Revert the workaround for servers that use tiny DH keys.

Add the new error code ERR_SSL_WEAK_SERVER_KEY for these broken servers. Use the new SSL_RENEGOTIATE_TRANSITIONAL option. On the client side it is equivalent to SSL_RENEGOTIATE_UNRESTRICTED. R=agl BUG=51694 TEST=Visit https://portal-plumprod.cgc.enbridge.com and https://www.citylink.com.au. The network error page should display the error message: Error 129 (net::ERR_SSL_WEAK_SERVER_KEY): Unknown error. Review URL: http://codereview.chromium.org/3149012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56283 0039d316-1c4b-4281-b951-d872f2087c98
author: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-08-17 00:56:40 +0000
committer: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-08-17 00:56:40 +0000
commit: e7bad86e5d70c158115cefb90dc50a2c5fd84f39 (patch)
tree: a54dc8b704dceb8ec1decb60b1dcdc6088180526 /net/third_party
parent: 81e0a85082ccf4b14f48ed5229baa2cbd8642ad4 (diff)
download: chromium_src-e7bad86e5d70c158115cefb90dc50a2c5fd84f39.zip
chromium_src-e7bad86e5d70c158115cefb90dc50a2c5fd84f39.tar.gz
chromium_src-e7bad86e5d70c158115cefb90dc50a2c5fd84f39.tar.bz2
6 files changed, 63 insertions, 67 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index a16796e..4c4fb36 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -28,13 +28,11 @@ Patches:
     they're available when we resume a session.
     patches/cachecerts.patch
 
-  * List TLS_DHE_RSA_WITH_AES_256_CBC_SHA after TLS_RSA_WITH_AES_256_CBC_SHA
-    in ClientHello to communicate securely with some servers that use
-    256-bit DH keys.  Remove this patch when we upgrade to NSS 3.12.7,
-    which rejects DH keys shorter than 512 bits.
-    patches/deprioritizedhe.patch
+  * Add the SSL_ERROR_WEAK_SERVER_KEY error code for a weak server key in 
+    the Server Key Exchange handshake message.
+    patches/weakserverkey.patch
     http://crbug.com/51694
-    https://bugzilla.mozilla.org/show_bug.cgi?id=583337
+    https://bugzilla.mozilla.org/show_bug.cgi?id=587234
 
 The ssl/bodge directory contains files taken from the NSS repo that we required
 for building libssl outside of its usual build environment.
diff --git a/net/third_party/nss/patches/deprioritizedhe.patch b/net/third_party/nss/patches/deprioritizedhe.patch
deleted file mode 100644
index 8784015..0000000
--- a/net/third_party/nss/patches/deprioritizedhe.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
---- a/security/nss/lib/ssl/ssl3con.c
-+++ b/security/nss/lib/ssl/ssl3con.c
-@@ -106,24 +106,24 @@ static SECStatus Null_Cipher(void *ctx, 
- static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
-    /*      cipher_suite                         policy      enabled is_present*/
- #ifdef NSS_ENABLE_ECC
-  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,     SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
- #endif /* NSS_ENABLE_ECC */
-  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,  SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-  { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,  SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
- #ifdef NSS_ENABLE_ECC
-  { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,      SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-  { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,    SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
- #endif /* NSS_ENABLE_ECC */
-  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,  	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-  { TLS_RSA_WITH_AES_256_CBC_SHA,     	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
- 
- #ifdef NSS_ENABLE_ECC
-  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,       SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_RC4_128_SHA,         SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,     SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
- #endif /* NSS_ENABLE_ECC */
-  { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,  SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c
---- a/security/nss/lib/ssl/sslenum.c
-+++ b/security/nss/lib/ssl/sslenum.c
-@@ -61,24 +61,24 @@
- const PRUint16 SSL_ImplementedCiphers[] = {
-     /* 256-bit */
- #ifdef NSS_ENABLE_ECC
-     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- #endif /* NSS_ENABLE_ECC */
-     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
--    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-     TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
- #ifdef NSS_ENABLE_ECC
-     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- #endif /* NSS_ENABLE_ECC */
-     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS_RSA_WITH_AES_256_CBC_SHA,
-+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
- 
-     /* 128-bit */
- #ifdef NSS_ENABLE_ECC
-     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- #endif /* NSS_ENABLE_ECC */
diff --git a/net/third_party/nss/patches/weakserverkey.patch b/net/third_party/nss/patches/weakserverkey.patch
new file mode 100644
index 0000000..5eb84dc
--- /dev/null
+++ b/net/third_party/nss/patches/weakserverkey.patch
@@ -0,0 +1,52 @@
+Index: mozilla/security/nss/lib/ssl/ssl3con.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
+retrieving revision 1.144
+diff -p -u -8 -r1.144 ssl3con.c
+--- mozilla/security/nss/lib/ssl/ssl3con.c	12 Aug 2010 01:15:38 -0000	1.144
++++ mozilla/security/nss/lib/ssl/ssl3con.c	13 Aug 2010 23:23:40 -0000
+@@ -5299,18 +5299,20 @@ ssl3_HandleServerKeyExchange(sslSocket *
+ 	SECItem          dh_p      = {siBuffer, NULL, 0};
+ 	SECItem          dh_g      = {siBuffer, NULL, 0};
+ 	SECItem          dh_Ys     = {siBuffer, NULL, 0};
+ 
+     	rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
+     	if (rv != SECSuccess) {
+ 	    goto loser;		/* malformed. */
+ 	}
+-	if (dh_p.len < 512/8)
++	if (dh_p.len < 512/8) {
++	    errCode = SSL_ERROR_WEAK_SERVER_KEY;
+ 	    goto alert_loser;
++	}
+     	rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
+     	if (rv != SECSuccess) {
+ 	    goto loser;		/* malformed. */
+ 	}
+ 	if (dh_g.len == 0 || dh_g.len > dh_p.len + 1 ||
+ 	   (dh_g.len == 1 && dh_g.data[0] == 0))
+ 	    goto alert_loser;
+     	rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length);
+Index: mozilla/security/nss/lib/ssl/sslerr.h
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslerr.h,v
+retrieving revision 1.11
+diff -p -u -8 -r1.11 sslerr.h
+--- mozilla/security/nss/lib/ssl/sslerr.h	24 Jun 2010 09:24:18 -0000	1.11
++++ mozilla/security/nss/lib/ssl/sslerr.h	13 Aug 2010 23:23:40 -0000
+@@ -196,13 +196,15 @@ SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICK
+ SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET  = (SSL_ERROR_BASE + 110),
+ 
+ SSL_ERROR_DECOMPRESSION_FAILURE		= (SSL_ERROR_BASE + 111),
+ SSL_ERROR_RENEGOTIATION_NOT_ALLOWED     = (SSL_ERROR_BASE + 112),
+ SSL_ERROR_UNSAFE_NEGOTIATION            = (SSL_ERROR_BASE + 113),
+ 
+ SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD	= (SSL_ERROR_BASE + 114),
+ 
++SSL_ERROR_WEAK_SERVER_KEY               = (SSL_ERROR_BASE + 115),
++
+ SSL_ERROR_END_OF_LIST	/* let the c compiler determine the value of this. */
+ } SSLErrorCodes;
+ #endif /* NO_SECURITY_ERROR_ENUM */
+ 
+ #endif /* __SSL_ERR_H_ */
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 0a138d7..050223a 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -110,6 +110,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
 #endif /* NSS_ENABLE_ECC */
  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,  SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
  { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,  SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
  { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
 #ifdef NSS_ENABLE_ECC
  { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,      SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
@@ -117,7 +118,6 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
 #endif /* NSS_ENABLE_ECC */
  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,  	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
  { TLS_RSA_WITH_AES_256_CBC_SHA,     	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
 
 #ifdef NSS_ENABLE_ECC
  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,       SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
@@ -5312,8 +5312,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
     	if (rv != SECSuccess) {
 	    goto loser;		/* malformed. */
 	}
-	if (dh_p.len < 512/8)
+	if (dh_p.len < 512/8) {
+	    errCode = SSL_ERROR_WEAK_SERVER_KEY;
 	    goto alert_loser;
+	}
     	rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
     	if (rv != SECSuccess) {
 	    goto loser;		/* malformed. */
diff --git a/net/third_party/nss/ssl/sslenum.c b/net/third_party/nss/ssl/sslenum.c
index a70a728..b8aa8cc 100644
--- a/net/third_party/nss/ssl/sslenum.c
+++ b/net/third_party/nss/ssl/sslenum.c
@@ -66,6 +66,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
 #endif /* NSS_ENABLE_ECC */
     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
 #ifdef NSS_ENABLE_ECC
     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
@@ -73,7 +74,6 @@ const PRUint16 SSL_ImplementedCiphers[] = {
 #endif /* NSS_ENABLE_ECC */
     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_RSA_WITH_AES_256_CBC_SHA,
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
 
     /* 128-bit */
 #ifdef NSS_ENABLE_ECC
diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
index 2f021e7..bd72f97 100644
--- a/net/third_party/nss/ssl/sslerr.h
+++ b/net/third_party/nss/ssl/sslerr.h
@@ -201,6 +201,8 @@ SSL_ERROR_UNSAFE_NEGOTIATION            = (SSL_ERROR_BASE + 113),
 
 SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD	= (SSL_ERROR_BASE + 114),
 
+SSL_ERROR_WEAK_SERVER_KEY               = (SSL_ERROR_BASE + 115),
+
 SSL_ERROR_END_OF_LIST	/* let the c compiler determine the value of this. */
 } SSLErrorCodes;
 #endif /* NO_SECURITY_ERROR_ENUM */
author	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-08-17 00:56:40 +0000
committer	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-08-17 00:56:40 +0000
commit	e7bad86e5d70c158115cefb90dc50a2c5fd84f39 (patch)
tree	a54dc8b704dceb8ec1decb60b1dcdc6088180526 /net/third_party
parent	81e0a85082ccf4b14f48ed5229baa2cbd8642ad4 (diff)
download	chromium_src-e7bad86e5d70c158115cefb90dc50a2c5fd84f39.zip chromium_src-e7bad86e5d70c158115cefb90dc50a2c5fd84f39.tar.gz chromium_src-e7bad86e5d70c158115cefb90dc50a2c5fd84f39.tar.bz2