summaryrefslogtreecommitdiffstats
path: root/net/third_party
diff options
context:
space:
mode:
authorwtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-03-20 02:08:06 +0000
committerwtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-03-20 02:08:06 +0000
commitdbeb2ce969f735a4ff7af5111a381d05ec7a5ea5 (patch)
tree14675eca37b0df9f24129c08b0f37e6699d2ebb8 /net/third_party
parent944dfa8e08e7bc93400b4fa9ef83fdcd82f63a74 (diff)
downloadchromium_src-dbeb2ce969f735a4ff7af5111a381d05ec7a5ea5.zip
chromium_src-dbeb2ce969f735a4ff7af5111a381d05ec7a5ea5.tar.gz
chromium_src-dbeb2ce969f735a4ff7af5111a381d05ec7a5ea5.tar.bz2
Update NSS to NSS 3.13.4 pre-release snapshot 20120319.
This includes two changes required for Eric Rescorla's DTLS patch: - the new SSL version range API - TLS 1.1 clang-sslcon.patch, nextprotocleanup.patch, secret_exporter.patch, and secret_exporter2.patch are removed because they have been checked in. R=rsleevi@chromium.org BUG=118983 TEST=no build or test errors. Review URL: http://codereview.chromium.org/9733012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127618 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
-rw-r--r--net/third_party/nss/README.chromium20
-rwxr-xr-xnet/third_party/nss/patches/applypatches.sh8
-rw-r--r--net/third_party/nss/patches/clang-sslcon.patch13
-rw-r--r--net/third_party/nss/patches/encryptedclientcerts.patch74
-rw-r--r--net/third_party/nss/patches/nextprotocleanup.patch83
-rw-r--r--net/third_party/nss/patches/ocspstapling.patch106
-rw-r--r--net/third_party/nss/patches/renegoscsv.patch20
-rw-r--r--net/third_party/nss/patches/secret_exporter.patch215
-rw-r--r--net/third_party/nss/patches/secret_exporter2.patch228
-rw-r--r--net/third_party/nss/ssl/SSLerrs.h6
-rw-r--r--net/third_party/nss/ssl/ssl.h90
-rw-r--r--net/third_party/nss/ssl/ssl3con.c289
-rw-r--r--net/third_party/nss/ssl/ssl3ext.c2
-rw-r--r--net/third_party/nss/ssl/sslcon.c45
-rw-r--r--net/third_party/nss/ssl/sslenum.c7
-rw-r--r--net/third_party/nss/ssl/sslerr.h6
-rw-r--r--net/third_party/nss/ssl/sslgathr.c10
-rw-r--r--net/third_party/nss/ssl/sslimpl.h33
-rw-r--r--net/third_party/nss/ssl/sslinfo.c84
-rw-r--r--net/third_party/nss/ssl/sslproto.h8
-rw-r--r--net/third_party/nss/ssl/sslsecur.c4
-rw-r--r--net/third_party/nss/ssl/sslsock.c222
-rw-r--r--net/third_party/nss/ssl/sslt.h11
23 files changed, 705 insertions, 879 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index dd8c15d..864784e 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -1,12 +1,12 @@
Name: Network Security Services (NSS)
URL: http://www.mozilla.org/projects/security/pki/nss/
-Version: 3.13.3
+Version: 3.13.4 pre-release snapshot 20120319
Security Critical: Yes
This directory includes a copy of NSS's libssl from the CVS repo at:
:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
-The snapshot was updated to the CVS tag: NSS_3_13_3_RTM
+The snapshot was updated to the CVS tag: NSS_SSL_3_13_4_20120319_TAG
Patches:
@@ -42,14 +42,9 @@ Patches:
* Support origin bound certificates.
http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt
+ https://bugzilla.mozilla.org/show_bug.cgi?id=680292
patches/origin_bound_certs.patch
- * Add a function to implement RFC 5705: Keying Material Exporters for TLS
- This is a reworked version of the patch from
- https://bugzilla.mozilla.org/show_bug.cgi?id=507359
- patches/secret_exporter.patch
- patches/secret_exporter2.patch
-
* Add a function to restart a handshake after a client certificate request.
patches/restartclientauth.patch
@@ -66,15 +61,6 @@ Patches:
https://bugzilla.mozilla.org/show_bug.cgi?id=51413
patches/getrequestedclientcerttypes.patch
- * Fixed a clang warning in sslcon.c.
- https://bugzilla.mozilla.org/show_bug.cgi?id=728919
- patches/clang-sslcon.patch
-
- * Fix a buffer length bug and miscellaneous nits in the next protocol
- negotiation (NPN) functions.
- https://bugzilla.mozilla.org/show_bug.cgi?id=734534
- patches/nextprotocleanup.patch
-
Apply the patches to NSS by running the patches/applypatches.sh script. Read
the comments at the top of patches/applypatches.sh for instructions.
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index 1356eab..d826b29 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -25,18 +25,10 @@ patch -p6 < $patches_dir/didhandshakeresume.patch
patch -p6 < $patches_dir/origin_bound_certs.patch
-patch -p6 < $patches_dir/secret_exporter.patch
-
patch -p6 < $patches_dir/negotiatedextension.patch
patch -p6 < $patches_dir/getrequestedclientcerttypes.patch
-patch -p5 < $patches_dir/clang-sslcon.patch
-
patch -p6 < $patches_dir/restartclientauth.patch
patch -p6 < $patches_dir/encryptedclientcerts.patch
-
-patch -p5 < $patches_dir/nextprotocleanup.patch
-
-patch -p4 < $patches_dir/secret_exporter2.patch
diff --git a/net/third_party/nss/patches/clang-sslcon.patch b/net/third_party/nss/patches/clang-sslcon.patch
deleted file mode 100644
index e7a9de6..0000000
--- a/net/third_party/nss/patches/clang-sslcon.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/net/third_party/nss/ssl/sslcon.c b/net/third_party/nss/ssl/sslcon.c
-index 4e34554..be626a4 100644
---- a/net/third_party/nss/ssl/sslcon.c
-+++ b/net/third_party/nss/ssl/sslcon.c
-@@ -1440,7 +1440,7 @@ ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient)
- writeKey.data = 0;
-
- PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
-- if((ss->sec.ci.sid == 0))
-+ if(ss->sec.ci.sid == 0)
- goto sec_loser; /* don't crash if asserts are off */
-
- /* Trying to cut down on all these switch statements that should be tables.
diff --git a/net/third_party/nss/patches/encryptedclientcerts.patch b/net/third_party/nss/patches/encryptedclientcerts.patch
index 7612092..35ea585 100644
--- a/net/third_party/nss/patches/encryptedclientcerts.patch
+++ b/net/third_party/nss/patches/encryptedclientcerts.patch
@@ -1,7 +1,7 @@
-diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
---- a/src/net/third_party/nss/ssl/ssl.h 2012-02-29 19:15:20.975171099 -0800
-+++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-29 19:18:21.947702106 -0800
-@@ -169,6 +169,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi
+diff -pu -r a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
+--- a/src/net/third_party/nss/ssl/ssl.h 2012-03-19 13:49:12.517522610 -0700
++++ b/src/net/third_party/nss/ssl/ssl.h 2012-03-19 13:49:29.507749795 -0700
+@@ -186,6 +186,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi
#define SSL_CBC_RANDOM_IV 23
#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
#define SSL_ENABLE_OB_CERTS 25 /* Enable origin bound certs. */
@@ -9,9 +9,9 @@ diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
-diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
---- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 19:15:20.975171099 -0800
-+++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 19:19:26.478604857 -0800
+diff -pu -r a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
+--- a/src/net/third_party/nss/ssl/sslimpl.h 2012-03-19 13:49:12.557523144 -0700
++++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-03-19 13:49:29.507749795 -0700
@@ -350,6 +350,7 @@ typedef struct sslOptionsStr {
unsigned int cbcRandomIV : 1; /* 24 */
unsigned int enableOCSPStapling : 1; /* 25 */
@@ -20,10 +20,10 @@ diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
-diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c
---- a/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 19:15:20.975171099 -0800
-+++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 20:00:15.851981917 -0800
-@@ -2863,7 +2863,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *
+diff -pu -r a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c
+--- a/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 13:49:12.527522744 -0700
++++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 13:49:29.507749795 -0700
+@@ -2882,7 +2882,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *
ss->ssl3.prSpec = ss->ssl3.crSpec;
ss->ssl3.crSpec = prSpec;
@@ -39,7 +39,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending",
SSL_GETPID(), ss->fd ));
-@@ -4877,10 +4884,11 @@ loser:
+@@ -4898,10 +4905,11 @@ loser:
static SECStatus
ssl3_SendCertificateVerify(sslSocket *ss)
{
@@ -55,7 +55,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-@@ -4889,13 +4897,17 @@ ssl3_SendCertificateVerify(sslSocket *ss
+@@ -4910,13 +4918,17 @@ ssl3_SendCertificateVerify(sslSocket *ss
SSL_GETPID(), ss->fd));
ssl_GetSpecReadLock(ss);
@@ -75,7 +75,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
if (ss->ssl3.platformClientKey) {
#ifdef NSS_PLATFORM_CLIENT_AUTH
rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey,
-@@ -5912,6 +5924,10 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -5924,6 +5936,10 @@ ssl3_SendClientSecondRound(sslSocket *ss
{
SECStatus rv;
PRBool sendClientCert;
@@ -86,7 +86,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
-@@ -5958,35 +5974,40 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -5970,35 +5986,40 @@ ssl3_SendClientSecondRound(sslSocket *ss
ssl_GetXmitBufLock(ss); /*******************************/
@@ -152,7 +152,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
}
/* XXX: If the server's certificate hasn't been authenticated by this
-@@ -6201,8 +6222,13 @@ ssl3_SendServerHelloSequence(sslSocket *
+@@ -6213,8 +6234,13 @@ ssl3_SendServerHelloSequence(sslSocket *
return rv; /* err code is set. */
}
@@ -168,7 +168,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
return SECSuccess;
}
-@@ -7446,7 +7472,11 @@ ssl3_HandleCertificateVerify(sslSocket *
+@@ -7458,7 +7484,11 @@ ssl3_HandleCertificateVerify(sslSocket *
desc = isTLS ? decode_error : illegal_parameter;
goto alert_loser; /* malformed */
}
@@ -181,7 +181,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
return SECSuccess;
alert_loser:
-@@ -8346,7 +8376,11 @@ ssl3_HandleCertificate(sslSocket *ss, SS
+@@ -8358,7 +8388,11 @@ ssl3_HandleCertificate(sslSocket *ss, SS
}
} else {
server_no_cert:
@@ -194,7 +194,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
}
PORT_Assert(rv == SECSuccess);
-@@ -8959,6 +8993,8 @@ ssl3_HandleHandshakeMessage(sslSocket *s
+@@ -8968,6 +9002,8 @@ ssl3_HandleHandshakeMessage(sslSocket *s
if (type == finished) {
sender = ss->sec.isServer ? sender_client : sender_server;
rSpec = ss->ssl3.crSpec;
@@ -203,9 +203,9 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
}
rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender);
}
-diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c
---- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-29 17:12:15.720044263 -0800
-+++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-29 20:00:15.851981917 -0800
+diff -pu -r a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c
+--- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-03-19 12:50:32.610015524 -0700
++++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-03-19 13:49:29.507749795 -0700
@@ -84,6 +84,12 @@ static SECStatus ssl3_ServerHandleNextPr
PRUint16 ex_type, SECItem *data);
static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
@@ -243,7 +243,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_ob_cert_xtn, &ssl3_SendOBCertXtn }
-@@ -1083,6 +1092,18 @@ ssl3_ClientHandleSessionTicketXtn(sslSoc
+@@ -1082,6 +1091,18 @@ ssl3_ClientHandleSessionTicketXtn(sslSoc
return SECSuccess;
}
@@ -262,7 +262,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s
SECStatus
ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data)
-@@ -1496,6 +1517,24 @@ loser:
+@@ -1495,6 +1516,24 @@ loser:
return rv;
}
@@ -287,7 +287,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s
/*
* Read bytes. Using this function means the SECItem structure
* cannot be freed. The caller is expected to call this function
-@@ -1695,6 +1734,33 @@ ssl3_SendRenegotiationInfoXtn(
+@@ -1694,6 +1733,33 @@ ssl3_SendRenegotiationInfoXtn(
return needed;
}
@@ -321,9 +321,9 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s
/* This function runs in both the client and server. */
static SECStatus
ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c
---- a/src/net/third_party/nss/ssl/sslsock.c 2012-02-29 17:49:08.431530583 -0800
-+++ b/src/net/third_party/nss/ssl/sslsock.c 2012-02-29 20:00:15.851981917 -0800
+diff -pu -r a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c
+--- a/src/net/third_party/nss/ssl/sslsock.c 2012-03-19 12:59:07.586991902 -0700
++++ b/src/net/third_party/nss/ssl/sslsock.c 2012-03-19 13:49:29.517749929 -0700
@@ -188,6 +188,7 @@ static sslOptions ssl_defaults = {
PR_TRUE, /* cbcRandomIV */
PR_FALSE, /* enableOCSPStapling */
@@ -331,8 +331,8 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
+ PR_FALSE, /* encryptClientCerts */
};
- sslSessionIDLookupFunc ssl_sid_lookup;
-@@ -755,6 +756,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ /*
+@@ -826,6 +827,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
ss->opt.enableOBCerts = on;
break;
@@ -343,7 +343,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
-@@ -822,6 +827,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
+@@ -897,6 +902,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
case SSL_ENABLE_OB_CERTS: on = ss->opt.enableOBCerts; break;
@@ -352,7 +352,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -880,6 +887,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
+@@ -959,6 +966,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
on = ssl_defaults.enableOCSPStapling;
break;
case SSL_ENABLE_OB_CERTS: on = ssl_defaults.enableOBCerts; break;
@@ -361,7 +361,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1047,6 +1056,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+@@ -1126,6 +1135,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
ssl_defaults.enableOBCerts = on;
break;
@@ -372,10 +372,10 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
-diff -up a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h
---- a/src/net/third_party/nss/ssl/sslt.h 2012-02-29 17:12:15.780045080 -0800
-+++ b/src/net/third_party/nss/ssl/sslt.h 2012-02-29 19:34:43.921452065 -0800
-@@ -205,10 +205,11 @@ typedef enum {
+diff -pu -r a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h
+--- a/src/net/third_party/nss/ssl/sslt.h 2012-03-19 12:50:32.610015524 -0700
++++ b/src/net/third_party/nss/ssl/sslt.h 2012-03-19 13:49:29.517749929 -0700
+@@ -214,10 +214,11 @@ typedef enum {
#endif
ssl_session_ticket_xtn = 35,
ssl_next_proto_nego_xtn = 13172,
diff --git a/net/third_party/nss/patches/nextprotocleanup.patch b/net/third_party/nss/patches/nextprotocleanup.patch
deleted file mode 100644
index 046b937..0000000
--- a/net/third_party/nss/patches/nextprotocleanup.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-Index: mozilla/security/nss/lib/ssl/ssl3ext.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3ext.c,v
-retrieving revision 1.21
-diff -u -p -r1.21 ssl3ext.c
---- mozilla/security/nss/lib/ssl/ssl3ext.c 15 Feb 2012 21:52:08 -0000 1.21
-+++ mozilla/security/nss/lib/ssl/ssl3ext.c 10 Mar 2012 00:01:26 -0000
-@@ -592,10 +592,7 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc
- unsigned char resultBuffer[255];
- SECItem result = { siBuffer, resultBuffer, 0 };
-
-- if (ss->firstHsDone) {
-- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-- return SECFailure;
-- }
-+ PORT_Assert(!ss->firstHsDone);
-
- rv = ssl3_ValidateNextProtoNego(data->data, data->len);
- if (rv != SECSuccess)
-@@ -607,6 +604,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc
- */
- PORT_Assert(ss->nextProtoCallback != NULL);
- if (!ss->nextProtoCallback) {
-+ /* XXX Use a better error code. This is an application error, not an
-+ * NSS bug. */
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
-@@ -617,7 +616,7 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc
- return rv;
- /* If the callback wrote more than allowed to |result| it has corrupted our
- * stack. */
-- if (result.len > sizeof result) {
-+ if (result.len > sizeof resultBuffer) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
-Index: mozilla/security/nss/lib/ssl/sslsock.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
-retrieving revision 1.82
-diff -u -p -r1.82 sslsock.c
---- mozilla/security/nss/lib/ssl/sslsock.c 15 Feb 2012 21:52:08 -0000 1.82
-+++ mozilla/security/nss/lib/ssl/sslsock.c 10 Mar 2012 00:01:26 -0000
-@@ -1303,7 +1303,7 @@ SSL_SetNextProtoCallback(PRFileDesc *fd,
- return SECSuccess;
- }
-
--/* NextProtoStandardCallback is set as an NPN callback for the case when
-+/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when
- * SSL_SetNextProtoNego is used.
- */
- static SECStatus
-@@ -1349,12 +1349,12 @@ pick_first:
- result = ss->opt.nextProtoNego.data;
-
- found:
-- *protoOutLen = result[0];
- if (protoMaxLen < result[0]) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- memcpy(protoOut, result + 1, result[0]);
-+ *protoOutLen = result[0];
- return SECSuccess;
- }
-
-@@ -1408,13 +1408,12 @@ SSL_GetNextProto(PRFileDesc *fd, SSLNext
-
- if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
- ss->ssl3.nextProto.data) {
-- *bufLen = ss->ssl3.nextProto.len;
-- if (*bufLen > bufLenMax) {
-+ if (ss->ssl3.nextProto.len > bufLenMax) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-- *bufLen = 0;
- return SECFailure;
- }
- PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
-+ *bufLen = ss->ssl3.nextProto.len;
- } else {
- *bufLen = 0;
- }
diff --git a/net/third_party/nss/patches/ocspstapling.patch b/net/third_party/nss/patches/ocspstapling.patch
index fb6dad3..af01ca3 100644
--- a/net/third_party/nss/patches/ocspstapling.patch
+++ b/net/third_party/nss/patches/ocspstapling.patch
@@ -1,7 +1,7 @@
-diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
---- a/src/net/third_party/nss/ssl/ssl.h 2012-02-28 18:34:23.263186340 -0800
-+++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-28 18:47:14.683775498 -0800
-@@ -167,6 +167,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi
+diff -pu -r a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
+--- a/src/net/third_party/nss/ssl/ssl.h 2012-03-19 14:34:10.103984357 -0700
++++ b/src/net/third_party/nss/ssl/ssl.h 2012-03-19 14:34:51.624539293 -0700
+@@ -184,6 +184,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi
* accept fragmented alerts).
*/
#define SSL_CBC_RANDOM_IV 23
@@ -9,7 +9,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
-@@ -347,6 +348,23 @@ SSL_IMPORT SECStatus SSL_PeerCertificate
+@@ -435,6 +436,23 @@ SSL_IMPORT SECStatus SSL_PeerCertificate
PRFileDesc *fd, CERTCertificate **certs,
unsigned int *numCerts, unsigned int maxNumCerts);
@@ -33,10 +33,10 @@ diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
/*
** Authenticate certificate hook. Called when a certificate comes in
** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
-diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c
---- a/src/net/third_party/nss/ssl/ssl3con.c 2012-02-28 17:48:46.326209244 -0800
-+++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-02-28 19:12:51.845953454 -0800
-@@ -7887,6 +7887,57 @@ ssl3_CopyPeerCertsToSID(ssl3CertNode *ce
+diff -pu -r a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c
+--- a/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 14:34:10.093984221 -0700
++++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 14:34:51.624539293 -0700
+@@ -7899,6 +7899,57 @@ ssl3_CopyPeerCertsToSID(ssl3CertNode *ce
}
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
@@ -94,7 +94,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
* ssl3 Certificate message.
* Caller must hold Handshake and RecvBuf locks.
*/
-@@ -8679,6 +8730,26 @@ ssl3_FinishHandshake(sslSocket * ss)
+@@ -8707,6 +8758,26 @@ ssl3_FinishHandshake(sslSocket * ss)
return SECSuccess;
}
@@ -121,7 +121,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
/* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3
* hanshake message.
* Caller must hold Handshake and RecvBuf locks.
-@@ -8773,14 +8844,42 @@ ssl3_HandleHandshakeMessage(sslSocket *s
+@@ -8801,14 +8872,42 @@ ssl3_HandleHandshakeMessage(sslSocket *s
rv = ssl3_HandleServerHello(ss, b, length);
break;
case certificate:
@@ -164,7 +164,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
rv = ssl3_HandleServerKeyExchange(ss, b, length);
break;
case certificate_request:
-@@ -8789,6 +8888,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s
+@@ -8817,6 +8916,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST);
return SECFailure;
}
@@ -174,7 +174,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
rv = ssl3_HandleCertificateRequest(ss, b, length);
break;
case server_hello_done:
-@@ -8802,6 +8904,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s
+@@ -8830,6 +8932,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
return SECFailure;
}
@@ -184,7 +184,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
rv = ssl3_HandleServerHelloDone(ss);
break;
case certificate_verify:
-@@ -9646,6 +9751,12 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -9719,6 +9824,12 @@ ssl3_DestroySSL3Info(sslSocket *ss)
ss->ssl3.hs.messages.len = 0;
ss->ssl3.hs.messages.space = 0;
}
@@ -197,9 +197,9 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
/* free the SSL3Buffer (msg_body) */
PORT_Free(ss->ssl3.hs.msg_body.buf);
-diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c
---- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-15 13:52:08.000000000 -0800
-+++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-28 19:14:28.617352538 -0800
+diff -pu -r a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c
+--- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-03-12 12:14:12.000000000 -0700
++++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-03-19 14:34:51.624539293 -0700
@@ -253,6 +253,7 @@ static const ssl3HelloExtensionHandler s
{ ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
{ ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
@@ -218,7 +218,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s
/* any extra entries will appear as { 0, NULL } */
};
-@@ -659,6 +661,80 @@ loser:
+@@ -658,6 +660,80 @@ loser:
return -1;
}
@@ -299,9 +299,9 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s
/*
* NewSessionTicket
* Called from ssl3_HandleFinished
-diff -up a/src/net/third_party/nss/ssl/ssl3prot.h b/src/net/third_party/nss/ssl/ssl3prot.h
+diff -pu -r a/src/net/third_party/nss/ssl/ssl3prot.h b/src/net/third_party/nss/ssl/ssl3prot.h
--- a/src/net/third_party/nss/ssl/ssl3prot.h 2011-10-28 17:29:11.000000000 -0700
-+++ b/src/net/third_party/nss/ssl/ssl3prot.h 2012-02-28 19:12:51.845953454 -0800
++++ b/src/net/third_party/nss/ssl/ssl3prot.h 2012-03-19 14:34:51.624539293 -0700
@@ -158,6 +158,7 @@ typedef enum {
certificate_verify = 15,
client_key_exchange = 16,
@@ -310,21 +310,31 @@ diff -up a/src/net/third_party/nss/ssl/ssl3prot.h b/src/net/third_party/nss/ssl/
next_proto = 67
} SSL3HandshakeType;
-diff -up a/src/net/third_party/nss/ssl/sslerr.h b/src/net/third_party/nss/ssl/sslerr.h
---- a/src/net/third_party/nss/ssl/sslerr.h 2012-02-11 04:55:58.000000000 -0800
-+++ b/src/net/third_party/nss/ssl/sslerr.h 2012-02-28 18:58:06.733056235 -0800
-@@ -211,6 +211,8 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2
- SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118),
- SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119),
+diff -pu -r a/src/net/third_party/nss/ssl/sslerr.h b/src/net/third_party/nss/ssl/sslerr.h
+--- a/src/net/third_party/nss/ssl/sslerr.h 2012-03-10 20:32:35.000000000 -0800
++++ b/src/net/third_party/nss/ssl/sslerr.h 2012-03-19 14:35:47.275278925 -0700
+@@ -213,6 +213,8 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIE
-+SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 120),
+ SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120),
+
++SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 121),
+
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */
-diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
---- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-28 17:48:46.326209244 -0800
-+++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-28 19:05:14.299310096 -0800
+diff -pu -r a/src/net/third_party/nss/ssl/SSLerrs.h b/src/net/third_party/nss/ssl/SSLerrs.h
+--- a/src/net/third_party/nss/ssl/SSLerrs.h 2012-03-10 20:32:34.000000000 -0800
++++ b/src/net/third_party/nss/ssl/SSLerrs.h 2012-03-19 14:38:37.757544584 -0700
+@@ -420,3 +420,6 @@ ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_
+
+ ER3(SSL_ERROR_INVALID_VERSION_RANGE, (SSL_ERROR_BASE + 120),
+ "SSL version range is not valid.")
++
++ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 121),
++"SSL received an unexpected Certificate Status handshake message.")
+diff -pu -r a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
+--- a/src/net/third_party/nss/ssl/sslimpl.h 2012-03-19 14:34:10.093984221 -0700
++++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-03-19 14:34:51.634539426 -0700
@@ -339,6 +339,7 @@ typedef struct sslOptionsStr {
unsigned int requireSafeNegotiation : 1; /* 22 */
unsigned int enableFalseStart : 1; /* 23 */
@@ -333,7 +343,7 @@ diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
-@@ -782,6 +783,14 @@ const ssl3CipherSuiteDef *suite_def;
+@@ -783,6 +784,14 @@ const ssl3CipherSuiteDef *suite_def;
PRBool isResuming; /* are we resuming a session */
PRBool usedStepDownKey; /* we did a server key exchange. */
PRBool sendingSCSV; /* instead of empty RI */
@@ -348,7 +358,7 @@ diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s
sslBuffer msgState; /* current state for handshake messages*/
/* protected by recvBufLock */
sslBuffer messages; /* Accumulated handshake messages */
-@@ -1527,6 +1536,8 @@ extern SECStatus ssl3_HandleSupportedPoi
+@@ -1548,6 +1557,8 @@ extern SECStatus ssl3_HandleSupportedPoi
PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
@@ -357,7 +367,7 @@ diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s
extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
-@@ -1536,6 +1547,8 @@ extern SECStatus ssl3_ServerHandleSessio
+@@ -1557,6 +1568,8 @@ extern SECStatus ssl3_ServerHandleSessio
*/
extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
@@ -366,9 +376,9 @@ diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s
/* ClientHello and ServerHello extension senders.
* The code is in ssl3ext.c.
-diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c
---- a/src/net/third_party/nss/ssl/sslsock.c 2012-02-28 16:15:34.790321976 -0800
-+++ b/src/net/third_party/nss/ssl/sslsock.c 2012-02-28 19:12:51.845953454 -0800
+diff -pu -r a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c
+--- a/src/net/third_party/nss/ssl/sslsock.c 2012-03-19 14:34:10.083984085 -0700
++++ b/src/net/third_party/nss/ssl/sslsock.c 2012-03-19 14:34:51.634539426 -0700
@@ -185,7 +185,8 @@ static sslOptions ssl_defaults = {
2, /* enableRenegotiation (default: requires extension) */
PR_FALSE, /* requireSafeNegotiation */
@@ -378,8 +388,8 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
+ PR_FALSE, /* enableOCSPStapling */
};
- sslSessionIDLookupFunc ssl_sid_lookup;
-@@ -741,6 +742,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ /*
+@@ -812,6 +813,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
ss->opt.cbcRandomIV = on;
break;
@@ -390,7 +400,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
-@@ -806,6 +811,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
+@@ -881,6 +886,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
on = ss->opt.requireSafeNegotiation; break;
case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
@@ -398,7 +408,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -860,6 +866,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
+@@ -939,6 +945,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
break;
case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break;
@@ -408,7 +418,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1019,6 +1028,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+@@ -1098,6 +1107,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
ssl_defaults.cbcRandomIV = on;
break;
@@ -419,8 +429,8 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
-@@ -1537,6 +1550,36 @@ loser:
- #endif
+@@ -1735,6 +1748,36 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons
+ return SECSuccess;
}
+SECStatus
@@ -456,10 +466,10 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
/************************************************************************/
/* The following functions are the TOP LEVEL SSL functions.
** They all get called through the NSPRIOMethods table below.
-diff -up a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h
---- a/src/net/third_party/nss/ssl/sslt.h 2012-02-15 13:52:08.000000000 -0800
-+++ b/src/net/third_party/nss/ssl/sslt.h 2012-02-28 19:12:51.845953454 -0800
-@@ -198,6 +198,7 @@ typedef enum {
+diff -pu -r a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h
+--- a/src/net/third_party/nss/ssl/sslt.h 2012-03-15 18:23:55.000000000 -0700
++++ b/src/net/third_party/nss/ssl/sslt.h 2012-03-19 14:34:51.634539426 -0700
+@@ -207,6 +207,7 @@ typedef enum {
/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
typedef enum {
ssl_server_name_xtn = 0,
@@ -467,7 +477,7 @@ diff -up a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt
#ifdef NSS_ENABLE_ECC
ssl_elliptic_curves_xtn = 10,
ssl_ec_point_formats_xtn = 11,
-@@ -207,6 +208,6 @@ typedef enum {
+@@ -216,6 +217,6 @@ typedef enum {
ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
} SSLExtensionType;
diff --git a/net/third_party/nss/patches/renegoscsv.patch b/net/third_party/nss/patches/renegoscsv.patch
index 8ed9dfc..ffade26 100644
--- a/net/third_party/nss/patches/renegoscsv.patch
+++ b/net/third_party/nss/patches/renegoscsv.patch
@@ -1,24 +1,14 @@
-From 552c8d41b9ac9d55c8f1a861d81fc070a2a72aba Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Mon, 3 Oct 2011 12:20:10 -0400
-Subject: [PATCH] renegoscsv.patch
-
----
- mozilla/security/nss/lib/ssl/ssl3con.c | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index e0cb4e9..455a532 100644
---- a/mozilla/security/nss/lib/ssl/ssl3con.c
-+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
-@@ -3874,9 +3874,9 @@ ssl3_SendClientHello(sslSocket *ss)
+diff -pu -r a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c
+--- a/src/net/third_party/nss/ssl/ssl3con.c 2012-03-17 17:31:19.000000000 -0700
++++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 12:35:33.058193252 -0700
+@@ -3966,9 +3966,9 @@ ssl3_SendClientHello(sslSocket *ss)
return SECFailure; /* ssl3_config_match_init has set error code. */
/* HACK for SCSV in SSL 3.0. On initial handshake, prepend SCSV,
- * only if we're willing to complete an SSL 3.0 handshake.
+ * only if TLS is disabled.
*/
-- if (!ss->firstHsDone && ss->opt.enableSSL3) {
+- if (!ss->firstHsDone && ss->vrange.min == SSL_LIBRARY_VERSION_3_0) {
+ if (!ss->firstHsDone && !isTLS) {
/* Must set this before calling Hello Extension Senders,
* to suppress sending of empty RI extension.
diff --git a/net/third_party/nss/patches/secret_exporter.patch b/net/third_party/nss/patches/secret_exporter.patch
deleted file mode 100644
index 10f1776..0000000
--- a/net/third_party/nss/patches/secret_exporter.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
---- a/src/net/third_party/nss/ssl/ssl.h 2012-02-29 17:12:15.720044263 -0800
-+++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-29 17:18:04.824794558 -0800
-@@ -774,6 +774,19 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteI
- /* Returnes negotiated through SNI host info. */
- SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
-
-+/* Export keying material according to RFC 5705.
-+** fd must correspond to a TLS 1.0 or higher socket and out must
-+** already be allocated. If contextLen is zero it uses the no-context
-+** construction from the RFC.
-+*/
-+SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
-+ const char *label,
-+ unsigned int labelLen,
-+ const unsigned char *context,
-+ unsigned int contextLen,
-+ unsigned char *out,
-+ unsigned int outLen);
-+
- /*
- ** Return a new reference to the certificate that was most recently sent
- ** to the peer on this SSL/TLS connection, or NULL if none has been sent.
-diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c
---- a/src/net/third_party/nss/ssl/ssl3con.c 2012-02-28 20:34:50.114663722 -0800
-+++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 17:18:04.824794558 -0800
-@@ -8368,33 +8368,33 @@ done:
- return rv;
- }
-
--static SECStatus
--ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
-- PRBool isServer,
-- const SSL3Finished * hashes,
-- TLSFinished * tlsFinished)
-+/* The calling function must acquire and release the appropriate lock (i.e.,
-+ * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any
-+ * label must already be concatenated onto the beginning of val.
-+ */
-+SECStatus
-+ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
-+ unsigned int labelLen, const unsigned char *val, unsigned int valLen,
-+ unsigned char *out, unsigned int outLen)
- {
-- const char * label;
-- unsigned int len;
-- SECStatus rv;
--
-- label = isServer ? "server finished" : "client finished";
-- len = 15;
-+ SECStatus rv = SECSuccess;
-
- if (spec->master_secret && !spec->bypassCiphers) {
- SECItem param = {siBuffer, NULL, 0};
- PK11Context *prf_context =
- PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN,
- spec->master_secret, &param);
-+ unsigned int retLen;
-+
- if (!prf_context)
- return SECFailure;
-
- rv = PK11_DigestBegin(prf_context);
-- rv |= PK11_DigestOp(prf_context, (const unsigned char *) label, len);
-- rv |= PK11_DigestOp(prf_context, hashes->md5, sizeof *hashes);
-- rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data,
-- &len, sizeof tlsFinished->verify_data);
-- PORT_Assert(rv != SECSuccess || len == sizeof *tlsFinished);
-+ rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen);
-+ rv |= PK11_DigestOp(prf_context, val, valLen);
-+ rv |= PK11_DigestFinal(prf_context, out,
-+ &retLen, outLen);
-+ PORT_Assert(rv != SECSuccess || retLen == outLen);
-
- PK11_DestroyContext(prf_context, PR_TRUE);
- } else {
-@@ -8403,17 +8403,36 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *
- SECItem outData = { siBuffer, };
- PRBool isFIPS = PR_FALSE;
-
-- inData.data = (unsigned char *)hashes->md5;
-- inData.len = sizeof hashes[0];
-- outData.data = tlsFinished->verify_data;
-- outData.len = sizeof tlsFinished->verify_data;
-+ inData.data = (unsigned char *) val;
-+ inData.len = valLen;
-+ outData.data = out;
-+ outData.len = outLen;
- rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
-- PORT_Assert(rv != SECSuccess || \
-- outData.len == sizeof tlsFinished->verify_data);
-+ PORT_Assert(rv != SECSuccess || outData.len == outLen);
- }
- return rv;
- }
-
-+static SECStatus
-+ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
-+ PRBool isServer,
-+ const SSL3Finished * hashes,
-+ TLSFinished * tlsFinished)
-+{
-+ const char * label;
-+ SECStatus rv;
-+ unsigned int len;
-+
-+ label = isServer ? "server finished" : "client finished";
-+ len = 15;
-+
-+ rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
-+ sizeof *hashes, tlsFinished->verify_data,
-+ sizeof tlsFinished->verify_data);
-+
-+ return rv;
-+}
-+
- /* called from ssl3_HandleServerHelloDone
- */
- static SECStatus
-diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
---- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 17:12:15.720044263 -0800
-+++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 17:16:59.143900589 -0800
-@@ -1709,6 +1709,11 @@ SECStatus SSL_DisableDefaultExportCipher
- SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
- PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
-
-+SECStatus ssl3_TLSPRFWithMasterSecret(
-+ ssl3CipherSpec *spec, const char *label,
-+ unsigned int labelLen, const unsigned char *val,
-+ unsigned int valLen, unsigned char *out,
-+ unsigned int outLen);
-
- #ifdef TRACE
- #define SSL_TRACE(msg) ssl_Trace msg
-diff -up a/src/net/third_party/nss/ssl/sslinfo.c b/src/net/third_party/nss/ssl/sslinfo.c
---- a/src/net/third_party/nss/ssl/sslinfo.c 2010-09-01 18:12:57.000000000 -0700
-+++ b/src/net/third_party/nss/ssl/sslinfo.c 2012-02-29 17:18:04.824794558 -0800
-@@ -20,6 +20,7 @@
- *
- * Contributor(s):
- * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
-+ * Douglas Stebila <douglas@stebila.ca>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
-@@ -316,6 +317,69 @@ SSL_IsExportCipherSuite(PRUint16 cipherS
- return PR_FALSE;
- }
-
-+/* Export keying material according to RFC 5705.
-+** fd must correspond to a TLS 1.0 or higher socket, out must
-+** be already allocated.
-+*/
-+SECStatus
-+SSL_ExportKeyingMaterial(PRFileDesc *fd,
-+ const char *label,
-+ unsigned int labelLen,
-+ const unsigned char *context,
-+ unsigned int contextLen,
-+ unsigned char *out,
-+ unsigned int outLen)
-+{
-+ sslSocket *ss;
-+ unsigned char *val = NULL;
-+ unsigned int valLen, i;
-+ SECStatus rv = SECFailure;
-+
-+ ss = ssl_FindSocket(fd);
-+ if (!ss) {
-+ SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",
-+ SSL_GETPID(), fd));
-+ return SECFailure;
-+ }
-+
-+ if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {
-+ PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
-+ return SECFailure;
-+ }
-+
-+ valLen = SSL3_RANDOM_LENGTH * 2;
-+ if (contextLen > 0)
-+ valLen += 2 /* uint16 length */ + contextLen;
-+ val = PORT_Alloc(valLen);
-+ if (val == NULL)
-+ return SECFailure;
-+ i = 0;
-+ PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
-+ i += SSL3_RANDOM_LENGTH;
-+ PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
-+ i += SSL3_RANDOM_LENGTH;
-+ if (contextLen > 0) {
-+ val[i++] = contextLen >> 8;
-+ val[i++] = contextLen;
-+ PORT_Memcpy(val + i, context, contextLen);
-+ i += contextLen;
-+ }
-+ PORT_Assert(i == valLen);
-+
-+ ssl_GetSpecReadLock(ss);
-+ if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
-+ PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-+ rv = SECFailure;
-+ } else {
-+ rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
-+ valLen, out, outLen);
-+ }
-+ ssl_ReleaseSpecReadLock(ss);
-+
-+ PORT_ZFree(val, valLen);
-+ return rv;
-+}
-+
- SECItem*
- SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
- {
diff --git a/net/third_party/nss/patches/secret_exporter2.patch b/net/third_party/nss/patches/secret_exporter2.patch
deleted file mode 100644
index 695754d..0000000
--- a/net/third_party/nss/patches/secret_exporter2.patch
+++ /dev/null
@@ -1,228 +0,0 @@
-Index: net/third_party/nss/ssl/ssl.h
-===================================================================
---- net/third_party/nss/ssl/ssl.h (revision 125777)
-+++ net/third_party/nss/ssl/ssl.h (working copy)
-@@ -792,12 +792,14 @@
-
- /* Export keying material according to RFC 5705.
- ** fd must correspond to a TLS 1.0 or higher socket and out must
--** already be allocated. If contextLen is zero it uses the no-context
--** construction from the RFC.
-+** already be allocated. If hasContext is false, it uses the no-context
-+** construction from the RFC and ignores the context and contextLen
-+** arguments.
- */
- SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
- const char *label,
- unsigned int labelLen,
-+ PRBool hasContext,
- const unsigned char *context,
- unsigned int contextLen,
- unsigned char *out,
-Index: net/third_party/nss/ssl/sslinfo.c
-===================================================================
---- net/third_party/nss/ssl/sslinfo.c (revision 125777)
-+++ net/third_party/nss/ssl/sslinfo.c (working copy)
-@@ -317,18 +317,12 @@
- return PR_FALSE;
- }
-
--/* Export keying material according to RFC 5705.
--** fd must correspond to a TLS 1.0 or higher socket, out must
--** be already allocated.
--*/
- SECStatus
- SSL_ExportKeyingMaterial(PRFileDesc *fd,
-- const char *label,
-- unsigned int labelLen,
-- const unsigned char *context,
-- unsigned int contextLen,
-- unsigned char *out,
-- unsigned int outLen)
-+ const char *label, unsigned int labelLen,
-+ PRBool hasContext,
-+ const unsigned char *context, unsigned int contextLen,
-+ unsigned char *out, unsigned int outLen)
- {
- sslSocket *ss;
- unsigned char *val = NULL;
-@@ -347,18 +341,21 @@
- return SECFailure;
- }
-
-+ /* construct PRF arguments */
- valLen = SSL3_RANDOM_LENGTH * 2;
-- if (contextLen > 0)
-+ if (hasContext) {
- valLen += 2 /* uint16 length */ + contextLen;
-+ }
- val = PORT_Alloc(valLen);
-- if (val == NULL)
-+ if (!val) {
- return SECFailure;
-+ }
- i = 0;
- PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
- i += SSL3_RANDOM_LENGTH;
- PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
- i += SSL3_RANDOM_LENGTH;
-- if (contextLen > 0) {
-+ if (hasContext) {
- val[i++] = contextLen >> 8;
- val[i++] = contextLen;
- PORT_Memcpy(val + i, context, contextLen);
-@@ -366,6 +363,9 @@
- }
- PORT_Assert(i == valLen);
-
-+ /* Allow TLS keying material to be exported sooner, when the master
-+ * secret is available and we have sent ChangeCipherSpec.
-+ */
- ssl_GetSpecReadLock(ss);
- if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
- PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-Index: net/third_party/nss/ssl/sslimpl.h
-===================================================================
---- net/third_party/nss/ssl/sslimpl.h (revision 125777)
-+++ net/third_party/nss/ssl/sslimpl.h (working copy)
-@@ -1715,11 +1715,11 @@
- SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
- PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
-
--SECStatus ssl3_TLSPRFWithMasterSecret(
-- ssl3CipherSpec *spec, const char *label,
-- unsigned int labelLen, const unsigned char *val,
-- unsigned int valLen, unsigned char *out,
-- unsigned int outLen);
-+extern SECStatus
-+ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec,
-+ const char *label, unsigned int labelLen,
-+ const unsigned char *val, unsigned int valLen,
-+ unsigned char *out, unsigned int outLen);
-
- #ifdef TRACE
- #define SSL_TRACE(msg) ssl_Trace msg
-Index: net/third_party/nss/ssl/ssl3ext.c
-===================================================================
---- net/third_party/nss/ssl/ssl3ext.c (revision 125777)
-+++ net/third_party/nss/ssl/ssl3ext.c (working copy)
-@@ -606,10 +606,7 @@
- unsigned char resultBuffer[255];
- SECItem result = { siBuffer, resultBuffer, 0 };
-
-- if (ss->firstHsDone) {
-- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-- return SECFailure;
-- }
-+ PORT_Assert(!ss->firstHsDone);
-
- rv = ssl3_ValidateNextProtoNego(data->data, data->len);
- if (rv != SECSuccess)
-@@ -621,6 +618,8 @@
- */
- PORT_Assert(ss->nextProtoCallback != NULL);
- if (!ss->nextProtoCallback) {
-+ /* XXX Use a better error code. This is an application error, not an
-+ * NSS bug. */
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
-@@ -631,7 +630,7 @@
- return rv;
- /* If the callback wrote more than allowed to |result| it has corrupted our
- * stack. */
-- if (result.len > sizeof result) {
-+ if (result.len > sizeof resultBuffer) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
-Index: net/third_party/nss/ssl/sslsock.c
-===================================================================
---- net/third_party/nss/ssl/sslsock.c (revision 125777)
-+++ net/third_party/nss/ssl/sslsock.c (working copy)
-@@ -1344,7 +1344,7 @@
- return SECSuccess;
- }
-
--/* NextProtoStandardCallback is set as an NPN callback for the case when
-+/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when
- * SSL_SetNextProtoNego is used.
- */
- static SECStatus
-@@ -1390,12 +1390,12 @@
- result = ss->opt.nextProtoNego.data;
-
- found:
-- *protoOutLen = result[0];
- if (protoMaxLen < result[0]) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- memcpy(protoOut, result + 1, result[0]);
-+ *protoOutLen = result[0];
- return SECSuccess;
- }
-
-@@ -1449,13 +1449,12 @@
-
- if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
- ss->ssl3.nextProto.data) {
-- *bufLen = ss->ssl3.nextProto.len;
-- if (*bufLen > bufLenMax) {
-+ if (ss->ssl3.nextProto.len > bufLenMax) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-- *bufLen = 0;
- return SECFailure;
- }
- PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
-+ *bufLen = ss->ssl3.nextProto.len;
- } else {
- *bufLen = 0;
- }
-Index: net/third_party/nss/ssl/ssl3con.c
-===================================================================
---- net/third_party/nss/ssl/ssl3con.c (revision 125777)
-+++ net/third_party/nss/ssl/ssl3con.c (working copy)
-@@ -8484,9 +8484,9 @@
- return rv;
- }
-
--/* The calling function must acquire and release the appropriate lock (i.e.,
-- * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any
-- * label must already be concatenated onto the beginning of val.
-+/* The calling function must acquire and release the appropriate
-+ * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for
-+ * ss->ssl3.crSpec).
- */
- SECStatus
- ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
-@@ -8508,8 +8508,7 @@
- rv = PK11_DigestBegin(prf_context);
- rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen);
- rv |= PK11_DigestOp(prf_context, val, valLen);
-- rv |= PK11_DigestFinal(prf_context, out,
-- &retLen, outLen);
-+ rv |= PK11_DigestFinal(prf_context, out, &retLen, outLen);
- PORT_Assert(rv != SECSuccess || retLen == outLen);
-
- PK11_DestroyContext(prf_context, PR_TRUE);
-@@ -8532,15 +8531,15 @@
- static SECStatus
- ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
- PRBool isServer,
-- const SSL3Finished * hashes,
-- TLSFinished * tlsFinished)
-+ const SSL3Finished * hashes,
-+ TLSFinished * tlsFinished)
- {
- const char * label;
-- SECStatus rv;
- unsigned int len;
-+ SECStatus rv;
-
- label = isServer ? "server finished" : "client finished";
-- len = 15;
-+ len = 15;
-
- rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
- sizeof *hashes, tlsFinished->verify_data,
diff --git a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs.h
index be25978..29aa512 100644
--- a/net/third_party/nss/ssl/SSLerrs.h
+++ b/net/third_party/nss/ssl/SSLerrs.h
@@ -417,3 +417,9 @@ ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS, (SSL_ERROR_BASE + 118),
ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS, (SSL_ERROR_BASE + 119),
"SSL feature not supported for clients.")
+
+ER3(SSL_ERROR_INVALID_VERSION_RANGE, (SSL_ERROR_BASE + 120),
+"SSL version range is not valid.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 121),
+"SSL received an unexpected Certificate Status handshake message.")
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index d8f8e2f..92e823a 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: ssl.h,v 1.49 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
+/* $Id: ssl.h,v 1.54 2012/03/18 00:31:19 wtc%google.com Exp $ */
#ifndef __ssl_h_
#define __ssl_h_
@@ -100,17 +100,34 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
/* (off by default) */
#define SSL_HANDSHAKE_AS_SERVER 6 /* force connect to hs as server */
/* (off by default) */
+
+/* OBSOLETE: SSL v2 is obsolete and may be removed soon. */
#define SSL_ENABLE_SSL2 7 /* enable ssl v2 (off by default) */
+
+/* OBSOLETE: See "SSL Version Range API" below for the replacement and a
+** description of the non-obvious semantics of using SSL_ENABLE_SSL3.
+*/
#define SSL_ENABLE_SSL3 8 /* enable ssl v3 (on by default) */
+
#define SSL_NO_CACHE 9 /* don't use the session cache */
/* (off by default) */
#define SSL_REQUIRE_CERTIFICATE 10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */
/* by default) */
#define SSL_ENABLE_FDX 11 /* permit simultaneous read/write */
/* (off by default) */
+
+/* OBSOLETE: SSL v2 compatible hellos are not accepted by some TLS servers
+** and cannot negotiate extensions. SSL v2 is obsolete. This option may be
+** removed soon.
+*/
#define SSL_V2_COMPATIBLE_HELLO 12 /* send v3 client hello in v2 fmt */
/* (off by default) */
+
+/* OBSOLETE: See "SSL Version Range API" below for the replacement and a
+** description of the non-obvious semantics of using SSL_ENABLE_TLS.
+*/
#define SSL_ENABLE_TLS 13 /* enable TLS (on by default) */
+
#define SSL_ROLLBACK_DETECTION 14 /* for compatibility, default: on */
#define SSL_NO_STEP_DOWN 15 /* Disable export cipher suites */
/* if step-down keys are needed. */
@@ -261,6 +278,77 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+/* SSL Version Range API
+**
+** This API should be used to control SSL 3.0 & TLS support instead of the
+** older SSL_Option* API; however, the SSL_Option* API MUST still be used to
+** control SSL 2.0 support. In this version of libssl, SSL 3.0 and TLS 1.0 are
+** enabled by default. Future versions of libssl may change which versions of
+** the protocol are enabled by default.
+**
+** The SSLProtocolVariant enum indicates whether the protocol is of type
+** stream or datagram. This must be provided to the functions that do not
+** take an fd. Functions which take an fd will get the variant from the fd,
+** which is typed.
+**
+** Using the new version range API in conjunction with the older
+** SSL_OptionSet-based API for controlling the enabled protocol versions may
+** cause unexpected results. Going forward, we guarantee only the following:
+**
+** SSL_OptionGet(SSL_ENABLE_TLS) will return PR_TRUE if *ANY* versions of TLS
+** are enabled.
+**
+** SSL_OptionSet(SSL_ENABLE_TLS, PR_FALSE) will disable *ALL* versions of TLS,
+** including TLS 1.0 and later.
+**
+** The above two properties provide compatibility for applications that use
+** SSL_OptionSet to implement the insecure fallback from TLS 1.x to SSL 3.0.
+**
+** SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) will enable TLS 1.0, and may also
+** enable some later versions of TLS, if it is necessary to do so in order to
+** keep the set of enabled versions contiguous. For example, if TLS 1.2 is
+** enabled, then after SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE), TLS 1.0,
+** TLS 1.1, and TLS 1.2 will be enabled, and the call will have no effect on
+** whether SSL 3.0 is enabled. If no later versions of TLS are enabled at the
+** time SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) is called, then no later
+** versions of TLS will be enabled by the call.
+**
+** SSL_OptionSet(SSL_ENABLE_SSL3, PR_FALSE) will disable SSL 3.0, and will not
+** change the set of TLS versions that are enabled.
+**
+** SSL_OptionSet(SSL_ENABLE_SSL3, PR_TRUE) will enable SSL 3.0, and may also
+** enable some versions of TLS if TLS 1.1 or later is enabled at the time of
+** the call, the same way SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) works, in
+** order to keep the set of enabled versions contiguous.
+*/
+
+/* Returns, in |*vrange|, the range of SSL3/TLS versions supported for the
+** given protocol variant by the version of libssl linked-to at runtime.
+*/
+SSL_IMPORT SECStatus SSL_VersionRangeGetSupported(
+ SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
+
+/* Returns, in |*vrange|, the range of SSL3/TLS versions enabled by default
+** for the given protocol variant.
+*/
+SSL_IMPORT SECStatus SSL_VersionRangeGetDefault(
+ SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
+
+/* Sets the range of enabled-by-default SSL3/TLS versions for the given
+** protocol variant to |*vrange|.
+*/
+SSL_IMPORT SECStatus SSL_VersionRangeSetDefault(
+ SSLProtocolVariant protocolVariant, const SSLVersionRange *vrange);
+
+/* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */
+SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd,
+ SSLVersionRange *vrange);
+
+/* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */
+SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd,
+ const SSLVersionRange *vrange);
+
+
/* Values for "policy" argument to SSL_PolicySet */
/* Values returned by SSL_CipherPolicyGet. */
#define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 804feac..322e502 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -1,3 +1,4 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* SSL3 Protocol
*
@@ -39,7 +40,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: ssl3con.c,v 1.164 2012/02/17 09:50:04 kaie%kuix.de Exp $ */
+/* $Id: ssl3con.c,v 1.173 2012/03/18 00:31:19 wtc%google.com Exp $ */
#include "cert.h"
#include "ssl.h"
@@ -142,8 +143,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
#endif /* NSS_ENABLE_ECC */
{ TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
- { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
{ SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
+ { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
#ifdef NSS_ENABLE_ECC
@@ -638,7 +639,7 @@ ssl3_config_match_init(sslSocket *ss)
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return 0;
}
- if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) {
+ if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
return 0;
}
isServer = (PRBool)(ss->sec.isServer != 0);
@@ -742,7 +743,7 @@ count_cipher_suites(sslSocket *ss, int policy, PRBool enabled)
{
int i, count = 0;
- if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) {
+ if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
return 0;
}
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
@@ -755,24 +756,6 @@ count_cipher_suites(sslSocket *ss, int policy, PRBool enabled)
return count;
}
-static PRBool
-anyRestrictedEnabled(sslSocket *ss)
-{
- int i;
-
- if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) {
- return PR_FALSE;
- }
- for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
- if (suite->policy == SSL_RESTRICTED &&
- suite->enabled &&
- suite->isPresent)
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
/*
* Null compression, mac and encryption functions
*/
@@ -791,33 +774,32 @@ Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
* SSL3 Utility functions
*/
+/* allowLargerPeerVersion controls whether the function will select the
+ * highest enabled SSL version or fail when peerVersion is greater than the
+ * highest enabled version.
+ *
+ * If allowLargerPeerVersion is true, peerVersion is the peer's highest
+ * enabled version rather than the peer's selected version.
+ */
SECStatus
-ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion)
+ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion,
+ PRBool allowLargerPeerVersion)
{
- SSL3ProtocolVersion version;
- SSL3ProtocolVersion maxVersion;
-
- if (ss->opt.enableTLS) {
- maxVersion = SSL_LIBRARY_VERSION_3_1_TLS;
- } else if (ss->opt.enableSSL3) {
- maxVersion = SSL_LIBRARY_VERSION_3_0;
- } else {
- /* what are we doing here? */
- PORT_Assert(ss->opt.enableSSL3 || ss->opt.enableTLS);
+ if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
PORT_SetError(SSL_ERROR_SSL_DISABLED);
return SECFailure;
}
- ss->version = version = PR_MIN(maxVersion, peerVersion);
-
- if ((version == SSL_LIBRARY_VERSION_3_1_TLS && ss->opt.enableTLS) ||
- (version == SSL_LIBRARY_VERSION_3_0 && ss->opt.enableSSL3)) {
- return SECSuccess;
+ if (peerVersion < ss->vrange.min ||
+ (peerVersion > ss->vrange.max && !allowLargerPeerVersion)) {
+ PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+ return SECFailure;
}
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- return SECFailure;
+ ss->version = PR_MIN(peerVersion, ss->vrange.max);
+ PORT_Assert(ssl3_VersionIsSupported(ssl_variant_stream, ss->version));
+ return SECSuccess;
}
static SECStatus
@@ -1433,7 +1415,7 @@ static SECStatus
ssl3_InitPendingContextsBypass(sslSocket *ss)
{
ssl3CipherSpec * pwSpec;
-const ssl3BulkCipherDef *cipher_def;
+ const ssl3BulkCipherDef *cipher_def;
void * serverContext = NULL;
void * clientContext = NULL;
BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL;
@@ -1622,7 +1604,7 @@ static SECStatus
ssl3_InitPendingContextsPKCS11(sslSocket *ss)
{
ssl3CipherSpec * pwSpec;
-const ssl3BulkCipherDef *cipher_def;
+ const ssl3BulkCipherDef *cipher_def;
PK11Context * serverContext = NULL;
PK11Context * clientContext = NULL;
SECItem * param;
@@ -2050,21 +2032,52 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec,
{
const ssl3BulkCipherDef * cipher_def;
SECStatus rv;
- PRUint32 macLen = 0;
+ PRUint32 macLen = 0;
PRUint32 fragLen;
PRUint32 p1Len, p2Len, oddLen = 0;
- PRInt32 cipherBytes = 0;
+ int ivLen = 0;
+ int cipherBytes = 0;
cipher_def = cwSpec->cipher_def;
+ if (cipher_def->type == type_block &&
+ cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+ /* Prepend the per-record explicit IV using technique 2b from
+ * RFC 4346 section 6.2.3.2: The IV is a cryptographically
+ * strong random number XORed with the CBC residue from the previous
+ * record.
+ */
+ ivLen = cipher_def->iv_size;
+ if (ivLen > wrBuf->space - SSL3_RECORD_HEADER_LENGTH) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ rv = PK11_GenerateRandom(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, ivLen);
+ if (rv != SECSuccess) {
+ ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
+ return rv;
+ }
+ rv = cwSpec->encode( cwSpec->encodeContext,
+ wrBuf->buf + SSL3_RECORD_HEADER_LENGTH,
+ &cipherBytes, /* output and actual outLen */
+ ivLen, /* max outlen */
+ wrBuf->buf + SSL3_RECORD_HEADER_LENGTH,
+ ivLen); /* input and inputLen*/
+ if (rv != SECSuccess || cipherBytes != ivLen) {
+ PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
+ return SECFailure;
+ }
+ }
+
if (cwSpec->compressor) {
int outlen;
rv = cwSpec->compressor(
- cwSpec->compressContext, wrBuf->buf + SSL3_RECORD_HEADER_LENGTH,
- &outlen, wrBuf->space - SSL3_RECORD_HEADER_LENGTH, pIn, contentLen);
+ cwSpec->compressContext,
+ wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen, &outlen,
+ wrBuf->space - SSL3_RECORD_HEADER_LENGTH - ivLen, pIn, contentLen);
if (rv != SECSuccess)
return rv;
- pIn = wrBuf->buf + SSL3_RECORD_HEADER_LENGTH;
+ pIn = wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen;
contentLen = outlen;
}
@@ -2073,7 +2086,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec,
*/
rv = ssl3_ComputeRecordMAC( cwSpec, isServer,
type, cwSpec->version, cwSpec->write_seq_num, pIn, contentLen,
- wrBuf->buf + contentLen + SSL3_RECORD_HEADER_LENGTH, &macLen);
+ wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + contentLen, &macLen);
if (rv != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
return SECFailure;
@@ -2100,7 +2113,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec,
PORT_Assert((fragLen % cipher_def->block_size) == 0);
/* Pad according to TLS rules (also acceptable to SSL3). */
- pBuf = &wrBuf->buf[fragLen + SSL3_RECORD_HEADER_LENGTH - 1];
+ pBuf = &wrBuf->buf[SSL3_RECORD_HEADER_LENGTH + ivLen + fragLen - 1];
for (i = padding_length + 1; i > 0; --i) {
*pBuf-- = padding_length;
}
@@ -2117,31 +2130,33 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec,
p2Len += oddLen;
PORT_Assert( (cipher_def->block_size < 2) || \
(p2Len % cipher_def->block_size) == 0);
- memmove(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len,
+ memmove(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len,
pIn + p1Len, oddLen);
}
if (p1Len > 0) {
+ int cipherBytesPart1 = -1;
rv = cwSpec->encode( cwSpec->encodeContext,
- wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, /* output */
- &cipherBytes, /* actual outlen */
+ wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen, /* output */
+ &cipherBytesPart1, /* actual outlen */
p1Len, /* max outlen */
pIn, p1Len); /* input, and inputlen */
- PORT_Assert(rv == SECSuccess && cipherBytes == p1Len);
- if (rv != SECSuccess || cipherBytes != p1Len) {
+ PORT_Assert(rv == SECSuccess && cipherBytesPart1 == (int) p1Len);
+ if (rv != SECSuccess || cipherBytesPart1 != (int) p1Len) {
PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
return SECFailure;
}
+ cipherBytes += cipherBytesPart1;
}
if (p2Len > 0) {
- PRInt32 cipherBytesPart2 = -1;
+ int cipherBytesPart2 = -1;
rv = cwSpec->encode( cwSpec->encodeContext,
- wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len,
+ wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len,
&cipherBytesPart2, /* output and actual outLen */
p2Len, /* max outlen */
- wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len,
+ wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len,
p2Len); /* input and inputLen*/
- PORT_Assert(rv == SECSuccess && cipherBytesPart2 == p2Len);
- if (rv != SECSuccess || cipherBytesPart2 != p2Len) {
+ PORT_Assert(rv == SECSuccess && cipherBytesPart2 == (int) p2Len);
+ if (rv != SECSuccess || cipherBytesPart2 != (int) p2Len) {
PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
return SECFailure;
}
@@ -2225,7 +2240,7 @@ ssl3_SendRecord( sslSocket * ss,
ssl_GetSpecReadLock(ss); /********************************/
if (nIn > 1 && ss->opt.cbcRandomIV &&
- ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS &&
+ ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_1 &&
type == content_application_data &&
ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) {
/* We will split the first byte of the record into its own record,
@@ -2237,6 +2252,10 @@ ssl3_SendRecord( sslSocket * ss,
}
spaceNeeded = contentLen + (numRecords * SSL3_BUFFER_FUDGE);
+ if (ss->ssl3.cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
+ ss->ssl3.cwSpec->cipher_def->type == type_block) {
+ spaceNeeded += ss->ssl3.cwSpec->cipher_def->iv_size;
+ }
if (spaceNeeded > wrBuf->space) {
rv = sslBuffer_Grow(wrBuf, spaceNeeded);
if (rv != SECSuccess) {
@@ -3890,6 +3909,11 @@ ssl3_SendClientHello(sslSocket *ss)
sidOK = PR_FALSE;
}
+ if (sidOK && ssl3_NegotiateVersion(ss, sid->version,
+ PR_FALSE) != SECSuccess) {
+ sidOK = PR_FALSE;
+ }
+
if (!sidOK) {
SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_not_ok );
(*ss->sec.uncache)(sid);
@@ -3906,10 +3930,6 @@ ssl3_SendClientHello(sslSocket *ss)
sid->u.ssl3.sessionTicket.ticket.data)
SSL_AtomicIncrementLong(& ssl3stats.sch_sid_stateless_resumes );
- rv = ssl3_NegotiateVersion(ss, sid->version);
- if (rv != SECSuccess)
- return rv; /* error code was set */
-
PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
sid->u.ssl3.sessionIDLength));
@@ -3917,7 +3937,8 @@ ssl3_SendClientHello(sslSocket *ss)
} else {
SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses );
- rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_3_1_TLS);
+ rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED,
+ PR_TRUE);
if (rv != SECSuccess)
return rv; /* error code was set */
@@ -3944,8 +3965,8 @@ ssl3_SendClientHello(sslSocket *ss)
ss->sec.send = ssl3_SendApplicationData;
/* shouldn't get here if SSL3 is disabled, but ... */
- PORT_Assert(ss->opt.enableSSL3 || ss->opt.enableTLS);
- if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) {
+ if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
+ PR_NOT_REACHED("No versions of SSL 3.0 or later are enabled");
PORT_SetError(SSL_ERROR_SSL_DISABLED);
return SECFailure;
}
@@ -5015,16 +5036,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
}
version = (SSL3ProtocolVersion)temp;
- /* this is appropriate since the negotiation is complete, and we only
- ** know SSL 3.x.
- */
- if (MSB(version) != MSB(SSL_LIBRARY_VERSION_3_0)) {
- desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
- : handshake_failure;
- goto alert_loser;
- }
-
- rv = ssl3_NegotiateVersion(ss, version);
+ rv = ssl3_NegotiateVersion(ss, version, PR_FALSE);
if (rv != SECSuccess) {
desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
: handshake_failure;
@@ -6298,7 +6310,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (tmp < 0)
goto loser; /* malformed, alert already sent */
ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp;
- rv = ssl3_NegotiateVersion(ss, version);
+ rv = ssl3_NegotiateVersion(ss, version, PR_TRUE);
if (rv != SECSuccess) {
desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
: handshake_failure;
@@ -7006,7 +7018,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length)
rand_length = (buffer[7] << 8) | buffer[8];
ss->clientHelloVersion = version;
- rv = ssl3_NegotiateVersion(ss, version);
+ rv = ssl3_NegotiateVersion(ss, version, PR_TRUE);
if (rv != SECSuccess) {
/* send back which ever alert client will understand. */
desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure;
@@ -7242,7 +7254,7 @@ ssl3_SendServerHello(sslSocket *ss)
static SECStatus
ssl3_SendServerKeyExchange(sslSocket *ss)
{
-const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
+ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
SECStatus rv = SECFailure;
int length;
PRBool isTLS;
@@ -7341,7 +7353,7 @@ ssl3_SendCertificateRequest(sslSocket *ss)
{
SECItem * name;
CERTDistNames *ca_list;
-const uint8 * certTypes;
+ const uint8 * certTypes;
SECItem * names = NULL;
SECStatus rv;
int length;
@@ -7689,7 +7701,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
{
SECKEYPrivateKey *serverKey = NULL;
SECStatus rv;
-const ssl3KEADef * kea_def;
+ const ssl3KEADef *kea_def;
ssl3KeyPair *serverKeyPair = NULL;
#ifdef NSS_ENABLE_ECC
SECKEYPublicKey *serverPubKey = NULL;
@@ -8484,6 +8496,26 @@ done:
return rv;
}
+static SECStatus
+ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
+ PRBool isServer,
+ const SSL3Finished * hashes,
+ TLSFinished * tlsFinished)
+{
+ const char * label;
+ unsigned int len;
+ SECStatus rv;
+
+ label = isServer ? "server finished" : "client finished";
+ len = 15;
+
+ rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
+ sizeof *hashes, tlsFinished->verify_data,
+ sizeof tlsFinished->verify_data);
+
+ return rv;
+}
+
/* The calling function must acquire and release the appropriate
* lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for
* ss->ssl3.crSpec).
@@ -8528,26 +8560,6 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
return rv;
}
-static SECStatus
-ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
- PRBool isServer,
- const SSL3Finished * hashes,
- TLSFinished * tlsFinished)
-{
- const char * label;
- unsigned int len;
- SECStatus rv;
-
- label = isServer ? "server finished" : "client finished";
- len = 15;
-
- rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
- sizeof *hashes, tlsFinished->verify_data,
- sizeof tlsFinished->verify_data);
-
- return rv;
-}
-
/* called from ssl3_HandleServerHelloDone
*/
static SECStatus
@@ -8921,8 +8933,6 @@ xmit_loser:
SECStatus
ssl3_FinishHandshake(sslSocket * ss)
{
- SECStatus rv;
-
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
PORT_Assert( ss->ssl3.hs.restartTarget == NULL );
@@ -8931,9 +8941,9 @@ ssl3_FinishHandshake(sslSocket * ss)
ss->handshake = NULL;
ss->firstHsDone = PR_TRUE;
- if (ss->sec.ci.sid->cached == never_cached &&
- !ss->opt.noCache && ss->sec.cache && ss->ssl3.hs.cacheSID) {
+ if (ss->ssl3.hs.cacheSID) {
(*ss->sec.cache)(ss->sec.ci.sid);
+ ss->ssl3.hs.cacheSID = PR_FALSE;
}
ss->ssl3.hs.ws = idle_handshake;
@@ -9310,17 +9320,18 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
SECStatus
ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
{
-const ssl3BulkCipherDef *cipher_def;
+ const ssl3BulkCipherDef *cipher_def;
ssl3CipherSpec * crSpec;
SECStatus rv;
- unsigned int hashBytes = MAX_MAC_LENGTH + 1;
+ unsigned int hashBytes = MAX_MAC_LENGTH + 1;
unsigned int padding_length;
PRBool isTLS;
- PRBool padIsBad = PR_FALSE;
+ PRBool padIsBad = PR_FALSE;
SSL3ContentType rType;
SSL3Opaque hash[MAX_MAC_LENGTH];
sslBuffer *plaintext;
sslBuffer temp_buf;
+ unsigned int ivLen = 0;
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
@@ -9353,6 +9364,52 @@ const ssl3BulkCipherDef *cipher_def;
ssl_GetSpecReadLock(ss); /******************************************/
crSpec = ss->ssl3.crSpec;
+ cipher_def = crSpec->cipher_def;
+
+ if (cipher_def->type == type_block &&
+ crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+ /* Consume the per-record explicit IV. RFC 4346 Section 6.2.3.2 states
+ * "The receiver decrypts the entire GenericBlockCipher structure and
+ * then discards the first cipher block corresponding to the IV
+ * component." Instead, we decrypt the first cipher block and then
+ * discard it before decrypting the rest.
+ */
+ SSL3Opaque iv[MAX_IV_LENGTH];
+ int decoded;
+
+ ivLen = cipher_def->iv_size;
+ if (ivLen < 8 || ivLen > sizeof(iv)) {
+ ssl_ReleaseSpecReadLock(ss);
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ if (ivLen > cText->buf->len) {
+ SSL_DBG(("%d: SSL3[%d]: HandleRecord, IV length check failed",
+ SSL_GETPID(), ss->fd));
+ /* must not hold spec lock when calling SSL3_SendAlert. */
+ ssl_ReleaseSpecReadLock(ss);
+ SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
+ /* always log mac error, in case attacker can read server logs. */
+ PORT_SetError(SSL_ERROR_BAD_MAC_READ);
+ return SECFailure;
+ }
+
+ PRINT_BUF(80, (ss, "IV (ciphertext):", cText->buf->buf, ivLen));
+
+ /* The decryption result is garbage, but since we just throw away
+ * the block it doesn't matter. The decryption of the next block
+ * depends only on the ciphertext of the IV block.
+ */
+ rv = crSpec->decode(crSpec->decodeContext, iv, &decoded,
+ sizeof(iv), cText->buf->buf, ivLen);
+
+ if (rv != SECSuccess) {
+ /* All decryption failures must be treated like a bad record
+ * MAC; see RFC 5246 (TLS 1.2).
+ */
+ padIsBad = PR_TRUE;
+ }
+ }
/* If we will be decompressing the buffer we need to decrypt somewhere
* other than into databuf */
@@ -9377,12 +9434,12 @@ const ssl3BulkCipherDef *cipher_def;
}
}
- PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf, cText->buf->len));
+ PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf + ivLen,
+ cText->buf->len - ivLen));
- cipher_def = crSpec->cipher_def;
isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0);
- if (isTLS && cText->buf->len > (MAX_FRAGMENT_LENGTH + 2048)) {
+ if (isTLS && cText->buf->len - ivLen > (MAX_FRAGMENT_LENGTH + 2048)) {
ssl_ReleaseSpecReadLock(ss);
SSL3_SendAlert(ss, alert_fatal, record_overflow);
PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
@@ -9392,7 +9449,7 @@ const ssl3BulkCipherDef *cipher_def;
/* decrypt from cText buf to plaintext. */
rv = crSpec->decode(
crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
- plaintext->space, cText->buf->buf, cText->buf->len);
+ plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen);
PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len));
if (rv != SECSuccess) {
@@ -9618,9 +9675,7 @@ ssl3_InitCipherSpec(sslSocket *ss, ssl3CipherSpec *spec)
spec->read_seq_num.high = 0;
spec->read_seq_num.low = 0;
- spec->version = ss->opt.enableTLS
- ? SSL_LIBRARY_VERSION_3_1_TLS
- : SSL_LIBRARY_VERSION_3_0;
+ spec->version = ss->vrange.max;
}
/* Called from: ssl3_SendRecord
@@ -9865,7 +9920,7 @@ ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size)
PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
return SECFailure;
}
- if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) {
+ if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
*size = 0;
return SECSuccess;
}
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index ef015fa..80c1f7f 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
+++ b/net/third_party/nss/ssl/ssl3ext.c
@@ -41,7 +41,7 @@
* ***** END LICENSE BLOCK ***** */
/* TLS extension code moved here from ssl3ecc.c */
-/* $Id: ssl3ext.c,v 1.21 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
+/* $Id: ssl3ext.c,v 1.22 2012/03/12 19:14:12 wtc%google.com Exp $ */
#include "nssrenam.h"
#include "nss.h"
diff --git a/net/third_party/nss/ssl/sslcon.c b/net/third_party/nss/ssl/sslcon.c
index 500ea5d..71030d7 100644
--- a/net/third_party/nss/ssl/sslcon.c
+++ b/net/third_party/nss/ssl/sslcon.c
@@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslcon.c,v 1.45 2011/11/19 21:58:21 bsmith%mozilla.com Exp $ */
+/* $Id: sslcon.c,v 1.48 2012/03/18 00:31:20 wtc%google.com Exp $ */
#include "nssrenam.h"
#include "cert.h"
@@ -277,12 +277,13 @@ ssl2_CheckConfigSanity(sslSocket *ss)
/* Ask how many ssl3 CipherSuites were enabled. */
rv = ssl3_ConstructV2CipherSpecsHack(ss, NULL, &ssl3CipherCount);
if (rv != SECSuccess || ssl3CipherCount <= 0) {
- ss->opt.enableSSL3 = PR_FALSE; /* not really enabled if no ciphers */
- ss->opt.enableTLS = PR_FALSE;
+ /* SSL3/TLS not really enabled if no ciphers */
+ ss->vrange.min = SSL_LIBRARY_VERSION_NONE;
+ ss->vrange.max = SSL_LIBRARY_VERSION_NONE;
}
- if (!ss->opt.enableSSL2 && !ss->opt.enableSSL3 && !ss->opt.enableTLS) {
- SSL_DBG(("%d: SSL[%d]: Can't handshake! both v2 and v3 disabled.",
+ if (!ss->opt.enableSSL2 && SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
+ SSL_DBG(("%d: SSL[%d]: Can't handshake! all versions disabled.",
SSL_GETPID(), ss->fd));
disabled:
PORT_SetError(SSL_ERROR_SSL_DISABLED);
@@ -1435,7 +1436,7 @@ ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient)
writeKey.data = 0;
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
- if(ss->sec.ci.sid == 0)
+ if (ss->sec.ci.sid == 0)
goto sec_loser; /* don't crash if asserts are off */
/* Trying to cut down on all these switch statements that should be tables.
@@ -1683,7 +1684,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits,
}
/* Make sure we're not subject to a version rollback attack. */
- if (ss->opt.enableSSL3 || ss->opt.enableTLS) {
+ if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
static const PRUint8 threes[8] = { 0x03, 0x03, 0x03, 0x03,
0x03, 0x03, 0x03, 0x03 };
@@ -2144,7 +2145,7 @@ ssl2_ClientSetupSessionCypher(sslSocket *ss, PRUint8 *cs, int csLen)
/* Set up the padding for version 2 rollback detection. */
/* XXX We should really use defines here */
- if (ss->opt.enableSSL3 || ss->opt.enableTLS) {
+ if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
PORT_Assert((modulusLen - rek.len) > 12);
PORT_Memset(eblock + modulusLen - rek.len - 8 - 1, 0x03, 8);
}
@@ -3051,16 +3052,20 @@ ssl2_BeginClientHandshake(sslSocket *ss)
ss->url);
}
while (sid) { /* this isn't really a loop */
+ PRBool sidVersionEnabled =
+ (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) &&
+ sid->version >= ss->vrange.min &&
+ sid->version <= ss->vrange.max) ||
+ (sid->version < SSL_LIBRARY_VERSION_3_0 && ss->opt.enableSSL2);
+
/* if we're not doing this SID's protocol any more, drop it. */
- if (((sid->version < SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableSSL2) ||
- ((sid->version == SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableSSL3) ||
- ((sid->version > SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableTLS)) {
+ if (!sidVersionEnabled) {
ss->sec.uncache(sid);
ssl_FreeSID(sid);
sid = NULL;
break;
}
- if (ss->opt.enableSSL2 && sid->version < SSL_LIBRARY_VERSION_3_0) {
+ if (sid->version < SSL_LIBRARY_VERSION_3_0) {
/* If the cipher in this sid is not enabled, drop it. */
for (i = 0; i < ss->sizeCipherSpecs; i += 3) {
if (ss->cipherSpecs[i] == sid->u.ssl2.cipherType)
@@ -3106,8 +3111,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
PORT_Assert(sid != NULL);
if ((sid->version >= SSL_LIBRARY_VERSION_3_0 || !ss->opt.v2CompatibleHello) &&
- (ss->opt.enableSSL3 || ss->opt.enableTLS)) {
-
+ !SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
ss->gs.state = GS_INIT;
ss->handshake = ssl_GatherRecord1stHandshake;
@@ -3157,14 +3161,9 @@ ssl2_BeginClientHandshake(sslSocket *ss)
/* Construct client-hello message */
cp = msg = ss->sec.ci.sendBuf.buf;
msg[0] = SSL_MT_CLIENT_HELLO;
- if ( ss->opt.enableTLS ) {
- ss->clientHelloVersion = SSL_LIBRARY_VERSION_3_1_TLS;
- } else if ( ss->opt.enableSSL3 ) {
- ss->clientHelloVersion = SSL_LIBRARY_VERSION_3_0;
- } else {
- ss->clientHelloVersion = SSL_LIBRARY_VERSION_2;
- }
-
+ ss->clientHelloVersion = SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) ?
+ SSL_LIBRARY_VERSION_2 : ss->vrange.max;
+
msg[1] = MSB(ss->clientHelloVersion);
msg[2] = LSB(ss->clientHelloVersion);
/* Add 3 for SCSV */
@@ -3381,7 +3380,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
*/
if ((data[0] == SSL_MT_CLIENT_HELLO) &&
(data[1] >= MSB(SSL_LIBRARY_VERSION_3_0)) &&
- (ss->opt.enableSSL3 || ss->opt.enableTLS)) {
+ !SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
rv = ssl3_HandleV2ClientHello(ss, data, ss->gs.recordLen);
if (rv != SECFailure) { /* Success */
ss->handshake = NULL;
diff --git a/net/third_party/nss/ssl/sslenum.c b/net/third_party/nss/ssl/sslenum.c
index b8aa8cc..70eee54 100644
--- a/net/third_party/nss/ssl/sslenum.c
+++ b/net/third_party/nss/ssl/sslenum.c
@@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslenum.c,v 1.17 2010/02/10 18:07:21 wtc%google.com Exp $ */
+/* $Id: sslenum.c,v 1.18 2012/03/06 00:26:31 wtc%google.com Exp $ */
#include "ssl.h"
#include "sslproto.h"
@@ -55,6 +55,9 @@
* Camellia without having to disable AES and RC4, which are needed for
* interoperability with clients that don't yet implement Camellia.
*
+ * The ordering of cipher suites in this table must match the ordering in
+ * the cipherSuites table in ssl3con.c.
+ *
* If new ECC cipher suites are added, also update the ssl3CipherSuite arrays
* in ssl3ecc.c.
*/
@@ -95,8 +98,8 @@ const PRUint16 SSL_ImplementedCiphers[] = {
#endif /* NSS_ENABLE_ECC */
TLS_RSA_WITH_SEED_CBC_SHA,
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
+ SSL_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_AES_128_CBC_SHA,
/* 112-bit 3DES */
diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
index 9be063b..33c809e 100644
--- a/net/third_party/nss/ssl/sslerr.h
+++ b/net/third_party/nss/ssl/sslerr.h
@@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslerr.h,v 1.19 2012/02/11 12:55:58 kaie%kuix.de Exp $ */
+/* $Id: sslerr.h,v 1.20 2012/03/11 04:32:35 wtc%google.com Exp $ */
#ifndef __SSL_ERR_H_
#define __SSL_ERR_H_
@@ -211,7 +211,9 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = (SSL_ERROR_BASE + 117),
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118),
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119),
-SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 120),
+SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120),
+
+SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 121),
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
diff --git a/net/third_party/nss/ssl/sslgathr.c b/net/third_party/nss/ssl/sslgathr.c
index 92c0e8a..3b864f6 100644
--- a/net/third_party/nss/ssl/sslgathr.c
+++ b/net/third_party/nss/ssl/sslgathr.c
@@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslgathr.c,v 1.12 2010/04/25 23:37:38 nelson%bolyard.com Exp $ */
+/* $Id: sslgathr.c,v 1.13 2012/03/11 04:32:35 wtc%google.com Exp $ */
#include "cert.h"
#include "ssl.h"
#include "sslimpl.h"
@@ -141,7 +141,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
/* Probably finished this piece */
switch (gs->state) {
case GS_HEADER:
- if ((ss->opt.enableSSL3 || ss->opt.enableTLS) && !ss->firstHsDone) {
+ if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) && !ss->firstHsDone) {
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
@@ -185,7 +185,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
return SECFailure;
}
}
- } /* ((ss->opt.enableSSL3 || ss->opt.enableTLS) && !ss->firstHsDone) */
+ }
/* we've got the first 3 bytes. The header may be two or three. */
if (gs->hdr[0] & 0x80) {
@@ -453,7 +453,6 @@ static SECStatus
ssl2_HandleV3HandshakeRecord(sslSocket *ss)
{
SECStatus rv;
- SSL3ProtocolVersion version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
@@ -472,7 +471,8 @@ ssl2_HandleV3HandshakeRecord(sslSocket *ss)
** ssl_GatherRecord1stHandshake to invoke ssl3_GatherCompleteHandshake()
** the next time it is called.
**/
- rv = ssl3_NegotiateVersion(ss, version);
+ rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED,
+ PR_TRUE);
if (rv != SECSuccess) {
return rv;
}
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
index e0e53e1..5f5ddbc 100644
--- a/net/third_party/nss/ssl/sslimpl.h
+++ b/net/third_party/nss/ssl/sslimpl.h
@@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslimpl.h,v 1.94 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
+/* $Id: sslimpl.h,v 1.100 2012/03/18 00:31:20 wtc%google.com Exp $ */
#ifndef __sslimpl_h_
#define __sslimpl_h_
@@ -333,8 +333,8 @@ typedef struct sslOptionsStr {
unsigned int handshakeAsClient : 1; /* 6 */
unsigned int handshakeAsServer : 1; /* 7 */
unsigned int enableSSL2 : 1; /* 8 */
- unsigned int enableSSL3 : 1; /* 9 */
- unsigned int enableTLS : 1; /* 10 */
+ unsigned int unusedBit9 : 1; /* 9 */
+ unsigned int unusedBit10 : 1; /* 10 */
unsigned int noCache : 1; /* 11 */
unsigned int fdx : 1; /* 12 */
unsigned int v2CompatibleHello : 1; /* 13 */
@@ -510,7 +510,8 @@ typedef enum {
typedef enum { type_stream, type_block } CipherType;
-#define MAX_IV_LENGTH 64
+/* This value matches the size of IVs in ssl3SidKeys. */
+#define MAX_IV_LENGTH 24
/*
* Do not depend upon 64 bit arithmetic in the underlying machine.
@@ -1052,7 +1053,6 @@ struct sslSecurityInfoStr {
};
-
/*
** SSL Socket struct
**
@@ -1066,6 +1066,8 @@ struct sslSocketStr {
/* SSL socket options */
sslOptions opt;
+ /* Enabled version range */
+ SSLVersionRange vrange;
/* State flags */
unsigned long clientAuthRequested;
@@ -1382,6 +1384,24 @@ extern PRBool ssl3_CanFalseStart(sslSocket *ss);
#define ssl_HaveXmitBufLock(ss) \
(PZ_InMonitor((ss)->xmitBufLock))
+/* Placeholder value used in version ranges when SSL 3.0 and all
+ * versions of TLS are disabled.
+ */
+#define SSL_LIBRARY_VERSION_NONE 0
+
+/* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version
+ * of libssl supports. Applications should use SSL_VersionRangeGetSupported at
+ * runtime to determine which versions are supported by the version of libssl
+ * in use.
+ */
+#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_1
+
+/* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */
+#define SSL3_ALL_VERSIONS_DISABLED(vrange) \
+ ((vrange)->min == SSL_LIBRARY_VERSION_NONE)
+
+extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
+ SSL3ProtocolVersion version);
extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec,
const unsigned char * cr, const unsigned char * sr,
@@ -1515,7 +1535,8 @@ extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
extern void ssl3_DestroySSL3Info(sslSocket *ss);
extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
- SSL3ProtocolVersion peerVersion);
+ SSL3ProtocolVersion peerVersion,
+ PRBool allowLargerPeerVersion);
extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c
index 5148364..0cb46d6 100644
--- a/net/third_party/nss/ssl/sslinfo.c
+++ b/net/third_party/nss/ssl/sslinfo.c
@@ -35,7 +35,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslinfo.c,v 1.24 2010/09/02 01:12:57 wtc%google.com Exp $ */
+/* $Id: sslinfo.c,v 1.28 2012/03/14 00:56:43 wtc%google.com Exp $ */
#include "ssl.h"
#include "sslimpl.h"
#include "sslproto.h"
@@ -181,8 +181,8 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
{0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
+{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
@@ -317,6 +317,46 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite)
return PR_FALSE;
}
+SECItem*
+SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
+{
+ SECItem *sniName = NULL;
+ sslSocket *ss;
+ char *name = NULL;
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo",
+ SSL_GETPID(), fd));
+ return NULL;
+ }
+
+ if (ss->sec.isServer) {
+ if (ss->version > SSL_LIBRARY_VERSION_3_0 &&
+ ss->ssl3.initialized) { /* TLS */
+ SECItem *crsName;
+ ssl_GetSpecReadLock(ss); /*********************************/
+ crsName = &ss->ssl3.crSpec->srvVirtName;
+ if (crsName->data) {
+ sniName = SECITEM_DupItem(crsName);
+ }
+ ssl_ReleaseSpecReadLock(ss); /*----------------------------*/
+ }
+ return sniName;
+ }
+ name = SSL_RevealURL(fd);
+ if (name) {
+ sniName = PORT_ZNew(SECItem);
+ if (!sniName) {
+ PORT_Free(name);
+ return NULL;
+ }
+ sniName->data = (void*)name;
+ sniName->len = PORT_Strlen(name);
+ }
+ return sniName;
+}
+
SECStatus
SSL_ExportKeyingMaterial(PRFileDesc *fd,
const char *label, unsigned int labelLen,
@@ -379,43 +419,3 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
PORT_ZFree(val, valLen);
return rv;
}
-
-SECItem*
-SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
-{
- SECItem *sniName = NULL;
- sslSocket *ss;
- char *name = NULL;
-
- ss = ssl_FindSocket(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo",
- SSL_GETPID(), fd));
- return NULL;
- }
-
- if (ss->sec.isServer) {
- if (ss->version > SSL_LIBRARY_VERSION_3_0 &&
- ss->ssl3.initialized) { /* TLS */
- SECItem *crsName;
- ssl_GetSpecReadLock(ss); /*********************************/
- crsName = &ss->ssl3.crSpec->srvVirtName;
- if (crsName->data) {
- sniName = SECITEM_DupItem(crsName);
- }
- ssl_ReleaseSpecReadLock(ss); /*----------------------------*/
- }
- return sniName;
- }
- name = SSL_RevealURL(fd);
- if (name) {
- sniName = PORT_ZNew(SECItem);
- if (!sniName) {
- PORT_Free(name);
- return NULL;
- }
- sniName->data = (void*)name;
- sniName->len = PORT_Strlen(name);
- }
- return sniName;
-}
diff --git a/net/third_party/nss/ssl/sslproto.h b/net/third_party/nss/ssl/sslproto.h
index b534d0b..985b097 100644
--- a/net/third_party/nss/ssl/sslproto.h
+++ b/net/third_party/nss/ssl/sslproto.h
@@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslproto.h,v 1.15 2010/02/16 18:56:48 wtc%google.com Exp $ */
+/* $Id: sslproto.h,v 1.17 2012/03/13 02:39:11 wtc%google.com Exp $ */
#ifndef __sslproto_h_
#define __sslproto_h_
@@ -47,7 +47,11 @@
/* All versions less than 3_0 are treated as SSL version 2 */
#define SSL_LIBRARY_VERSION_2 0x0002
#define SSL_LIBRARY_VERSION_3_0 0x0300
-#define SSL_LIBRARY_VERSION_3_1_TLS 0x0301
+#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
+#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
+
+/* deprecated old name */
+#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
/* Header lengths of some of the messages */
#define SSL_HL_ERROR_HBYTES 3
diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c
index 16fd203..a0e410b 100644
--- a/net/third_party/nss/ssl/sslsecur.c
+++ b/net/third_party/nss/ssl/sslsecur.c
@@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslsecur.c,v 1.57 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
+/* $Id: sslsecur.c,v 1.58 2012/03/01 18:36:35 kaie%kuix.de Exp $ */
#include "cert.h"
#include "secitem.h"
#include "keyhi.h"
@@ -1408,7 +1408,7 @@ SSL_InvalidateSession(PRFileDesc *fd)
ssl_Get1stHandshakeLock(ss);
ssl_GetSSL3HandshakeLock(ss);
- if (ss->sec.ci.sid) {
+ if (ss->sec.ci.sid && ss->sec.uncache) {
ss->sec.uncache(ss->sec.ci.sid);
rv = SECSuccess;
}
diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
index 9812549..a91412b 100644
--- a/net/third_party/nss/ssl/sslsock.c
+++ b/net/third_party/nss/ssl/sslsock.c
@@ -40,7 +40,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslsock.c,v 1.82 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
+/* $Id: sslsock.c,v 1.86 2012/03/18 00:31:20 wtc%google.com Exp $ */
#include "seccomon.h"
#include "cert.h"
#include "keyhi.h"
@@ -171,8 +171,8 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* handshakeAsClient */
PR_FALSE, /* handshakeAsServer */
PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
- PR_TRUE, /* enableSSL3 */
- PR_TRUE, /* enableTLS */ /* now defaults to on in NSS 3.0 */
+ PR_FALSE, /* unusedBit9 */
+ PR_FALSE, /* unusedBit10 */
PR_FALSE, /* noCache */
PR_FALSE, /* fdx */
PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
@@ -191,6 +191,14 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* encryptClientCerts */
};
+/*
+ * default range of enabled SSL/TLS protocols
+ */
+static SSLVersionRange versions_defaults = {
+ SSL_LIBRARY_VERSION_3_0,
+ SSL_LIBRARY_VERSION_TLS_1_0
+};
+
sslSessionIDLookupFunc ssl_sid_lookup;
sslSessionIDCacheFunc ssl_sid_cache;
sslSessionIDUncacheFunc ssl_sid_uncache;
@@ -277,6 +285,7 @@ ssl_DupSocket(sslSocket *os)
if (ss) {
ss->opt = os->opt;
ss->opt.useSocks = PR_FALSE;
+ ss->vrange = os->vrange;
ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
ss->url = !os->url ? NULL : PORT_Strdup(os->url);
@@ -569,6 +578,68 @@ static PRStatus SSL_BypassSetup(void)
return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
}
+/* Implements the semantics for SSL_OptionSet(SSL_ENABLE_TLS, on) described in
+ * ssl.h in the section "SSL version range setting API".
+ */
+static void
+ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
+{
+ if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
+ if (on) {
+ vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
+ vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
+ } /* else don't change anything */
+ return;
+ }
+
+ if (on) {
+ /* Expand the range of enabled version to include TLS 1.0 */
+ vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
+ vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
+ } else {
+ /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
+ if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
+ vrange->max = SSL_LIBRARY_VERSION_3_0;
+ } else {
+ /* Only TLS was enabled, so now no versions are. */
+ vrange->min = SSL_LIBRARY_VERSION_NONE;
+ vrange->max = SSL_LIBRARY_VERSION_NONE;
+ }
+ }
+}
+
+/* Implements the semantics for SSL_OptionSet(SSL_ENABLE_SSL3, on) described in
+ * ssl.h in the section "SSL version range setting API".
+ */
+static void
+ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
+{
+ if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
+ if (on) {
+ vrange->min = SSL_LIBRARY_VERSION_3_0;
+ vrange->max = SSL_LIBRARY_VERSION_3_0;
+ } /* else don't change anything */
+ return;
+ }
+
+ if (on) {
+ /* Expand the range of enabled versions to include SSL 3.0. We know
+ * SSL 3.0 or some version of TLS is already enabled at this point, so
+ * we don't need to change vrange->max.
+ */
+ vrange->min = SSL_LIBRARY_VERSION_3_0;
+ } else {
+ /* Disable SSL 3.0, leaving TLS unaffected. */
+ if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
+ vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
+ } else {
+ /* Only SSL 3.0 was enabled, so now no versions are. */
+ vrange->min = SSL_LIBRARY_VERSION_NONE;
+ vrange->max = SSL_LIBRARY_VERSION_NONE;
+ }
+ }
+}
+
SECStatus
SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
{
@@ -627,7 +698,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
break;
case SSL_ENABLE_TLS:
- ss->opt.enableTLS = on;
+ ssl_EnableTLS(&ss->vrange, on);
ss->preferredCipher = NULL;
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
@@ -637,7 +708,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
break;
case SSL_ENABLE_SSL3:
- ss->opt.enableSSL3 = on;
+ ssl_EnableSSL3(&ss->vrange, on);
ss->preferredCipher = NULL;
if (ss->cipherSpecs) {
PORT_Free(ss->cipherSpecs);
@@ -805,8 +876,12 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
case SSL_REQUIRE_CERTIFICATE: on = ss->opt.requireCertificate; break;
case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break;
case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break;
- case SSL_ENABLE_TLS: on = ss->opt.enableTLS; break;
- case SSL_ENABLE_SSL3: on = ss->opt.enableSSL3; break;
+ case SSL_ENABLE_TLS:
+ on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+ break;
+ case SSL_ENABLE_SSL3:
+ on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
+ break;
case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break;
case SSL_NO_CACHE: on = ss->opt.noCache; break;
case SSL_ENABLE_FDX: on = ss->opt.fdx; break;
@@ -862,8 +937,12 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break;
case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break;
case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break;
- case SSL_ENABLE_TLS: on = ssl_defaults.enableTLS; break;
- case SSL_ENABLE_SSL3: on = ssl_defaults.enableSSL3; break;
+ case SSL_ENABLE_TLS:
+ on = versions_defaults.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+ break;
+ case SSL_ENABLE_SSL3:
+ on = versions_defaults.min == SSL_LIBRARY_VERSION_3_0;
+ break;
case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break;
case SSL_NO_CACHE: on = ssl_defaults.noCache; break;
case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break;
@@ -955,11 +1034,11 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
break;
case SSL_ENABLE_TLS:
- ssl_defaults.enableTLS = on;
+ ssl_EnableTLS(&versions_defaults, on);
break;
case SSL_ENABLE_SSL3:
- ssl_defaults.enableSSL3 = on;
+ ssl_EnableSSL3(&versions_defaults, on);
break;
case SSL_ENABLE_SSL2:
@@ -1493,6 +1572,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
}
ss->opt = sm->opt;
+ ss->vrange = sm->vrange;
PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
if (!ss->opt.useSecurity) {
@@ -1583,6 +1663,125 @@ loser:
#endif
}
+PRBool
+ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
+ SSL3ProtocolVersion version)
+{
+ return protocolVariant == ssl_variant_stream &&
+ version >= SSL_LIBRARY_VERSION_3_0 &&
+ version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED;
+}
+
+/* Returns PR_TRUE if the given version range is valid and
+** fully supported; otherwise, returns PR_FALSE.
+*/
+static PRBool
+ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
+ const SSLVersionRange *vrange)
+{
+ return vrange &&
+ vrange->min <= vrange->max &&
+ ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
+ ssl3_VersionIsSupported(protocolVariant, vrange->max);
+}
+
+SECStatus
+SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
+ SSLVersionRange *vrange)
+{
+ if (protocolVariant != ssl_variant_stream || !vrange) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ vrange->min = SSL_LIBRARY_VERSION_3_0;
+ vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
+
+ return SECSuccess;
+}
+
+SECStatus
+SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
+ SSLVersionRange *vrange)
+{
+ if (protocolVariant != ssl_variant_stream || !vrange) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ *vrange = versions_defaults;
+
+ return SECSuccess;
+}
+
+SECStatus
+SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
+ const SSLVersionRange *vrange)
+{
+ if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
+ PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+ return SECFailure;
+ }
+
+ versions_defaults = *vrange;
+
+ return SECSuccess;
+}
+
+SECStatus
+SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
+{
+ sslSocket *ss = ssl_FindSocket(fd);
+
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
+ SSL_GETPID(), fd));
+ return SECFailure;
+ }
+
+ if (!vrange) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ ssl_Get1stHandshakeLock(ss);
+ ssl_GetSSL3HandshakeLock(ss);
+
+ *vrange = ss->vrange;
+
+ ssl_ReleaseSSL3HandshakeLock(ss);
+ ssl_Release1stHandshakeLock(ss);
+
+ return SECSuccess;
+}
+
+SECStatus
+SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
+{
+ sslSocket *ss = ssl_FindSocket(fd);
+
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
+ SSL_GETPID(), fd));
+ return SECFailure;
+ }
+
+ if (!ssl3_VersionRangeIsValid(ssl_variant_stream, vrange)) {
+ PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+ return SECFailure;
+ }
+
+ ssl_Get1stHandshakeLock(ss);
+ ssl_GetSSL3HandshakeLock(ss);
+
+ ss->vrange = *vrange;
+
+ ssl_ReleaseSSL3HandshakeLock(ss);
+ ssl_Release1stHandshakeLock(ss);
+
+ return SECSuccess;
+}
+
SECStatus
SSL_GetStapledOCSPResponse(PRFileDesc *fd, unsigned char *out_data,
unsigned int *len) {
@@ -2652,6 +2851,7 @@ ssl_NewSocket(PRBool makeLocks)
ss->opt = ssl_defaults;
ss->opt.useSocks = PR_FALSE;
ss->opt.noLocks = !makeLocks;
+ ss->vrange = versions_defaults;
ss->peerID = NULL;
ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
diff --git a/net/third_party/nss/ssl/sslt.h b/net/third_party/nss/ssl/sslt.h
index 3535c06..af15414 100644
--- a/net/third_party/nss/ssl/sslt.h
+++ b/net/third_party/nss/ssl/sslt.h
@@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslt.h,v 1.18 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
+/* $Id: sslt.h,v 1.20 2012/03/16 01:23:55 wtc%google.com Exp $ */
#ifndef __sslt_h_
#define __sslt_h_
@@ -190,6 +190,15 @@ typedef struct SSLCipherSuiteInfoStr {
} SSLCipherSuiteInfo;
typedef enum {
+ ssl_variant_stream = 0
+} SSLProtocolVariant;
+
+typedef struct SSLVersionRangeStr {
+ PRUint16 min;
+ PRUint16 max;
+} SSLVersionRange;
+
+typedef enum {
SSL_sni_host_name = 0,
SSL_sni_type_total
} SSLSniNameType;