393,14 +5393,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeVariable( ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1); if (rv != SECSuccess) { @@ -89,7 +89,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } -@@ -5394,7 +5394,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5409,7 +5409,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, sizeof(ssl3CipherSuite)); if (rv != SECSuccess) { @@ -98,7 +98,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } actual_count++; -@@ -5403,7 +5403,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5418,7 +5418,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV, sizeof(ssl3CipherSuite)); if (rv != SECSuccess) { @@ -107,7 +107,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } actual_count++; -@@ -5413,7 +5413,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5428,7 +5428,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { actual_count++; if (actual_count > num_suites) { @@ -116,7 +116,7 @@ index 17c368e..424c1fb 100644 /* set error card removal/insertion error */ PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); return SECFailure; -@@ -5421,7 +5421,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5436,7 +5436,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, sizeof(ssl3CipherSuite)); if (rv != SECSuccess) { @@ -125,7 +125,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } } -@@ -5432,14 +5432,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5447,14 +5447,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) * the server.. */ if (actual_count != num_suites) { /* Card removal/insertion error */ @@ -142,7 +142,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } for (i = 0; i < compressionMethodsCount; i++) { -@@ -5447,7 +5447,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5462,7 +5462,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) continue; rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1); if (rv != SECSuccess) { @@ -151,7 +151,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } } -@@ -5458,20 +5458,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5473,20 +5473,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2); if (rv != SECSuccess) { @@ -175,7 +175,7 @@ index 17c368e..424c1fb 100644 return SECFailure; } maxBytes -= extLen; -@@ -5480,7 +5480,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5495,7 +5495,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) } if (sid->u.ssl3.lock) { @@ -185,7 +185,7 @@ index 17c368e..424c1fb 100644 if (ss->xtnData.sentSessionTicketInClientHello) { diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index f796a14..a809616 100644 +index d12228e..efcbf9f 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -731,7 +731,7 @@ struct sslSessionIDStr { diff --git a/net/third_party/nss/patches/reorderextensions.patch b/net/third_party/nss/patches/reorderextensions.patch index 7bbf559..66e9a67 100644 --- a/net/third_party/nss/patches/reorderextensions.patch +++ b/net/third_party/nss/patches/reorderextensions.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c -index 6c120ff..697a313 100644 +index c18d6f6..9214a2e 100644 --- a/ssl/ssl3ext.c +++ b/ssl/ssl3ext.c -@@ -308,6 +308,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { +@@ -313,6 +313,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signed_certificate_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn }, @@ -13,7 +13,7 @@ index 6c120ff..697a313 100644 { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, /* any extra entries will appear as { 0, NULL } */ -@@ -2464,9 +2468,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) +@@ -2507,9 +2511,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) } extensionLength = 512 - recordLength; diff --git a/net/third_party/nss/patches/restartclientauth.patch b/net/third_party/nss/patches/restartclientauth.patch index c977ad6..d4ca3f7 100644 --- a/net/third_party/nss/patches/restartclientauth.patch +++ b/net/third_party/nss/patches/restartclientauth.patch @@ -15,10 +15,10 @@ index e2d1b09..593dd00 100644 ** Query security status of socket. *on is set to one if security is ** enabled. *keySize will contain the stream key size used. *issuer will diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index cb59cc1..1852806 100644 +index 800c28e..29e8f1c 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -7259,6 +7259,85 @@ done: +@@ -7275,6 +7275,85 @@ done: return rv; } @@ -105,10 +105,10 @@ index cb59cc1..1852806 100644 ssl3_CheckFalseStart(sslSocket *ss) { diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 9f59f5a..c6ac398 100644 +index 46e618a..2cf0b3a 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1592,16 +1592,17 @@ extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, +@@ -1599,16 +1599,17 @@ extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, /* These functions are called from secnav, even though they're "private". */ extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error); diff --git a/net/third_party/nss/patches/secitemarray.patch b/net/third_party/nss/patches/secitemarray.patch index 159d32b..136f3e4 100644 --- a/net/third_party/nss/patches/secitemarray.patch +++ b/net/third_party/nss/patches/secitemarray.patch @@ -1,8 +1,8 @@ diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 2d21e90..88f559a 100644 +index 0ece0ed..ea71975 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1366,6 +1366,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache; +@@ -1373,6 +1373,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache; SEC_BEGIN_PROTOS diff --git a/net/third_party/nss/patches/sessioncache.patch b/net/third_party/nss/patches/sessioncache.patch index 98a1e10..e8180e1 100644 --- a/net/third_party/nss/patches/sessioncache.patch +++ b/net/third_party/nss/patches/sessioncache.patch @@ -22,10 +22,10 @@ index be6d88e..57771cd 100644 */ SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd); diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index c1f30a3..17c368e 100644 +index 26b87c6..0ac85da 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -11367,7 +11367,7 @@ ssl3_FinishHandshake(sslSocket * ss) +@@ -11375,7 +11375,7 @@ ssl3_FinishHandshake(sslSocket * ss) ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE; } diff --git a/net/third_party/nss/patches/signedcertificatetimestamps.patch b/net/third_party/nss/patches/signedcertificatetimestamps.patch index ce9efee..a0c5d2c 100644 --- a/net/third_party/nss/patches/signedcertificatetimestamps.patch +++ b/net/third_party/nss/patches/signedcertificatetimestamps.patch @@ -37,10 +37,10 @@ index 80717db..e9f5fb0 100644 * in the fd's data, which may be sent as part of a server side cert_status * handshake message. Parameter |responses| is for the server certificate of diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 708a4c7..3421e0b 100644 +index 6a4a443..54c5b80 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -6737,10 +6737,22 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6752,6 +6752,14 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) sid->u.ssl3.sessionIDLength = sidBytes.len; PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); @@ -53,7 +53,10 @@ index 708a4c7..3421e0b 100644 + } + ss->ssl3.hs.isResuming = PR_FALSE; - ss->ssl3.hs.ws = wait_server_cert; + if (ss->ssl3.hs.kea_def->signKeyType != sign_null) { + /* All current cipher suites other than those with sign_null (i.e., +@@ -6765,6 +6773,10 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) + } winner: + /* Clean up the temporary pointer to the handshake buffer. */ @@ -63,7 +66,7 @@ index 708a4c7..3421e0b 100644 /* If we will need a ChannelID key then we make the callback now. This * allows the handshake to be restarted cleanly if the callback returns * SECWouldBlock. */ -@@ -6766,6 +6778,9 @@ alert_loser: +@@ -6790,6 +6802,9 @@ alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); loser: @@ -74,10 +77,10 @@ index 708a4c7..3421e0b 100644 return SECFailure; } diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c -index b6ed17d..6c120ff 100644 +index 4d17587..c18d6f6 100644 --- a/ssl/ssl3ext.c +++ b/ssl/ssl3ext.c -@@ -85,6 +85,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, +@@ -90,6 +90,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); @@ -90,8 +93,8 @@ index b6ed17d..6c120ff 100644 static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); -@@ -270,6 +276,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, +@@ -275,6 +281,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { + { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, + { ssl_signed_certificate_timestamp_xtn, @@ -99,8 +102,8 @@ index b6ed17d..6c120ff 100644 { -1, NULL } }; -@@ -298,6 +306,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, +@@ -303,6 +311,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { + { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, + { ssl_signed_certificate_timestamp_xtn, @@ -108,10 +111,11 @@ index b6ed17d..6c120ff 100644 { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, /* any extra entries will appear as { 0, NULL } */ -@@ -2582,3 +2592,64 @@ loser: +@@ -2616,3 +2626,65 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type, + return SECSuccess; } - ++ +/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp + * extension for TLS ClientHellos. */ +static PRInt32 @@ -174,7 +178,7 @@ index b6ed17d..6c120ff 100644 + return SECSuccess; +} diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 62f822a..2f61a46 100644 +index c4c87b4..0fd0a89 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -339,6 +339,7 @@ typedef struct sslOptionsStr { @@ -197,7 +201,7 @@ index 62f822a..2f61a46 100644 /* This lock is lazily initialized by CacheSID when a sid is first * cached. Before then, there is no need to lock anything because * the sid isn't being shared by anything. -@@ -829,6 +835,18 @@ struct TLSExtensionDataStr { +@@ -835,6 +841,18 @@ struct TLSExtensionDataStr { * is beyond ssl3_HandleClientHello function. */ SECItem *sniNameArr; PRUint32 sniNameArrSize; @@ -231,7 +235,7 @@ index c45849d..cefdda6 100644 if (sid->u.ssl3.lock) { PR_DestroyRWLock(sid->u.ssl3.lock); diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index 0d12273..80f4e67 100644 +index 6a6c8d1..72058f5 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -89,7 +89,8 @@ static sslOptions ssl_defaults = { diff --git a/net/third_party/nss/patches/suitebonly.patch b/net/third_party/nss/patches/suitebonly.patch index 9776d7d..24df814 100644 --- a/net/third_party/nss/patches/suitebonly.patch +++ b/net/third_party/nss/patches/suitebonly.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c -index 555c89d..0f805ec 100644 +index aca2b74..dac7a9e 100644 --- a/ssl/ssl3ecc.c +++ b/ssl/ssl3ecc.c -@@ -1089,6 +1089,7 @@ static const PRUint8 ecPtFmt[6] = { +@@ -1090,6 +1090,7 @@ static const PRUint8 ecPtFmt[6] = { static PRBool ssl3_SuiteBOnly(sslSocket *ss) { @@ -10,7 +10,7 @@ index 555c89d..0f805ec 100644 /* See if we can support small curves (like 163). If not, assume we can * only support Suite-B curves (P-256, P-384, P-521). */ PK11SlotInfo *slot = -@@ -1102,6 +1103,9 @@ ssl3_SuiteBOnly(sslSocket *ss) +@@ -1103,6 +1104,9 @@ ssl3_SuiteBOnly(sslSocket *ss) /* we can, presume we can do all curves */ PK11_FreeSlot(slot); return PR_FALSE; diff --git a/net/third_party/nss/patches/tls12chromium.patch b/net/third_party/nss/patches/tls12chromium.patch index 81d1c52..14e8bd3 100644 --- a/net/third_party/nss/patches/tls12chromium.patch +++ b/net/third_party/nss/patches/tls12chromium.patch @@ -1,5 +1,5 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 67c8f6d..da0abfb 100644 +index 7c06815..1167d6d 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -31,6 +31,15 @@ @@ -19,10 +19,10 @@ index 67c8f6d..da0abfb 100644 #ifdef NSS_ENABLE_ZLIB #include "zlib.h" diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c -index 0f805ec..003ed78 100644 +index dac7a9e..9b91270 100644 --- a/ssl/ssl3ecc.c +++ b/ssl/ssl3ecc.c -@@ -30,6 +30,12 @@ +@@ -31,6 +31,12 @@ #include <stdio.h> @@ -36,7 +36,7 @@ index 0f805ec..003ed78 100644 #ifndef PK11_SETATTRS diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index 47906e0..0d12273 100644 +index 14ff328..6a6c8d1 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -17,8 +17,15 @@ diff --git a/net/third_party/nss/patches/tlsunique.patch b/net/third_party/nss/patches/tlsunique.patch index ad4f09f..f2b2c50 100644 --- a/net/third_party/nss/patches/tlsunique.patch +++ b/net/third_party/nss/patches/tlsunique.patch @@ -31,10 +31,10 @@ index 716537d..80717db 100644 ** ** This API should be used to control SSL 3.0 & TLS support instead of the diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 45c3454..67c8f6d 100644 +index c0e8e79..7c06815 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -12471,6 +12471,68 @@ ssl3_InitSocketPolicy(sslSocket *ss) +@@ -12479,6 +12479,68 @@ ssl3_InitSocketPolicy(sslSocket *ss) PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); } @@ -104,10 +104,10 @@ index 45c3454..67c8f6d 100644 * the caller of this function. */ diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 57346cb..2d21e90 100644 +index e11860e..0ece0ed 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1857,6 +1857,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, +@@ -1864,6 +1864,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length); @@ -120,7 +120,7 @@ index 57346cb..2d21e90 100644 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); extern void ssl_FreePRSocket(PRFileDesc *fd); diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index d3f3bf4..47906e0 100644 +index 042f24f..14ff328 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -1345,6 +1345,27 @@ NSS_SetFrancePolicy(void) diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index 861d434..02b0dda 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -317,30 +317,30 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, }; -static const ssl3KEADef kea_defs[] = +static const ssl3KEADef kea_defs[] = { /* indexed by SSL3KeyExchangeAlgorithm */ - /* kea exchKeyType signKeyType is_limited limit tls_keygen */ - {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE}, - {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE}, - {kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE}, - {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, - {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE}, - {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, - {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE}, - {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE}, - {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE }, + /* kea exchKeyType signKeyType is_limited limit tls_keygen ephemeral */ + {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_TRUE}, + {kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE, PR_FALSE}, #ifndef NSS_DISABLE_ECC - {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE}, + {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE, PR_TRUE}, #endif /* NSS_DISABLE_ECC */ }; @@ -2930,6 +2930,12 @@ ssl3_SendRecord( sslSocket * ss, PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); + if (ss->ssl3.fatalAlertSent) { + SSL_TRC(3, ("%d: SSL3[%d] Suppress write, fatal alert already sent", + SSL_GETPID(), ss->fd)); + return SECFailure; + } + capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0); if (capRecordVersion) { @@ -3375,6 +3381,9 @@ SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc) ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0); rv = (sent >= 0) ? SECSuccess : (SECStatus)sent; } + if (level == alert_fatal) { + ss->ssl3.fatalAlertSent = PR_TRUE; + } ssl_ReleaseXmitBufLock(ss); ssl_ReleaseSSL3HandshakeLock(ss); return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */ @@ -5120,23 +5129,17 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) sidOK = PR_FALSE; } - /* TLS 1.0 (RFC 2246) Appendix E says: - * Whenever a client already knows the highest protocol known to - * a server (for example, when resuming a session), it should - * initiate the connection in that native protocol. - * So we pass sid->version to ssl3_NegotiateVersion() here, except - * when renegotiating. - * - * Windows SChannel compares the client_version inside the RSA - * EncryptedPreMasterSecret of a renegotiation with the - * client_version of the initial ClientHello rather than the - * ClientHello in the renegotiation. To work around this bug, we - * continue to use the client_version used in the initial - * ClientHello when renegotiating. - */ if (sidOK) { + /* Set ss->version based on the session cache */ if (ss->firstHsDone) { /* + * Windows SChannel compares the client_version inside the RSA + * EncryptedPreMasterSecret of a renegotiation with the + * client_version of the initial ClientHello rather than the + * ClientHello in the renegotiation. To work around this bug, we + * continue to use the client_version used in the initial + * ClientHello when renegotiating. + * * The client_version of the initial ClientHello is still * available in ss->clientHelloVersion. Ensure that * sid->version is bounded within @@ -5150,10 +5153,22 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) sidOK = PR_FALSE; } } else { - if (ssl3_NegotiateVersion(ss, sid->version, - PR_FALSE) != SECSuccess) { + /* + * Check sid->version is OK first. + * Previously, we would cap the version based on sid->version, + * but that prevents negotiation of a higher version if the + * previous session was reduced (e.g., with version fallback) + */ + if (sid->version < ss->vrange.min || + sid->version > ss->vrange.max) { sidOK = PR_FALSE; - } + } else { + rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, + PR_TRUE); + if (rv != SECSuccess) { + return rv; /* error code was set */ + } + } } } @@ -6744,7 +6759,16 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } ss->ssl3.hs.isResuming = PR_FALSE; - ss->ssl3.hs.ws = wait_server_cert; + if (ss->ssl3.hs.kea_def->signKeyType != sign_null) { + /* All current cipher suites other than those with sign_null (i.e., + * DH_anon_* suites) require a certificate, so use that signal. */ + ss->ssl3.hs.ws = wait_server_cert; + } else if (ss->ssl3.hs.kea_def->ephemeral) { + /* Only ephemeral cipher suites use ServerKeyExchange. */ + ss->ssl3.hs.ws = wait_server_key; + } else { + ss->ssl3.hs.ws = wait_cert_request; + } winner: /* Clean up the temporary pointer to the handshake buffer. */ @@ -6831,16 +6855,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if (ss->ssl3.hs.ws != wait_server_key && - ss->ssl3.hs.ws != wait_server_cert) { - errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; - desc = unexpected_message; - goto alert_loser; - } - if (ss->sec.peerCert == NULL) { - errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; - desc = unexpected_message; - goto alert_loser; + if (ss->ssl3.hs.ws != wait_server_key) { + errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; + desc = unexpected_message; + goto alert_loser; } isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); @@ -7068,7 +7086,6 @@ no_memory: /* no-memory error has already been set. */ return SECFailure; } - /* * Returns the TLS signature algorithm for the client authentication key and * whether it is an RSA or DSA key that may be able to sign only SHA-1 hashes. @@ -7212,11 +7229,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if (ss->ssl3.hs.ws != wait_cert_request && - ss->ssl3.hs.ws != wait_server_key) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; - goto alert_loser; + if (ss->ssl3.hs.ws != wait_cert_request) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; + goto alert_loser; } PORT_Assert(ss->ssl3.clientCertChain == NULL); @@ -7608,9 +7624,8 @@ ssl3_HandleServerHelloDone(sslSocket *ss) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); + /* Skipping CertificateRequest is always permitted. */ if (ws != wait_hello_done && - ws != wait_server_cert && - ws != wait_server_key && ws != wait_cert_request) { SSL3_SendAlert(ss, alert_fatal, unexpected_message); PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE); @@ -7981,14 +7996,11 @@ ssl3_SendServerHelloSequence(sslSocket *ss) return rv; #endif } -#ifndef NSS_DISABLE_ECC - } else if ((kea_def->kea == kea_ecdhe_rsa) || - (kea_def->kea == kea_ecdhe_ecdsa)) { - rv = ssl3_SendServerKeyExchange(ss); - if (rv != SECSuccess) { - return rv; /* err code was set. */ - } -#endif /* NSS_DISABLE_ECC */ + } else if (kea_def->ephemeral) { + rv = ssl3_SendServerKeyExchange(ss); + if (rv != SECSuccess) { + return rv; /* err code was set. */ + } } if (ss->opt.requestCertificate) { @@ -8040,6 +8052,21 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->ssl3.initialized ); + if (!ss->sec.isServer || + (ss->ssl3.hs.ws != wait_client_hello && + ss->ssl3.hs.ws != idle_handshake)) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; + goto alert_loser; + } + if (ss->ssl3.hs.ws == idle_handshake && + ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { + desc = no_renegotiation; + level = alert_warning; + errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; + goto alert_loser; + } + /* Get peer name of client */ rv = ssl_GetPeerInfo(ss); if (rv != SECSuccess) { @@ -8066,20 +8093,6 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); ss->statelessResume = PR_FALSE; - if ((ss->ssl3.hs.ws != wait_client_hello) && - (ss->ssl3.hs.ws != idle_handshake)) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; - goto alert_loser; - } - if (ss->ssl3.hs.ws == idle_handshake && - ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { - desc = no_renegotiation; - level = alert_warning; - errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; - goto alert_loser; - } - if (IS_DTLS(ss)) { dtls_RehandshakeCleanup(ss); } @@ -9450,7 +9463,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - if (ss->ssl3.hs.ws != wait_cert_verify || ss->sec.peerCert == NULL) { + if (ss->ssl3.hs.ws != wait_cert_verify) { desc = unexpected_message; errCode = SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY; goto alert_loser; @@ -10274,11 +10287,11 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if ((ss->ssl3.hs.ws != wait_server_cert) && - (ss->ssl3.hs.ws != wait_client_cert)) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CERTIFICATE; - goto alert_loser; + if ((isServer && ss->ssl3.hs.ws != wait_client_cert) || + (!isServer && ss->ssl3.hs.ws != wait_server_cert)) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CERTIFICATE; + goto alert_loser; } if (ss->sec.peerCert != NULL) { @@ -10518,16 +10531,11 @@ ssl3_AuthCertificate(sslSocket *ss) pubKey = NULL; } - ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ - if (ss->ssl3.hs.kea_def->is_limited || - /* XXX OR server cert is signing only. */ -#ifndef NSS_DISABLE_ECC - ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || - ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || -#endif /* NSS_DISABLE_ECC */ - ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { - ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ - } + if (ss->ssl3.hs.kea_def->ephemeral) { + ss->ssl3.hs.ws = wait_server_key; /* require server_key_exchange */ + } else { + ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ + } } else { ss->ssl3.hs.ws = wait_client_key; } diff --git a/net/third_party/nss/ssl/ssl3ecc.c b/net/third_party/nss/ssl/ssl3ecc.c index d5d6c9c..31e0774 100644 --- a/net/third_party/nss/ssl/ssl3ecc.c +++ b/net/third_party/nss/ssl/ssl3ecc.c @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * SSL3 Protocol * @@ -1198,8 +1199,7 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, if (data->len < 2 || data->len > 255 || !data->data || data->len != (unsigned int)data->data[0] + 1) { - /* malformed */ - goto loser; + return ssl3_DecodeError(ss); } for (i = data->len; --i > 0; ) { if (data->data[i] == 0) { @@ -1210,10 +1210,10 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, return rv; } } -loser: + /* evil client doesn't support uncompressed */ ssl3_DisableECCSuites(ss, ecSuites); - return SECFailure; + return SECSuccess; } @@ -1234,7 +1234,7 @@ ECName ssl3_GetSvrCertCurveName(sslSocket *ss) return ec_curve; } -/* Ensure that the curve in our server cert is one of the ones suppored +/* Ensure that the curve in our server cert is one of the ones supported * by the remote client, and disable all ECC cipher suites if not. */ SECStatus @@ -1245,26 +1245,34 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) PRUint32 mutualCurves = 0; PRUint16 svrCertCurveName; - if (!data->data || data->len < 4 || data->len > 65535) - goto loser; + if (!data->data || data->len < 4) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + /* get the length of elliptic_curve_list */ list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) { - /* malformed */ - goto loser; + (void)ssl3_DecodeError(ss); + return SECFailure; } /* build bit vector of peer's supported curve names */ while (data->len) { - PRInt32 curve_name = - ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + PRInt32 curve_name = + ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + if (curve_name < 0) { + return SECFailure; /* fatal alert already sent */ + } if (curve_name > ec_noName && curve_name < ec_pastLastName) { peerCurves |= (1U << curve_name); } } /* What curves do we support in common? */ mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves; - if (!mutualCurves) { /* no mutually supported EC Curves */ - goto loser; + if (!mutualCurves) { + /* no mutually supported EC Curves, disable ECC */ + ssl3_DisableECCSuites(ss, ecSuites); + return SECSuccess; } /* if our ECC cert doesn't use one of these supported curves, @@ -1280,12 +1288,7 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) */ ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); - return SECFailure; - -loser: - /* no common curve supported */ - ssl3_DisableECCSuites(ss, ecSuites); - return SECFailure; + return SECSuccess; } #endif /* NSS_DISABLE_ECC */ diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c index 697a313..9214a2e 100644 --- a/net/third_party/nss/ssl/ssl3ext.c +++ b/net/third_party/nss/ssl/ssl3ext.c @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * SSL3 Protocol * @@ -64,10 +65,14 @@ static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); -static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); -static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, - SECItem *data); +static PRInt32 ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static PRInt32 ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); +static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append, @@ -257,7 +262,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn }, @@ -273,7 +278,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, { ssl_signed_certificate_timestamp_xtn, @@ -303,7 +308,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signed_certificate_timestamp_xtn, @@ -418,13 +423,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) PRInt32 listLenBytes = 0; if (!ss->sec.isServer) { - /* Verify extension_data is empty. */ - if (data->data || data->len || - !ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) { - /* malformed or was not initiated by the client.*/ - return SECFailure; - } - return SECSuccess; + return SECSuccess; /* ignore extension */ } /* Server side - consume client data and register server sender. */ @@ -434,33 +433,38 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* length of server_name_list */ listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (listLenBytes == 0 || listLenBytes != data->len) { + if (listLenBytes < 0 || listLenBytes != data->len) { + (void)ssl3_DecodeError(ss); return SECFailure; } + if (listLenBytes == 0) { + return SECSuccess; /* ignore an empty extension */ + } ldata = *data; /* Calculate the size of the array.*/ while (listLenBytes > 0) { SECItem litem; SECStatus rv; - PRInt32 type; - /* Name Type (sni_host_name) */ + PRInt32 type; + /* Skip Name Type (sni_host_name); checks are on the second pass */ type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); - if (!ldata.len) { + if (type < 0) { /* i.e., SECFailure cast to PRint32 */ return SECFailure; } rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 2, &ldata.data, &ldata.len); if (rv != SECSuccess) { - return SECFailure; + return rv; } - /* Adjust total length for cunsumed item, item len and type.*/ + /* Adjust total length for consumed item, item len and type.*/ listLenBytes -= litem.len + 3; if (listLenBytes > 0 && !ldata.len) { + (void)ssl3_DecodeError(ss); return SECFailure; } listCount += 1; } if (!listCount) { - return SECFailure; + return SECFailure; /* nothing we can act on */ } names = PORT_ZNewArray(SECItem, listCount); if (!names) { @@ -475,6 +479,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); /* Check if we have such type in the list */ for (j = 0;j < listCount && names[j].data;j++) { + /* TODO bug 998524: .type is not assigned a value */ if (names[j].type == type) { nametypePresent = PR_TRUE; break; @@ -484,7 +489,10 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ConsumeHandshakeVariable(ss, &names[namesPos], 2, &data->data, &data->len); if (rv != SECSuccess) { - goto loser; + PORT_Assert(0); + PORT_Free(names); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return rv; } if (nametypePresent == PR_FALSE) { namesPos += 1; @@ -499,10 +507,6 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) xtnData->negotiated[xtnData->numNegotiated++] = ssl_server_name_xtn; return SECSuccess; - -loser: - PORT_Free(names); - return SECFailure; } /* Called by both clients and servers. @@ -623,17 +627,11 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length) * store protocol identifiers in null-terminated strings. */ if (newOffset > length || data[offset] == 0) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } offset = newOffset; } - if (offset > length) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; - } - return SECSuccess; } @@ -646,34 +644,41 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) SECItem result = { siBuffer, resultBuffer, 0 }; rv = ssl3_ValidateNextProtoNego(data->data, data->len); - if (rv != SECSuccess) + if (rv != SECSuccess) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return rv; + } PORT_Assert(ss->nextProtoCallback); rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, - result.data, &result.len, sizeof resultBuffer); - if (rv != SECSuccess) - return rv; + result.data, &result.len, sizeof(resultBuffer)); + if (rv != SECSuccess) { + /* Expect callback to call PORT_SetError() */ + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + return SECFailure; + } + /* If the callback wrote more than allowed to |result| it has corrupted our * stack. */ - if (result.len > sizeof resultBuffer) { + if (result.len > sizeof(resultBuffer)) { PORT_SetError(SEC_ERROR_OUTPUT_LEN); + /* TODO: crash */ return SECFailure; } + SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + if (ex_type == ssl_app_layer_protocol_xtn && ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) { - /* The callback might say OK, but then it's picked a default. - * That's OK for NPN, but not ALPN. */ - SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + /* The callback might say OK, but then it picks a default value - one + * that was not listed. That's OK for NPN, but not ALPN. */ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol); return SECFailure; } ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - - SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); } @@ -689,17 +694,16 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) if (ss->firstHsDone || data->len == 0) { /* Clients MUST send a non-empty ALPN extension. */ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; } - /* unlike NPN, ALPN has extra redundant length information so that - * the extension is the same in both ClientHello and ServerHello */ + /* Unlike NPN, ALPN has extra redundant length information so that + * the extension is the same in both ClientHello and ServerHello. */ count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (count < 0) { - return SECFailure; /* fatal alert was sent */ - } if (count != data->len) { - return ssl3_DecodeError(ss); + (void)ssl3_DecodeError(ss); + return SECFailure; } if (!ss->nextProtoCallback) { @@ -714,8 +718,13 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) /* prepare to send back a response, if we negotiated */ if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) { - return ssl3_RegisterServerHelloExtensionSender( + rv = ssl3_RegisterServerHelloExtensionSender( ss, ex_type, ssl3_ServerSendAppProtoXtn); + if (rv != SECSuccess) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + return rv; + } } return SECSuccess; } @@ -733,7 +742,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * we've negotiated NPN then we're required to send the NPN handshake * message. Thus, these two extensions cannot both be negotiated on the * same connection. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + PORT_SetError(SSL_ERROR_BAD_SERVER); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; } @@ -742,7 +752,9 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * that an application erroneously cleared the callback between the time * we sent the ClientHello and now. */ if (!ss->nextProtoCallback) { + PORT_Assert(0); PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); return SECFailure; } @@ -752,8 +764,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { - const unsigned char* d = data->data; - PRUint16 name_list_len; + SECStatus rv; + PRInt32 list_len; SECItem protocol_name; if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) { @@ -763,22 +775,30 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) /* The extension data from the server has the following format: * uint16 name_list_len; - * uint8 len; + * uint8 len; // where len >= 1 * uint8 protocol_name[len]; */ if (data->len < 4 || data->len > 2 + 1 + 255) { PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } - name_list_len = ((PRUint16) d[0]) << 8 | - ((PRUint16) d[1]); - if (name_list_len != data->len - 2 || d[2] != data->len - 3) { + list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + /* The list has to be the entire extension. */ + if (list_len != data->len) { PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } - protocol_name.data = data->data + 3; - protocol_name.len = data->len - 3; + rv = ssl3_ConsumeHandshakeVariable(ss, &protocol_name, 1, + &data->data, &data->len); + /* The list must have exactly one value. */ + if (rv != SECSuccess || data->len != 0) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + return SECFailure; + } SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); ss->ssl3.nextProtoState = SSL_NEXT_PROTO_SELECTED; @@ -1461,8 +1481,9 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SSL3Statistics *ssl3stats; /* Ignore the SessionTicket extension if processing is disabled. */ - if (!ss->opt.enableSessionTickets) + if (!ss->opt.enableSessionTickets) { return SECSuccess; + } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1520,8 +1541,9 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, extension_data.len = data->len; if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) - != SECSuccess) - return SECFailure; + != SECSuccess) { + return SECSuccess; /* Pretend it isn't there */ + } /* Get session ticket keys. */ #ifndef NO_PKCS11_BYPASS @@ -1949,18 +1971,22 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) /* get the data for this extension, so we can pass it or skip it. */ rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length); if (rv != SECSuccess) - return rv; + return rv; /* alert already sent */ /* Check whether the server sent an extension which was not advertised * in the ClientHello. */ if (!ss->sec.isServer && - !ssl3_ClientExtensionAdvertised(ss, extension_type)) - return SECFailure; /* TODO: send unsupported_extension alert */ + !ssl3_ClientExtensionAdvertised(ss, extension_type)) { + (void)SSL3_SendAlert(ss, alert_fatal, unsupported_extension); + return SECFailure; + } /* Check whether an extension has been sent multiple times. */ - if (ssl3_ExtensionNegotiated(ss, extension_type)) + if (ssl3_ExtensionNegotiated(ss, extension_type)) { + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; + } /* find extension_type in table of Hello Extension Handlers */ for (handler = handlers; handler->ex_type >= 0; handler++) { @@ -1968,9 +1994,13 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) if (handler->ex_type == extension_type) { rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, &extension_data); - /* Ignore this result */ - /* Treat all bad extensions as unrecognized types. */ - break; + if (rv != SECSuccess) { + if (!ss->ssl3.fatalAlertSent) { + /* send a generic alert if the handler didn't already */ + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + } + return SECFailure; + } } } } @@ -2102,13 +2132,14 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes : ss->ssl3.hs.finishedBytes * 2; } - if (data->len != 1 + len || - data->data[0] != len || (len && - NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, - data->data + 1, len))) { - /* Can we do this here? Or, must we arrange for the caller to do it? */ - (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + if (data->len != 1 + len || data->data[0] != len ) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, + data->data + 1, len)) { PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); return SECFailure; } /* remember that we got this extension and it was correct. */ @@ -2117,13 +2148,13 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) if (ss->sec.isServer) { /* prepare to send back the appropriate response */ rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - ssl3_SendRenegotiationInfoXtn); + ssl3_SendRenegotiationInfoXtn); } return rv; } static PRInt32 -ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) +ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) { PRUint32 ext_data_len; PRInt16 i; @@ -2132,142 +2163,148 @@ ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) if (!ss) return 0; - if (!ss->sec.isServer) { - /* Client side */ + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) + return 0; /* Not relevant */ - if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) - return 0; /* Not relevant */ + ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - - if (append && maxBytes >= 4 + ext_data_len) { - /* Extension type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); - if (rv != SECSuccess) return -1; - /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); - if (rv != SECSuccess) return -1; - /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, - 2 * ss->ssl3.dtlsSRTPCipherCount, - 2); - if (rv != SECSuccess) return -1; - /* The SRTP ciphers */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - rv = ssl3_AppendHandshakeNumber(ss, - ss->ssl3.dtlsSRTPCiphers[i], - 2); - } - /* Empty MKI value */ - ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); - - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_use_srtp_xtn; - } - - return 4 + ext_data_len; - } - - /* Server side */ - if (append && maxBytes >= 9) { + if (append && maxBytes >= 4 + ext_data_len) { /* Extension type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); if (rv != SECSuccess) return -1; /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); if (rv != SECSuccess) return -1; /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, 2, 2); - if (rv != SECSuccess) return -1; - /* The selected cipher */ - rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + rv = ssl3_AppendHandshakeNumber(ss, + 2 * ss->ssl3.dtlsSRTPCipherCount, + 2); if (rv != SECSuccess) return -1; + /* The SRTP ciphers */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + rv = ssl3_AppendHandshakeNumber(ss, + ss->ssl3.dtlsSRTPCiphers[i], + 2); + } /* Empty MKI value */ ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_use_srtp_xtn; } + return 4 + ext_data_len; +} + +static PRInt32 +ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) +{ + SECStatus rv; + + /* Server side */ + if (!append || maxBytes < 9) { + return 9; + } + + /* Extension type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); + if (rv != SECSuccess) return -1; + /* Length of extension data */ + rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + if (rv != SECSuccess) return -1; + /* Length of the SRTP cipher list */ + rv = ssl3_AppendHandshakeNumber(ss, 2, 2); + if (rv != SECSuccess) return -1; + /* The selected cipher */ + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + if (rv != SECSuccess) return -1; + /* Empty MKI value */ + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + return 9; } static SECStatus -ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) { SECStatus rv; SECItem ciphers = {siBuffer, NULL, 0}; PRUint16 i; - unsigned int j; PRUint16 cipher = 0; PRBool found = PR_FALSE; SECItem litem; - if (!ss->sec.isServer) { - /* Client side */ - if (!data->data || !data->len) { - /* malformed */ - return SECFailure; - } - - /* Get the cipher list */ - rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } - /* Now check that the number of ciphers listed is 1 (len = 2) */ - if (ciphers.len != 2) { - return SECFailure; - } + if (!data->data || !data->len) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } - /* Get the selected cipher */ - cipher = (ciphers.data[0] << 8) | ciphers.data[1]; + /* Get the cipher list */ + rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; /* fatal alert already sent */ + } + /* Now check that the server has picked just 1 (i.e., len = 2) */ + if (ciphers.len != 2) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } - /* Now check that this is one of the ciphers we offered */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { - found = PR_TRUE; - break; - } - } + /* Get the selected cipher */ + cipher = (ciphers.data[0] << 8) | ciphers.data[1]; - if (!found) { - return SECFailure; + /* Now check that this is one of the ciphers we offered */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { + found = PR_TRUE; + break; } + } - /* Get the srtp_mki value */ - rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } + if (!found) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + return SECFailure; + } - /* We didn't offer an MKI, so this must be 0 length */ - /* XXX RFC 5764 Section 4.1.3 says: - * If the client detects a nonzero-length MKI in the server's - * response that is different than the one the client offered, - * then the client MUST abort the handshake and SHOULD send an - * invalid_parameter alert. - * - * Due to a limitation of the ssl3_HandleHelloExtensions function, - * returning SECFailure here won't abort the handshake. It will - * merely cause the use_srtp extension to be not negotiated. We - * should fix this. See NSS bug 753136. - */ - if (litem.len != 0) { - return SECFailure; - } + /* Get the srtp_mki value */ + rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; /* alert already sent */ + } - if (data->len != 0) { - /* malformed */ - return SECFailure; - } + /* We didn't offer an MKI, so this must be 0 length */ + if (litem.len != 0) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + return SECFailure; + } - /* OK, this looks fine. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; - ss->ssl3.dtlsSRTPCipherSuite = cipher; - return SECSuccess; + /* extra trailing bytes */ + if (data->len != 0) { + (void)ssl3_DecodeError(ss); + return SECFailure; } - /* Server side */ + /* OK, this looks fine. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; + ss->ssl3.dtlsSRTPCipherSuite = cipher; + return SECSuccess; +} + +static SECStatus +ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +{ + SECStatus rv; + SECItem ciphers = {siBuffer, NULL, 0}; + PRUint16 i; + unsigned int j; + PRUint16 cipher = 0; + PRBool found = PR_FALSE; + SECItem litem; + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) { /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP * preferences have been set. */ @@ -2275,7 +2312,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (!data->data || data->len < 5) { - /* malformed */ + (void)ssl3_DecodeError(ss); return SECFailure; } @@ -2283,10 +2320,11 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, &data->data, &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; /* alert already sent */ } /* Check that the list is even length */ if (ciphers.len % 2) { + (void)ssl3_DecodeError(ss); return SECFailure; } @@ -2309,12 +2347,13 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (data->len != 0) { - return SECFailure; /* Malformed */ + (void)ssl3_DecodeError(ss); /* trailing bytes */ + return SECFailure; } /* Now figure out what to do */ if (!found) { - /* No matching ciphers */ + /* No matching ciphers, pretend we don't support use_srtp */ return SECSuccess; } @@ -2323,7 +2362,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn, - ssl3_SendUseSRTPXtn); + ssl3_ServerSendUseSRTPXtn); } /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension @@ -2342,9 +2381,6 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) return SECSuccess; } - /* Keep track of negotiated extensions. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data, &data->len); if (rv != SECSuccess) { @@ -2353,6 +2389,7 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* Trailing data, empty value, or odd-length value is invalid. */ if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) { PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } @@ -2366,6 +2403,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->ssl3.hs.clientSigAndHash = PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); return SECFailure; } ss->ssl3.hs.numClientSigAndHash = 0; @@ -2395,6 +2434,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->ssl3.hs.clientSigAndHash = NULL; } + /* Keep track of negotiated extensions. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; return SECSuccess; } @@ -2409,10 +2450,12 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ tls_hash_sha256, tls_sig_rsa, tls_hash_sha384, tls_sig_rsa, + tls_hash_sha512, tls_sig_rsa, tls_hash_sha1, tls_sig_rsa, #ifndef NSS_DISABLE_ECC tls_hash_sha256, tls_sig_ecdsa, tls_hash_sha384, tls_sig_ecdsa, + tls_hash_sha512, tls_sig_ecdsa, tls_hash_sha1, tls_sig_ecdsa, #endif tls_hash_sha256, tls_sig_dsa, @@ -2560,42 +2603,34 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type, return SECSuccess; } - if (data->len != 2) - goto loser; + if (data->len != 2) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } /* Get the draft version out of the handshake */ draft_version = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (draft_version < 0) { - goto loser; + return SECFailure; } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - /* Compare the version */ if (draft_version != TLS_1_3_DRAFT_VERSION) { + /* + * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2. + * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back + * here. Need to double-check. + */ SSL_TRC(30, ("%d: SSL3[%d]: Incompatible version of TLS 1.3 (%d), " "expected %d", SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION)); - goto loser; + ss->version = SSL_LIBRARY_VERSION_TLS_1_2; } return SECSuccess; - -loser: - /* - * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2. - * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back - * here. Need to double-check. - * TODO(ekr@rtfm.com): Currently we fall back even on broken extensions. - * because SECFailure does not cause handshake failures. See bug - * 753136. - */ - SSL_TRC(30, ("%d: SSL3[%d]: Rolling back to TLS 1.2", SSL_GETPID(), ss->fd)); - ss->version = SSL_LIBRARY_VERSION_TLS_1_2; - - return SECSuccess; } /* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h index a809616..efcbf9f 100644 --- a/net/third_party/nss/ssl/sslimpl.h +++ b/net/third_party/nss/ssl/sslimpl.h @@ -762,9 +762,15 @@ typedef struct { SSL3KeyExchangeAlgorithm kea; SSL3KEAType exchKeyType; SSL3SignType signKeyType; + /* For export cipher suites: + * is_limited identifies a suite as having a limit on the key size. + * key_size_limit provides the corresponding limit. */ PRBool is_limited; int key_size_limit; PRBool tls_keygen; + /* True if the key exchange for the suite can be ephemeral. Or to be more + * precise: true if the ServerKeyExchange message is required. */ + PRBool ephemeral; } ssl3KEADef; /* @@ -1037,6 +1043,7 @@ struct ssl3StateStr { PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES]; PRUint16 dtlsSRTPCipherCount; PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ + PRBool fatalAlertSent; }; #define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c index 13634c6..09a0fb5 100644 --- a/net/third_party/nss/ssl/sslsock.c +++ b/net/third_party/nss/ssl/sslsock.c @@ -97,7 +97,7 @@ static sslOptions ssl_defaults = { * default range of enabled SSL/TLS protocols */ static SSLVersionRange versions_defaults_stream = { - SSL_LIBRARY_VERSION_3_0, + SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_2 }; |