diff options
author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-20 02:08:06 +0000 |
---|---|---|
committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-20 02:08:06 +0000 |
commit | dbeb2ce969f735a4ff7af5111a381d05ec7a5ea5 (patch) | |
tree | 14675eca37b0df9f24129c08b0f37e6699d2ebb8 /net/third_party | |
parent | 944dfa8e08e7bc93400b4fa9ef83fdcd82f63a74 (diff) | |
download | chromium_src-dbeb2ce969f735a4ff7af5111a381d05ec7a5ea5.zip chromium_src-dbeb2ce969f735a4ff7af5111a381d05ec7a5ea5.tar.gz chromium_src-dbeb2ce969f735a4ff7af5111a381d05ec7a5ea5.tar.bz2 |
Update NSS to NSS 3.13.4 pre-release snapshot 20120319.
This includes two changes required for Eric Rescorla's DTLS patch:
- the new SSL version range API
- TLS 1.1
clang-sslcon.patch, nextprotocleanup.patch, secret_exporter.patch,
and secret_exporter2.patch are removed because they have been checked
in.
R=rsleevi@chromium.org
BUG=118983
TEST=no build or test errors.
Review URL: http://codereview.chromium.org/9733012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127618 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
23 files changed, 705 insertions, 879 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium index dd8c15d..864784e 100644 --- a/net/third_party/nss/README.chromium +++ b/net/third_party/nss/README.chromium @@ -1,12 +1,12 @@ Name: Network Security Services (NSS) URL: http://www.mozilla.org/projects/security/pki/nss/ -Version: 3.13.3 +Version: 3.13.4 pre-release snapshot 20120319 Security Critical: Yes This directory includes a copy of NSS's libssl from the CVS repo at: :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot -The snapshot was updated to the CVS tag: NSS_3_13_3_RTM +The snapshot was updated to the CVS tag: NSS_SSL_3_13_4_20120319_TAG Patches: @@ -42,14 +42,9 @@ Patches: * Support origin bound certificates. http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt + https://bugzilla.mozilla.org/show_bug.cgi?id=680292 patches/origin_bound_certs.patch - * Add a function to implement RFC 5705: Keying Material Exporters for TLS - This is a reworked version of the patch from - https://bugzilla.mozilla.org/show_bug.cgi?id=507359 - patches/secret_exporter.patch - patches/secret_exporter2.patch - * Add a function to restart a handshake after a client certificate request. patches/restartclientauth.patch @@ -66,15 +61,6 @@ Patches: https://bugzilla.mozilla.org/show_bug.cgi?id=51413 patches/getrequestedclientcerttypes.patch - * Fixed a clang warning in sslcon.c. - https://bugzilla.mozilla.org/show_bug.cgi?id=728919 - patches/clang-sslcon.patch - - * Fix a buffer length bug and miscellaneous nits in the next protocol - negotiation (NPN) functions. - https://bugzilla.mozilla.org/show_bug.cgi?id=734534 - patches/nextprotocleanup.patch - Apply the patches to NSS by running the patches/applypatches.sh script. Read the comments at the top of patches/applypatches.sh for instructions. diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh index 1356eab..d826b29 100755 --- a/net/third_party/nss/patches/applypatches.sh +++ b/net/third_party/nss/patches/applypatches.sh @@ -25,18 +25,10 @@ patch -p6 < $patches_dir/didhandshakeresume.patch patch -p6 < $patches_dir/origin_bound_certs.patch -patch -p6 < $patches_dir/secret_exporter.patch - patch -p6 < $patches_dir/negotiatedextension.patch patch -p6 < $patches_dir/getrequestedclientcerttypes.patch -patch -p5 < $patches_dir/clang-sslcon.patch - patch -p6 < $patches_dir/restartclientauth.patch patch -p6 < $patches_dir/encryptedclientcerts.patch - -patch -p5 < $patches_dir/nextprotocleanup.patch - -patch -p4 < $patches_dir/secret_exporter2.patch diff --git a/net/third_party/nss/patches/clang-sslcon.patch b/net/third_party/nss/patches/clang-sslcon.patch deleted file mode 100644 index e7a9de6..0000000 --- a/net/third_party/nss/patches/clang-sslcon.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/net/third_party/nss/ssl/sslcon.c b/net/third_party/nss/ssl/sslcon.c -index 4e34554..be626a4 100644 ---- a/net/third_party/nss/ssl/sslcon.c -+++ b/net/third_party/nss/ssl/sslcon.c -@@ -1440,7 +1440,7 @@ ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient) - writeKey.data = 0; - - PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); -- if((ss->sec.ci.sid == 0)) -+ if(ss->sec.ci.sid == 0) - goto sec_loser; /* don't crash if asserts are off */ - - /* Trying to cut down on all these switch statements that should be tables. diff --git a/net/third_party/nss/patches/encryptedclientcerts.patch b/net/third_party/nss/patches/encryptedclientcerts.patch index 7612092..35ea585 100644 --- a/net/third_party/nss/patches/encryptedclientcerts.patch +++ b/net/third_party/nss/patches/encryptedclientcerts.patch @@ -1,7 +1,7 @@ -diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h ---- a/src/net/third_party/nss/ssl/ssl.h 2012-02-29 19:15:20.975171099 -0800 -+++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-29 19:18:21.947702106 -0800 -@@ -169,6 +169,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi +diff -pu -r a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h +--- a/src/net/third_party/nss/ssl/ssl.h 2012-03-19 13:49:12.517522610 -0700 ++++ b/src/net/third_party/nss/ssl/ssl.h 2012-03-19 13:49:29.507749795 -0700 +@@ -186,6 +186,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi #define SSL_CBC_RANDOM_IV 23 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ #define SSL_ENABLE_OB_CERTS 25 /* Enable origin bound certs. */ @@ -9,9 +9,9 @@ diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ -diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h ---- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 19:15:20.975171099 -0800 -+++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 19:19:26.478604857 -0800 +diff -pu -r a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h +--- a/src/net/third_party/nss/ssl/sslimpl.h 2012-03-19 13:49:12.557523144 -0700 ++++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-03-19 13:49:29.507749795 -0700 @@ -350,6 +350,7 @@ typedef struct sslOptionsStr { unsigned int cbcRandomIV : 1; /* 24 */ unsigned int enableOCSPStapling : 1; /* 25 */ @@ -20,10 +20,10 @@ diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s } sslOptions; typedef enum { sslHandshakingUndetermined = 0, -diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c ---- a/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 19:15:20.975171099 -0800 -+++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 20:00:15.851981917 -0800 -@@ -2863,7 +2863,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket * +diff -pu -r a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c +--- a/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 13:49:12.527522744 -0700 ++++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 13:49:29.507749795 -0700 +@@ -2882,7 +2882,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket * ss->ssl3.prSpec = ss->ssl3.crSpec; ss->ssl3.crSpec = prSpec; @@ -39,7 +39,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending", SSL_GETPID(), ss->fd )); -@@ -4877,10 +4884,11 @@ loser: +@@ -4898,10 +4905,11 @@ loser: static SECStatus ssl3_SendCertificateVerify(sslSocket *ss) { @@ -55,7 +55,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); -@@ -4889,13 +4897,17 @@ ssl3_SendCertificateVerify(sslSocket *ss +@@ -4910,13 +4918,17 @@ ssl3_SendCertificateVerify(sslSocket *ss SSL_GETPID(), ss->fd)); ssl_GetSpecReadLock(ss); @@ -75,7 +75,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s if (ss->ssl3.platformClientKey) { #ifdef NSS_PLATFORM_CLIENT_AUTH rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey, -@@ -5912,6 +5924,10 @@ ssl3_SendClientSecondRound(sslSocket *ss +@@ -5924,6 +5936,10 @@ ssl3_SendClientSecondRound(sslSocket *ss { SECStatus rv; PRBool sendClientCert; @@ -86,7 +86,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); -@@ -5958,35 +5974,40 @@ ssl3_SendClientSecondRound(sslSocket *ss +@@ -5970,35 +5986,40 @@ ssl3_SendClientSecondRound(sslSocket *ss ssl_GetXmitBufLock(ss); /*******************************/ @@ -152,7 +152,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s } /* XXX: If the server's certificate hasn't been authenticated by this -@@ -6201,8 +6222,13 @@ ssl3_SendServerHelloSequence(sslSocket * +@@ -6213,8 +6234,13 @@ ssl3_SendServerHelloSequence(sslSocket * return rv; /* err code is set. */ } @@ -168,7 +168,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s return SECSuccess; } -@@ -7446,7 +7472,11 @@ ssl3_HandleCertificateVerify(sslSocket * +@@ -7458,7 +7484,11 @@ ssl3_HandleCertificateVerify(sslSocket * desc = isTLS ? decode_error : illegal_parameter; goto alert_loser; /* malformed */ } @@ -181,7 +181,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s return SECSuccess; alert_loser: -@@ -8346,7 +8376,11 @@ ssl3_HandleCertificate(sslSocket *ss, SS +@@ -8358,7 +8388,11 @@ ssl3_HandleCertificate(sslSocket *ss, SS } } else { server_no_cert: @@ -194,7 +194,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s } PORT_Assert(rv == SECSuccess); -@@ -8959,6 +8993,8 @@ ssl3_HandleHandshakeMessage(sslSocket *s +@@ -8968,6 +9002,8 @@ ssl3_HandleHandshakeMessage(sslSocket *s if (type == finished) { sender = ss->sec.isServer ? sender_client : sender_server; rSpec = ss->ssl3.crSpec; @@ -203,9 +203,9 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s } rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); } -diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c ---- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-29 17:12:15.720044263 -0800 -+++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-29 20:00:15.851981917 -0800 +diff -pu -r a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c +--- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-03-19 12:50:32.610015524 -0700 ++++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-03-19 13:49:29.507749795 -0700 @@ -84,6 +84,12 @@ static SECStatus ssl3_ServerHandleNextPr PRUint16 ex_type, SECItem *data); static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, @@ -243,7 +243,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_ob_cert_xtn, &ssl3_SendOBCertXtn } -@@ -1083,6 +1092,18 @@ ssl3_ClientHandleSessionTicketXtn(sslSoc +@@ -1082,6 +1091,18 @@ ssl3_ClientHandleSessionTicketXtn(sslSoc return SECSuccess; } @@ -262,7 +262,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) -@@ -1496,6 +1517,24 @@ loser: +@@ -1495,6 +1516,24 @@ loser: return rv; } @@ -287,7 +287,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s /* * Read bytes. Using this function means the SECItem structure * cannot be freed. The caller is expected to call this function -@@ -1695,6 +1734,33 @@ ssl3_SendRenegotiationInfoXtn( +@@ -1694,6 +1733,33 @@ ssl3_SendRenegotiationInfoXtn( return needed; } @@ -321,9 +321,9 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s /* This function runs in both the client and server. */ static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) -diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c ---- a/src/net/third_party/nss/ssl/sslsock.c 2012-02-29 17:49:08.431530583 -0800 -+++ b/src/net/third_party/nss/ssl/sslsock.c 2012-02-29 20:00:15.851981917 -0800 +diff -pu -r a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c +--- a/src/net/third_party/nss/ssl/sslsock.c 2012-03-19 12:59:07.586991902 -0700 ++++ b/src/net/third_party/nss/ssl/sslsock.c 2012-03-19 13:49:29.517749929 -0700 @@ -188,6 +188,7 @@ static sslOptions ssl_defaults = { PR_TRUE, /* cbcRandomIV */ PR_FALSE, /* enableOCSPStapling */ @@ -331,8 +331,8 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s + PR_FALSE, /* encryptClientCerts */ }; - sslSessionIDLookupFunc ssl_sid_lookup; -@@ -755,6 +756,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh + /* +@@ -826,6 +827,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh ss->opt.enableOBCerts = on; break; @@ -343,7 +343,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; -@@ -822,6 +827,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh +@@ -897,6 +902,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; case SSL_ENABLE_OB_CERTS: on = ss->opt.enableOBCerts; break; @@ -352,7 +352,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s default: PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -880,6 +887,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBo +@@ -959,6 +966,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBo on = ssl_defaults.enableOCSPStapling; break; case SSL_ENABLE_OB_CERTS: on = ssl_defaults.enableOBCerts; break; @@ -361,7 +361,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s default: PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -1047,6 +1056,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo +@@ -1126,6 +1135,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo ssl_defaults.enableOBCerts = on; break; @@ -372,10 +372,10 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s default: PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; -diff -up a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h ---- a/src/net/third_party/nss/ssl/sslt.h 2012-02-29 17:12:15.780045080 -0800 -+++ b/src/net/third_party/nss/ssl/sslt.h 2012-02-29 19:34:43.921452065 -0800 -@@ -205,10 +205,11 @@ typedef enum { +diff -pu -r a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h +--- a/src/net/third_party/nss/ssl/sslt.h 2012-03-19 12:50:32.610015524 -0700 ++++ b/src/net/third_party/nss/ssl/sslt.h 2012-03-19 13:49:29.517749929 -0700 +@@ -214,10 +214,11 @@ typedef enum { #endif ssl_session_ticket_xtn = 35, ssl_next_proto_nego_xtn = 13172, diff --git a/net/third_party/nss/patches/nextprotocleanup.patch b/net/third_party/nss/patches/nextprotocleanup.patch deleted file mode 100644 index 046b937..0000000 --- a/net/third_party/nss/patches/nextprotocleanup.patch +++ /dev/null @@ -1,83 +0,0 @@ -Index: mozilla/security/nss/lib/ssl/ssl3ext.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3ext.c,v -retrieving revision 1.21 -diff -u -p -r1.21 ssl3ext.c ---- mozilla/security/nss/lib/ssl/ssl3ext.c 15 Feb 2012 21:52:08 -0000 1.21 -+++ mozilla/security/nss/lib/ssl/ssl3ext.c 10 Mar 2012 00:01:26 -0000 -@@ -592,10 +592,7 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc - unsigned char resultBuffer[255]; - SECItem result = { siBuffer, resultBuffer, 0 }; - -- if (ss->firstHsDone) { -- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); -- return SECFailure; -- } -+ PORT_Assert(!ss->firstHsDone); - - rv = ssl3_ValidateNextProtoNego(data->data, data->len); - if (rv != SECSuccess) -@@ -607,6 +604,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc - */ - PORT_Assert(ss->nextProtoCallback != NULL); - if (!ss->nextProtoCallback) { -+ /* XXX Use a better error code. This is an application error, not an -+ * NSS bug. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } -@@ -617,7 +616,7 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc - return rv; - /* If the callback wrote more than allowed to |result| it has corrupted our - * stack. */ -- if (result.len > sizeof result) { -+ if (result.len > sizeof resultBuffer) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } -Index: mozilla/security/nss/lib/ssl/sslsock.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v -retrieving revision 1.82 -diff -u -p -r1.82 sslsock.c ---- mozilla/security/nss/lib/ssl/sslsock.c 15 Feb 2012 21:52:08 -0000 1.82 -+++ mozilla/security/nss/lib/ssl/sslsock.c 10 Mar 2012 00:01:26 -0000 -@@ -1303,7 +1303,7 @@ SSL_SetNextProtoCallback(PRFileDesc *fd, - return SECSuccess; - } - --/* NextProtoStandardCallback is set as an NPN callback for the case when -+/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when - * SSL_SetNextProtoNego is used. - */ - static SECStatus -@@ -1349,12 +1349,12 @@ pick_first: - result = ss->opt.nextProtoNego.data; - - found: -- *protoOutLen = result[0]; - if (protoMaxLen < result[0]) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } - memcpy(protoOut, result + 1, result[0]); -+ *protoOutLen = result[0]; - return SECSuccess; - } - -@@ -1408,13 +1408,12 @@ SSL_GetNextProto(PRFileDesc *fd, SSLNext - - if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT && - ss->ssl3.nextProto.data) { -- *bufLen = ss->ssl3.nextProto.len; -- if (*bufLen > bufLenMax) { -+ if (ss->ssl3.nextProto.len > bufLenMax) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); -- *bufLen = 0; - return SECFailure; - } - PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); -+ *bufLen = ss->ssl3.nextProto.len; - } else { - *bufLen = 0; - } diff --git a/net/third_party/nss/patches/ocspstapling.patch b/net/third_party/nss/patches/ocspstapling.patch index fb6dad3..af01ca3 100644 --- a/net/third_party/nss/patches/ocspstapling.patch +++ b/net/third_party/nss/patches/ocspstapling.patch @@ -1,7 +1,7 @@ -diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h ---- a/src/net/third_party/nss/ssl/ssl.h 2012-02-28 18:34:23.263186340 -0800 -+++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-28 18:47:14.683775498 -0800 -@@ -167,6 +167,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi +diff -pu -r a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h +--- a/src/net/third_party/nss/ssl/ssl.h 2012-03-19 14:34:10.103984357 -0700 ++++ b/src/net/third_party/nss/ssl/ssl.h 2012-03-19 14:34:51.624539293 -0700 +@@ -184,6 +184,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi * accept fragmented alerts). */ #define SSL_CBC_RANDOM_IV 23 @@ -9,7 +9,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ -@@ -347,6 +348,23 @@ SSL_IMPORT SECStatus SSL_PeerCertificate +@@ -435,6 +436,23 @@ SSL_IMPORT SECStatus SSL_PeerCertificate PRFileDesc *fd, CERTCertificate **certs, unsigned int *numCerts, unsigned int maxNumCerts); @@ -33,10 +33,10 @@ diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h /* ** Authenticate certificate hook. Called when a certificate comes in ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the -diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c ---- a/src/net/third_party/nss/ssl/ssl3con.c 2012-02-28 17:48:46.326209244 -0800 -+++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-02-28 19:12:51.845953454 -0800 -@@ -7887,6 +7887,57 @@ ssl3_CopyPeerCertsToSID(ssl3CertNode *ce +diff -pu -r a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c +--- a/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 14:34:10.093984221 -0700 ++++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 14:34:51.624539293 -0700 +@@ -7899,6 +7899,57 @@ ssl3_CopyPeerCertsToSID(ssl3CertNode *ce } /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete @@ -94,7 +94,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s * ssl3 Certificate message. * Caller must hold Handshake and RecvBuf locks. */ -@@ -8679,6 +8730,26 @@ ssl3_FinishHandshake(sslSocket * ss) +@@ -8707,6 +8758,26 @@ ssl3_FinishHandshake(sslSocket * ss) return SECSuccess; } @@ -121,7 +121,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3 * hanshake message. * Caller must hold Handshake and RecvBuf locks. -@@ -8773,14 +8844,42 @@ ssl3_HandleHandshakeMessage(sslSocket *s +@@ -8801,14 +8872,42 @@ ssl3_HandleHandshakeMessage(sslSocket *s rv = ssl3_HandleServerHello(ss, b, length); break; case certificate: @@ -164,7 +164,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s rv = ssl3_HandleServerKeyExchange(ss, b, length); break; case certificate_request: -@@ -8789,6 +8888,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s +@@ -8817,6 +8916,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST); return SECFailure; } @@ -174,7 +174,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s rv = ssl3_HandleCertificateRequest(ss, b, length); break; case server_hello_done: -@@ -8802,6 +8904,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s +@@ -8830,6 +8932,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE); return SECFailure; } @@ -184,7 +184,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s rv = ssl3_HandleServerHelloDone(ss); break; case certificate_verify: -@@ -9646,6 +9751,12 @@ ssl3_DestroySSL3Info(sslSocket *ss) +@@ -9719,6 +9824,12 @@ ssl3_DestroySSL3Info(sslSocket *ss) ss->ssl3.hs.messages.len = 0; ss->ssl3.hs.messages.space = 0; } @@ -197,9 +197,9 @@ diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s /* free the SSL3Buffer (msg_body) */ PORT_Free(ss->ssl3.hs.msg_body.buf); -diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c ---- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-15 13:52:08.000000000 -0800 -+++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-02-28 19:14:28.617352538 -0800 +diff -pu -r a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c +--- a/src/net/third_party/nss/ssl/ssl3ext.c 2012-03-12 12:14:12.000000000 -0700 ++++ b/src/net/third_party/nss/ssl/ssl3ext.c 2012-03-19 14:34:51.624539293 -0700 @@ -253,6 +253,7 @@ static const ssl3HelloExtensionHandler s { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, @@ -218,7 +218,7 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s /* any extra entries will appear as { 0, NULL } */ }; -@@ -659,6 +661,80 @@ loser: +@@ -658,6 +660,80 @@ loser: return -1; } @@ -299,9 +299,9 @@ diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s /* * NewSessionTicket * Called from ssl3_HandleFinished -diff -up a/src/net/third_party/nss/ssl/ssl3prot.h b/src/net/third_party/nss/ssl/ssl3prot.h +diff -pu -r a/src/net/third_party/nss/ssl/ssl3prot.h b/src/net/third_party/nss/ssl/ssl3prot.h --- a/src/net/third_party/nss/ssl/ssl3prot.h 2011-10-28 17:29:11.000000000 -0700 -+++ b/src/net/third_party/nss/ssl/ssl3prot.h 2012-02-28 19:12:51.845953454 -0800 ++++ b/src/net/third_party/nss/ssl/ssl3prot.h 2012-03-19 14:34:51.624539293 -0700 @@ -158,6 +158,7 @@ typedef enum { certificate_verify = 15, client_key_exchange = 16, @@ -310,21 +310,31 @@ diff -up a/src/net/third_party/nss/ssl/ssl3prot.h b/src/net/third_party/nss/ssl/ next_proto = 67 } SSL3HandshakeType; -diff -up a/src/net/third_party/nss/ssl/sslerr.h b/src/net/third_party/nss/ssl/sslerr.h ---- a/src/net/third_party/nss/ssl/sslerr.h 2012-02-11 04:55:58.000000000 -0800 -+++ b/src/net/third_party/nss/ssl/sslerr.h 2012-02-28 18:58:06.733056235 -0800 -@@ -211,6 +211,8 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 - SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118), - SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119), +diff -pu -r a/src/net/third_party/nss/ssl/sslerr.h b/src/net/third_party/nss/ssl/sslerr.h +--- a/src/net/third_party/nss/ssl/sslerr.h 2012-03-10 20:32:35.000000000 -0800 ++++ b/src/net/third_party/nss/ssl/sslerr.h 2012-03-19 14:35:47.275278925 -0700 +@@ -213,6 +213,8 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIE -+SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 120), + SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120), + ++SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 121), + SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ -diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h ---- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-28 17:48:46.326209244 -0800 -+++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-28 19:05:14.299310096 -0800 +diff -pu -r a/src/net/third_party/nss/ssl/SSLerrs.h b/src/net/third_party/nss/ssl/SSLerrs.h +--- a/src/net/third_party/nss/ssl/SSLerrs.h 2012-03-10 20:32:34.000000000 -0800 ++++ b/src/net/third_party/nss/ssl/SSLerrs.h 2012-03-19 14:38:37.757544584 -0700 +@@ -420,3 +420,6 @@ ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_ + + ER3(SSL_ERROR_INVALID_VERSION_RANGE, (SSL_ERROR_BASE + 120), + "SSL version range is not valid.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 121), ++"SSL received an unexpected Certificate Status handshake message.") +diff -pu -r a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h +--- a/src/net/third_party/nss/ssl/sslimpl.h 2012-03-19 14:34:10.093984221 -0700 ++++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-03-19 14:34:51.634539426 -0700 @@ -339,6 +339,7 @@ typedef struct sslOptionsStr { unsigned int requireSafeNegotiation : 1; /* 22 */ unsigned int enableFalseStart : 1; /* 23 */ @@ -333,7 +343,7 @@ diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s } sslOptions; typedef enum { sslHandshakingUndetermined = 0, -@@ -782,6 +783,14 @@ const ssl3CipherSuiteDef *suite_def; +@@ -783,6 +784,14 @@ const ssl3CipherSuiteDef *suite_def; PRBool isResuming; /* are we resuming a session */ PRBool usedStepDownKey; /* we did a server key exchange. */ PRBool sendingSCSV; /* instead of empty RI */ @@ -348,7 +358,7 @@ diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s sslBuffer msgState; /* current state for handshake messages*/ /* protected by recvBufLock */ sslBuffer messages; /* Accumulated handshake messages */ -@@ -1527,6 +1536,8 @@ extern SECStatus ssl3_HandleSupportedPoi +@@ -1548,6 +1557,8 @@ extern SECStatus ssl3_HandleSupportedPoi PRUint16 ex_type, SECItem *data); extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); @@ -357,7 +367,7 @@ diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); -@@ -1536,6 +1547,8 @@ extern SECStatus ssl3_ServerHandleSessio +@@ -1557,6 +1568,8 @@ extern SECStatus ssl3_ServerHandleSessio */ extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); @@ -366,9 +376,9 @@ diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s /* ClientHello and ServerHello extension senders. * The code is in ssl3ext.c. -diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c ---- a/src/net/third_party/nss/ssl/sslsock.c 2012-02-28 16:15:34.790321976 -0800 -+++ b/src/net/third_party/nss/ssl/sslsock.c 2012-02-28 19:12:51.845953454 -0800 +diff -pu -r a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c +--- a/src/net/third_party/nss/ssl/sslsock.c 2012-03-19 14:34:10.083984085 -0700 ++++ b/src/net/third_party/nss/ssl/sslsock.c 2012-03-19 14:34:51.634539426 -0700 @@ -185,7 +185,8 @@ static sslOptions ssl_defaults = { 2, /* enableRenegotiation (default: requires extension) */ PR_FALSE, /* requireSafeNegotiation */ @@ -378,8 +388,8 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s + PR_FALSE, /* enableOCSPStapling */ }; - sslSessionIDLookupFunc ssl_sid_lookup; -@@ -741,6 +742,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh + /* +@@ -812,6 +813,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh ss->opt.cbcRandomIV = on; break; @@ -390,7 +400,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; -@@ -806,6 +811,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh +@@ -881,6 +886,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh on = ss->opt.requireSafeNegotiation; break; case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; @@ -398,7 +408,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s default: PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -860,6 +866,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo +@@ -939,6 +945,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo break; case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; @@ -408,7 +418,7 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s default: PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -1019,6 +1028,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo +@@ -1098,6 +1107,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo ssl_defaults.cbcRandomIV = on; break; @@ -419,8 +429,8 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s default: PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; -@@ -1537,6 +1550,36 @@ loser: - #endif +@@ -1735,6 +1748,36 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons + return SECSuccess; } +SECStatus @@ -456,10 +466,10 @@ diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s /************************************************************************/ /* The following functions are the TOP LEVEL SSL functions. ** They all get called through the NSPRIOMethods table below. -diff -up a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h ---- a/src/net/third_party/nss/ssl/sslt.h 2012-02-15 13:52:08.000000000 -0800 -+++ b/src/net/third_party/nss/ssl/sslt.h 2012-02-28 19:12:51.845953454 -0800 -@@ -198,6 +198,7 @@ typedef enum { +diff -pu -r a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h +--- a/src/net/third_party/nss/ssl/sslt.h 2012-03-15 18:23:55.000000000 -0700 ++++ b/src/net/third_party/nss/ssl/sslt.h 2012-03-19 14:34:51.634539426 -0700 +@@ -207,6 +207,7 @@ typedef enum { /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */ typedef enum { ssl_server_name_xtn = 0, @@ -467,7 +477,7 @@ diff -up a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt #ifdef NSS_ENABLE_ECC ssl_elliptic_curves_xtn = 10, ssl_ec_point_formats_xtn = 11, -@@ -207,6 +208,6 @@ typedef enum { +@@ -216,6 +217,6 @@ typedef enum { ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ } SSLExtensionType; diff --git a/net/third_party/nss/patches/renegoscsv.patch b/net/third_party/nss/patches/renegoscsv.patch index 8ed9dfc..ffade26 100644 --- a/net/third_party/nss/patches/renegoscsv.patch +++ b/net/third_party/nss/patches/renegoscsv.patch @@ -1,24 +1,14 @@ -From 552c8d41b9ac9d55c8f1a861d81fc070a2a72aba Mon Sep 17 00:00:00 2001 -From: Adam Langley <agl@chromium.org> -Date: Mon, 3 Oct 2011 12:20:10 -0400 -Subject: [PATCH] renegoscsv.patch - ---- - mozilla/security/nss/lib/ssl/ssl3con.c | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c -index e0cb4e9..455a532 100644 ---- a/mozilla/security/nss/lib/ssl/ssl3con.c -+++ b/mozilla/security/nss/lib/ssl/ssl3con.c -@@ -3874,9 +3874,9 @@ ssl3_SendClientHello(sslSocket *ss) +diff -pu -r a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c +--- a/src/net/third_party/nss/ssl/ssl3con.c 2012-03-17 17:31:19.000000000 -0700 ++++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-03-19 12:35:33.058193252 -0700 +@@ -3966,9 +3966,9 @@ ssl3_SendClientHello(sslSocket *ss) return SECFailure; /* ssl3_config_match_init has set error code. */ /* HACK for SCSV in SSL 3.0. On initial handshake, prepend SCSV, - * only if we're willing to complete an SSL 3.0 handshake. + * only if TLS is disabled. */ -- if (!ss->firstHsDone && ss->opt.enableSSL3) { +- if (!ss->firstHsDone && ss->vrange.min == SSL_LIBRARY_VERSION_3_0) { + if (!ss->firstHsDone && !isTLS) { /* Must set this before calling Hello Extension Senders, * to suppress sending of empty RI extension. diff --git a/net/third_party/nss/patches/secret_exporter.patch b/net/third_party/nss/patches/secret_exporter.patch deleted file mode 100644 index 10f1776..0000000 --- a/net/third_party/nss/patches/secret_exporter.patch +++ /dev/null @@ -1,215 +0,0 @@ -diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h ---- a/src/net/third_party/nss/ssl/ssl.h 2012-02-29 17:12:15.720044263 -0800 -+++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-29 17:18:04.824794558 -0800 -@@ -774,6 +774,19 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteI - /* Returnes negotiated through SNI host info. */ - SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd); - -+/* Export keying material according to RFC 5705. -+** fd must correspond to a TLS 1.0 or higher socket and out must -+** already be allocated. If contextLen is zero it uses the no-context -+** construction from the RFC. -+*/ -+SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd, -+ const char *label, -+ unsigned int labelLen, -+ const unsigned char *context, -+ unsigned int contextLen, -+ unsigned char *out, -+ unsigned int outLen); -+ - /* - ** Return a new reference to the certificate that was most recently sent - ** to the peer on this SSL/TLS connection, or NULL if none has been sent. -diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c ---- a/src/net/third_party/nss/ssl/ssl3con.c 2012-02-28 20:34:50.114663722 -0800 -+++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 17:18:04.824794558 -0800 -@@ -8368,33 +8368,33 @@ done: - return rv; - } - --static SECStatus --ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, -- PRBool isServer, -- const SSL3Finished * hashes, -- TLSFinished * tlsFinished) -+/* The calling function must acquire and release the appropriate lock (i.e., -+ * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any -+ * label must already be concatenated onto the beginning of val. -+ */ -+SECStatus -+ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, -+ unsigned int labelLen, const unsigned char *val, unsigned int valLen, -+ unsigned char *out, unsigned int outLen) - { -- const char * label; -- unsigned int len; -- SECStatus rv; -- -- label = isServer ? "server finished" : "client finished"; -- len = 15; -+ SECStatus rv = SECSuccess; - - if (spec->master_secret && !spec->bypassCiphers) { - SECItem param = {siBuffer, NULL, 0}; - PK11Context *prf_context = - PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN, - spec->master_secret, ¶m); -+ unsigned int retLen; -+ - if (!prf_context) - return SECFailure; - - rv = PK11_DigestBegin(prf_context); -- rv |= PK11_DigestOp(prf_context, (const unsigned char *) label, len); -- rv |= PK11_DigestOp(prf_context, hashes->md5, sizeof *hashes); -- rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, -- &len, sizeof tlsFinished->verify_data); -- PORT_Assert(rv != SECSuccess || len == sizeof *tlsFinished); -+ rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen); -+ rv |= PK11_DigestOp(prf_context, val, valLen); -+ rv |= PK11_DigestFinal(prf_context, out, -+ &retLen, outLen); -+ PORT_Assert(rv != SECSuccess || retLen == outLen); - - PK11_DestroyContext(prf_context, PR_TRUE); - } else { -@@ -8403,17 +8403,36 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec * - SECItem outData = { siBuffer, }; - PRBool isFIPS = PR_FALSE; - -- inData.data = (unsigned char *)hashes->md5; -- inData.len = sizeof hashes[0]; -- outData.data = tlsFinished->verify_data; -- outData.len = sizeof tlsFinished->verify_data; -+ inData.data = (unsigned char *) val; -+ inData.len = valLen; -+ outData.data = out; -+ outData.len = outLen; - rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); -- PORT_Assert(rv != SECSuccess || \ -- outData.len == sizeof tlsFinished->verify_data); -+ PORT_Assert(rv != SECSuccess || outData.len == outLen); - } - return rv; - } - -+static SECStatus -+ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, -+ PRBool isServer, -+ const SSL3Finished * hashes, -+ TLSFinished * tlsFinished) -+{ -+ const char * label; -+ SECStatus rv; -+ unsigned int len; -+ -+ label = isServer ? "server finished" : "client finished"; -+ len = 15; -+ -+ rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5, -+ sizeof *hashes, tlsFinished->verify_data, -+ sizeof tlsFinished->verify_data); -+ -+ return rv; -+} -+ - /* called from ssl3_HandleServerHelloDone - */ - static SECStatus -diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h ---- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 17:12:15.720044263 -0800 -+++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 17:16:59.143900589 -0800 -@@ -1709,6 +1709,11 @@ SECStatus SSL_DisableDefaultExportCipher - SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); - PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); - -+SECStatus ssl3_TLSPRFWithMasterSecret( -+ ssl3CipherSpec *spec, const char *label, -+ unsigned int labelLen, const unsigned char *val, -+ unsigned int valLen, unsigned char *out, -+ unsigned int outLen); - - #ifdef TRACE - #define SSL_TRACE(msg) ssl_Trace msg -diff -up a/src/net/third_party/nss/ssl/sslinfo.c b/src/net/third_party/nss/ssl/sslinfo.c ---- a/src/net/third_party/nss/ssl/sslinfo.c 2010-09-01 18:12:57.000000000 -0700 -+++ b/src/net/third_party/nss/ssl/sslinfo.c 2012-02-29 17:18:04.824794558 -0800 -@@ -20,6 +20,7 @@ - * - * Contributor(s): - * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories -+ * Douglas Stebila <douglas@stebila.ca> - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or -@@ -316,6 +317,69 @@ SSL_IsExportCipherSuite(PRUint16 cipherS - return PR_FALSE; - } - -+/* Export keying material according to RFC 5705. -+** fd must correspond to a TLS 1.0 or higher socket, out must -+** be already allocated. -+*/ -+SECStatus -+SSL_ExportKeyingMaterial(PRFileDesc *fd, -+ const char *label, -+ unsigned int labelLen, -+ const unsigned char *context, -+ unsigned int contextLen, -+ unsigned char *out, -+ unsigned int outLen) -+{ -+ sslSocket *ss; -+ unsigned char *val = NULL; -+ unsigned int valLen, i; -+ SECStatus rv = SECFailure; -+ -+ ss = ssl_FindSocket(fd); -+ if (!ss) { -+ SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial", -+ SSL_GETPID(), fd)); -+ return SECFailure; -+ } -+ -+ if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) { -+ PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); -+ return SECFailure; -+ } -+ -+ valLen = SSL3_RANDOM_LENGTH * 2; -+ if (contextLen > 0) -+ valLen += 2 /* uint16 length */ + contextLen; -+ val = PORT_Alloc(valLen); -+ if (val == NULL) -+ return SECFailure; -+ i = 0; -+ PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); -+ i += SSL3_RANDOM_LENGTH; -+ PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); -+ i += SSL3_RANDOM_LENGTH; -+ if (contextLen > 0) { -+ val[i++] = contextLen >> 8; -+ val[i++] = contextLen; -+ PORT_Memcpy(val + i, context, contextLen); -+ i += contextLen; -+ } -+ PORT_Assert(i == valLen); -+ -+ ssl_GetSpecReadLock(ss); -+ if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) { -+ PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); -+ rv = SECFailure; -+ } else { -+ rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, -+ valLen, out, outLen); -+ } -+ ssl_ReleaseSpecReadLock(ss); -+ -+ PORT_ZFree(val, valLen); -+ return rv; -+} -+ - SECItem* - SSL_GetNegotiatedHostInfo(PRFileDesc *fd) - { diff --git a/net/third_party/nss/patches/secret_exporter2.patch b/net/third_party/nss/patches/secret_exporter2.patch deleted file mode 100644 index 695754d..0000000 --- a/net/third_party/nss/patches/secret_exporter2.patch +++ /dev/null @@ -1,228 +0,0 @@ -Index: net/third_party/nss/ssl/ssl.h -=================================================================== ---- net/third_party/nss/ssl/ssl.h (revision 125777) -+++ net/third_party/nss/ssl/ssl.h (working copy) -@@ -792,12 +792,14 @@ - - /* Export keying material according to RFC 5705. - ** fd must correspond to a TLS 1.0 or higher socket and out must --** already be allocated. If contextLen is zero it uses the no-context --** construction from the RFC. -+** already be allocated. If hasContext is false, it uses the no-context -+** construction from the RFC and ignores the context and contextLen -+** arguments. - */ - SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd, - const char *label, - unsigned int labelLen, -+ PRBool hasContext, - const unsigned char *context, - unsigned int contextLen, - unsigned char *out, -Index: net/third_party/nss/ssl/sslinfo.c -=================================================================== ---- net/third_party/nss/ssl/sslinfo.c (revision 125777) -+++ net/third_party/nss/ssl/sslinfo.c (working copy) -@@ -317,18 +317,12 @@ - return PR_FALSE; - } - --/* Export keying material according to RFC 5705. --** fd must correspond to a TLS 1.0 or higher socket, out must --** be already allocated. --*/ - SECStatus - SSL_ExportKeyingMaterial(PRFileDesc *fd, -- const char *label, -- unsigned int labelLen, -- const unsigned char *context, -- unsigned int contextLen, -- unsigned char *out, -- unsigned int outLen) -+ const char *label, unsigned int labelLen, -+ PRBool hasContext, -+ const unsigned char *context, unsigned int contextLen, -+ unsigned char *out, unsigned int outLen) - { - sslSocket *ss; - unsigned char *val = NULL; -@@ -347,18 +341,21 @@ - return SECFailure; - } - -+ /* construct PRF arguments */ - valLen = SSL3_RANDOM_LENGTH * 2; -- if (contextLen > 0) -+ if (hasContext) { - valLen += 2 /* uint16 length */ + contextLen; -+ } - val = PORT_Alloc(valLen); -- if (val == NULL) -+ if (!val) { - return SECFailure; -+ } - i = 0; - PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); - i += SSL3_RANDOM_LENGTH; - PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); - i += SSL3_RANDOM_LENGTH; -- if (contextLen > 0) { -+ if (hasContext) { - val[i++] = contextLen >> 8; - val[i++] = contextLen; - PORT_Memcpy(val + i, context, contextLen); -@@ -366,6 +363,9 @@ - } - PORT_Assert(i == valLen); - -+ /* Allow TLS keying material to be exported sooner, when the master -+ * secret is available and we have sent ChangeCipherSpec. -+ */ - ssl_GetSpecReadLock(ss); - if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) { - PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); -Index: net/third_party/nss/ssl/sslimpl.h -=================================================================== ---- net/third_party/nss/ssl/sslimpl.h (revision 125777) -+++ net/third_party/nss/ssl/sslimpl.h (working copy) -@@ -1715,11 +1715,11 @@ - SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); - PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); - --SECStatus ssl3_TLSPRFWithMasterSecret( -- ssl3CipherSpec *spec, const char *label, -- unsigned int labelLen, const unsigned char *val, -- unsigned int valLen, unsigned char *out, -- unsigned int outLen); -+extern SECStatus -+ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, -+ const char *label, unsigned int labelLen, -+ const unsigned char *val, unsigned int valLen, -+ unsigned char *out, unsigned int outLen); - - #ifdef TRACE - #define SSL_TRACE(msg) ssl_Trace msg -Index: net/third_party/nss/ssl/ssl3ext.c -=================================================================== ---- net/third_party/nss/ssl/ssl3ext.c (revision 125777) -+++ net/third_party/nss/ssl/ssl3ext.c (working copy) -@@ -606,10 +606,7 @@ - unsigned char resultBuffer[255]; - SECItem result = { siBuffer, resultBuffer, 0 }; - -- if (ss->firstHsDone) { -- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); -- return SECFailure; -- } -+ PORT_Assert(!ss->firstHsDone); - - rv = ssl3_ValidateNextProtoNego(data->data, data->len); - if (rv != SECSuccess) -@@ -621,6 +618,8 @@ - */ - PORT_Assert(ss->nextProtoCallback != NULL); - if (!ss->nextProtoCallback) { -+ /* XXX Use a better error code. This is an application error, not an -+ * NSS bug. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } -@@ -631,7 +630,7 @@ - return rv; - /* If the callback wrote more than allowed to |result| it has corrupted our - * stack. */ -- if (result.len > sizeof result) { -+ if (result.len > sizeof resultBuffer) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } -Index: net/third_party/nss/ssl/sslsock.c -=================================================================== ---- net/third_party/nss/ssl/sslsock.c (revision 125777) -+++ net/third_party/nss/ssl/sslsock.c (working copy) -@@ -1344,7 +1344,7 @@ - return SECSuccess; - } - --/* NextProtoStandardCallback is set as an NPN callback for the case when -+/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when - * SSL_SetNextProtoNego is used. - */ - static SECStatus -@@ -1390,12 +1390,12 @@ - result = ss->opt.nextProtoNego.data; - - found: -- *protoOutLen = result[0]; - if (protoMaxLen < result[0]) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } - memcpy(protoOut, result + 1, result[0]); -+ *protoOutLen = result[0]; - return SECSuccess; - } - -@@ -1449,13 +1449,12 @@ - - if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT && - ss->ssl3.nextProto.data) { -- *bufLen = ss->ssl3.nextProto.len; -- if (*bufLen > bufLenMax) { -+ if (ss->ssl3.nextProto.len > bufLenMax) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); -- *bufLen = 0; - return SECFailure; - } - PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); -+ *bufLen = ss->ssl3.nextProto.len; - } else { - *bufLen = 0; - } -Index: net/third_party/nss/ssl/ssl3con.c -=================================================================== ---- net/third_party/nss/ssl/ssl3con.c (revision 125777) -+++ net/third_party/nss/ssl/ssl3con.c (working copy) -@@ -8484,9 +8484,9 @@ - return rv; - } - --/* The calling function must acquire and release the appropriate lock (i.e., -- * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any -- * label must already be concatenated onto the beginning of val. -+/* The calling function must acquire and release the appropriate -+ * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for -+ * ss->ssl3.crSpec). - */ - SECStatus - ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, -@@ -8508,8 +8508,7 @@ - rv = PK11_DigestBegin(prf_context); - rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen); - rv |= PK11_DigestOp(prf_context, val, valLen); -- rv |= PK11_DigestFinal(prf_context, out, -- &retLen, outLen); -+ rv |= PK11_DigestFinal(prf_context, out, &retLen, outLen); - PORT_Assert(rv != SECSuccess || retLen == outLen); - - PK11_DestroyContext(prf_context, PR_TRUE); -@@ -8532,15 +8531,15 @@ - static SECStatus - ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, - PRBool isServer, -- const SSL3Finished * hashes, -- TLSFinished * tlsFinished) -+ const SSL3Finished * hashes, -+ TLSFinished * tlsFinished) - { - const char * label; -- SECStatus rv; - unsigned int len; -+ SECStatus rv; - - label = isServer ? "server finished" : "client finished"; -- len = 15; -+ len = 15; - - rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5, - sizeof *hashes, tlsFinished->verify_data, diff --git a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs.h index be25978..29aa512 100644 --- a/net/third_party/nss/ssl/SSLerrs.h +++ b/net/third_party/nss/ssl/SSLerrs.h @@ -417,3 +417,9 @@ ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS, (SSL_ERROR_BASE + 118), ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS, (SSL_ERROR_BASE + 119), "SSL feature not supported for clients.") + +ER3(SSL_ERROR_INVALID_VERSION_RANGE, (SSL_ERROR_BASE + 120), +"SSL version range is not valid.") + +ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 121), +"SSL received an unexpected Certificate Status handshake message.") diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h index d8f8e2f..92e823a 100644 --- a/net/third_party/nss/ssl/ssl.h +++ b/net/third_party/nss/ssl/ssl.h @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: ssl.h,v 1.49 2012/02/15 21:52:08 kaie%kuix.de Exp $ */ +/* $Id: ssl.h,v 1.54 2012/03/18 00:31:19 wtc%google.com Exp $ */ #ifndef __ssl_h_ #define __ssl_h_ @@ -100,17 +100,34 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd); /* (off by default) */ #define SSL_HANDSHAKE_AS_SERVER 6 /* force connect to hs as server */ /* (off by default) */ + +/* OBSOLETE: SSL v2 is obsolete and may be removed soon. */ #define SSL_ENABLE_SSL2 7 /* enable ssl v2 (off by default) */ + +/* OBSOLETE: See "SSL Version Range API" below for the replacement and a +** description of the non-obvious semantics of using SSL_ENABLE_SSL3. +*/ #define SSL_ENABLE_SSL3 8 /* enable ssl v3 (on by default) */ + #define SSL_NO_CACHE 9 /* don't use the session cache */ /* (off by default) */ #define SSL_REQUIRE_CERTIFICATE 10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */ /* by default) */ #define SSL_ENABLE_FDX 11 /* permit simultaneous read/write */ /* (off by default) */ + +/* OBSOLETE: SSL v2 compatible hellos are not accepted by some TLS servers +** and cannot negotiate extensions. SSL v2 is obsolete. This option may be +** removed soon. +*/ #define SSL_V2_COMPATIBLE_HELLO 12 /* send v3 client hello in v2 fmt */ /* (off by default) */ + +/* OBSOLETE: See "SSL Version Range API" below for the replacement and a +** description of the non-obvious semantics of using SSL_ENABLE_TLS. +*/ #define SSL_ENABLE_TLS 13 /* enable TLS (on by default) */ + #define SSL_ROLLBACK_DETECTION 14 /* for compatibility, default: on */ #define SSL_NO_STEP_DOWN 15 /* Disable export cipher suites */ /* if step-down keys are needed. */ @@ -261,6 +278,77 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); +/* SSL Version Range API +** +** This API should be used to control SSL 3.0 & TLS support instead of the +** older SSL_Option* API; however, the SSL_Option* API MUST still be used to +** control SSL 2.0 support. In this version of libssl, SSL 3.0 and TLS 1.0 are +** enabled by default. Future versions of libssl may change which versions of +** the protocol are enabled by default. +** +** The SSLProtocolVariant enum indicates whether the protocol is of type +** stream or datagram. This must be provided to the functions that do not +** take an fd. Functions which take an fd will get the variant from the fd, +** which is typed. +** +** Using the new version range API in conjunction with the older +** SSL_OptionSet-based API for controlling the enabled protocol versions may +** cause unexpected results. Going forward, we guarantee only the following: +** +** SSL_OptionGet(SSL_ENABLE_TLS) will return PR_TRUE if *ANY* versions of TLS +** are enabled. +** +** SSL_OptionSet(SSL_ENABLE_TLS, PR_FALSE) will disable *ALL* versions of TLS, +** including TLS 1.0 and later. +** +** The above two properties provide compatibility for applications that use +** SSL_OptionSet to implement the insecure fallback from TLS 1.x to SSL 3.0. +** +** SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) will enable TLS 1.0, and may also +** enable some later versions of TLS, if it is necessary to do so in order to +** keep the set of enabled versions contiguous. For example, if TLS 1.2 is +** enabled, then after SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE), TLS 1.0, +** TLS 1.1, and TLS 1.2 will be enabled, and the call will have no effect on +** whether SSL 3.0 is enabled. If no later versions of TLS are enabled at the +** time SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) is called, then no later +** versions of TLS will be enabled by the call. +** +** SSL_OptionSet(SSL_ENABLE_SSL3, PR_FALSE) will disable SSL 3.0, and will not +** change the set of TLS versions that are enabled. +** +** SSL_OptionSet(SSL_ENABLE_SSL3, PR_TRUE) will enable SSL 3.0, and may also +** enable some versions of TLS if TLS 1.1 or later is enabled at the time of +** the call, the same way SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) works, in +** order to keep the set of enabled versions contiguous. +*/ + +/* Returns, in |*vrange|, the range of SSL3/TLS versions supported for the +** given protocol variant by the version of libssl linked-to at runtime. +*/ +SSL_IMPORT SECStatus SSL_VersionRangeGetSupported( + SSLProtocolVariant protocolVariant, SSLVersionRange *vrange); + +/* Returns, in |*vrange|, the range of SSL3/TLS versions enabled by default +** for the given protocol variant. +*/ +SSL_IMPORT SECStatus SSL_VersionRangeGetDefault( + SSLProtocolVariant protocolVariant, SSLVersionRange *vrange); + +/* Sets the range of enabled-by-default SSL3/TLS versions for the given +** protocol variant to |*vrange|. +*/ +SSL_IMPORT SECStatus SSL_VersionRangeSetDefault( + SSLProtocolVariant protocolVariant, const SSLVersionRange *vrange); + +/* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */ +SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd, + SSLVersionRange *vrange); + +/* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */ +SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd, + const SSLVersionRange *vrange); + + /* Values for "policy" argument to SSL_PolicySet */ /* Values returned by SSL_CipherPolicyGet. */ #define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */ diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index 804feac..322e502 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * SSL3 Protocol * @@ -39,7 +40,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: ssl3con.c,v 1.164 2012/02/17 09:50:04 kaie%kuix.de Exp $ */ +/* $Id: ssl3con.c,v 1.173 2012/03/18 00:31:19 wtc%google.com Exp $ */ #include "cert.h" #include "ssl.h" @@ -142,8 +143,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { #endif /* NSS_ENABLE_ECC */ { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, - { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, { SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, + { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, #ifdef NSS_ENABLE_ECC @@ -638,7 +639,7 @@ ssl3_config_match_init(sslSocket *ss) PORT_SetError(SEC_ERROR_INVALID_ARGS); return 0; } - if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) { + if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { return 0; } isServer = (PRBool)(ss->sec.isServer != 0); @@ -742,7 +743,7 @@ count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) { int i, count = 0; - if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) { + if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { return 0; } for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { @@ -755,24 +756,6 @@ count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) return count; } -static PRBool -anyRestrictedEnabled(sslSocket *ss) -{ - int i; - - if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) { - return PR_FALSE; - } - for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { - ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; - if (suite->policy == SSL_RESTRICTED && - suite->enabled && - suite->isPresent) - return PR_TRUE; - } - return PR_FALSE; -} - /* * Null compression, mac and encryption functions */ @@ -791,33 +774,32 @@ Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen, * SSL3 Utility functions */ +/* allowLargerPeerVersion controls whether the function will select the + * highest enabled SSL version or fail when peerVersion is greater than the + * highest enabled version. + * + * If allowLargerPeerVersion is true, peerVersion is the peer's highest + * enabled version rather than the peer's selected version. + */ SECStatus -ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion) +ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion, + PRBool allowLargerPeerVersion) { - SSL3ProtocolVersion version; - SSL3ProtocolVersion maxVersion; - - if (ss->opt.enableTLS) { - maxVersion = SSL_LIBRARY_VERSION_3_1_TLS; - } else if (ss->opt.enableSSL3) { - maxVersion = SSL_LIBRARY_VERSION_3_0; - } else { - /* what are we doing here? */ - PORT_Assert(ss->opt.enableSSL3 || ss->opt.enableTLS); + if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { PORT_SetError(SSL_ERROR_SSL_DISABLED); return SECFailure; } - ss->version = version = PR_MIN(maxVersion, peerVersion); - - if ((version == SSL_LIBRARY_VERSION_3_1_TLS && ss->opt.enableTLS) || - (version == SSL_LIBRARY_VERSION_3_0 && ss->opt.enableSSL3)) { - return SECSuccess; + if (peerVersion < ss->vrange.min || + (peerVersion > ss->vrange.max && !allowLargerPeerVersion)) { + PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); + return SECFailure; } - PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); - return SECFailure; + ss->version = PR_MIN(peerVersion, ss->vrange.max); + PORT_Assert(ssl3_VersionIsSupported(ssl_variant_stream, ss->version)); + return SECSuccess; } static SECStatus @@ -1433,7 +1415,7 @@ static SECStatus ssl3_InitPendingContextsBypass(sslSocket *ss) { ssl3CipherSpec * pwSpec; -const ssl3BulkCipherDef *cipher_def; + const ssl3BulkCipherDef *cipher_def; void * serverContext = NULL; void * clientContext = NULL; BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL; @@ -1622,7 +1604,7 @@ static SECStatus ssl3_InitPendingContextsPKCS11(sslSocket *ss) { ssl3CipherSpec * pwSpec; -const ssl3BulkCipherDef *cipher_def; + const ssl3BulkCipherDef *cipher_def; PK11Context * serverContext = NULL; PK11Context * clientContext = NULL; SECItem * param; @@ -2050,21 +2032,52 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, { const ssl3BulkCipherDef * cipher_def; SECStatus rv; - PRUint32 macLen = 0; + PRUint32 macLen = 0; PRUint32 fragLen; PRUint32 p1Len, p2Len, oddLen = 0; - PRInt32 cipherBytes = 0; + int ivLen = 0; + int cipherBytes = 0; cipher_def = cwSpec->cipher_def; + if (cipher_def->type == type_block && + cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) { + /* Prepend the per-record explicit IV using technique 2b from + * RFC 4346 section 6.2.3.2: The IV is a cryptographically + * strong random number XORed with the CBC residue from the previous + * record. + */ + ivLen = cipher_def->iv_size; + if (ivLen > wrBuf->space - SSL3_RECORD_HEADER_LENGTH) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + rv = PK11_GenerateRandom(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, ivLen); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE); + return rv; + } + rv = cwSpec->encode( cwSpec->encodeContext, + wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, + &cipherBytes, /* output and actual outLen */ + ivLen, /* max outlen */ + wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, + ivLen); /* input and inputLen*/ + if (rv != SECSuccess || cipherBytes != ivLen) { + PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); + return SECFailure; + } + } + if (cwSpec->compressor) { int outlen; rv = cwSpec->compressor( - cwSpec->compressContext, wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, - &outlen, wrBuf->space - SSL3_RECORD_HEADER_LENGTH, pIn, contentLen); + cwSpec->compressContext, + wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen, &outlen, + wrBuf->space - SSL3_RECORD_HEADER_LENGTH - ivLen, pIn, contentLen); if (rv != SECSuccess) return rv; - pIn = wrBuf->buf + SSL3_RECORD_HEADER_LENGTH; + pIn = wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen; contentLen = outlen; } @@ -2073,7 +2086,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, */ rv = ssl3_ComputeRecordMAC( cwSpec, isServer, type, cwSpec->version, cwSpec->write_seq_num, pIn, contentLen, - wrBuf->buf + contentLen + SSL3_RECORD_HEADER_LENGTH, &macLen); + wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + contentLen, &macLen); if (rv != SECSuccess) { ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); return SECFailure; @@ -2100,7 +2113,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, PORT_Assert((fragLen % cipher_def->block_size) == 0); /* Pad according to TLS rules (also acceptable to SSL3). */ - pBuf = &wrBuf->buf[fragLen + SSL3_RECORD_HEADER_LENGTH - 1]; + pBuf = &wrBuf->buf[SSL3_RECORD_HEADER_LENGTH + ivLen + fragLen - 1]; for (i = padding_length + 1; i > 0; --i) { *pBuf-- = padding_length; } @@ -2117,31 +2130,33 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, p2Len += oddLen; PORT_Assert( (cipher_def->block_size < 2) || \ (p2Len % cipher_def->block_size) == 0); - memmove(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len, + memmove(wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len, pIn + p1Len, oddLen); } if (p1Len > 0) { + int cipherBytesPart1 = -1; rv = cwSpec->encode( cwSpec->encodeContext, - wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, /* output */ - &cipherBytes, /* actual outlen */ + wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen, /* output */ + &cipherBytesPart1, /* actual outlen */ p1Len, /* max outlen */ pIn, p1Len); /* input, and inputlen */ - PORT_Assert(rv == SECSuccess && cipherBytes == p1Len); - if (rv != SECSuccess || cipherBytes != p1Len) { + PORT_Assert(rv == SECSuccess && cipherBytesPart1 == (int) p1Len); + if (rv != SECSuccess || cipherBytesPart1 != (int) p1Len) { PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); return SECFailure; } + cipherBytes += cipherBytesPart1; } if (p2Len > 0) { - PRInt32 cipherBytesPart2 = -1; + int cipherBytesPart2 = -1; rv = cwSpec->encode( cwSpec->encodeContext, - wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len, + wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len, &cipherBytesPart2, /* output and actual outLen */ p2Len, /* max outlen */ - wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len, + wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + ivLen + p1Len, p2Len); /* input and inputLen*/ - PORT_Assert(rv == SECSuccess && cipherBytesPart2 == p2Len); - if (rv != SECSuccess || cipherBytesPart2 != p2Len) { + PORT_Assert(rv == SECSuccess && cipherBytesPart2 == (int) p2Len); + if (rv != SECSuccess || cipherBytesPart2 != (int) p2Len) { PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); return SECFailure; } @@ -2225,7 +2240,7 @@ ssl3_SendRecord( sslSocket * ss, ssl_GetSpecReadLock(ss); /********************************/ if (nIn > 1 && ss->opt.cbcRandomIV && - ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS && + ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_1 && type == content_application_data && ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) { /* We will split the first byte of the record into its own record, @@ -2237,6 +2252,10 @@ ssl3_SendRecord( sslSocket * ss, } spaceNeeded = contentLen + (numRecords * SSL3_BUFFER_FUDGE); + if (ss->ssl3.cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1 && + ss->ssl3.cwSpec->cipher_def->type == type_block) { + spaceNeeded += ss->ssl3.cwSpec->cipher_def->iv_size; + } if (spaceNeeded > wrBuf->space) { rv = sslBuffer_Grow(wrBuf, spaceNeeded); if (rv != SECSuccess) { @@ -3890,6 +3909,11 @@ ssl3_SendClientHello(sslSocket *ss) sidOK = PR_FALSE; } + if (sidOK && ssl3_NegotiateVersion(ss, sid->version, + PR_FALSE) != SECSuccess) { + sidOK = PR_FALSE; + } + if (!sidOK) { SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_not_ok ); (*ss->sec.uncache)(sid); @@ -3906,10 +3930,6 @@ ssl3_SendClientHello(sslSocket *ss) sid->u.ssl3.sessionTicket.ticket.data) SSL_AtomicIncrementLong(& ssl3stats.sch_sid_stateless_resumes ); - rv = ssl3_NegotiateVersion(ss, sid->version); - if (rv != SECSuccess) - return rv; /* error code was set */ - PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength)); @@ -3917,7 +3937,8 @@ ssl3_SendClientHello(sslSocket *ss) } else { SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses ); - rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_3_1_TLS); + rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, + PR_TRUE); if (rv != SECSuccess) return rv; /* error code was set */ @@ -3944,8 +3965,8 @@ ssl3_SendClientHello(sslSocket *ss) ss->sec.send = ssl3_SendApplicationData; /* shouldn't get here if SSL3 is disabled, but ... */ - PORT_Assert(ss->opt.enableSSL3 || ss->opt.enableTLS); - if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) { + if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { + PR_NOT_REACHED("No versions of SSL 3.0 or later are enabled"); PORT_SetError(SSL_ERROR_SSL_DISABLED); return SECFailure; } @@ -5015,16 +5036,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } version = (SSL3ProtocolVersion)temp; - /* this is appropriate since the negotiation is complete, and we only - ** know SSL 3.x. - */ - if (MSB(version) != MSB(SSL_LIBRARY_VERSION_3_0)) { - desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version - : handshake_failure; - goto alert_loser; - } - - rv = ssl3_NegotiateVersion(ss, version); + rv = ssl3_NegotiateVersion(ss, version, PR_FALSE); if (rv != SECSuccess) { desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure; @@ -6298,7 +6310,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (tmp < 0) goto loser; /* malformed, alert already sent */ ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp; - rv = ssl3_NegotiateVersion(ss, version); + rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); if (rv != SECSuccess) { desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure; @@ -7006,7 +7018,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) rand_length = (buffer[7] << 8) | buffer[8]; ss->clientHelloVersion = version; - rv = ssl3_NegotiateVersion(ss, version); + rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); if (rv != SECSuccess) { /* send back which ever alert client will understand. */ desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure; @@ -7242,7 +7254,7 @@ ssl3_SendServerHello(sslSocket *ss) static SECStatus ssl3_SendServerKeyExchange(sslSocket *ss) { -const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; + const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; SECStatus rv = SECFailure; int length; PRBool isTLS; @@ -7341,7 +7353,7 @@ ssl3_SendCertificateRequest(sslSocket *ss) { SECItem * name; CERTDistNames *ca_list; -const uint8 * certTypes; + const uint8 * certTypes; SECItem * names = NULL; SECStatus rv; int length; @@ -7689,7 +7701,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) { SECKEYPrivateKey *serverKey = NULL; SECStatus rv; -const ssl3KEADef * kea_def; + const ssl3KEADef *kea_def; ssl3KeyPair *serverKeyPair = NULL; #ifdef NSS_ENABLE_ECC SECKEYPublicKey *serverPubKey = NULL; @@ -8484,6 +8496,26 @@ done: return rv; } +static SECStatus +ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, + PRBool isServer, + const SSL3Finished * hashes, + TLSFinished * tlsFinished) +{ + const char * label; + unsigned int len; + SECStatus rv; + + label = isServer ? "server finished" : "client finished"; + len = 15; + + rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5, + sizeof *hashes, tlsFinished->verify_data, + sizeof tlsFinished->verify_data); + + return rv; +} + /* The calling function must acquire and release the appropriate * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for * ss->ssl3.crSpec). @@ -8528,26 +8560,6 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, return rv; } -static SECStatus -ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, - PRBool isServer, - const SSL3Finished * hashes, - TLSFinished * tlsFinished) -{ - const char * label; - unsigned int len; - SECStatus rv; - - label = isServer ? "server finished" : "client finished"; - len = 15; - - rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5, - sizeof *hashes, tlsFinished->verify_data, - sizeof tlsFinished->verify_data); - - return rv; -} - /* called from ssl3_HandleServerHelloDone */ static SECStatus @@ -8921,8 +8933,6 @@ xmit_loser: SECStatus ssl3_FinishHandshake(sslSocket * ss) { - SECStatus rv; - PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); PORT_Assert( ss->ssl3.hs.restartTarget == NULL ); @@ -8931,9 +8941,9 @@ ssl3_FinishHandshake(sslSocket * ss) ss->handshake = NULL; ss->firstHsDone = PR_TRUE; - if (ss->sec.ci.sid->cached == never_cached && - !ss->opt.noCache && ss->sec.cache && ss->ssl3.hs.cacheSID) { + if (ss->ssl3.hs.cacheSID) { (*ss->sec.cache)(ss->sec.ci.sid); + ss->ssl3.hs.cacheSID = PR_FALSE; } ss->ssl3.hs.ws = idle_handshake; @@ -9310,17 +9320,18 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) SECStatus ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) { -const ssl3BulkCipherDef *cipher_def; + const ssl3BulkCipherDef *cipher_def; ssl3CipherSpec * crSpec; SECStatus rv; - unsigned int hashBytes = MAX_MAC_LENGTH + 1; + unsigned int hashBytes = MAX_MAC_LENGTH + 1; unsigned int padding_length; PRBool isTLS; - PRBool padIsBad = PR_FALSE; + PRBool padIsBad = PR_FALSE; SSL3ContentType rType; SSL3Opaque hash[MAX_MAC_LENGTH]; sslBuffer *plaintext; sslBuffer temp_buf; + unsigned int ivLen = 0; PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); @@ -9353,6 +9364,52 @@ const ssl3BulkCipherDef *cipher_def; ssl_GetSpecReadLock(ss); /******************************************/ crSpec = ss->ssl3.crSpec; + cipher_def = crSpec->cipher_def; + + if (cipher_def->type == type_block && + crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) { + /* Consume the per-record explicit IV. RFC 4346 Section 6.2.3.2 states + * "The receiver decrypts the entire GenericBlockCipher structure and + * then discards the first cipher block corresponding to the IV + * component." Instead, we decrypt the first cipher block and then + * discard it before decrypting the rest. + */ + SSL3Opaque iv[MAX_IV_LENGTH]; + int decoded; + + ivLen = cipher_def->iv_size; + if (ivLen < 8 || ivLen > sizeof(iv)) { + ssl_ReleaseSpecReadLock(ss); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + if (ivLen > cText->buf->len) { + SSL_DBG(("%d: SSL3[%d]: HandleRecord, IV length check failed", + SSL_GETPID(), ss->fd)); + /* must not hold spec lock when calling SSL3_SendAlert. */ + ssl_ReleaseSpecReadLock(ss); + SSL3_SendAlert(ss, alert_fatal, bad_record_mac); + /* always log mac error, in case attacker can read server logs. */ + PORT_SetError(SSL_ERROR_BAD_MAC_READ); + return SECFailure; + } + + PRINT_BUF(80, (ss, "IV (ciphertext):", cText->buf->buf, ivLen)); + + /* The decryption result is garbage, but since we just throw away + * the block it doesn't matter. The decryption of the next block + * depends only on the ciphertext of the IV block. + */ + rv = crSpec->decode(crSpec->decodeContext, iv, &decoded, + sizeof(iv), cText->buf->buf, ivLen); + + if (rv != SECSuccess) { + /* All decryption failures must be treated like a bad record + * MAC; see RFC 5246 (TLS 1.2). + */ + padIsBad = PR_TRUE; + } + } /* If we will be decompressing the buffer we need to decrypt somewhere * other than into databuf */ @@ -9377,12 +9434,12 @@ const ssl3BulkCipherDef *cipher_def; } } - PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf, cText->buf->len)); + PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf + ivLen, + cText->buf->len - ivLen)); - cipher_def = crSpec->cipher_def; isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0); - if (isTLS && cText->buf->len > (MAX_FRAGMENT_LENGTH + 2048)) { + if (isTLS && cText->buf->len - ivLen > (MAX_FRAGMENT_LENGTH + 2048)) { ssl_ReleaseSpecReadLock(ss); SSL3_SendAlert(ss, alert_fatal, record_overflow); PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); @@ -9392,7 +9449,7 @@ const ssl3BulkCipherDef *cipher_def; /* decrypt from cText buf to plaintext. */ rv = crSpec->decode( crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len, - plaintext->space, cText->buf->buf, cText->buf->len); + plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen); PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len)); if (rv != SECSuccess) { @@ -9618,9 +9675,7 @@ ssl3_InitCipherSpec(sslSocket *ss, ssl3CipherSpec *spec) spec->read_seq_num.high = 0; spec->read_seq_num.low = 0; - spec->version = ss->opt.enableTLS - ? SSL_LIBRARY_VERSION_3_1_TLS - : SSL_LIBRARY_VERSION_3_0; + spec->version = ss->vrange.max; } /* Called from: ssl3_SendRecord @@ -9865,7 +9920,7 @@ ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size) PORT_SetError(PR_INVALID_ARGUMENT_ERROR); return SECFailure; } - if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) { + if (SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { *size = 0; return SECSuccess; } diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c index ef015fa..80c1f7f 100644 --- a/net/third_party/nss/ssl/ssl3ext.c +++ b/net/third_party/nss/ssl/ssl3ext.c @@ -41,7 +41,7 @@ * ***** END LICENSE BLOCK ***** */ /* TLS extension code moved here from ssl3ecc.c */ -/* $Id: ssl3ext.c,v 1.21 2012/02/15 21:52:08 kaie%kuix.de Exp $ */ +/* $Id: ssl3ext.c,v 1.22 2012/03/12 19:14:12 wtc%google.com Exp $ */ #include "nssrenam.h" #include "nss.h" diff --git a/net/third_party/nss/ssl/sslcon.c b/net/third_party/nss/ssl/sslcon.c index 500ea5d..71030d7 100644 --- a/net/third_party/nss/ssl/sslcon.c +++ b/net/third_party/nss/ssl/sslcon.c @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslcon.c,v 1.45 2011/11/19 21:58:21 bsmith%mozilla.com Exp $ */ +/* $Id: sslcon.c,v 1.48 2012/03/18 00:31:20 wtc%google.com Exp $ */ #include "nssrenam.h" #include "cert.h" @@ -277,12 +277,13 @@ ssl2_CheckConfigSanity(sslSocket *ss) /* Ask how many ssl3 CipherSuites were enabled. */ rv = ssl3_ConstructV2CipherSpecsHack(ss, NULL, &ssl3CipherCount); if (rv != SECSuccess || ssl3CipherCount <= 0) { - ss->opt.enableSSL3 = PR_FALSE; /* not really enabled if no ciphers */ - ss->opt.enableTLS = PR_FALSE; + /* SSL3/TLS not really enabled if no ciphers */ + ss->vrange.min = SSL_LIBRARY_VERSION_NONE; + ss->vrange.max = SSL_LIBRARY_VERSION_NONE; } - if (!ss->opt.enableSSL2 && !ss->opt.enableSSL3 && !ss->opt.enableTLS) { - SSL_DBG(("%d: SSL[%d]: Can't handshake! both v2 and v3 disabled.", + if (!ss->opt.enableSSL2 && SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { + SSL_DBG(("%d: SSL[%d]: Can't handshake! all versions disabled.", SSL_GETPID(), ss->fd)); disabled: PORT_SetError(SSL_ERROR_SSL_DISABLED); @@ -1435,7 +1436,7 @@ ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient) writeKey.data = 0; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); - if(ss->sec.ci.sid == 0) + if (ss->sec.ci.sid == 0) goto sec_loser; /* don't crash if asserts are off */ /* Trying to cut down on all these switch statements that should be tables. @@ -1683,7 +1684,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, } /* Make sure we're not subject to a version rollback attack. */ - if (ss->opt.enableSSL3 || ss->opt.enableTLS) { + if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { static const PRUint8 threes[8] = { 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03 }; @@ -2144,7 +2145,7 @@ ssl2_ClientSetupSessionCypher(sslSocket *ss, PRUint8 *cs, int csLen) /* Set up the padding for version 2 rollback detection. */ /* XXX We should really use defines here */ - if (ss->opt.enableSSL3 || ss->opt.enableTLS) { + if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { PORT_Assert((modulusLen - rek.len) > 12); PORT_Memset(eblock + modulusLen - rek.len - 8 - 1, 0x03, 8); } @@ -3051,16 +3052,20 @@ ssl2_BeginClientHandshake(sslSocket *ss) ss->url); } while (sid) { /* this isn't really a loop */ + PRBool sidVersionEnabled = + (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) && + sid->version >= ss->vrange.min && + sid->version <= ss->vrange.max) || + (sid->version < SSL_LIBRARY_VERSION_3_0 && ss->opt.enableSSL2); + /* if we're not doing this SID's protocol any more, drop it. */ - if (((sid->version < SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableSSL2) || - ((sid->version == SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableSSL3) || - ((sid->version > SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableTLS)) { + if (!sidVersionEnabled) { ss->sec.uncache(sid); ssl_FreeSID(sid); sid = NULL; break; } - if (ss->opt.enableSSL2 && sid->version < SSL_LIBRARY_VERSION_3_0) { + if (sid->version < SSL_LIBRARY_VERSION_3_0) { /* If the cipher in this sid is not enabled, drop it. */ for (i = 0; i < ss->sizeCipherSpecs; i += 3) { if (ss->cipherSpecs[i] == sid->u.ssl2.cipherType) @@ -3106,8 +3111,7 @@ ssl2_BeginClientHandshake(sslSocket *ss) PORT_Assert(sid != NULL); if ((sid->version >= SSL_LIBRARY_VERSION_3_0 || !ss->opt.v2CompatibleHello) && - (ss->opt.enableSSL3 || ss->opt.enableTLS)) { - + !SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { ss->gs.state = GS_INIT; ss->handshake = ssl_GatherRecord1stHandshake; @@ -3157,14 +3161,9 @@ ssl2_BeginClientHandshake(sslSocket *ss) /* Construct client-hello message */ cp = msg = ss->sec.ci.sendBuf.buf; msg[0] = SSL_MT_CLIENT_HELLO; - if ( ss->opt.enableTLS ) { - ss->clientHelloVersion = SSL_LIBRARY_VERSION_3_1_TLS; - } else if ( ss->opt.enableSSL3 ) { - ss->clientHelloVersion = SSL_LIBRARY_VERSION_3_0; - } else { - ss->clientHelloVersion = SSL_LIBRARY_VERSION_2; - } - + ss->clientHelloVersion = SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) ? + SSL_LIBRARY_VERSION_2 : ss->vrange.max; + msg[1] = MSB(ss->clientHelloVersion); msg[2] = LSB(ss->clientHelloVersion); /* Add 3 for SCSV */ @@ -3381,7 +3380,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss) */ if ((data[0] == SSL_MT_CLIENT_HELLO) && (data[1] >= MSB(SSL_LIBRARY_VERSION_3_0)) && - (ss->opt.enableSSL3 || ss->opt.enableTLS)) { + !SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { rv = ssl3_HandleV2ClientHello(ss, data, ss->gs.recordLen); if (rv != SECFailure) { /* Success */ ss->handshake = NULL; diff --git a/net/third_party/nss/ssl/sslenum.c b/net/third_party/nss/ssl/sslenum.c index b8aa8cc..70eee54 100644 --- a/net/third_party/nss/ssl/sslenum.c +++ b/net/third_party/nss/ssl/sslenum.c @@ -39,7 +39,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslenum.c,v 1.17 2010/02/10 18:07:21 wtc%google.com Exp $ */ +/* $Id: sslenum.c,v 1.18 2012/03/06 00:26:31 wtc%google.com Exp $ */ #include "ssl.h" #include "sslproto.h" @@ -55,6 +55,9 @@ * Camellia without having to disable AES and RC4, which are needed for * interoperability with clients that don't yet implement Camellia. * + * The ordering of cipher suites in this table must match the ordering in + * the cipherSuites table in ssl3con.c. + * * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays * in ssl3ecc.c. */ @@ -95,8 +98,8 @@ const PRUint16 SSL_ImplementedCiphers[] = { #endif /* NSS_ENABLE_ECC */ TLS_RSA_WITH_SEED_CBC_SHA, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, + SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_128_CBC_SHA, /* 112-bit 3DES */ diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h index 9be063b..33c809e 100644 --- a/net/third_party/nss/ssl/sslerr.h +++ b/net/third_party/nss/ssl/sslerr.h @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslerr.h,v 1.19 2012/02/11 12:55:58 kaie%kuix.de Exp $ */ +/* $Id: sslerr.h,v 1.20 2012/03/11 04:32:35 wtc%google.com Exp $ */ #ifndef __SSL_ERR_H_ #define __SSL_ERR_H_ @@ -211,7 +211,9 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = (SSL_ERROR_BASE + 117), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119), -SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 120), +SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120), + +SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 121), SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; diff --git a/net/third_party/nss/ssl/sslgathr.c b/net/third_party/nss/ssl/sslgathr.c index 92c0e8a..3b864f6 100644 --- a/net/third_party/nss/ssl/sslgathr.c +++ b/net/third_party/nss/ssl/sslgathr.c @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslgathr.c,v 1.12 2010/04/25 23:37:38 nelson%bolyard.com Exp $ */ +/* $Id: sslgathr.c,v 1.13 2012/03/11 04:32:35 wtc%google.com Exp $ */ #include "cert.h" #include "ssl.h" #include "sslimpl.h" @@ -141,7 +141,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) /* Probably finished this piece */ switch (gs->state) { case GS_HEADER: - if ((ss->opt.enableSSL3 || ss->opt.enableTLS) && !ss->firstHsDone) { + if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) && !ss->firstHsDone) { PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -185,7 +185,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) return SECFailure; } } - } /* ((ss->opt.enableSSL3 || ss->opt.enableTLS) && !ss->firstHsDone) */ + } /* we've got the first 3 bytes. The header may be two or three. */ if (gs->hdr[0] & 0x80) { @@ -453,7 +453,6 @@ static SECStatus ssl2_HandleV3HandshakeRecord(sslSocket *ss) { SECStatus rv; - SSL3ProtocolVersion version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2]; PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -472,7 +471,8 @@ ssl2_HandleV3HandshakeRecord(sslSocket *ss) ** ssl_GatherRecord1stHandshake to invoke ssl3_GatherCompleteHandshake() ** the next time it is called. **/ - rv = ssl3_NegotiateVersion(ss, version); + rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, + PR_TRUE); if (rv != SECSuccess) { return rv; } diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h index e0e53e1..5f5ddbc 100644 --- a/net/third_party/nss/ssl/sslimpl.h +++ b/net/third_party/nss/ssl/sslimpl.h @@ -39,7 +39,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslimpl.h,v 1.94 2012/02/15 21:52:08 kaie%kuix.de Exp $ */ +/* $Id: sslimpl.h,v 1.100 2012/03/18 00:31:20 wtc%google.com Exp $ */ #ifndef __sslimpl_h_ #define __sslimpl_h_ @@ -333,8 +333,8 @@ typedef struct sslOptionsStr { unsigned int handshakeAsClient : 1; /* 6 */ unsigned int handshakeAsServer : 1; /* 7 */ unsigned int enableSSL2 : 1; /* 8 */ - unsigned int enableSSL3 : 1; /* 9 */ - unsigned int enableTLS : 1; /* 10 */ + unsigned int unusedBit9 : 1; /* 9 */ + unsigned int unusedBit10 : 1; /* 10 */ unsigned int noCache : 1; /* 11 */ unsigned int fdx : 1; /* 12 */ unsigned int v2CompatibleHello : 1; /* 13 */ @@ -510,7 +510,8 @@ typedef enum { typedef enum { type_stream, type_block } CipherType; -#define MAX_IV_LENGTH 64 +/* This value matches the size of IVs in ssl3SidKeys. */ +#define MAX_IV_LENGTH 24 /* * Do not depend upon 64 bit arithmetic in the underlying machine. @@ -1052,7 +1053,6 @@ struct sslSecurityInfoStr { }; - /* ** SSL Socket struct ** @@ -1066,6 +1066,8 @@ struct sslSocketStr { /* SSL socket options */ sslOptions opt; + /* Enabled version range */ + SSLVersionRange vrange; /* State flags */ unsigned long clientAuthRequested; @@ -1382,6 +1384,24 @@ extern PRBool ssl3_CanFalseStart(sslSocket *ss); #define ssl_HaveXmitBufLock(ss) \ (PZ_InMonitor((ss)->xmitBufLock)) +/* Placeholder value used in version ranges when SSL 3.0 and all + * versions of TLS are disabled. + */ +#define SSL_LIBRARY_VERSION_NONE 0 + +/* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version + * of libssl supports. Applications should use SSL_VersionRangeGetSupported at + * runtime to determine which versions are supported by the version of libssl + * in use. + */ +#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_1 + +/* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */ +#define SSL3_ALL_VERSIONS_DISABLED(vrange) \ + ((vrange)->min == SSL_LIBRARY_VERSION_NONE) + +extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, + SSL3ProtocolVersion version); extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, const unsigned char * cr, const unsigned char * sr, @@ -1515,7 +1535,8 @@ extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); extern void ssl3_DestroySSL3Info(sslSocket *ss); extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, - SSL3ProtocolVersion peerVersion); + SSL3ProtocolVersion peerVersion, + PRBool allowLargerPeerVersion); extern SECStatus ssl_GetPeerInfo(sslSocket *ss); diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c index 5148364..0cb46d6 100644 --- a/net/third_party/nss/ssl/sslinfo.c +++ b/net/third_party/nss/ssl/sslinfo.c @@ -35,7 +35,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslinfo.c,v 1.24 2010/09/02 01:12:57 wtc%google.com Exp $ */ +/* $Id: sslinfo.c,v 1.28 2012/03/14 00:56:43 wtc%google.com Exp $ */ #include "ssl.h" #include "sslimpl.h" #include "sslproto.h" @@ -181,8 +181,8 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, -{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, {0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, +{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, @@ -317,6 +317,46 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite) return PR_FALSE; } +SECItem* +SSL_GetNegotiatedHostInfo(PRFileDesc *fd) +{ + SECItem *sniName = NULL; + sslSocket *ss; + char *name = NULL; + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo", + SSL_GETPID(), fd)); + return NULL; + } + + if (ss->sec.isServer) { + if (ss->version > SSL_LIBRARY_VERSION_3_0 && + ss->ssl3.initialized) { /* TLS */ + SECItem *crsName; + ssl_GetSpecReadLock(ss); /*********************************/ + crsName = &ss->ssl3.crSpec->srvVirtName; + if (crsName->data) { + sniName = SECITEM_DupItem(crsName); + } + ssl_ReleaseSpecReadLock(ss); /*----------------------------*/ + } + return sniName; + } + name = SSL_RevealURL(fd); + if (name) { + sniName = PORT_ZNew(SECItem); + if (!sniName) { + PORT_Free(name); + return NULL; + } + sniName->data = (void*)name; + sniName->len = PORT_Strlen(name); + } + return sniName; +} + SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label, unsigned int labelLen, @@ -379,43 +419,3 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, PORT_ZFree(val, valLen); return rv; } - -SECItem* -SSL_GetNegotiatedHostInfo(PRFileDesc *fd) -{ - SECItem *sniName = NULL; - sslSocket *ss; - char *name = NULL; - - ss = ssl_FindSocket(fd); - if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo", - SSL_GETPID(), fd)); - return NULL; - } - - if (ss->sec.isServer) { - if (ss->version > SSL_LIBRARY_VERSION_3_0 && - ss->ssl3.initialized) { /* TLS */ - SECItem *crsName; - ssl_GetSpecReadLock(ss); /*********************************/ - crsName = &ss->ssl3.crSpec->srvVirtName; - if (crsName->data) { - sniName = SECITEM_DupItem(crsName); - } - ssl_ReleaseSpecReadLock(ss); /*----------------------------*/ - } - return sniName; - } - name = SSL_RevealURL(fd); - if (name) { - sniName = PORT_ZNew(SECItem); - if (!sniName) { - PORT_Free(name); - return NULL; - } - sniName->data = (void*)name; - sniName->len = PORT_Strlen(name); - } - return sniName; -} diff --git a/net/third_party/nss/ssl/sslproto.h b/net/third_party/nss/ssl/sslproto.h index b534d0b..985b097 100644 --- a/net/third_party/nss/ssl/sslproto.h +++ b/net/third_party/nss/ssl/sslproto.h @@ -39,7 +39,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslproto.h,v 1.15 2010/02/16 18:56:48 wtc%google.com Exp $ */ +/* $Id: sslproto.h,v 1.17 2012/03/13 02:39:11 wtc%google.com Exp $ */ #ifndef __sslproto_h_ #define __sslproto_h_ @@ -47,7 +47,11 @@ /* All versions less than 3_0 are treated as SSL version 2 */ #define SSL_LIBRARY_VERSION_2 0x0002 #define SSL_LIBRARY_VERSION_3_0 0x0300 -#define SSL_LIBRARY_VERSION_3_1_TLS 0x0301 +#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 +#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 + +/* deprecated old name */ +#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 /* Header lengths of some of the messages */ #define SSL_HL_ERROR_HBYTES 3 diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c index 16fd203..a0e410b 100644 --- a/net/third_party/nss/ssl/sslsecur.c +++ b/net/third_party/nss/ssl/sslsecur.c @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslsecur.c,v 1.57 2012/02/15 21:52:08 kaie%kuix.de Exp $ */ +/* $Id: sslsecur.c,v 1.58 2012/03/01 18:36:35 kaie%kuix.de Exp $ */ #include "cert.h" #include "secitem.h" #include "keyhi.h" @@ -1408,7 +1408,7 @@ SSL_InvalidateSession(PRFileDesc *fd) ssl_Get1stHandshakeLock(ss); ssl_GetSSL3HandshakeLock(ss); - if (ss->sec.ci.sid) { + if (ss->sec.ci.sid && ss->sec.uncache) { ss->sec.uncache(ss->sec.ci.sid); rv = SECSuccess; } diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c index 9812549..a91412b 100644 --- a/net/third_party/nss/ssl/sslsock.c +++ b/net/third_party/nss/ssl/sslsock.c @@ -40,7 +40,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslsock.c,v 1.82 2012/02/15 21:52:08 kaie%kuix.de Exp $ */ +/* $Id: sslsock.c,v 1.86 2012/03/18 00:31:20 wtc%google.com Exp $ */ #include "seccomon.h" #include "cert.h" #include "keyhi.h" @@ -171,8 +171,8 @@ static sslOptions ssl_defaults = { PR_FALSE, /* handshakeAsClient */ PR_FALSE, /* handshakeAsServer */ PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */ - PR_TRUE, /* enableSSL3 */ - PR_TRUE, /* enableTLS */ /* now defaults to on in NSS 3.0 */ + PR_FALSE, /* unusedBit9 */ + PR_FALSE, /* unusedBit10 */ PR_FALSE, /* noCache */ PR_FALSE, /* fdx */ PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */ @@ -191,6 +191,14 @@ static sslOptions ssl_defaults = { PR_FALSE, /* encryptClientCerts */ }; +/* + * default range of enabled SSL/TLS protocols + */ +static SSLVersionRange versions_defaults = { + SSL_LIBRARY_VERSION_3_0, + SSL_LIBRARY_VERSION_TLS_1_0 +}; + sslSessionIDLookupFunc ssl_sid_lookup; sslSessionIDCacheFunc ssl_sid_cache; sslSessionIDUncacheFunc ssl_sid_uncache; @@ -277,6 +285,7 @@ ssl_DupSocket(sslSocket *os) if (ss) { ss->opt = os->opt; ss->opt.useSocks = PR_FALSE; + ss->vrange = os->vrange; ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); ss->url = !os->url ? NULL : PORT_Strdup(os->url); @@ -569,6 +578,68 @@ static PRStatus SSL_BypassSetup(void) return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown); } +/* Implements the semantics for SSL_OptionSet(SSL_ENABLE_TLS, on) described in + * ssl.h in the section "SSL version range setting API". + */ +static void +ssl_EnableTLS(SSLVersionRange *vrange, PRBool on) +{ + if (SSL3_ALL_VERSIONS_DISABLED(vrange)) { + if (on) { + vrange->min = SSL_LIBRARY_VERSION_TLS_1_0; + vrange->max = SSL_LIBRARY_VERSION_TLS_1_0; + } /* else don't change anything */ + return; + } + + if (on) { + /* Expand the range of enabled version to include TLS 1.0 */ + vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); + vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0); + } else { + /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */ + if (vrange->min == SSL_LIBRARY_VERSION_3_0) { + vrange->max = SSL_LIBRARY_VERSION_3_0; + } else { + /* Only TLS was enabled, so now no versions are. */ + vrange->min = SSL_LIBRARY_VERSION_NONE; + vrange->max = SSL_LIBRARY_VERSION_NONE; + } + } +} + +/* Implements the semantics for SSL_OptionSet(SSL_ENABLE_SSL3, on) described in + * ssl.h in the section "SSL version range setting API". + */ +static void +ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on) +{ + if (SSL3_ALL_VERSIONS_DISABLED(vrange)) { + if (on) { + vrange->min = SSL_LIBRARY_VERSION_3_0; + vrange->max = SSL_LIBRARY_VERSION_3_0; + } /* else don't change anything */ + return; + } + + if (on) { + /* Expand the range of enabled versions to include SSL 3.0. We know + * SSL 3.0 or some version of TLS is already enabled at this point, so + * we don't need to change vrange->max. + */ + vrange->min = SSL_LIBRARY_VERSION_3_0; + } else { + /* Disable SSL 3.0, leaving TLS unaffected. */ + if (vrange->max > SSL_LIBRARY_VERSION_3_0) { + vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); + } else { + /* Only SSL 3.0 was enabled, so now no versions are. */ + vrange->min = SSL_LIBRARY_VERSION_NONE; + vrange->max = SSL_LIBRARY_VERSION_NONE; + } + } +} + SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) { @@ -627,7 +698,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) break; case SSL_ENABLE_TLS: - ss->opt.enableTLS = on; + ssl_EnableTLS(&ss->vrange, on); ss->preferredCipher = NULL; if (ss->cipherSpecs) { PORT_Free(ss->cipherSpecs); @@ -637,7 +708,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) break; case SSL_ENABLE_SSL3: - ss->opt.enableSSL3 = on; + ssl_EnableSSL3(&ss->vrange, on); ss->preferredCipher = NULL; if (ss->cipherSpecs) { PORT_Free(ss->cipherSpecs); @@ -805,8 +876,12 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_REQUIRE_CERTIFICATE: on = ss->opt.requireCertificate; break; case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break; case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break; - case SSL_ENABLE_TLS: on = ss->opt.enableTLS; break; - case SSL_ENABLE_SSL3: on = ss->opt.enableSSL3; break; + case SSL_ENABLE_TLS: + on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0; + break; + case SSL_ENABLE_SSL3: + on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0; + break; case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break; case SSL_NO_CACHE: on = ss->opt.noCache; break; case SSL_ENABLE_FDX: on = ss->opt.fdx; break; @@ -862,8 +937,12 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break; case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break; case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break; - case SSL_ENABLE_TLS: on = ssl_defaults.enableTLS; break; - case SSL_ENABLE_SSL3: on = ssl_defaults.enableSSL3; break; + case SSL_ENABLE_TLS: + on = versions_defaults.max >= SSL_LIBRARY_VERSION_TLS_1_0; + break; + case SSL_ENABLE_SSL3: + on = versions_defaults.min == SSL_LIBRARY_VERSION_3_0; + break; case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break; case SSL_NO_CACHE: on = ssl_defaults.noCache; break; case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break; @@ -955,11 +1034,11 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) break; case SSL_ENABLE_TLS: - ssl_defaults.enableTLS = on; + ssl_EnableTLS(&versions_defaults, on); break; case SSL_ENABLE_SSL3: - ssl_defaults.enableSSL3 = on; + ssl_EnableSSL3(&versions_defaults, on); break; case SSL_ENABLE_SSL2: @@ -1493,6 +1572,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) } ss->opt = sm->opt; + ss->vrange = sm->vrange; PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites); if (!ss->opt.useSecurity) { @@ -1583,6 +1663,125 @@ loser: #endif } +PRBool +ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, + SSL3ProtocolVersion version) +{ + return protocolVariant == ssl_variant_stream && + version >= SSL_LIBRARY_VERSION_3_0 && + version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED; +} + +/* Returns PR_TRUE if the given version range is valid and +** fully supported; otherwise, returns PR_FALSE. +*/ +static PRBool +ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant, + const SSLVersionRange *vrange) +{ + return vrange && + vrange->min <= vrange->max && + ssl3_VersionIsSupported(protocolVariant, vrange->min) && + ssl3_VersionIsSupported(protocolVariant, vrange->max); +} + +SECStatus +SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant, + SSLVersionRange *vrange) +{ + if (protocolVariant != ssl_variant_stream || !vrange) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + vrange->min = SSL_LIBRARY_VERSION_3_0; + vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; + + return SECSuccess; +} + +SECStatus +SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant, + SSLVersionRange *vrange) +{ + if (protocolVariant != ssl_variant_stream || !vrange) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + *vrange = versions_defaults; + + return SECSuccess; +} + +SECStatus +SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant, + const SSLVersionRange *vrange) +{ + if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) { + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); + return SECFailure; + } + + versions_defaults = *vrange; + + return SECSuccess; +} + +SECStatus +SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange) +{ + sslSocket *ss = ssl_FindSocket(fd); + + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet", + SSL_GETPID(), fd)); + return SECFailure; + } + + if (!vrange) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + ssl_Get1stHandshakeLock(ss); + ssl_GetSSL3HandshakeLock(ss); + + *vrange = ss->vrange; + + ssl_ReleaseSSL3HandshakeLock(ss); + ssl_Release1stHandshakeLock(ss); + + return SECSuccess; +} + +SECStatus +SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) +{ + sslSocket *ss = ssl_FindSocket(fd); + + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet", + SSL_GETPID(), fd)); + return SECFailure; + } + + if (!ssl3_VersionRangeIsValid(ssl_variant_stream, vrange)) { + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); + return SECFailure; + } + + ssl_Get1stHandshakeLock(ss); + ssl_GetSSL3HandshakeLock(ss); + + ss->vrange = *vrange; + + ssl_ReleaseSSL3HandshakeLock(ss); + ssl_Release1stHandshakeLock(ss); + + return SECSuccess; +} + SECStatus SSL_GetStapledOCSPResponse(PRFileDesc *fd, unsigned char *out_data, unsigned int *len) { @@ -2652,6 +2851,7 @@ ssl_NewSocket(PRBool makeLocks) ss->opt = ssl_defaults; ss->opt.useSocks = PR_FALSE; ss->opt.noLocks = !makeLocks; + ss->vrange = versions_defaults; ss->peerID = NULL; ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; diff --git a/net/third_party/nss/ssl/sslt.h b/net/third_party/nss/ssl/sslt.h index 3535c06..af15414 100644 --- a/net/third_party/nss/ssl/sslt.h +++ b/net/third_party/nss/ssl/sslt.h @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslt.h,v 1.18 2012/02/15 21:52:08 kaie%kuix.de Exp $ */ +/* $Id: sslt.h,v 1.20 2012/03/16 01:23:55 wtc%google.com Exp $ */ #ifndef __sslt_h_ #define __sslt_h_ @@ -190,6 +190,15 @@ typedef struct SSLCipherSuiteInfoStr { } SSLCipherSuiteInfo; typedef enum { + ssl_variant_stream = 0 +} SSLProtocolVariant; + +typedef struct SSLVersionRangeStr { + PRUint16 min; + PRUint16 max; +} SSLVersionRange; + +typedef enum { SSL_sni_host_name = 0, SSL_sni_type_total } SSLSniNameType; |