You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7899 lines
298 KiB
7899 lines
298 KiB
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/build/secondary/third_party/nss/BUILD.gn qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/build/secondary/third_party/nss/BUILD.gn
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/build/secondary/third_party/nss/BUILD.gn 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/build/secondary/third_party/nss/BUILD.gn 2016-01-13 14:18:55.587954670 +0100
|
|
@@ -695,6 +695,8 @@
|
|
"nss/lib/freebl/win_rand.c",
|
|
"nss/lib/nss/nss.h",
|
|
"nss/lib/nss/nssinit.c",
|
|
+ "nss/lib/nss/nssoptions.c",
|
|
+ "nss/lib/nss/nssoptions.h",
|
|
"nss/lib/nss/nssrenam.h",
|
|
"nss/lib/nss/utilwrap.c",
|
|
"nss/lib/pk11wrap/debug_module.c",
|
|
@@ -859,6 +861,7 @@
|
|
"nss/lib/util/utilpars.h",
|
|
"nss/lib/util/utilparst.h",
|
|
"nss/lib/util/utilrename.h",
|
|
+ "nss/lib/util/verref.h",
|
|
]
|
|
|
|
sources -= [
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/aesgcmchromium.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/aesgcmchromium.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/aesgcmchromium.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/aesgcmchromium.patch 2016-01-13 14:18:55.588954676 +0100
|
|
@@ -1,7 +1,7 @@
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 1167d6d..dabe333 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index c5cb1eb..299e414 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
@@ -8,6 +8,7 @@
|
|
|
|
/* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
|
|
@@ -10,7 +10,7 @@
|
|
#include "cert.h"
|
|
#include "ssl.h"
|
|
#include "cryptohi.h" /* for DSAU_ stuff */
|
|
-@@ -44,6 +45,9 @@
|
|
+@@ -46,6 +47,9 @@
|
|
#ifdef NSS_ENABLE_ZLIB
|
|
#include "zlib.h"
|
|
#endif
|
|
@@ -20,7 +20,7 @@
|
|
|
|
#ifndef PK11_SETATTRS
|
|
#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
|
|
-@@ -1874,6 +1878,63 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out,
|
|
+@@ -1897,6 +1901,63 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out,
|
|
return 13;
|
|
}
|
|
|
|
@@ -84,7 +84,7 @@
|
|
static SECStatus
|
|
ssl3_AESGCM(ssl3KeyMaterial *keys,
|
|
PRBool doDecrypt,
|
|
-@@ -1925,10 +1986,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
|
|
+@@ -1948,10 +2009,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
|
|
gcmParams.ulTagBits = tagSize * 8;
|
|
|
|
if (doDecrypt) {
|
|
@@ -97,7 +97,7 @@
|
|
maxout, in, inlen);
|
|
}
|
|
*outlen += (int) uOutLen;
|
|
-@@ -5162,6 +5223,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5337,6 +5398,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
ssl3_DisableNonDTLSSuites(ss);
|
|
}
|
|
|
|
@@ -108,7 +108,7 @@
|
|
/* how many suites are permitted by policy and user preference? */
|
|
num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
|
|
if (!num_suites) {
|
|
-@@ -8172,6 +8237,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+@@ -8400,6 +8465,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
ssl3_DisableNonDTLSSuites(ss);
|
|
}
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/applypatches.sh qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/applypatches.sh
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/applypatches.sh 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/applypatches.sh 2016-01-13 14:18:55.588954676 +0100
|
|
@@ -46,9 +46,3 @@
|
|
patch -p2 < $patches_dir/nssrwlock.patch
|
|
|
|
patch -p2 < $patches_dir/reorderextensions.patch
|
|
-
|
|
-patch -p2 < $patches_dir/removebuildmetadata.patch
|
|
-
|
|
-patch -p2 < $patches_dir/norenegotiatelock.patch
|
|
-
|
|
-patch -p2 < $patches_dir/dh1024.patch
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cachecerts.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cachecerts.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cachecerts.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cachecerts.patch 2016-01-13 14:18:55.589954682 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 163572c..60af5b0 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -43,6 +43,7 @@
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index 8f1c547..9aaf601 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -45,6 +45,7 @@
|
|
|
|
static SECStatus ssl3_AuthCertificate(sslSocket *ss);
|
|
static void ssl3_CleanupPeerCerts(sslSocket *ss);
|
|
@@ -10,15 +10,15 @@
|
|
static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
|
|
PK11SlotInfo * serverKeySlot);
|
|
static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
|
|
-@@ -6549,6 +6550,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+@@ -6751,6 +6752,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
/* copy the peer cert from the SID */
|
|
if (sid->peerCert != NULL) {
|
|
ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
|
|
+ ssl3_CopyPeerCertsFromSID(ss, sid);
|
|
}
|
|
|
|
- /* NULL value for PMS signifies re-use of the old MS */
|
|
-@@ -8140,6 +8142,7 @@ compression_found:
|
|
+ /* NULL value for PMS because we are reusing the old MS */
|
|
+@@ -8405,6 +8407,7 @@ compression_found:
|
|
ss->sec.ci.sid = sid;
|
|
if (sid->peerCert != NULL) {
|
|
ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
|
|
@@ -26,7 +26,7 @@
|
|
}
|
|
|
|
/*
|
|
-@@ -9763,6 +9766,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
|
|
+@@ -10389,6 +10392,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
|
|
ss->ssl3.peerCertChain = NULL;
|
|
}
|
|
|
|
@@ -71,7 +71,7 @@
|
|
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
|
|
* ssl3 CertificateStatus message.
|
|
* Caller must hold Handshake and RecvBuf locks.
|
|
-@@ -10041,6 +10082,7 @@ ssl3_AuthCertificate(sslSocket *ss)
|
|
+@@ -10669,6 +10710,7 @@ ssl3_AuthCertificate(sslSocket *ss)
|
|
}
|
|
|
|
ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
|
|
@@ -79,11 +79,11 @@
|
|
|
|
if (!ss->sec.isServer) {
|
|
CERTCertificate *cert = ss->sec.peerCert;
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index 1b38a52..086f6d2 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -597,6 +597,8 @@ typedef enum { never_cached,
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index ad31aae..9dcc29e 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -608,6 +608,8 @@ typedef enum { never_cached,
|
|
invalid_cache /* no longer in any cache. */
|
|
} Cached;
|
|
|
|
@@ -92,7 +92,7 @@
|
|
struct sslSessionIDStr {
|
|
/* The global cache lock must be held when accessing these members when the
|
|
* sid is in any cache.
|
|
-@@ -611,6 +613,7 @@ struct sslSessionIDStr {
|
|
+@@ -622,6 +624,7 @@ struct sslSessionIDStr {
|
|
*/
|
|
|
|
CERTCertificate * peerCert;
|
|
@@ -100,10 +100,10 @@
|
|
SECItemArray peerCertStatus; /* client only */
|
|
const char * peerID; /* client only */
|
|
const char * urlSvrName; /* client only */
|
|
-diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
|
|
+diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
|
|
index 2e861f1..be11008 100644
|
|
---- a/ssl/sslnonce.c
|
|
-+++ b/ssl/sslnonce.c
|
|
+--- a/lib/ssl/sslnonce.c
|
|
++++ b/lib/ssl/sslnonce.c
|
|
@@ -164,6 +164,7 @@ lock_cache(void)
|
|
static void
|
|
ssl_DestroySID(sslSessionID *sid)
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cachelocks.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cachelocks.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cachelocks.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cachelocks.patch 2016-01-13 14:18:55.589954682 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 6819b03..6a4a443 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -5748,7 +5748,6 @@ SSL3_ShutdownServerCache(void)
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index 2533679..ba3d012 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -5921,7 +5921,6 @@ SSL3_ShutdownServerCache(void)
|
|
}
|
|
|
|
PZ_Unlock(symWrapKeysLock);
|
|
@@ -10,7 +10,7 @@
|
|
return SECSuccess;
|
|
}
|
|
|
|
-@@ -5800,7 +5799,7 @@ getWrappingKey( sslSocket * ss,
|
|
+@@ -5973,7 +5972,7 @@ getWrappingKey( sslSocket * ss,
|
|
|
|
pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType];
|
|
|
|
@@ -19,11 +19,11 @@
|
|
|
|
PZ_Lock(symWrapKeysLock);
|
|
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index 88b2eba..c4c87b4 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -1924,9 +1924,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void);
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index d5f326f..d53c446 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -1957,9 +1957,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void);
|
|
|
|
extern SECStatus ssl_FreeSymWrapKeysLock(void);
|
|
|
|
@@ -34,10 +34,10 @@
|
|
|
|
/***************** platform client auth ****************/
|
|
|
|
-diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
|
|
+diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
|
|
index 1326a8b..c45849d 100644
|
|
---- a/ssl/sslnonce.c
|
|
-+++ b/ssl/sslnonce.c
|
|
+--- a/lib/ssl/sslnonce.c
|
|
++++ b/lib/ssl/sslnonce.c
|
|
@@ -35,91 +35,55 @@ static PZLock * cacheLock = NULL;
|
|
#define LOCK_CACHE lock_cache()
|
|
#define UNLOCK_CACHE PZ_Unlock(cacheLock)
|
|
@@ -204,11 +204,11 @@
|
|
PZ_Lock(cacheLock);
|
|
}
|
|
|
|
-diff --git a/ssl/sslsnce.c b/ssl/sslsnce.c
|
|
-index 4d9ef38..3279200 100644
|
|
---- a/ssl/sslsnce.c
|
|
-+++ b/ssl/sslsnce.c
|
|
-@@ -1352,7 +1352,7 @@ SSL_ConfigServerSessionIDCache( int maxCacheEntries,
|
|
+diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c
|
|
+index f31b2e9..3856c13 100644
|
|
+--- a/lib/ssl/sslsnce.c
|
|
++++ b/lib/ssl/sslsnce.c
|
|
+@@ -1363,7 +1363,7 @@ SSL_ConfigServerSessionIDCache( int maxCacheEntries,
|
|
PRUint32 ssl3_timeout,
|
|
const char * directory)
|
|
{
|
|
@@ -217,7 +217,7 @@
|
|
return SSL_ConfigServerSessionIDCacheInstance(&globalCache,
|
|
maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
|
|
}
|
|
-@@ -1466,7 +1466,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
|
|
+@@ -1477,7 +1477,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
|
|
PRBool enableMPCache)
|
|
{
|
|
if (!enableMPCache) {
|
|
@@ -226,7 +226,7 @@
|
|
return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache,
|
|
ssl2_timeout, ssl3_timeout, directory, PR_FALSE,
|
|
maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
|
|
-@@ -1511,7 +1511,7 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString)
|
|
+@@ -1521,7 +1521,7 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString)
|
|
return SECSuccess; /* already done. */
|
|
}
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/chacha20poly1305.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/chacha20poly1305.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/chacha20poly1305.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/chacha20poly1305.patch 2016-01-13 14:18:55.590954688 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index dabe333..6819b03 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -41,6 +41,21 @@
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index 299e414..2533679 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -43,6 +43,21 @@
|
|
#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
|
|
#endif
|
|
|
|
@@ -24,16 +24,16 @@
|
|
#include <stdio.h>
|
|
#ifdef NSS_ENABLE_ZLIB
|
|
#include "zlib.h"
|
|
-@@ -105,6 +120,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
|
+@@ -110,6 +125,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
|
/* cipher_suite policy enabled isPresent */
|
|
|
|
#ifndef NSS_DISABLE_ECC
|
|
+ { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
+ { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
|
|
-@@ -296,6 +313,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {
|
|
+@@ -307,6 +324,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {
|
|
{cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0},
|
|
{cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0},
|
|
{cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8},
|
|
@@ -41,16 +41,16 @@
|
|
{cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0},
|
|
};
|
|
|
|
-@@ -422,6 +440,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
|
|
+@@ -433,6 +451,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
|
|
{TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},
|
|
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
|
|
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
|
|
+ {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa},
|
|
+ {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa},
|
|
|
|
- #ifndef NSS_DISABLE_ECC
|
|
- {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},
|
|
-@@ -487,6 +507,7 @@ static const SSLCipher2Mech alg2Mech[] = {
|
|
+ {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss},
|
|
+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss},
|
|
+@@ -502,6 +522,7 @@ static const SSLCipher2Mech alg2Mech[] = {
|
|
{ calg_camellia , CKM_CAMELLIA_CBC },
|
|
{ calg_seed , CKM_SEED_CBC },
|
|
{ calg_aes_gcm , CKM_AES_GCM },
|
|
@@ -58,7 +58,7 @@
|
|
/* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */
|
|
};
|
|
|
|
-@@ -662,6 +683,8 @@ ssl3_CipherSuiteAllowedForVersionRange(
|
|
+@@ -679,6 +700,8 @@ ssl3_CipherSuiteAllowedForVersionRange(
|
|
case TLS_RSA_WITH_NULL_SHA256:
|
|
return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
|
|
|
|
@@ -67,7 +67,7 @@
|
|
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
|
|
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
|
|
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
|
|
-@@ -2070,6 +2093,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
|
|
+@@ -2093,6 +2116,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
|
|
}
|
|
#endif
|
|
|
|
@@ -114,7 +114,7 @@
|
|
/* Initialize encryption and MAC contexts for pending spec.
|
|
* Master Secret already is derived.
|
|
* Caller holds Spec write lock.
|
|
-@@ -2103,13 +2166,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss)
|
|
+@@ -2126,13 +2189,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss)
|
|
pwSpec->client.write_mac_context = NULL;
|
|
pwSpec->server.write_mac_context = NULL;
|
|
|
|
@@ -134,11 +134,11 @@
|
|
return SECSuccess;
|
|
}
|
|
|
|
-diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
|
|
-index 9b91270..31e0774 100644
|
|
---- a/ssl/ssl3ecc.c
|
|
-+++ b/ssl/ssl3ecc.c
|
|
-@@ -921,6 +921,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
|
|
+diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
|
|
+index cf8e741..ab5ab14 100644
|
|
+--- a/lib/ssl/ssl3ecc.c
|
|
++++ b/lib/ssl/ssl3ecc.c
|
|
+@@ -926,6 +926,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
@@ -146,7 +146,7 @@
|
|
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
|
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
|
0 /* end of list marker */
|
|
-@@ -932,6 +933,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
|
|
+@@ -937,6 +938,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
@@ -154,7 +154,7 @@
|
|
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
|
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
|
0 /* end of list marker */
|
|
-@@ -944,6 +946,7 @@ static const ssl3CipherSuite ecSuites[] = {
|
|
+@@ -949,6 +951,7 @@ static const ssl3CipherSuite ecSuites[] = {
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
@@ -162,7 +162,7 @@
|
|
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
|
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
|
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
-@@ -951,6 +954,7 @@ static const ssl3CipherSuite ecSuites[] = {
|
|
+@@ -956,6 +959,7 @@ static const ssl3CipherSuite ecSuites[] = {
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
@@ -170,10 +170,10 @@
|
|
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
|
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
|
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
|
-diff --git a/ssl/sslenum.c b/ssl/sslenum.c
|
|
-index 09ce43f..a036627 100644
|
|
---- a/ssl/sslenum.c
|
|
-+++ b/ssl/sslenum.c
|
|
+diff --git a/lib/ssl/sslenum.c b/lib/ssl/sslenum.c
|
|
+index f69aed2..b4a8844 100644
|
|
+--- a/lib/ssl/sslenum.c
|
|
++++ b/lib/ssl/sslenum.c
|
|
@@ -37,17 +37,21 @@
|
|
*
|
|
* Exception: Because some servers ignore the high-order byte of the cipher
|
|
@@ -199,11 +199,11 @@
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index ea71975..88b2eba 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -65,6 +65,7 @@ typedef SSLSignType SSL3SignType;
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index 60dd243..d5f326f 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -66,6 +66,7 @@ typedef SSLSignType SSL3SignType;
|
|
#define calg_camellia ssl_calg_camellia
|
|
#define calg_seed ssl_calg_seed
|
|
#define calg_aes_gcm ssl_calg_aes_gcm
|
|
@@ -211,16 +211,16 @@
|
|
|
|
#define mac_null ssl_mac_null
|
|
#define mac_md5 ssl_mac_md5
|
|
-@@ -299,7 +300,7 @@ typedef struct {
|
|
+@@ -301,7 +302,7 @@ typedef struct {
|
|
} ssl3CipherSuiteCfg;
|
|
|
|
#ifndef NSS_DISABLE_ECC
|
|
--#define ssl_V3_SUITES_IMPLEMENTED 61
|
|
-+#define ssl_V3_SUITES_IMPLEMENTED 63
|
|
+-#define ssl_V3_SUITES_IMPLEMENTED 64
|
|
++#define ssl_V3_SUITES_IMPLEMENTED 66
|
|
#else
|
|
- #define ssl_V3_SUITES_IMPLEMENTED 37
|
|
+ #define ssl_V3_SUITES_IMPLEMENTED 40
|
|
#endif /* NSS_DISABLE_ECC */
|
|
-@@ -485,6 +486,7 @@ typedef enum {
|
|
+@@ -495,6 +496,7 @@ typedef enum {
|
|
cipher_camellia_256,
|
|
cipher_seed,
|
|
cipher_aes_128_gcm,
|
|
@@ -228,11 +228,11 @@
|
|
cipher_missing /* reserved for no such supported cipher */
|
|
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
|
|
} SSL3BulkCipher;
|
|
-diff --git a/ssl/sslinfo.c b/ssl/sslinfo.c
|
|
-index ba230d2..845d9f0 100644
|
|
---- a/ssl/sslinfo.c
|
|
-+++ b/ssl/sslinfo.c
|
|
-@@ -110,6 +110,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
|
|
+diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c
|
|
+index 7048eb8..bef3190 100644
|
|
+--- a/lib/ssl/sslinfo.c
|
|
++++ b/lib/ssl/sslinfo.c
|
|
+@@ -148,6 +148,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
|
|
#define C_NULL "NULL", calg_null
|
|
#define C_SJ "SKIPJACK", calg_sj
|
|
#define C_AESGCM "AES-GCM", calg_aes_gcm
|
|
@@ -240,7 +240,7 @@
|
|
|
|
#define B_256 256, 256, 256
|
|
#define B_128 128, 128, 128
|
|
-@@ -188,12 +189,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
|
+@@ -229,12 +230,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
|
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
|
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
|
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
|
@@ -255,11 +255,11 @@
|
|
|
|
{0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, },
|
|
{0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
|
-diff --git a/ssl/sslproto.h b/ssl/sslproto.h
|
|
-index e02442c..dc653c9 100644
|
|
---- a/ssl/sslproto.h
|
|
-+++ b/ssl/sslproto.h
|
|
-@@ -258,6 +258,9 @@
|
|
+diff --git a/lib/ssl/sslproto.h b/lib/ssl/sslproto.h
|
|
+index 2db47a5..36ae6c9 100644
|
|
+--- a/lib/ssl/sslproto.h
|
|
++++ b/lib/ssl/sslproto.h
|
|
+@@ -260,6 +260,9 @@
|
|
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
|
|
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
|
|
|
|
@@ -269,11 +269,11 @@
|
|
/* Netscape "experimental" cipher suites. */
|
|
#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
|
|
#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
|
|
-diff --git a/ssl/sslt.h b/ssl/sslt.h
|
|
-index 430d216..fe0ad07 100644
|
|
---- a/ssl/sslt.h
|
|
-+++ b/ssl/sslt.h
|
|
-@@ -94,7 +94,8 @@ typedef enum {
|
|
+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
|
|
+index 5593579..a2eff62 100644
|
|
+--- a/lib/ssl/sslt.h
|
|
++++ b/lib/ssl/sslt.h
|
|
+@@ -117,7 +117,8 @@ typedef enum {
|
|
ssl_calg_aes = 7,
|
|
ssl_calg_camellia = 8,
|
|
ssl_calg_seed = 9,
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/channelid.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/channelid.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/channelid.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/channelid.patch 2016-01-13 14:18:55.591954693 +0100
|
|
@@ -1,25 +1,25 @@
|
|
-diff --git a/ssl/SSLerrs.h b/ssl/SSLerrs.h
|
|
-index 174037b..81da41c 100644
|
|
---- a/ssl/SSLerrs.h
|
|
-+++ b/ssl/SSLerrs.h
|
|
-@@ -422,3 +422,12 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
|
|
- ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
|
|
- "The server rejected the handshake because the client downgraded to a lower "
|
|
- "TLS version than the server supports.")
|
|
+diff --git a/lib/ssl/SSLerrs.h b/lib/ssl/SSLerrs.h
|
|
+index 6028396..3d21ab8 100644
|
|
+--- a/lib/ssl/SSLerrs.h
|
|
++++ b/lib/ssl/SSLerrs.h
|
|
+@@ -440,3 +440,12 @@ ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136),
|
|
+
|
|
+ ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137),
|
|
+ "The peer tried to resume with an unexpected extended_master_secret extension")
|
|
+
|
|
-+ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
|
|
++ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 138),
|
|
+"SSL received a malformed TLS Channel ID extension.")
|
|
+
|
|
-+ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 133),
|
|
++ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 139),
|
|
+"The application provided an invalid TLS Channel ID key.")
|
|
+
|
|
-+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 134),
|
|
++ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 140),
|
|
+"The application could not get a TLS Channel ID.")
|
|
-diff --git a/ssl/ssl.h b/ssl/ssl.h
|
|
-index 593dd00..716537d 100644
|
|
---- a/ssl/ssl.h
|
|
-+++ b/ssl/ssl.h
|
|
-@@ -1025,6 +1025,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
|
|
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
|
+index 85ced8a..120c257 100644
|
|
+--- a/lib/ssl/ssl.h
|
|
++++ b/lib/ssl/ssl.h
|
|
+@@ -1135,6 +1135,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
|
|
SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
|
|
PRBool *last_handshake_resumed);
|
|
|
|
@@ -54,11 +54,11 @@
|
|
/*
|
|
** How long should we wait before retransmitting the next flight of
|
|
** the DTLS handshake? Returns SECFailure if not DTLS or not in a
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 29e8f1c..c0e8e79 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateStatus( sslSocket *ss);
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index 304e03b..2ae8ce9 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -57,6 +57,7 @@ static SECStatus ssl3_SendCertificateStatus( sslSocket *ss);
|
|
static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
|
|
static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
|
|
static SECStatus ssl3_SendNextProto( sslSocket *ss);
|
|
@@ -66,7 +66,7 @@
|
|
static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
|
|
static SECStatus ssl3_SendServerHello( sslSocket *ss);
|
|
static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
|
|
-@@ -6296,6 +6297,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+@@ -6470,6 +6471,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
}
|
|
#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
|
|
|
@@ -82,7 +82,7 @@
|
|
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
|
|
if (temp < 0) {
|
|
goto loser; /* alert has been sent */
|
|
-@@ -6578,7 +6588,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+@@ -6780,7 +6790,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
if (rv != SECSuccess) {
|
|
goto alert_loser; /* err code was set */
|
|
}
|
|
@@ -91,9 +91,9 @@
|
|
} while (0);
|
|
|
|
if (sid_match)
|
|
-@@ -6613,6 +6623,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
- } else {
|
|
- ss->ssl3.hs.ws = wait_cert_request;
|
|
+@@ -6819,6 +6829,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+ PORT_Assert(ss->ssl3.hs.kea_def->ephemeral);
|
|
+ ss->ssl3.hs.ws = wait_server_key;
|
|
}
|
|
+
|
|
+winner:
|
|
@@ -119,7 +119,7 @@
|
|
return SECSuccess;
|
|
|
|
alert_loser:
|
|
-@@ -7565,7 +7596,14 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
|
+@@ -7774,7 +7805,14 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
|
if (rv != SECSuccess) {
|
|
goto loser; /* err code was set. */
|
|
}
|
|
@@ -134,7 +134,7 @@
|
|
if (ss->opt.enableFalseStart) {
|
|
if (!ss->ssl3.hs.authCertificatePending) {
|
|
/* When we fix bug 589047, we will need to know whether we are
|
|
-@@ -7602,6 +7640,33 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
|
+@@ -7811,6 +7849,33 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
|
|
|
ssl_ReleaseXmitBufLock(ss); /*******************************/
|
|
|
|
@@ -168,7 +168,7 @@
|
|
if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
|
|
ss->ssl3.hs.ws = wait_new_session_ticket;
|
|
else
|
|
-@@ -10590,6 +10655,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
|
|
+@@ -11264,6 +11329,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
|
|
}
|
|
|
|
/* called from ssl3_SendClientSecondRound
|
|
@@ -353,7 +353,7 @@
|
|
* ssl3_HandleClientHello
|
|
* ssl3_HandleFinished
|
|
*/
|
|
-@@ -10849,11 +11092,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
|
|
+@@ -11531,11 +11774,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
|
|
flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
|
|
}
|
|
|
|
@@ -374,7 +374,7 @@
|
|
}
|
|
|
|
if (IS_DTLS(ss)) {
|
|
-@@ -12333,6 +12581,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
|
|
+@@ -13095,6 +13343,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
|
|
ssl_FreePlatformKey(ss->ssl3.platformClientKey);
|
|
#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
|
|
|
@@ -386,10 +386,10 @@
|
|
if (ss->ssl3.peerCertArena != NULL)
|
|
ssl3_CleanupPeerCerts(ss);
|
|
|
|
-diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
|
|
-index 0a2288a..4d17587 100644
|
|
---- a/ssl/ssl3ext.c
|
|
-+++ b/ssl/ssl3ext.c
|
|
+diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
|
|
+index 5661a5c..78825cb 100644
|
|
+--- a/lib/ssl/ssl3ext.c
|
|
++++ b/lib/ssl/ssl3ext.c
|
|
@@ -73,6 +73,10 @@ static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
|
|
SECItem *data);
|
|
static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
|
|
@@ -401,15 +401,15 @@
|
|
static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
|
|
PRBool append, PRUint32 maxBytes);
|
|
static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
|
|
-@@ -269,6 +273,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
|
|
+@@ -276,6 +280,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
|
|
{ ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
|
|
{ ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn },
|
|
{ ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
|
|
+ { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
|
|
{ ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
|
|
+ { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
|
|
{ -1, NULL }
|
|
- };
|
|
-@@ -296,6 +301,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
|
+@@ -304,6 +309,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
|
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
|
|
{ ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
|
|
{ ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
|
|
@@ -417,7 +417,7 @@
|
|
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
|
|
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
|
|
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
|
|
-@@ -930,6 +936,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
|
|
+@@ -945,6 +951,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
|
|
}
|
|
|
|
static SECStatus
|
|
@@ -479,10 +479,10 @@
|
|
ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
|
|
SECItem *data)
|
|
{
|
|
-diff --git a/ssl/ssl3prot.h b/ssl/ssl3prot.h
|
|
-index 485d7dd..78fbcaa 100644
|
|
---- a/ssl/ssl3prot.h
|
|
-+++ b/ssl/ssl3prot.h
|
|
+diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h
|
|
+index a93bef1..848bdee 100644
|
|
+--- a/lib/ssl/ssl3prot.h
|
|
++++ b/lib/ssl/ssl3prot.h
|
|
@@ -136,7 +136,8 @@ typedef enum {
|
|
client_key_exchange = 16,
|
|
finished = 20,
|
|
@@ -493,10 +493,10 @@
|
|
} SSL3HandshakeType;
|
|
|
|
typedef struct {
|
|
-diff --git a/ssl/sslauth.c b/ssl/sslauth.c
|
|
-index 7f9c43b..c2d9201 100644
|
|
---- a/ssl/sslauth.c
|
|
-+++ b/ssl/sslauth.c
|
|
+diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c
|
|
+index e6981f0..03b23b4 100644
|
|
+--- a/lib/ssl/sslauth.c
|
|
++++ b/lib/ssl/sslauth.c
|
|
@@ -216,6 +216,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
|
|
return SECSuccess;
|
|
}
|
|
@@ -522,26 +522,26 @@
|
|
#ifdef NSS_PLATFORM_CLIENT_AUTH
|
|
/* NEED LOCKS IN HERE. */
|
|
SECStatus
|
|
-diff --git a/ssl/sslerr.h b/ssl/sslerr.h
|
|
-index 12dbb1d..24bf893 100644
|
|
---- a/ssl/sslerr.h
|
|
-+++ b/ssl/sslerr.h
|
|
-@@ -198,6 +198,10 @@ SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130),
|
|
-
|
|
- SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
|
|
-
|
|
-+SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
|
|
-+SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
|
|
-+SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
|
|
+diff --git a/lib/ssl/sslerr.h b/lib/ssl/sslerr.h
|
|
+index 192a107..835b812 100644
|
|
+--- a/lib/ssl/sslerr.h
|
|
++++ b/lib/ssl/sslerr.h
|
|
+@@ -208,6 +208,10 @@ SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135),
|
|
+ SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 136),
|
|
+ SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 137),
|
|
+
|
|
++SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 138),
|
|
++SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 139),
|
|
++SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 140),
|
|
+
|
|
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
|
|
} SSLErrorCodes;
|
|
#endif /* NO_SECURITY_ERROR_ENUM */
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index 2cf0b3a..e11860e 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -711,6 +711,14 @@ struct sslSessionIDStr {
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index c089889..c286518 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -722,6 +722,14 @@ struct sslSessionIDStr {
|
|
|
|
SECItem srvName;
|
|
|
|
@@ -556,7 +556,7 @@
|
|
/* This lock is lazily initialized by CacheSID when a sid is first
|
|
* cached. Before then, there is no need to lock anything because
|
|
* the sid isn't being shared by anything.
|
|
-@@ -986,6 +994,9 @@ struct ssl3StateStr {
|
|
+@@ -999,6 +1007,9 @@ struct ssl3StateStr {
|
|
CERTCertificateList *clientCertChain; /* used by client */
|
|
PRBool sendEmptyCert; /* used by client */
|
|
|
|
@@ -566,7 +566,7 @@
|
|
int policy;
|
|
/* This says what cipher suites we can do, and should
|
|
* be either SSL_ALLOWED or SSL_RESTRICTED
|
|
-@@ -1264,6 +1275,8 @@ const unsigned char * preferredCipher;
|
|
+@@ -1294,6 +1305,8 @@ const unsigned char * preferredCipher;
|
|
void *pkcs11PinArg;
|
|
SSLNextProtoCallback nextProtoCallback;
|
|
void *nextProtoArg;
|
|
@@ -575,7 +575,7 @@
|
|
|
|
PRIntervalTime rTimeout; /* timeout for NSPR I/O */
|
|
PRIntervalTime wTimeout; /* timeout for NSPR I/O */
|
|
-@@ -1610,6 +1623,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
|
|
+@@ -1640,6 +1653,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
|
|
SECKEYPrivateKey * key,
|
|
CERTCertificateList *certChain);
|
|
|
|
@@ -587,10 +587,10 @@
|
|
extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
|
|
|
|
/*
|
|
-diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
|
|
+diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
|
|
index be11008..1326a8b 100644
|
|
---- a/ssl/sslnonce.c
|
|
-+++ b/ssl/sslnonce.c
|
|
+--- a/lib/ssl/sslnonce.c
|
|
++++ b/lib/ssl/sslnonce.c
|
|
@@ -180,6 +180,9 @@ ssl_DestroySID(sslSessionID *sid)
|
|
if (sid->u.ssl3.srvName.data) {
|
|
SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
|
|
@@ -601,11 +601,11 @@
|
|
|
|
if (sid->u.ssl3.lock) {
|
|
PR_DestroyRWLock(sid->u.ssl3.lock);
|
|
-diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
|
|
-index d44336e..5c6751a 100644
|
|
---- a/ssl/sslsecur.c
|
|
-+++ b/ssl/sslsecur.c
|
|
-@@ -1582,6 +1582,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc * fd,
|
|
+diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
|
|
+index f77d6fa..cca55bb 100644
|
|
+--- a/lib/ssl/sslsecur.c
|
|
++++ b/lib/ssl/sslsecur.c
|
|
+@@ -1598,6 +1598,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc * fd,
|
|
return ret;
|
|
}
|
|
|
|
@@ -648,11 +648,11 @@
|
|
/* DO NOT USE. This function was exported in ssl.def with the wrong signature;
|
|
* this implementation exists to maintain link-time compatibility.
|
|
*/
|
|
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
|
|
-index 9431fe4..042f24f 100644
|
|
---- a/ssl/sslsock.c
|
|
-+++ b/ssl/sslsock.c
|
|
-@@ -288,6 +288,8 @@ ssl_DupSocket(sslSocket *os)
|
|
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
+index 11e66f2..efba686 100644
|
|
+--- a/lib/ssl/sslsock.c
|
|
++++ b/lib/ssl/sslsock.c
|
|
+@@ -313,6 +313,8 @@ ssl_DupSocket(sslSocket *os)
|
|
ss->canFalseStartCallback = os->canFalseStartCallback;
|
|
ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
|
|
ss->pkcs11PinArg = os->pkcs11PinArg;
|
|
@@ -661,7 +661,7 @@
|
|
|
|
/* Create security data */
|
|
rv = ssl_CopySecurityInfo(ss, os);
|
|
-@@ -1733,6 +1735,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
|
|
+@@ -1987,6 +1989,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
|
|
ss->handshakeCallbackData = sm->handshakeCallbackData;
|
|
if (sm->pkcs11PinArg)
|
|
ss->pkcs11PinArg = sm->pkcs11PinArg;
|
|
@@ -672,7 +672,7 @@
|
|
return fd;
|
|
loser:
|
|
return NULL;
|
|
-@@ -3021,6 +3027,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
|
+@@ -3279,6 +3285,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
|
ss->badCertArg = NULL;
|
|
ss->pkcs11PinArg = NULL;
|
|
ss->ephemeralECDHKeyPair = NULL;
|
|
@@ -681,12 +681,12 @@
|
|
|
|
ssl_ChooseOps(ss);
|
|
ssl2_InitSocketPolicy(ss);
|
|
-diff --git a/ssl/sslt.h b/ssl/sslt.h
|
|
-index 1d28feb..0900f28 100644
|
|
---- a/ssl/sslt.h
|
|
-+++ b/ssl/sslt.h
|
|
-@@ -191,10 +191,11 @@ typedef enum {
|
|
- ssl_padding_xtn = 21,
|
|
+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
|
|
+index cd742bb..b6616e2 100644
|
|
+--- a/lib/ssl/sslt.h
|
|
++++ b/lib/ssl/sslt.h
|
|
+@@ -238,11 +238,12 @@ typedef enum {
|
|
+ ssl_extended_master_secret_xtn = 23,
|
|
ssl_session_ticket_xtn = 35,
|
|
ssl_next_proto_nego_xtn = 13172,
|
|
+ ssl_channel_id_xtn = 30032,
|
|
@@ -694,7 +694,8 @@
|
|
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
|
|
} SSLExtensionType;
|
|
|
|
--#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
|
|
-+#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
|
|
+-#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
|
|
++#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
|
|
|
|
- #endif /* __sslt_h_ */
|
|
+ typedef enum {
|
|
+ ssl_dhe_group_none = 0,
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cipherorder.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cipherorder.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cipherorder.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cipherorder.patch 2016-01-13 14:18:55.591954693 +0100
|
|
@@ -1,10 +1,10 @@
|
|
-diff --git a/ssl/ssl.h b/ssl/ssl.h
|
|
-index e9f5fb0..be6d88e 100644
|
|
---- a/ssl/ssl.h
|
|
-+++ b/ssl/ssl.h
|
|
-@@ -295,6 +295,13 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
|
|
- SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
|
|
- SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
|
|
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
|
+index db09425..437a822 100644
|
|
+--- a/lib/ssl/ssl.h
|
|
++++ b/lib/ssl/ssl.h
|
|
+@@ -387,6 +387,13 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
|
|
+ */
|
|
+ SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
|
|
|
|
+/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
|
|
+ * which must be an array of cipher suite ids of length |len|. All the given
|
|
@@ -16,12 +16,12 @@
|
|
/* SSLChannelBindingType enumerates the types of supported channel binding
|
|
* values. See RFC 5929. */
|
|
typedef enum SSLChannelBindingType {
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 54c5b80..26b87c6 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -12631,6 +12631,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled)
|
|
- return rv;
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index 5c09f25..572bba9 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -13390,6 +13390,46 @@ SSL_SignatureMaxCount() {
|
|
+ return MAX_SIGNATURE_ALGORITHMS;
|
|
}
|
|
|
|
+SECStatus
|
|
@@ -67,11 +67,11 @@
|
|
/* copy global default policy into socket. */
|
|
void
|
|
ssl3_InitSocketPolicy(sslSocket *ss)
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index 0fd0a89..d12228e 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -1754,6 +1754,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index 080debe..3403091 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -1786,6 +1786,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
|
|
extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
|
|
extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
|
|
extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
|
|
@@ -80,11 +80,11 @@
|
|
|
|
extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
|
|
extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
|
|
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
|
|
-index 72058f5..09a0fb5 100644
|
|
---- a/ssl/sslsock.c
|
|
-+++ b/ssl/sslsock.c
|
|
-@@ -1316,6 +1316,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
|
|
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
+index 28e3543..8ad1517 100644
|
|
+--- a/lib/ssl/sslsock.c
|
|
++++ b/lib/ssl/sslsock.c
|
|
+@@ -1369,6 +1369,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
|
|
}
|
|
|
|
SECStatus
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/clientauth.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/clientauth.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/clientauth.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/clientauth.patch 2016-01-13 14:18:55.609954798 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl.h b/ssl/ssl.h
|
|
-index 91a47a6..4e7d52e 100644
|
|
---- a/ssl/ssl.h
|
|
-+++ b/ssl/ssl.h
|
|
-@@ -543,6 +543,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
|
|
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
|
+index 2a52769..48fa018 100644
|
|
+--- a/lib/ssl/ssl.h
|
|
++++ b/lib/ssl/ssl.h
|
|
+@@ -636,6 +636,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
|
|
SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
|
|
SSLGetClientAuthData f, void *a);
|
|
|
|
@@ -51,11 +51,11 @@
|
|
|
|
/*
|
|
** SNI extension processing callback function.
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 60af5b0..b9014ef 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -2503,6 +2503,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index 9aaf601..cc193cd 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -2530,6 +2530,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
|
|
PRBool isPresent = PR_TRUE;
|
|
|
|
/* we only care if we are doing client auth */
|
|
@@ -65,7 +65,7 @@
|
|
if (!sid || !sid->u.ssl3.clAuthValid) {
|
|
return PR_TRUE;
|
|
}
|
|
-@@ -6178,25 +6181,36 @@ ssl3_SendCertificateVerify(sslSocket *ss)
|
|
+@@ -6352,25 +6355,36 @@ ssl3_SendCertificateVerify(sslSocket *ss)
|
|
|
|
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
|
|
isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
|
@@ -119,7 +119,7 @@
|
|
if (rv != SECSuccess) {
|
|
goto done; /* err code was set by ssl3_SignHashes */
|
|
}
|
|
-@@ -6275,6 +6289,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+@@ -6449,6 +6463,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
|
|
ss->ssl3.clientPrivateKey = NULL;
|
|
}
|
|
@@ -132,7 +132,7 @@
|
|
|
|
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
|
|
if (temp < 0) {
|
|
-@@ -6904,6 +6924,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss,
|
|
+@@ -7109,6 +7129,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss,
|
|
goto done;
|
|
}
|
|
|
|
@@ -151,7 +151,7 @@
|
|
/* If the key is a 1024-bit RSA or DSA key, assume conservatively that
|
|
* it may be unable to sign SHA-256 hashes. This is the case for older
|
|
* Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and
|
|
-@@ -7002,6 +7034,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+@@ -7207,6 +7239,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
SECItem cert_types = {siBuffer, NULL, 0};
|
|
SECItem algorithms = {siBuffer, NULL, 0};
|
|
CERTDistNames ca_list;
|
|
@@ -162,7 +162,7 @@
|
|
|
|
SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
|
|
SSL_GETPID(), ss->fd));
|
|
-@@ -7017,6 +7053,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+@@ -7222,6 +7258,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
PORT_Assert(ss->ssl3.clientCertChain == NULL);
|
|
PORT_Assert(ss->ssl3.clientCertificate == NULL);
|
|
PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
|
|
@@ -170,7 +170,7 @@
|
|
|
|
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
|
|
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
|
-@@ -7096,6 +7133,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+@@ -7301,6 +7338,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
desc = no_certificate;
|
|
ss->ssl3.hs.ws = wait_hello_done;
|
|
|
|
@@ -187,9 +187,9 @@
|
|
+ } else
|
|
+#endif
|
|
if (ss->getClientAuthData != NULL) {
|
|
- /* XXX Should pass cert_types and algorithms in this call!! */
|
|
- rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
|
|
-@@ -7105,12 +7154,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
|
|
+ ssl_preinfo_all);
|
|
+@@ -7312,12 +7361,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
} else {
|
|
rv = SECFailure; /* force it to send a no_certificate alert */
|
|
}
|
|
@@ -245,7 +245,7 @@
|
|
/* check what the callback function returned */
|
|
if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) {
|
|
/* we are missing either the key or cert */
|
|
-@@ -7172,6 +7264,10 @@ loser:
|
|
+@@ -7379,6 +7471,10 @@ loser:
|
|
done:
|
|
if (arena != NULL)
|
|
PORT_FreeArena(arena, PR_FALSE);
|
|
@@ -256,7 +256,7 @@
|
|
return rv;
|
|
}
|
|
|
|
-@@ -7288,7 +7384,8 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
|
+@@ -7497,7 +7593,8 @@ ssl3_SendClientSecondRound(sslSocket *ss)
|
|
|
|
sendClientCert = !ss->ssl3.sendEmptyCert &&
|
|
ss->ssl3.clientCertChain != NULL &&
|
|
@@ -266,7 +266,7 @@
|
|
|
|
if (!sendClientCert &&
|
|
ss->ssl3.hs.hashType == handshake_hash_single &&
|
|
-@@ -12148,6 +12245,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
|
|
+@@ -12910,6 +13007,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
|
|
|
|
if (ss->ssl3.clientPrivateKey != NULL)
|
|
SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
|
|
@@ -277,10 +277,10 @@
|
|
|
|
if (ss->ssl3.peerCertArena != NULL)
|
|
ssl3_CleanupPeerCerts(ss);
|
|
-diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
|
|
-index 28d21c4..0a2288a 100644
|
|
---- a/ssl/ssl3ext.c
|
|
-+++ b/ssl/ssl3ext.c
|
|
+diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
|
|
+index cf04aba..5661a5c 100644
|
|
+--- a/lib/ssl/ssl3ext.c
|
|
++++ b/lib/ssl/ssl3ext.c
|
|
@@ -11,8 +11,8 @@
|
|
#include "nssrenam.h"
|
|
#include "nss.h"
|
|
@@ -291,10 +291,10 @@
|
|
#include "pk11pub.h"
|
|
#ifdef NO_PKCS11_BYPASS
|
|
#include "blapit.h"
|
|
-diff --git a/ssl/sslauth.c b/ssl/sslauth.c
|
|
-index ed74d94..7f9c43b 100644
|
|
---- a/ssl/sslauth.c
|
|
-+++ b/ssl/sslauth.c
|
|
+diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c
|
|
+index b144336..e6981f0 100644
|
|
+--- a/lib/ssl/sslauth.c
|
|
++++ b/lib/ssl/sslauth.c
|
|
@@ -216,6 +216,28 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
|
|
return SECSuccess;
|
|
}
|
|
@@ -324,11 +324,11 @@
|
|
/* NEED LOCKS IN HERE. */
|
|
SECStatus
|
|
SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index 086f6d2..bbc9bd2 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -20,6 +20,7 @@
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index 9dcc29e..94bb9f4 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -21,6 +21,7 @@
|
|
#include "sslerr.h"
|
|
#include "ssl3prot.h"
|
|
#include "hasht.h"
|
|
@@ -336,7 +336,7 @@
|
|
#include "nssilock.h"
|
|
#include "pkcs11t.h"
|
|
#if defined(XP_UNIX) || defined(XP_BEOS)
|
|
-@@ -31,6 +32,15 @@
|
|
+@@ -32,6 +33,15 @@
|
|
|
|
#include "sslt.h" /* for some formerly private types, now public */
|
|
|
|
@@ -352,7 +352,7 @@
|
|
/* to make some of these old enums public without namespace pollution,
|
|
** it was necessary to prepend ssl_ to the names.
|
|
** These #defines preserve compatibility with the old code here in libssl.
|
|
-@@ -443,6 +453,14 @@ struct sslGatherStr {
|
|
+@@ -453,6 +463,14 @@ struct sslGatherStr {
|
|
#define GS_DATA 3
|
|
#define GS_PAD 4
|
|
|
|
@@ -367,7 +367,7 @@
|
|
|
|
|
|
/*
|
|
-@@ -961,6 +979,10 @@ struct ssl3StateStr {
|
|
+@@ -974,6 +992,10 @@ struct ssl3StateStr {
|
|
|
|
CERTCertificate * clientCertificate; /* used by client */
|
|
SECKEYPrivateKey * clientPrivateKey; /* used by client */
|
|
@@ -378,7 +378,7 @@
|
|
CERTCertificateList *clientCertChain; /* used by client */
|
|
PRBool sendEmptyCert; /* used by client */
|
|
|
|
-@@ -1223,6 +1245,10 @@ const unsigned char * preferredCipher;
|
|
+@@ -1253,6 +1275,10 @@ const unsigned char * preferredCipher;
|
|
void *authCertificateArg;
|
|
SSLGetClientAuthData getClientAuthData;
|
|
void *getClientAuthDataArg;
|
|
@@ -389,7 +389,7 @@
|
|
SSLSNISocketConfig sniSocketConfig;
|
|
void *sniSocketConfigArg;
|
|
SSLBadCertHandler handleBadCert;
|
|
-@@ -1863,6 +1889,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
|
|
+@@ -1896,6 +1922,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
|
|
|
|
extern SECStatus ssl_FreeSessionCacheLocks(void);
|
|
|
|
@@ -416,11 +416,11 @@
|
|
|
|
/**************** DTLS-specific functions **************/
|
|
extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg);
|
|
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
|
|
-index 282bb85..6c09992 100644
|
|
---- a/ssl/sslsock.c
|
|
-+++ b/ssl/sslsock.c
|
|
-@@ -275,6 +275,10 @@ ssl_DupSocket(sslSocket *os)
|
|
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
+index f735009..21754d6 100644
|
|
+--- a/lib/ssl/sslsock.c
|
|
++++ b/lib/ssl/sslsock.c
|
|
+@@ -300,6 +300,10 @@ ssl_DupSocket(sslSocket *os)
|
|
ss->authCertificateArg = os->authCertificateArg;
|
|
ss->getClientAuthData = os->getClientAuthData;
|
|
ss->getClientAuthDataArg = os->getClientAuthDataArg;
|
|
@@ -431,7 +431,7 @@
|
|
ss->sniSocketConfig = os->sniSocketConfig;
|
|
ss->sniSocketConfigArg = os->sniSocketConfigArg;
|
|
ss->handleBadCert = os->handleBadCert;
|
|
-@@ -1709,6 +1713,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
|
|
+@@ -1963,6 +1967,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
|
|
ss->getClientAuthData = sm->getClientAuthData;
|
|
if (sm->getClientAuthDataArg)
|
|
ss->getClientAuthDataArg = sm->getClientAuthDataArg;
|
|
@@ -444,7 +444,7 @@
|
|
if (sm->sniSocketConfig)
|
|
ss->sniSocketConfig = sm->sniSocketConfig;
|
|
if (sm->sniSocketConfigArg)
|
|
-@@ -2974,6 +2984,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
|
+@@ -3232,6 +3242,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
|
ss->sniSocketConfig = NULL;
|
|
ss->sniSocketConfigArg = NULL;
|
|
ss->getClientAuthData = NULL;
|
|
Nur in qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches: dh1024.patch.
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/didhandshakeresume.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/didhandshakeresume.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/didhandshakeresume.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/didhandshakeresume.patch 2016-01-13 14:18:55.609954798 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl.h b/ssl/ssl.h
|
|
-index 4e7d52e..34142fc 100644
|
|
---- a/ssl/ssl.h
|
|
-+++ b/ssl/ssl.h
|
|
-@@ -1007,6 +1007,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
|
|
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
|
+index 48fa018..0983b5f 100644
|
|
+--- a/lib/ssl/ssl.h
|
|
++++ b/lib/ssl/ssl.h
|
|
+@@ -1117,6 +1117,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
|
|
SSLExtensionType extId,
|
|
PRBool *yes);
|
|
|
|
@@ -12,11 +12,11 @@
|
|
/*
|
|
** How long should we wait before retransmitting the next flight of
|
|
** the DTLS handshake? Returns SECFailure if not DTLS or not in a
|
|
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
|
|
-index 6c09992..1a9c584 100644
|
|
---- a/ssl/sslsock.c
|
|
-+++ b/ssl/sslsock.c
|
|
-@@ -1897,6 +1897,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
|
|
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
+index 21754d6..b73f8f6 100644
|
|
+--- a/lib/ssl/sslsock.c
|
|
++++ b/lib/ssl/sslsock.c
|
|
+@@ -2151,6 +2151,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
|
|
return &ss->sec.ci.sid->peerCertStatus;
|
|
}
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch 2016-01-13 14:18:55.609954798 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl.h b/ssl/ssl.h
|
|
-index 34142fc..e2d1b09 100644
|
|
---- a/ssl/ssl.h
|
|
-+++ b/ssl/ssl.h
|
|
-@@ -803,6 +803,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
|
|
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
|
+index 0983b5f..cf9f6db 100644
|
|
+--- a/lib/ssl/ssl.h
|
|
++++ b/lib/ssl/ssl.h
|
|
+@@ -896,6 +896,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
|
|
PRBool flushCache,
|
|
PRIntervalTime timeout);
|
|
|
|
@@ -19,11 +19,11 @@
|
|
|
|
#ifdef SSL_DEPRECATED_FUNCTION
|
|
/* deprecated!
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index b9014ef..800c28e 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -7061,6 +7061,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index cc193cd..27038f3 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -7266,6 +7266,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
if (rv != SECSuccess)
|
|
goto loser; /* malformed, alert has been sent */
|
|
|
|
@@ -33,7 +33,7 @@
|
|
if (isTLS12) {
|
|
rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
|
|
if (rv != SECSuccess)
|
|
-@@ -7262,6 +7265,7 @@ loser:
|
|
+@@ -7469,6 +7472,7 @@ loser:
|
|
PORT_SetError(errCode);
|
|
rv = SECFailure;
|
|
done:
|
|
@@ -41,11 +41,11 @@
|
|
if (arena != NULL)
|
|
PORT_FreeArena(arena, PR_FALSE);
|
|
#ifdef NSS_PLATFORM_CLIENT_AUTH
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index bbc9bd2..46e618a 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -1238,6 +1238,10 @@ struct sslSocketStr {
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index 94bb9f4..c7231a7 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -1265,6 +1265,10 @@ struct sslSocketStr {
|
|
unsigned int sizeCipherSpecs;
|
|
const unsigned char * preferredCipher;
|
|
|
|
@@ -55,12 +55,12 @@
|
|
+
|
|
ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
|
|
|
|
- /* Callbacks */
|
|
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
|
|
-index 1a9c584..9431fe4 100644
|
|
---- a/ssl/sslsock.c
|
|
-+++ b/ssl/sslsock.c
|
|
-@@ -1911,6 +1911,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
|
|
+ const ssl3DHParams *dheParams; /* DHE param */
|
|
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
+index b73f8f6..11e66f2 100644
|
|
+--- a/lib/ssl/sslsock.c
|
|
++++ b/lib/ssl/sslsock.c
|
|
+@@ -2165,6 +2165,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
|
|
return SECSuccess;
|
|
}
|
|
|
|
@@ -81,11 +81,11 @@
|
|
/************************************************************************/
|
|
/* The following functions are the TOP LEVEL SSL functions.
|
|
** They all get called through the NSPRIOMethods table below.
|
|
-@@ -2989,6 +3003,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
|
+@@ -3243,6 +3257,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
|
sc->serverKeyBits = 0;
|
|
ss->certStatusArray[i] = NULL;
|
|
}
|
|
+ ss->requestedCertTypes = NULL;
|
|
ss->stepDownKeyPair = NULL;
|
|
- ss->dbHandle = CERT_GetDefaultCertDB();
|
|
|
|
+ ss->dheParams = NULL;
|
|
Nur in qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches: norenegotiatelock.patch.
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/nssrwlock.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/nssrwlock.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/nssrwlock.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/nssrwlock.patch 2016-01-13 14:18:55.610954804 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 0ac85da..f5afab7 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -5261,7 +5261,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index afab931..e5e620f 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -5436,7 +5436,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
* the lock across the calls to ssl3_CallHelloExtensionSenders.
|
|
*/
|
|
if (sid->u.ssl3.lock) {
|
|
@@ -11,7 +11,7 @@
|
|
}
|
|
|
|
if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) {
|
|
-@@ -5270,7 +5270,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5445,7 +5445,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
|
|
extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL);
|
|
if (extLen < 0) {
|
|
@@ -20,7 +20,7 @@
|
|
return SECFailure;
|
|
}
|
|
total_exten_len += extLen;
|
|
-@@ -5297,7 +5297,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5472,7 +5472,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
/* how many suites are permitted by policy and user preference? */
|
|
num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
|
|
if (!num_suites) {
|
|
@@ -29,7 +29,7 @@
|
|
return SECFailure; /* count_cipher_suites has set error code. */
|
|
}
|
|
|
|
-@@ -5342,7 +5342,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5517,7 +5517,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
|
|
rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
|
|
if (rv != SECSuccess) {
|
|
@@ -38,7 +38,7 @@
|
|
return rv; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
|
|
-@@ -5361,21 +5361,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5536,21 +5536,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
|
|
}
|
|
if (rv != SECSuccess) {
|
|
@@ -63,7 +63,7 @@
|
|
return rv; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
|
|
-@@ -5385,7 +5385,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5560,7 +5560,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
else
|
|
rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
|
|
if (rv != SECSuccess) {
|
|
@@ -72,7 +72,7 @@
|
|
return rv; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
|
|
-@@ -5393,14 +5393,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5568,14 +5568,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
rv = ssl3_AppendHandshakeVariable(
|
|
ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1);
|
|
if (rv != SECSuccess) {
|
|
@@ -89,7 +89,7 @@
|
|
return rv; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
|
|
-@@ -5409,7 +5409,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5584,7 +5584,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
|
|
sizeof(ssl3CipherSuite));
|
|
if (rv != SECSuccess) {
|
|
@@ -98,7 +98,7 @@
|
|
return rv; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
actual_count++;
|
|
-@@ -5418,7 +5418,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5593,7 +5593,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
|
|
sizeof(ssl3CipherSuite));
|
|
if (rv != SECSuccess) {
|
|
@@ -107,8 +107,8 @@
|
|
return rv; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
actual_count++;
|
|
-@@ -5428,7 +5428,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
- if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
|
|
+@@ -5603,7 +5603,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+ if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange, ss)) {
|
|
actual_count++;
|
|
if (actual_count > num_suites) {
|
|
- if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
|
|
@@ -116,7 +116,7 @@
|
|
/* set error card removal/insertion error */
|
|
PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
|
|
return SECFailure;
|
|
-@@ -5436,7 +5436,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5611,7 +5611,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
|
|
sizeof(ssl3CipherSuite));
|
|
if (rv != SECSuccess) {
|
|
@@ -125,7 +125,7 @@
|
|
return rv; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
}
|
|
-@@ -5447,14 +5447,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5622,14 +5622,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
* the server.. */
|
|
if (actual_count != num_suites) {
|
|
/* Card removal/insertion error */
|
|
@@ -142,7 +142,7 @@
|
|
return rv; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
for (i = 0; i < compressionMethodsCount; i++) {
|
|
-@@ -5462,7 +5462,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5637,7 +5637,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
continue;
|
|
rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1);
|
|
if (rv != SECSuccess) {
|
|
@@ -151,7 +151,7 @@
|
|
return rv; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
}
|
|
-@@ -5473,20 +5473,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5648,20 +5648,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
|
|
rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2);
|
|
if (rv != SECSuccess) {
|
|
@@ -175,7 +175,7 @@
|
|
return SECFailure;
|
|
}
|
|
maxBytes -= extLen;
|
|
-@@ -5495,7 +5495,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
+@@ -5670,7 +5670,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
|
}
|
|
|
|
if (sid->u.ssl3.lock) {
|
|
@@ -184,11 +184,11 @@
|
|
}
|
|
|
|
if (ss->xtnData.sentSessionTicketInClientHello) {
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index d12228e..efcbf9f 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -731,7 +731,7 @@ struct sslSessionIDStr {
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index 3403091..874e59c 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -742,7 +742,7 @@ struct sslSessionIDStr {
|
|
* cached. Before then, there is no need to lock anything because
|
|
* the sid isn't being shared by anything.
|
|
*/
|
|
@@ -197,10 +197,10 @@
|
|
|
|
/* The lock must be held while reading or writing these members
|
|
* because they change while the sid is cached.
|
|
-diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
|
|
+diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
|
|
index cefdda6..28ad364 100644
|
|
---- a/ssl/sslnonce.c
|
|
-+++ b/ssl/sslnonce.c
|
|
+--- a/lib/ssl/sslnonce.c
|
|
++++ b/lib/ssl/sslnonce.c
|
|
@@ -136,7 +136,7 @@ ssl_DestroySID(sslSessionID *sid)
|
|
}
|
|
|
|
Nur in qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches: removebuildmetadata.patch.
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/reorderextensions.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/reorderextensions.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/reorderextensions.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/reorderextensions.patch 2016-01-13 14:18:55.610954804 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
|
|
-index c18d6f6..9214a2e 100644
|
|
---- a/ssl/ssl3ext.c
|
|
-+++ b/ssl/ssl3ext.c
|
|
-@@ -313,6 +313,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
|
+diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
|
|
+index 9cfd541..eb3fb70 100644
|
|
+--- a/lib/ssl/ssl3ext.c
|
|
++++ b/lib/ssl/ssl3ext.c
|
|
+@@ -321,6 +321,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
|
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
|
|
{ ssl_signed_certificate_timestamp_xtn,
|
|
&ssl3_ClientSendSignedCertTimestampXtn },
|
|
@@ -12,8 +12,8 @@
|
|
+ * extension. */
|
|
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
|
|
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
|
|
- /* any extra entries will appear as { 0, NULL } */
|
|
-@@ -2507,9 +2511,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
|
|
+ { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn},
|
|
+@@ -2546,9 +2550,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
|
|
}
|
|
|
|
extensionLength = 512 - recordLength;
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/restartclientauth.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/restartclientauth.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/restartclientauth.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/restartclientauth.patch 2016-01-13 14:18:55.610954804 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl.h b/ssl/ssl.h
|
|
-index e2d1b09..593dd00 100644
|
|
---- a/ssl/ssl.h
|
|
-+++ b/ssl/ssl.h
|
|
-@@ -409,6 +409,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
|
|
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
|
+index cf9f6db..85ced8a 100644
|
|
+--- a/lib/ssl/ssl.h
|
|
++++ b/lib/ssl/ssl.h
|
|
+@@ -502,6 +502,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
|
|
SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
|
|
PRIntervalTime timeout);
|
|
|
|
@@ -14,11 +14,11 @@
|
|
/*
|
|
** Query security status of socket. *on is set to one if security is
|
|
** enabled. *keySize will contain the stream key size used. *issuer will
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 800c28e..29e8f1c 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -7275,6 +7275,85 @@ done:
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index 27038f3..304e03b 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -7482,6 +7482,85 @@ done:
|
|
return rv;
|
|
}
|
|
|
|
@@ -104,11 +104,11 @@
|
|
static SECStatus
|
|
ssl3_CheckFalseStart(sslSocket *ss)
|
|
{
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index 46e618a..2cf0b3a 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -1599,16 +1599,17 @@ extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index c7231a7..c089889 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -1629,16 +1629,17 @@ extern SECStatus ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec,
|
|
/* These functions are called from secnav, even though they're "private". */
|
|
|
|
extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
|
|
@@ -130,11 +130,11 @@
|
|
extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
|
|
|
|
/*
|
|
-diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
|
|
-index ea2d408..d44336e 100644
|
|
---- a/ssl/sslsecur.c
|
|
-+++ b/ssl/sslsecur.c
|
|
-@@ -1516,17 +1516,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
|
|
+diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
|
|
+index 53b4885..f77d6fa 100644
|
|
+--- a/lib/ssl/sslsecur.c
|
|
++++ b/lib/ssl/sslsecur.c
|
|
+@@ -1532,17 +1532,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
|
|
return SECSuccess;
|
|
}
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/secitemarray.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/secitemarray.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/secitemarray.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/secitemarray.patch 2016-01-13 14:18:55.610954804 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index 0ece0ed..ea71975 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -1373,6 +1373,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache;
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index 976330e..60dd243 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -1403,6 +1403,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache;
|
|
|
|
SEC_BEGIN_PROTOS
|
|
|
|
@@ -18,11 +18,11 @@
|
|
/* Internal initialization and installation of the SSL error tables */
|
|
extern SECStatus ssl_Init(void);
|
|
extern SECStatus ssl_InitializePRErrorTable(void);
|
|
-diff --git a/ssl/sslt.h b/ssl/sslt.h
|
|
-index 0900f28..430d216 100644
|
|
---- a/ssl/sslt.h
|
|
-+++ b/ssl/sslt.h
|
|
-@@ -10,6 +10,19 @@
|
|
+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
|
|
+index b6616e2..5593579 100644
|
|
+--- a/lib/ssl/sslt.h
|
|
++++ b/lib/ssl/sslt.h
|
|
+@@ -11,6 +11,19 @@
|
|
|
|
#include "prtypes.h"
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/secretexporterlocks.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/secretexporterlocks.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/secretexporterlocks.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/secretexporterlocks.patch 2016-01-13 14:18:55.611954809 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/sslinfo.c b/ssl/sslinfo.c
|
|
-index 00f2f38..ba230d2 100644
|
|
---- a/ssl/sslinfo.c
|
|
-+++ b/ssl/sslinfo.c
|
|
-@@ -350,8 +350,13 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
|
|
+diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c
|
|
+index 216ab0f..7048eb8 100644
|
|
+--- a/lib/ssl/sslinfo.c
|
|
++++ b/lib/ssl/sslinfo.c
|
|
+@@ -387,8 +387,13 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
|
|
return SECFailure;
|
|
}
|
|
|
|
@@ -16,7 +16,7 @@
|
|
return SECFailure;
|
|
}
|
|
|
|
-@@ -362,13 +367,17 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
|
|
+@@ -399,13 +404,17 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
|
|
}
|
|
val = PORT_Alloc(valLen);
|
|
if (!val) {
|
|
@@ -34,7 +34,7 @@
|
|
if (hasContext) {
|
|
val[i++] = contextLen >> 8;
|
|
val[i++] = contextLen;
|
|
-@@ -389,6 +398,8 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
|
|
+@@ -426,6 +435,8 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
|
|
valLen, out, outLen);
|
|
}
|
|
ssl_ReleaseSpecReadLock(ss);
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/sessioncache.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/sessioncache.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/sessioncache.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/sessioncache.patch 2016-01-13 14:18:55.611954809 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl.h b/ssl/ssl.h
|
|
-index be6d88e..57771cd 100644
|
|
---- a/ssl/ssl.h
|
|
-+++ b/ssl/ssl.h
|
|
-@@ -900,6 +900,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
|
|
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
|
+index 437a822..bc417a5 100644
|
|
+--- a/lib/ssl/ssl.h
|
|
++++ b/lib/ssl/ssl.h
|
|
+@@ -992,6 +992,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
|
|
SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
|
|
|
|
/*
|
|
@@ -21,11 +21,11 @@
|
|
** Return a SECItem containing the SSL session ID associated with the fd.
|
|
*/
|
|
SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 26b87c6..0ac85da 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -11375,7 +11375,7 @@ ssl3_FinishHandshake(sslSocket * ss)
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index 572bba9..afab931 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -12058,7 +12058,7 @@ ssl3_FinishHandshake(sslSocket * ss)
|
|
ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
|
|
}
|
|
|
|
@@ -34,11 +34,11 @@
|
|
PORT_Assert(ss->sec.ci.sid->cached == never_cached);
|
|
(*ss->sec.cache)(ss->sec.ci.sid);
|
|
ss->ssl3.hs.cacheSID = PR_FALSE;
|
|
-diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
|
|
-index 5c6751a..00ab455 100644
|
|
---- a/ssl/sslsecur.c
|
|
-+++ b/ssl/sslsecur.c
|
|
-@@ -1467,6 +1467,49 @@ SSL_InvalidateSession(PRFileDesc *fd)
|
|
+diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
|
|
+index cca55bb..b4b8e95 100644
|
|
+--- a/lib/ssl/sslsecur.c
|
|
++++ b/lib/ssl/sslsecur.c
|
|
+@@ -1483,6 +1483,49 @@ SSL_InvalidateSession(PRFileDesc *fd)
|
|
return rv;
|
|
}
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch 2016-01-13 14:18:55.612954815 +0100
|
|
@@ -1,18 +1,17 @@
|
|
-diff --git a/ssl/ssl.h b/ssl/ssl.h
|
|
-index 80717db..e9f5fb0 100644
|
|
---- a/ssl/ssl.h
|
|
-+++ b/ssl/ssl.h
|
|
-@@ -191,6 +191,9 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
|
|
- #define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
|
|
- * handshakes. */
|
|
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
|
+index eb7f7ec..db09425 100644
|
|
+--- a/lib/ssl/ssl.h
|
|
++++ b/lib/ssl/ssl.h
|
|
+@@ -203,6 +203,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
|
|
+ */
|
|
+ #define SSL_ENABLE_EXTENDED_MASTER_SECRET 30
|
|
|
|
+/* Request Signed Certificate Timestamps via TLS extension (client) */
|
|
-+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 29
|
|
-+
|
|
++#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 31
|
|
+
|
|
#ifdef SSL_DEPRECATED_FUNCTION
|
|
/* Old deprecated function names */
|
|
- SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
|
|
-@@ -493,6 +496,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
|
|
+@@ -586,6 +588,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
|
|
*/
|
|
SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
|
|
|
|
@@ -36,13 +35,13 @@
|
|
/* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
|
|
* in the fd's data, which may be sent as part of a server side cert_status
|
|
* handshake message. Parameter |responses| is for the server certificate of
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 6a4a443..54c5b80 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -6752,6 +6752,14 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
- sid->u.ssl3.sessionIDLength = sidBytes.len;
|
|
- PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index ba3d012..5c09f25 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -6957,6 +6957,14 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+ sid->u.ssl3.keys.extendedMasterSecretUsed =
|
|
+ ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn);
|
|
|
|
+ /* Copy Signed Certificate Timestamps, if any. */
|
|
+ if (ss->xtnData.signedCertTimestamps.data) {
|
|
@@ -55,7 +54,7 @@
|
|
ss->ssl3.hs.isResuming = PR_FALSE;
|
|
if (ss->ssl3.hs.kea_def->signKeyType != sign_null) {
|
|
/* All current cipher suites other than those with sign_null (i.e.,
|
|
-@@ -6765,6 +6773,10 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
+@@ -6971,6 +6979,10 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|
}
|
|
|
|
winner:
|
|
@@ -66,7 +65,7 @@
|
|
/* If we will need a ChannelID key then we make the callback now. This
|
|
* allows the handshake to be restarted cleanly if the callback returns
|
|
* SECWouldBlock. */
|
|
-@@ -6790,6 +6802,9 @@ alert_loser:
|
|
+@@ -6996,6 +7008,9 @@ alert_loser:
|
|
(void)SSL3_SendAlert(ss, alert_fatal, desc);
|
|
|
|
loser:
|
|
@@ -76,10 +75,10 @@
|
|
errCode = ssl_MapLowLevelError(errCode);
|
|
return SECFailure;
|
|
}
|
|
-diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
|
|
-index 4d17587..c18d6f6 100644
|
|
---- a/ssl/ssl3ext.c
|
|
-+++ b/ssl/ssl3ext.c
|
|
+diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
|
|
+index 78825cb..9cfd541 100644
|
|
+--- a/lib/ssl/ssl3ext.c
|
|
++++ b/lib/ssl/ssl3ext.c
|
|
@@ -90,6 +90,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
|
|
PRUint32 maxBytes);
|
|
static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
|
|
@@ -93,16 +92,16 @@
|
|
|
|
static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
|
|
PRUint32 maxBytes);
|
|
-@@ -275,6 +281,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
|
|
- { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
|
|
+@@ -283,6 +289,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
|
|
{ ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
|
|
{ ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
|
|
+ { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
|
|
+ { ssl_signed_certificate_timestamp_xtn,
|
|
+ &ssl3_ClientHandleSignedCertTimestampXtn },
|
|
{ -1, NULL }
|
|
};
|
|
|
|
-@@ -303,6 +311,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
|
+@@ -311,6 +319,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
|
{ ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
|
|
{ ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
|
|
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
|
|
@@ -110,12 +109,16 @@
|
|
+ &ssl3_ClientSendSignedCertTimestampXtn },
|
|
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
|
|
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
|
|
- /* any extra entries will appear as { 0, NULL } */
|
|
-@@ -2616,3 +2626,65 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type,
|
|
+ { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn},
|
|
+@@ -2698,11 +2708,48 @@ ssl3_SendExtendedMasterSecretXtn(sslSocket * ss, PRBool append,
|
|
+ }
|
|
|
|
- return SECSuccess;
|
|
+ return extension_length;
|
|
+-
|
|
+ loser:
|
|
+ return -1;
|
|
}
|
|
-+
|
|
+
|
|
+/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
|
|
+ * extension for TLS ClientHellos. */
|
|
+static PRInt32
|
|
@@ -129,7 +132,12 @@
|
|
+ if (!ss->opt.enableSignedCertTimestamps)
|
|
+ return 0;
|
|
+
|
|
-+ if (append && maxBytes >= extension_length) {
|
|
++ if (maxBytes < extension_length) {
|
|
++ PORT_Assert(0);
|
|
++ return 0;
|
|
++ }
|
|
++
|
|
++ if (append) {
|
|
+ SECStatus rv;
|
|
+ /* extension_type */
|
|
+ rv = ssl3_AppendHandshakeNumber(ss,
|
|
@@ -143,15 +151,19 @@
|
|
+ goto loser;
|
|
+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
|
+ ssl_signed_certificate_timestamp_xtn;
|
|
-+ } else if (maxBytes < extension_length) {
|
|
-+ PORT_Assert(0);
|
|
-+ return 0;
|
|
+ }
|
|
+
|
|
+ return extension_length;
|
|
+loser:
|
|
+ return -1;
|
|
+}
|
|
+
|
|
+ static SECStatus
|
|
+ ssl3_HandleExtendedMasterSecretXtn(sslSocket * ss, PRUint16 ex_type,
|
|
+@@ -2743,3 +2790,28 @@ ssl3_HandleExtendedMasterSecretXtn(sslSocket * ss, PRUint16 ex_type,
|
|
+ }
|
|
+ return SECSuccess;
|
|
+ }
|
|
+
|
|
+static SECStatus
|
|
+ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
|
|
@@ -177,19 +189,19 @@
|
|
+ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
|
|
+ return SECSuccess;
|
|
+}
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index c4c87b4..0fd0a89 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -339,6 +339,7 @@ typedef struct sslOptionsStr {
|
|
- unsigned int enableALPN : 1; /* 27 */
|
|
- unsigned int reuseServerECDHEKey : 1; /* 28 */
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index d53c446..080debe 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -349,6 +349,7 @@ typedef struct sslOptionsStr {
|
|
unsigned int enableFallbackSCSV : 1; /* 29 */
|
|
-+ unsigned int enableSignedCertTimestamps : 1; /* 30 */
|
|
+ unsigned int enableServerDhe : 1; /* 30 */
|
|
+ unsigned int enableExtendedMS : 1; /* 31 */
|
|
++ unsigned int enableSignedCertTimestamps : 1; /* 32 */
|
|
} sslOptions;
|
|
|
|
typedef enum { sslHandshakingUndetermined = 0,
|
|
-@@ -721,6 +722,11 @@ struct sslSessionIDStr {
|
|
+@@ -732,6 +733,11 @@ struct sslSessionIDStr {
|
|
* resumption handshake to the original handshake. */
|
|
SECItem originalHandshakeHash;
|
|
|
|
@@ -201,7 +213,7 @@
|
|
/* This lock is lazily initialized by CacheSID when a sid is first
|
|
* cached. Before then, there is no need to lock anything because
|
|
* the sid isn't being shared by anything.
|
|
-@@ -835,6 +841,18 @@ struct TLSExtensionDataStr {
|
|
+@@ -846,6 +852,18 @@ struct TLSExtensionDataStr {
|
|
* is beyond ssl3_HandleClientHello function. */
|
|
SECItem *sniNameArr;
|
|
PRUint32 sniNameArrSize;
|
|
@@ -220,10 +232,10 @@
|
|
};
|
|
|
|
typedef SECStatus (*sslRestartTarget)(sslSocket *);
|
|
-diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
|
|
+diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
|
|
index c45849d..cefdda6 100644
|
|
---- a/ssl/sslnonce.c
|
|
-+++ b/ssl/sslnonce.c
|
|
+--- a/lib/ssl/sslnonce.c
|
|
++++ b/lib/ssl/sslnonce.c
|
|
@@ -131,6 +131,9 @@ ssl_DestroySID(sslSessionID *sid)
|
|
if (sid->u.ssl3.originalHandshakeHash.data) {
|
|
SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
|
|
@@ -234,22 +246,22 @@
|
|
|
|
if (sid->u.ssl3.lock) {
|
|
PR_DestroyRWLock(sid->u.ssl3.lock);
|
|
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
|
|
-index 6a6c8d1..72058f5 100644
|
|
---- a/ssl/sslsock.c
|
|
-+++ b/ssl/sslsock.c
|
|
-@@ -89,7 +89,8 @@ static sslOptions ssl_defaults = {
|
|
- PR_TRUE, /* enableNPN */
|
|
- PR_FALSE, /* enableALPN */
|
|
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
+index 6d700a7..28e3543 100644
|
|
+--- a/lib/ssl/sslsock.c
|
|
++++ b/lib/ssl/sslsock.c
|
|
+@@ -92,7 +92,8 @@ static sslOptions ssl_defaults = {
|
|
PR_TRUE, /* reuseServerECDHEKey */
|
|
-- PR_FALSE /* enableFallbackSCSV */
|
|
-+ PR_FALSE, /* enableFallbackSCSV */
|
|
+ PR_FALSE, /* enableFallbackSCSV */
|
|
+ PR_TRUE, /* enableServerDhe */
|
|
+- PR_FALSE /* enableExtendedMS */
|
|
++ PR_FALSE, /* enableExtendedMS */
|
|
+ PR_FALSE, /* enableSignedCertTimestamps */
|
|
};
|
|
|
|
/*
|
|
-@@ -807,6 +808,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
|
|
- ss->opt.enableFallbackSCSV = on;
|
|
+@@ -843,6 +844,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
|
|
+ ss->opt.enableExtendedMS = on;
|
|
break;
|
|
|
|
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
|
@@ -259,19 +271,19 @@
|
|
default:
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure;
|
|
-@@ -882,6 +887,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
|
|
- case SSL_REUSE_SERVER_ECDHE_KEY:
|
|
- on = ss->opt.reuseServerECDHEKey; break;
|
|
- case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
|
|
+@@ -921,6 +926,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
|
|
+ case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break;
|
|
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
|
|
+ on = ss->opt.enableExtendedMS; break;
|
|
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
|
+ on = ss->opt.enableSignedCertTimestamps;
|
|
+ break;
|
|
|
|
default:
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
-@@ -951,6 +959,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
|
|
- case SSL_ENABLE_FALLBACK_SCSV:
|
|
- on = ssl_defaults.enableFallbackSCSV;
|
|
+@@ -996,6 +1004,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
|
|
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
|
|
+ on = ssl_defaults.enableExtendedMS;
|
|
break;
|
|
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
|
+ on = ssl_defaults.enableSignedCertTimestamps;
|
|
@@ -279,8 +291,8 @@
|
|
|
|
default:
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
-@@ -1134,6 +1145,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
|
|
- ssl_defaults.enableFallbackSCSV = on;
|
|
+@@ -1187,6 +1198,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
|
|
+ ssl_defaults.enableExtendedMS = on;
|
|
break;
|
|
|
|
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
|
@@ -290,7 +302,7 @@
|
|
default:
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
-@@ -1963,6 +1978,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
|
|
+@@ -2218,6 +2233,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
|
|
return &ss->sec.ci.sid->peerCertStatus;
|
|
}
|
|
|
|
@@ -320,23 +332,24 @@
|
|
SECStatus
|
|
SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
-diff --git a/ssl/sslt.h b/ssl/sslt.h
|
|
-index fe0ad07..c36b8c7 100644
|
|
---- a/ssl/sslt.h
|
|
-+++ b/ssl/sslt.h
|
|
-@@ -202,6 +202,7 @@ typedef enum {
|
|
+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
|
|
+index a2eff62..36e34df 100644
|
|
+--- a/lib/ssl/sslt.h
|
|
++++ b/lib/ssl/sslt.h
|
|
+@@ -248,6 +248,7 @@ typedef enum {
|
|
ssl_signature_algorithms_xtn = 13,
|
|
ssl_use_srtp_xtn = 14,
|
|
ssl_app_layer_protocol_xtn = 16,
|
|
+ ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */
|
|
ssl_padding_xtn = 21,
|
|
+ ssl_extended_master_secret_xtn = 23,
|
|
ssl_session_ticket_xtn = 35,
|
|
- ssl_next_proto_nego_xtn = 13172,
|
|
-@@ -210,6 +211,6 @@ typedef enum {
|
|
+@@ -257,7 +258,7 @@ typedef enum {
|
|
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
|
|
} SSLExtensionType;
|
|
|
|
--#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
|
|
-+#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
|
|
+-#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
|
|
++#define SSL_MAX_EXTENSIONS 14 /* doesn't include ssl_padding_xtn. */
|
|
|
|
- #endif /* __sslt_h_ */
|
|
+ typedef enum {
|
|
+ ssl_dhe_group_none = 0,
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/suitebonly.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/suitebonly.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/suitebonly.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/suitebonly.patch 2016-01-13 14:18:55.612954815 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
|
|
-index aca2b74..dac7a9e 100644
|
|
---- a/ssl/ssl3ecc.c
|
|
-+++ b/ssl/ssl3ecc.c
|
|
-@@ -1090,6 +1090,7 @@ static const PRUint8 ecPtFmt[6] = {
|
|
+diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
|
|
+index 94008a0..6d89bbe 100644
|
|
+--- a/lib/ssl/ssl3ecc.c
|
|
++++ b/lib/ssl/ssl3ecc.c
|
|
+@@ -1093,6 +1093,7 @@ static const PRUint8 ecPtFmt[6] = {
|
|
static PRBool
|
|
ssl3_SuiteBOnly(sslSocket *ss)
|
|
{
|
|
@@ -10,7 +10,7 @@
|
|
/* See if we can support small curves (like 163). If not, assume we can
|
|
* only support Suite-B curves (P-256, P-384, P-521). */
|
|
PK11SlotInfo *slot =
|
|
-@@ -1103,6 +1104,9 @@ ssl3_SuiteBOnly(sslSocket *ss)
|
|
+@@ -1106,6 +1107,9 @@ ssl3_SuiteBOnly(sslSocket *ss)
|
|
/* we can, presume we can do all curves */
|
|
PK11_FreeSlot(slot);
|
|
return PR_FALSE;
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/tls12chromium.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/tls12chromium.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/tls12chromium.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/tls12chromium.patch 2016-01-13 14:18:55.612954815 +0100
|
|
@@ -1,8 +1,8 @@
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index 7c06815..1167d6d 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -31,6 +31,15 @@
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index ce92cf1..c5cb1eb 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -33,6 +33,15 @@
|
|
#include "blapi.h"
|
|
#endif
|
|
|
|
@@ -18,10 +18,10 @@
|
|
#include <stdio.h>
|
|
#ifdef NSS_ENABLE_ZLIB
|
|
#include "zlib.h"
|
|
-diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
|
|
-index dac7a9e..9b91270 100644
|
|
---- a/ssl/ssl3ecc.c
|
|
-+++ b/ssl/ssl3ecc.c
|
|
+diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
|
|
+index 6d89bbe..cf8e741 100644
|
|
+--- a/lib/ssl/ssl3ecc.c
|
|
++++ b/lib/ssl/ssl3ecc.c
|
|
@@ -31,6 +31,12 @@
|
|
|
|
#include <stdio.h>
|
|
@@ -35,16 +35,17 @@
|
|
#ifndef NSS_DISABLE_ECC
|
|
|
|
#ifndef PK11_SETATTRS
|
|
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
|
|
-index 14ff328..6a6c8d1 100644
|
|
---- a/ssl/sslsock.c
|
|
-+++ b/ssl/sslsock.c
|
|
-@@ -17,8 +17,15 @@
|
|
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
+index c9a4493..6d700a7 100644
|
|
+--- a/lib/ssl/sslsock.c
|
|
++++ b/lib/ssl/sslsock.c
|
|
+@@ -17,9 +17,16 @@
|
|
#ifndef NO_PKCS11_BYPASS
|
|
#include "blapi.h"
|
|
#endif
|
|
+#include "pk11pub.h"
|
|
#include "nss.h"
|
|
+ #include "pk11pqg.h"
|
|
|
|
+/* This is a bodge to allow this code to be compiled against older NSS headers
|
|
+ * that don't contain the TLS 1.2 changes. */
|
|
@@ -55,7 +56,7 @@
|
|
#define SET_ERROR_CODE /* reminder */
|
|
|
|
static const sslSocketOps ssl_default_ops = { /* No SSL. */
|
|
-@@ -1878,6 +1885,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
|
|
+@@ -2133,6 +2140,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
|
|
return SECSuccess;
|
|
}
|
|
|
|
@@ -80,7 +81,7 @@
|
|
SECStatus
|
|
SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
|
|
{
|
|
-@@ -1898,6 +1923,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
|
|
+@@ -2153,6 +2178,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
|
|
ssl_GetSSL3HandshakeLock(ss);
|
|
|
|
ss->vrange = *vrange;
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/tlsunique.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/tlsunique.patch
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/tlsunique.patch 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/tlsunique.patch 2016-01-13 14:18:55.612954815 +0100
|
|
@@ -1,10 +1,10 @@
|
|
-diff --git a/ssl/ssl.h b/ssl/ssl.h
|
|
-index 716537d..80717db 100644
|
|
---- a/ssl/ssl.h
|
|
-+++ b/ssl/ssl.h
|
|
-@@ -292,6 +292,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
|
|
- SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
|
|
- SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
|
|
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
|
|
+index 120c257..eb7f7ec 100644
|
|
+--- a/lib/ssl/ssl.h
|
|
++++ b/lib/ssl/ssl.h
|
|
+@@ -385,6 +385,27 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
|
|
+ */
|
|
+ SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
|
|
|
|
+/* SSLChannelBindingType enumerates the types of supported channel binding
|
|
+ * values. See RFC 5929. */
|
|
@@ -30,12 +30,12 @@
|
|
/* SSL Version Range API
|
|
**
|
|
** This API should be used to control SSL 3.0 & TLS support instead of the
|
|
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
|
|
-index c0e8e79..7c06815 100644
|
|
---- a/ssl/ssl3con.c
|
|
-+++ b/ssl/ssl3con.c
|
|
-@@ -12479,6 +12479,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
|
|
- PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
|
|
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
+index 2ae8ce9..ce92cf1 100644
|
|
+--- a/lib/ssl/ssl3con.c
|
|
++++ b/lib/ssl/ssl3con.c
|
|
+@@ -13241,6 +13241,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
|
|
+ ss->ssl3.signatureAlgorithmCount = PR_ARRAY_SIZE(defaultSignatureAlgorithms);
|
|
}
|
|
|
|
+SECStatus
|
|
@@ -103,11 +103,11 @@
|
|
/* ssl3_config_match_init must have already been called by
|
|
* the caller of this function.
|
|
*/
|
|
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
|
|
-index e11860e..0ece0ed 100644
|
|
---- a/ssl/sslimpl.h
|
|
-+++ b/ssl/sslimpl.h
|
|
-@@ -1864,6 +1864,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
|
|
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
+index c286518..976330e 100644
|
|
+--- a/lib/ssl/sslimpl.h
|
|
++++ b/lib/ssl/sslimpl.h
|
|
+@@ -1897,6 +1897,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
|
|
extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
|
|
unsigned int length);
|
|
|
|
@@ -119,12 +119,12 @@
|
|
/* Construct a new NSPR socket for the app to use */
|
|
extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
|
|
extern void ssl_FreePRSocket(PRFileDesc *fd);
|
|
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
|
|
-index 042f24f..14ff328 100644
|
|
---- a/ssl/sslsock.c
|
|
-+++ b/ssl/sslsock.c
|
|
-@@ -1345,6 +1345,27 @@ NSS_SetFrancePolicy(void)
|
|
- return NSS_SetDomesticPolicy();
|
|
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
+index efba686..c9a4493 100644
|
|
+--- a/lib/ssl/sslsock.c
|
|
++++ b/lib/ssl/sslsock.c
|
|
+@@ -1540,6 +1540,28 @@ SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
|
|
+ return SECSuccess;
|
|
}
|
|
|
|
+SECStatus
|
|
@@ -148,6 +148,7 @@
|
|
+
|
|
+ return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
|
|
+}
|
|
++
|
|
+ #include "dhe-param.c"
|
|
|
|
-
|
|
- /* LOCKS ??? XXX */
|
|
+ static const SSLDHEGroupType ssl_default_dhe_groups[] = {
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/README.chromium qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/README.chromium
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/README.chromium 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/README.chromium 2016-01-13 14:18:55.588954676 +0100
|
|
@@ -1,6 +1,6 @@
|
|
Name: Network Security Services (NSS)
|
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
|
-Version: 3.19 RTM
|
|
+Version: 3.21 RTM
|
|
Security Critical: Yes
|
|
License: MPL 2
|
|
License File: NOT_SHIPPED
|
|
@@ -11,7 +11,7 @@
|
|
The same module appears in crypto/third_party/nss (and third_party/nss on some
|
|
platforms), so we don't repeat the license file here.
|
|
|
|
-The snapshot was updated to the hg tag: NSS_3_19_RTM
|
|
+The snapshot was updated to the hg tag: NSS_3_21_RTM
|
|
|
|
Patches:
|
|
|
|
@@ -100,16 +100,6 @@
|
|
length.
|
|
patches/reorderextensions.patch
|
|
|
|
- * Make the build metadata deterministic
|
|
- patches/removebuildmetadata.patch
|
|
-
|
|
- * Fix locking bug in ssl3_HandleHelloRequest when rejecting a renegotiation.
|
|
- patches/norenegotiatelock.patch
|
|
- https://bugzilla.mozilla.org/show_bug.cgi?id=1162521
|
|
-
|
|
- * Increase the minimum DH group size to 1024
|
|
- patches/dh1024.patch
|
|
-
|
|
Apply the patches to NSS by running the patches/applypatches.sh script. Read
|
|
the comments at the top of patches/applypatches.sh for instructions.
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/derive.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/derive.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/derive.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/derive.c 2016-01-13 14:18:55.613954821 +0100
|
|
@@ -431,7 +431,7 @@
|
|
* so isRSA is always true.
|
|
*/
|
|
SECStatus
|
|
-ssl3_MasterKeyDeriveBypass(
|
|
+ssl3_MasterSecretDeriveBypass(
|
|
ssl3CipherSpec * pwSpec,
|
|
const unsigned char * cr,
|
|
const unsigned char * sr,
|
|
Nur in qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl: dhe-param.c.
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/dtlscon.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/dtlscon.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/dtlscon.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/dtlscon.c 2016-01-13 14:18:55.614954827 +0100
|
|
@@ -104,9 +104,7 @@
|
|
const ssl3CipherSuite * suite;
|
|
|
|
for (suite = nonDTLSSuites; *suite; ++suite) {
|
|
- SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
|
|
-
|
|
- PORT_Assert(rv == SECSuccess); /* else is coding error */
|
|
+ PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
@@ -229,7 +227,7 @@
|
|
#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
|
|
if (message_length > MAX_HANDSHAKE_MSG_LEN) {
|
|
(void)ssl3_DecodeError(ss);
|
|
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
|
|
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
|
|
return SECFailure;
|
|
}
|
|
#undef MAX_HANDSHAKE_MSG_LEN
|
|
@@ -396,7 +394,7 @@
|
|
* This avoids having to fill in the bitmask in the common
|
|
* case of adjacent fragments received in sequence
|
|
*/
|
|
- if (fragment_offset <= ss->ssl3.hs.recvdHighWater) {
|
|
+ if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) {
|
|
/* Either this is the adjacent fragment or an overlapping
|
|
* fragment */
|
|
ss->ssl3.hs.recvdHighWater = fragment_offset +
|
|
@@ -676,7 +674,7 @@
|
|
|
|
/* The reason we use 8 here is that that's the length of
|
|
* the new DTLS data that we add to the header */
|
|
- fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8),
|
|
+ fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8),
|
|
content_len - fragment_offset);
|
|
PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
|
|
/* Make totally sure that we are within the buffer.
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c 2016-01-13 14:18:55.620954862 +0100
|
|
@@ -25,6 +25,8 @@
|
|
#include "prerror.h"
|
|
#include "pratom.h"
|
|
#include "prthread.h"
|
|
+#include "nss.h"
|
|
+#include "nssoptions.h"
|
|
|
|
#include "pk11func.h"
|
|
#include "secmod.h"
|
|
@@ -91,8 +93,11 @@
|
|
static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss,
|
|
const unsigned char *b,
|
|
unsigned int l);
|
|
+static SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss,
|
|
+ ssl3CipherSpec *spec,
|
|
+ SSL3Hashes *hashes,
|
|
+ PRUint32 sender);
|
|
static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
|
|
-static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid);
|
|
|
|
static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
|
|
int maxOutputLen, const unsigned char *input,
|
|
@@ -122,17 +127,17 @@
|
|
#ifndef NSS_DISABLE_ECC
|
|
{ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
{ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
|
|
* bug 946147.
|
|
*/
|
|
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
@@ -140,14 +145,17 @@
|
|
#endif /* NSS_DISABLE_ECC */
|
|
|
|
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
+ { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
+ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
@@ -205,6 +213,23 @@
|
|
{ TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
};
|
|
|
|
+static const SSLSignatureAndHashAlg defaultSignatureAlgorithms[] = {
|
|
+ {ssl_hash_sha256, ssl_sign_rsa},
|
|
+ {ssl_hash_sha384, ssl_sign_rsa},
|
|
+ {ssl_hash_sha512, ssl_sign_rsa},
|
|
+ {ssl_hash_sha1, ssl_sign_rsa},
|
|
+#ifndef NSS_DISABLE_ECC
|
|
+ {ssl_hash_sha256, ssl_sign_ecdsa},
|
|
+ {ssl_hash_sha384, ssl_sign_ecdsa},
|
|
+ {ssl_hash_sha512, ssl_sign_ecdsa},
|
|
+ {ssl_hash_sha1, ssl_sign_ecdsa},
|
|
+#endif
|
|
+ {ssl_hash_sha256, ssl_sign_dsa},
|
|
+ {ssl_hash_sha1, ssl_sign_dsa}
|
|
+};
|
|
+PR_STATIC_ASSERT(PR_ARRAY_SIZE(defaultSignatureAlgorithms) <=
|
|
+ MAX_SIGNATURE_ALGORITHMS);
|
|
+
|
|
/* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
|
|
*/
|
|
#ifdef DEBUG
|
|
@@ -265,20 +290,6 @@
|
|
ct_DSS_sign,
|
|
};
|
|
|
|
-/* This block is the contents of the supported_signature_algorithms field of
|
|
- * our TLS 1.2 CertificateRequest message, in wire format. See
|
|
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
|
- *
|
|
- * This block contains only sha256 entries because we only support TLS 1.2
|
|
- * CertificateVerify messages that use the handshake hash. */
|
|
-static const PRUint8 supported_signature_algorithms[] = {
|
|
- tls_hash_sha256, tls_sig_rsa,
|
|
-#ifndef NSS_DISABLE_ECC
|
|
- tls_hash_sha256, tls_sig_ecdsa,
|
|
-#endif
|
|
- tls_hash_sha256, tls_sig_dsa,
|
|
-};
|
|
-
|
|
#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */
|
|
|
|
|
|
@@ -322,8 +333,8 @@
|
|
/* kea exchKeyType signKeyType is_limited limit tls_keygen ephemeral */
|
|
{kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE, PR_FALSE},
|
|
{kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE},
|
|
- {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_TRUE},
|
|
- {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_TRUE},
|
|
+ {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_FALSE},
|
|
+ {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_FALSE},
|
|
{kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_FALSE},
|
|
{kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_FALSE},
|
|
{kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE},
|
|
@@ -443,6 +454,10 @@
|
|
{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa},
|
|
{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa},
|
|
|
|
+ {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss},
|
|
+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss},
|
|
+ {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss},
|
|
+
|
|
#ifndef NSS_DISABLE_ECC
|
|
{TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},
|
|
{TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa},
|
|
@@ -680,6 +695,8 @@
|
|
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
|
|
case TLS_RSA_WITH_AES_128_CBC_SHA256:
|
|
case TLS_RSA_WITH_AES_128_GCM_SHA256:
|
|
+ case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
|
|
+ case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
|
|
case TLS_RSA_WITH_NULL_SHA256:
|
|
return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
|
|
|
|
@@ -688,6 +705,7 @@
|
|
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
|
|
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
|
|
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
|
|
+ case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
|
|
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
|
|
|
|
/* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
|
|
@@ -810,16 +828,11 @@
|
|
* that the server uses an RSA cert for (EC)DHE-RSA.
|
|
*/
|
|
switch (cipher_def->key_exchange_alg) {
|
|
+ case kea_dhe_dss:
|
|
+ svrAuth = ss->serverCerts + ssl_kea_dh;
|
|
+ break;
|
|
case kea_ecdhe_rsa:
|
|
-#if NSS_SERVER_DHE_IMPLEMENTED
|
|
- /* XXX NSS does not yet implement the server side of _DHE_
|
|
- * cipher suites. Correcting the computation for svrAuth,
|
|
- * as the case below does, causes NSS SSL servers to begin to
|
|
- * negotiate cipher suites they do not implement. So, until
|
|
- * server side _DHE_ is implemented, keep this disabled.
|
|
- */
|
|
case kea_dhe_rsa:
|
|
-#endif
|
|
svrAuth = ss->serverCerts + kt_rsa;
|
|
break;
|
|
case kea_ecdh_ecdsa:
|
|
@@ -831,6 +844,8 @@
|
|
* simultaneously. For now, both of them use
|
|
* whatever is in the certificate slot for kt_ecdh
|
|
*/
|
|
+ case kea_dhe_dss_export:
|
|
+ case kea_dhe_rsa_export:
|
|
default:
|
|
svrAuth = ss->serverCerts + exchKeyType;
|
|
break;
|
|
@@ -867,11 +882,22 @@
|
|
* cipher suite. */
|
|
static PRBool
|
|
config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled,
|
|
- const SSLVersionRange *vrange)
|
|
+ const SSLVersionRange *vrange, const sslSocket *ss)
|
|
{
|
|
+ const ssl3CipherSuiteDef *cipher_def;
|
|
+
|
|
PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE);
|
|
if (policy == SSL_NOT_ALLOWED || !enabled)
|
|
- return PR_FALSE;
|
|
+ return PR_FALSE;
|
|
+
|
|
+ cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite);
|
|
+ PORT_Assert(cipher_def != NULL);
|
|
+
|
|
+ PORT_Assert(ss != NULL);
|
|
+ if (ss->sec.isServer && !ss->opt.enableServerDhe &&
|
|
+ kea_defs[cipher_def->key_exchange_alg].exchKeyType == ssl_kea_dh)
|
|
+ return PR_FALSE;
|
|
+
|
|
return (PRBool)(suite->enabled &&
|
|
suite->isPresent &&
|
|
suite->policy != SSL_NOT_ALLOWED &&
|
|
@@ -892,7 +918,7 @@
|
|
return 0;
|
|
}
|
|
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
|
|
- if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange))
|
|
+ if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange, ss))
|
|
count++;
|
|
}
|
|
if (count <= 0) {
|
|
@@ -984,9 +1010,9 @@
|
|
break;
|
|
case dsaKey:
|
|
doDerEncode = isTLS;
|
|
- /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
|
|
+ /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
|
|
* In that case, we use just the SHA1 part. */
|
|
- if (hash->hashAlg == SEC_OID_UNKNOWN) {
|
|
+ if (hash->hashAlg == ssl_hash_none) {
|
|
hashItem.data = hash->u.s.sha;
|
|
hashItem.len = sizeof(hash->u.s.sha);
|
|
} else {
|
|
@@ -997,9 +1023,9 @@
|
|
#ifndef NSS_DISABLE_ECC
|
|
case ecKey:
|
|
doDerEncode = PR_TRUE;
|
|
- /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
|
|
+ /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
|
|
* In that case, we use just the SHA1 part. */
|
|
- if (hash->hashAlg == SEC_OID_UNKNOWN) {
|
|
+ if (hash->hashAlg == ssl_hash_none) {
|
|
hashItem.data = hash->u.s.sha;
|
|
hashItem.len = sizeof(hash->u.s.sha);
|
|
} else {
|
|
@@ -1014,7 +1040,7 @@
|
|
}
|
|
PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
|
|
|
|
- if (hash->hashAlg == SEC_OID_UNKNOWN) {
|
|
+ if (hash->hashAlg == ssl_hash_none) {
|
|
signatureLen = PK11_SignatureLen(key);
|
|
if (signatureLen <= 0) {
|
|
PORT_SetError(SEC_ERROR_INVALID_KEY);
|
|
@@ -1028,7 +1054,8 @@
|
|
|
|
rv = PK11_Sign(key, buf, &hashItem);
|
|
} else {
|
|
- rv = SGN_Digest(key, hash->hashAlg, buf, &hashItem);
|
|
+ SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(hash->hashAlg);
|
|
+ rv = SGN_Digest(key, hashOID, buf, &hashItem);
|
|
}
|
|
if (rv != SECSuccess) {
|
|
ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
|
|
@@ -1076,7 +1103,7 @@
|
|
return SECFailure;
|
|
}
|
|
|
|
- hashAlg = hash->hashAlg;
|
|
+ hashAlg = ssl3_TLSHashAlgorithmToOID(hash->hashAlg);
|
|
switch (key->keyType) {
|
|
case rsaKey:
|
|
encAlg = SEC_OID_PKCS1_RSA_ENCRYPTION;
|
|
@@ -1085,9 +1112,9 @@
|
|
break;
|
|
case dsaKey:
|
|
encAlg = SEC_OID_ANSIX9_DSA_SIGNATURE;
|
|
- /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
|
|
+ /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
|
|
* In that case, we use just the SHA1 part. */
|
|
- if (hash->hashAlg == SEC_OID_UNKNOWN) {
|
|
+ if (hash->hashAlg == ssl_hash_none) {
|
|
hashItem.data = hash->u.s.sha;
|
|
hashItem.len = sizeof(hash->u.s.sha);
|
|
} else {
|
|
@@ -1108,13 +1135,13 @@
|
|
#ifndef NSS_DISABLE_ECC
|
|
case ecKey:
|
|
encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
|
|
- /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
|
|
+ /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
|
|
* In that case, we use just the SHA1 part.
|
|
* ECDSA signatures always encode the integers r and s using ASN.1
|
|
* (unlike DSA where ASN.1 encoding is used with TLS but not with
|
|
* SSL3). So we can use VFY_VerifyDigestDirect for ECDSA.
|
|
*/
|
|
- if (hash->hashAlg == SEC_OID_UNKNOWN) {
|
|
+ if (hash->hashAlg == ssl_hash_none) {
|
|
hashAlg = SEC_OID_SHA1;
|
|
hashItem.data = hash->u.s.sha;
|
|
hashItem.len = sizeof(hash->u.s.sha);
|
|
@@ -1142,8 +1169,8 @@
|
|
*/
|
|
rv = PK11_Verify(key, buf, &hashItem, pwArg);
|
|
} else {
|
|
- rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg,
|
|
- pwArg);
|
|
+ rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg,
|
|
+ pwArg);
|
|
}
|
|
SECKEY_DestroyPublicKey(key);
|
|
if (signature) {
|
|
@@ -1159,75 +1186,71 @@
|
|
/* Caller must set hiLevel error code. */
|
|
/* Called from ssl3_ComputeExportRSAKeyHash
|
|
* ssl3_ComputeDHKeyHash
|
|
- * which are called from ssl3_HandleServerKeyExchange.
|
|
+ * which are called from ssl3_HandleServerKeyExchange.
|
|
*
|
|
- * hashAlg: either the OID for a hash algorithm or SEC_OID_UNKNOWN to specify
|
|
- * the pre-1.2, MD5/SHA1 combination hash.
|
|
+ * hashAlg: ssl_hash_none indicates the pre-1.2, MD5/SHA1 combination hash.
|
|
*/
|
|
SECStatus
|
|
-ssl3_ComputeCommonKeyHash(SECOidTag hashAlg,
|
|
- PRUint8 * hashBuf, unsigned int bufLen,
|
|
- SSL3Hashes *hashes, PRBool bypassPKCS11)
|
|
+ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
|
|
+ PRUint8 * hashBuf, unsigned int bufLen,
|
|
+ SSL3Hashes *hashes, PRBool bypassPKCS11)
|
|
{
|
|
- SECStatus rv = SECSuccess;
|
|
+ SECStatus rv;
|
|
+ SECOidTag hashOID;
|
|
|
|
#ifndef NO_PKCS11_BYPASS
|
|
if (bypassPKCS11) {
|
|
- if (hashAlg == SEC_OID_UNKNOWN) {
|
|
- MD5_HashBuf (hashes->u.s.md5, hashBuf, bufLen);
|
|
- SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen);
|
|
- hashes->len = MD5_LENGTH + SHA1_LENGTH;
|
|
- } else if (hashAlg == SEC_OID_SHA1) {
|
|
- SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen);
|
|
- hashes->len = SHA1_LENGTH;
|
|
- } else if (hashAlg == SEC_OID_SHA256) {
|
|
- SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen);
|
|
- hashes->len = SHA256_LENGTH;
|
|
- } else if (hashAlg == SEC_OID_SHA384) {
|
|
- SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen);
|
|
- hashes->len = SHA384_LENGTH;
|
|
- } else if (hashAlg == SEC_OID_SHA512) {
|
|
- SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen);
|
|
- hashes->len = SHA512_LENGTH;
|
|
- } else {
|
|
- PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
|
- return SECFailure;
|
|
- }
|
|
- } else
|
|
+ if (hashAlg == ssl_hash_none) {
|
|
+ MD5_HashBuf (hashes->u.s.md5, hashBuf, bufLen);
|
|
+ SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen);
|
|
+ hashes->len = MD5_LENGTH + SHA1_LENGTH;
|
|
+ } else if (hashAlg == ssl_hash_sha1) {
|
|
+ SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen);
|
|
+ hashes->len = SHA1_LENGTH;
|
|
+ } else if (hashAlg == ssl_hash_sha256) {
|
|
+ SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen);
|
|
+ hashes->len = SHA256_LENGTH;
|
|
+ } else if (hashAlg == ssl_hash_sha384) {
|
|
+ SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen);
|
|
+ hashes->len = SHA384_LENGTH;
|
|
+ } else if (hashAlg == ssl_hash_sha512) {
|
|
+ SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen);
|
|
+ hashes->len = SHA512_LENGTH;
|
|
+ } else {
|
|
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
|
+ return SECFailure;
|
|
+ }
|
|
+ } else
|
|
#endif
|
|
{
|
|
- if (hashAlg == SEC_OID_UNKNOWN) {
|
|
- rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen);
|
|
- if (rv != SECSuccess) {
|
|
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
|
|
- rv = SECFailure;
|
|
- goto done;
|
|
- }
|
|
-
|
|
- rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen);
|
|
- if (rv != SECSuccess) {
|
|
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
|
|
- rv = SECFailure;
|
|
- }
|
|
- hashes->len = MD5_LENGTH + SHA1_LENGTH;
|
|
- } else {
|
|
- hashes->len = HASH_ResultLenByOidTag(hashAlg);
|
|
- if (hashes->len > sizeof(hashes->u.raw)) {
|
|
- ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
|
- rv = SECFailure;
|
|
- goto done;
|
|
- }
|
|
- rv = PK11_HashBuf(hashAlg, hashes->u.raw, hashBuf, bufLen);
|
|
- if (rv != SECSuccess) {
|
|
- ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
|
- rv = SECFailure;
|
|
- }
|
|
- }
|
|
+ if (hashAlg == ssl_hash_none) {
|
|
+ rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen);
|
|
+ if (rv != SECSuccess) {
|
|
+ ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
|
|
+ return rv;
|
|
+ }
|
|
+ rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen);
|
|
+ if (rv != SECSuccess) {
|
|
+ ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
|
|
+ return rv;
|
|
+ }
|
|
+ hashes->len = MD5_LENGTH + SHA1_LENGTH;
|
|
+ } else {
|
|
+ hashOID = ssl3_TLSHashAlgorithmToOID(hashAlg);
|
|
+ hashes->len = HASH_ResultLenByOidTag(hashOID);
|
|
+ if (hashes->len == 0 || hashes->len > sizeof(hashes->u.raw)) {
|
|
+ ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
|
+ return SECFailure;
|
|
+ }
|
|
+ rv = PK11_HashBuf(hashOID, hashes->u.raw, hashBuf, bufLen);
|
|
+ if (rv != SECSuccess) {
|
|
+ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
|
+ return rv;
|
|
+ }
|
|
+ }
|
|
}
|
|
hashes->hashAlg = hashAlg;
|
|
-
|
|
-done:
|
|
- return rv;
|
|
+ return SECSuccess;
|
|
}
|
|
|
|
/* Caller must set hiLevel error code.
|
|
@@ -1235,10 +1258,10 @@
|
|
** ssl3_HandleServerKeyExchange.
|
|
*/
|
|
static SECStatus
|
|
-ssl3_ComputeExportRSAKeyHash(SECOidTag hashAlg,
|
|
- SECItem modulus, SECItem publicExponent,
|
|
- SSL3Random *client_rand, SSL3Random *server_rand,
|
|
- SSL3Hashes *hashes, PRBool bypassPKCS11)
|
|
+ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg,
|
|
+ SECItem modulus, SECItem publicExponent,
|
|
+ SSL3Random *client_rand, SSL3Random *server_rand,
|
|
+ SSL3Hashes *hashes, PRBool bypassPKCS11)
|
|
{
|
|
PRUint8 * hashBuf;
|
|
PRUint8 * pBuf;
|
|
@@ -1276,7 +1299,7 @@
|
|
bypassPKCS11);
|
|
|
|
PRINT_BUF(95, (NULL, "RSAkey hash: ", hashBuf, bufLen));
|
|
- if (hashAlg == SEC_OID_UNKNOWN) {
|
|
+ if (hashAlg == ssl_hash_none) {
|
|
PRINT_BUF(95, (NULL, "RSAkey hash: MD5 result",
|
|
hashes->u.s.md5, MD5_LENGTH));
|
|
PRINT_BUF(95, (NULL, "RSAkey hash: SHA1 result",
|
|
@@ -1294,10 +1317,10 @@
|
|
/* Caller must set hiLevel error code. */
|
|
/* Called from ssl3_HandleServerKeyExchange. */
|
|
static SECStatus
|
|
-ssl3_ComputeDHKeyHash(SECOidTag hashAlg,
|
|
- SECItem dh_p, SECItem dh_g, SECItem dh_Ys,
|
|
- SSL3Random *client_rand, SSL3Random *server_rand,
|
|
- SSL3Hashes *hashes, PRBool bypassPKCS11)
|
|
+ssl3_ComputeDHKeyHash(SSLHashType hashAlg,
|
|
+ SECItem dh_p, SECItem dh_g, SECItem dh_Ys,
|
|
+ SSL3Random *client_rand, SSL3Random *server_rand,
|
|
+ SSL3Hashes *hashes, PRBool bypassPKCS11)
|
|
{
|
|
PRUint8 * hashBuf;
|
|
PRUint8 * pBuf;
|
|
@@ -1340,7 +1363,7 @@
|
|
bypassPKCS11);
|
|
|
|
PRINT_BUF(95, (NULL, "DHkey hash: ", hashBuf, bufLen));
|
|
- if (hashAlg == SEC_OID_UNKNOWN) {
|
|
+ if (hashAlg == ssl_hash_none) {
|
|
PRINT_BUF(95, (NULL, "DHkey hash: MD5 result",
|
|
hashes->u.s.md5, MD5_LENGTH));
|
|
PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result",
|
|
@@ -2298,7 +2321,11 @@
|
|
* Sets error code, but caller probably should override to disambiguate.
|
|
* NULL pms means re-use old master_secret.
|
|
*
|
|
- * This code is common to the bypass and PKCS11 execution paths.
|
|
+ * This code is common to the bypass and PKCS11 execution paths. For
|
|
+ * the bypass case, pms is NULL. If the old master secret is reused,
|
|
+ * pms is NULL and the master secret is already in either
|
|
+ * pwSpec->msItem.len (the bypass case) or pwSpec->master_secret.
|
|
+ *
|
|
* For the bypass case, pms is NULL.
|
|
*/
|
|
SECStatus
|
|
@@ -2682,7 +2709,7 @@
|
|
PRUint32 fragLen;
|
|
PRUint32 p1Len, p2Len, oddLen = 0;
|
|
PRUint16 headerLen;
|
|
- int ivLen = 0;
|
|
+ unsigned int ivLen = 0;
|
|
int cipherBytes = 0;
|
|
unsigned char pseudoHeader[13];
|
|
unsigned int pseudoHeaderLen;
|
|
@@ -3244,7 +3271,8 @@
|
|
{
|
|
static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER |
|
|
ssl_SEND_FLAG_CAP_RECORD_VERSION;
|
|
- PRInt32 rv = SECSuccess;
|
|
+ PRInt32 count = -1;
|
|
+ SECStatus rv = SECSuccess;
|
|
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
|
|
@@ -3258,18 +3286,19 @@
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure;
|
|
} else {
|
|
- rv = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf,
|
|
+ count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf,
|
|
ss->sec.ci.sendBuf.len, flags);
|
|
}
|
|
- if (rv < 0) {
|
|
+ if (count < 0) {
|
|
int err = PORT_GetError();
|
|
PORT_Assert(err != PR_WOULD_BLOCK_ERROR);
|
|
if (err == PR_WOULD_BLOCK_ERROR) {
|
|
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
}
|
|
- } else if (rv < ss->sec.ci.sendBuf.len) {
|
|
+ rv = SECFailure;
|
|
+ } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) {
|
|
/* short write should never happen */
|
|
- PORT_Assert(rv >= ss->sec.ci.sendBuf.len);
|
|
+ PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len);
|
|
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
rv = SECFailure;
|
|
} else {
|
|
@@ -3705,13 +3734,70 @@
|
|
return SECSuccess;
|
|
}
|
|
|
|
-/* This method uses PKCS11 to derive the MS from the PMS, where PMS
|
|
-** is a PKCS11 symkey. This is used in all cases except the
|
|
-** "triple bypass" with RSA key exchange.
|
|
-** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec.
|
|
+/* This method completes the derivation of the MS from the PMS.
|
|
+**
|
|
+** 1. Derive the MS, if possible, else return an error.
|
|
+**
|
|
+** 2. Check the version if |pms_version| is non-zero and if wrong,
|
|
+** return an error.
|
|
+**
|
|
+** 3. If |msp| is nonzero, return MS in |*msp|.
|
|
+
|
|
+** Called from:
|
|
+** ssl3_ComputeMasterSecretInt
|
|
+** tls_ComputeExtendedMasterSecretInt
|
|
*/
|
|
static SECStatus
|
|
-ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms)
|
|
+ssl3_ComputeMasterSecretFinish(sslSocket *ss,
|
|
+ CK_MECHANISM_TYPE master_derive,
|
|
+ CK_MECHANISM_TYPE key_derive,
|
|
+ CK_VERSION *pms_version,
|
|
+ SECItem *params, CK_FLAGS keyFlags,
|
|
+ PK11SymKey *pms, PK11SymKey **msp)
|
|
+{
|
|
+ PK11SymKey *ms = NULL;
|
|
+
|
|
+ ms = PK11_DeriveWithFlags(pms, master_derive,
|
|
+ params, key_derive,
|
|
+ CKA_DERIVE, 0, keyFlags);
|
|
+ if (!ms) {
|
|
+ ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ if (pms_version && ss->opt.detectRollBack) {
|
|
+ SSL3ProtocolVersion client_version;
|
|
+ client_version = pms_version->major << 8 | pms_version->minor;
|
|
+
|
|
+ if (IS_DTLS(ss)) {
|
|
+ client_version = dtls_DTLSVersionToTLSVersion(client_version);
|
|
+ }
|
|
+
|
|
+ if (client_version != ss->clientHelloVersion) {
|
|
+ /* Destroy MS. Version roll-back detected. */
|
|
+ PK11_FreeSymKey(ms);
|
|
+ ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
|
|
+ return SECFailure;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (msp) {
|
|
+ *msp = ms;
|
|
+ } else {
|
|
+ PK11_FreeSymKey(ms);
|
|
+ }
|
|
+
|
|
+ return SECSuccess;
|
|
+}
|
|
+
|
|
+/* Compute the ordinary (pre draft-ietf-tls-session-hash) master
|
|
+ ** secret and return it in |*msp|.
|
|
+ **
|
|
+ ** Called from: ssl3_ComputeMasterSecret
|
|
+ */
|
|
+static SECStatus
|
|
+ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
|
|
+ PK11SymKey **msp)
|
|
{
|
|
ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec;
|
|
const ssl3KEADef *kea_def= ss->ssl3.hs.kea_def;
|
|
@@ -3721,28 +3807,27 @@
|
|
(pwSpec->version > SSL_LIBRARY_VERSION_3_0));
|
|
PRBool isTLS12=
|
|
(PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
|
- /*
|
|
+ /*
|
|
* Whenever isDH is true, we need to use CKM_TLS_MASTER_KEY_DERIVE_DH
|
|
* which, unlike CKM_TLS_MASTER_KEY_DERIVE, converts arbitrary size
|
|
- * data into a 48-byte value.
|
|
+ * data into a 48-byte value, and does not expect to return the version.
|
|
*/
|
|
PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) ||
|
|
(ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh));
|
|
- SECStatus rv = SECFailure;
|
|
CK_MECHANISM_TYPE master_derive;
|
|
CK_MECHANISM_TYPE key_derive;
|
|
SECItem params;
|
|
CK_FLAGS keyFlags;
|
|
CK_VERSION pms_version;
|
|
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
|
|
+ CK_VERSION *pms_version_ptr = NULL;
|
|
+ /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */
|
|
+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
|
|
+ unsigned int master_params_len;
|
|
|
|
- PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
|
- PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
|
|
- PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
|
|
if (isTLS12) {
|
|
- if(isDH) master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
|
|
- else master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256;
|
|
- key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
|
|
+ if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH;
|
|
+ else master_derive = CKM_TLS12_MASTER_KEY_DERIVE;
|
|
+ key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
|
|
keyFlags = CKF_SIGN | CKF_VERIFY;
|
|
} else if (isTLS) {
|
|
if(isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
|
|
@@ -3756,87 +3841,142 @@
|
|
keyFlags = 0;
|
|
}
|
|
|
|
- if (pms || !pwSpec->master_secret) {
|
|
- if (isDH) {
|
|
- master_params.pVersion = NULL;
|
|
- } else {
|
|
- master_params.pVersion = &pms_version;
|
|
- }
|
|
- master_params.RandomInfo.pClientRandom = cr;
|
|
- master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
|
|
- master_params.RandomInfo.pServerRandom = sr;
|
|
- master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
|
|
+ if (!isDH) {
|
|
+ pms_version_ptr = &pms_version;
|
|
+ }
|
|
|
|
- params.data = (unsigned char *) &master_params;
|
|
- params.len = sizeof master_params;
|
|
+ master_params.pVersion = pms_version_ptr;
|
|
+ master_params.RandomInfo.pClientRandom = cr;
|
|
+ master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
|
|
+ master_params.RandomInfo.pServerRandom = sr;
|
|
+ master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
|
|
+ if (isTLS12) {
|
|
+ master_params.prfHashMechanism = CKM_SHA256;
|
|
+ master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
|
|
+ } else {
|
|
+ /* prfHashMechanism is not relevant with this PRF */
|
|
+ master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS);
|
|
}
|
|
|
|
- if (pms != NULL) {
|
|
-#if defined(TRACE)
|
|
- if (ssl_trace >= 100) {
|
|
- SECStatus extractRV = PK11_ExtractKeyValue(pms);
|
|
- if (extractRV == SECSuccess) {
|
|
- SECItem * keyData = PK11_GetKeyData(pms);
|
|
- if (keyData && keyData->data && keyData->len) {
|
|
- ssl_PrintBuf(ss, "Pre-Master Secret",
|
|
- keyData->data, keyData->len);
|
|
- }
|
|
- }
|
|
- }
|
|
-#endif
|
|
- pwSpec->master_secret = PK11_DeriveWithFlags(pms, master_derive,
|
|
- ¶ms, key_derive, CKA_DERIVE, 0, keyFlags);
|
|
- if (!isDH && pwSpec->master_secret && ss->opt.detectRollBack) {
|
|
- SSL3ProtocolVersion client_version;
|
|
- client_version = pms_version.major << 8 | pms_version.minor;
|
|
+ params.data = (unsigned char *) &master_params;
|
|
+ params.len = master_params_len;
|
|
|
|
- if (IS_DTLS(ss)) {
|
|
- client_version = dtls_DTLSVersionToTLSVersion(client_version);
|
|
- }
|
|
+ return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive,
|
|
+ pms_version_ptr, ¶ms,
|
|
+ keyFlags, pms, msp);
|
|
+}
|
|
|
|
- if (client_version != ss->clientHelloVersion) {
|
|
- /* Destroy it. Version roll-back detected. */
|
|
- PK11_FreeSymKey(pwSpec->master_secret);
|
|
- pwSpec->master_secret = NULL;
|
|
- }
|
|
- }
|
|
- if (pwSpec->master_secret == NULL) {
|
|
- /* Generate a faux master secret in the same slot as the old one. */
|
|
- PK11SlotInfo * slot = PK11_GetSlotFromKey((PK11SymKey *)pms);
|
|
- PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot);
|
|
+/* Compute the draft-ietf-tls-session-hash master
|
|
+** secret and return it in |*msp|.
|
|
+**
|
|
+** Called from: ssl3_ComputeMasterSecret
|
|
+*/
|
|
+static SECStatus
|
|
+tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
|
|
+ PK11SymKey **msp)
|
|
+{
|
|
+ ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
|
|
+ CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS extended_master_params;
|
|
+ SSL3Hashes hashes;
|
|
+ /*
|
|
+ * Determine whether to use the DH/ECDH or RSA derivation modes.
|
|
+ */
|
|
+ /*
|
|
+ * TODO(ekr@rtfm.com): Verify that the slot can handle this key expansion
|
|
+ * mode. Bug 1198298 */
|
|
+ PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) ||
|
|
+ (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh));
|
|
+ CK_MECHANISM_TYPE master_derive;
|
|
+ CK_MECHANISM_TYPE key_derive;
|
|
+ SECItem params;
|
|
+ const CK_FLAGS keyFlags = CKF_SIGN | CKF_VERIFY;
|
|
+ CK_VERSION pms_version;
|
|
+ CK_VERSION *pms_version_ptr = NULL;
|
|
+ SECStatus rv;
|
|
|
|
- PK11_FreeSlot(slot);
|
|
- if (fpms != NULL) {
|
|
- pwSpec->master_secret = PK11_DeriveWithFlags(fpms,
|
|
- master_derive, ¶ms, key_derive,
|
|
- CKA_DERIVE, 0, keyFlags);
|
|
- PK11_FreeSymKey(fpms);
|
|
- }
|
|
- }
|
|
+ rv = ssl3_ComputeHandshakeHashes(ss, pwSpec, &hashes, 0);
|
|
+ if (rv != SECSuccess) {
|
|
+ PORT_Assert(0); /* Should never fail */
|
|
+ ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
|
|
+ return SECFailure;
|
|
}
|
|
- if (pwSpec->master_secret == NULL) {
|
|
- /* Generate a faux master secret from the internal slot. */
|
|
- PK11SlotInfo * slot = PK11_GetInternalSlot();
|
|
- PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot);
|
|
|
|
- PK11_FreeSlot(slot);
|
|
- if (fpms != NULL) {
|
|
- pwSpec->master_secret = PK11_DeriveWithFlags(fpms,
|
|
- master_derive, ¶ms, key_derive,
|
|
- CKA_DERIVE, 0, keyFlags);
|
|
- if (pwSpec->master_secret == NULL) {
|
|
- pwSpec->master_secret = fpms; /* use the fpms as the master. */
|
|
- fpms = NULL;
|
|
- }
|
|
- }
|
|
- if (fpms) {
|
|
- PK11_FreeSymKey(fpms);
|
|
- }
|
|
+ if (isDH) {
|
|
+ master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH;
|
|
+ } else {
|
|
+ master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE;
|
|
+ pms_version_ptr = &pms_version;
|
|
}
|
|
- if (pwSpec->master_secret == NULL) {
|
|
- ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
|
|
- return rv;
|
|
+
|
|
+ if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
+ /* TLS 1.2 */
|
|
+ extended_master_params.prfHashMechanism = CKM_SHA256;
|
|
+ key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
|
|
+ } else {
|
|
+ /* TLS < 1.2 */
|
|
+ extended_master_params.prfHashMechanism = CKM_TLS_PRF;
|
|
+ key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
|
|
+ }
|
|
+
|
|
+ extended_master_params.pVersion = pms_version_ptr;
|
|
+ extended_master_params.pSessionHash = hashes.u.raw;
|
|
+ extended_master_params.ulSessionHashLen = hashes.len;
|
|
+
|
|
+ params.data = (unsigned char *) &extended_master_params;
|
|
+ params.len = sizeof extended_master_params;
|
|
+
|
|
+ return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive,
|
|
+ pms_version_ptr, ¶ms,
|
|
+ keyFlags, pms, msp);
|
|
+}
|
|
+
|
|
+
|
|
+/* Wrapper method to compute the master secret and return it in |*msp|.
|
|
+**
|
|
+** Called from ssl3_ComputeMasterSecret
|
|
+*/
|
|
+static SECStatus
|
|
+ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms,
|
|
+ PK11SymKey **msp)
|
|
+{
|
|
+ PORT_Assert(pms != NULL);
|
|
+ PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
|
+ PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
|
|
+
|
|
+ if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
|
|
+ return tls_ComputeExtendedMasterSecretInt(ss, pms, msp);
|
|
+ } else {
|
|
+ return ssl3_ComputeMasterSecretInt(ss, pms, msp);
|
|
+ }
|
|
+}
|
|
+
|
|
+/* This method uses PKCS11 to derive the MS from the PMS, where PMS
|
|
+** is a PKCS11 symkey. We call ssl3_ComputeMasterSecret to do the
|
|
+** computations and then modify the pwSpec->state as a side effect.
|
|
+**
|
|
+** This is used in all cases except the "triple bypass" with RSA key
|
|
+** exchange.
|
|
+**
|
|
+** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec.
|
|
+*/
|
|
+static SECStatus
|
|
+ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms)
|
|
+{
|
|
+ SECStatus rv;
|
|
+ PK11SymKey* ms = NULL;
|
|
+ ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
|
|
+
|
|
+ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
|
+ PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
|
|
+ PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
|
|
+
|
|
+ if (pms) {
|
|
+ rv = ssl3_ComputeMasterSecret(ss, pms, &ms);
|
|
+ pwSpec->master_secret = ms;
|
|
+ if (rv != SECSuccess)
|
|
+ return rv;
|
|
}
|
|
+
|
|
#ifndef NO_PKCS11_BYPASS
|
|
if (ss->opt.bypassPKCS11) {
|
|
SECItem * keydata;
|
|
@@ -3847,7 +3987,7 @@
|
|
rv = PK11_ExtractKeyValue(pwSpec->master_secret);
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
- }
|
|
+ }
|
|
/* This returns the address of the secItem inside the key struct,
|
|
* not a copy or a reference. So, there's no need to free it.
|
|
*/
|
|
@@ -3862,10 +4002,10 @@
|
|
}
|
|
}
|
|
#endif
|
|
+
|
|
return SECSuccess;
|
|
}
|
|
|
|
-
|
|
/*
|
|
* Derive encryption and MAC Keys (and IVs) from master secret
|
|
* Sets a useful error code when returning SECFailure.
|
|
@@ -3898,7 +4038,9 @@
|
|
PK11SymKey * symKey = NULL;
|
|
void * pwArg = ss->pkcs11PinArg;
|
|
int keySize;
|
|
- CK_SSL3_KEY_MAT_PARAMS key_material_params;
|
|
+ CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a
|
|
+ * CK_SSL3_KEY_MAT_PARAMS */
|
|
+ unsigned int key_material_params_len;
|
|
CK_SSL3_KEY_MAT_OUT returnedKeys;
|
|
CK_MECHANISM_TYPE key_derive;
|
|
CK_MECHANISM_TYPE bulk_mechanism;
|
|
@@ -3952,17 +4094,21 @@
|
|
PORT_Assert( alg2Mech[calg].calg == calg);
|
|
bulk_mechanism = alg2Mech[calg].cmech;
|
|
|
|
- params.data = (unsigned char *)&key_material_params;
|
|
- params.len = sizeof(key_material_params);
|
|
-
|
|
if (isTLS12) {
|
|
- key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
|
|
+ key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
|
|
+ key_material_params.prfHashMechanism = CKM_SHA256;
|
|
+ key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS);
|
|
} else if (isTLS) {
|
|
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
|
|
+ key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
|
|
} else {
|
|
key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
|
|
+ key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
|
|
}
|
|
|
|
+ params.data = (unsigned char *)&key_material_params;
|
|
+ params.len = key_material_params_len;
|
|
+
|
|
/* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and
|
|
* DERIVE by DEFAULT */
|
|
symKey = PK11_Derive(pwSpec->master_secret, key_derive, ¶ms,
|
|
@@ -4273,6 +4419,12 @@
|
|
PRUint8 b[4];
|
|
PRUint8 * p = b;
|
|
|
|
+ PORT_Assert(lenSize <= 4 && lenSize > 0);
|
|
+ if (lenSize < 4 && num >= (1L << (lenSize * 8))) {
|
|
+ PORT_SetError(SSL_ERROR_TX_RECORD_TOO_LONG);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
switch (lenSize) {
|
|
case 4:
|
|
*p++ = (num >> 24) & 0xff;
|
|
@@ -4365,17 +4517,12 @@
|
|
* |sigAndHash| to the current handshake message. */
|
|
SECStatus
|
|
ssl3_AppendSignatureAndHashAlgorithm(
|
|
- sslSocket *ss, const SSL3SignatureAndHashAlgorithm* sigAndHash)
|
|
+ sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash)
|
|
{
|
|
- unsigned char serialized[2];
|
|
+ PRUint8 serialized[2];
|
|
|
|
- serialized[0] = ssl3_OIDToTLSHashAlgorithm(sigAndHash->hashAlg);
|
|
- if (serialized[0] == 0) {
|
|
- PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
|
- return SECFailure;
|
|
- }
|
|
-
|
|
- serialized[1] = sigAndHash->sigAlg;
|
|
+ serialized[0] = (PRUint8)sigAndHash->hashAlg;
|
|
+ serialized[1] = (PRUint8)sigAndHash->sigAlg;
|
|
|
|
return ssl3_AppendHandshake(ss, serialized, sizeof(serialized));
|
|
}
|
|
@@ -4470,6 +4617,7 @@
|
|
PORT_Assert(bytes <= 3);
|
|
i->len = 0;
|
|
i->data = NULL;
|
|
+ i->type = siBuffer;
|
|
count = ssl3_ConsumeHandshakeNumber(ss, bytes, b, length);
|
|
if (count < 0) { /* Can't test for SECSuccess here. */
|
|
return SECFailure;
|
|
@@ -4489,15 +4637,13 @@
|
|
/* tlsHashOIDMap contains the mapping between TLS hash identifiers and the
|
|
* SECOidTag used internally by NSS. */
|
|
static const struct {
|
|
- int tlsHash;
|
|
+ SSLHashType tlsHash;
|
|
SECOidTag oid;
|
|
} tlsHashOIDMap[] = {
|
|
- { tls_hash_md5, SEC_OID_MD5 },
|
|
- { tls_hash_sha1, SEC_OID_SHA1 },
|
|
- { tls_hash_sha224, SEC_OID_SHA224 },
|
|
- { tls_hash_sha256, SEC_OID_SHA256 },
|
|
- { tls_hash_sha384, SEC_OID_SHA384 },
|
|
- { tls_hash_sha512, SEC_OID_SHA512 }
|
|
+ { ssl_hash_sha1, SEC_OID_SHA1 },
|
|
+ { ssl_hash_sha256, SEC_OID_SHA256 },
|
|
+ { ssl_hash_sha384, SEC_OID_SHA384 },
|
|
+ { ssl_hash_sha512, SEC_OID_SHA512 }
|
|
};
|
|
|
|
/* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value.
|
|
@@ -4505,7 +4651,7 @@
|
|
*
|
|
* See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
SECOidTag
|
|
-ssl3_TLSHashAlgorithmToOID(int hashFunc)
|
|
+ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc)
|
|
{
|
|
unsigned int i;
|
|
|
|
@@ -4517,42 +4663,24 @@
|
|
return SEC_OID_UNKNOWN;
|
|
}
|
|
|
|
-/* ssl3_OIDToTLSHashAlgorithm converts an OID to a TLS hash algorithm
|
|
- * identifier. If the hash is not recognised, zero is returned.
|
|
- *
|
|
- * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
-static int
|
|
-ssl3_OIDToTLSHashAlgorithm(SECOidTag oid)
|
|
-{
|
|
- unsigned int i;
|
|
-
|
|
- for (i = 0; i < PR_ARRAY_SIZE(tlsHashOIDMap); i++) {
|
|
- if (oid == tlsHashOIDMap[i].oid) {
|
|
- return tlsHashOIDMap[i].tlsHash;
|
|
- }
|
|
- }
|
|
- return 0;
|
|
-}
|
|
-
|
|
/* ssl3_TLSSignatureAlgorithmForKeyType returns the TLS 1.2 signature algorithm
|
|
* identifier for a given KeyType. */
|
|
static SECStatus
|
|
-ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType,
|
|
- TLSSignatureAlgorithm *out)
|
|
+ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, SSLSignType *out)
|
|
{
|
|
switch (keyType) {
|
|
case rsaKey:
|
|
- *out = tls_sig_rsa;
|
|
- return SECSuccess;
|
|
+ *out = ssl_sign_rsa;
|
|
+ return SECSuccess;
|
|
case dsaKey:
|
|
- *out = tls_sig_dsa;
|
|
- return SECSuccess;
|
|
+ *out = ssl_sign_dsa;
|
|
+ return SECSuccess;
|
|
case ecKey:
|
|
- *out = tls_sig_ecdsa;
|
|
- return SECSuccess;
|
|
+ *out = ssl_sign_ecdsa;
|
|
+ return SECSuccess;
|
|
default:
|
|
- PORT_SetError(SEC_ERROR_INVALID_KEY);
|
|
- return SECFailure;
|
|
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
|
|
+ return SECFailure;
|
|
}
|
|
}
|
|
|
|
@@ -4560,15 +4688,15 @@
|
|
* algorithm identifier for the given certificate. */
|
|
static SECStatus
|
|
ssl3_TLSSignatureAlgorithmForCertificate(CERTCertificate *cert,
|
|
- TLSSignatureAlgorithm *out)
|
|
+ SSLSignType *out)
|
|
{
|
|
SECKEYPublicKey *key;
|
|
KeyType keyType;
|
|
|
|
key = CERT_ExtractPublicKey(cert);
|
|
if (key == NULL) {
|
|
- ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
|
|
- return SECFailure;
|
|
+ ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
|
|
+ return SECFailure;
|
|
}
|
|
|
|
keyType = key->keyType;
|
|
@@ -4578,24 +4706,75 @@
|
|
|
|
/* ssl3_CheckSignatureAndHashAlgorithmConsistency checks that the signature
|
|
* algorithm identifier in |sigAndHash| is consistent with the public key in
|
|
- * |cert|. If so, SECSuccess is returned. Otherwise, PORT_SetError is called
|
|
- * and SECFailure is returned. */
|
|
+ * |cert|. It also checks the hash algorithm against the configured signature
|
|
+ * algorithms. If all the tests pass, SECSuccess is returned. Otherwise,
|
|
+ * PORT_SetError is called and SECFailure is returned. */
|
|
SECStatus
|
|
ssl3_CheckSignatureAndHashAlgorithmConsistency(
|
|
- const SSL3SignatureAndHashAlgorithm *sigAndHash, CERTCertificate* cert)
|
|
+ sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash,
|
|
+ CERTCertificate* cert)
|
|
{
|
|
SECStatus rv;
|
|
- TLSSignatureAlgorithm sigAlg;
|
|
+ SSLSignType sigAlg;
|
|
+ unsigned int i;
|
|
|
|
rv = ssl3_TLSSignatureAlgorithmForCertificate(cert, &sigAlg);
|
|
if (rv != SECSuccess) {
|
|
- return rv;
|
|
+ return rv;
|
|
}
|
|
if (sigAlg != sigAndHash->sigAlg) {
|
|
- PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
|
|
- return SECFailure;
|
|
+ PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
|
|
+ return SECFailure;
|
|
}
|
|
- return SECSuccess;
|
|
+
|
|
+ for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) {
|
|
+ const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i];
|
|
+ if (sigAndHash->sigAlg == alg->sigAlg &&
|
|
+ sigAndHash->hashAlg == alg->hashAlg) {
|
|
+ return SECSuccess;
|
|
+ }
|
|
+ }
|
|
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
|
|
+ return SECFailure;
|
|
+}
|
|
+
|
|
+PRBool
|
|
+ssl3_IsSupportedSignatureAlgorithm(const SSLSignatureAndHashAlg *alg)
|
|
+{
|
|
+ static const SSLHashType supportedHashes[] = {
|
|
+ ssl_hash_sha1,
|
|
+ ssl_hash_sha256,
|
|
+ ssl_hash_sha384,
|
|
+ ssl_hash_sha512
|
|
+ };
|
|
+
|
|
+ static const SSLSignType supportedSigAlgs[] = {
|
|
+ ssl_sign_rsa,
|
|
+#ifndef NSS_DISABLE_ECC
|
|
+ ssl_sign_ecdsa,
|
|
+#endif
|
|
+ ssl_sign_dsa
|
|
+ };
|
|
+
|
|
+ unsigned int i;
|
|
+ PRBool hashOK = PR_FALSE;
|
|
+ PRBool signOK = PR_FALSE;
|
|
+
|
|
+ for (i = 0; i < PR_ARRAY_SIZE(supportedHashes); ++i) {
|
|
+ if (alg->hashAlg == supportedHashes[i]) {
|
|
+ hashOK = PR_TRUE;
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ for (i = 0; i < PR_ARRAY_SIZE(supportedSigAlgs); ++i) {
|
|
+ if (alg->sigAlg == supportedSigAlgs[i]) {
|
|
+ signOK = PR_TRUE;
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return hashOK && signOK;
|
|
}
|
|
|
|
/* ssl3_ConsumeSignatureAndHashAlgorithm reads a SignatureAndHashAlgorithm
|
|
@@ -4605,25 +4784,24 @@
|
|
* See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
SECStatus
|
|
ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss,
|
|
- SSL3Opaque **b,
|
|
- PRUint32 *length,
|
|
- SSL3SignatureAndHashAlgorithm *out)
|
|
+ SSL3Opaque **b,
|
|
+ PRUint32 *length,
|
|
+ SSLSignatureAndHashAlg *out)
|
|
{
|
|
- unsigned char bytes[2];
|
|
+ PRUint8 bytes[2];
|
|
SECStatus rv;
|
|
|
|
rv = ssl3_ConsumeHandshake(ss, bytes, sizeof(bytes), b, length);
|
|
if (rv != SECSuccess) {
|
|
- return rv;
|
|
+ return rv;
|
|
}
|
|
|
|
- out->hashAlg = ssl3_TLSHashAlgorithmToOID(bytes[0]);
|
|
- if (out->hashAlg == SEC_OID_UNKNOWN) {
|
|
- PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
|
- return SECFailure;
|
|
+ out->hashAlg = (SSLHashType)bytes[0];
|
|
+ out->sigAlg = (SSLSignType)bytes[1];
|
|
+ if (!ssl3_IsSupportedSignatureAlgorithm(out)) {
|
|
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
|
|
+ return SECFailure;
|
|
}
|
|
-
|
|
- out->sigAlg = bytes[1];
|
|
return SECSuccess;
|
|
}
|
|
|
|
@@ -4653,7 +4831,12 @@
|
|
SSL3Opaque sha_inner[MAX_MAC_LENGTH];
|
|
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
|
|
- hashes->hashAlg = SEC_OID_UNKNOWN;
|
|
+ if (ss->ssl3.hs.hashType == handshake_hash_unknown) {
|
|
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ hashes->hashAlg = ssl_hash_none;
|
|
|
|
#ifndef NO_PKCS11_BYPASS
|
|
if (ss->opt.bypassPKCS11 &&
|
|
@@ -4661,11 +4844,6 @@
|
|
/* compute them without PKCS11 */
|
|
PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
|
|
|
|
- if (!spec->msItem.data) {
|
|
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
|
|
- return SECFailure;
|
|
- }
|
|
-
|
|
ss->ssl3.hs.sha_clone(sha_cx, ss->ssl3.hs.sha_cx);
|
|
ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len,
|
|
sizeof(hashes->u.raw));
|
|
@@ -4674,7 +4852,7 @@
|
|
|
|
/* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
|
* then this will need to be updated. */
|
|
- hashes->hashAlg = SEC_OID_SHA256;
|
|
+ hashes->hashAlg = ssl_hash_sha256;
|
|
rv = SECSuccess;
|
|
} else if (ss->opt.bypassPKCS11) {
|
|
/* compute them without PKCS11 */
|
|
@@ -4684,11 +4862,6 @@
|
|
#define md5cx ((MD5Context *)md5_cx)
|
|
#define shacx ((SHA1Context *)sha_cx)
|
|
|
|
- if (!spec->msItem.data) {
|
|
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
|
|
- return SECFailure;
|
|
- }
|
|
-
|
|
MD5_Clone (md5cx, (MD5Context *)ss->ssl3.hs.md5_cx);
|
|
SHA1_Clone(shacx, (SHA1Context *)ss->ssl3.hs.sha_cx);
|
|
|
|
@@ -4696,6 +4869,11 @@
|
|
/* compute hashes for SSL3. */
|
|
unsigned char s[4];
|
|
|
|
+ if (!spec->msItem.data) {
|
|
+ PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
s[0] = (unsigned char)(sender >> 24);
|
|
s[1] = (unsigned char)(sender >> 16);
|
|
s[2] = (unsigned char)(sender >> 8);
|
|
@@ -4768,11 +4946,6 @@
|
|
unsigned char stackBuf[1024];
|
|
unsigned char *stateBuf = NULL;
|
|
|
|
- if (!spec->master_secret) {
|
|
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
|
|
- return SECFailure;
|
|
- }
|
|
-
|
|
h = ss->ssl3.hs.sha;
|
|
stateBuf = PK11_SaveContextAlloc(h, stackBuf,
|
|
sizeof(stackBuf), &stateLen);
|
|
@@ -4789,7 +4962,7 @@
|
|
}
|
|
/* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
|
* then this will need to be updated. */
|
|
- hashes->hashAlg = SEC_OID_SHA256;
|
|
+ hashes->hashAlg = ssl_hash_sha256;
|
|
rv = SECSuccess;
|
|
|
|
tls12_loser:
|
|
@@ -4812,11 +4985,6 @@
|
|
unsigned char md5StackBuf[256];
|
|
unsigned char shaStackBuf[512];
|
|
|
|
- if (!spec->master_secret) {
|
|
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
|
|
- return SECFailure;
|
|
- }
|
|
-
|
|
md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf,
|
|
sizeof md5StackBuf, &md5StateLen);
|
|
if (md5StateBuf == NULL) {
|
|
@@ -4837,6 +5005,11 @@
|
|
/* compute hashes for SSL3. */
|
|
unsigned char s[4];
|
|
|
|
+ if (!spec->master_secret) {
|
|
+ PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
s[0] = (unsigned char)(sender >> 24);
|
|
s[1] = (unsigned char)(sender >> 16);
|
|
s[2] = (unsigned char)(sender >> 8);
|
|
@@ -4968,7 +5141,7 @@
|
|
rv = SECFailure;
|
|
goto loser;
|
|
}
|
|
- hashes->hashAlg = SEC_OID_SHA1;
|
|
+ hashes->hashAlg = ssl_hash_sha1;
|
|
|
|
loser:
|
|
PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE);
|
|
@@ -5049,7 +5222,9 @@
|
|
if (rv != SECSuccess) {
|
|
return rv; /* ssl3_InitState has set the error code. */
|
|
}
|
|
- ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */
|
|
+ /* These must be reset every handshake. */
|
|
+ ss->ssl3.hs.sendingSCSV = PR_FALSE;
|
|
+ ss->ssl3.hs.preliminaryInfo = 0;
|
|
PORT_Assert(IS_DTLS(ss) || !resending);
|
|
|
|
SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE);
|
|
@@ -5425,7 +5600,7 @@
|
|
}
|
|
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
|
|
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
|
|
- if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
|
|
+ if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange, ss)) {
|
|
actual_count++;
|
|
if (actual_count > num_suites) {
|
|
if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
|
|
@@ -6083,14 +6258,6 @@
|
|
}
|
|
}
|
|
|
|
- rv = ssl3_InitPendingCipherSpec(ss, pms);
|
|
- PK11_FreeSymKey(pms); pms = NULL;
|
|
-
|
|
- if (rv != SECSuccess) {
|
|
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
|
|
- goto loser;
|
|
- }
|
|
-
|
|
rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
|
|
isTLS ? enc_pms.len + 2 : enc_pms.len);
|
|
if (rv != SECSuccess) {
|
|
@@ -6105,6 +6272,15 @@
|
|
goto loser; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
|
|
+ rv = ssl3_InitPendingCipherSpec(ss, pms);
|
|
+ PK11_FreeSymKey(pms);
|
|
+ pms = NULL;
|
|
+
|
|
+ if (rv != SECSuccess) {
|
|
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
|
|
+ goto loser;
|
|
+ }
|
|
+
|
|
rv = SECSuccess;
|
|
|
|
loser:
|
|
@@ -6174,14 +6350,6 @@
|
|
SECKEY_DestroyPrivateKey(privKey);
|
|
privKey = NULL;
|
|
|
|
- rv = ssl3_InitPendingCipherSpec(ss, pms);
|
|
- PK11_FreeSymKey(pms); pms = NULL;
|
|
-
|
|
- if (rv != SECSuccess) {
|
|
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
|
|
- goto loser;
|
|
- }
|
|
-
|
|
rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
|
|
pubKey->u.dh.publicValue.len + 2);
|
|
if (rv != SECSuccess) {
|
|
@@ -6197,8 +6365,16 @@
|
|
goto loser; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
|
|
- rv = SECSuccess;
|
|
+ rv = ssl3_InitPendingCipherSpec(ss, pms);
|
|
+ PK11_FreeSymKey(pms);
|
|
+ pms = NULL;
|
|
|
|
+ if (rv != SECSuccess) {
|
|
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
|
|
+ goto loser;
|
|
+ }
|
|
+
|
|
+ rv = SECSuccess;
|
|
|
|
loser:
|
|
|
|
@@ -6240,9 +6416,9 @@
|
|
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
|
|
/* enforce limits on kea key sizes. */
|
|
if (ss->ssl3.hs.kea_def->is_limited) {
|
|
- int keyLen = SECKEY_PublicKeyStrength(serverKey); /* bytes */
|
|
+ unsigned int keyLen = SECKEY_PublicKeyStrengthInBits(serverKey);
|
|
|
|
- if (keyLen * BPB > ss->ssl3.hs.kea_def->key_size_limit) {
|
|
+ if (keyLen > ss->ssl3.hs.kea_def->key_size_limit) {
|
|
if (isTLS)
|
|
(void)SSL3_SendAlert(ss, alert_fatal, export_restriction);
|
|
else
|
|
@@ -6297,7 +6473,7 @@
|
|
SSL3Hashes hashes;
|
|
KeyType keyType;
|
|
unsigned int len;
|
|
- SSL3SignatureAndHashAlgorithm sigAndHash;
|
|
+ SSLSignatureAndHashAlg sigAndHash;
|
|
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
|
@@ -6362,11 +6538,11 @@
|
|
}
|
|
if (isTLS12) {
|
|
rv = ssl3_TLSSignatureAlgorithmForKeyType(keyType,
|
|
- &sigAndHash.sigAlg);
|
|
+ &sigAndHash.sigAlg);
|
|
if (rv != SECSuccess) {
|
|
goto done;
|
|
}
|
|
- sigAndHash.hashAlg = hashes.hashAlg;
|
|
+ sigAndHash.hashAlg = hashes.hashAlg;
|
|
|
|
rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash);
|
|
if (rv != SECSuccess) {
|
|
@@ -6474,6 +6650,7 @@
|
|
errCode = SSL_ERROR_UNSUPPORTED_VERSION;
|
|
goto alert_loser;
|
|
}
|
|
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
|
|
isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
|
|
|
|
rv = ssl3_InitHandshakeHashes(ss);
|
|
@@ -6509,7 +6686,7 @@
|
|
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
|
|
if (temp == suite->cipher_suite) {
|
|
SSLVersionRange vrange = {ss->version, ss->version};
|
|
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
|
|
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
|
|
/* config_match already checks whether the cipher suite is
|
|
* acceptable for the version, but the check is repeated here
|
|
* in order to give a more precise error code. */
|
|
@@ -6533,6 +6710,7 @@
|
|
}
|
|
ss->ssl3.hs.cipher_suite = (ssl3CipherSuite)temp;
|
|
ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef((ssl3CipherSuite)temp);
|
|
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
|
|
PORT_Assert(ss->ssl3.hs.suite_def);
|
|
if (!ss->ssl3.hs.suite_def) {
|
|
PORT_SetError(errCode = SEC_ERROR_LIBRARY_FAILURE);
|
|
@@ -6619,6 +6797,32 @@
|
|
|
|
SECItem wrappedMS; /* wrapped master secret. */
|
|
|
|
+ /* [draft-ietf-tls-session-hash-06; Section 5.3]
|
|
+ *
|
|
+ * o If the original session did not use the "extended_master_secret"
|
|
+ * extension but the new ServerHello contains the extension, the
|
|
+ * client MUST abort the handshake.
|
|
+ */
|
|
+ if (!sid->u.ssl3.keys.extendedMasterSecretUsed &&
|
|
+ ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
|
|
+ errCode = SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET;
|
|
+ goto alert_loser;
|
|
+ }
|
|
+
|
|
+ /*
|
|
+ * o If the original session used an extended master secret but the new
|
|
+ * ServerHello does not contain the "extended_master_secret"
|
|
+ * extension, the client SHOULD abort the handshake.
|
|
+ *
|
|
+ * TODO(ekr@rtfm.com): Add option to refuse to resume when EMS is not
|
|
+ * used at all (bug 1176526).
|
|
+ */
|
|
+ if (sid->u.ssl3.keys.extendedMasterSecretUsed &&
|
|
+ !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
|
|
+ errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET;
|
|
+ goto alert_loser;
|
|
+ }
|
|
+
|
|
ss->sec.authAlgorithm = sid->authAlgorithm;
|
|
ss->sec.authKeyBits = sid->authKeyBits;
|
|
ss->sec.keaType = sid->keaType;
|
|
@@ -6721,7 +6925,7 @@
|
|
ssl3_CopyPeerCertsFromSID(ss, sid);
|
|
}
|
|
|
|
- /* NULL value for PMS signifies re-use of the old MS */
|
|
+ /* NULL value for PMS because we are reusing the old MS */
|
|
rv = ssl3_InitPendingCipherSpec(ss, NULL);
|
|
if (rv != SECSuccess) {
|
|
goto alert_loser; /* err code was set */
|
|
@@ -6750,6 +6954,9 @@
|
|
sid->u.ssl3.sessionIDLength = sidBytes.len;
|
|
PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
|
|
|
|
+ sid->u.ssl3.keys.extendedMasterSecretUsed =
|
|
+ ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn);
|
|
+
|
|
/* Copy Signed Certificate Timestamps, if any. */
|
|
if (ss->xtnData.signedCertTimestamps.data) {
|
|
rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,
|
|
@@ -6761,13 +6968,14 @@
|
|
ss->ssl3.hs.isResuming = PR_FALSE;
|
|
if (ss->ssl3.hs.kea_def->signKeyType != sign_null) {
|
|
/* All current cipher suites other than those with sign_null (i.e.,
|
|
- * DH_anon_* suites) require a certificate, so use that signal. */
|
|
+ * (EC)DH_anon_* suites) require a certificate, so use that signal. */
|
|
ss->ssl3.hs.ws = wait_server_cert;
|
|
- } else if (ss->ssl3.hs.kea_def->ephemeral) {
|
|
- /* Only ephemeral cipher suites use ServerKeyExchange. */
|
|
- ss->ssl3.hs.ws = wait_server_key;
|
|
} else {
|
|
- ss->ssl3.hs.ws = wait_cert_request;
|
|
+ /* All the remaining cipher suites must be (EC)DH_anon_* and so
|
|
+ * must be ephemeral. Note, if we ever add PSK this might
|
|
+ * change. */
|
|
+ PORT_Assert(ss->ssl3.hs.kea_def->ephemeral);
|
|
+ ss->ssl3.hs.ws = wait_server_key;
|
|
}
|
|
|
|
winner:
|
|
@@ -6807,29 +7015,6 @@
|
|
return SECFailure;
|
|
}
|
|
|
|
-/* ssl3_BigIntGreaterThanOne returns true iff |mpint|, taken as an unsigned,
|
|
- * big-endian integer is > 1 */
|
|
-static PRBool
|
|
-ssl3_BigIntGreaterThanOne(const SECItem* mpint) {
|
|
- unsigned char firstNonZeroByte = 0;
|
|
- unsigned int i;
|
|
-
|
|
- for (i = 0; i < mpint->len; i++) {
|
|
- if (mpint->data[i]) {
|
|
- firstNonZeroByte = mpint->data[i];
|
|
- break;
|
|
- }
|
|
- }
|
|
-
|
|
- if (firstNonZeroByte == 0)
|
|
- return PR_FALSE;
|
|
- if (firstNonZeroByte > 1)
|
|
- return PR_TRUE;
|
|
-
|
|
- /* firstNonZeroByte == 1, therefore mpint > 1 iff the first non-zero byte
|
|
- * is followed by another byte. */
|
|
- return (i < mpint->len - 1);
|
|
-}
|
|
|
|
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
|
|
* ssl3 ServerKeyExchange message.
|
|
@@ -6846,9 +7031,9 @@
|
|
SSL3AlertDescription desc = illegal_parameter;
|
|
SSL3Hashes hashes;
|
|
SECItem signature = {siBuffer, NULL, 0};
|
|
- SSL3SignatureAndHashAlgorithm sigAndHash;
|
|
+ SSLSignatureAndHashAlg sigAndHash;
|
|
|
|
- sigAndHash.hashAlg = SEC_OID_UNKNOWN;
|
|
+ sigAndHash.hashAlg = ssl_hash_none;
|
|
|
|
SSL_TRC(3, ("%d: SSL3[%d]: handle server_key_exchange handshake",
|
|
SSL_GETPID(), ss->fd));
|
|
@@ -6874,6 +7059,12 @@
|
|
if (rv != SECSuccess) {
|
|
goto loser; /* malformed. */
|
|
}
|
|
+ /* This exchange method is only used by export cipher suites.
|
|
+ * Those are broken and so this code will eventually be removed. */
|
|
+ if (SECKEY_BigIntegerBitLength(&modulus) < 512) {
|
|
+ desc = isTLS ? insufficient_security : illegal_parameter;
|
|
+ goto alert_loser;
|
|
+ }
|
|
rv = ssl3_ConsumeHandshakeVariable(ss, &exponent, 2, &b, &length);
|
|
if (rv != SECSuccess) {
|
|
goto loser; /* malformed. */
|
|
@@ -6884,7 +7075,7 @@
|
|
if (rv != SECSuccess) {
|
|
goto loser; /* malformed or unsupported. */
|
|
}
|
|
- rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
|
|
+ rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss,
|
|
&sigAndHash, ss->sec.peerCert);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
@@ -6907,10 +7098,10 @@
|
|
/*
|
|
* check to make sure the hash is signed by right guy
|
|
*/
|
|
- rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent,
|
|
- &ss->ssl3.hs.client_random,
|
|
- &ss->ssl3.hs.server_random,
|
|
- &hashes, ss->opt.bypassPKCS11);
|
|
+ rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent,
|
|
+ &ss->ssl3.hs.client_random,
|
|
+ &ss->ssl3.hs.server_random,
|
|
+ &hashes, ss->opt.bypassPKCS11);
|
|
if (rv != SECSuccess) {
|
|
errCode =
|
|
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
|
|
@@ -6936,7 +7127,6 @@
|
|
|
|
peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
|
|
if (peerKey == NULL) {
|
|
- PORT_FreeArena(arena, PR_FALSE);
|
|
goto no_memory;
|
|
}
|
|
|
|
@@ -6947,7 +7137,6 @@
|
|
if (SECITEM_CopyItem(arena, &peerKey->u.rsa.modulus, &modulus) ||
|
|
SECITEM_CopyItem(arena, &peerKey->u.rsa.publicExponent, &exponent))
|
|
{
|
|
- PORT_FreeArena(arena, PR_FALSE);
|
|
goto no_memory;
|
|
}
|
|
ss->sec.peerKey = peerKey;
|
|
@@ -6959,13 +7148,22 @@
|
|
SECItem dh_p = {siBuffer, NULL, 0};
|
|
SECItem dh_g = {siBuffer, NULL, 0};
|
|
SECItem dh_Ys = {siBuffer, NULL, 0};
|
|
+ unsigned dh_p_bits;
|
|
+ unsigned dh_g_bits;
|
|
+ unsigned dh_Ys_bits;
|
|
+ PRInt32 minDH;
|
|
|
|
rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
|
|
if (rv != SECSuccess) {
|
|
goto loser; /* malformed. */
|
|
}
|
|
- if (dh_p.len < 1024/8 ||
|
|
- (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) {
|
|
+
|
|
+ rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH);
|
|
+ if (rv != SECSuccess) {
|
|
+ minDH = SSL_DH_MIN_P_BITS;
|
|
+ }
|
|
+ dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
|
|
+ if (dh_p_bits < minDH) {
|
|
errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
|
|
goto alert_loser;
|
|
}
|
|
@@ -6973,13 +7171,16 @@
|
|
if (rv != SECSuccess) {
|
|
goto loser; /* malformed. */
|
|
}
|
|
- if (dh_g.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_g))
|
|
+ /* Abort if dh_g is 0, 1, or obviously too big. */
|
|
+ dh_g_bits = SECKEY_BigIntegerBitLength(&dh_g);
|
|
+ if (dh_g_bits > dh_p_bits || dh_g_bits <= 1)
|
|
goto alert_loser;
|
|
rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length);
|
|
if (rv != SECSuccess) {
|
|
goto loser; /* malformed. */
|
|
}
|
|
- if (dh_Ys.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_Ys))
|
|
+ dh_Ys_bits = SECKEY_BigIntegerBitLength(&dh_Ys);
|
|
+ if (dh_Ys_bits > dh_p_bits || dh_Ys_bits <= 1)
|
|
goto alert_loser;
|
|
if (isTLS12) {
|
|
rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
|
|
@@ -6987,7 +7188,7 @@
|
|
if (rv != SECSuccess) {
|
|
goto loser; /* malformed or unsupported. */
|
|
}
|
|
- rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
|
|
+ rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss,
|
|
&sigAndHash, ss->sec.peerCert);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
@@ -7014,10 +7215,10 @@
|
|
/*
|
|
* check to make sure the hash is signed by right guy
|
|
*/
|
|
- rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys,
|
|
- &ss->ssl3.hs.client_random,
|
|
- &ss->ssl3.hs.server_random,
|
|
- &hashes, ss->opt.bypassPKCS11);
|
|
+ rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys,
|
|
+ &ss->ssl3.hs.client_random,
|
|
+ &ss->ssl3.hs.server_random,
|
|
+ &hashes, ss->opt.bypassPKCS11);
|
|
if (rv != SECSuccess) {
|
|
errCode =
|
|
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
|
|
@@ -7041,7 +7242,7 @@
|
|
goto no_memory;
|
|
}
|
|
|
|
- ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
|
|
+ peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
|
|
if (peerKey == NULL) {
|
|
goto no_memory;
|
|
}
|
|
@@ -7055,7 +7256,6 @@
|
|
SECITEM_CopyItem(arena, &peerKey->u.dh.base, &dh_g) ||
|
|
SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys))
|
|
{
|
|
- PORT_FreeArena(arena, PR_FALSE);
|
|
goto no_memory;
|
|
}
|
|
ss->sec.peerKey = peerKey;
|
|
@@ -7078,10 +7278,16 @@
|
|
alert_loser:
|
|
(void)SSL3_SendAlert(ss, alert_fatal, desc);
|
|
loser:
|
|
+ if (arena) {
|
|
+ PORT_FreeArena(arena, PR_FALSE);
|
|
+ }
|
|
PORT_SetError( errCode );
|
|
return SECFailure;
|
|
|
|
no_memory: /* no-memory error has already been set. */
|
|
+ if (arena) {
|
|
+ PORT_FreeArena(arena, PR_FALSE);
|
|
+ }
|
|
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
|
|
return SECFailure;
|
|
}
|
|
@@ -7092,7 +7298,7 @@
|
|
*/
|
|
static SECStatus
|
|
ssl3_ExtractClientKeyInfo(sslSocket *ss,
|
|
- TLSSignatureAlgorithm *sigAlg,
|
|
+ SSLSignType *sigAlg,
|
|
PRBool *preferSha1)
|
|
{
|
|
SECStatus rv = SECSuccess;
|
|
@@ -7148,7 +7354,7 @@
|
|
const SECItem *algorithms)
|
|
{
|
|
SECStatus rv;
|
|
- TLSSignatureAlgorithm sigAlg;
|
|
+ SSLSignType sigAlg;
|
|
PRBool preferSha1;
|
|
PRBool supportsSha1 = PR_FALSE;
|
|
PRBool supportsSha256 = PR_FALSE;
|
|
@@ -7173,9 +7379,9 @@
|
|
/* Determine the server's hash support for that signature algorithm. */
|
|
for (i = 0; i < algorithms->len; i += 2) {
|
|
if (algorithms->data[i+1] == sigAlg) {
|
|
- if (algorithms->data[i] == tls_hash_sha1) {
|
|
+ if (algorithms->data[i] == ssl_hash_sha1) {
|
|
supportsSha1 = PR_TRUE;
|
|
- } else if (algorithms->data[i] == tls_hash_sha256) {
|
|
+ } else if (algorithms->data[i] == ssl_hash_sha256) {
|
|
supportsSha256 = PR_TRUE;
|
|
}
|
|
}
|
|
@@ -7334,6 +7540,8 @@
|
|
} else
|
|
#endif
|
|
if (ss->getClientAuthData != NULL) {
|
|
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
|
|
+ ssl_preinfo_all);
|
|
/* XXX Should pass cert_types and algorithms in this call!! */
|
|
rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
|
|
ss->fd, &ca_list,
|
|
@@ -7565,6 +7773,8 @@
|
|
SSL_TRC(3, ("%d: SSL[%d]: no false start due to weak cipher",
|
|
SSL_GETPID(), ss->fd));
|
|
} else {
|
|
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
|
|
+ ssl_preinfo_all);
|
|
rv = (ss->canFalseStartCallback)(ss->fd,
|
|
ss->canFalseStartCallbackData,
|
|
&ss->ssl3.hs.canFalseStart);
|
|
@@ -7923,6 +8133,7 @@
|
|
sid->u.ssl3.policy = SSL_ALLOWED;
|
|
sid->u.ssl3.clientWriteKey = NULL;
|
|
sid->u.ssl3.serverWriteKey = NULL;
|
|
+ sid->u.ssl3.keys.extendedMasterSecretUsed = PR_FALSE;
|
|
|
|
if (is_server) {
|
|
SECStatus rv;
|
|
@@ -7975,7 +8186,7 @@
|
|
|
|
if (kea_def->is_limited && kea_def->exchKeyType == kt_rsa) {
|
|
/* see if we can legally use the key in the cert. */
|
|
- int keyLen; /* bytes */
|
|
+ unsigned int keyLen; /* bytes */
|
|
|
|
keyLen = PK11_GetPrivateModulusLen(
|
|
ss->serverCerts[kea_def->exchKeyType].SERVERKEY);
|
|
@@ -8022,6 +8233,22 @@
|
|
/* An empty TLS Renegotiation Info (RI) extension */
|
|
static const PRUint8 emptyRIext[5] = {0xff, 0x01, 0x00, 0x01, 0x00};
|
|
|
|
+static PRBool
|
|
+ssl3_KEAAllowsSessionTicket(SSL3KeyExchangeAlgorithm kea)
|
|
+{
|
|
+ switch (kea) {
|
|
+ case kea_dhe_dss:
|
|
+ case kea_dhe_dss_export:
|
|
+ case kea_dh_dss_export:
|
|
+ case kea_dh_dss:
|
|
+ /* TODO: Fix session tickets for DSS. The server code rejects the
|
|
+ * session ticket received from the client. Bug 1174677 */
|
|
+ return PR_FALSE;
|
|
+ default:
|
|
+ return PR_TRUE;
|
|
+ };
|
|
+}
|
|
+
|
|
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
|
|
* ssl3 Client Hello message.
|
|
* Caller must hold Handshake and RecvBuf locks.
|
|
@@ -8044,6 +8271,7 @@
|
|
SECItem comps = {siBuffer, NULL, 0};
|
|
PRBool haveSpecWriteLock = PR_FALSE;
|
|
PRBool haveXmitBufLock = PR_FALSE;
|
|
+ PRBool canOfferSessionTicket = PR_FALSE;
|
|
|
|
SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake",
|
|
SSL_GETPID(), ss->fd));
|
|
@@ -8051,6 +8279,7 @@
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
|
PORT_Assert( ss->ssl3.initialized );
|
|
+ ss->ssl3.hs.preliminaryInfo = 0;
|
|
|
|
if (!ss->sec.isServer ||
|
|
(ss->ssl3.hs.ws != wait_client_hello &&
|
|
@@ -8116,6 +8345,7 @@
|
|
errCode = SSL_ERROR_UNSUPPORTED_VERSION;
|
|
goto alert_loser;
|
|
}
|
|
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
|
|
|
|
rv = ssl3_InitHandshakeHashes(ss);
|
|
if (rv != SECSuccess) {
|
|
@@ -8283,8 +8513,7 @@
|
|
* resuming.)
|
|
*/
|
|
if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && sid == NULL) {
|
|
- ssl3_RegisterServerHelloExtensionSender(ss,
|
|
- ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn);
|
|
+ canOfferSessionTicket = PR_TRUE;
|
|
}
|
|
|
|
if (sid != NULL) {
|
|
@@ -8367,7 +8596,7 @@
|
|
* The product policy won't change during the process lifetime.
|
|
* Implemented ("isPresent") shouldn't change for servers.
|
|
*/
|
|
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange))
|
|
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss))
|
|
break;
|
|
#else
|
|
if (!suite->enabled)
|
|
@@ -8380,6 +8609,7 @@
|
|
ss->ssl3.hs.cipher_suite = suite->cipher_suite;
|
|
ss->ssl3.hs.suite_def =
|
|
ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
|
|
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
|
|
|
|
/* Use the cached compression method. */
|
|
ss->ssl3.hs.compression = sid->u.ssl3.compression;
|
|
@@ -8416,7 +8646,7 @@
|
|
for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
|
|
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
|
|
SSLVersionRange vrange = {ss->version, ss->version};
|
|
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
|
|
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
|
|
continue;
|
|
}
|
|
for (i = 0; i + 1 < suites.len; i += 2) {
|
|
@@ -8425,6 +8655,7 @@
|
|
ss->ssl3.hs.cipher_suite = suite->cipher_suite;
|
|
ss->ssl3.hs.suite_def =
|
|
ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
|
|
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
|
|
goto suite_found;
|
|
}
|
|
}
|
|
@@ -8433,6 +8664,15 @@
|
|
goto alert_loser;
|
|
|
|
suite_found:
|
|
+ if (canOfferSessionTicket)
|
|
+ canOfferSessionTicket = ssl3_KEAAllowsSessionTicket(
|
|
+ ss->ssl3.hs.suite_def->key_exchange_alg);
|
|
+
|
|
+ if (canOfferSessionTicket) {
|
|
+ ssl3_RegisterServerHelloExtensionSender(ss,
|
|
+ ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn);
|
|
+ }
|
|
+
|
|
/* Select a compression algorithm. */
|
|
for (i = 0; i < comps.len; i++) {
|
|
if (!compressionEnabled(ss, comps.data[i]))
|
|
@@ -8458,6 +8698,8 @@
|
|
/* If there are any failures while processing the old sid,
|
|
* we don't consider them to be errors. Instead, We just behave
|
|
* as if the client had sent us no sid to begin with, and make a new one.
|
|
+ * The exception here is attempts to resume extended_master_secret
|
|
+ * sessions without the extension, which causes an alert.
|
|
*/
|
|
if (sid != NULL) do {
|
|
ssl3CipherSpec *pwSpec;
|
|
@@ -8469,6 +8711,30 @@
|
|
break; /* not an error */
|
|
}
|
|
|
|
+ /* [draft-ietf-tls-session-hash-06; Section 5.3]
|
|
+ * o If the original session did not use the "extended_master_secret"
|
|
+ * extension but the new ClientHello contains the extension, then the
|
|
+ * server MUST NOT perform the abbreviated handshake. Instead, it
|
|
+ * SHOULD continue with a full handshake (as described in
|
|
+ * Section 5.2) to negotiate a new session.
|
|
+ *
|
|
+ * o If the original session used the "extended_master_secret"
|
|
+ * extension but the new ClientHello does not contain the extension,
|
|
+ * the server MUST abort the abbreviated handshake.
|
|
+ */
|
|
+ if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
|
|
+ if (!sid->u.ssl3.keys.extendedMasterSecretUsed) {
|
|
+ break; /* not an error */
|
|
+ }
|
|
+ } else {
|
|
+ if (sid->u.ssl3.keys.extendedMasterSecretUsed) {
|
|
+ /* Note: we do not destroy the session */
|
|
+ desc = handshake_failure;
|
|
+ errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET;
|
|
+ goto alert_loser;
|
|
+ }
|
|
+ }
|
|
+
|
|
if (ss->sec.ci.sid) {
|
|
if (ss->sec.uncache)
|
|
ss->sec.uncache(ss->sec.ci.sid);
|
|
@@ -8610,7 +8876,7 @@
|
|
haveSpecWriteLock = PR_FALSE;
|
|
}
|
|
|
|
- /* NULL value for PMS signifies re-use of the old MS */
|
|
+ /* NULL value for PMS because we are re-using the old MS */
|
|
rv = ssl3_InitPendingCipherSpec(ss, NULL);
|
|
if (rv != SECSuccess) {
|
|
errCode = PORT_GetError();
|
|
@@ -8654,6 +8920,9 @@
|
|
if (ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) {
|
|
int ret = 0;
|
|
if (ss->sniSocketConfig) do { /* not a loop */
|
|
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
|
|
+ ssl_preinfo_all);
|
|
+
|
|
ret = SSL_SNI_SEND_ALERT;
|
|
/* If extension is negotiated, the len of names should > 0. */
|
|
if (ss->xtnData.sniNameArrSize) {
|
|
@@ -8701,7 +8970,7 @@
|
|
ret = SSL_SNI_SEND_ALERT;
|
|
break;
|
|
}
|
|
- } else if (ret < ss->xtnData.sniNameArrSize) {
|
|
+ } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) {
|
|
/* Application has configured new socket info. Lets check it
|
|
* and save the name. */
|
|
SECStatus rv;
|
|
@@ -8752,7 +9021,7 @@
|
|
ssl3_SendServerNameXtn);
|
|
} else {
|
|
/* Callback returned index outside of the boundary. */
|
|
- PORT_Assert(ret < ss->xtnData.sniNameArrSize);
|
|
+ PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize);
|
|
errCode = SSL_ERROR_INTERNAL_ERROR_ALERT;
|
|
desc = internal_error;
|
|
ret = SSL_SNI_SEND_ALERT;
|
|
@@ -8798,13 +9067,16 @@
|
|
}
|
|
ss->sec.ci.sid = sid;
|
|
|
|
+ sid->u.ssl3.keys.extendedMasterSecretUsed =
|
|
+ ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn);
|
|
ss->ssl3.hs.isResuming = PR_FALSE;
|
|
ssl_GetXmitBufLock(ss);
|
|
rv = ssl3_SendServerHelloSequence(ss);
|
|
ssl_ReleaseXmitBufLock(ss);
|
|
if (rv != SECSuccess) {
|
|
- errCode = PORT_GetError();
|
|
- goto loser;
|
|
+ errCode = PORT_GetError();
|
|
+ desc = handshake_failure;
|
|
+ goto alert_loser;
|
|
}
|
|
|
|
if (haveXmitBufLock) {
|
|
@@ -8896,6 +9168,7 @@
|
|
errCode = SSL_ERROR_UNSUPPORTED_VERSION;
|
|
goto alert_loser;
|
|
}
|
|
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
|
|
|
|
rv = ssl3_InitHandshakeHashes(ss);
|
|
if (rv != SECSuccess) {
|
|
@@ -8951,7 +9224,7 @@
|
|
for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
|
|
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
|
|
SSLVersionRange vrange = {ss->version, ss->version};
|
|
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
|
|
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
|
|
continue;
|
|
}
|
|
for (i = 0; i+2 < suite_length; i += 3) {
|
|
@@ -8960,6 +9233,7 @@
|
|
ss->ssl3.hs.cipher_suite = suite->cipher_suite;
|
|
ss->ssl3.hs.suite_def =
|
|
ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
|
|
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
|
|
goto suite_found;
|
|
}
|
|
}
|
|
@@ -9150,6 +9424,154 @@
|
|
return SECSuccess;
|
|
}
|
|
|
|
+static SECStatus
|
|
+ssl3_PickSignatureHashAlgorithm(sslSocket *ss,
|
|
+ SSLSignatureAndHashAlg* out);
|
|
+
|
|
+static SECStatus
|
|
+ssl3_SendDHServerKeyExchange(sslSocket *ss)
|
|
+{
|
|
+ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
|
|
+ SECStatus rv = SECFailure;
|
|
+ int length;
|
|
+ PRBool isTLS;
|
|
+ SECItem signed_hash = {siBuffer, NULL, 0};
|
|
+ SSL3Hashes hashes;
|
|
+ SSLSignatureAndHashAlg sigAndHash;
|
|
+ SECKEYDHParams dhParam;
|
|
+
|
|
+ ssl3KeyPair *keyPair = NULL;
|
|
+ SECKEYPublicKey *pubKey = NULL; /* Ephemeral DH key */
|
|
+ SECKEYPrivateKey *privKey = NULL; /* Ephemeral DH key */
|
|
+ int certIndex = -1;
|
|
+
|
|
+ if (kea_def->kea != kea_dhe_dss && kea_def->kea != kea_dhe_rsa) {
|
|
+ /* TODO: Support DH_anon. It might be sufficient to drop the signature.
|
|
+ See bug 1170510. */
|
|
+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ dhParam.prime.data = ss->dheParams->prime.data;
|
|
+ dhParam.prime.len = ss->dheParams->prime.len;
|
|
+ dhParam.base.data = ss->dheParams->base.data;
|
|
+ dhParam.base.len = ss->dheParams->base.len;
|
|
+
|
|
+ PRINT_BUF(60, (NULL, "Server DH p", dhParam.prime.data,
|
|
+ dhParam.prime.len));
|
|
+ PRINT_BUF(60, (NULL, "Server DH g", dhParam.base.data,
|
|
+ dhParam.base.len));
|
|
+
|
|
+ /* Generate ephemeral DH keypair */
|
|
+ privKey = SECKEY_CreateDHPrivateKey(&dhParam, &pubKey, NULL);
|
|
+ if (!privKey || !pubKey) {
|
|
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
|
|
+ rv = SECFailure;
|
|
+ goto loser;
|
|
+ }
|
|
+
|
|
+ keyPair = ssl3_NewKeyPair(privKey, pubKey);
|
|
+ if (!keyPair) {
|
|
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
|
|
+ goto loser;
|
|
+ }
|
|
+
|
|
+ PRINT_BUF(50, (ss, "DH public value:",
|
|
+ pubKey->u.dh.publicValue.data,
|
|
+ pubKey->u.dh.publicValue.len));
|
|
+
|
|
+ if (ssl3_PickSignatureHashAlgorithm(ss, &sigAndHash) != SECSuccess) {
|
|
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
|
|
+ goto loser;
|
|
+ }
|
|
+
|
|
+ rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg,
|
|
+ pubKey->u.dh.prime,
|
|
+ pubKey->u.dh.base,
|
|
+ pubKey->u.dh.publicValue,
|
|
+ &ss->ssl3.hs.client_random,
|
|
+ &ss->ssl3.hs.server_random,
|
|
+ &hashes, ss->opt.bypassPKCS11);
|
|
+ if (rv != SECSuccess) {
|
|
+ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
|
|
+ goto loser;
|
|
+ }
|
|
+
|
|
+ /* It has been suggested to test kea_def->signKeyType instead, and to use
|
|
+ * ssl_auth_* instead. Investigate what to do. See bug 102794. */
|
|
+ if (kea_def->kea == kea_dhe_rsa)
|
|
+ certIndex = ssl_kea_rsa;
|
|
+ else
|
|
+ certIndex = ssl_kea_dh;
|
|
+
|
|
+ isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
|
|
+ rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
|
|
+ &signed_hash, isTLS);
|
|
+ if (rv != SECSuccess) {
|
|
+ goto loser; /* ssl3_SignHashes has set err. */
|
|
+ }
|
|
+ if (signed_hash.data == NULL) {
|
|
+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
|
|
+ goto loser;
|
|
+ }
|
|
+ length = 2 + pubKey->u.dh.prime.len +
|
|
+ 2 + pubKey->u.dh.base.len +
|
|
+ 2 + pubKey->u.dh.publicValue.len +
|
|
+ 2 + signed_hash.len;
|
|
+
|
|
+ if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
+ length += 2;
|
|
+ }
|
|
+
|
|
+ rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
|
|
+ if (rv != SECSuccess) {
|
|
+ goto loser; /* err set by AppendHandshake. */
|
|
+ }
|
|
+
|
|
+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.prime.data,
|
|
+ pubKey->u.dh.prime.len, 2);
|
|
+ if (rv != SECSuccess) {
|
|
+ goto loser; /* err set by AppendHandshake. */
|
|
+ }
|
|
+
|
|
+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.base.data,
|
|
+ pubKey->u.dh.base.len, 2);
|
|
+ if (rv != SECSuccess) {
|
|
+ goto loser; /* err set by AppendHandshake. */
|
|
+ }
|
|
+
|
|
+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.publicValue.data,
|
|
+ pubKey->u.dh.publicValue.len, 2);
|
|
+ if (rv != SECSuccess) {
|
|
+ goto loser; /* err set by AppendHandshake. */
|
|
+ }
|
|
+
|
|
+ if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
+ rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash);
|
|
+ if (rv != SECSuccess) {
|
|
+ goto loser; /* err set by AppendHandshake. */
|
|
+ }
|
|
+ }
|
|
+
|
|
+ rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
|
|
+ signed_hash.len, 2);
|
|
+ if (rv != SECSuccess) {
|
|
+ goto loser; /* err set by AppendHandshake. */
|
|
+ }
|
|
+ PORT_Free(signed_hash.data);
|
|
+ ss->dheKeyPair = keyPair;
|
|
+ return SECSuccess;
|
|
+
|
|
+loser:
|
|
+ if (signed_hash.data)
|
|
+ PORT_Free(signed_hash.data);
|
|
+ if (privKey)
|
|
+ SECKEY_DestroyPrivateKey(privKey);
|
|
+ if (pubKey)
|
|
+ SECKEY_DestroyPublicKey(pubKey);
|
|
+ return SECFailure;
|
|
+}
|
|
+
|
|
/* ssl3_PickSignatureHashAlgorithm selects a hash algorithm to use when signing
|
|
* elements of the handshake. (The negotiated cipher suite determines the
|
|
* signature algorithm.) Prior to TLS 1.2, the MD5/SHA1 combination is always
|
|
@@ -9157,18 +9579,11 @@
|
|
* hash combinations. */
|
|
static SECStatus
|
|
ssl3_PickSignatureHashAlgorithm(sslSocket *ss,
|
|
- SSL3SignatureAndHashAlgorithm* out)
|
|
+ SSLSignatureAndHashAlg* out)
|
|
{
|
|
- TLSSignatureAlgorithm sigAlg;
|
|
+ SSLSignType sigAlg;
|
|
+ PRUint32 policy;
|
|
unsigned int i, j;
|
|
- /* hashPreference expresses our preferences for hash algorithms, most
|
|
- * preferable first. */
|
|
- static const SECOidTag hashPreference[] = {
|
|
- SEC_OID_SHA256,
|
|
- SEC_OID_SHA384,
|
|
- SEC_OID_SHA512,
|
|
- SEC_OID_SHA1,
|
|
- };
|
|
|
|
switch (ss->ssl3.hs.kea_def->kea) {
|
|
case kea_rsa:
|
|
@@ -9181,48 +9596,63 @@
|
|
case kea_rsa_fips:
|
|
case kea_ecdh_rsa:
|
|
case kea_ecdhe_rsa:
|
|
- sigAlg = tls_sig_rsa;
|
|
- break;
|
|
+ sigAlg = ssl_sign_rsa;
|
|
+ break;
|
|
case kea_dh_dss:
|
|
case kea_dh_dss_export:
|
|
case kea_dhe_dss:
|
|
case kea_dhe_dss_export:
|
|
- sigAlg = tls_sig_dsa;
|
|
- break;
|
|
+ sigAlg = ssl_sign_dsa;
|
|
+ break;
|
|
case kea_ecdh_ecdsa:
|
|
case kea_ecdhe_ecdsa:
|
|
- sigAlg = tls_sig_ecdsa;
|
|
- break;
|
|
+ sigAlg = ssl_sign_ecdsa;
|
|
+ break;
|
|
default:
|
|
- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
|
- return SECFailure;
|
|
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
|
+ return SECFailure;
|
|
}
|
|
out->sigAlg = sigAlg;
|
|
|
|
if (ss->version <= SSL_LIBRARY_VERSION_TLS_1_1) {
|
|
- /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and
|
|
- * prior. */
|
|
- out->hashAlg = SEC_OID_UNKNOWN;
|
|
- return SECSuccess;
|
|
+ /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and
|
|
+ * prior. */
|
|
+ out->hashAlg = ssl_hash_none;
|
|
+ return SECSuccess;
|
|
}
|
|
|
|
if (ss->ssl3.hs.numClientSigAndHash == 0) {
|
|
- /* If the client didn't provide any signature_algorithms extension then
|
|
- * we can assume that they support SHA-1:
|
|
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
- out->hashAlg = SEC_OID_SHA1;
|
|
- return SECSuccess;
|
|
+ /* If the client didn't provide any signature_algorithms extension then
|
|
+ * we can assume that they support SHA-1:
|
|
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
+ out->hashAlg = ssl_hash_sha1;
|
|
+ return SECSuccess;
|
|
}
|
|
|
|
- for (i = 0; i < PR_ARRAY_SIZE(hashPreference); i++) {
|
|
- for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) {
|
|
- const SSL3SignatureAndHashAlgorithm* sh =
|
|
- &ss->ssl3.hs.clientSigAndHash[j];
|
|
- if (sh->sigAlg == sigAlg && sh->hashAlg == hashPreference[i]) {
|
|
- out->hashAlg = sh->hashAlg;
|
|
- return SECSuccess;
|
|
- }
|
|
+ /* Here we look for the first server preference that the client has
|
|
+ * indicated support for in their signature_algorithms extension. */
|
|
+ for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) {
|
|
+ const SSLSignatureAndHashAlg *serverPref =
|
|
+ &ss->ssl3.signatureAlgorithms[i];
|
|
+ SECOidTag hashOID;
|
|
+ if (serverPref->sigAlg != sigAlg) {
|
|
+ continue;
|
|
+ }
|
|
+ hashOID = ssl3_TLSHashAlgorithmToOID(serverPref->hashAlg);
|
|
+ if ((NSS_GetAlgorithmPolicy(hashOID, &policy) != SECSuccess)
|
|
+ || !(policy & NSS_USE_ALG_IN_SSL_KX)) {
|
|
+ /* we ignore hashes we don't support */
|
|
+ continue;
|
|
}
|
|
+ for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) {
|
|
+ const SSLSignatureAndHashAlg *clientPref =
|
|
+ &ss->ssl3.hs.clientSigAndHash[j];
|
|
+ if (clientPref->hashAlg == serverPref->hashAlg &&
|
|
+ clientPref->sigAlg == sigAlg) {
|
|
+ out->hashAlg = serverPref->hashAlg;
|
|
+ return SECSuccess;
|
|
+ }
|
|
+ }
|
|
}
|
|
|
|
PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
|
@@ -9240,7 +9670,7 @@
|
|
SECItem signed_hash = {siBuffer, NULL, 0};
|
|
SSL3Hashes hashes;
|
|
SECKEYPublicKey * sdPub; /* public key for step-down */
|
|
- SSL3SignatureAndHashAlgorithm sigAndHash;
|
|
+ SSLSignatureAndHashAlg sigAndHash;
|
|
|
|
SSL_TRC(3, ("%d: SSL3[%d]: send server_key_exchange handshake",
|
|
SSL_GETPID(), ss->fd));
|
|
@@ -9287,6 +9717,10 @@
|
|
2 + sdPub->u.rsa.publicExponent.len +
|
|
2 + signed_hash.len;
|
|
|
|
+ if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
+ length += 2;
|
|
+ }
|
|
+
|
|
rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
|
|
if (rv != SECSuccess) {
|
|
goto loser; /* err set by AppendHandshake. */
|
|
@@ -9320,6 +9754,11 @@
|
|
PORT_Free(signed_hash.data);
|
|
return SECSuccess;
|
|
|
|
+ case ssl_kea_dh: {
|
|
+ rv = ssl3_SendDHServerKeyExchange(ss);
|
|
+ return rv;
|
|
+ }
|
|
+
|
|
#ifndef NSS_DISABLE_ECC
|
|
case kt_ecdh: {
|
|
rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
|
|
@@ -9327,7 +9766,6 @@
|
|
}
|
|
#endif /* NSS_DISABLE_ECC */
|
|
|
|
- case kt_dh:
|
|
case kt_null:
|
|
default:
|
|
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
|
@@ -9339,6 +9777,36 @@
|
|
return SECFailure;
|
|
}
|
|
|
|
+static SECStatus
|
|
+ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf,
|
|
+ unsigned maxLen, PRUint32 *len)
|
|
+{
|
|
+ unsigned int i;
|
|
+
|
|
+ PORT_Assert(maxLen >= ss->ssl3.signatureAlgorithmCount * 2);
|
|
+ if (maxLen < ss->ssl3.signatureAlgorithmCount * 2) {
|
|
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ *len = 0;
|
|
+ for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) {
|
|
+ const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i];
|
|
+ /* Note that we don't support a handshake hash with anything other than
|
|
+ * SHA-256, so asking for a signature from clients for something else
|
|
+ * would be inviting disaster. */
|
|
+ if (alg->hashAlg == ssl_hash_sha256) {
|
|
+ buf[(*len)++] = (PRUint8)alg->hashAlg;
|
|
+ buf[(*len)++] = (PRUint8)alg->sigAlg;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (*len == 0) {
|
|
+ PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
|
|
+ return SECFailure;
|
|
+ }
|
|
+ return SECSuccess;
|
|
+}
|
|
|
|
static SECStatus
|
|
ssl3_SendCertificateRequest(sslSocket *ss)
|
|
@@ -9347,7 +9815,6 @@
|
|
SECItem * name;
|
|
CERTDistNames *ca_list;
|
|
const PRUint8 *certTypes;
|
|
- const PRUint8 *sigAlgs;
|
|
SECItem * names = NULL;
|
|
SECStatus rv;
|
|
int length;
|
|
@@ -9355,7 +9822,8 @@
|
|
int calen = 0;
|
|
int nnames = 0;
|
|
int certTypesLength;
|
|
- int sigAlgsLength;
|
|
+ PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2];
|
|
+ unsigned int sigAlgsLength = 0;
|
|
|
|
SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
|
|
SSL_GETPID(), ss->fd));
|
|
@@ -9382,12 +9850,15 @@
|
|
|
|
certTypes = certificate_types;
|
|
certTypesLength = sizeof certificate_types;
|
|
- sigAlgs = supported_signature_algorithms;
|
|
- sigAlgsLength = sizeof supported_signature_algorithms;
|
|
|
|
length = 1 + certTypesLength + 2 + calen;
|
|
if (isTLS12) {
|
|
- length += 2 + sigAlgsLength;
|
|
+ rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs),
|
|
+ &sigAlgsLength);
|
|
+ if (rv != SECSuccess) {
|
|
+ return rv;
|
|
+ }
|
|
+ length += 2 + sigAlgsLength;
|
|
}
|
|
|
|
rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length);
|
|
@@ -9453,7 +9924,7 @@
|
|
int errCode = SSL_ERROR_RX_MALFORMED_CERT_VERIFY;
|
|
SSL3AlertDescription desc = handshake_failure;
|
|
PRBool isTLS, isTLS12;
|
|
- SSL3SignatureAndHashAlgorithm sigAndHash;
|
|
+ SSLSignatureAndHashAlg sigAndHash;
|
|
|
|
SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_verify handshake",
|
|
SSL_GETPID(), ss->fd));
|
|
@@ -9469,6 +9940,13 @@
|
|
goto alert_loser;
|
|
}
|
|
|
|
+ if (!hashes) {
|
|
+ PORT_Assert(0);
|
|
+ desc = internal_error;
|
|
+ errCode = SEC_ERROR_LIBRARY_FAILURE;
|
|
+ goto alert_loser;
|
|
+ }
|
|
+
|
|
if (isTLS12) {
|
|
rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
|
|
&sigAndHash);
|
|
@@ -9476,7 +9954,7 @@
|
|
goto loser; /* malformed or unsupported. */
|
|
}
|
|
rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
|
|
- &sigAndHash, ss->sec.peerCert);
|
|
+ ss, &sigAndHash, ss->sec.peerCert);
|
|
if (rv != SECSuccess) {
|
|
errCode = PORT_GetError();
|
|
desc = decrypt_error;
|
|
@@ -9485,7 +9963,7 @@
|
|
|
|
/* We only support CertificateVerify messages that use the handshake
|
|
* hash. */
|
|
- if (sigAndHash.hashAlg != hashes->hashAlg) {
|
|
+ if (sigAndHash.hashAlg != hashes->hashAlg) {
|
|
errCode = SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM;
|
|
desc = decrypt_error;
|
|
goto alert_loser;
|
|
@@ -9616,18 +10094,17 @@
|
|
PRUint32 length,
|
|
SECKEYPrivateKey *serverKey)
|
|
{
|
|
- PK11SymKey * pms;
|
|
#ifndef NO_PKCS11_BYPASS
|
|
unsigned char * cr = (unsigned char *)&ss->ssl3.hs.client_random;
|
|
unsigned char * sr = (unsigned char *)&ss->ssl3.hs.server_random;
|
|
ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec;
|
|
unsigned int outLen = 0;
|
|
-#endif
|
|
PRBool isTLS = PR_FALSE;
|
|
+ SECItem pmsItem = {siBuffer, NULL, 0};
|
|
+ unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH];
|
|
+#endif
|
|
SECStatus rv;
|
|
SECItem enc_pms;
|
|
- unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH];
|
|
- SECItem pmsItem = {siBuffer, NULL, 0};
|
|
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
|
|
@@ -9635,8 +10112,10 @@
|
|
|
|
enc_pms.data = b;
|
|
enc_pms.len = length;
|
|
+#ifndef NO_PKCS11_BYPASS
|
|
pmsItem.data = rsaPmsBuf;
|
|
pmsItem.len = sizeof rsaPmsBuf;
|
|
+#endif
|
|
|
|
if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
|
|
PRInt32 kLen;
|
|
@@ -9648,13 +10127,24 @@
|
|
if ((unsigned)kLen < enc_pms.len) {
|
|
enc_pms.len = kLen;
|
|
}
|
|
+#ifndef NO_PKCS11_BYPASS
|
|
isTLS = PR_TRUE;
|
|
+#endif
|
|
} else {
|
|
+#ifndef NO_PKCS11_BYPASS
|
|
isTLS = (PRBool)(ss->ssl3.hs.kea_def->tls_keygen != 0);
|
|
+#endif
|
|
}
|
|
|
|
#ifndef NO_PKCS11_BYPASS
|
|
if (ss->opt.bypassPKCS11) {
|
|
+ /* We have not implemented a tls_ExtendedMasterKeyDeriveBypass
|
|
+ * and will not negotiate this extension in bypass mode. This
|
|
+ * assert just double-checks that.
|
|
+ */
|
|
+ PORT_Assert(
|
|
+ !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn));
|
|
+
|
|
/* TRIPLE BYPASS, get PMS directly from RSA decryption.
|
|
* Use PK11_PrivDecryptPKCS1 to decrypt the PMS to a buffer,
|
|
* then, check for version rollback attack, then
|
|
@@ -9682,8 +10172,8 @@
|
|
}
|
|
}
|
|
/* have PMS, build MS without PKCS11 */
|
|
- rv = ssl3_MasterKeyDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS,
|
|
- PR_TRUE);
|
|
+ rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS,
|
|
+ PR_TRUE);
|
|
if (rv != SECSuccess) {
|
|
pwSpec->msItem.data = pwSpec->raw_master_secret;
|
|
pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH;
|
|
@@ -9693,49 +10183,163 @@
|
|
} else
|
|
#endif
|
|
{
|
|
+ PK11SymKey *tmpPms[2] = {NULL, NULL};
|
|
+ PK11SlotInfo *slot;
|
|
+ int useFauxPms = 0;
|
|
+#define currentPms tmpPms[!useFauxPms]
|
|
+#define unusedPms tmpPms[useFauxPms]
|
|
+#define realPms tmpPms[1]
|
|
+#define fauxPms tmpPms[0]
|
|
+
|
|
#ifndef NO_PKCS11_BYPASS
|
|
double_bypass:
|
|
#endif
|
|
- /*
|
|
- * unwrap pms out of the incoming buffer
|
|
- * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do
|
|
- * the unwrap. Rather, it is the mechanism with which the
|
|
- * unwrapped pms will be used.
|
|
- */
|
|
- pms = PK11_PubUnwrapSymKey(serverKey, &enc_pms,
|
|
- CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0);
|
|
- if (pms != NULL) {
|
|
- PRINT_BUF(60, (ss, "decrypted premaster secret:",
|
|
- PK11_GetKeyData(pms)->data,
|
|
- PK11_GetKeyData(pms)->len));
|
|
- } else {
|
|
- /* unwrap failed. Generate a bogus PMS and carry on. */
|
|
- PK11SlotInfo * slot = PK11_GetSlotFromPrivateKey(serverKey);
|
|
|
|
- ssl_GetSpecWriteLock(ss);
|
|
- pms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot);
|
|
- ssl_ReleaseSpecWriteLock(ss);
|
|
- PK11_FreeSlot(slot);
|
|
- }
|
|
+ /*
|
|
+ * Get as close to algorithm 2 from RFC 5246; Section 7.4.7.1
|
|
+ * as we can within the constraints of the PKCS#11 interface.
|
|
+ *
|
|
+ * 1. Unconditionally generate a bogus PMS (what RFC 5246
|
|
+ * calls R).
|
|
+ * 2. Attempt the RSA decryption to recover the PMS (what
|
|
+ * RFC 5246 calls M).
|
|
+ * 3. Set PMS = (M == NULL) ? R : M
|
|
+ * 4. Use ssl3_ComputeMasterSecret(PMS) to attempt to derive
|
|
+ * the MS from PMS. This includes performing the version
|
|
+ * check and length check.
|
|
+ * 5. If either the initial RSA decryption failed or
|
|
+ * ssl3_ComputeMasterSecret(PMS) failed, then discard
|
|
+ * M and set PMS = R. Else, discard R and set PMS = M.
|
|
+ *
|
|
+ * We do two derivations here because we can't rely on having
|
|
+ * a function that only performs the PMS version and length
|
|
+ * check. The only redundant cost is that this runs the PRF,
|
|
+ * which isn't necessary here.
|
|
+ */
|
|
+
|
|
+ /* Generate the bogus PMS (R) */
|
|
+ slot = PK11_GetSlotFromPrivateKey(serverKey);
|
|
+ if (!slot) {
|
|
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
+ return SECFailure;
|
|
+ }
|
|
|
|
- if (pms == NULL) {
|
|
- /* last gasp. */
|
|
+ if (!PK11_DoesMechanism(slot, CKM_SSL3_MASTER_KEY_DERIVE)) {
|
|
+ PK11_FreeSlot(slot);
|
|
+ slot = PK11_GetBestSlot(CKM_SSL3_MASTER_KEY_DERIVE, NULL);
|
|
+ if (!slot) {
|
|
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
+ return SECFailure;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ ssl_GetSpecWriteLock(ss);
|
|
+ fauxPms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot);
|
|
+ ssl_ReleaseSpecWriteLock(ss);
|
|
+ PK11_FreeSlot(slot);
|
|
+
|
|
+ if (fauxPms == NULL) {
|
|
ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
|
|
return SECFailure;
|
|
}
|
|
|
|
+ /*
|
|
+ * unwrap pms out of the incoming buffer
|
|
+ * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do
|
|
+ * the unwrap. Rather, it is the mechanism with which the
|
|
+ * unwrapped pms will be used.
|
|
+ */
|
|
+ realPms = PK11_PubUnwrapSymKey(serverKey, &enc_pms,
|
|
+ CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0);
|
|
+ /* Temporarily use the PMS if unwrapping the real PMS fails. */
|
|
+ useFauxPms |= (realPms == NULL);
|
|
+
|
|
+ /* Attempt to derive the MS from the PMS. This is the only way to
|
|
+ * check the version field in the RSA PMS. If this fails, we
|
|
+ * then use the faux PMS in place of the PMS. Note that this
|
|
+ * operation should never fail if we are using the faux PMS
|
|
+ * since it is correctly formatted. */
|
|
+ rv = ssl3_ComputeMasterSecret(ss, currentPms, NULL);
|
|
+
|
|
+ /* If we succeeded, then select the true PMS and discard the
|
|
+ * FPMS. Else, select the FPMS and select the true PMS */
|
|
+ useFauxPms |= (rv != SECSuccess);
|
|
+
|
|
+ if (unusedPms) {
|
|
+ PK11_FreeSymKey(unusedPms);
|
|
+ }
|
|
+
|
|
/* This step will derive the MS from the PMS, among other things. */
|
|
- rv = ssl3_InitPendingCipherSpec(ss, pms);
|
|
- PK11_FreeSymKey(pms);
|
|
+ rv = ssl3_InitPendingCipherSpec(ss, currentPms);
|
|
+ PK11_FreeSymKey(currentPms);
|
|
}
|
|
|
|
if (rv != SECSuccess) {
|
|
SEND_ALERT
|
|
return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
|
|
}
|
|
+
|
|
+#undef currentPms
|
|
+#undef unusedPms
|
|
+#undef realPms
|
|
+#undef fauxPms
|
|
+
|
|
return SECSuccess;
|
|
}
|
|
|
|
+static SECStatus
|
|
+ssl3_HandleDHClientKeyExchange(sslSocket *ss,
|
|
+ SSL3Opaque *b,
|
|
+ PRUint32 length,
|
|
+ SECKEYPublicKey *srvrPubKey,
|
|
+ SECKEYPrivateKey *serverKey)
|
|
+{
|
|
+ PK11SymKey *pms;
|
|
+ SECStatus rv;
|
|
+ SECKEYPublicKey clntPubKey;
|
|
+ CK_MECHANISM_TYPE target;
|
|
+ PRBool isTLS;
|
|
+
|
|
+ PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
|
|
+ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
|
|
+ PORT_Assert( srvrPubKey );
|
|
+
|
|
+ clntPubKey.keyType = dhKey;
|
|
+ clntPubKey.u.dh.prime.len = srvrPubKey->u.dh.prime.len;
|
|
+ clntPubKey.u.dh.prime.data = srvrPubKey->u.dh.prime.data;
|
|
+ clntPubKey.u.dh.base.len = srvrPubKey->u.dh.base.len;
|
|
+ clntPubKey.u.dh.base.data = srvrPubKey->u.dh.base.data;
|
|
+
|
|
+ rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.dh.publicValue,
|
|
+ 2, &b, &length);
|
|
+ if (rv != SECSuccess) {
|
|
+ goto loser;
|
|
+ }
|
|
+
|
|
+ isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
|
|
+
|
|
+ if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH;
|
|
+ else target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
|
|
+
|
|
+ /* Determine the PMS */
|
|
+ pms = PK11_PubDerive(serverKey, &clntPubKey, PR_FALSE, NULL, NULL,
|
|
+ CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL);
|
|
+ if (pms == NULL) {
|
|
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
|
|
+ goto loser;
|
|
+ }
|
|
+
|
|
+ rv = ssl3_InitPendingCipherSpec(ss, pms);
|
|
+ PK11_FreeSymKey(pms); pms = NULL;
|
|
+
|
|
+loser:
|
|
+ if (ss->dheKeyPair) {
|
|
+ ssl3_FreeKeyPair(ss->dheKeyPair);
|
|
+ ss->dheKeyPair = NULL;
|
|
+ }
|
|
+ return rv;
|
|
+}
|
|
+
|
|
|
|
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
|
|
* ssl3 ClientKeyExchange message from the remote client
|
|
@@ -9748,9 +10352,7 @@
|
|
SECStatus rv;
|
|
const ssl3KEADef *kea_def;
|
|
ssl3KeyPair *serverKeyPair = NULL;
|
|
-#ifndef NSS_DISABLE_ECC
|
|
SECKEYPublicKey *serverPubKey = NULL;
|
|
-#endif /* NSS_DISABLE_ECC */
|
|
|
|
SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
|
|
SSL_GETPID(), ss->fd));
|
|
@@ -9780,6 +10382,16 @@
|
|
ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
|
|
} else
|
|
skip:
|
|
+ if (kea_def->kea == kea_dhe_dss ||
|
|
+ kea_def->kea == kea_dhe_rsa) {
|
|
+ if (ss->dheKeyPair) {
|
|
+ serverKeyPair = ss->dheKeyPair;
|
|
+ if (serverKeyPair->pubKey) {
|
|
+ ss->sec.keaKeyBits =
|
|
+ SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
|
|
+ }
|
|
+ }
|
|
+ } else
|
|
#ifndef NSS_DISABLE_ECC
|
|
/* XXX Using SSLKEAType to index server certifiates
|
|
* does not work for (EC)DHE ciphers. Until we have
|
|
@@ -9825,6 +10437,21 @@
|
|
}
|
|
break;
|
|
|
|
+ case ssl_kea_dh:
|
|
+ if (ss->dheKeyPair && ss->dheKeyPair->pubKey) {
|
|
+ serverPubKey = ss->dheKeyPair->pubKey;
|
|
+ }
|
|
+ if (!serverPubKey) {
|
|
+ PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
|
|
+ return SECFailure;
|
|
+ }
|
|
+ rv = ssl3_HandleDHClientKeyExchange(ss, b, length,
|
|
+ serverPubKey, serverKey);
|
|
+ if (rv != SECSuccess) {
|
|
+ SSL3_SendAlert(ss, alert_fatal, handshake_failure);
|
|
+ return SECFailure; /* error code set */
|
|
+ }
|
|
+ break;
|
|
|
|
#ifndef NSS_DISABLE_ECC
|
|
case kt_ecdh:
|
|
@@ -10454,6 +11081,8 @@
|
|
|
|
ss->ssl3.hs.authCertificatePending = PR_FALSE;
|
|
|
|
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
|
|
+ ssl_preinfo_all);
|
|
/*
|
|
* Ask caller-supplied callback function to validate cert chain.
|
|
*/
|
|
@@ -10498,40 +11127,60 @@
|
|
ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType;
|
|
ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
|
|
if (pubKey) {
|
|
+ KeyType pubKeyType;
|
|
+ PRInt32 minKey;
|
|
ss->sec.keaKeyBits = ss->sec.authKeyBits =
|
|
SECKEY_PublicKeyStrengthInBits(pubKey);
|
|
-#ifndef NSS_DISABLE_ECC
|
|
- if (ss->sec.keaType == kt_ecdh) {
|
|
- /* Get authKeyBits from signing key.
|
|
- * XXX The code below uses a quick approximation of
|
|
- * key size based on cert->signatureWrap.signature.data
|
|
- * (which contains the DER encoded signature). The field
|
|
- * cert->signatureWrap.signature.len contains the
|
|
- * length of the encoded signature in bits.
|
|
- */
|
|
- if (ss->ssl3.hs.kea_def->kea == kea_ecdh_ecdsa) {
|
|
- ss->sec.authKeyBits =
|
|
- cert->signatureWrap.signature.data[3]*8;
|
|
- if (cert->signatureWrap.signature.data[4] == 0x00)
|
|
- ss->sec.authKeyBits -= 8;
|
|
- /*
|
|
- * XXX: if cert is not signed by ecdsa we should
|
|
- * destroy pubKey and goto bad_cert
|
|
- */
|
|
- } else if (ss->ssl3.hs.kea_def->kea == kea_ecdh_rsa) {
|
|
- ss->sec.authKeyBits = cert->signatureWrap.signature.len;
|
|
- /*
|
|
- * XXX: if cert is not signed by rsa we should
|
|
- * destroy pubKey and goto bad_cert
|
|
- */
|
|
+ pubKeyType = SECKEY_GetPublicKeyType(pubKey);
|
|
+ minKey = ss->sec.authKeyBits;
|
|
+ switch (pubKeyType) {
|
|
+ case rsaKey:
|
|
+ case rsaPssKey:
|
|
+ case rsaOaepKey:
|
|
+ rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minKey);
|
|
+ if (rv != SECSuccess) {
|
|
+ minKey = SSL_RSA_MIN_MODULUS_BITS;
|
|
}
|
|
+ break;
|
|
+ case dsaKey:
|
|
+ rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minKey);
|
|
+ if (rv != SECSuccess) {
|
|
+ minKey = SSL_DSA_MIN_P_BITS;
|
|
+ }
|
|
+ break;
|
|
+ case dhKey:
|
|
+ rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minKey);
|
|
+ if (rv != SECSuccess) {
|
|
+ minKey = SSL_DH_MIN_P_BITS;
|
|
+ }
|
|
+ break;
|
|
+ default:
|
|
+ break;
|
|
}
|
|
-#endif /* NSS_DISABLE_ECC */
|
|
+
|
|
+ /* Too small: not good enough. Send a fatal alert. */
|
|
+ /* We aren't checking EC here on the understanding that we only
|
|
+ * support curves we like, a decision that might need revisiting. */
|
|
+ if ( ss->sec.authKeyBits < minKey) {
|
|
+ PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY);
|
|
+ (void)SSL3_SendAlert(ss, alert_fatal,
|
|
+ ss->version >= SSL_LIBRARY_VERSION_TLS_1_0
|
|
+ ? insufficient_security
|
|
+ : illegal_parameter);
|
|
+ SECKEY_DestroyPublicKey(pubKey);
|
|
+ return SECFailure;
|
|
+ }
|
|
SECKEY_DestroyPublicKey(pubKey);
|
|
pubKey = NULL;
|
|
}
|
|
|
|
- if (ss->ssl3.hs.kea_def->ephemeral) {
|
|
+ /* Ephemeral suites require ServerKeyExchange. Export cipher suites
|
|
+ * with RSA key exchange also require ServerKeyExchange if the
|
|
+ * authentication key exceeds the key size limit. */
|
|
+ if (ss->ssl3.hs.kea_def->ephemeral ||
|
|
+ (ss->ssl3.hs.kea_def->is_limited &&
|
|
+ ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa &&
|
|
+ ss->sec.authKeyBits > ss->ssl3.hs.kea_def->key_size_limit)) {
|
|
ss->ssl3.hs.ws = wait_server_key; /* require server_key_exchange */
|
|
} else {
|
|
ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */
|
|
@@ -10643,16 +11292,42 @@
|
|
const SSL3Hashes * hashes,
|
|
TLSFinished * tlsFinished)
|
|
{
|
|
- const char * label;
|
|
- unsigned int len;
|
|
- SECStatus rv;
|
|
+ SECStatus rv;
|
|
+ CK_TLS_MAC_PARAMS tls_mac_params;
|
|
+ SECItem param = {siBuffer, NULL, 0};
|
|
+ PK11Context *prf_context;
|
|
+ unsigned int retLen;
|
|
|
|
- label = isServer ? "server finished" : "client finished";
|
|
- len = 15;
|
|
+ if (!spec->master_secret || spec->bypassCiphers) {
|
|
+ const char *label = isServer ? "server finished" : "client finished";
|
|
+ unsigned int len = 15;
|
|
|
|
- rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw,
|
|
- hashes->len, tlsFinished->verify_data,
|
|
- sizeof tlsFinished->verify_data);
|
|
+ return ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw,
|
|
+ hashes->len, tlsFinished->verify_data,
|
|
+ sizeof tlsFinished->verify_data);
|
|
+ }
|
|
+
|
|
+ if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
+ tls_mac_params.prfMechanism = CKM_TLS_PRF;
|
|
+ } else {
|
|
+ tls_mac_params.prfMechanism = CKM_SHA256;
|
|
+ }
|
|
+ tls_mac_params.ulMacLength = 12;
|
|
+ tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
|
|
+ param.data = (unsigned char *)&tls_mac_params;
|
|
+ param.len = sizeof(tls_mac_params);
|
|
+ prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN,
|
|
+ spec->master_secret, ¶m);
|
|
+ if (!prf_context)
|
|
+ return SECFailure;
|
|
+
|
|
+ rv = PK11_DigestBegin(prf_context);
|
|
+ rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len);
|
|
+ rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen,
|
|
+ sizeof tlsFinished->verify_data);
|
|
+ PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data);
|
|
+
|
|
+ PK11_DestroyContext(prf_context, PR_TRUE);
|
|
|
|
return rv;
|
|
}
|
|
@@ -11170,6 +11845,13 @@
|
|
return SECFailure;
|
|
}
|
|
|
|
+ if (!hashes) {
|
|
+ PORT_Assert(0);
|
|
+ SSL3_SendAlert(ss, alert_fatal, internal_error);
|
|
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0);
|
|
if (isTLS) {
|
|
TLSFinished tlsFinished;
|
|
@@ -11225,7 +11907,8 @@
|
|
* ServerHello message.)
|
|
*/
|
|
if (isServer && !ss->ssl3.hs.isResuming &&
|
|
- ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) {
|
|
+ ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) &&
|
|
+ ssl3_KEAAllowsSessionTicket(ss->ssl3.hs.suite_def->key_exchange_alg)) {
|
|
/* RFC 5077 Section 3.3: "In the case of a full handshake, the
|
|
* server MUST verify the client's Finished message before sending
|
|
* the ticket." Presumably, this also means that the client's
|
|
@@ -11278,7 +11961,8 @@
|
|
return rv;
|
|
}
|
|
|
|
- if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
|
|
+ if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
|
|
+ ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
|
|
effectiveExchKeyType = kt_rsa;
|
|
} else {
|
|
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
|
|
@@ -11398,6 +12082,7 @@
|
|
SECStatus rv = SECSuccess;
|
|
SSL3HandshakeType type = ss->ssl3.hs.msg_type;
|
|
SSL3Hashes hashes; /* computed hashes are put here. */
|
|
+ SSL3Hashes *hashesPtr = NULL; /* Set when hashes are computed */
|
|
PRUint8 hdr[4];
|
|
PRUint8 dtlsData[8];
|
|
|
|
@@ -11408,7 +12093,8 @@
|
|
* current message.
|
|
*/
|
|
ssl_GetSpecReadLock(ss); /************************************/
|
|
- if((type == finished) || (type == certificate_verify)) {
|
|
+ if(((type == finished) && (ss->ssl3.hs.ws == wait_finished)) ||
|
|
+ ((type == certificate_verify) && (ss->ssl3.hs.ws == wait_cert_verify))) {
|
|
SSL3Sender sender = (SSL3Sender)0;
|
|
ssl3CipherSpec *rSpec = ss->ssl3.prSpec;
|
|
|
|
@@ -11417,6 +12103,9 @@
|
|
rSpec = ss->ssl3.crSpec;
|
|
}
|
|
rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender);
|
|
+ if (rv == SECSuccess) {
|
|
+ hashesPtr = &hashes;
|
|
+ }
|
|
}
|
|
ssl_ReleaseSpecReadLock(ss); /************************************/
|
|
if (rv != SECSuccess) {
|
|
@@ -11567,7 +12256,7 @@
|
|
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
|
|
return SECFailure;
|
|
}
|
|
- rv = ssl3_HandleCertificateVerify(ss, b, length, &hashes);
|
|
+ rv = ssl3_HandleCertificateVerify(ss, b, length, hashesPtr);
|
|
break;
|
|
case client_key_exchange:
|
|
if (!ss->sec.isServer) {
|
|
@@ -11586,7 +12275,7 @@
|
|
rv = ssl3_HandleNewSessionTicket(ss, b, length);
|
|
break;
|
|
case finished:
|
|
- rv = ssl3_HandleFinished(ss, b, length, &hashes);
|
|
+ rv = ssl3_HandleFinished(ss, b, length, hashesPtr);
|
|
break;
|
|
default:
|
|
(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
|
|
@@ -11641,7 +12330,7 @@
|
|
#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
|
|
if (ss->ssl3.hs.msg_len > MAX_HANDSHAKE_MSG_LEN) {
|
|
(void)ssl3_DecodeError(ss);
|
|
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
|
|
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
|
|
return SECFailure;
|
|
}
|
|
#undef MAX_HANDSHAKE_MSG_LEN
|
|
@@ -11942,7 +12631,7 @@
|
|
SSL3Opaque *givenHash;
|
|
sslBuffer *plaintext;
|
|
sslBuffer temp_buf;
|
|
- PRUint64 dtls_seq_num;
|
|
+ PRUint64 dtls_seq_num = 0;
|
|
unsigned int ivLen = 0;
|
|
unsigned int originalLen = 0;
|
|
unsigned int good;
|
|
@@ -12423,6 +13112,7 @@
|
|
ss->ssl3.hs.sendingSCSV = PR_FALSE;
|
|
ssl3_InitCipherSpec(ss, ss->ssl3.crSpec);
|
|
ssl3_InitCipherSpec(ss, ss->ssl3.prSpec);
|
|
+ ss->ssl3.hs.preliminaryInfo = 0;
|
|
|
|
ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
|
|
#ifndef NSS_DISABLE_ECC
|
|
@@ -12496,8 +13186,6 @@
|
|
}
|
|
}
|
|
|
|
-
|
|
-
|
|
/*
|
|
* Creates the public and private RSA keys for SSL Step down.
|
|
* Called from SSL_ConfigSecureServer in sslsecur.c
|
|
@@ -12529,7 +13217,6 @@
|
|
return rv;
|
|
}
|
|
|
|
-
|
|
/* record the export policy for this cipher suite */
|
|
SECStatus
|
|
ssl3_SetPolicy(ssl3CipherSuite which, int policy)
|
|
@@ -12631,6 +13318,79 @@
|
|
}
|
|
|
|
SECStatus
|
|
+SSL_SignaturePrefSet(PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms,
|
|
+ unsigned int count)
|
|
+{
|
|
+ sslSocket *ss;
|
|
+ unsigned int i;
|
|
+
|
|
+ ss = ssl_FindSocket(fd);
|
|
+ if (!ss) {
|
|
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefSet",
|
|
+ SSL_GETPID(), fd));
|
|
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ if (!count || count > MAX_SIGNATURE_ALGORITHMS) {
|
|
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ ss->ssl3.signatureAlgorithmCount = 0;
|
|
+ for (i = 0; i < count; ++i) {
|
|
+ if (!ssl3_IsSupportedSignatureAlgorithm(&algorithms[i])) {
|
|
+ SSL_DBG(("%d: SSL[%d]: invalid signature algorithm set %d/%d",
|
|
+ SSL_GETPID(), fd, algorithms[i].sigAlg,
|
|
+ algorithms[i].hashAlg));
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ ss->ssl3.signatureAlgorithms[ss->ssl3.signatureAlgorithmCount++] =
|
|
+ algorithms[i];
|
|
+ }
|
|
+
|
|
+ if (ss->ssl3.signatureAlgorithmCount == 0) {
|
|
+ PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
|
|
+ return SECFailure;
|
|
+ }
|
|
+ return SECSuccess;
|
|
+}
|
|
+
|
|
+SECStatus
|
|
+SSL_SignaturePrefGet(PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms,
|
|
+ unsigned int *count, unsigned int maxCount)
|
|
+{
|
|
+ sslSocket *ss;
|
|
+ unsigned int requiredSpace;
|
|
+
|
|
+ ss = ssl_FindSocket(fd);
|
|
+ if (!ss) {
|
|
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefGet",
|
|
+ SSL_GETPID(), fd));
|
|
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ if (!algorithms || !count ||
|
|
+ maxCount < ss->ssl3.signatureAlgorithmCount) {
|
|
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ requiredSpace =
|
|
+ ss->ssl3.signatureAlgorithmCount * sizeof(SSLSignatureAndHashAlg);
|
|
+ PORT_Memcpy(algorithms, ss->ssl3.signatureAlgorithms, requiredSpace);
|
|
+ *count = ss->ssl3.signatureAlgorithmCount;
|
|
+ return SECSuccess;
|
|
+}
|
|
+
|
|
+unsigned int
|
|
+SSL_SignatureMaxCount() {
|
|
+ return MAX_SIGNATURE_ALGORITHMS;
|
|
+}
|
|
+
|
|
+SECStatus
|
|
ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphers, unsigned int len)
|
|
{
|
|
/* |i| iterates over |ciphers| while |done| and |j| iterate over
|
|
@@ -12675,6 +13435,9 @@
|
|
ssl3_InitSocketPolicy(sslSocket *ss)
|
|
{
|
|
PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
|
|
+ PORT_Memcpy(ss->ssl3.signatureAlgorithms, defaultSignatureAlgorithms,
|
|
+ sizeof(defaultSignatureAlgorithms));
|
|
+ ss->ssl3.signatureAlgorithmCount = PR_ARRAY_SIZE(defaultSignatureAlgorithms);
|
|
}
|
|
|
|
SECStatus
|
|
@@ -12764,7 +13527,7 @@
|
|
/* ssl3_config_match_init was called by the caller of this function. */
|
|
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
|
|
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
|
|
- if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange)) {
|
|
+ if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange, ss)) {
|
|
if (cs != NULL) {
|
|
*cs++ = 0x00;
|
|
*cs++ = (suite->cipher_suite >> 8) & 0xFF;
|
|
@@ -12898,6 +13661,10 @@
|
|
}
|
|
}
|
|
|
|
+ if (ss->ssl3.dheGroups) {
|
|
+ PORT_Free(ss->ssl3.dheGroups);
|
|
+ }
|
|
+
|
|
ss->ssl3.initialized = PR_FALSE;
|
|
|
|
SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ecc.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ecc.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ecc.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ecc.c 2016-01-13 14:18:55.621954867 +0100
|
|
@@ -214,7 +214,7 @@
|
|
|
|
/* Caller must set hiLevel error code. */
|
|
static SECStatus
|
|
-ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
|
|
+ssl3_ComputeECDHKeyHash(SSLHashType hashAlg,
|
|
SECItem ec_params, SECItem server_ecpoint,
|
|
SSL3Random *client_rand, SSL3Random *server_rand,
|
|
SSL3Hashes *hashes, PRBool bypassPKCS11)
|
|
@@ -303,7 +303,7 @@
|
|
pubKey->u.ec.publicValue.len));
|
|
|
|
if (isTLS12) {
|
|
- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
|
|
+ target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
|
|
} else if (isTLS) {
|
|
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
|
|
} else {
|
|
@@ -325,14 +325,6 @@
|
|
SECKEY_DestroyPrivateKey(privKey);
|
|
privKey = NULL;
|
|
|
|
- rv = ssl3_InitPendingCipherSpec(ss, pms);
|
|
- PK11_FreeSymKey(pms); pms = NULL;
|
|
-
|
|
- if (rv != SECSuccess) {
|
|
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
|
|
- goto loser;
|
|
- }
|
|
-
|
|
rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
|
|
pubKey->u.ec.publicValue.len + 1);
|
|
if (rv != SECSuccess) {
|
|
@@ -349,6 +341,14 @@
|
|
goto loser; /* err set by ssl3_AppendHandshake* */
|
|
}
|
|
|
|
+ rv = ssl3_InitPendingCipherSpec(ss, pms);
|
|
+ PK11_FreeSymKey(pms); pms = NULL;
|
|
+
|
|
+ if (rv != SECSuccess) {
|
|
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
|
|
+ goto loser;
|
|
+ }
|
|
+
|
|
rv = SECSuccess;
|
|
|
|
loser:
|
|
@@ -394,7 +394,7 @@
|
|
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
|
|
|
if (isTLS12) {
|
|
- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
|
|
+ target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
|
|
} else if (isTLS) {
|
|
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
|
|
} else {
|
|
@@ -615,9 +615,9 @@
|
|
SECItem ec_params = {siBuffer, NULL, 0};
|
|
SECItem ec_point = {siBuffer, NULL, 0};
|
|
unsigned char paramBuf[3]; /* only for curve_type == named_curve */
|
|
- SSL3SignatureAndHashAlgorithm sigAndHash;
|
|
+ SSLSignatureAndHashAlg sigAndHash;
|
|
|
|
- sigAndHash.hashAlg = SEC_OID_UNKNOWN;
|
|
+ sigAndHash.hashAlg = ssl_hash_none;
|
|
|
|
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
|
|
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
|
|
@@ -659,7 +659,7 @@
|
|
goto loser; /* malformed or unsupported. */
|
|
}
|
|
rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
|
|
- &sigAndHash, ss->sec.peerCert);
|
|
+ ss, &sigAndHash, ss->sec.peerCert);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
@@ -710,7 +710,7 @@
|
|
goto no_memory;
|
|
}
|
|
|
|
- ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
|
|
+ peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
|
|
if (peerKey == NULL) {
|
|
goto no_memory;
|
|
}
|
|
@@ -731,7 +731,6 @@
|
|
/* copy publicValue in peerKey */
|
|
if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point))
|
|
{
|
|
- PORT_FreeArena(arena, PR_FALSE);
|
|
goto no_memory;
|
|
}
|
|
peerKey->pkcs11Slot = NULL;
|
|
@@ -745,10 +744,16 @@
|
|
alert_loser:
|
|
(void)SSL3_SendAlert(ss, alert_fatal, desc);
|
|
loser:
|
|
+ if (arena) {
|
|
+ PORT_FreeArena(arena, PR_FALSE);
|
|
+ }
|
|
PORT_SetError( errCode );
|
|
return SECFailure;
|
|
|
|
no_memory: /* no-memory error has already been set. */
|
|
+ if (arena) {
|
|
+ PORT_FreeArena(arena, PR_FALSE);
|
|
+ }
|
|
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
|
|
return SECFailure;
|
|
}
|
|
@@ -756,7 +761,7 @@
|
|
SECStatus
|
|
ssl3_SendECDHServerKeyExchange(
|
|
sslSocket *ss,
|
|
- const SSL3SignatureAndHashAlgorithm *sigAndHash)
|
|
+ const SSLSignatureAndHashAlg *sigAndHash)
|
|
{
|
|
const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
|
|
SECStatus rv = SECFailure;
|
|
@@ -977,9 +982,7 @@
|
|
if (!suite)
|
|
suite = ecSuites;
|
|
for (; *suite; ++suite) {
|
|
- SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
|
|
-
|
|
- PORT_Assert(rv == SECSuccess); /* else is coding error */
|
|
+ PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
@@ -1142,7 +1145,10 @@
|
|
ecList = tlsECList;
|
|
}
|
|
|
|
- if (append && maxBytes >= ecListSize) {
|
|
+ if (maxBytes < (PRUint32)ecListSize) {
|
|
+ return 0;
|
|
+ }
|
|
+ if (append) {
|
|
SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
|
|
if (rv != SECSuccess)
|
|
return -1;
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ext.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ext.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ext.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ext.c 2016-01-13 14:18:55.623954879 +0100
|
|
@@ -101,6 +101,12 @@
|
|
PRUint32 maxBytes);
|
|
static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type,
|
|
SECItem *data);
|
|
+static PRInt32 ssl3_SendExtendedMasterSecretXtn(sslSocket *ss, PRBool append,
|
|
+ PRUint32 maxBytes);
|
|
+static SECStatus ssl3_HandleExtendedMasterSecretXtn(sslSocket *ss,
|
|
+ PRUint16 ex_type,
|
|
+ SECItem *data);
|
|
+
|
|
|
|
/*
|
|
* Write bytes. Using this function means the SECItem structure
|
|
@@ -266,6 +272,7 @@
|
|
{ ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
|
|
{ ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
|
|
{ ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn },
|
|
+ { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
|
|
{ -1, NULL }
|
|
};
|
|
|
|
@@ -281,6 +288,7 @@
|
|
{ ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
|
|
{ ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
|
|
{ ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
|
|
+ { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
|
|
{ ssl_signed_certificate_timestamp_xtn,
|
|
&ssl3_ClientHandleSignedCertTimestampXtn },
|
|
{ -1, NULL }
|
|
@@ -319,6 +327,7 @@
|
|
* extension. */
|
|
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
|
|
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
|
|
+ { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn},
|
|
/* any extra entries will appear as { 0, NULL } */
|
|
};
|
|
|
|
@@ -331,7 +340,7 @@
|
|
static PRBool
|
|
arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type)
|
|
{
|
|
- int i;
|
|
+ unsigned int i;
|
|
for (i = 0; i < len; i++) {
|
|
if (ex_type == array[i])
|
|
return PR_TRUE;
|
|
@@ -433,12 +442,12 @@
|
|
}
|
|
/* length of server_name_list */
|
|
listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
|
|
- if (listLenBytes < 0 || listLenBytes != data->len) {
|
|
- (void)ssl3_DecodeError(ss);
|
|
+ if (listLenBytes < 0) {
|
|
return SECFailure;
|
|
}
|
|
- if (listLenBytes == 0) {
|
|
- return SECSuccess; /* ignore an empty extension */
|
|
+ if (listLenBytes == 0 || listLenBytes != data->len) {
|
|
+ (void)ssl3_DecodeError(ss);
|
|
+ return SECFailure;
|
|
}
|
|
ldata = *data;
|
|
/* Calculate the size of the array.*/
|
|
@@ -463,15 +472,12 @@
|
|
}
|
|
listCount += 1;
|
|
}
|
|
- if (!listCount) {
|
|
- return SECFailure; /* nothing we can act on */
|
|
- }
|
|
names = PORT_ZNewArray(SECItem, listCount);
|
|
if (!names) {
|
|
return SECFailure;
|
|
}
|
|
for (i = 0;i < listCount;i++) {
|
|
- int j;
|
|
+ unsigned int j;
|
|
PRInt32 type;
|
|
SECStatus rv;
|
|
PRBool nametypePresent = PR_FALSE;
|
|
@@ -559,7 +565,11 @@
|
|
}
|
|
}
|
|
|
|
- if (append && maxBytes >= extension_length) {
|
|
+ if (maxBytes < (PRUint32)extension_length) {
|
|
+ PORT_Assert(0);
|
|
+ return 0;
|
|
+ }
|
|
+ if (append) {
|
|
SECStatus rv;
|
|
/* extension_type */
|
|
rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
|
|
@@ -582,9 +592,6 @@
|
|
xtnData->advertised[xtnData->numAdvertised++] =
|
|
ssl_session_ticket_xtn;
|
|
}
|
|
- } else if (maxBytes < extension_length) {
|
|
- PORT_Assert(0);
|
|
- return 0;
|
|
}
|
|
return extension_length;
|
|
|
|
@@ -645,12 +652,17 @@
|
|
|
|
rv = ssl3_ValidateNextProtoNego(data->data, data->len);
|
|
if (rv != SECSuccess) {
|
|
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
|
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
|
return rv;
|
|
}
|
|
|
|
PORT_Assert(ss->nextProtoCallback);
|
|
+ /* For ALPN, the cipher suite isn't selected yet. Note that extensions
|
|
+ * sometimes affect what cipher suite is selected, e.g., for ECC. */
|
|
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo &
|
|
+ ssl_preinfo_all & ~ssl_preinfo_cipher_suite) ==
|
|
+ (ssl_preinfo_all & ~ssl_preinfo_cipher_suite));
|
|
rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len,
|
|
result.data, &result.len, sizeof(resultBuffer));
|
|
if (rv != SECSuccess) {
|
|
@@ -673,8 +685,8 @@
|
|
ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) {
|
|
/* The callback might say OK, but then it picks a default value - one
|
|
* that was not listed. That's OK for NPN, but not ALPN. */
|
|
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol);
|
|
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
|
|
return SECFailure;
|
|
}
|
|
|
|
@@ -693,8 +705,8 @@
|
|
* despite it being permitted by the spec. */
|
|
if (ss->firstHsDone || data->len == 0) {
|
|
/* Clients MUST send a non-empty ALPN extension. */
|
|
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
|
|
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
|
return SECFailure;
|
|
}
|
|
|
|
@@ -721,8 +733,8 @@
|
|
rv = ssl3_RegisterServerHelloExtensionSender(
|
|
ss, ex_type, ssl3_ServerSendAppProtoXtn);
|
|
if (rv != SECSuccess) {
|
|
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
|
|
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
return rv;
|
|
}
|
|
}
|
|
@@ -742,8 +754,8 @@
|
|
* we've negotiated NPN then we're required to send the NPN handshake
|
|
* message. Thus, these two extensions cannot both be negotiated on the
|
|
* same connection. */
|
|
- PORT_SetError(SSL_ERROR_BAD_SERVER);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
|
|
+ PORT_SetError(SSL_ERROR_BAD_SERVER);
|
|
return SECFailure;
|
|
}
|
|
|
|
@@ -753,8 +765,8 @@
|
|
* we sent the ClientHello and now. */
|
|
if (!ss->nextProtoCallback) {
|
|
PORT_Assert(0);
|
|
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
|
|
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
|
|
return SECFailure;
|
|
}
|
|
|
|
@@ -778,16 +790,16 @@
|
|
* uint8 len; // where len >= 1
|
|
* uint8 protocol_name[len]; */
|
|
if (data->len < 4 || data->len > 2 + 1 + 255) {
|
|
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
|
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
|
return SECFailure;
|
|
}
|
|
|
|
list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
|
|
/* The list has to be the entire extension. */
|
|
if (list_len != data->len) {
|
|
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
|
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
|
return SECFailure;
|
|
}
|
|
|
|
@@ -795,8 +807,8 @@
|
|
&data->data, &data->len);
|
|
/* The list must have exactly one value. */
|
|
if (rv != SECSuccess || data->len != 0) {
|
|
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
|
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
|
return SECFailure;
|
|
}
|
|
|
|
@@ -819,7 +831,10 @@
|
|
|
|
extension_length = 4;
|
|
|
|
- if (append && maxBytes >= extension_length) {
|
|
+ if (maxBytes < (PRUint32)extension_length) {
|
|
+ return 0;
|
|
+ }
|
|
+ if (append) {
|
|
SECStatus rv;
|
|
rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
|
|
if (rv != SECSuccess)
|
|
@@ -829,8 +844,6 @@
|
|
goto loser;
|
|
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
|
ssl_next_proto_nego_xtn;
|
|
- } else if (maxBytes < extension_length) {
|
|
- return 0;
|
|
}
|
|
|
|
return extension_length;
|
|
@@ -854,7 +867,10 @@
|
|
2 /* protocol name list length */ +
|
|
ss->opt.nextProtoNego.len;
|
|
|
|
- if (append && maxBytes >= extension_length) {
|
|
+ if (maxBytes < (PRUint32)extension_length) {
|
|
+ return 0;
|
|
+ }
|
|
+ if (append) {
|
|
/* NPN requires that the client's fallback protocol is first in the
|
|
* list. However, ALPN sends protocols in preference order. So we
|
|
* allocate a buffer and move the first protocol to the end of the
|
|
@@ -894,8 +910,6 @@
|
|
}
|
|
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
|
ssl_app_layer_protocol_xtn;
|
|
- } else if (maxBytes < extension_length) {
|
|
- return 0;
|
|
}
|
|
|
|
return extension_length;
|
|
@@ -923,7 +937,10 @@
|
|
2 /* protocol name list */ + 1 /* name length */ +
|
|
ss->ssl3.nextProto.len;
|
|
|
|
- if (append && maxBytes >= extension_length) {
|
|
+ if (maxBytes < (PRUint32)extension_length) {
|
|
+ return 0;
|
|
+ }
|
|
+ if (append) {
|
|
SECStatus rv;
|
|
rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
|
|
if (rv != SECSuccess) {
|
|
@@ -942,8 +959,6 @@
|
|
if (rv != SECSuccess) {
|
|
return -1;
|
|
}
|
|
- } else if (maxBytes < extension_length) {
|
|
- return 0;
|
|
}
|
|
|
|
return extension_length;
|
|
@@ -1045,7 +1060,10 @@
|
|
return 0;
|
|
|
|
extension_length = 2 + 2;
|
|
- if (append && maxBytes >= extension_length) {
|
|
+ if (maxBytes < (PRUint32)extension_length) {
|
|
+ return 0;
|
|
+ }
|
|
+ if (append) {
|
|
/* extension_type */
|
|
rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
|
|
if (rv != SECSuccess)
|
|
@@ -1078,7 +1096,11 @@
|
|
*/
|
|
extension_length = 9;
|
|
|
|
- if (append && maxBytes >= extension_length) {
|
|
+ if (maxBytes < (PRUint32)extension_length) {
|
|
+ PORT_Assert(0);
|
|
+ return 0;
|
|
+ }
|
|
+ if (append) {
|
|
SECStatus rv;
|
|
TLSExtensionData *xtnData;
|
|
|
|
@@ -1106,9 +1128,6 @@
|
|
|
|
xtnData = &ss->xtnData;
|
|
xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
|
|
- } else if (maxBytes < extension_length) {
|
|
- PORT_Assert(0);
|
|
- return 0;
|
|
}
|
|
return extension_length;
|
|
}
|
|
@@ -1120,7 +1139,7 @@
|
|
SECStatus
|
|
ssl3_SendNewSessionTicket(sslSocket *ss)
|
|
{
|
|
- int i;
|
|
+ PRUint32 i;
|
|
SECStatus rv;
|
|
NewSessionTicket ticket;
|
|
SECItem plaintext;
|
|
@@ -1152,7 +1171,7 @@
|
|
CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
|
|
PK11Context *aes_ctx_pkcs11;
|
|
CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC;
|
|
- PK11Context *hmac_ctx_pkcs11;
|
|
+ PK11Context *hmac_ctx_pkcs11 = NULL;
|
|
unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
|
|
unsigned int computed_mac_length;
|
|
unsigned char iv[AES_BLOCK_SIZE];
|
|
@@ -1200,7 +1219,8 @@
|
|
sslSessionID sid;
|
|
PORT_Memset(&sid, 0, sizeof(sslSessionID));
|
|
|
|
- if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
|
|
+ if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
|
|
+ ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
|
|
effectiveExchKeyType = kt_rsa;
|
|
} else {
|
|
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
|
|
@@ -1243,6 +1263,7 @@
|
|
+ cert_length /* cert */
|
|
+ 1 /* server name type */
|
|
+ srvNameLen /* name len + length field */
|
|
+ + 1 /* extendedMasterSecretUsed */
|
|
+ sizeof(ticket.ticket_lifetime_hint);
|
|
padding_length = AES_BLOCK_SIZE -
|
|
(ciphertext_length % AES_BLOCK_SIZE);
|
|
@@ -1341,6 +1362,11 @@
|
|
if (rv != SECSuccess) goto loser;
|
|
}
|
|
|
|
+ /* extendedMasterSecretUsed */
|
|
+ rv = ssl3_AppendNumberToItem(
|
|
+ &plaintext, ss->sec.ci.sid->u.ssl3.keys.extendedMasterSecretUsed, 1);
|
|
+ if (rv != SECSuccess) goto loser;
|
|
+
|
|
PORT_Assert(plaintext.len == padding_length);
|
|
for (i = 0; i < padding_length; i++)
|
|
plaintext.data[i] = (unsigned char)padding_length;
|
|
@@ -1410,14 +1436,18 @@
|
|
goto loser;
|
|
|
|
rv = PK11_DigestBegin(hmac_ctx_pkcs11);
|
|
+ if (rv != SECSuccess) goto loser;
|
|
rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name,
|
|
SESS_TICKET_KEY_NAME_LEN);
|
|
+ if (rv != SECSuccess) goto loser;
|
|
rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv));
|
|
+ if (rv != SECSuccess) goto loser;
|
|
rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2);
|
|
+ if (rv != SECSuccess) goto loser;
|
|
rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len);
|
|
+ if (rv != SECSuccess) goto loser;
|
|
rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
|
|
&computed_mac_length, sizeof(computed_mac));
|
|
- PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
|
|
if (rv != SECSuccess) goto loser;
|
|
}
|
|
|
|
@@ -1446,6 +1476,8 @@
|
|
if (rv != SECSuccess) goto loser;
|
|
|
|
loser:
|
|
+ if (hmac_ctx_pkcs11)
|
|
+ PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
|
|
if (plaintext_item.data)
|
|
SECITEM_FreeItem(&plaintext_item, PR_FALSE);
|
|
if (ciphertext.data)
|
|
@@ -1495,7 +1527,7 @@
|
|
if (data->len == 0) {
|
|
ss->xtnData.emptySessionTicket = PR_TRUE;
|
|
} else {
|
|
- int i;
|
|
+ PRUint32 i;
|
|
SECItem extension_data;
|
|
EncryptedSessionTicket enc_session_ticket;
|
|
unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
|
|
@@ -1698,9 +1730,10 @@
|
|
goto loser;
|
|
}
|
|
|
|
- /* Read ticket_version (which is ignored for now.) */
|
|
+ /* Read ticket_version and reject if the version is wrong */
|
|
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
|
|
- if (temp < 0) goto no_ticket;
|
|
+ if (temp != TLS_EX_SESS_TICKET_VERSION) goto no_ticket;
|
|
+
|
|
parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
|
|
|
|
/* Read SSLVersion. */
|
|
@@ -1801,6 +1834,13 @@
|
|
parsed_session_ticket->srvName.type = nameType;
|
|
}
|
|
|
|
+ /* Read extendedMasterSecretUsed */
|
|
+ temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
|
|
+ if (temp < 0)
|
|
+ goto no_ticket;
|
|
+ PORT_Assert(temp == PR_TRUE || temp == PR_FALSE);
|
|
+ parsed_session_ticket->extendedMasterSecretUsed = (PRBool)temp;
|
|
+
|
|
/* Done parsing. Check that all bytes have been consumed. */
|
|
if (buffer_len != padding_length)
|
|
goto no_ticket;
|
|
@@ -1847,6 +1887,8 @@
|
|
parsed_session_ticket->ms_is_wrapped;
|
|
sid->u.ssl3.masterValid = PR_TRUE;
|
|
sid->u.ssl3.keys.resumable = PR_TRUE;
|
|
+ sid->u.ssl3.keys.extendedMasterSecretUsed = parsed_session_ticket->
|
|
+ extendedMasterSecretUsed;
|
|
|
|
/* Copy over client cert from session ticket if there is one. */
|
|
if (parsed_session_ticket->peer_cert.data != NULL) {
|
|
@@ -2085,7 +2127,10 @@
|
|
(ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
|
|
: ss->ssl3.hs.finishedBytes);
|
|
needed = 5 + len;
|
|
- if (append && maxBytes >= needed) {
|
|
+ if (maxBytes < (PRUint32)needed) {
|
|
+ return 0;
|
|
+ }
|
|
+ if (append) {
|
|
SECStatus rv;
|
|
/* extension_type */
|
|
rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
|
|
@@ -2138,8 +2183,8 @@
|
|
}
|
|
if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
|
|
data->data + 1, len)) {
|
|
- PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
|
|
+ PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
|
|
return SECFailure;
|
|
}
|
|
/* remember that we got this extension and it was correct. */
|
|
@@ -2263,8 +2308,8 @@
|
|
}
|
|
|
|
if (!found) {
|
|
- PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
|
|
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
|
|
return SECFailure;
|
|
}
|
|
|
|
@@ -2277,8 +2322,8 @@
|
|
|
|
/* We didn't offer an MKI, so this must be 0 length */
|
|
if (litem.len != 0) {
|
|
- PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
|
|
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
|
|
return SECFailure;
|
|
}
|
|
|
|
@@ -2374,7 +2419,7 @@
|
|
SECStatus rv;
|
|
SECItem algorithms;
|
|
const unsigned char *b;
|
|
- unsigned int numAlgorithms, i, j;
|
|
+ unsigned int numAlgorithms, i;
|
|
|
|
/* Ignore this extension if we aren't doing TLS 1.2 or greater. */
|
|
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
@@ -2388,8 +2433,8 @@
|
|
}
|
|
/* Trailing data, empty value, or odd-length value is invalid. */
|
|
if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
|
|
- PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
|
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
|
|
return SECFailure;
|
|
}
|
|
|
|
@@ -2401,30 +2446,24 @@
|
|
}
|
|
|
|
ss->ssl3.hs.clientSigAndHash =
|
|
- PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
|
|
+ PORT_NewArray(SSLSignatureAndHashAlg, numAlgorithms);
|
|
if (!ss->ssl3.hs.clientSigAndHash) {
|
|
- PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
|
|
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
|
|
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
|
|
return SECFailure;
|
|
}
|
|
ss->ssl3.hs.numClientSigAndHash = 0;
|
|
|
|
b = algorithms.data;
|
|
- for (i = j = 0; i < numAlgorithms; i++) {
|
|
- unsigned char tls_hash = *(b++);
|
|
- unsigned char tls_sig = *(b++);
|
|
- SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash);
|
|
-
|
|
- if (hash == SEC_OID_UNKNOWN) {
|
|
- /* We ignore formats that we don't understand. */
|
|
- continue;
|
|
- }
|
|
- /* tls_sig support will be checked later in
|
|
- * ssl3_PickSignatureHashAlgorithm. */
|
|
- ss->ssl3.hs.clientSigAndHash[j].hashAlg = hash;
|
|
- ss->ssl3.hs.clientSigAndHash[j].sigAlg = tls_sig;
|
|
- ++j;
|
|
- ++ss->ssl3.hs.numClientSigAndHash;
|
|
+ ss->ssl3.hs.numClientSigAndHash = 0;
|
|
+ for (i = 0; i < numAlgorithms; i++) {
|
|
+ SSLSignatureAndHashAlg *sigAndHash =
|
|
+ &ss->ssl3.hs.clientSigAndHash[ss->ssl3.hs.numClientSigAndHash];
|
|
+ sigAndHash->hashAlg = (SSLHashType)*(b++);
|
|
+ sigAndHash->sigAlg = (SSLSignType)*(b++);
|
|
+ if (ssl3_IsSupportedSignatureAlgorithm(sigAndHash)) {
|
|
+ ++ss->ssl3.hs.numClientSigAndHash;
|
|
+ }
|
|
}
|
|
|
|
if (!ss->ssl3.hs.numClientSigAndHash) {
|
|
@@ -2442,60 +2481,60 @@
|
|
/* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS
|
|
* 1.2 ClientHellos. */
|
|
static PRInt32
|
|
-ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
|
|
+ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
|
|
{
|
|
- static const unsigned char signatureAlgorithms[] = {
|
|
- /* This block is the contents of our signature_algorithms extension, in
|
|
- * wire format. See
|
|
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
- tls_hash_sha256, tls_sig_rsa,
|
|
- tls_hash_sha384, tls_sig_rsa,
|
|
- tls_hash_sha512, tls_sig_rsa,
|
|
- tls_hash_sha1, tls_sig_rsa,
|
|
-#ifndef NSS_DISABLE_ECC
|
|
- tls_hash_sha256, tls_sig_ecdsa,
|
|
- tls_hash_sha384, tls_sig_ecdsa,
|
|
- tls_hash_sha512, tls_sig_ecdsa,
|
|
- tls_hash_sha1, tls_sig_ecdsa,
|
|
-#endif
|
|
- tls_hash_sha256, tls_sig_dsa,
|
|
- tls_hash_sha1, tls_sig_dsa,
|
|
- };
|
|
PRInt32 extension_length;
|
|
+ unsigned int i;
|
|
+ PRInt32 pos=0;
|
|
+ PRUint32 policy;
|
|
+ PRUint8 buf[MAX_SIGNATURE_ALGORITHMS * 2];
|
|
|
|
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
return 0;
|
|
}
|
|
|
|
+ for (i=0; i < ss->ssl3.signatureAlgorithmCount; i++) {
|
|
+ SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(
|
|
+ ss->ssl3.signatureAlgorithms[i].hashAlg);
|
|
+ if ((NSS_GetAlgorithmPolicy(hashOID, & policy) != SECSuccess) ||
|
|
+ (policy & NSS_USE_ALG_IN_SSL_KX)) {
|
|
+ buf[pos++] = ss->ssl3.signatureAlgorithms[i].hashAlg;
|
|
+ buf[pos++] = ss->ssl3.signatureAlgorithms[i].sigAlg;
|
|
+ }
|
|
+ }
|
|
+
|
|
extension_length =
|
|
2 /* extension type */ +
|
|
2 /* extension length */ +
|
|
2 /* supported_signature_algorithms length */ +
|
|
- sizeof(signatureAlgorithms);
|
|
+ pos;
|
|
+
|
|
+ if (maxBytes < extension_length) {
|
|
+ PORT_Assert(0);
|
|
+ return 0;
|
|
+ }
|
|
|
|
- if (append && maxBytes >= extension_length) {
|
|
+ if (append) {
|
|
SECStatus rv;
|
|
rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
|
|
- if (rv != SECSuccess)
|
|
- goto loser;
|
|
+ if (rv != SECSuccess) {
|
|
+ return -1;
|
|
+ }
|
|
rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
|
|
- if (rv != SECSuccess)
|
|
- goto loser;
|
|
- rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms,
|
|
- sizeof(signatureAlgorithms), 2);
|
|
- if (rv != SECSuccess)
|
|
- goto loser;
|
|
+ if (rv != SECSuccess) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ rv = ssl3_AppendHandshakeVariable(ss, buf, extension_length - 6, 2);
|
|
+ if (rv != SECSuccess) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
|
ssl_signature_algorithms_xtn;
|
|
- } else if (maxBytes < extension_length) {
|
|
- PORT_Assert(0);
|
|
- return 0;
|
|
}
|
|
|
|
return extension_length;
|
|
-
|
|
-loser:
|
|
- return -1;
|
|
}
|
|
|
|
unsigned int
|
|
@@ -2565,7 +2604,11 @@
|
|
}
|
|
|
|
extension_length = 6; /* Type + length + number */
|
|
- if (append && maxBytes >= extension_length) {
|
|
+ if (maxBytes < (PRUint32)extension_length) {
|
|
+ PORT_Assert(0);
|
|
+ return 0;
|
|
+ }
|
|
+ if (append) {
|
|
SECStatus rv;
|
|
rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2);
|
|
if (rv != SECSuccess)
|
|
@@ -2578,9 +2621,6 @@
|
|
goto loser;
|
|
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
|
ssl_tls13_draft_version_xtn;
|
|
- } else if (maxBytes < extension_length) {
|
|
- PORT_Assert(0);
|
|
- return 0;
|
|
}
|
|
|
|
return extension_length;
|
|
@@ -2633,6 +2673,51 @@
|
|
return SECSuccess;
|
|
}
|
|
|
|
+static PRInt32
|
|
+ssl3_SendExtendedMasterSecretXtn(sslSocket * ss, PRBool append,
|
|
+ PRUint32 maxBytes)
|
|
+{
|
|
+ PRInt32 extension_length;
|
|
+
|
|
+ if (!ss->opt.enableExtendedMS) {
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+#ifndef NO_PKCS11_BYPASS
|
|
+ /* Extended MS can only be used w/o bypass mode */
|
|
+ if (ss->opt.bypassPKCS11) {
|
|
+ PORT_Assert(0);
|
|
+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
|
|
+ return -1;
|
|
+ }
|
|
+#endif
|
|
+
|
|
+ /* Always send the extension in this function, since the
|
|
+ * client always sends it and this function is only called on
|
|
+ * the server if we negotiated the extension. */
|
|
+ extension_length = 4; /* Type + length (0) */
|
|
+ if (maxBytes < extension_length) {
|
|
+ PORT_Assert(0);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ if (append) {
|
|
+ SECStatus rv;
|
|
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_extended_master_secret_xtn, 2);
|
|
+ if (rv != SECSuccess)
|
|
+ goto loser;
|
|
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
|
|
+ if (rv != SECSuccess)
|
|
+ goto loser;
|
|
+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
|
+ ssl_extended_master_secret_xtn;
|
|
+ }
|
|
+
|
|
+ return extension_length;
|
|
+loser:
|
|
+ return -1;
|
|
+}
|
|
+
|
|
/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
|
|
* extension for TLS ClientHellos. */
|
|
static PRInt32
|
|
@@ -2646,7 +2731,12 @@
|
|
if (!ss->opt.enableSignedCertTimestamps)
|
|
return 0;
|
|
|
|
- if (append && maxBytes >= extension_length) {
|
|
+ if (maxBytes < extension_length) {
|
|
+ PORT_Assert(0);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ if (append) {
|
|
SECStatus rv;
|
|
/* extension_type */
|
|
rv = ssl3_AppendHandshakeNumber(ss,
|
|
@@ -2660,9 +2750,6 @@
|
|
goto loser;
|
|
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
|
ssl_signed_certificate_timestamp_xtn;
|
|
- } else if (maxBytes < extension_length) {
|
|
- PORT_Assert(0);
|
|
- return 0;
|
|
}
|
|
|
|
return extension_length;
|
|
@@ -2671,6 +2758,46 @@
|
|
}
|
|
|
|
static SECStatus
|
|
+ssl3_HandleExtendedMasterSecretXtn(sslSocket * ss, PRUint16 ex_type,
|
|
+ SECItem *data)
|
|
+{
|
|
+ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_0) {
|
|
+ return SECSuccess;
|
|
+ }
|
|
+
|
|
+ if (!ss->opt.enableExtendedMS) {
|
|
+ return SECSuccess;
|
|
+ }
|
|
+
|
|
+#ifndef NO_PKCS11_BYPASS
|
|
+ /* Extended MS can only be used w/o bypass mode */
|
|
+ if (ss->opt.bypassPKCS11) {
|
|
+ PORT_Assert(0);
|
|
+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
|
|
+ return SECFailure;
|
|
+ }
|
|
+#endif
|
|
+
|
|
+ if (data->len != 0) {
|
|
+ SSL_TRC(30, ("%d: SSL3[%d]: Bogus extended master secret extension",
|
|
+ SSL_GETPID(), ss->fd));
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ SSL_DBG(("%d: SSL[%d]: Negotiated extended master secret extension.",
|
|
+ SSL_GETPID(), ss->fd));
|
|
+
|
|
+ /* Keep track of negotiated extensions. */
|
|
+ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
|
|
+
|
|
+ if (ss->sec.isServer) {
|
|
+ return ssl3_RegisterServerHelloExtensionSender(
|
|
+ ss, ex_type, ssl3_SendExtendedMasterSecretXtn);
|
|
+ }
|
|
+ return SECSuccess;
|
|
+}
|
|
+
|
|
+static SECStatus
|
|
ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
|
|
SECItem *data)
|
|
{
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3gthr.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3gthr.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3gthr.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3gthr.c 2016-01-13 14:18:55.623954879 +0100
|
|
@@ -71,8 +71,8 @@
|
|
break;
|
|
}
|
|
|
|
- PORT_Assert( nb <= gs->remainder );
|
|
- if (nb > gs->remainder) {
|
|
+ PORT_Assert( (unsigned int)nb <= gs->remainder );
|
|
+ if ((unsigned int)nb > gs->remainder) {
|
|
/* ssl_DefRecv is misbehaving! this error is fatal to SSL. */
|
|
gs->state = GS_INIT; /* so we don't crash next time */
|
|
rv = SECFailure;
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3prot.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3prot.h
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3prot.h 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3prot.h 2016-01-13 14:18:55.623954879 +0100
|
|
@@ -218,32 +218,6 @@
|
|
} u;
|
|
} SSL3ServerParams;
|
|
|
|
-/* This enum reflects HashAlgorithm enum from
|
|
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
|
- *
|
|
- * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
|
|
-enum {
|
|
- tls_hash_md5 = 1,
|
|
- tls_hash_sha1 = 2,
|
|
- tls_hash_sha224 = 3,
|
|
- tls_hash_sha256 = 4,
|
|
- tls_hash_sha384 = 5,
|
|
- tls_hash_sha512 = 6
|
|
-};
|
|
-
|
|
-/* This enum reflects SignatureAlgorithm enum from
|
|
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
-typedef enum {
|
|
- tls_sig_rsa = 1,
|
|
- tls_sig_dsa = 2,
|
|
- tls_sig_ecdsa = 3
|
|
-} TLSSignatureAlgorithm;
|
|
-
|
|
-typedef struct {
|
|
- SECOidTag hashAlg;
|
|
- TLSSignatureAlgorithm sigAlg;
|
|
-} SSL3SignatureAndHashAlgorithm;
|
|
-
|
|
/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
|
|
* prior to 1.2. */
|
|
typedef struct {
|
|
@@ -252,11 +226,11 @@
|
|
} SSL3HashesIndividually;
|
|
|
|
/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
|
|
- * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually
|
|
+ * which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually
|
|
* struct. */
|
|
typedef struct {
|
|
unsigned int len;
|
|
- SECOidTag hashAlg;
|
|
+ SSLHashType hashAlg;
|
|
union {
|
|
PRUint8 raw[64];
|
|
SSL3HashesIndividually s;
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslauth.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslauth.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslauth.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslauth.c 2016-01-13 14:18:55.624954885 +0100
|
|
@@ -304,8 +304,7 @@
|
|
&certStatusArray->items[0],
|
|
ss->pkcs11PinArg)
|
|
!= SECSuccess) {
|
|
- PRErrorCode error = PR_GetError();
|
|
- PORT_Assert(error != 0);
|
|
+ PORT_Assert(PR_GetError() != 0);
|
|
}
|
|
}
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslcon.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslcon.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslcon.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslcon.c 2016-01-13 14:18:55.625954891 +0100
|
|
@@ -22,20 +22,6 @@
|
|
|
|
static PRBool policyWasSet;
|
|
|
|
-/* This ordered list is indexed by (SSL_CK_xx * 3) */
|
|
-/* Second and third bytes are MSB and LSB of master key length. */
|
|
-static const PRUint8 allCipherSuites[] = {
|
|
- 0, 0, 0,
|
|
- SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80,
|
|
- SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80,
|
|
- SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80,
|
|
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80,
|
|
- SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80,
|
|
- SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40,
|
|
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0,
|
|
- 0, 0, 0
|
|
-};
|
|
-
|
|
#define ssl2_NUM_SUITES_IMPLEMENTED 6
|
|
|
|
/* This list is sent back to the client when the client-hello message
|
|
@@ -851,7 +837,7 @@
|
|
{
|
|
PRUint8 * out;
|
|
int rv;
|
|
- int amount;
|
|
+ unsigned int amount;
|
|
int count = 0;
|
|
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
|
|
@@ -927,7 +913,7 @@
|
|
int amount;
|
|
PRUint8 macLen;
|
|
int nout;
|
|
- int buflen;
|
|
+ unsigned int buflen;
|
|
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
|
|
|
|
@@ -1031,7 +1017,7 @@
|
|
int amount; /* of plaintext to go in record. */
|
|
unsigned int padding; /* add this many padding byte. */
|
|
int nout; /* ciphertext size after header. */
|
|
- int buflen; /* size of generated record. */
|
|
+ unsigned int buflen; /* size of generated record. */
|
|
|
|
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
|
|
|
|
@@ -1555,7 +1541,7 @@
|
|
unsigned int ddLen; /* length of RSA decrypted data in kbuf */
|
|
unsigned int keySize;
|
|
unsigned int dkLen; /* decrypted key length in bytes */
|
|
- int modulusLen;
|
|
+ int modulusLen;
|
|
SECStatus rv;
|
|
PRUint16 allowed; /* cipher kinds enabled and allowed by policy */
|
|
PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES];
|
|
@@ -1617,11 +1603,11 @@
|
|
}
|
|
|
|
modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY);
|
|
- if (modulusLen == -1) {
|
|
+ if (modulusLen < 0) {
|
|
/* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */
|
|
modulusLen = ekLen;
|
|
}
|
|
- if (ekLen > modulusLen || ekLen + ckLen < keySize) {
|
|
+ if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) {
|
|
SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!",
|
|
SSL_GETPID(), ss->fd, ekLen));
|
|
PORT_SetError(SSL_ERROR_BAD_CLIENT);
|
|
@@ -2495,7 +2481,6 @@
|
|
PRUint8 * cid;
|
|
unsigned len, certType, certLen, responseLen;
|
|
int rv;
|
|
- int rv2;
|
|
|
|
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
|
|
|
|
@@ -2613,7 +2598,7 @@
|
|
data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen,
|
|
responseLen);
|
|
if (rv) {
|
|
- rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
|
|
+ (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
|
|
SET_ERROR_CODE
|
|
goto loser;
|
|
}
|
|
@@ -2741,7 +2726,7 @@
|
|
PRUint8 * cs;
|
|
PRUint8 * data;
|
|
SECStatus rv;
|
|
- int needed, sidHit, certLen, csLen, cidLen, certType, err;
|
|
+ unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err;
|
|
|
|
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
|
|
|
|
@@ -3669,12 +3654,14 @@
|
|
*/
|
|
|
|
#include "nss.h"
|
|
-extern const char __nss_ssl_rcsid[];
|
|
-extern const char __nss_ssl_sccsid[];
|
|
+extern const char __nss_ssl_version[];
|
|
|
|
PRBool
|
|
NSSSSL_VersionCheck(const char *importedVersion)
|
|
{
|
|
+#define NSS_VERSION_VARIABLE __nss_ssl_version
|
|
+#include "verref.h"
|
|
+
|
|
/*
|
|
* This is the secret handshake algorithm.
|
|
*
|
|
@@ -3684,9 +3671,6 @@
|
|
* not compatible with future major, minor, or
|
|
* patch releases.
|
|
*/
|
|
- volatile char c; /* force a reference that won't get optimized away */
|
|
-
|
|
- c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0];
|
|
return NSS_VersionCheck(importedVersion);
|
|
}
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslenum.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslenum.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslenum.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslenum.c 2016-01-13 14:18:55.625954891 +0100
|
|
@@ -70,14 +70,17 @@
|
|
#endif /* NSS_DISABLE_ECC */
|
|
|
|
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
|
|
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
|
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
|
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
|
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
|
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
|
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
|
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslerr.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslerr.h
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslerr.h 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslerr.h 2016-01-13 14:18:55.626954897 +0100
|
|
@@ -198,9 +198,19 @@
|
|
|
|
SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
|
|
|
|
-SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
|
|
-SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
|
|
-SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
|
|
+SSL_ERROR_WEAK_SERVER_CERT_KEY = (SSL_ERROR_BASE + 132),
|
|
+
|
|
+SSL_ERROR_RX_SHORT_DTLS_READ = (SSL_ERROR_BASE + 133),
|
|
+
|
|
+SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 134),
|
|
+SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135),
|
|
+
|
|
+SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 136),
|
|
+SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 137),
|
|
+
|
|
+SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 138),
|
|
+SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 139),
|
|
+SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 140),
|
|
|
|
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
|
|
} SSLErrorCodes;
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/SSLerrs.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/SSLerrs.h
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/SSLerrs.h 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/SSLerrs.h 2016-01-13 14:18:55.613954821 +0100
|
|
@@ -423,11 +423,29 @@
|
|
"The server rejected the handshake because the client downgraded to a lower "
|
|
"TLS version than the server supports.")
|
|
|
|
-ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
|
|
+ER3(SSL_ERROR_WEAK_SERVER_CERT_KEY, (SSL_ERROR_BASE + 132),
|
|
+"The server certificate included a public key that was too weak.")
|
|
+
|
|
+ER3(SSL_ERROR_RX_SHORT_DTLS_READ, (SSL_ERROR_BASE + 133),
|
|
+"Not enough room in buffer for DTLS record.")
|
|
+
|
|
+ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134),
|
|
+"No supported TLS signature algorithm was configured.")
|
|
+
|
|
+ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135),
|
|
+"The peer used an unsupported combination of signature and hash algorithm.")
|
|
+
|
|
+ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136),
|
|
+"The peer tried to resume without a correct extended_master_secret extension")
|
|
+
|
|
+ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137),
|
|
+"The peer tried to resume with an unexpected extended_master_secret extension")
|
|
+
|
|
+ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 138),
|
|
"SSL received a malformed TLS Channel ID extension.")
|
|
|
|
-ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 133),
|
|
+ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 139),
|
|
"The application provided an invalid TLS Channel ID key.")
|
|
|
|
-ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 134),
|
|
+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 140),
|
|
"The application could not get a TLS Channel ID.")
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl.h
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl.h 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl.h 2016-01-13 14:18:55.614954827 +0100
|
|
@@ -185,14 +185,26 @@
|
|
/* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is
|
|
* reused for multiple handshakes or generated each time.
|
|
* SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default.
|
|
+ * This socket option is for ECDHE, only. It is unrelated to DHE.
|
|
*/
|
|
#define SSL_REUSE_SERVER_ECDHE_KEY 27
|
|
|
|
#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
|
|
* handshakes. */
|
|
|
|
+/* SSL_ENABLE_SERVER_DHE controls whether DHE is enabled for the server socket.
|
|
+ */
|
|
+#define SSL_ENABLE_SERVER_DHE 29
|
|
+
|
|
+/* Use draft-ietf-tls-session-hash. Controls whether we offer the
|
|
+ * extended_master_secret extension which, when accepted, hashes
|
|
+ * the handshake transcript into the master secret. This option is
|
|
+ * disabled by default.
|
|
+ */
|
|
+#define SSL_ENABLE_EXTENDED_MASTER_SECRET 30
|
|
+
|
|
/* Request Signed Certificate Timestamps via TLS extension (client) */
|
|
-#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 29
|
|
+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 31
|
|
|
|
#ifdef SSL_DEPRECATED_FUNCTION
|
|
/* Old deprecated function names */
|
|
@@ -295,6 +307,86 @@
|
|
SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
|
|
SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
|
|
|
|
+/*
|
|
+** Control for TLS signature algorithms for TLS 1.2 only.
|
|
+**
|
|
+** This governs what signature algorithms are sent by a client in the
|
|
+** signature_algorithms extension. A client will not accept a signature from a
|
|
+** server unless it uses an enabled algorithm.
|
|
+**
|
|
+** This also governs what the server sends in the supported_signature_algorithms
|
|
+** field of a CertificateRequest. It also changes what the server uses to sign
|
|
+** ServerKeyExchange: a server uses the first entry from this list that is
|
|
+** compatible with the client's advertised signature_algorithms extension and
|
|
+** the selected server certificate.
|
|
+**
|
|
+** Omitting SHA-256 from this list might be foolish. Support is mandatory in
|
|
+** TLS 1.2 and there might be interoperability issues. For a server, NSS only
|
|
+** supports SHA-256 for verifying a TLS 1.2 CertificateVerify. This list needs
|
|
+** to include SHA-256 if client authentication is requested or required, or
|
|
+** creating a CertificateRequest will fail.
|
|
+*/
|
|
+SSL_IMPORT SECStatus SSL_SignaturePrefSet(
|
|
+ PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms,
|
|
+ unsigned int count);
|
|
+
|
|
+/*
|
|
+** Get the currently configured signature algorithms.
|
|
+**
|
|
+** The algorithms are written to |algorithms| but not if there are more than
|
|
+** |maxCount| values configured. The number of algorithms that are in use are
|
|
+** written to |count|. This fails if |maxCount| is insufficiently large.
|
|
+*/
|
|
+SSL_IMPORT SECStatus SSL_SignaturePrefGet(
|
|
+ PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms, unsigned int *count,
|
|
+ unsigned int maxCount);
|
|
+
|
|
+/*
|
|
+** Returns the maximum number of signature algorithms that are supported and
|
|
+** can be set or retrieved using SSL_SignaturePrefSet or SSL_SignaturePrefGet.
|
|
+*/
|
|
+SSL_IMPORT unsigned int SSL_SignatureMaxCount();
|
|
+
|
|
+/* SSL_DHEGroupPrefSet is used to configure the set of allowed/enabled DHE group
|
|
+** parameters that can be used by NSS for the given server socket.
|
|
+** The first item in the array is used as the default group, if no other
|
|
+** selection criteria can be used by NSS.
|
|
+** The set is provided as an array of identifiers as defined by SSLDHEGroupType.
|
|
+** If more than one group identifier is provided, NSS will select the one to use.
|
|
+** For example, a TLS extension sent by the client might indicate a preference.
|
|
+*/
|
|
+SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
|
|
+ SSLDHEGroupType *groups,
|
|
+ PRUint16 num_groups);
|
|
+
|
|
+/* Enable the use of a DHE group that's smaller than the library default,
|
|
+** for backwards compatibility reasons. The DH parameters will be created
|
|
+** at the time this function is called, which might take a very long time.
|
|
+** The function will block until generation is completed.
|
|
+** The intention is to enforce that fresh and safe parameters are generated
|
|
+** each time a process is started.
|
|
+** At the time this API was initially implemented, the API will enable the
|
|
+** use of 1024 bit DHE parameters. This value might get increased in future
|
|
+** versions of NSS.
|
|
+**
|
|
+** It is allowed to call this API will a NULL value for parameter fd,
|
|
+** which will prepare the global parameters that NSS will reuse for the remainder
|
|
+** of the process lifetime. This can be used early after startup of a process,
|
|
+** to avoid a delay when handling incoming client connections.
|
|
+** This preparation with a NULL for parameter fd will NOT enable the weak group
|
|
+** on sockets. The function needs to be called again for every socket that
|
|
+** should use the weak group.
|
|
+**
|
|
+** It is allowed to use this API in combination with the SSL_DHEGroupPrefSet API.
|
|
+** If both APIs have been called, the weakest group will be used,
|
|
+** unless it is certain that the client supports larger group parameters.
|
|
+** The weak group will be used as the default group, overriding the preference
|
|
+** for the first group potentially set with a call to SSL_DHEGroupPrefSet
|
|
+** (The first group set using SSL_DHEGroupPrefSet will still be enabled, but
|
|
+** it's no longer the default group.)
|
|
+*/
|
|
+SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
|
|
+
|
|
/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
|
|
* which must be an array of cipher suite ids of length |len|. All the given
|
|
* cipher suite ids must appear in the array that is returned by
|
|
@@ -1012,10 +1104,27 @@
|
|
SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void);
|
|
|
|
/* Report more information than SSL_SecurityStatus.
|
|
-** Caller supplies the info struct. Function fills it in.
|
|
-*/
|
|
+ * Caller supplies the info struct. This function fills it in.
|
|
+ * The information here will be zeroed prior to details being confirmed. The
|
|
+ * details are confirmed either when a Finished message is received, or - for a
|
|
+ * client - when the second flight of messages have been sent. This function
|
|
+ * therefore produces unreliable results prior to receiving the
|
|
+ * SSLHandshakeCallback or the SSLCanFalseStartCallback.
|
|
+ */
|
|
SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info,
|
|
PRUintn len);
|
|
+/* Get preliminary information about a channel.
|
|
+ * This function can be called prior to handshake details being confirmed (see
|
|
+ * SSL_GetChannelInfo above for what that means). Thus, information provided by
|
|
+ * this function is available to SSLAuthCertificate, SSLGetClientAuthData,
|
|
+ * SSLSNISocketConfig, and other callbacks that might be called during the
|
|
+ * processing of the first flight of client of server handshake messages.
|
|
+ * Values are marked as being unavailable when renegotiation is initiated.
|
|
+ */
|
|
+SSL_IMPORT SECStatus
|
|
+SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
|
|
+ SSLPreliminaryChannelInfo *info,
|
|
+ PRUintn len);
|
|
SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
|
|
SSLCipherSuiteInfo *info, PRUintn len);
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslimpl.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslimpl.h
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslimpl.h 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslimpl.h 2016-01-13 14:18:55.627954902 +0100
|
|
@@ -1,3 +1,4 @@
|
|
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/*
|
|
* This file is PRIVATE to SSL and should be the first thing included by
|
|
* any SSL implementation file.
|
|
@@ -181,6 +182,7 @@
|
|
typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
|
|
typedef struct ssl3MACDefStr ssl3MACDef;
|
|
typedef struct ssl3KeyPairStr ssl3KeyPair;
|
|
+typedef struct ssl3DHParamsStr ssl3DHParams;
|
|
|
|
struct ssl3CertNodeStr {
|
|
struct ssl3CertNodeStr *next;
|
|
@@ -300,13 +302,19 @@
|
|
} ssl3CipherSuiteCfg;
|
|
|
|
#ifndef NSS_DISABLE_ECC
|
|
-#define ssl_V3_SUITES_IMPLEMENTED 63
|
|
+#define ssl_V3_SUITES_IMPLEMENTED 66
|
|
#else
|
|
-#define ssl_V3_SUITES_IMPLEMENTED 37
|
|
+#define ssl_V3_SUITES_IMPLEMENTED 40
|
|
#endif /* NSS_DISABLE_ECC */
|
|
|
|
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
|
|
|
|
+/* MAX_SIGNATURE_ALGORITHMS allows for a large number of combinations of
|
|
+ * SSLSignType and SSLHashType, but not all combinations (specifically, this
|
|
+ * doesn't allow space for combinations with MD5). */
|
|
+#define MAX_SIGNATURE_ALGORITHMS 15
|
|
+
|
|
+
|
|
typedef struct sslOptionsStr {
|
|
/* If SSL_SetNextProtoNego has been called, then this contains the
|
|
* list of supported protocols. */
|
|
@@ -339,7 +347,9 @@
|
|
unsigned int enableALPN : 1; /* 27 */
|
|
unsigned int reuseServerECDHEKey : 1; /* 28 */
|
|
unsigned int enableFallbackSCSV : 1; /* 29 */
|
|
- unsigned int enableSignedCertTimestamps : 1; /* 30 */
|
|
+ unsigned int enableServerDhe : 1; /* 30 */
|
|
+ unsigned int enableExtendedMS : 1; /* 31 */
|
|
+ unsigned int enableSignedCertTimestamps : 1; /* 32 */
|
|
} sslOptions;
|
|
|
|
typedef enum { sslHandshakingUndetermined = 0,
|
|
@@ -521,6 +531,7 @@
|
|
PRUint16 wrapped_master_secret_len;
|
|
PRUint8 msIsWrapped;
|
|
PRUint8 resumable;
|
|
+ PRUint8 extendedMasterSecretUsed;
|
|
} ssl3SidKeys; /* 52 bytes */
|
|
|
|
typedef struct {
|
|
@@ -766,10 +777,10 @@
|
|
* is_limited identifies a suite as having a limit on the key size.
|
|
* key_size_limit provides the corresponding limit. */
|
|
PRBool is_limited;
|
|
- int key_size_limit;
|
|
+ unsigned int key_size_limit;
|
|
PRBool tls_keygen;
|
|
- /* True if the key exchange for the suite can be ephemeral. Or to be more
|
|
- * precise: true if the ServerKeyExchange message is required. */
|
|
+ /* True if the key exchange for the suite is ephemeral. Or to be more
|
|
+ * precise: true if the ServerKeyExchange message is always required. */
|
|
PRBool ephemeral;
|
|
} ssl3KEADef;
|
|
|
|
@@ -955,12 +966,14 @@
|
|
PRBool cacheSID;
|
|
|
|
PRBool canFalseStart; /* Can/did we False Start */
|
|
+ /* Which preliminaryinfo values have been set. */
|
|
+ PRUint32 preliminaryInfo;
|
|
|
|
/* clientSigAndHash contains the contents of the signature_algorithms
|
|
* extension (if any) from the client. This is only valid for TLS 1.2
|
|
* or later. */
|
|
- SSL3SignatureAndHashAlgorithm *clientSigAndHash;
|
|
- unsigned int numClientSigAndHash;
|
|
+ SSLSignatureAndHashAlg *clientSigAndHash;
|
|
+ unsigned int numClientSigAndHash;
|
|
|
|
/* This group of values is used for DTLS */
|
|
PRUint16 sendMessageSeq; /* The sending message sequence
|
|
@@ -1044,9 +1057,17 @@
|
|
PRUint16 dtlsSRTPCipherCount;
|
|
PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
|
|
PRBool fatalAlertSent;
|
|
+ PRUint16 numDHEGroups; /* used by server */
|
|
+ SSLDHEGroupType * dheGroups; /* used by server */
|
|
+ PRBool dheWeakGroupEnabled; /* used by server */
|
|
+
|
|
+ /* TLS 1.2 introduces separate signature algorithm negotiation.
|
|
+ * This is our preference order. */
|
|
+ SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS];
|
|
+ unsigned int signatureAlgorithmCount;
|
|
};
|
|
|
|
-#define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the
|
|
+#define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the
|
|
* headers, so slightly larger than expected */
|
|
#define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram)
|
|
|
|
@@ -1063,6 +1084,11 @@
|
|
PRInt32 refCount; /* use PR_Atomic calls for this. */
|
|
};
|
|
|
|
+struct ssl3DHParamsStr {
|
|
+ SECItem prime; /* p */
|
|
+ SECItem base; /* g */
|
|
+};
|
|
+
|
|
typedef struct SSLWrappedSymWrappingKeyStr {
|
|
SSL3Opaque wrappedSymmetricWrappingkey[512];
|
|
CK_MECHANISM_TYPE symWrapMechanism;
|
|
@@ -1093,6 +1119,7 @@
|
|
CK_MECHANISM_TYPE msWrapMech;
|
|
PRUint16 ms_length;
|
|
SSL3Opaque master_secret[48];
|
|
+ PRBool extendedMasterSecretUsed;
|
|
ClientIdentity client_identity;
|
|
SECItem peer_cert;
|
|
PRUint32 timestamp;
|
|
@@ -1275,6 +1302,9 @@
|
|
|
|
ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
|
|
|
|
+ const ssl3DHParams *dheParams; /* DHE param */
|
|
+ ssl3KeyPair * dheKeyPair; /* DHE keys */
|
|
+
|
|
/* Callbacks */
|
|
SSLAuthCertificate authCertificate;
|
|
void *authCertificateArg;
|
|
@@ -1634,7 +1664,7 @@
|
|
extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec,
|
|
const unsigned char * cr, const unsigned char * sr,
|
|
PRBool isTLS, PRBool isExport);
|
|
-extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
|
|
+extern SECStatus ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec,
|
|
const unsigned char * cr, const unsigned char * sr,
|
|
const SECItem * pms, PRBool isTLS, PRBool isRSA);
|
|
|
|
@@ -1688,6 +1718,8 @@
|
|
*/
|
|
extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
|
|
|
|
+extern SECStatus ssl3_SelectDHParams(sslSocket *ss);
|
|
+
|
|
#ifndef NSS_DISABLE_ECC
|
|
extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
|
|
extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
|
|
@@ -1790,11 +1822,11 @@
|
|
SSL3Opaque *b, PRUint32 length,
|
|
SECKEYPublicKey *srvrPubKey,
|
|
SECKEYPrivateKey *srvrPrivKey);
|
|
-extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss,
|
|
- const SSL3SignatureAndHashAlgorithm *sigAndHash);
|
|
+extern SECStatus ssl3_SendECDHServerKeyExchange(
|
|
+ sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash);
|
|
#endif
|
|
|
|
-extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg,
|
|
+extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
|
|
PRUint8 * hashBuf,
|
|
unsigned int bufLen, SSL3Hashes *hashes,
|
|
PRBool bypassPKCS11);
|
|
@@ -1808,21 +1840,22 @@
|
|
PRInt32 lenSize);
|
|
extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss,
|
|
const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
|
|
-extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss,
|
|
- const SSL3SignatureAndHashAlgorithm* sigAndHash);
|
|
+extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(
|
|
+ sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash);
|
|
extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes,
|
|
SSL3Opaque **b, PRUint32 *length);
|
|
extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
|
|
SSL3Opaque **b, PRUint32 *length);
|
|
extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
|
|
PRInt32 bytes, SSL3Opaque **b, PRUint32 *length);
|
|
-extern SECOidTag ssl3_TLSHashAlgorithmToOID(int hashFunc);
|
|
+extern PRBool ssl3_IsSupportedSignatureAlgorithm(
|
|
+ const SSLSignatureAndHashAlg *alg);
|
|
extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency(
|
|
- const SSL3SignatureAndHashAlgorithm *sigAndHash,
|
|
- CERTCertificate* cert);
|
|
-extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss,
|
|
- SSL3Opaque **b, PRUint32 *length,
|
|
- SSL3SignatureAndHashAlgorithm *out);
|
|
+ sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash,
|
|
+ CERTCertificate* cert);
|
|
+extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(
|
|
+ sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
|
|
+ SSLSignatureAndHashAlg *out);
|
|
extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key,
|
|
SECItem *buf, PRBool isTLS);
|
|
extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash,
|
|
@@ -1890,7 +1923,7 @@
|
|
|
|
/* Tell clients to consider tickets valid for this long. */
|
|
#define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */
|
|
-#define TLS_EX_SESS_TICKET_VERSION (0x0100)
|
|
+#define TLS_EX_SESS_TICKET_VERSION (0x0101)
|
|
|
|
extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
|
|
unsigned int length);
|
|
@@ -2024,6 +2057,8 @@
|
|
const char *label, unsigned int labelLen,
|
|
const unsigned char *val, unsigned int valLen,
|
|
unsigned char *out, unsigned int outLen);
|
|
+extern SECOidTag
|
|
+ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc);
|
|
|
|
#ifdef TRACE
|
|
#define SSL_TRACE(msg) ssl_Trace msg
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslinfo.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslinfo.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslinfo.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslinfo.c 2016-01-13 14:18:55.628954908 +0100
|
|
@@ -67,6 +67,8 @@
|
|
inf.creationTime = sid->creationTime;
|
|
inf.lastAccessTime = sid->lastAccessTime;
|
|
inf.expirationTime = sid->expirationTime;
|
|
+ inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecretUsed;
|
|
+
|
|
if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
|
|
inf.sessionIDLength = SSL2_SESSIONID_BYTES;
|
|
memcpy(inf.sessionID, sid->u.ssl2.sessionID,
|
|
@@ -85,6 +87,42 @@
|
|
return SECSuccess;
|
|
}
|
|
|
|
+SECStatus
|
|
+SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
|
|
+ SSLPreliminaryChannelInfo *info,
|
|
+ PRUintn len)
|
|
+{
|
|
+ sslSocket *ss;
|
|
+ SSLPreliminaryChannelInfo inf;
|
|
+
|
|
+ if (!info || len < sizeof inf.length) {
|
|
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ ss = ssl_FindSocket(fd);
|
|
+ if (!ss) {
|
|
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo",
|
|
+ SSL_GETPID(), fd));
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ if (ss->version < SSL_LIBRARY_VERSION_3_0) {
|
|
+ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ memset(&inf, 0, sizeof(inf));
|
|
+ inf.length = PR_MIN(sizeof(inf), len);
|
|
+
|
|
+ inf.valuesSet = ss->ssl3.hs.preliminaryInfo;
|
|
+ inf.protocolVersion = ss->version;
|
|
+ inf.cipherSuite = ss->ssl3.hs.cipher_suite;
|
|
+
|
|
+ memcpy(info, &inf, inf.length);
|
|
+ return SECSuccess;
|
|
+}
|
|
+
|
|
|
|
#define CS(x) x, #x
|
|
#define CK(x) x | 0xff00, #x
|
|
@@ -136,6 +174,7 @@
|
|
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
|
|
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
|
{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
|
+{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
|
|
{0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
|
|
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, },
|
|
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
|
|
@@ -146,7 +185,9 @@
|
|
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
|
{0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
|
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
|
+{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
|
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
|
+{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
|
{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
|
|
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
|
|
{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
|
@@ -247,12 +288,10 @@
|
|
{
|
|
const SSLCipherSuiteInfo * pInfo = suiteInfo;
|
|
unsigned int i;
|
|
- SECStatus rv;
|
|
|
|
for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
|
|
if (pInfo->isExportable) {
|
|
- rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE);
|
|
- PORT_Assert(rv == SECSuccess);
|
|
+ PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE));
|
|
}
|
|
}
|
|
return SECSuccess;
|
|
@@ -268,12 +307,10 @@
|
|
{
|
|
const SSLCipherSuiteInfo * pInfo = suiteInfo;
|
|
unsigned int i;
|
|
- SECStatus rv;
|
|
|
|
for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
|
|
if (pInfo->isExportable) {
|
|
- rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE);
|
|
- PORT_Assert(rv == SECSuccess);
|
|
+ PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE));
|
|
}
|
|
}
|
|
return SECSuccess;
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.c 2016-01-13 14:18:55.628954908 +0100
|
|
@@ -504,7 +504,7 @@
|
|
return SECSuccess;
|
|
}
|
|
|
|
-#elif defined(XP_UNIX)
|
|
+#elif defined(XP_UNIX) && !defined(DARWIN)
|
|
|
|
#include <errno.h>
|
|
#include "unix_err.h"
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.h
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.h 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.h 2016-01-13 14:18:55.628954908 +0100
|
|
@@ -67,7 +67,8 @@
|
|
} sslMutex;
|
|
typedef pid_t sslPID;
|
|
|
|
-#elif defined(XP_UNIX) /* other types of Unix */
|
|
+/* other types of unix, except OS X */
|
|
+#elif defined(XP_UNIX) && !defined(DARWIN)
|
|
|
|
#include <sys/types.h> /* for pid_t */
|
|
#include <semaphore.h> /* for sem_t, and sem_* functions */
|
|
@@ -83,7 +84,7 @@
|
|
|
|
typedef pid_t sslPID;
|
|
|
|
-#else
|
|
+#else /* no support for cross-process locking */
|
|
|
|
/* what platform is this ?? */
|
|
|
|
@@ -95,7 +96,11 @@
|
|
} u;
|
|
} sslMutex;
|
|
|
|
+#ifdef DARWIN
|
|
+typedef pid_t sslPID;
|
|
+#else
|
|
typedef int sslPID;
|
|
+#endif
|
|
|
|
#endif
|
|
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslproto.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslproto.h
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslproto.h 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslproto.h 2016-01-13 14:18:55.629954914 +0100
|
|
@@ -177,6 +177,7 @@
|
|
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
|
|
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
|
|
|
|
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040
|
|
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
|
|
#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
|
|
#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
|
|
@@ -191,6 +192,7 @@
|
|
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
|
|
#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
|
|
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
|
|
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A
|
|
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
|
|
|
|
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsecur.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsecur.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsecur.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsecur.c 2016-01-13 14:18:55.629954914 +0100
|
|
@@ -138,6 +138,9 @@
|
|
ss->gs.readOffset = 0;
|
|
|
|
if (ss->handshakeCallback) {
|
|
+ PORT_Assert(ss->version < SSL_LIBRARY_VERSION_3_0 ||
|
|
+ (ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
|
|
+ ssl_preinfo_all);
|
|
(ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
|
|
}
|
|
}
|
|
@@ -654,6 +657,16 @@
|
|
SSL_GETPID(), ss->fd, available));
|
|
}
|
|
|
|
+ if (IS_DTLS(ss) && (len < available)) {
|
|
+ /* DTLS does not allow you to do partial reads */
|
|
+ SSL_TRC(30, ("%d: SSL[%d]: DTLS short read. len=%d available=%d",
|
|
+ SSL_GETPID(), ss->fd, len, available));
|
|
+ ss->gs.readOffset += available;
|
|
+ PORT_SetError(SSL_ERROR_RX_SHORT_DTLS_READ);
|
|
+ rv = SECFailure;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
/* Dole out clear data to reader */
|
|
amount = PR_MIN(len, available);
|
|
PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount);
|
|
@@ -693,6 +706,7 @@
|
|
case SEC_OID_PKCS1_RSA_ENCRYPTION:
|
|
keaType = kt_rsa;
|
|
break;
|
|
+ case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */
|
|
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
|
|
keaType = kt_dh;
|
|
break;
|
|
@@ -789,6 +803,11 @@
|
|
goto loser;
|
|
}
|
|
}
|
|
+ if (kea == ssl_kea_dh || kea == ssl_kea_rsa) {
|
|
+ if (ssl3_SelectDHParams(ss) != SECSuccess) {
|
|
+ goto loser;
|
|
+ }
|
|
+ }
|
|
return SECSuccess;
|
|
|
|
loser:
|
|
@@ -1177,11 +1196,8 @@
|
|
int
|
|
ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
|
|
{
|
|
- sslSecurityInfo *sec;
|
|
int rv = 0;
|
|
|
|
- sec = &ss->sec;
|
|
-
|
|
if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {
|
|
PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
|
|
return PR_FAILURE;
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsnce.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsnce.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsnce.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsnce.c 2016-01-13 14:18:55.631954926 +0100
|
|
@@ -120,14 +120,14 @@
|
|
/* 2 */ ssl3CipherSuite cipherSuite;
|
|
/* 2 */ PRUint16 compression; /* SSLCompressionMethod */
|
|
|
|
-/* 52 */ ssl3SidKeys keys; /* keys, wrapped as needed. */
|
|
+/* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */
|
|
|
|
/* 4 */ PRUint32 masterWrapMech;
|
|
/* 4 */ SSL3KEAType exchKeyType;
|
|
/* 4 */ PRInt32 certIndex;
|
|
/* 4 */ PRInt32 srvNameIndex;
|
|
/* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */
|
|
-/*104 */} ssl3;
|
|
+/*108 */} ssl3;
|
|
/* force sizeof(sidCacheEntry) to be a multiple of cache line size */
|
|
struct {
|
|
/*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */
|
|
@@ -507,7 +507,6 @@
|
|
to->sessionIDLength = from->u.ssl3.sessionIDLength;
|
|
to->u.ssl3.certIndex = -1;
|
|
to->u.ssl3.srvNameIndex = -1;
|
|
-
|
|
PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID,
|
|
to->sessionIDLength);
|
|
|
|
@@ -637,7 +636,7 @@
|
|
to->authKeyBits = from->authKeyBits;
|
|
to->keaType = from->keaType;
|
|
to->keaKeyBits = from->keaKeyBits;
|
|
-
|
|
+
|
|
return to;
|
|
|
|
loser:
|
|
@@ -1228,20 +1227,32 @@
|
|
/* Fix pointers in our private copy of cache descriptor to point to
|
|
** spaces in shared memory
|
|
*/
|
|
- ptr = (ptrdiff_t)cache->cacheMem;
|
|
- *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr;
|
|
- *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->certCacheLock) += ptr;
|
|
- *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr;
|
|
- *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->sidCacheData ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->certCacheData) += ptr;
|
|
- *(ptrdiff_t *)(&cache->keyCacheData ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr;
|
|
- *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr;
|
|
- *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr;
|
|
+ cache->sidCacheLocks = (sidCacheLock *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks);
|
|
+ cache->keyCacheLock = (sidCacheLock *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->keyCacheLock);
|
|
+ cache->certCacheLock = (sidCacheLock *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->certCacheLock);
|
|
+ cache->srvNameCacheLock = (sidCacheLock *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock);
|
|
+ cache->sidCacheSets = (sidCacheSet *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->sidCacheSets);
|
|
+ cache->sidCacheData = (sidCacheEntry *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->sidCacheData);
|
|
+ cache->certCacheData = (certCacheEntry *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->certCacheData);
|
|
+ cache->keyCacheData = (SSLWrappedSymWrappingKey *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->keyCacheData);
|
|
+ cache->ticketKeyNameSuffix = (PRUint8 *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix);
|
|
+ cache->ticketEncKey = (encKeyCacheEntry *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->ticketEncKey);
|
|
+ cache->ticketMacKey = (encKeyCacheEntry *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->ticketMacKey);
|
|
+ cache->ticketKeysValid = (PRUint32 *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid);
|
|
+ cache->srvNameCacheData = (srvNameCacheEntry *)
|
|
+ (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData);
|
|
|
|
/* initialize the locks */
|
|
init_time = ssl_Time();
|
|
@@ -1484,7 +1495,6 @@
|
|
char * fmString = NULL;
|
|
char * myEnvString = NULL;
|
|
unsigned int decoLen;
|
|
- ptrdiff_t ptr;
|
|
inheritance inherit;
|
|
cacheDesc my;
|
|
#ifdef WINNT
|
|
@@ -1580,20 +1590,32 @@
|
|
/* Fix pointers in our private copy of cache descriptor to point to
|
|
** spaces in shared memory, whose address is now in "my".
|
|
*/
|
|
- ptr = (ptrdiff_t)my.cacheMem;
|
|
- *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr;
|
|
- *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->certCacheLock) += ptr;
|
|
- *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr;
|
|
- *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->sidCacheData ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->certCacheData) += ptr;
|
|
- *(ptrdiff_t *)(&cache->keyCacheData ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr;
|
|
- *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr;
|
|
- *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr;
|
|
- *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr;
|
|
+ cache->sidCacheLocks = (sidCacheLock *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->sidCacheLocks);
|
|
+ cache->keyCacheLock = (sidCacheLock *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->keyCacheLock);
|
|
+ cache->certCacheLock = (sidCacheLock *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->certCacheLock);
|
|
+ cache->srvNameCacheLock = (sidCacheLock *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock);
|
|
+ cache->sidCacheSets = (sidCacheSet *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->sidCacheSets);
|
|
+ cache->sidCacheData = (sidCacheEntry *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->sidCacheData);
|
|
+ cache->certCacheData = (certCacheEntry *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->certCacheData);
|
|
+ cache->keyCacheData = (SSLWrappedSymWrappingKey *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->keyCacheData);
|
|
+ cache->ticketKeyNameSuffix = (PRUint8 *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix);
|
|
+ cache->ticketEncKey = (encKeyCacheEntry *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->ticketEncKey);
|
|
+ cache->ticketMacKey = (encKeyCacheEntry *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->ticketMacKey);
|
|
+ cache->ticketKeysValid = (PRUint32 *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->ticketKeysValid);
|
|
+ cache->srvNameCacheData = (srvNameCacheEntry *)
|
|
+ (my.cacheMem + (ptrdiff_t)cache->srvNameCacheData);
|
|
|
|
cache->cacheMemMap = my.cacheMemMap;
|
|
cache->cacheMem = my.cacheMem;
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsock.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsock.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsock.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsock.c 2016-01-13 14:18:55.632954931 +0100
|
|
@@ -19,6 +19,7 @@
|
|
#endif
|
|
#include "pk11pub.h"
|
|
#include "nss.h"
|
|
+#include "pk11pqg.h"
|
|
|
|
/* This is a bodge to allow this code to be compiled against older NSS headers
|
|
* that don't contain the TLS 1.2 changes. */
|
|
@@ -90,6 +91,8 @@
|
|
PR_FALSE, /* enableALPN */
|
|
PR_TRUE, /* reuseServerECDHEKey */
|
|
PR_FALSE, /* enableFallbackSCSV */
|
|
+ PR_TRUE, /* enableServerDhe */
|
|
+ PR_FALSE, /* enableExtendedMS */
|
|
PR_FALSE, /* enableSignedCertTimestamps */
|
|
};
|
|
|
|
@@ -232,6 +235,24 @@
|
|
PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
|
|
sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
|
|
ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
|
|
+ PORT_Memcpy(ss->ssl3.signatureAlgorithms, os->ssl3.signatureAlgorithms,
|
|
+ sizeof(ss->ssl3.signatureAlgorithms[0]) *
|
|
+ os->ssl3.signatureAlgorithmCount);
|
|
+ ss->ssl3.signatureAlgorithmCount = os->ssl3.signatureAlgorithmCount;
|
|
+
|
|
+ ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled;
|
|
+ ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups;
|
|
+ if (os->ssl3.dheGroups) {
|
|
+ ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType,
|
|
+ os->ssl3.numDHEGroups);
|
|
+ if (!ss->ssl3.dheGroups) {
|
|
+ goto loser;
|
|
+ }
|
|
+ PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups,
|
|
+ sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups);
|
|
+ } else {
|
|
+ ss->ssl3.dheGroups = NULL;
|
|
+ }
|
|
|
|
if (os->cipherSpecs) {
|
|
ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
|
|
@@ -275,6 +296,10 @@
|
|
ssl3_GetKeyPairRef(os->stepDownKeyPair);
|
|
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
|
|
ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
|
|
+ ss->dheKeyPair = !os->dheKeyPair ? NULL :
|
|
+ ssl3_GetKeyPairRef(os->dheKeyPair);
|
|
+ ss->dheParams = os->dheParams;
|
|
+
|
|
/*
|
|
* XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
|
|
* XXX We should detect this, and not just march on with NULL pointers.
|
|
@@ -398,8 +423,11 @@
|
|
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
|
|
ss->ephemeralECDHKeyPair = NULL;
|
|
}
|
|
+ if (ss->dheKeyPair) {
|
|
+ ssl3_FreeKeyPair(ss->dheKeyPair);
|
|
+ ss->dheKeyPair = NULL;
|
|
+ }
|
|
SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
|
|
- PORT_Assert(!ss->xtnData.sniNameArr);
|
|
if (ss->xtnData.sniNameArr) {
|
|
PORT_Free(ss->xtnData.sniNameArr);
|
|
ss->xtnData.sniNameArr = NULL;
|
|
@@ -808,6 +836,14 @@
|
|
ss->opt.enableFallbackSCSV = on;
|
|
break;
|
|
|
|
+ case SSL_ENABLE_SERVER_DHE:
|
|
+ ss->opt.enableServerDhe = on;
|
|
+ break;
|
|
+
|
|
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
|
|
+ ss->opt.enableExtendedMS = on;
|
|
+ break;
|
|
+
|
|
case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
|
ss->opt.enableSignedCertTimestamps = on;
|
|
break;
|
|
@@ -887,6 +923,9 @@
|
|
case SSL_REUSE_SERVER_ECDHE_KEY:
|
|
on = ss->opt.reuseServerECDHEKey; break;
|
|
case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
|
|
+ case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break;
|
|
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
|
|
+ on = ss->opt.enableExtendedMS; break;
|
|
case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
|
on = ss->opt.enableSignedCertTimestamps;
|
|
break;
|
|
@@ -959,6 +998,12 @@
|
|
case SSL_ENABLE_FALLBACK_SCSV:
|
|
on = ssl_defaults.enableFallbackSCSV;
|
|
break;
|
|
+ case SSL_ENABLE_SERVER_DHE:
|
|
+ on = ssl_defaults.enableServerDhe;
|
|
+ break;
|
|
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
|
|
+ on = ssl_defaults.enableExtendedMS;
|
|
+ break;
|
|
case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
|
on = ssl_defaults.enableSignedCertTimestamps;
|
|
break;
|
|
@@ -1145,6 +1190,14 @@
|
|
ssl_defaults.enableFallbackSCSV = on;
|
|
break;
|
|
|
|
+ case SSL_ENABLE_SERVER_DHE:
|
|
+ ssl_defaults.enableServerDhe = on;
|
|
+ break;
|
|
+
|
|
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
|
|
+ ssl_defaults.enableExtendedMS = on;
|
|
+ break;
|
|
+
|
|
case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
|
ssl_defaults.enableSignedCertTimestamps = on;
|
|
break;
|
|
@@ -1381,6 +1434,148 @@
|
|
}
|
|
|
|
SECStatus
|
|
+SSL_DHEGroupPrefSet(PRFileDesc *fd,
|
|
+ SSLDHEGroupType *groups,
|
|
+ PRUint16 num_groups)
|
|
+{
|
|
+ sslSocket *ss;
|
|
+
|
|
+ if ((num_groups && !groups) || (!num_groups && groups)) {
|
|
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ ss = ssl_FindSocket(fd);
|
|
+ if (!ss) {
|
|
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ if (ss->ssl3.dheGroups) {
|
|
+ PORT_Free(ss->ssl3.dheGroups);
|
|
+ ss->ssl3.dheGroups = NULL;
|
|
+ ss->ssl3.numDHEGroups = 0;
|
|
+ }
|
|
+
|
|
+ if (groups) {
|
|
+ ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, num_groups);
|
|
+ if (!ss->ssl3.dheGroups) {
|
|
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
|
|
+ return SECFailure;
|
|
+ }
|
|
+ PORT_Memcpy(ss->ssl3.dheGroups, groups,
|
|
+ sizeof(SSLDHEGroupType) * num_groups);
|
|
+ }
|
|
+ return SECSuccess;
|
|
+}
|
|
+
|
|
+
|
|
+PRCallOnceType gWeakDHParamsRegisterOnce;
|
|
+int gWeakDHParamsRegisterError;
|
|
+
|
|
+PRCallOnceType gWeakDHParamsOnce;
|
|
+int gWeakDHParamsError;
|
|
+/* As our code allocates type PQGParams, we'll keep it around,
|
|
+ * even though we only make use of it's parameters through gWeakDHParam. */
|
|
+static PQGParams *gWeakParamsPQG;
|
|
+static ssl3DHParams *gWeakDHParams;
|
|
+
|
|
+static PRStatus
|
|
+ssl3_CreateWeakDHParams(void)
|
|
+{
|
|
+ PQGVerify *vfy;
|
|
+ SECStatus rv, passed;
|
|
+
|
|
+ PORT_Assert(!gWeakDHParams && !gWeakParamsPQG);
|
|
+
|
|
+ rv = PK11_PQG_ParamGenV2(1024, 160, 64 /*maximum seed that will work*/,
|
|
+ &gWeakParamsPQG, &vfy);
|
|
+ if (rv != SECSuccess) {
|
|
+ gWeakDHParamsError = PORT_GetError();
|
|
+ return PR_FAILURE;
|
|
+ }
|
|
+
|
|
+ rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed);
|
|
+ if (rv != SECSuccess || passed != SECSuccess) {
|
|
+ SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams",
|
|
+ SSL_GETPID()));
|
|
+ gWeakDHParamsError = PORT_GetError();
|
|
+ return PR_FAILURE;
|
|
+ }
|
|
+
|
|
+ gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams);
|
|
+ if (!gWeakDHParams) {
|
|
+ gWeakDHParamsError = PORT_GetError();
|
|
+ return PR_FAILURE;
|
|
+ }
|
|
+
|
|
+ gWeakDHParams->prime.data = gWeakParamsPQG->prime.data;
|
|
+ gWeakDHParams->prime.len = gWeakParamsPQG->prime.len;
|
|
+ gWeakDHParams->base.data = gWeakParamsPQG->base.data;
|
|
+ gWeakDHParams->base.len = gWeakParamsPQG->base.len;
|
|
+
|
|
+ PK11_PQG_DestroyVerify(vfy);
|
|
+ return PR_SUCCESS;
|
|
+}
|
|
+
|
|
+static SECStatus
|
|
+ssl3_WeakDHParamsShutdown(void *appData, void *nssData)
|
|
+{
|
|
+ if (gWeakParamsPQG) {
|
|
+ PK11_PQG_DestroyParams(gWeakParamsPQG);
|
|
+ gWeakParamsPQG = NULL;
|
|
+ gWeakDHParams = NULL;
|
|
+ }
|
|
+ return SECSuccess;
|
|
+}
|
|
+
|
|
+static PRStatus
|
|
+ssl3_WeakDHParamsRegisterShutdown(void)
|
|
+{
|
|
+ SECStatus rv;
|
|
+ rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL);
|
|
+ if (rv != SECSuccess) {
|
|
+ gWeakDHParamsRegisterError = PORT_GetError();
|
|
+ }
|
|
+ return (PRStatus)rv;
|
|
+}
|
|
+
|
|
+/* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */
|
|
+SECStatus
|
|
+SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
|
|
+{
|
|
+ sslSocket *ss;
|
|
+ PRStatus status;
|
|
+
|
|
+ if (enabled) {
|
|
+ status = PR_CallOnce(&gWeakDHParamsRegisterOnce,
|
|
+ ssl3_WeakDHParamsRegisterShutdown);
|
|
+ if (status != PR_SUCCESS) {
|
|
+ PORT_SetError(gWeakDHParamsRegisterError);
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams);
|
|
+ if (status != PR_SUCCESS) {
|
|
+ PORT_SetError(gWeakDHParamsError);
|
|
+ return SECFailure;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (!fd)
|
|
+ return SECSuccess;
|
|
+
|
|
+ ss = ssl_FindSocket(fd);
|
|
+ if (!ss) {
|
|
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ ss->ssl3.dheWeakGroupEnabled = enabled;
|
|
+ return SECSuccess;
|
|
+}
|
|
+
|
|
+SECStatus
|
|
SSL_GetChannelBinding(PRFileDesc *fd,
|
|
SSLChannelBindingType binding_type,
|
|
unsigned char *out,
|
|
@@ -1402,6 +1597,62 @@
|
|
return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
|
|
}
|
|
|
|
+#include "dhe-param.c"
|
|
+
|
|
+static const SSLDHEGroupType ssl_default_dhe_groups[] = {
|
|
+ ssl_ff_dhe_2048_group
|
|
+};
|
|
+
|
|
+/* Keep this array synchronized with the index definitions in SSLDHEGroupType */
|
|
+static const ssl3DHParams *all_ssl3DHParams[] = {
|
|
+ NULL, /* ssl_dhe_group_none */
|
|
+ &ff_dhe_2048,
|
|
+ &ff_dhe_3072,
|
|
+ &ff_dhe_4096,
|
|
+ &ff_dhe_6144,
|
|
+ &ff_dhe_8192,
|
|
+};
|
|
+
|
|
+static SSLDHEGroupType
|
|
+selectDHEGroup(sslSocket *ss, const SSLDHEGroupType *groups, PRUint16 num_groups)
|
|
+{
|
|
+ if (!groups || !num_groups)
|
|
+ return ssl_dhe_group_none;
|
|
+
|
|
+ /* We don't have automatic group parameter selection yet
|
|
+ * (potentially) based on socket parameters, e.g. key sizes.
|
|
+ * For now, we return the first available group from the allowed list. */
|
|
+ return groups[0];
|
|
+}
|
|
+
|
|
+/* Ensure DH parameters have been selected */
|
|
+SECStatus
|
|
+ssl3_SelectDHParams(sslSocket *ss)
|
|
+{
|
|
+ SSLDHEGroupType selectedGroup = ssl_dhe_group_none;
|
|
+
|
|
+ if (ss->ssl3.dheWeakGroupEnabled) {
|
|
+ ss->dheParams = gWeakDHParams;
|
|
+ } else {
|
|
+ if (ss->ssl3.dheGroups) {
|
|
+ selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups,
|
|
+ ss->ssl3.numDHEGroups);
|
|
+ } else {
|
|
+ size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups);
|
|
+ selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups,
|
|
+ number_of_default_groups);
|
|
+ }
|
|
+
|
|
+ if (selectedGroup == ssl_dhe_group_none ||
|
|
+ selectedGroup >= ssl_dhe_group_max) {
|
|
+ return SECFailure;
|
|
+ }
|
|
+
|
|
+ ss->dheParams = all_ssl3DHParams[selectedGroup];
|
|
+ }
|
|
+
|
|
+ return SECSuccess;
|
|
+}
|
|
|
|
/* LOCKS ??? XXX */
|
|
static PRFileDesc *
|
|
@@ -1699,6 +1950,10 @@
|
|
PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers,
|
|
sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount);
|
|
ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount;
|
|
+ PORT_Memcpy(ss->ssl3.signatureAlgorithms, sm->ssl3.signatureAlgorithms,
|
|
+ sizeof(ss->ssl3.signatureAlgorithms[0]) *
|
|
+ sm->ssl3.signatureAlgorithmCount);
|
|
+ ss->ssl3.signatureAlgorithmCount = sm->ssl3.signatureAlgorithmCount;
|
|
|
|
if (!ss->opt.useSecurity) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
@@ -3122,6 +3377,10 @@
|
|
}
|
|
ss->requestedCertTypes = NULL;
|
|
ss->stepDownKeyPair = NULL;
|
|
+
|
|
+ ss->dheParams = NULL;
|
|
+ ss->dheKeyPair = NULL;
|
|
+
|
|
ss->dbHandle = CERT_GetDefaultCertDB();
|
|
|
|
/* Provide default implementation of hooks */
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslt.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslt.h
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslt.h 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslt.h 2016-01-13 14:18:55.633954937 +0100
|
|
@@ -1,3 +1,4 @@
|
|
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/*
|
|
* This file contains prototypes for the public SSL functions.
|
|
*
|
|
@@ -68,13 +69,35 @@
|
|
#define kt_ecdh ssl_kea_ecdh
|
|
#define kt_kea_size ssl_kea_size
|
|
|
|
+
|
|
+/* Values of this enum match the SignatureAlgorithm enum from
|
|
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
typedef enum {
|
|
- ssl_sign_null = 0,
|
|
+ ssl_sign_null = 0, /* "anonymous" in TLS */
|
|
ssl_sign_rsa = 1,
|
|
ssl_sign_dsa = 2,
|
|
ssl_sign_ecdsa = 3
|
|
} SSLSignType;
|
|
|
|
+/* Values of this enum match the HashAlgorithm enum from
|
|
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
+typedef enum {
|
|
+ /* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5
|
|
+ * and SHA1. The other values are only used in TLS 1.2. */
|
|
+ ssl_hash_none = 0,
|
|
+ ssl_hash_md5 = 1,
|
|
+ ssl_hash_sha1 = 2,
|
|
+ ssl_hash_sha224 = 3,
|
|
+ ssl_hash_sha256 = 4,
|
|
+ ssl_hash_sha384 = 5,
|
|
+ ssl_hash_sha512 = 6
|
|
+} SSLHashType;
|
|
+
|
|
+typedef struct SSLSignatureAndHashAlgStr {
|
|
+ SSLHashType hashAlg;
|
|
+ SSLSignType sigAlg;
|
|
+} SSLSignatureAndHashAlg;
|
|
+
|
|
typedef enum {
|
|
ssl_auth_null = 0,
|
|
ssl_auth_rsa = 1,
|
|
@@ -136,8 +159,31 @@
|
|
/* compression method info */
|
|
const char * compressionMethodName;
|
|
SSLCompressionMethod compressionMethod;
|
|
+
|
|
+ /* The following fields are added in NSS 3.21.
|
|
+ * This field only has meaning in TLS < 1.3 and will be set to
|
|
+ * PR_FALSE in TLS 1.3.
|
|
+ */
|
|
+ PRBool extendedMasterSecretUsed;
|
|
} SSLChannelInfo;
|
|
|
|
+/* Preliminary channel info */
|
|
+#define ssl_preinfo_version (1U << 0)
|
|
+#define ssl_preinfo_cipher_suite (1U << 1)
|
|
+#define ssl_preinfo_all (ssl_preinfo_version|ssl_preinfo_cipher_suite)
|
|
+
|
|
+typedef struct SSLPreliminaryChannelInfoStr {
|
|
+ /* This is set to the length of the struct. */
|
|
+ PRUint32 length;
|
|
+ /* A bitfield over SSLPreliminaryValueSet that describes which
|
|
+ * preliminary values are set (see ssl_preinfo_*). */
|
|
+ PRUint32 valuesSet;
|
|
+ /* Protocol version: test (valuesSet & ssl_preinfo_version) */
|
|
+ PRUint16 protocolVersion;
|
|
+ /* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */
|
|
+ PRUint16 cipherSuite;
|
|
+} SSLPreliminaryChannelInfo;
|
|
+
|
|
typedef struct SSLCipherSuiteInfoStr {
|
|
PRUint16 length;
|
|
PRUint16 cipherSuite;
|
|
@@ -204,6 +250,7 @@
|
|
ssl_app_layer_protocol_xtn = 16,
|
|
ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */
|
|
ssl_padding_xtn = 21,
|
|
+ ssl_extended_master_secret_xtn = 23,
|
|
ssl_session_ticket_xtn = 35,
|
|
ssl_next_proto_nego_xtn = 13172,
|
|
ssl_channel_id_xtn = 30032,
|
|
@@ -211,6 +258,16 @@
|
|
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
|
|
} SSLExtensionType;
|
|
|
|
-#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
|
|
+#define SSL_MAX_EXTENSIONS 14 /* doesn't include ssl_padding_xtn. */
|
|
+
|
|
+typedef enum {
|
|
+ ssl_dhe_group_none = 0,
|
|
+ ssl_ff_dhe_2048_group = 1,
|
|
+ ssl_ff_dhe_3072_group = 2,
|
|
+ ssl_ff_dhe_4096_group = 3,
|
|
+ ssl_ff_dhe_6144_group = 4,
|
|
+ ssl_ff_dhe_8192_group = 5,
|
|
+ ssl_dhe_group_max
|
|
+} SSLDHEGroupType;
|
|
|
|
#endif /* __sslt_h_ */
|
|
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslver.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslver.c
|
|
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslver.c 2015-12-10 18:17:21.000000000 +0100
|
|
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslver.c 2016-01-13 14:18:55.633954937 +0100
|
|
@@ -12,20 +12,7 @@
|
|
#define _DEBUG_STRING ""
|
|
#endif
|
|
|
|
-#if defined(DONT_EMBED_BUILD_METADATA) && !defined(OFFICIAL_BUILD)
|
|
-#define _DATE_AND_TIME "Sep 02 2008 08:00:00"
|
|
-#else
|
|
-#define _DATE_AND_TIME __DATE__ " " __TIME__
|
|
-#endif
|
|
-
|
|
-
|
|
/*
|
|
- * Version information for the 'ident' and 'what commands
|
|
- *
|
|
- * NOTE: the first component of the concatenated rcsid string
|
|
- * must not end in a '$' to prevent rcs keyword substitution.
|
|
+ * Version information
|
|
*/
|
|
-const char __nss_ssl_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING
|
|
- " " _DATE_AND_TIME " $";
|
|
-const char __nss_ssl_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING
|
|
- " " _DATE_AND_TIME;
|
|
+const char __nss_ssl_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING;
|