Update the bundled libssl to NSS 3.18 RTM
BUG=469516
Review URL: https://codereview.chromium.org/1053903002
Cr-Commit-Position: refs/heads/master@{#323840}
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index f2ead3c..78d16ff 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -1,6 +1,6 @@
Name: Network Security Services (NSS)
URL: http://www.mozilla.org/projects/security/pki/nss/
-Version: 3.15.5 Beta 2
+Version: 3.18 RTM
Security Critical: Yes
License: MPL 2
License File: NOT_SHIPPED
@@ -11,7 +11,7 @@
The same module appears in crypto/third_party/nss (and third_party/nss on some
platforms), so we don't repeat the license file here.
-The snapshot was updated to the hg tag: NSS_3_15_5_BETA2
+The snapshot was updated to the hg tag: NSS_3_18_RTM
Patches:
@@ -83,9 +83,6 @@
* Add a function to allow the cipher suites preference order to be set.
patches/cipherorder.patch
- * Add TLS_FALLBACK_SCSV cipher suite to version fallback connections.
- patches/fallbackscsv.patch
-
* Add explicit functions for managing the SSL/TLS session cache.
This is a temporary workaround until Chromium migrates to NSS's
asynchronous certificate verification.
@@ -96,22 +93,15 @@
patches/nssrwlock.patch
https://bugzilla.mozilla.org/show_bug.cgi?id=957812
- * Use the IANA-assigned value for the TLS padding extension.
- patches/paddingextvalue.patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=994883
-
- * Move the signature_algorithms extension to the end of the extension list.
- This works around a bug in WebSphere Application Server 7.0 which is
- intolerant to the final extension having zero length.
+ * Add a comment explaining why signature_algorithms extension should be at
+ the end of the extension list. This works around a bug in WebSphere
+ Application Server 7.0, which is intolerant to the final extension having
+ zero length. This also ensures that the padding extension has non-zero
+ length.
patches/reorderextensions.patch
- * Ignore out-of-order DTLS ChangeCipherSpec.
- patches/ignorechangecipherspec.patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=1009227
-
- * Implement server-side components of ALPN (RFC 7301).
- patches/alpnserver.patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=996250
+ * Make the build metadata deterministic
+ patches/removebuildmetadata.patch
Apply the patches to NSS by running the patches/applypatches.sh script. Read
the comments at the top of patches/applypatches.sh for instructions.
diff --git a/net/third_party/nss/patches/aesgcmchromium.patch b/net/third_party/nss/patches/aesgcmchromium.patch
index 0cf49a1..e735837 100644
--- a/net/third_party/nss/patches/aesgcmchromium.patch
+++ b/net/third_party/nss/patches/aesgcmchromium.patch
@@ -1,6 +1,7 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:04:43.127747463 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:06:21.919386088 -0800
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index da0abfb..375ed6a 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
@@ -8,6 +8,7 @@
/* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
@@ -19,7 +20,7 @@
#ifndef PK11_SETATTRS
#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
-@@ -1842,6 +1846,63 @@ ssl3_BuildRecordPseudoHeader(unsigned ch
+@@ -1874,6 +1878,63 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out,
return 13;
}
@@ -83,7 +84,7 @@
static SECStatus
ssl3_AESGCM(ssl3KeyMaterial *keys,
PRBool doDecrypt,
-@@ -1893,10 +1960,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
+@@ -1925,10 +1986,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
gcmParams.ulTagBits = tagSize * 8;
if (doDecrypt) {
@@ -96,7 +97,7 @@
maxout, in, inlen);
}
*outlen += (int) uOutLen;
-@@ -5103,6 +5170,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5147,6 +5208,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
ssl3_DisableNonDTLSSuites(ss);
}
@@ -107,7 +108,7 @@
/* how many suites are permitted by policy and user preference? */
num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
if (!num_suites) {
-@@ -8080,6 +8151,10 @@ ssl3_HandleClientHello(sslSocket *ss, SS
+@@ -8159,6 +8224,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
ssl3_DisableNonDTLSSuites(ss);
}
diff --git a/net/third_party/nss/patches/alpnserver.patch b/net/third_party/nss/patches/alpnserver.patch
deleted file mode 100644
index b4226b7..0000000
--- a/net/third_party/nss/patches/alpnserver.patch
+++ /dev/null
@@ -1,349 +0,0 @@
-diff --git a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs.h
-index 4ff0b7d..3f0078c 100644
---- a/net/third_party/nss/ssl/SSLerrs.h
-+++ b/net/third_party/nss/ssl/SSLerrs.h
-@@ -413,16 +413,22 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127),
- ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
- "Incorrect signature algorithm specified in a digitally-signed element.")
-
--ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 129),
--"SSL received a malformed TLS Channel ID extension.")
-+ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129),
-+"The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.")
-
--ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 130),
--"The application provided an invalid TLS Channel ID key.")
-+ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
-+"The server supports no protocols that the client advertises in the ALPN extension.")
-
--ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
--"The application could not get a TLS Channel ID.")
--
--ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 132),
-+ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
- "The connection was using a lesser TLS version as a result of a previous"
- " handshake failure, but the server indicated that it should not have been"
- " needed.")
-+
-+ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
-+"SSL received a malformed TLS Channel ID extension.")
-+
-+ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 133),
-+"The application provided an invalid TLS Channel ID key.")
-+
-+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 134),
-+"The application could not get a TLS Channel ID.")
-diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
-index 523e49a..f6530fe 100644
---- a/net/third_party/nss/ssl/ssl3ext.c
-+++ b/net/third_party/nss/ssl/ssl3ext.c
-@@ -56,10 +56,14 @@ static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
- static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
-+static SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type,
-+ SECItem *data);
-+static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
-+ PRUint32 maxBytes);
- static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append,
- PRUint32 maxBytes);
--static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
-- PRUint32 maxBytes);
-+static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append,
-+ PRUint32 maxBytes);
- static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append,
- PRUint32 maxBytes);
- static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
-@@ -247,6 +251,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
- { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
- { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
- { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
-+ { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn },
- { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
- { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
- { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
-@@ -578,7 +583,8 @@ ssl3_SendSessionTicketXtn(
-
- /* handle an incoming Next Protocol Negotiation extension. */
- static SECStatus
--ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
-+ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type,
-+ SECItem *data)
- {
- if (ss->firstHsDone || data->len != 0) {
- /* Clients MUST send an empty NPN extension, if any. */
-@@ -623,14 +629,93 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length)
- return SECSuccess;
- }
-
-+/* protocol selection handler for ALPN (server side) and NPN (client side) */
- static SECStatus
--ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
-- SECItem *data)
-+ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data)
- {
- SECStatus rv;
- unsigned char resultBuffer[255];
- SECItem result = { siBuffer, resultBuffer, 0 };
-
-+ rv = ssl3_ValidateNextProtoNego(data->data, data->len);
-+ if (rv != SECSuccess)
-+ return rv;
-+
-+ PORT_Assert(ss->nextProtoCallback);
-+ rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len,
-+ result.data, &result.len, sizeof resultBuffer);
-+ if (rv != SECSuccess)
-+ return rv;
-+ /* If the callback wrote more than allowed to |result| it has corrupted our
-+ * stack. */
-+ if (result.len > sizeof resultBuffer) {
-+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-+ return SECFailure;
-+ }
-+
-+ if (ex_type == ssl_app_layer_protocol_xtn &&
-+ ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) {
-+ /* The callback might say OK, but then it's picked a default.
-+ * That's OK for NPN, but not ALPN. */
-+ SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
-+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
-+ (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol);
-+ return SECFailure;
-+ }
-+
-+ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-+
-+ SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
-+ return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result);
-+}
-+
-+/* handle an incoming ALPN extension at the server */
-+static SECStatus
-+ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
-+{
-+ int count;
-+ SECStatus rv;
-+
-+ /* We expressly don't want to allow ALPN on renegotiation,
-+ * despite it being permitted by the spec. */
-+ if (ss->firstHsDone || data->len == 0) {
-+ /* Clients MUST send a non-empty ALPN extension. */
-+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-+ return SECFailure;
-+ }
-+
-+ /* unlike NPN, ALPN has extra redundant length information so that
-+ * the extension is the same in both ClientHello and ServerHello */
-+ count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
-+ if (count < 0) {
-+ return SECFailure; /* fatal alert was sent */
-+ }
-+ if (count != data->len) {
-+ return ssl3_DecodeError(ss);
-+ }
-+
-+ if (!ss->nextProtoCallback) {
-+ /* we're not configured for it */
-+ return SECSuccess;
-+ }
-+
-+ rv = ssl3_SelectAppProtocol(ss, ex_type, data);
-+ if (rv != SECSuccess) {
-+ return rv;
-+ }
-+
-+ /* prepare to send back a response, if we negotiated */
-+ if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) {
-+ return ssl3_RegisterServerHelloExtensionSender(
-+ ss, ex_type, ssl3_ServerSendAppProtoXtn);
-+ }
-+ return SECSuccess;
-+}
-+
-+static SECStatus
-+ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
-+ SECItem *data)
-+{
- PORT_Assert(!ss->firstHsDone);
-
- if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {
-@@ -643,37 +728,16 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
- return SECFailure;
- }
-
-- rv = ssl3_ValidateNextProtoNego(data->data, data->len);
-- if (rv != SECSuccess)
-- return rv;
--
-- /* ss->nextProtoCallback cannot normally be NULL if we negotiated the
-- * extension. However, It is possible that an application erroneously
-- * cleared the callback between the time we sent the ClientHello and now.
-- */
-- PORT_Assert(ss->nextProtoCallback != NULL);
-+ /* We should only get this call if we sent the extension, so
-+ * ss->nextProtoCallback needs to be non-NULL. However, it is possible
-+ * that an application erroneously cleared the callback between the time
-+ * we sent the ClientHello and now. */
- if (!ss->nextProtoCallback) {
-- /* XXX Use a better error code. This is an application error, not an
-- * NSS bug. */
-- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
- return SECFailure;
- }
-
-- rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len,
-- result.data, &result.len, sizeof resultBuffer);
-- if (rv != SECSuccess)
-- return rv;
-- /* If the callback wrote more than allowed to |result| it has corrupted our
-- * stack. */
-- if (result.len > sizeof resultBuffer) {
-- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-- return SECFailure;
-- }
--
-- ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
--
-- SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
-- return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result);
-+ return ssl3_SelectAppProtocol(ss, ex_type, data);
- }
-
- static SECStatus
-@@ -814,6 +878,47 @@ loser:
- return -1;
- }
-
-+static PRInt32
-+ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
-+{
-+ PRInt32 extension_length;
-+
-+ PORT_Assert(ss->opt.enableALPN);
-+ PORT_Assert(ss->ssl3.nextProto.data);
-+ PORT_Assert(ss->ssl3.nextProto.len > 0);
-+ PORT_Assert(ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED);
-+ PORT_Assert(!ss->firstHsDone);
-+
-+ extension_length = 2 /* extension type */ + 2 /* extension length */ +
-+ 2 /* protocol name list */ + 1 /* name length */ +
-+ ss->ssl3.nextProto.len;
-+
-+ if (append && maxBytes >= extension_length) {
-+ SECStatus rv;
-+ rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
-+ if (rv != SECSuccess) {
-+ return -1;
-+ }
-+ rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-+ if (rv != SECSuccess) {
-+ return -1;
-+ }
-+ rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.nextProto.len + 1, 2);
-+ if (rv != SECSuccess) {
-+ return -1;
-+ }
-+ rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.nextProto.data,
-+ ss->ssl3.nextProto.len, 1);
-+ if (rv != SECSuccess) {
-+ return -1;
-+ }
-+ } else if (maxBytes < extension_length) {
-+ return 0;
-+ }
-+
-+ return extension_length;
-+}
-+
- static SECStatus
- ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type,
- SECItem *data)
-diff --git a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3prot.h
-index 4c19ade..d32be38 100644
---- a/net/third_party/nss/ssl/ssl3prot.h
-+++ b/net/third_party/nss/ssl/ssl3prot.h
-@@ -107,7 +107,8 @@ typedef enum {
- certificate_unobtainable = 111,
- unrecognized_name = 112,
- bad_certificate_status_response = 113,
-- bad_certificate_hash_value = 114
-+ bad_certificate_hash_value = 114,
-+ no_application_protocol = 120
-
- } SSL3AlertDescription;
-
-diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
-index 82ae7df..5184a6e 100644
---- a/net/third_party/nss/ssl/sslerr.h
-+++ b/net/third_party/nss/ssl/sslerr.h
-@@ -193,10 +193,14 @@ SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126),
- SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
- SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
-
--SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 129),
--SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 130),
--SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 131),
--SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 132),
-+SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK = (SSL_ERROR_BASE + 129),
-+SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130),
-+
-+SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
-+
-+SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
-+SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
-+SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
-
- SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
- } SSLErrorCodes;
-diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
-index 028cd98..421ba21 100644
---- a/net/third_party/nss/ssl/sslsock.c
-+++ b/net/third_party/nss/ssl/sslsock.c
-@@ -1432,6 +1432,11 @@ DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
- return ssl_ImportFD(model, fd, ssl_variant_datagram);
- }
-
-+/* SSL_SetNextProtoCallback is used to select an application protocol
-+ * for ALPN and NPN. For ALPN, this runs on the server; for NPN it
-+ * runs on the client. */
-+/* Note: The ALPN version doesn't allow for the use of a default, setting a
-+ * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
- SECStatus
- SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
- void *arg)
-@@ -1452,7 +1457,7 @@ SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
- return SECSuccess;
- }
-
--/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when
-+/* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when
- * SSL_SetNextProtoNego is used.
- */
- static SECStatus
-@@ -1471,12 +1476,6 @@ ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
- return SECFailure;
- }
-
-- if (protos_len == 0) {
-- /* The server supports the extension, but doesn't have any protocols
-- * configured. In this case we request our favoured protocol. */
-- goto pick_first;
-- }
--
- /* For each protocol in server preference, see if we support it. */
- for (i = 0; i < protos_len; ) {
- for (j = 0; j < ss->opt.nextProtoNego.len; ) {
-@@ -1493,7 +1492,10 @@ ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
- i += 1 + (unsigned int)protos[i];
- }
-
--pick_first:
-+ /* The other side supports the extension, and either doesn't have any
-+ * protocols configured, or none of its options match ours. In this case we
-+ * request our favoured protocol. */
-+ /* This will be treated as a failure for ALPN. */
- ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
- result = ss->opt.nextProtoNego.data;
-
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index 878d4036..6ddb692 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -7,51 +7,45 @@
#
# Point patches_dir to the src/net/third_party/nss/patches directory in a
# chromium source tree.
-patches_dir=/Users/wtc/chrome1/src/net/third_party/nss/patches
+patches_dir=/Users/sleevi/development/chromium/src/net/third_party/nss/patches
-patch -p4 < $patches_dir/cachecerts.patch
+patch -p2 < $patches_dir/cachecerts.patch
-patch -p4 < $patches_dir/clientauth.patch
+patch -p2 < $patches_dir/clientauth.patch
-patch -p4 < $patches_dir/didhandshakeresume.patch
+patch -p2 < $patches_dir/didhandshakeresume.patch
-patch -p4 < $patches_dir/getrequestedclientcerttypes.patch
+patch -p2 < $patches_dir/getrequestedclientcerttypes.patch
-patch -p4 < $patches_dir/restartclientauth.patch
+patch -p2 < $patches_dir/restartclientauth.patch
-patch -p4 < $patches_dir/channelid.patch
+patch -p2 < $patches_dir/channelid.patch
-patch -p4 < $patches_dir/tlsunique.patch
+patch -p2 < $patches_dir/tlsunique.patch
-patch -p4 < $patches_dir/secretexporterlocks.patch
+patch -p2 < $patches_dir/secretexporterlocks.patch
-patch -p4 < $patches_dir/suitebonly.patch
+patch -p2 < $patches_dir/suitebonly.patch
-patch -p4 < $patches_dir/secitemarray.patch
+patch -p2 < $patches_dir/secitemarray.patch
-patch -p4 < $patches_dir/tls12chromium.patch
+patch -p2 < $patches_dir/tls12chromium.patch
-patch -p4 < $patches_dir/aesgcmchromium.patch
+patch -p2 < $patches_dir/aesgcmchromium.patch
-patch -p4 < $patches_dir/chacha20poly1305.patch
+patch -p2 < $patches_dir/chacha20poly1305.patch
-patch -p4 < $patches_dir/cachelocks.patch
+patch -p2 < $patches_dir/cachelocks.patch
-patch -p4 < $patches_dir/signedcertificatetimestamps.patch
+patch -p2 < $patches_dir/signedcertificatetimestamps.patch
-patch -p4 < $patches_dir/cipherorder.patch
+patch -p2 < $patches_dir/cipherorder.patch
-patch -p4 < $patches_dir/fallbackscsv.patch
+patch -p2 < $patches_dir/sessioncache.patch
-patch -p4 < $patches_dir/sessioncache.patch
+patch -p2 < $patches_dir/nssrwlock.patch
-patch -p4 < $patches_dir/nssrwlock.patch
+patch -p2 < $patches_dir/reorderextensions.patch
-patch -p4 < $patches_dir/paddingextvalue.patch
-
-patch -p4 < $patches_dir/reorderextensions.patch
-
-patch -p5 < $patches_dir/alpnserver.patch
-
-patch -p4 < $patches_dir/removebuildmetadata.patch
+patch -p2 < $patches_dir/removebuildmetadata.patch
diff --git a/net/third_party/nss/patches/cachecerts.patch b/net/third_party/nss/patches/cachecerts.patch
index fce438b..adb7e3e 100644
--- a/net/third_party/nss/patches/cachecerts.patch
+++ b/net/third_party/nss/patches/cachecerts.patch
@@ -1,6 +1,7 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 17:49:26.062517203 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 17:51:23.974478249 -0800
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 529eb42..ebaee61 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
@@ -43,6 +43,7 @@
static SECStatus ssl3_AuthCertificate(sslSocket *ss);
@@ -9,7 +10,7 @@
static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
PK11SlotInfo * serverKeySlot);
static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
-@@ -6474,6 +6475,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6534,6 +6535,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
/* copy the peer cert from the SID */
if (sid->peerCert != NULL) {
ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
@@ -17,7 +18,7 @@
}
/* NULL value for PMS signifies re-use of the old MS */
-@@ -8048,6 +8050,7 @@ compression_found:
+@@ -8127,6 +8129,7 @@ compression_found:
ss->sec.ci.sid = sid;
if (sid->peerCert != NULL) {
ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
@@ -25,7 +26,7 @@
}
/*
-@@ -9662,6 +9665,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
+@@ -9750,6 +9753,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
ss->ssl3.peerCertChain = NULL;
}
@@ -70,7 +71,7 @@
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
* ssl3 CertificateStatus message.
* Caller must hold Handshake and RecvBuf locks.
-@@ -9940,6 +9981,7 @@ ssl3_AuthCertificate(sslSocket *ss)
+@@ -10028,6 +10069,7 @@ ssl3_AuthCertificate(sslSocket *ss)
}
ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
@@ -78,10 +79,11 @@
if (!ss->sec.isServer) {
CERTCertificate *cert = ss->sec.peerCert;
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 17:51:23.984478418 -0800
-@@ -595,6 +595,8 @@ typedef enum { never_cached,
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 858ae0c..88a7039 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -597,6 +597,8 @@ typedef enum { never_cached,
invalid_cache /* no longer in any cache. */
} Cached;
@@ -90,7 +92,7 @@
struct sslSessionIDStr {
/* The global cache lock must be held when accessing these members when the
* sid is in any cache.
-@@ -609,6 +611,7 @@ struct sslSessionIDStr {
+@@ -611,6 +613,7 @@ struct sslSessionIDStr {
*/
CERTCertificate * peerCert;
@@ -98,9 +100,10 @@
SECItemArray peerCertStatus; /* client only */
const char * peerID; /* client only */
const char * urlSvrName; /* client only */
-diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
---- a/nss/lib/ssl/sslnonce.c 2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslnonce.c 2014-01-17 17:51:23.984478418 -0800
+diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+index 2e861f1..be11008 100644
+--- a/ssl/sslnonce.c
++++ b/ssl/sslnonce.c
@@ -164,6 +164,7 @@ lock_cache(void)
static void
ssl_DestroySID(sslSessionID *sid)
diff --git a/net/third_party/nss/patches/cachelocks.patch b/net/third_party/nss/patches/cachelocks.patch
index d52bf53..a019b6d 100644
--- a/net/third_party/nss/patches/cachelocks.patch
+++ b/net/third_party/nss/patches/cachelocks.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:10:16.783281701 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:11:03.734060469 -0800
-@@ -5678,7 +5678,6 @@ SSL3_ShutdownServerCache(void)
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index adaa9a4..708a4c7 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -5733,7 +5733,6 @@ SSL3_ShutdownServerCache(void)
}
PZ_Unlock(symWrapKeysLock);
@@ -9,7 +10,7 @@
return SECSuccess;
}
-@@ -5730,7 +5729,7 @@ getWrappingKey( sslSocket * ss,
+@@ -5785,7 +5784,7 @@ getWrappingKey( sslSocket * ss,
pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType];
@@ -18,10 +19,11 @@
PZ_Lock(symWrapKeysLock);
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 18:10:16.793281867 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 18:11:03.734060469 -0800
-@@ -1913,9 +1913,7 @@ extern SECStatus ssl_InitSymWrapKeysLock
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 643570f..62f822a 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1917,9 +1917,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void);
extern SECStatus ssl_FreeSymWrapKeysLock(void);
@@ -32,9 +34,10 @@
/***************** platform client auth ****************/
-diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
---- a/nss/lib/ssl/sslnonce.c 2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/sslnonce.c 2014-01-17 18:11:03.754060801 -0800
+diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+index 1326a8b..c45849d 100644
+--- a/ssl/sslnonce.c
++++ b/ssl/sslnonce.c
@@ -35,91 +35,55 @@ static PZLock * cacheLock = NULL;
#define LOCK_CACHE lock_cache()
#define UNLOCK_CACHE PZ_Unlock(cacheLock)
@@ -59,10 +62,15 @@
-}
-
-static PRBool LocksInitializedEarly = PR_FALSE;
--
--static SECStatus
++static PRCallOnceType lockOnce;
+
++/* FreeSessionCacheLocks is a callback from NSS_RegisterShutdown which destroys
++ * the session cache locks on shutdown and resets them to their initial
++ * state. */
+ static SECStatus
-FreeSessionCacheLocks()
--{
++FreeSessionCacheLocks(void* appData, void* nssData)
+ {
- SECStatus rv1, rv2;
- rv1 = ssl_FreeSymWrapKeysLock();
- rv2 = ssl_FreeClientSessionCacheLock();
@@ -71,15 +79,12 @@
- }
- return SECFailure;
-}
-+static PRCallOnceType lockOnce;
++ static const PRCallOnceType pristineCallOnce;
++ SECStatus rv;
-+/* FreeSessionCacheLocks is a callback from NSS_RegisterShutdown which destroys
-+ * the session cache locks on shutdown and resets them to their initial
-+ * state. */
- static SECStatus
+-static SECStatus
-InitSessionCacheLocks(void)
-+FreeSessionCacheLocks(void* appData, void* nssData)
- {
+-{
- SECStatus rv1, rv2;
- PRErrorCode rc;
- rv1 = ssl_InitSymWrapKeysLock();
@@ -92,9 +97,7 @@
- PORT_SetError(rc);
- return SECFailure;
-}
-+ static const PRCallOnceType pristineCallOnce;
-+ SECStatus rv;
-
+-
-/* free the session cache locks if they were initialized early */
-SECStatus
-ssl_FreeSessionCacheLocks()
@@ -160,7 +163,7 @@
PORT_Assert(SECSuccess == rv);
if (SECSuccess != rv) {
return PR_FAILURE;
-@@ -127,34 +91,18 @@ static PRStatus initSessionCacheLocksLaz
+@@ -127,34 +91,18 @@ static PRStatus initSessionCacheLocksLazily(void)
return PR_SUCCESS;
}
@@ -201,10 +204,11 @@
PZ_Lock(cacheLock);
}
-diff -pu a/nss/lib/ssl/sslsnce.c b/nss/lib/ssl/sslsnce.c
---- a/nss/lib/ssl/sslsnce.c 2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslsnce.c 2014-01-17 18:11:03.774061133 -0800
-@@ -1353,7 +1353,7 @@ SSL_ConfigServerSessionIDCache( int
+diff --git a/ssl/sslsnce.c b/ssl/sslsnce.c
+index 4d9ef38..3279200 100644
+--- a/ssl/sslsnce.c
++++ b/ssl/sslsnce.c
+@@ -1352,7 +1352,7 @@ SSL_ConfigServerSessionIDCache( int maxCacheEntries,
PRUint32 ssl3_timeout,
const char * directory)
{
@@ -213,7 +217,7 @@
return SSL_ConfigServerSessionIDCacheInstance(&globalCache,
maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
}
-@@ -1467,7 +1467,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
+@@ -1466,7 +1466,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
PRBool enableMPCache)
{
if (!enableMPCache) {
@@ -222,7 +226,7 @@
return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache,
ssl2_timeout, ssl3_timeout, directory, PR_FALSE,
maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
-@@ -1512,7 +1512,7 @@ SSL_InheritMPServerSIDCacheInstance(cach
+@@ -1511,7 +1511,7 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString)
return SECSuccess; /* already done. */
}
diff --git a/net/third_party/nss/patches/chacha20poly1305.patch b/net/third_party/nss/patches/chacha20poly1305.patch
index 028ed70..2a4c5640 100644
--- a/net/third_party/nss/patches/chacha20poly1305.patch
+++ b/net/third_party/nss/patches/chacha20poly1305.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:06:41.659713513 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:07:10.270188062 -0800
-@@ -40,6 +40,21 @@
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 375ed6a..adaa9a4 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -41,6 +41,21 @@
#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
#endif
@@ -23,16 +24,16 @@
#include <stdio.h>
#ifdef NSS_ENABLE_ZLIB
#include "zlib.h"
-@@ -104,6 +119,8 @@ static ssl3CipherSuiteCfg cipherSuites[s
+@@ -105,6 +120,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
/* cipher_suite policy enabled isPresent */
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
+ { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
-@@ -292,6 +309,7 @@ static const ssl3BulkCipherDef bulk_ciph
+@@ -296,6 +313,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {
{cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0},
{cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0},
{cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8},
@@ -40,16 +41,16 @@
{cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0},
};
-@@ -418,6 +436,8 @@ static const ssl3CipherSuiteDef cipher_s
+@@ -422,6 +440,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
{TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
+ {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa},
+ {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa},
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
{TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},
-@@ -483,6 +503,7 @@ static const SSLCipher2Mech alg2Mech[] =
+@@ -487,6 +507,7 @@ static const SSLCipher2Mech alg2Mech[] = {
{ calg_camellia , CKM_CAMELLIA_CBC },
{ calg_seed , CKM_SEED_CBC },
{ calg_aes_gcm , CKM_AES_GCM },
@@ -57,16 +58,16 @@
/* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */
};
-@@ -647,6 +668,8 @@ ssl3_CipherSuiteAllowedForVersionRange(
- * SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented
- */
- return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
+@@ -662,6 +683,8 @@ ssl3_CipherSuiteAllowedForVersionRange(
+ case TLS_RSA_WITH_NULL_SHA256:
+ return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
+
+ case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305:
+ case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
-@@ -2043,6 +2066,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
+ case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+ case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+ case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+@@ -2070,6 +2093,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
}
#endif
@@ -113,7 +114,7 @@
/* Initialize encryption and MAC contexts for pending spec.
* Master Secret already is derived.
* Caller holds Spec write lock.
-@@ -2076,13 +2139,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket
+@@ -2103,13 +2166,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss)
pwSpec->client.write_mac_context = NULL;
pwSpec->server.write_mac_context = NULL;
@@ -133,10 +134,11 @@
return SECSuccess;
}
-diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
---- a/nss/lib/ssl/ssl3ecc.c 2014-01-17 18:04:43.127747463 -0800
-+++ b/nss/lib/ssl/ssl3ecc.c 2014-01-17 18:07:10.270188062 -0800
-@@ -904,6 +904,7 @@ static const ssl3CipherSuite ecdhe_ecdsa
+diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
+index 003ed78..d5d6c9c 100644
+--- a/ssl/ssl3ecc.c
++++ b/ssl/ssl3ecc.c
+@@ -920,6 +920,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
@@ -144,7 +146,7 @@
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
0 /* end of list marker */
-@@ -915,6 +916,7 @@ static const ssl3CipherSuite ecdhe_rsa_s
+@@ -931,6 +932,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
@@ -152,7 +154,7 @@
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
0 /* end of list marker */
-@@ -927,6 +929,7 @@ static const ssl3CipherSuite ecSuites[]
+@@ -943,6 +945,7 @@ static const ssl3CipherSuite ecSuites[] = {
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
@@ -160,7 +162,7 @@
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-@@ -934,6 +937,7 @@ static const ssl3CipherSuite ecSuites[]
+@@ -950,6 +953,7 @@ static const ssl3CipherSuite ecSuites[] = {
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
@@ -168,9 +170,10 @@
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-diff -pu a/nss/lib/ssl/sslenum.c b/nss/lib/ssl/sslenum.c
---- a/nss/lib/ssl/sslenum.c 2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslenum.c 2014-01-17 18:08:43.791739267 -0800
+diff --git a/ssl/sslenum.c b/ssl/sslenum.c
+index 09ce43f..a036627 100644
+--- a/ssl/sslenum.c
++++ b/ssl/sslenum.c
@@ -37,17 +37,21 @@
*
* Exception: Because some servers ignore the high-order byte of the cipher
@@ -190,15 +193,16 @@
+ * the fifth one.
*/
const PRUint16 SSL_ImplementedCiphers[] = {
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 18:03:47.906831535 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 18:07:10.270188062 -0800
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 88f559a..643570f 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
@@ -65,6 +65,7 @@ typedef SSLSignType SSL3SignType;
#define calg_camellia ssl_calg_camellia
#define calg_seed ssl_calg_seed
@@ -210,13 +214,13 @@
@@ -299,7 +300,7 @@ typedef struct {
} ssl3CipherSuiteCfg;
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
-#define ssl_V3_SUITES_IMPLEMENTED 61
+#define ssl_V3_SUITES_IMPLEMENTED 63
#else
#define ssl_V3_SUITES_IMPLEMENTED 37
- #endif /* NSS_ENABLE_ECC */
-@@ -483,6 +484,7 @@ typedef enum {
+ #endif /* NSS_DISABLE_ECC */
+@@ -485,6 +486,7 @@ typedef enum {
cipher_camellia_256,
cipher_seed,
cipher_aes_128_gcm,
@@ -224,10 +228,11 @@
cipher_missing /* reserved for no such supported cipher */
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
} SSL3BulkCipher;
-diff -pu a/nss/lib/ssl/sslinfo.c b/nss/lib/ssl/sslinfo.c
---- a/nss/lib/ssl/sslinfo.c 2014-01-17 18:00:45.503806125 -0800
-+++ b/nss/lib/ssl/sslinfo.c 2014-01-17 18:07:10.270188062 -0800
-@@ -110,6 +110,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLCh
+diff --git a/ssl/sslinfo.c b/ssl/sslinfo.c
+index ba230d2..845d9f0 100644
+--- a/ssl/sslinfo.c
++++ b/ssl/sslinfo.c
+@@ -110,6 +110,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
#define C_NULL "NULL", calg_null
#define C_SJ "SKIPJACK", calg_sj
#define C_AESGCM "AES-GCM", calg_aes_gcm
@@ -235,7 +240,7 @@
#define B_256 256, 256, 256
#define B_128 128, 128, 128
-@@ -188,12 +189,14 @@ static const SSLCipherSuiteInfo suiteInf
+@@ -188,12 +189,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
@@ -250,10 +255,11 @@
{0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
-diff -pu a/nss/lib/ssl/sslproto.h b/nss/lib/ssl/sslproto.h
---- a/nss/lib/ssl/sslproto.h 2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslproto.h 2014-01-17 18:07:10.270188062 -0800
-@@ -213,6 +213,9 @@
+diff --git a/ssl/sslproto.h b/ssl/sslproto.h
+index e02442c..dc653c9 100644
+--- a/ssl/sslproto.h
++++ b/ssl/sslproto.h
+@@ -258,6 +258,9 @@
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
@@ -261,11 +267,12 @@
+#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0xCC14
+
/* Netscape "experimental" cipher suites. */
- #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
- #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
-diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
---- a/nss/lib/ssl/sslt.h 2014-01-17 18:03:47.906831535 -0800
-+++ b/nss/lib/ssl/sslt.h 2014-01-17 18:07:10.270188062 -0800
+ #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
+ #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
+diff --git a/ssl/sslt.h b/ssl/sslt.h
+index 430d216..fe0ad07 100644
+--- a/ssl/sslt.h
++++ b/ssl/sslt.h
@@ -94,7 +94,8 @@ typedef enum {
ssl_calg_aes = 7,
ssl_calg_camellia = 8,
diff --git a/net/third_party/nss/patches/channelid.patch b/net/third_party/nss/patches/channelid.patch
index 670a6fa..9fc6012 100644
--- a/net/third_party/nss/patches/channelid.patch
+++ b/net/third_party/nss/patches/channelid.patch
@@ -1,7 +1,64 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-18 10:39:50.799150460 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-18 10:40:15.489552270 -0800
-@@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateSta
+diff --git a/ssl/SSLerrs.h b/ssl/SSLerrs.h
+index 174037b..81da41c 100644
+--- a/ssl/SSLerrs.h
++++ b/ssl/SSLerrs.h
+@@ -422,3 +422,12 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
+ ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
+ "The server rejected the handshake because the client downgraded to a lower "
+ "TLS version than the server supports.")
++
++ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
++"SSL received a malformed TLS Channel ID extension.")
++
++ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 133),
++"The application provided an invalid TLS Channel ID key.")
++
++ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 134),
++"The application could not get a TLS Channel ID.")
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 593dd00..716537d 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -1025,6 +1025,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
+ SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
+ PRBool *last_handshake_resumed);
+
++/* See SSL_SetClientChannelIDCallback for usage. If the callback returns
++ * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in
++ * the future to restart the handshake. On SECSuccess, the callback must have
++ * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */
++typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)(
++ void *arg,
++ PRFileDesc *fd,
++ SECKEYPublicKey **out_public_key,
++ SECKEYPrivateKey **out_private_key);
++
++/* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake
++ * after a ChannelID callback returned SECWouldBlock.
++ *
++ * This function takes ownership of |channelIDPub| and |channelID|. */
++SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq(
++ PRFileDesc *fd,
++ SECKEYPublicKey *channelIDPub,
++ SECKEYPrivateKey *channelID);
++
++/* SSL_SetClientChannelIDCallback sets a callback function that will be called
++ * once the server's ServerHello has been processed. This is only applicable to
++ * a client socket and setting this callback causes the TLS Channel ID
++ * extension to be advertised. */
++SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback(
++ PRFileDesc *fd,
++ SSLClientChannelIDCallback callback,
++ void *arg);
++
+ /*
+ ** How long should we wait before retransmitting the next flight of
+ ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 1852806..45c3454 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateStatus( sslSocket *ss);
static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
static SECStatus ssl3_SendNextProto( sslSocket *ss);
@@ -9,7 +66,7 @@
static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
static SECStatus ssl3_SendServerHello( sslSocket *ss);
static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
-@@ -6221,6 +6222,15 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6281,6 +6282,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
}
#endif /* NSS_PLATFORM_CLIENT_AUTH */
@@ -25,7 +82,7 @@
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (temp < 0) {
goto loser; /* alert has been sent */
-@@ -6503,7 +6513,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6563,7 +6573,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (rv != SECSuccess) {
goto alert_loser; /* err code was set */
}
@@ -34,7 +91,7 @@
} while (0);
if (sid_match)
-@@ -6529,6 +6539,27 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6589,6 +6599,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
ss->ssl3.hs.isResuming = PR_FALSE;
ss->ssl3.hs.ws = wait_server_cert;
@@ -62,22 +119,22 @@
return SECSuccess;
alert_loser:
-@@ -7490,7 +7521,14 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -7550,7 +7581,14 @@ ssl3_SendClientSecondRound(sslSocket *ss)
if (rv != SECSuccess) {
goto loser; /* err code was set. */
}
+ }
-
++
+ rv = ssl3_SendEncryptedExtensions(ss);
+ if (rv != SECSuccess) {
+ goto loser; /* err code was set. */
+ }
-+
+
+ if (!ss->firstHsDone) {
if (ss->opt.enableFalseStart) {
if (!ss->ssl3.hs.authCertificatePending) {
/* When we fix bug 589047, we will need to know whether we are
-@@ -7527,6 +7565,33 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -7587,6 +7625,33 @@ ssl3_SendClientSecondRound(sslSocket *ss)
ssl_ReleaseXmitBufLock(ss); /*******************************/
@@ -111,7 +168,7 @@
if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
ss->ssl3.hs.ws = wait_new_session_ticket;
else
-@@ -10494,6 +10559,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
+@@ -10582,6 +10647,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
}
/* called from ssl3_SendClientSecondRound
@@ -296,7 +353,7 @@
* ssl3_HandleClientHello
* ssl3_HandleFinished
*/
-@@ -10753,11 +10996,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
+@@ -10841,11 +11084,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
}
@@ -317,7 +374,7 @@
}
if (IS_DTLS(ss)) {
-@@ -12237,6 +12485,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -12325,6 +12573,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
ssl_FreePlatformKey(ss->ssl3.platformClientKey);
#endif /* NSS_PLATFORM_CLIENT_AUTH */
@@ -329,10 +386,11 @@
if (ss->ssl3.peerCertArena != NULL)
ssl3_CleanupPeerCerts(ss);
-diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
---- a/nss/lib/ssl/ssl3ext.c 2014-01-18 10:39:50.749149654 -0800
-+++ b/nss/lib/ssl/ssl3ext.c 2014-01-18 10:43:52.543083984 -0800
-@@ -64,6 +64,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSo
+diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
+index 9345be8..b6ed17d 100644
+--- a/ssl/ssl3ext.c
++++ b/ssl/ssl3ext.c
+@@ -68,6 +68,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
SECItem *data);
@@ -340,10 +398,10 @@
+ PRUint16 ex_type, SECItem *data);
+static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
+ PRUint32 maxBytes);
- static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
+ static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
PRBool append, PRUint32 maxBytes);
static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
-@@ -253,6 +257,7 @@ static const ssl3HelloExtensionHandler s
+@@ -264,6 +268,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
{ ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
{ ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn },
{ ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
@@ -351,19 +409,18 @@
{ ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
{ -1, NULL }
};
-@@ -280,6 +285,7 @@ ssl3HelloExtensionSender clientHelloSend
+@@ -291,6 +296,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
{ ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
{ ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
+ { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
- /* any extra entries will appear as { 0, NULL } */
-@@ -795,6 +801,61 @@ loser:
- return -1;
+ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+ { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
+@@ -910,6 +916,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
}
-+static SECStatus
+ static SECStatus
+ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type,
+ SECItem *data)
+{
@@ -418,26 +475,29 @@
+ return -1;
+}
+
- static SECStatus
++static SECStatus
ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data)
-diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h
---- a/nss/lib/ssl/ssl3prot.h 2014-01-18 10:39:34.278881614 -0800
-+++ b/nss/lib/ssl/ssl3prot.h 2014-01-18 10:40:15.499552430 -0800
-@@ -129,7 +129,8 @@ typedef enum {
- client_key_exchange = 16,
- finished = 20,
+ {
+diff --git a/ssl/ssl3prot.h b/ssl/ssl3prot.h
+index 485d7dd..78fbcaa 100644
+--- a/ssl/ssl3prot.h
++++ b/ssl/ssl3prot.h
+@@ -136,7 +136,8 @@ typedef enum {
+ client_key_exchange = 16,
+ finished = 20,
certificate_status = 22,
-- next_proto = 67
-+ next_proto = 67,
-+ encrypted_extensions= 203
+- next_proto = 67
++ next_proto = 67,
++ encrypted_extensions = 203,
} SSL3HandshakeType;
typedef struct {
-diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c
---- a/nss/lib/ssl/sslauth.c 2014-01-18 10:39:50.749149654 -0800
-+++ b/nss/lib/ssl/sslauth.c 2014-01-18 10:40:15.499552430 -0800
-@@ -216,6 +216,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
+diff --git a/ssl/sslauth.c b/ssl/sslauth.c
+index 7f9c43b..c2d9201 100644
+--- a/ssl/sslauth.c
++++ b/ssl/sslauth.c
+@@ -216,6 +216,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
return SECSuccess;
}
@@ -462,78 +522,26 @@
#ifdef NSS_PLATFORM_CLIENT_AUTH
/* NEED LOCKS IN HERE. */
SECStatus
-diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h
---- a/nss/lib/ssl/sslerr.h 2014-01-18 10:39:34.288881780 -0800
-+++ b/nss/lib/ssl/sslerr.h 2014-01-18 10:40:15.499552430 -0800
-@@ -193,6 +193,10 @@ SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (
- SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
- SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
+diff --git a/ssl/sslerr.h b/ssl/sslerr.h
+index 12dbb1d..24bf893 100644
+--- a/ssl/sslerr.h
++++ b/ssl/sslerr.h
+@@ -198,6 +198,10 @@ SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130),
-+SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 129),
-+SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 130),
-+SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 131),
+ SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
+
++SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
++SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
++SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
+
- SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
+ SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */
-diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h
---- a/nss/lib/ssl/SSLerrs.h 2014-01-18 10:39:34.238880964 -0800
-+++ b/nss/lib/ssl/SSLerrs.h 2014-01-18 10:40:15.499552430 -0800
-@@ -412,3 +412,12 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR
-
- ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
- "Incorrect signature algorithm specified in a digitally-signed element.")
-+
-+ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 129),
-+"SSL received a malformed TLS Channel ID extension.")
-+
-+ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 130),
-+"The application provided an invalid TLS Channel ID key.")
-+
-+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
-+"The application could not get a TLS Channel ID.")
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2014-01-18 10:39:50.799150460 -0800
-+++ b/nss/lib/ssl/ssl.h 2014-01-18 10:40:15.499552430 -0800
-@@ -1015,6 +1015,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
- SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
- PRBool *last_handshake_resumed);
-
-+/* See SSL_SetClientChannelIDCallback for usage. If the callback returns
-+ * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in
-+ * the future to restart the handshake. On SECSuccess, the callback must have
-+ * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */
-+typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)(
-+ void *arg,
-+ PRFileDesc *fd,
-+ SECKEYPublicKey **out_public_key,
-+ SECKEYPrivateKey **out_private_key);
-+
-+/* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake
-+ * after a ChannelID callback returned SECWouldBlock.
-+ *
-+ * This function takes ownership of |channelIDPub| and |channelID|. */
-+SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq(
-+ PRFileDesc *fd,
-+ SECKEYPublicKey *channelIDPub,
-+ SECKEYPrivateKey *channelID);
-+
-+/* SSL_SetClientChannelIDCallback sets a callback function that will be called
-+ * once the server's ServerHello has been processed. This is only applicable to
-+ * a client socket and setting this callback causes the TLS Channel ID
-+ * extension to be advertised. */
-+SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback(
-+ PRFileDesc *fd,
-+ SSLClientChannelIDCallback callback,
-+ void *arg);
-+
- /*
- ** How long should we wait before retransmitting the next flight of
- ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-18 10:39:50.799150460 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-18 10:40:15.499552430 -0800
-@@ -709,6 +709,14 @@ struct sslSessionIDStr {
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index c6ac398..57346cb 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -711,6 +711,14 @@ struct sslSessionIDStr {
SECItem srvName;
@@ -548,7 +556,7 @@
/* This lock is lazily initialized by CacheSID when a sid is first
* cached. Before then, there is no need to lock anything because
* the sid isn't being shared by anything.
-@@ -978,6 +986,9 @@ struct ssl3StateStr {
+@@ -980,6 +988,9 @@ struct ssl3StateStr {
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
@@ -558,7 +566,7 @@
int policy;
/* This says what cipher suites we can do, and should
* be either SSL_ALLOWED or SSL_RESTRICTED
-@@ -1255,6 +1266,8 @@ const unsigned char * preferredCipher;
+@@ -1257,6 +1268,8 @@ const unsigned char * preferredCipher;
void *pkcs11PinArg;
SSLNextProtoCallback nextProtoCallback;
void *nextProtoArg;
@@ -567,7 +575,7 @@
PRIntervalTime rTimeout; /* timeout for NSPR I/O */
PRIntervalTime wTimeout; /* timeout for NSPR I/O */
-@@ -1599,6 +1612,11 @@ extern SECStatus ssl3_RestartHandshakeAf
+@@ -1603,6 +1616,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
SECKEYPrivateKey * key,
CERTCertificateList *certChain);
@@ -579,9 +587,10 @@
extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
/*
-diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
---- a/nss/lib/ssl/sslnonce.c 2014-01-18 10:39:50.739149486 -0800
-+++ b/nss/lib/ssl/sslnonce.c 2014-01-18 10:40:15.499552430 -0800
+diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+index be11008..1326a8b 100644
+--- a/ssl/sslnonce.c
++++ b/ssl/sslnonce.c
@@ -180,6 +180,9 @@ ssl_DestroySID(sslSessionID *sid)
if (sid->u.ssl3.srvName.data) {
SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
@@ -592,10 +601,11 @@
if (sid->u.ssl3.lock) {
PR_DestroyRWLock(sid->u.ssl3.lock);
-diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
---- a/nss/lib/ssl/sslsecur.c 2014-01-18 10:39:50.799150460 -0800
-+++ b/nss/lib/ssl/sslsecur.c 2014-01-18 10:40:15.499552430 -0800
-@@ -1584,6 +1584,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileD
+diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
+index d44336e..5c6751a 100644
+--- a/ssl/sslsecur.c
++++ b/ssl/sslsecur.c
+@@ -1582,6 +1582,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc * fd,
return ret;
}
@@ -638,19 +648,20 @@
/* DO NOT USE. This function was exported in ssl.def with the wrong signature;
* this implementation exists to maintain link-time compatibility.
*/
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c 2014-01-18 10:39:50.769149984 -0800
-+++ b/nss/lib/ssl/sslsock.c 2014-01-18 10:40:15.499552430 -0800
-@@ -276,6 +276,8 @@ ssl_DupSocket(sslSocket *os)
- ss->canFalseStartCallback = os->canFalseStartCallback;
- ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
- ss->pkcs11PinArg = os->pkcs11PinArg;
-+ ss->getChannelID = os->getChannelID;
-+ ss->getChannelIDArg = os->getChannelIDArg;
-
- /* Create security data */
- rv = ssl_CopySecurityInfo(ss, os);
-@@ -1691,6 +1693,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index a939781..d3f3bf4 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -288,6 +288,8 @@ ssl_DupSocket(sslSocket *os)
+ ss->canFalseStartCallback = os->canFalseStartCallback;
+ ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
+ ss->pkcs11PinArg = os->pkcs11PinArg;
++ ss->getChannelID = os->getChannelID;
++ ss->getChannelIDArg = os->getChannelIDArg;
+
+ /* Create security data */
+ rv = ssl_CopySecurityInfo(ss, os);
+@@ -1733,6 +1735,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
ss->handshakeCallbackData = sm->handshakeCallbackData;
if (sm->pkcs11PinArg)
ss->pkcs11PinArg = sm->pkcs11PinArg;
@@ -661,28 +672,29 @@
return fd;
loser:
return NULL;
-@@ -2968,6 +2974,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
- ss->badCertArg = NULL;
- ss->pkcs11PinArg = NULL;
- ss->ephemeralECDHKeyPair = NULL;
-+ ss->getChannelID = NULL;
-+ ss->getChannelIDArg = NULL;
+@@ -3021,6 +3027,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
+ ss->badCertArg = NULL;
+ ss->pkcs11PinArg = NULL;
+ ss->ephemeralECDHKeyPair = NULL;
++ ss->getChannelID = NULL;
++ ss->getChannelIDArg = NULL;
- ssl_ChooseOps(ss);
- ssl2_InitSocketPolicy(ss);
-diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
---- a/nss/lib/ssl/sslt.h 2014-01-18 10:39:34.328882426 -0800
-+++ b/nss/lib/ssl/sslt.h 2014-01-18 10:40:15.499552430 -0800
-@@ -190,10 +190,11 @@ typedef enum {
- ssl_app_layer_protocol_xtn = 16,
+ ssl_ChooseOps(ss);
+ ssl2_InitSocketPolicy(ss);
+diff --git a/ssl/sslt.h b/ssl/sslt.h
+index 1d28feb..0900f28 100644
+--- a/ssl/sslt.h
++++ b/ssl/sslt.h
+@@ -191,10 +191,11 @@ typedef enum {
+ ssl_padding_xtn = 21,
ssl_session_ticket_xtn = 35,
ssl_next_proto_nego_xtn = 13172,
+ ssl_channel_id_xtn = 30032,
- ssl_padding_xtn = 35655,
- ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
+ ssl_renegotiation_info_xtn = 0xff01,
+ ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
} SSLExtensionType;
--#define SSL_MAX_EXTENSIONS 10 /* doesn't include ssl_padding_xtn. */
-+#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
+-#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
++#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
#endif /* __sslt_h_ */
diff --git a/net/third_party/nss/patches/cipherorder.patch b/net/third_party/nss/patches/cipherorder.patch
index 36f0191..8943990 100644
--- a/net/third_party/nss/patches/cipherorder.patch
+++ b/net/third_party/nss/patches/cipherorder.patch
@@ -1,7 +1,26 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:45:24.378132013 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:46:29.929216162 -0800
-@@ -12540,6 +12540,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3Ci
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index e9f5fb0..be6d88e 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -295,6 +295,13 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
+ SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
+ SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+
++/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
++ * which must be an array of cipher suite ids of length |len|. All the given
++ * cipher suite ids must appear in the array that is returned by
++ * |SSL_GetImplementedCiphers| and may only appear once, at most. */
++SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers,
++ unsigned int len);
++
+ /* SSLChannelBindingType enumerates the types of supported channel binding
+ * values. See RFC 5929. */
+ typedef enum SSLChannelBindingType {
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 3421e0b..c1f30a3 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -12623,6 +12623,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled)
return rv;
}
@@ -48,27 +67,11 @@
/* copy global default policy into socket. */
void
ssl3_InitSocketPolicy(sslSocket *ss)
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2014-01-17 18:45:24.378132013 -0800
-+++ b/nss/lib/ssl/ssl.h 2014-01-17 18:46:29.929216162 -0800
-@@ -285,6 +285,13 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDe
- SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
- SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
-
-+/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
-+ * which must be an array of cipher suite ids of length |len|. All the given
-+ * cipher suite ids must appear in the array that is returned by
-+ * |SSL_GetImplementedCiphers| and may only appear once, at most. */
-+SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers,
-+ unsigned int len);
-+
- /* SSLChannelBindingType enumerates the types of supported channel binding
- * values. See RFC 5929. */
- typedef enum SSLChannelBindingType {
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 18:45:24.378132013 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 18:46:29.929216162 -0800
-@@ -1743,6 +1743,8 @@ extern SECStatus ssl3_CipherPrefSet(sslS
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 2f61a46..f796a14 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1747,6 +1747,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
@@ -77,14 +80,14 @@
extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c 2014-01-17 18:45:24.378132013 -0800
-+++ b/nss/lib/ssl/sslsock.c 2014-01-17 18:46:29.929216162 -0800
-@@ -1278,6 +1278,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt3
- return rv;
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index 80f4e67..13634c6 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -1316,6 +1316,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
}
-+SECStatus
+ SECStatus
+SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len)
+{
+ sslSocket *ss = ssl_FindSocket(fd);
@@ -97,6 +100,7 @@
+ return ssl3_CipherOrderSet(ss, ciphers, len);
+}
+
- SECStatus
++SECStatus
SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
{
+ SECStatus rv;
diff --git a/net/third_party/nss/patches/clientauth.patch b/net/third_party/nss/patches/clientauth.patch
index 9283676..18e3b88 100644
--- a/net/third_party/nss/patches/clientauth.patch
+++ b/net/third_party/nss/patches/clientauth.patch
@@ -1,7 +1,61 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 17:52:00.295082288 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 17:52:19.745405758 -0800
-@@ -2471,6 +2471,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 91a47a6..4e7d52e 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -543,6 +543,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
+ SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
+ SSLGetClientAuthData f, void *a);
+
++/*
++ * Prototype for SSL callback to get client auth data from the application,
++ * optionally using the underlying platform's cryptographic primitives.
++ * To use the platform cryptographic primitives, caNames and pRetCerts
++ * should be set. To use NSS, pRetNSSCert and pRetNSSKey should be set.
++ * Returning SECFailure will cause the socket to send no client certificate.
++ * arg - application passed argument
++ * caNames - pointer to distinguished names of CAs that the server likes
++ * pRetCerts - pointer to pointer to list of certs, with the first being
++ * the client cert, and any following being used for chain
++ * building
++ * pRetKey - pointer to native key pointer, for return of key
++ * - Windows: A pointer to a PCERT_KEY_CONTEXT that was allocated
++ * via PORT_Alloc(). Ownership of the PCERT_KEY_CONTEXT
++ * is transferred to NSS, which will free via
++ * PORT_Free().
++ * - Mac OS X: A pointer to a SecKeyRef. Ownership is
++ * transferred to NSS, which will free via CFRelease().
++ * pRetNSSCert - pointer to pointer to NSS cert, for return of cert.
++ * pRetNSSKey - pointer to NSS key pointer, for return of key.
++ */
++typedef SECStatus (PR_CALLBACK *SSLGetPlatformClientAuthData)(void *arg,
++ PRFileDesc *fd,
++ CERTDistNames *caNames,
++ CERTCertList **pRetCerts,/*return */
++ void **pRetKey,/* return */
++ CERTCertificate **pRetNSSCert,/*return */
++ SECKEYPrivateKey **pRetNSSKey);/* return */
++
++/*
++ * Set the client side callback for SSL to retrieve user's private key
++ * and certificate.
++ * Note: If a platform client auth callback is set, the callback configured by
++ * SSL_GetClientAuthDataHook, if any, will not be called.
++ *
++ * fd - the file descriptor for the connection in question
++ * f - the application's callback that delivers the key and cert
++ * a - application specific data
++ */
++SSL_IMPORT SECStatus
++SSL_GetPlatformClientAuthDataHook(PRFileDesc *fd,
++ SSLGetPlatformClientAuthData f, void *a);
+
+ /*
+ ** SNI extension processing callback function.
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index ebaee61..40ae885 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -2503,6 +2503,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
PRBool isPresent = PR_TRUE;
/* we only care if we are doing client auth */
@@ -11,7 +65,7 @@
if (!sid || !sid->u.ssl3.clAuthValid) {
return PR_TRUE;
}
-@@ -6103,25 +6106,36 @@ ssl3_SendCertificateVerify(sslSocket *ss
+@@ -6163,25 +6166,36 @@ ssl3_SendCertificateVerify(sslSocket *ss)
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
@@ -65,7 +119,7 @@
if (rv != SECSuccess) {
goto done; /* err code was set by ssl3_SignHashes */
}
-@@ -6200,6 +6214,12 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6260,6 +6274,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
ss->ssl3.clientPrivateKey = NULL;
}
@@ -78,7 +132,7 @@
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (temp < 0) {
-@@ -6827,6 +6847,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss,
+@@ -6887,6 +6907,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss,
goto done;
}
@@ -97,7 +151,7 @@
/* If the key is a 1024-bit RSA or DSA key, assume conservatively that
* it may be unable to sign SHA-256 hashes. This is the case for older
* Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and
-@@ -6925,6 +6957,10 @@ ssl3_HandleCertificateRequest(sslSocket
+@@ -6985,6 +7017,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SECItem cert_types = {siBuffer, NULL, 0};
SECItem algorithms = {siBuffer, NULL, 0};
CERTDistNames ca_list;
@@ -108,7 +162,7 @@
SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
SSL_GETPID(), ss->fd));
-@@ -6941,6 +6977,7 @@ ssl3_HandleCertificateRequest(sslSocket
+@@ -7001,6 +7037,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
PORT_Assert(ss->ssl3.clientCertChain == NULL);
PORT_Assert(ss->ssl3.clientCertificate == NULL);
PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
@@ -116,7 +170,7 @@
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-@@ -7020,6 +7057,18 @@ ssl3_HandleCertificateRequest(sslSocket
+@@ -7080,6 +7117,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
desc = no_certificate;
ss->ssl3.hs.ws = wait_hello_done;
@@ -135,7 +189,7 @@
if (ss->getClientAuthData != NULL) {
/* XXX Should pass cert_types and algorithms in this call!! */
rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
-@@ -7029,12 +7078,55 @@ ssl3_HandleCertificateRequest(sslSocket
+@@ -7089,12 +7138,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
} else {
rv = SECFailure; /* force it to send a no_certificate alert */
}
@@ -191,7 +245,7 @@
/* check what the callback function returned */
if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) {
/* we are missing either the key or cert */
-@@ -7096,6 +7188,10 @@ loser:
+@@ -7156,6 +7248,10 @@ loser:
done:
if (arena != NULL)
PORT_FreeArena(arena, PR_FALSE);
@@ -202,7 +256,7 @@
return rv;
}
-@@ -7213,7 +7309,8 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -7273,7 +7369,8 @@ ssl3_SendClientSecondRound(sslSocket *ss)
sendClientCert = !ss->ssl3.sendEmptyCert &&
ss->ssl3.clientCertChain != NULL &&
@@ -212,7 +266,7 @@
if (!sendClientCert &&
ss->ssl3.hs.hashType == handshake_hash_single &&
-@@ -12052,6 +12149,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -12140,6 +12237,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
if (ss->ssl3.clientPrivateKey != NULL)
SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
@@ -223,9 +277,10 @@
if (ss->ssl3.peerCertArena != NULL)
ssl3_CleanupPeerCerts(ss);
-diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
---- a/nss/lib/ssl/ssl3ext.c 2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/ssl3ext.c 2014-01-17 17:52:19.745405758 -0800
+diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
+index 3660866..9345be8 100644
+--- a/ssl/ssl3ext.c
++++ b/ssl/ssl3ext.c
@@ -10,8 +10,8 @@
#include "nssrenam.h"
#include "nss.h"
@@ -236,10 +291,11 @@
#include "pk11pub.h"
#ifdef NO_PKCS11_BYPASS
#include "blapit.h"
-diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c
---- a/nss/lib/ssl/sslauth.c 2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslauth.c 2014-01-17 17:52:19.755405924 -0800
-@@ -216,6 +216,28 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
+diff --git a/ssl/sslauth.c b/ssl/sslauth.c
+index ed74d94..7f9c43b 100644
+--- a/ssl/sslauth.c
++++ b/ssl/sslauth.c
+@@ -216,6 +216,28 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
return SECSuccess;
}
@@ -268,61 +324,10 @@
/* NEED LOCKS IN HERE. */
SECStatus
SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2014-01-17 17:49:26.062517203 -0800
-+++ b/nss/lib/ssl/ssl.h 2014-01-17 17:52:19.755405924 -0800
-@@ -533,6 +533,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetCl
- SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
- SSLGetClientAuthData f, void *a);
-
-+/*
-+ * Prototype for SSL callback to get client auth data from the application,
-+ * optionally using the underlying platform's cryptographic primitives.
-+ * To use the platform cryptographic primitives, caNames and pRetCerts
-+ * should be set. To use NSS, pRetNSSCert and pRetNSSKey should be set.
-+ * Returning SECFailure will cause the socket to send no client certificate.
-+ * arg - application passed argument
-+ * caNames - pointer to distinguished names of CAs that the server likes
-+ * pRetCerts - pointer to pointer to list of certs, with the first being
-+ * the client cert, and any following being used for chain
-+ * building
-+ * pRetKey - pointer to native key pointer, for return of key
-+ * - Windows: A pointer to a PCERT_KEY_CONTEXT that was allocated
-+ * via PORT_Alloc(). Ownership of the PCERT_KEY_CONTEXT
-+ * is transferred to NSS, which will free via
-+ * PORT_Free().
-+ * - Mac OS X: A pointer to a SecKeyRef. Ownership is
-+ * transferred to NSS, which will free via CFRelease().
-+ * pRetNSSCert - pointer to pointer to NSS cert, for return of cert.
-+ * pRetNSSKey - pointer to NSS key pointer, for return of key.
-+ */
-+typedef SECStatus (PR_CALLBACK *SSLGetPlatformClientAuthData)(void *arg,
-+ PRFileDesc *fd,
-+ CERTDistNames *caNames,
-+ CERTCertList **pRetCerts,/*return */
-+ void **pRetKey,/* return */
-+ CERTCertificate **pRetNSSCert,/*return */
-+ SECKEYPrivateKey **pRetNSSKey);/* return */
-+
-+/*
-+ * Set the client side callback for SSL to retrieve user's private key
-+ * and certificate.
-+ * Note: If a platform client auth callback is set, the callback configured by
-+ * SSL_GetClientAuthDataHook, if any, will not be called.
-+ *
-+ * fd - the file descriptor for the connection in question
-+ * f - the application's callback that delivers the key and cert
-+ * a - application specific data
-+ */
-+SSL_IMPORT SECStatus
-+SSL_GetPlatformClientAuthDataHook(PRFileDesc *fd,
-+ SSLGetPlatformClientAuthData f, void *a);
-
- /*
- ** SNI extension processing callback function.
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 17:52:00.295082288 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 17:52:19.755405924 -0800
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 88a7039..cda1869 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
@@ -20,6 +20,7 @@
#include "sslerr.h"
#include "ssl3prot.h"
@@ -347,7 +352,7 @@
/* to make some of these old enums public without namespace pollution,
** it was necessary to prepend ssl_ to the names.
** These #defines preserve compatibility with the old code here in libssl.
-@@ -441,6 +451,14 @@ struct sslGatherStr {
+@@ -443,6 +453,14 @@ struct sslGatherStr {
#define GS_DATA 3
#define GS_PAD 4
@@ -362,7 +367,7 @@
/*
-@@ -953,6 +971,10 @@ struct ssl3StateStr {
+@@ -955,6 +973,10 @@ struct ssl3StateStr {
CERTCertificate * clientCertificate; /* used by client */
SECKEYPrivateKey * clientPrivateKey; /* used by client */
@@ -373,7 +378,7 @@
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
-@@ -1214,6 +1236,10 @@ const unsigned char * preferredCipher;
+@@ -1216,6 +1238,10 @@ const unsigned char * preferredCipher;
void *authCertificateArg;
SSLGetClientAuthData getClientAuthData;
void *getClientAuthDataArg;
@@ -384,7 +389,7 @@
SSLSNISocketConfig sniSocketConfig;
void *sniSocketConfigArg;
SSLBadCertHandler handleBadCert;
-@@ -1852,6 +1878,26 @@ extern SECStatus ssl_InitSessionCacheLoc
+@@ -1856,6 +1882,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
extern SECStatus ssl_FreeSessionCacheLocks(void);
@@ -411,21 +416,22 @@
/**************** DTLS-specific functions **************/
extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg);
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c 2014-01-17 17:49:40.942764689 -0800
-+++ b/nss/lib/ssl/sslsock.c 2014-01-17 17:52:19.755405924 -0800
-@@ -263,6 +263,10 @@ ssl_DupSocket(sslSocket *os)
- ss->authCertificateArg = os->authCertificateArg;
- ss->getClientAuthData = os->getClientAuthData;
- ss->getClientAuthDataArg = os->getClientAuthDataArg;
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index 90bc457..fccc664 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -275,6 +275,10 @@ ssl_DupSocket(sslSocket *os)
+ ss->authCertificateArg = os->authCertificateArg;
+ ss->getClientAuthData = os->getClientAuthData;
+ ss->getClientAuthDataArg = os->getClientAuthDataArg;
+#ifdef NSS_PLATFORM_CLIENT_AUTH
-+ ss->getPlatformClientAuthData = os->getPlatformClientAuthData;
-+ ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
++ ss->getPlatformClientAuthData = os->getPlatformClientAuthData;
++ ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
+#endif
ss->sniSocketConfig = os->sniSocketConfig;
ss->sniSocketConfigArg = os->sniSocketConfigArg;
- ss->handleBadCert = os->handleBadCert;
-@@ -1667,6 +1671,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
+ ss->handleBadCert = os->handleBadCert;
+@@ -1709,6 +1713,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
ss->getClientAuthData = sm->getClientAuthData;
if (sm->getClientAuthDataArg)
ss->getClientAuthDataArg = sm->getClientAuthDataArg;
@@ -438,14 +444,14 @@
if (sm->sniSocketConfig)
ss->sniSocketConfig = sm->sniSocketConfig;
if (sm->sniSocketConfigArg)
-@@ -2921,6 +2931,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
+@@ -2974,6 +2984,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
ss->sniSocketConfig = NULL;
ss->sniSocketConfigArg = NULL;
- ss->getClientAuthData = NULL;
+ ss->getClientAuthData = NULL;
+#ifdef NSS_PLATFORM_CLIENT_AUTH
-+ ss->getPlatformClientAuthData = NULL;
-+ ss->getPlatformClientAuthDataArg = NULL;
++ ss->getPlatformClientAuthData = NULL;
++ ss->getPlatformClientAuthDataArg = NULL;
+#endif /* NSS_PLATFORM_CLIENT_AUTH */
- ss->handleBadCert = NULL;
- ss->badCertArg = NULL;
- ss->pkcs11PinArg = NULL;
+ ss->handleBadCert = NULL;
+ ss->badCertArg = NULL;
+ ss->pkcs11PinArg = NULL;
diff --git a/net/third_party/nss/patches/didhandshakeresume.patch b/net/third_party/nss/patches/didhandshakeresume.patch
index 70f878d..f4b04be 100644
--- a/net/third_party/nss/patches/didhandshakeresume.patch
+++ b/net/third_party/nss/patches/didhandshakeresume.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2014-01-17 17:52:46.715854283 -0800
-+++ b/nss/lib/ssl/ssl.h 2014-01-17 17:53:20.876422375 -0800
-@@ -997,6 +997,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 4e7d52e..34142fc 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -1007,6 +1007,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
SSLExtensionType extId,
PRBool *yes);
@@ -11,10 +12,11 @@
/*
** How long should we wait before retransmitting the next flight of
** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c 2014-01-17 17:52:46.715854283 -0800
-+++ b/nss/lib/ssl/sslsock.c 2014-01-17 17:53:20.876422375 -0800
-@@ -1855,6 +1855,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index fccc664..688f399 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -1897,6 +1897,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
return &ss->sec.ci.sid->peerCertStatus;
}
diff --git a/net/third_party/nss/patches/fallbackscsv.patch b/net/third_party/nss/patches/fallbackscsv.patch
deleted file mode 100644
index 13f5b473..0000000
--- a/net/third_party/nss/patches/fallbackscsv.patch
+++ /dev/null
@@ -1,213 +0,0 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:46:51.999581198 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:47:05.509804656 -0800
-@@ -3473,6 +3473,9 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffe
- case certificate_unknown: error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT;
- break;
- case illegal_parameter: error = SSL_ERROR_ILLEGAL_PARAMETER_ALERT;break;
-+ case inappropriate_fallback:
-+ error = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
-+ break;
-
- /* All alerts below are TLS only. */
- case unknown_ca: error = SSL_ERROR_UNKNOWN_CA_ALERT; break;
-@@ -4986,6 +4989,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
- int num_suites;
- int actual_count = 0;
- PRBool isTLS = PR_FALSE;
-+ PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE;
- PRInt32 total_exten_len = 0;
- unsigned paddingExtensionLen;
- unsigned numCompressionMethods;
-@@ -5128,6 +5132,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
- }
-
- if (sid) {
-+ requestingResume = PR_TRUE;
- SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits );
-
- PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
-@@ -5246,8 +5251,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
- if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
- return SECFailure; /* count_cipher_suites has set error code. */
- }
-+
-+ fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume ||
-+ ss->version < sid->version);
-+ /* make room for SCSV */
- if (ss->ssl3.hs.sendingSCSV) {
-- ++num_suites; /* make room for SCSV */
-+ ++num_suites;
-+ }
-+ if (fallbackSCSV) {
-+ ++num_suites;
- }
-
- /* count compression methods */
-@@ -5389,11 +5389,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
- if (rv != SECSuccess) {
- if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
- return rv; /* err set by ssl3_AppendHandshake* */
- }
- }
- }
-
-+ if (fallbackSCSV) {
-+ rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
-+ sizeof(ssl3CipherSuite));
-+ if (rv != SECSuccess) {
-+ if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
-+ return rv; /* err set by ssl3_AppendHandshake* */
-+ }
-+ actual_count++;
-+ }
-+
- /* if cards were removed or inserted between count_cipher_suites and
- * generating our list, detect the error here rather than send it off to
- * the server.. */
- if (actual_count != num_suites) {
-@@ -8084,6 +8105,19 @@ ssl3_HandleClientHello(sslSocket *ss, SS
- goto loser; /* malformed */
- }
-
-+ /* If the ClientHello version is less than our maximum version, check for a
-+ * TLS_FALLBACK_SCSV and reject the connection if found. */
-+ if (ss->vrange.max > ss->clientHelloVersion) {
-+ for (i = 0; i + 1 < suites.len; i += 2) {
-+ PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
-+ if (suite_i != TLS_FALLBACK_SCSV)
-+ continue;
-+ desc = inappropriate_fallback;
-+ errCode = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
-+ goto alert_loser;
-+ }
-+ }
-+
- /* grab the list of compression methods. */
- rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length);
- if (rv != SECSuccess) {
-diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h
---- a/nss/lib/ssl/ssl3prot.h 2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/ssl3prot.h 2014-01-17 18:47:05.509804656 -0800
-@@ -98,6 +98,7 @@ typedef enum {
- protocol_version = 70,
- insufficient_security = 71,
- internal_error = 80,
-+ inappropriate_fallback = 86, /* could also be sent for SSLv3 */
- user_canceled = 90,
- no_renegotiation = 100,
-
-diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h
---- a/nss/lib/ssl/sslerr.h 2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/sslerr.h 2014-01-17 18:47:05.509804656 -0800
-@@ -196,6 +196,7 @@ SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM
- SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 129),
- SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 130),
- SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 131),
-+SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 132),
-
- SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
- } SSLErrorCodes;
-diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h
---- a/nss/lib/ssl/SSLerrs.h 2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/SSLerrs.h 2014-01-17 18:47:05.509804656 -0800
-@@ -421,3 +421,8 @@ ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (S
-
- ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
- "The application could not get a TLS Channel ID.")
-+
-+ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 132),
-+"The connection was using a lesser TLS version as a result of a previous"
-+" handshake failure, but the server indicated that it should not have been"
-+" needed.")
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2014-01-17 18:46:51.999581198 -0800
-+++ b/nss/lib/ssl/ssl.h 2014-01-17 18:48:54.971613341 -0800
-@@ -183,6 +183,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
-
- /* Request Signed Certificate Timestamps via TLS extension (client) */
- #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27
-+#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
-+ * handshakes. */
-
- #ifdef SSL_DEPRECATED_FUNCTION
- /* Old deprecated function names */
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 18:46:51.999581198 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 18:51:17.963962287 -0800
-@@ -338,6 +338,7 @@ typedef struct sslOptionsStr {
- unsigned int enableNPN : 1; /* 26 */
- unsigned int enableALPN : 1; /* 27 */
- unsigned int enableSignedCertTimestamps : 1; /* 28 */
-+ unsigned int enableFallbackSCSV : 1; /* 29 */
- } sslOptions;
-
- typedef enum { sslHandshakingUndetermined = 0,
-diff -pu a/nss/lib/ssl/sslproto.h b/nss/lib/ssl/sslproto.h
---- a/nss/lib/ssl/sslproto.h 2014-01-17 18:10:16.793281867 -0800
-+++ b/nss/lib/ssl/sslproto.h 2014-01-17 18:47:05.509804656 -0800
-@@ -172,6 +172,11 @@
- */
- #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
-
-+/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
-+ * handshake is the result of TLS version fallback. This value is not IANA
-+ * assigned. */
-+#define TLS_FALLBACK_SCSV 0x5600
-+
- /* Cipher Suite Values starting with 0xC000 are defined in informational
- * RFCs.
- */
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c 2014-01-17 18:46:52.009581364 -0800
-+++ b/nss/lib/ssl/sslsock.c 2014-01-17 18:59:17.931852364 -0800
-@@ -88,7 +88,8 @@ static sslOptions ssl_defaults = {
- PR_FALSE, /* enableOCSPStapling */
- PR_TRUE, /* enableNPN */
- PR_FALSE, /* enableALPN */
-- PR_FALSE /* enableSignedCertTimestamps */
-+ PR_FALSE, /* enableSignedCertTimestamps */
-+ PR_FALSE /* enableFallbackSCSV */
- };
-
- /*
-@@ -792,6 +793,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
- ss->opt.enableSignedCertTimestamps = on;
- break;
-
-+ case SSL_ENABLE_FALLBACK_SCSV:
-+ ss->opt.enableFallbackSCSV = on;
-+ break;
-+
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
-@@ -867,6 +872,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
- case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
- on = ss->opt.enableSignedCertTimestamps;
- break;
-+ case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -933,6 +939,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
- case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
- on = ssl_defaults.enableSignedCertTimestamps;
- break;
-+ case SSL_ENABLE_FALLBACK_SCSV:
-+ on = ssl_defaults.enableFallbackSCSV;
-+ break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1112,6 +1121,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
- ssl_defaults.enableSignedCertTimestamps = on;
- break;
-
-+ case SSL_ENABLE_FALLBACK_SCSV:
-+ ssl_defaults.enableFallbackSCSV = on;
-+ break;
-+
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
diff --git a/net/third_party/nss/patches/getrequestedclientcerttypes.patch b/net/third_party/nss/patches/getrequestedclientcerttypes.patch
index 9ca8abd..db1464c 100644
--- a/net/third_party/nss/patches/getrequestedclientcerttypes.patch
+++ b/net/third_party/nss/patches/getrequestedclientcerttypes.patch
@@ -1,28 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 17:52:46.705854118 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 17:54:27.087523439 -0800
-@@ -6985,6 +6985,9 @@ ssl3_HandleCertificateRequest(sslSocket
- if (rv != SECSuccess)
- goto loser; /* malformed, alert has been sent */
-
-+ PORT_Assert(!ss->requestedCertTypes);
-+ ss->requestedCertTypes = &cert_types;
-+
- if (isTLS12) {
- rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
- if (rv != SECSuccess)
-@@ -7186,6 +7189,7 @@ loser:
- PORT_SetError(errCode);
- rv = SECFailure;
- done:
-+ ss->requestedCertTypes = NULL;
- if (arena != NULL)
- PORT_FreeArena(arena, PR_FALSE);
- #ifdef NSS_PLATFORM_CLIENT_AUTH
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2014-01-17 17:53:39.726735852 -0800
-+++ b/nss/lib/ssl/ssl.h 2014-01-17 17:54:27.087523439 -0800
-@@ -793,6 +793,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWith
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 34142fc..e2d1b09 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -803,6 +803,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
PRBool flushCache,
PRIntervalTime timeout);
@@ -39,10 +19,33 @@
#ifdef SSL_DEPRECATED_FUNCTION
/* deprecated!
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 17:52:46.715854283 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 17:54:27.087523439 -0800
-@@ -1229,6 +1229,10 @@ struct sslSocketStr {
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 40ae885..cb59cc1 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -7045,6 +7045,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+ if (rv != SECSuccess)
+ goto loser; /* malformed, alert has been sent */
+
++ PORT_Assert(!ss->requestedCertTypes);
++ ss->requestedCertTypes = &cert_types;
++
+ if (isTLS12) {
+ rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
+ if (rv != SECSuccess)
+@@ -7246,6 +7249,7 @@ loser:
+ PORT_SetError(errCode);
+ rv = SECFailure;
+ done:
++ ss->requestedCertTypes = NULL;
+ if (arena != NULL)
+ PORT_FreeArena(arena, PR_FALSE);
+ #ifdef NSS_PLATFORM_CLIENT_AUTH
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index cda1869..9f59f5a 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1231,6 +1231,10 @@ struct sslSocketStr {
unsigned int sizeCipherSpecs;
const unsigned char * preferredCipher;
@@ -53,10 +56,11 @@
ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
/* Callbacks */
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c 2014-01-17 17:53:39.726735852 -0800
-+++ b/nss/lib/ssl/sslsock.c 2014-01-17 17:54:27.097523605 -0800
-@@ -1869,6 +1869,20 @@ SSL_HandshakeResumedSession(PRFileDesc *
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index 688f399..a939781 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -1911,6 +1911,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
return SECSuccess;
}
@@ -77,11 +81,11 @@
/************************************************************************/
/* The following functions are the TOP LEVEL SSL functions.
** They all get called through the NSPRIOMethods table below.
-@@ -2936,6 +2950,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
- sc->serverKeyBits = 0;
- ss->certStatusArray[i] = NULL;
- }
-+ ss->requestedCertTypes = NULL;
- ss->stepDownKeyPair = NULL;
- ss->dbHandle = CERT_GetDefaultCertDB();
+@@ -2989,6 +3003,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
+ sc->serverKeyBits = 0;
+ ss->certStatusArray[i] = NULL;
+ }
++ ss->requestedCertTypes = NULL;
+ ss->stepDownKeyPair = NULL;
+ ss->dbHandle = CERT_GetDefaultCertDB();
diff --git a/net/third_party/nss/patches/nssrwlock.patch b/net/third_party/nss/patches/nssrwlock.patch
index 2f10a4fb..c5e2b57c 100644
--- a/net/third_party/nss/patches/nssrwlock.patch
+++ b/net/third_party/nss/patches/nssrwlock.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 19:01:58.104487211 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 19:02:38.965159506 -0800
-@@ -5211,7 +5211,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 17c368e..424c1fb 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -5246,7 +5246,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
* the lock across the calls to ssl3_CallHelloExtensionSenders.
*/
if (sid->u.ssl3.lock) {
@@ -10,7 +11,7 @@
}
if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) {
-@@ -5220,7 +5220,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5255,7 +5255,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL);
if (extLen < 0) {
@@ -18,8 +19,8 @@
+ if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
return SECFailure;
}
- maxBytes -= extLen;
-@@ -5248,7 +5248,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ total_exten_len += extLen;
+@@ -5282,7 +5282,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
/* how many suites are permitted by policy and user preference? */
num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
if (!num_suites) {
@@ -28,7 +29,7 @@
return SECFailure; /* count_cipher_suites has set error code. */
}
-@@ -5293,7 +5293,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5327,7 +5327,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
if (rv != SECSuccess) {
@@ -37,7 +38,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
-@@ -5312,21 +5312,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5346,21 +5346,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
}
if (rv != SECSuccess) {
@@ -62,16 +63,16 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
-@@ -5336,7 +5336,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5370,7 +5370,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
else
- rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
if (rv != SECSuccess) {
- if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
+ if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
return rv; /* err set by ssl3_AppendHandshake* */
}
-@@ -5344,14 +5344,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5378,14 +5378,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeVariable(
ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1);
if (rv != SECSuccess) {
@@ -88,7 +89,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
-@@ -5360,7 +5360,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5394,7 +5394,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
sizeof(ssl3CipherSuite));
if (rv != SECSuccess) {
@@ -97,7 +98,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
actual_count++;
-@@ -5369,7 +5369,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5403,7 +5403,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
sizeof(ssl3CipherSuite));
if (rv != SECSuccess) {
@@ -106,7 +107,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
actual_count++;
-@@ -5379,7 +5379,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5413,7 +5413,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
actual_count++;
if (actual_count > num_suites) {
@@ -115,7 +116,7 @@
/* set error card removal/insertion error */
PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
return SECFailure;
-@@ -5387,7 +5387,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5421,7 +5421,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
sizeof(ssl3CipherSuite));
if (rv != SECSuccess) {
@@ -124,7 +125,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
}
-@@ -5398,14 +5398,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5432,14 +5432,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
* the server.. */
if (actual_count != num_suites) {
/* Card removal/insertion error */
@@ -141,7 +142,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
for (i = 0; i < compressionMethodsCount; i++) {
-@@ -5413,7 +5413,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5447,7 +5447,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
continue;
rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1);
if (rv != SECSuccess) {
@@ -150,7 +151,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
}
-@@ -5424,20 +5424,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5458,20 +5458,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2);
if (rv != SECSuccess) {
@@ -174,7 +175,7 @@
return SECFailure;
}
maxBytes -= extLen;
-@@ -5446,7 +5446,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+@@ -5480,7 +5480,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
}
if (sid->u.ssl3.lock) {
@@ -183,10 +184,11 @@
}
if (ss->xtnData.sentSessionTicketInClientHello) {
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 19:00:52.843413560 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 19:02:38.965159506 -0800
-@@ -730,7 +730,7 @@ struct sslSessionIDStr {
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index f796a14..a809616 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -731,7 +731,7 @@ struct sslSessionIDStr {
* cached. Before then, there is no need to lock anything because
* the sid isn't being shared by anything.
*/
@@ -195,9 +197,10 @@
/* The lock must be held while reading or writing these members
* because they change while the sid is cached.
-diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
---- a/nss/lib/ssl/sslnonce.c 2014-01-17 19:02:25.844943628 -0800
-+++ b/nss/lib/ssl/sslnonce.c 2014-01-17 19:02:38.965159506 -0800
+diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+index cefdda6..28ad364 100644
+--- a/ssl/sslnonce.c
++++ b/ssl/sslnonce.c
@@ -136,7 +136,7 @@ ssl_DestroySID(sslSessionID *sid)
}
@@ -216,16 +219,16 @@
if (!sid->u.ssl3.lock) {
return;
}
-@@ -448,7 +448,7 @@ ssl3_SetSIDSessionTicket(sslSessionID *s
+@@ -450,7 +450,7 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
* yet, so no locking is needed.
*/
if (sid->u.ssl3.lock) {
- PR_RWLock_Wlock(sid->u.ssl3.lock);
+ NSSRWLock_LockWrite(sid->u.ssl3.lock);
-
- /* A server might have sent us an empty ticket, which has the
- * effect of clearing the previously known ticket.
-@@ -467,6 +467,6 @@ ssl3_SetSIDSessionTicket(sslSessionID *s
+ if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
+ SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
+ PR_FALSE);
+@@ -465,6 +465,6 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
newSessionTicket->ticket.len = 0;
if (sid->u.ssl3.lock) {
diff --git a/net/third_party/nss/patches/paddingextvalue.patch b/net/third_party/nss/patches/paddingextvalue.patch
deleted file mode 100644
index 5998054..0000000
--- a/net/third_party/nss/patches/paddingextvalue.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Index: net/third_party/nss/ssl/sslt.h
-===================================================================
---- net/third_party/nss/ssl/sslt.h (revision 262719)
-+++ net/third_party/nss/ssl/sslt.h (working copy)
-@@ -203,10 +203,10 @@
- ssl_use_srtp_xtn = 14,
- ssl_app_layer_protocol_xtn = 16,
- ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */
-+ ssl_padding_xtn = 21,
- ssl_session_ticket_xtn = 35,
- ssl_next_proto_nego_xtn = 13172,
- ssl_channel_id_xtn = 30032,
-- ssl_padding_xtn = 35655,
- ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
- } SSLExtensionType;
-
diff --git a/net/third_party/nss/patches/removebuildmetadata.patch b/net/third_party/nss/patches/removebuildmetadata.patch
index 018fcbb..cd25f09 100644
--- a/net/third_party/nss/patches/removebuildmetadata.patch
+++ b/net/third_party/nss/patches/removebuildmetadata.patch
@@ -1,7 +1,7 @@
-diff --git a/net/third_party/nss/ssl/sslver.c b/net/third_party/nss/ssl/sslver.c
+diff --git a/ssl/sslver.c b/ssl/sslver.c
index 35e0317..ea60888 100644
---- a/net/third_party/nss/ssl/sslver.c
-+++ b/net/third_party/nss/ssl/sslver.c
+--- a/ssl/sslver.c
++++ b/ssl/sslver.c
@@ -12,6 +12,13 @@
#define _DEBUG_STRING ""
#endif
diff --git a/net/third_party/nss/patches/reorderextensions.patch b/net/third_party/nss/patches/reorderextensions.patch
index 3572fb1..7bbf559e 100644
--- a/net/third_party/nss/patches/reorderextensions.patch
+++ b/net/third_party/nss/patches/reorderextensions.patch
@@ -1,34 +1,30 @@
-diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
-index 6f3fe2f..523e49a 100644
---- a/nss/lib/ssl/ssl3ext.c
-+++ b/nss/lib/ssl/ssl3ext.c
-@@ -295,9 +295,12 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
- { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
- { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
+diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
+index 6c120ff..697a313 100644
+--- a/ssl/ssl3ext.c
++++ b/ssl/ssl3ext.c
+@@ -308,6 +308,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
-- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
{ ssl_signed_certificate_timestamp_xtn,
-- &ssl3_ClientSendSignedCertTimestampXtn }
-+ &ssl3_ClientSendSignedCertTimestampXtn },
+ &ssl3_ClientSendSignedCertTimestampXtn },
+ /* WebSphere Application Server 7.0 is intolerant to the last extension
-+ * being zero-length. It is not intolerant of TLS 1.2, so move
-+ * signature_algorithms to the end. */
-+ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
++ * being zero-length. It is not intolerant of TLS 1.2, so ensure that
++ * signature_algorithms is at the end to guarantee a non-empty
++ * extension. */
+ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+ { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
/* any extra entries will appear as { 0, NULL } */
- };
-
-@@ -2347,9 +2350,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
+@@ -2464,9 +2468,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
}
extensionLength = 512 - recordLength;
- /* Extensions take at least four bytes to encode. */
- if (extensionLength < 4) {
-- extensionLength = 4;
+- extensionLength = 4;
+ /* Extensions take at least four bytes to encode. Always include at least
-+ * one byte of data if including the extension. WebSphere Application Server
-+ * 7.0 is intolerant to the last extension being zero-length. */
++ * one byte of data if including the extension. WebSphere Application
++ * Server 7.0 is intolerant to the last extension being zero-length. */
+ if (extensionLength < 4 + 1) {
-+ extensionLength = 4 + 1;
++ extensionLength = 4 + 1;
}
return extensionLength;
diff --git a/net/third_party/nss/patches/restartclientauth.patch b/net/third_party/nss/patches/restartclientauth.patch
index 5056cad..c977ad6 100644
--- a/net/third_party/nss/patches/restartclientauth.patch
+++ b/net/third_party/nss/patches/restartclientauth.patch
@@ -1,7 +1,24 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 17:55:01.518095989 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 17:55:19.158389328 -0800
-@@ -7199,6 +7199,85 @@ done:
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index e2d1b09..593dd00 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -409,6 +409,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
+ SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
+ PRIntervalTime timeout);
+
++SSL_IMPORT SECStatus SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
++ CERTCertificate *cert,
++ SECKEYPrivateKey *key,
++ CERTCertificateList *certChain);
++
+ /*
+ ** Query security status of socket. *on is set to one if security is
+ ** enabled. *keySize will contain the stream key size used. *issuer will
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index cb59cc1..1852806 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -7259,6 +7259,85 @@ done:
return rv;
}
@@ -87,25 +104,11 @@
static SECStatus
ssl3_CheckFalseStart(sslSocket *ss)
{
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2014-01-17 17:55:01.538096321 -0800
-+++ b/nss/lib/ssl/ssl.h 2014-01-17 17:55:19.158389328 -0800
-@@ -399,6 +399,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(
- SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
- PRIntervalTime timeout);
-
-+SSL_IMPORT SECStatus SSL_RestartHandshakeAfterCertReq(PRFileDesc *fd,
-+ CERTCertificate *cert,
-+ SECKEYPrivateKey *key,
-+ CERTCertificateList *certChain);
-+
- /*
- ** Query security status of socket. *on is set to one if security is
- ** enabled. *keySize will contain the stream key size used. *issuer will
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 17:55:01.538096321 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 17:55:19.158389328 -0800
-@@ -1588,16 +1588,17 @@ extern SECStatus ssl3_MasterKeyDeriveBy
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 9f59f5a..c6ac398 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1592,16 +1592,17 @@ extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
/* These functions are called from secnav, even though they're "private". */
extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
@@ -127,10 +130,11 @@
extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
/*
-diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
---- a/nss/lib/ssl/sslsecur.c 2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslsecur.c 2014-01-17 17:55:19.158389328 -0800
-@@ -1518,17 +1518,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERT
+diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
+index ea2d408..d44336e 100644
+--- a/ssl/sslsecur.c
++++ b/ssl/sslsecur.c
+@@ -1516,17 +1516,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
return SECSuccess;
}
diff --git a/net/third_party/nss/patches/secitemarray.patch b/net/third_party/nss/patches/secitemarray.patch
index 5c48f5b..159d32bf 100644
--- a/net/third_party/nss/patches/secitemarray.patch
+++ b/net/third_party/nss/patches/secitemarray.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 18:00:11.213237373 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 18:03:29.176520864 -0800
-@@ -1364,6 +1364,15 @@ extern sslSessionIDUncacheFunc ssl_sid_u
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 2d21e90..88f559a 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1366,6 +1366,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache;
SEC_BEGIN_PROTOS
@@ -17,9 +18,10 @@
/* Internal initialization and installation of the SSL error tables */
extern SECStatus ssl_Init(void);
extern SECStatus ssl_InitializePRErrorTable(void);
-diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
---- a/nss/lib/ssl/sslt.h 2014-01-17 17:59:03.252110162 -0800
-+++ b/nss/lib/ssl/sslt.h 2014-01-17 18:03:29.186521030 -0800
+diff --git a/ssl/sslt.h b/ssl/sslt.h
+index 0900f28..430d216 100644
+--- a/ssl/sslt.h
++++ b/ssl/sslt.h
@@ -10,6 +10,19 @@
#include "prtypes.h"
diff --git a/net/third_party/nss/patches/secretexporterlocks.patch b/net/third_party/nss/patches/secretexporterlocks.patch
index 85d98df..7716f93 100644
--- a/net/third_party/nss/patches/secretexporterlocks.patch
+++ b/net/third_party/nss/patches/secretexporterlocks.patch
@@ -1,6 +1,7 @@
-diff -pu a/nss/lib/ssl/sslinfo.c b/nss/lib/ssl/sslinfo.c
---- a/nss/lib/ssl/sslinfo.c 2014-01-17 17:49:26.072517368 -0800
-+++ b/nss/lib/ssl/sslinfo.c 2014-01-17 18:00:29.773545219 -0800
+diff --git a/ssl/sslinfo.c b/ssl/sslinfo.c
+index 00f2f38..ba230d2 100644
+--- a/ssl/sslinfo.c
++++ b/ssl/sslinfo.c
@@ -350,8 +350,13 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
return SECFailure;
}
diff --git a/net/third_party/nss/patches/sessioncache.patch b/net/third_party/nss/patches/sessioncache.patch
index 1564648..98a1e10 100644
--- a/net/third_party/nss/patches/sessioncache.patch
+++ b/net/third_party/nss/patches/sessioncache.patch
@@ -1,19 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 19:00:52.843413560 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 19:01:36.374129696 -0800
-@@ -11318,7 +11318,7 @@ ssl3_FinishHandshake(sslSocket * ss)
- ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
- }
-
-- if (ss->ssl3.hs.cacheSID) {
-+ if (ss->ssl3.hs.cacheSID && ss->sec.isServer) {
- PORT_Assert(ss->sec.ci.sid->cached == never_cached);
- (*ss->sec.cache)(ss->sec.ci.sid);
- ss->ssl3.hs.cacheSID = PR_FALSE;
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2014-01-17 19:00:52.843413560 -0800
-+++ b/nss/lib/ssl/ssl.h 2014-01-17 19:01:36.374129696 -0800
-@@ -892,6 +892,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDes
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index be6d88e..57771cd 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -900,6 +900,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
/*
@@ -32,10 +21,24 @@
** Return a SECItem containing the SSL session ID associated with the fd.
*/
SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
-diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
---- a/nss/lib/ssl/sslsecur.c 2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/sslsecur.c 2014-01-17 19:01:36.374129696 -0800
-@@ -1469,6 +1469,49 @@ SSL_InvalidateSession(PRFileDesc *fd)
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index c1f30a3..17c368e 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -11367,7 +11367,7 @@ ssl3_FinishHandshake(sslSocket * ss)
+ ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
+ }
+
+- if (ss->ssl3.hs.cacheSID) {
++ if (ss->ssl3.hs.cacheSID && ss->sec.isServer) {
+ PORT_Assert(ss->sec.ci.sid->cached == never_cached);
+ (*ss->sec.cache)(ss->sec.ci.sid);
+ ss->ssl3.hs.cacheSID = PR_FALSE;
+diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
+index 5c6751a..00ab455 100644
+--- a/ssl/sslsecur.c
++++ b/ssl/sslsecur.c
+@@ -1467,6 +1467,49 @@ SSL_InvalidateSession(PRFileDesc *fd)
return rv;
}
diff --git a/net/third_party/nss/patches/signedcertificatetimestamps.patch b/net/third_party/nss/patches/signedcertificatetimestamps.patch
index 9864372..ce9efee 100644
--- a/net/third_party/nss/patches/signedcertificatetimestamps.patch
+++ b/net/third_party/nss/patches/signedcertificatetimestamps.patch
@@ -1,155 +1,18 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:11:28.314468184 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:23:17.946207727 -0800
-@@ -6682,10 +6682,22 @@ ssl3_HandleServerHello(sslSocket *ss, SS
- sid->u.ssl3.sessionIDLength = sidBytes.len;
- PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
-
-+ /* Copy Signed Certificate Timestamps, if any. */
-+ if (ss->xtnData.signedCertTimestamps.data) {
-+ rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,
-+ &ss->xtnData.signedCertTimestamps);
-+ if (rv != SECSuccess)
-+ goto loser;
-+ }
-+
- ss->ssl3.hs.isResuming = PR_FALSE;
- ss->ssl3.hs.ws = wait_server_cert;
-
- winner:
-+ /* Clean up the temporary pointer to the handshake buffer. */
-+ ss->xtnData.signedCertTimestamps.data = NULL;
-+ ss->xtnData.signedCertTimestamps.len = 0;
-+
- /* If we will need a ChannelID key then we make the callback now. This
- * allows the handshake to be restarted cleanly if the callback returns
- * SECWouldBlock. */
-@@ -6711,6 +6723,9 @@ alert_loser:
- (void)SSL3_SendAlert(ss, alert_fatal, desc);
-
- loser:
-+ /* Clean up the temporary pointer to the handshake buffer. */
-+ ss->xtnData.signedCertTimestamps.data = NULL;
-+ ss->xtnData.signedCertTimestamps.len = 0;
- errCode = ssl_MapLowLevelError(errCode);
- return SECFailure;
- }
-diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
---- a/nss/lib/ssl/ssl3ext.c 2014-01-17 18:22:54.945827814 -0800
-+++ b/nss/lib/ssl/ssl3ext.c 2014-01-17 18:35:21.798168722 -0800
-@@ -81,6 +81,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn
- PRUint32 maxBytes);
- static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
- SECItem *data);
-+static PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
-+ PRBool append,
-+ PRUint32 maxBytes);
-+static SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
-+ PRUint16 ex_type,
-+ SECItem *data);
-
- /*
- * Write bytes. Using this function means the SECItem structure
-@@ -259,6 +265,8 @@ static const ssl3HelloExtensionHandler s
- { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
- { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
- { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
-+ { ssl_signed_certificate_timestamp_xtn,
-+ &ssl3_ClientHandleSignedCertTimestampXtn },
- { -1, NULL }
- };
-
-@@ -287,7 +295,9 @@ ssl3HelloExtensionSender clientHelloSend
- { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
- { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
- { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
-- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
-+ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
-+ { ssl_signed_certificate_timestamp_xtn,
-+ &ssl3_ClientSendSignedCertTimestampXtn }
- /* any extra entries will appear as { 0, NULL } */
- };
-
-@@ -2379,3 +2389,65 @@ ssl3_AppendPaddingExtension(sslSocket *s
-
- return extensionLen;
- }
-+
-+/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
-+ * extension for TLS ClientHellos. */
-+static PRInt32
-+ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
-+ PRUint32 maxBytes)
-+{
-+ PRInt32 extension_length = 2 /* extension_type */ +
-+ 2 /* length(extension_data) */;
-+
-+ /* Only send the extension if processing is enabled. */
-+ if (!ss->opt.enableSignedCertTimestamps)
-+ return 0;
-+
-+ if (append && maxBytes >= extension_length) {
-+ SECStatus rv;
-+ /* extension_type */
-+ rv = ssl3_AppendHandshakeNumber(ss,
-+ ssl_signed_certificate_timestamp_xtn,
-+ 2);
-+ if (rv != SECSuccess)
-+ goto loser;
-+ /* zero length */
-+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-+ if (rv != SECSuccess)
-+ goto loser;
-+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-+ ssl_signed_certificate_timestamp_xtn;
-+ } else if (maxBytes < extension_length) {
-+ PORT_Assert(0);
-+ return 0;
-+ }
-+
-+ return extension_length;
-+loser:
-+ return -1;
-+}
-+
-+static SECStatus
-+ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
-+ SECItem *data)
-+{
-+ /* We do not yet know whether we'll be resuming a session or creating
-+ * a new one, so we keep a pointer to the data in the TLSExtensionData
-+ * structure. This pointer is only valid in the scope of
-+ * ssl3_HandleServerHello, and, if not resuming a session, the data is
-+ * copied once a new session structure has been set up.
-+ * All parsing is currently left to the application and we accept
-+ * everything, including empty data.
-+ */
-+ SECItem *scts = &ss->xtnData.signedCertTimestamps;
-+ PORT_Assert(!scts->data && !scts->len);
-+
-+ if (!data->len) {
-+ /* Empty extension data: RFC 6962 mandates non-empty contents. */
-+ return SECFailure;
-+ }
-+ *scts = *data;
-+ /* Keep track of negotiated extensions. */
-+ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-+ return SECSuccess;
-+}
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2014-01-17 18:00:11.213237373 -0800
-+++ b/nss/lib/ssl/ssl.h 2014-01-17 18:38:15.791045050 -0800
-@@ -181,6 +181,9 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
- */
- #define SSL_ENABLE_ALPN 26
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 80717db..e9f5fb0 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -191,6 +191,9 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
+ #define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
+ * handshakes. */
+/* Request Signed Certificate Timestamps via TLS extension (client) */
-+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27
++#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 29
+
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
-@@ -483,6 +486,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertifi
+@@ -493,6 +496,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
*/
SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
@@ -173,18 +36,156 @@
/* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
* in the fd's data, which may be sent as part of a server side cert_status
* handshake message. Parameter |responses| is for the server certificate of
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 18:11:28.314468184 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 18:27:22.540248428 -0800
-@@ -337,6 +337,7 @@ typedef struct sslOptionsStr {
- unsigned int enableOCSPStapling : 1; /* 25 */
- unsigned int enableNPN : 1; /* 26 */
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 708a4c7..3421e0b 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -6737,10 +6737,22 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+ sid->u.ssl3.sessionIDLength = sidBytes.len;
+ PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
+
++ /* Copy Signed Certificate Timestamps, if any. */
++ if (ss->xtnData.signedCertTimestamps.data) {
++ rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,
++ &ss->xtnData.signedCertTimestamps);
++ if (rv != SECSuccess)
++ goto loser;
++ }
++
+ ss->ssl3.hs.isResuming = PR_FALSE;
+ ss->ssl3.hs.ws = wait_server_cert;
+
+ winner:
++ /* Clean up the temporary pointer to the handshake buffer. */
++ ss->xtnData.signedCertTimestamps.data = NULL;
++ ss->xtnData.signedCertTimestamps.len = 0;
++
+ /* If we will need a ChannelID key then we make the callback now. This
+ * allows the handshake to be restarted cleanly if the callback returns
+ * SECWouldBlock. */
+@@ -6766,6 +6778,9 @@ alert_loser:
+ (void)SSL3_SendAlert(ss, alert_fatal, desc);
+
+ loser:
++ /* Clean up the temporary pointer to the handshake buffer. */
++ ss->xtnData.signedCertTimestamps.data = NULL;
++ ss->xtnData.signedCertTimestamps.len = 0;
+ errCode = ssl_MapLowLevelError(errCode);
+ return SECFailure;
+ }
+diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
+index b6ed17d..6c120ff 100644
+--- a/ssl/ssl3ext.c
++++ b/ssl/ssl3ext.c
+@@ -85,6 +85,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
+ PRUint32 maxBytes);
+ static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
+ SECItem *data);
++static PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
++ PRBool append,
++ PRUint32 maxBytes);
++static SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
++ PRUint16 ex_type,
++ SECItem *data);
+
+ static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
+ PRUint32 maxBytes);
+@@ -270,6 +276,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
+ { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
+ { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
+ { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
++ { ssl_signed_certificate_timestamp_xtn,
++ &ssl3_ClientHandleSignedCertTimestampXtn },
+ { -1, NULL }
+ };
+
+@@ -298,6 +306,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
+ { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
+ { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
+ { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
++ { ssl_signed_certificate_timestamp_xtn,
++ &ssl3_ClientSendSignedCertTimestampXtn },
+ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+ { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
+ /* any extra entries will appear as { 0, NULL } */
+@@ -2582,3 +2592,64 @@ loser:
+ return SECSuccess;
+ }
+
++/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
++ * extension for TLS ClientHellos. */
++static PRInt32
++ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
++ PRUint32 maxBytes)
++{
++ PRInt32 extension_length = 2 /* extension_type */ +
++ 2 /* length(extension_data) */;
++
++ /* Only send the extension if processing is enabled. */
++ if (!ss->opt.enableSignedCertTimestamps)
++ return 0;
++
++ if (append && maxBytes >= extension_length) {
++ SECStatus rv;
++ /* extension_type */
++ rv = ssl3_AppendHandshakeNumber(ss,
++ ssl_signed_certificate_timestamp_xtn,
++ 2);
++ if (rv != SECSuccess)
++ goto loser;
++ /* zero length */
++ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
++ if (rv != SECSuccess)
++ goto loser;
++ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
++ ssl_signed_certificate_timestamp_xtn;
++ } else if (maxBytes < extension_length) {
++ PORT_Assert(0);
++ return 0;
++ }
++
++ return extension_length;
++loser:
++ return -1;
++}
++
++static SECStatus
++ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
++ SECItem *data)
++{
++ /* We do not yet know whether we'll be resuming a session or creating
++ * a new one, so we keep a pointer to the data in the TLSExtensionData
++ * structure. This pointer is only valid in the scope of
++ * ssl3_HandleServerHello, and, if not resuming a session, the data is
++ * copied once a new session structure has been set up.
++ * All parsing is currently left to the application and we accept
++ * everything, including empty data.
++ */
++ SECItem *scts = &ss->xtnData.signedCertTimestamps;
++ PORT_Assert(!scts->data && !scts->len);
++
++ if (!data->len) {
++ /* Empty extension data: RFC 6962 mandates non-empty contents. */
++ return SECFailure;
++ }
++ *scts = *data;
++ /* Keep track of negotiated extensions. */
++ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
++ return SECSuccess;
++}
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 62f822a..2f61a46 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -339,6 +339,7 @@ typedef struct sslOptionsStr {
unsigned int enableALPN : 1; /* 27 */
-+ unsigned int enableSignedCertTimestamps : 1; /* 28 */
+ unsigned int reuseServerECDHEKey : 1; /* 28 */
+ unsigned int enableFallbackSCSV : 1; /* 29 */
++ unsigned int enableSignedCertTimestamps : 1; /* 30 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
-@@ -719,6 +720,11 @@ struct sslSessionIDStr {
+@@ -721,6 +722,11 @@ struct sslSessionIDStr {
* resumption handshake to the original handshake. */
SECItem originalHandshakeHash;
@@ -196,7 +197,7 @@
/* This lock is lazily initialized by CacheSID when a sid is first
* cached. Before then, there is no need to lock anything because
* the sid isn't being shared by anything.
-@@ -827,6 +833,18 @@ struct TLSExtensionDataStr {
+@@ -829,6 +835,18 @@ struct TLSExtensionDataStr {
* is beyond ssl3_HandleClientHello function. */
SECItem *sniNameArr;
PRUint32 sniNameArrSize;
@@ -215,9 +216,10 @@
};
typedef SECStatus (*sslRestartTarget)(sslSocket *);
-diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
---- a/nss/lib/ssl/sslnonce.c 2014-01-17 18:11:28.314468184 -0800
-+++ b/nss/lib/ssl/sslnonce.c 2014-01-17 18:23:17.956207890 -0800
+diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+index c45849d..cefdda6 100644
+--- a/ssl/sslnonce.c
++++ b/ssl/sslnonce.c
@@ -131,6 +131,9 @@ ssl_DestroySID(sslSessionID *sid)
if (sid->u.ssl3.originalHandshakeHash.data) {
SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
@@ -228,62 +230,63 @@
if (sid->u.ssl3.lock) {
PR_DestroyRWLock(sid->u.ssl3.lock);
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c 2014-01-17 18:04:43.127747463 -0800
-+++ b/nss/lib/ssl/sslsock.c 2014-01-17 18:44:09.246889487 -0800
-@@ -87,7 +87,8 @@ static sslOptions ssl_defaults = {
- PR_TRUE, /* cbcRandomIV */
- PR_FALSE, /* enableOCSPStapling */
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index 0d12273..80f4e67 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -89,7 +89,8 @@ static sslOptions ssl_defaults = {
PR_TRUE, /* enableNPN */
-- PR_FALSE /* enableALPN */
-+ PR_FALSE, /* enableALPN */
-+ PR_FALSE /* enableSignedCertTimestamps */
+ PR_FALSE, /* enableALPN */
+ PR_TRUE, /* reuseServerECDHEKey */
+- PR_FALSE /* enableFallbackSCSV */
++ PR_FALSE, /* enableFallbackSCSV */
++ PR_FALSE, /* enableSignedCertTimestamps */
};
/*
-@@ -787,6 +788,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
- ss->opt.enableALPN = on;
- break;
+@@ -807,6 +808,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
+ ss->opt.enableFallbackSCSV = on;
+ break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-+ ss->opt.enableSignedCertTimestamps = on;
-+ break;
++ ss->opt.enableSignedCertTimestamps = on;
++ break;
+
default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
-@@ -859,6 +864,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
- case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
- case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break;
- case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
+@@ -882,6 +887,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
+ case SSL_REUSE_SERVER_ECDHE_KEY:
+ on = ss->opt.reuseServerECDHEKey; break;
+ case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-+ on = ss->opt.enableSignedCertTimestamps;
-+ break;
++ on = ss->opt.enableSignedCertTimestamps;
++ break;
default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -922,6 +930,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+@@ -951,6 +959,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
+ case SSL_ENABLE_FALLBACK_SCSV:
+ on = ssl_defaults.enableFallbackSCSV;
break;
- case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break;
- case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-+ on = ssl_defaults.enableSignedCertTimestamps;
-+ break;
++ on = ssl_defaults.enableSignedCertTimestamps;
++ break;
default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1097,6 +1108,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
- ssl_defaults.enableALPN = on;
- break;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+@@ -1134,6 +1145,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
+ ssl_defaults.enableFallbackSCSV = on;
+ break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-+ ssl_defaults.enableSignedCertTimestamps = on;
-+ break;
++ ssl_defaults.enableSignedCertTimestamps = on;
++ break;
+
default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
-@@ -1921,6 +1936,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+@@ -1963,6 +1978,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
return &ss->sec.ci.sid->peerCertStatus;
}
@@ -313,22 +316,23 @@
SECStatus
SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
sslSocket *ss = ssl_FindSocket(fd);
-diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
---- a/nss/lib/ssl/sslt.h 2014-01-17 18:10:16.793281867 -0800
-+++ b/nss/lib/ssl/sslt.h 2014-01-17 18:23:17.956207890 -0800
+diff --git a/ssl/sslt.h b/ssl/sslt.h
+index fe0ad07..c36b8c7 100644
+--- a/ssl/sslt.h
++++ b/ssl/sslt.h
@@ -202,6 +202,7 @@ typedef enum {
ssl_signature_algorithms_xtn = 13,
ssl_use_srtp_xtn = 14,
ssl_app_layer_protocol_xtn = 16,
+ ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */
+ ssl_padding_xtn = 21,
ssl_session_ticket_xtn = 35,
ssl_next_proto_nego_xtn = 13172,
- ssl_channel_id_xtn = 30032,
-@@ -209,6 +210,6 @@ typedef enum {
- ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
+@@ -210,6 +211,6 @@ typedef enum {
+ ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
} SSLExtensionType;
--#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
-+#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
+-#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
++#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
#endif /* __sslt_h_ */
diff --git a/net/third_party/nss/patches/suitebonly.patch b/net/third_party/nss/patches/suitebonly.patch
index c91314b..9776d7d 100644
--- a/net/third_party/nss/patches/suitebonly.patch
+++ b/net/third_party/nss/patches/suitebonly.patch
@@ -1,7 +1,8 @@
-diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
---- a/nss/lib/ssl/ssl3ecc.c 2014-01-03 19:28:03.550814608 -0800
-+++ b/nss/lib/ssl/ssl3ecc.c 2014-01-03 19:40:46.523288747 -0800
-@@ -1073,6 +1073,7 @@ static const PRUint8 ecPtFmt[6] = {
+diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
+index 555c89d..0f805ec 100644
+--- a/ssl/ssl3ecc.c
++++ b/ssl/ssl3ecc.c
+@@ -1089,6 +1089,7 @@ static const PRUint8 ecPtFmt[6] = {
static PRBool
ssl3_SuiteBOnly(sslSocket *ss)
{
@@ -9,7 +10,7 @@
/* See if we can support small curves (like 163). If not, assume we can
* only support Suite-B curves (P-256, P-384, P-521). */
PK11SlotInfo *slot =
-@@ -1086,6 +1087,9 @@ ssl3_SuiteBOnly(sslSocket *ss)
+@@ -1102,6 +1103,9 @@ ssl3_SuiteBOnly(sslSocket *ss)
/* we can, presume we can do all curves */
PK11_FreeSlot(slot);
return PR_FALSE;
diff --git a/net/third_party/nss/patches/tls12chromium.patch b/net/third_party/nss/patches/tls12chromium.patch
index 0d6d407..81d1c52 100644
--- a/net/third_party/nss/patches/tls12chromium.patch
+++ b/net/third_party/nss/patches/tls12chromium.patch
@@ -1,6 +1,7 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:00:11.213237373 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:04:22.497405273 -0800
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 67c8f6d..da0abfb 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
@@ -31,6 +31,15 @@
#include "blapi.h"
#endif
@@ -17,9 +18,10 @@
#include <stdio.h>
#ifdef NSS_ENABLE_ZLIB
#include "zlib.h"
-diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
---- a/nss/lib/ssl/ssl3ecc.c 2014-01-17 18:01:31.474568608 -0800
-+++ b/nss/lib/ssl/ssl3ecc.c 2014-01-17 18:04:22.497405273 -0800
+diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
+index 0f805ec..003ed78 100644
+--- a/ssl/ssl3ecc.c
++++ b/ssl/ssl3ecc.c
@@ -30,6 +30,12 @@
#include <stdio.h>
@@ -30,12 +32,13 @@
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
+#endif
+
- #ifdef NSS_ENABLE_ECC
+ #ifndef NSS_DISABLE_ECC
#ifndef PK11_SETATTRS
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c 2014-01-17 18:00:11.213237373 -0800
-+++ b/nss/lib/ssl/sslsock.c 2014-01-17 18:04:22.497405273 -0800
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index 47906e0..0d12273 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
@@ -17,8 +17,15 @@
#ifndef NO_PKCS11_BYPASS
#include "blapi.h"
@@ -51,8 +54,8 @@
+
#define SET_ERROR_CODE /* reminder */
- static const sslSocketOps ssl_default_ops = { /* No SSL. */
-@@ -1836,6 +1843,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLV
+ static const sslSocketOps ssl_default_ops = { /* No SSL. */
+@@ -1878,6 +1885,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
return SECSuccess;
}
@@ -77,7 +80,7 @@
SECStatus
SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
{
-@@ -1856,6 +1881,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons
+@@ -1898,6 +1923,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
ssl_GetSSL3HandshakeLock(ss);
ss->vrange = *vrange;
diff --git a/net/third_party/nss/patches/tlsunique.patch b/net/third_party/nss/patches/tlsunique.patch
index 5b094a7c..ad4f09f 100644
--- a/net/third_party/nss/patches/tlsunique.patch
+++ b/net/third_party/nss/patches/tlsunique.patch
@@ -1,7 +1,40 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/ssl3con.c 2014-01-17 17:59:45.862816905 -0800
-@@ -12383,6 +12383,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 716537d..80717db 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -292,6 +292,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
+ SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
+ SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+
++/* SSLChannelBindingType enumerates the types of supported channel binding
++ * values. See RFC 5929. */
++typedef enum SSLChannelBindingType {
++ SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
++} SSLChannelBindingType;
++
++/* SSL_GetChannelBinding copies the requested channel binding value, as defined
++ * in RFC 5929, into |out|. The full length of the binding value is written
++ * into |*outLen|.
++ *
++ * At most |outLenMax| bytes of data are copied. If |outLenMax| is
++ * insufficient then the function returns SECFailure and sets the error to
++ * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
++ *
++ * This call will fail if made during a renegotiation. */
++SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
++ SSLChannelBindingType binding_type,
++ unsigned char *out,
++ unsigned int *outLen,
++ unsigned int outLenMax);
++
+ /* SSL Version Range API
+ **
+ ** This API should be used to control SSL 3.0 & TLS support instead of the
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 45c3454..67c8f6d 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -12471,6 +12471,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
}
@@ -70,41 +103,11 @@
/* ssl3_config_match_init must have already been called by
* the caller of this function.
*/
-diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/ssl.h 2014-01-17 17:59:45.862816905 -0800
-@@ -282,6 +282,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDe
- SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
- SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
-
-+/* SSLChannelBindingType enumerates the types of supported channel binding
-+ * values. See RFC 5929. */
-+typedef enum SSLChannelBindingType {
-+ SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
-+} SSLChannelBindingType;
-+
-+/* SSL_GetChannelBinding copies the requested channel binding value, as defined
-+ * in RFC 5929, into |out|. The full length of the binding value is written
-+ * into |*outLen|.
-+ *
-+ * At most |outLenMax| bytes of data are copied. If |outLenMax| is
-+ * insufficient then the function returns SECFailure and sets the error to
-+ * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
-+ *
-+ * This call will fail if made during a renegotiation. */
-+SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
-+ SSLChannelBindingType binding_type,
-+ unsigned char *out,
-+ unsigned int *outLen,
-+ unsigned int outLenMax);
-+
- /* SSL Version Range API
- **
- ** This API should be used to control SSL 3.0 & TLS support instead of the
-diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2014-01-17 17:59:03.242109996 -0800
-+++ b/nss/lib/ssl/sslimpl.h 2014-01-17 17:59:45.862816905 -0800
-@@ -1853,6 +1853,11 @@ extern PRBool ssl_GetSessionTicketKeysPK
+diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
+index 57346cb..2d21e90 100644
+--- a/ssl/sslimpl.h
++++ b/ssl/sslimpl.h
+@@ -1857,6 +1857,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
unsigned int length);
@@ -116,10 +119,11 @@
/* Construct a new NSPR socket for the app to use */
extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
extern void ssl_FreePRSocket(PRFileDesc *fd);
-diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c 2014-01-17 17:59:03.252110162 -0800
-+++ b/nss/lib/ssl/sslsock.c 2014-01-17 17:59:45.872817074 -0800
-@@ -1308,6 +1308,27 @@ NSS_SetFrancePolicy(void)
+diff --git a/ssl/sslsock.c b/ssl/sslsock.c
+index d3f3bf4..47906e0 100644
+--- a/ssl/sslsock.c
++++ b/ssl/sslsock.c
+@@ -1345,6 +1345,27 @@ NSS_SetFrancePolicy(void)
return NSS_SetDomesticPolicy();
}
diff --git a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs.h
index 3f0078c1..81da41c0 100644
--- a/net/third_party/nss/ssl/SSLerrs.h
+++ b/net/third_party/nss/ssl/SSLerrs.h
@@ -420,9 +420,8 @@
"The server supports no protocols that the client advertises in the ALPN extension.")
ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
-"The connection was using a lesser TLS version as a result of a previous"
-" handshake failure, but the server indicated that it should not have been"
-" needed.")
+"The server rejected the handshake because the client downgraded to a lower "
+"TLS version than the server supports.")
ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
"SSL received a malformed TLS Channel ID extension.")
diff --git a/net/third_party/nss/ssl/derive.c b/net/third_party/nss/ssl/derive.c
index 35cfe25..b7c38c3 100644
--- a/net/third_party/nss/ssl/derive.c
+++ b/net/third_party/nss/ssl/derive.c
@@ -617,7 +617,7 @@
PRBool testrsa_export = PR_FALSE;
PRBool testecdh = PR_FALSE;
PRBool testecdhe = PR_FALSE;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
SECKEYECParams ecParams = { siBuffer, NULL, 0 };
#endif
@@ -634,7 +634,7 @@
rv = SECFailure;
/* determine which KEAs to test */
- /* 0 (SSL_NULL_WITH_NULL_NULL) is used as a list terminator because
+ /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
* SSL3 and TLS specs forbid negotiating that cipher suite number.
*/
for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
@@ -647,8 +647,8 @@
switch (csdef.cipherSuite) {
case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
- case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
- case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+ case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+ case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
testrsa_export = PR_TRUE;
}
if (!testrsa_export)
@@ -755,7 +755,7 @@
if (enc_pms.data != NULL) {
SECITEM_FreeItem(&enc_pms, PR_FALSE);
}
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
for (; (privKeytype == ecKey && ( testecdh || testecdhe)) ||
(privKeytype == rsaKey && testecdhe); ) {
CK_MECHANISM_TYPE target;
@@ -859,7 +859,7 @@
PORT_Free(ecParams.data);
ecParams.data = NULL;
}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
if (pms)
PK11_FreeSymKey(pms);
}
@@ -877,12 +877,12 @@
if (enc_pms.data != NULL) {
SECITEM_FreeItem(&enc_pms, PR_FALSE);
}
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
if (ecParams.data != NULL) {
PORT_Free(ecParams.data);
ecParams.data = NULL;
}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
if (srvPubkey) {
SECKEY_DestroyPublicKey(srvPubkey);
diff --git a/net/third_party/nss/ssl/dtlscon.c b/net/third_party/nss/ssl/dtlscon.c
index 78371e6..89315ee 100644
--- a/net/third_party/nss/ssl/dtlscon.c
+++ b/net/third_party/nss/ssl/dtlscon.c
@@ -30,19 +30,19 @@
/* List copied from ssl3con.c:cipherSuites */
static const ssl3CipherSuite nonDTLSSuites[] = {
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
TLS_DHE_DSS_WITH_RC4_128_SHA,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
TLS_ECDH_RSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-#endif /* NSS_ENABLE_ECC */
- SSL_RSA_WITH_RC4_128_MD5,
- SSL_RSA_WITH_RC4_128_SHA,
+#endif /* NSS_DISABLE_ECC */
+ TLS_RSA_WITH_RC4_128_MD5,
+ TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
- SSL_RSA_EXPORT_WITH_RC4_40_MD5,
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5,
0 /* End of list marker */
};
@@ -51,16 +51,25 @@
*
* TLS DTLS
* 1.1 (0302) 1.0 (feff)
+ * 1.2 (0303) 1.2 (fefd)
+ * 1.3 (0304) 1.3 (fefc)
*/
SSL3ProtocolVersion
dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv)
{
- /* Anything other than TLS 1.1 is an error, so return
- * the invalid version ffff. */
- if (tlsv != SSL_LIBRARY_VERSION_TLS_1_1)
- return 0xffff;
+ if (tlsv == SSL_LIBRARY_VERSION_TLS_1_1) {
+ return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
+ }
+ if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) {
+ return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE;
+ }
+ if (tlsv == SSL_LIBRARY_VERSION_TLS_1_3) {
+ return SSL_LIBRARY_VERSION_DTLS_1_3_WIRE;
+ }
- return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
+ /* Anything other than TLS 1.1 or 1.2 is an error, so return
+ * the invalid version 0xffff. */
+ return 0xffff;
}
/* Map known DTLS versions to known TLS versions.
@@ -71,14 +80,21 @@
dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv)
{
if (MSB(dtlsv) == 0xff) {
- return 0;
+ return 0;
}
- if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE)
- return SSL_LIBRARY_VERSION_TLS_1_1;
+ if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) {
+ return SSL_LIBRARY_VERSION_TLS_1_1;
+ }
+ if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
+ return SSL_LIBRARY_VERSION_TLS_1_2;
+ }
+ if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_3_WIRE) {
+ return SSL_LIBRARY_VERSION_TLS_1_3;
+ }
/* Return a fictional higher version than we know of */
- return SSL_LIBRARY_VERSION_TLS_1_1 + 1;
+ return SSL_LIBRARY_VERSION_TLS_1_2 + 1;
}
/* On this socket, Disable non-DTLS cipher suites in the argument's list */
@@ -88,9 +104,9 @@
const ssl3CipherSuite * suite;
for (suite = nonDTLSSuites; *suite; ++suite) {
- SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
+ SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
- PORT_Assert(rv == SECSuccess); /* else is coding error */
+ PORT_Assert(rv == SECSuccess); /* else is coding error */
}
return SECSuccess;
}
@@ -101,17 +117,17 @@
*/
static DTLSQueuedMessage *
dtls_AllocQueuedMessage(PRUint16 epoch, SSL3ContentType type,
- const unsigned char *data, PRUint32 len)
+ const unsigned char *data, PRUint32 len)
{
DTLSQueuedMessage *msg = NULL;
msg = PORT_ZAlloc(sizeof(DTLSQueuedMessage));
if (!msg)
- return NULL;
+ return NULL;
msg->data = PORT_Alloc(len);
if (!msg->data) {
- PORT_Free(msg);
+ PORT_Free(msg);
return NULL;
}
PORT_Memcpy(msg->data, data, len);
@@ -132,7 +148,7 @@
dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg)
{
if (!msg)
- return;
+ return;
PORT_ZFree(msg->data, msg->len);
PORT_Free(msg);
@@ -151,9 +167,9 @@
PRCList *cur_p;
while (!PR_CLIST_IS_EMPTY(list)) {
- cur_p = PR_LIST_TAIL(list);
- PR_REMOVE_LINK(cur_p);
- dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p);
+ cur_p = PR_LIST_TAIL(list);
+ PR_REMOVE_LINK(cur_p);
+ dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p);
}
}
@@ -204,18 +220,18 @@
}
/* Parse the header */
- type = buf.buf[0];
+ type = buf.buf[0];
message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3];
message_seq = (buf.buf[4] << 8) | buf.buf[5];
fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8];
fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11];
-
-#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
- if (message_length > MAX_HANDSHAKE_MSG_LEN) {
- (void)ssl3_DecodeError(ss);
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
- return SECFailure;
- }
+
+#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
+ if (message_length > MAX_HANDSHAKE_MSG_LEN) {
+ (void)ssl3_DecodeError(ss);
+ PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+ return SECFailure;
+ }
#undef MAX_HANDSHAKE_MSG_LEN
buf.buf += 12;
@@ -229,7 +245,7 @@
}
/* Sanity check the packet contents */
- if ((fragment_length + fragment_offset) > message_length) {
+ if ((fragment_length + fragment_offset) > message_length) {
PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
rv = SECFailure;
break;
@@ -245,8 +261,8 @@
* This is the common case for short messages
*/
if ((message_seq == ss->ssl3.hs.recvMessageSeq)
- && (fragment_offset == 0)
- && (fragment_length == message_length)) {
+ && (fragment_offset == 0)
+ && (fragment_length == message_length)) {
/* Complete next message. Process immediately */
ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
ss->ssl3.hs.msg_len = message_length;
@@ -254,14 +270,14 @@
/* At this point we are advancing our state machine, so
* we can free our last flight of messages */
dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
- ss->ssl3.hs.recvdHighWater = -1;
- dtls_CancelTimer(ss);
+ ss->ssl3.hs.recvdHighWater = -1;
+ dtls_CancelTimer(ss);
- /* Reset the timer to the initial value if the retry counter
- * is 0, per Sec. 4.2.4.1 */
- if (ss->ssl3.hs.rtRetries == 0) {
- ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
- }
+ /* Reset the timer to the initial value if the retry counter
+ * is 0, per Sec. 4.2.4.1 */
+ if (ss->ssl3.hs.rtRetries == 0) {
+ ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
+ }
rv = ssl3_HandleHandshakeMessage(ss, buf.buf, ss->ssl3.hs.msg_len);
if (rv == SECFailure) {
@@ -269,68 +285,68 @@
break;
}
} else {
- if (message_seq < ss->ssl3.hs.recvMessageSeq) {
- /* Case 3: we do an immediate retransmit if we're
- * in a waiting state*/
- if (ss->ssl3.hs.rtTimerCb == NULL) {
- /* Ignore */
- } else if (ss->ssl3.hs.rtTimerCb ==
- dtls_RetransmitTimerExpiredCb) {
- SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
- SSL_GETPID(), ss->fd));
- /* Check to see if we retransmitted recently. If so,
- * suppress the triggered retransmit. This avoids
- * retransmit wars after packet loss.
- * This is not in RFC 5346 but should be
- */
- if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
- (ss->ssl3.hs.rtTimeoutMs / 4)) {
- SSL_TRC(30,
- ("%d: SSL3[%d]: Shortcutting retransmit timer",
+ if (message_seq < ss->ssl3.hs.recvMessageSeq) {
+ /* Case 3: we do an immediate retransmit if we're
+ * in a waiting state*/
+ if (ss->ssl3.hs.rtTimerCb == NULL) {
+ /* Ignore */
+ } else if (ss->ssl3.hs.rtTimerCb ==
+ dtls_RetransmitTimerExpiredCb) {
+ SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
+ SSL_GETPID(), ss->fd));
+ /* Check to see if we retransmitted recently. If so,
+ * suppress the triggered retransmit. This avoids
+ * retransmit wars after packet loss.
+ * This is not in RFC 5346 but should be
+ */
+ if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
+ (ss->ssl3.hs.rtTimeoutMs / 4)) {
+ SSL_TRC(30,
+ ("%d: SSL3[%d]: Shortcutting retransmit timer",
SSL_GETPID(), ss->fd));
- /* Cancel the timer and call the CB,
- * which re-arms the timer */
- dtls_CancelTimer(ss);
- dtls_RetransmitTimerExpiredCb(ss);
- rv = SECSuccess;
- break;
- } else {
- SSL_TRC(30,
- ("%d: SSL3[%d]: We just retransmitted. Ignoring.",
+ /* Cancel the timer and call the CB,
+ * which re-arms the timer */
+ dtls_CancelTimer(ss);
+ dtls_RetransmitTimerExpiredCb(ss);
+ rv = SECSuccess;
+ break;
+ } else {
+ SSL_TRC(30,
+ ("%d: SSL3[%d]: We just retransmitted. Ignoring.",
SSL_GETPID(), ss->fd));
- rv = SECSuccess;
- break;
- }
- } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
- /* Retransmit the messages and re-arm the timer
- * Note that we are not backing off the timer here.
- * The spec isn't clear and my reasoning is that this
- * may be a re-ordered packet rather than slowness,
- * so let's be aggressive. */
- dtls_CancelTimer(ss);
- rv = dtls_TransmitMessageFlight(ss);
- if (rv == SECSuccess) {
- rv = dtls_StartTimer(ss, dtls_FinishedTimerCb);
- }
- if (rv != SECSuccess)
- return rv;
- break;
- }
- } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
- /* Case 2
+ rv = SECSuccess;
+ break;
+ }
+ } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
+ /* Retransmit the messages and re-arm the timer
+ * Note that we are not backing off the timer here.
+ * The spec isn't clear and my reasoning is that this
+ * may be a re-ordered packet rather than slowness,
+ * so let's be aggressive. */
+ dtls_CancelTimer(ss);
+ rv = dtls_TransmitMessageFlight(ss);
+ if (rv == SECSuccess) {
+ rv = dtls_StartTimer(ss, dtls_FinishedTimerCb);
+ }
+ if (rv != SECSuccess)
+ return rv;
+ break;
+ }
+ } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
+ /* Case 2
*
- * Ignore this message. This means we don't handle out of
- * order complete messages that well, but we're still
- * compliant and this probably does not happen often
+ * Ignore this message. This means we don't handle out of
+ * order complete messages that well, but we're still
+ * compliant and this probably does not happen often
*
- * XXX OK for now. Maybe do something smarter at some point?
- */
- } else {
- /* Case 1
+ * XXX OK for now. Maybe do something smarter at some point?
+ */
+ } else {
+ /* Case 1
*
- * Buffer the fragment for reassembly
- */
+ * Buffer the fragment for reassembly
+ */
/* Make room for the message */
if (ss->ssl3.hs.recvdHighWater == -1) {
PRUint32 map_length = OFFSET_BYTE(message_length) + 1;
@@ -347,8 +363,8 @@
/* Reset the reassembly map */
ss->ssl3.hs.recvdHighWater = 0;
PORT_Memset(ss->ssl3.hs.recvdFragments.buf, 0,
- ss->ssl3.hs.recvdFragments.space);
- ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
+ ss->ssl3.hs.recvdFragments.space);
+ ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
ss->ssl3.hs.msg_len = message_length;
}
@@ -381,7 +397,7 @@
* case of adjacent fragments received in sequence
*/
if (fragment_offset <= ss->ssl3.hs.recvdHighWater) {
- /* Either this is the adjacent fragment or an overlapping
+ /* Either this is the adjacent fragment or an overlapping
* fragment */
ss->ssl3.hs.recvdHighWater = fragment_offset +
fragment_length;
@@ -397,9 +413,9 @@
/* Now figure out the new high water mark if appropriate */
for (offset = ss->ssl3.hs.recvdHighWater;
offset < ss->ssl3.hs.msg_len; offset++) {
- /* Note that this loop is not efficient, since it counts
- * bit by bit. If we have a lot of out-of-order packets,
- * we should optimize this */
+ /* Note that this loop is not efficient, since it counts
+ * bit by bit. If we have a lot of out-of-order packets,
+ * we should optimize this */
if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] &
OFFSET_MASK(offset)) {
ss->ssl3.hs.recvdHighWater++;
@@ -418,25 +434,25 @@
if (rv == SECFailure)
break; /* Skip rest of record */
- /* At this point we are advancing our state machine, so
- * we can free our last flight of messages */
- dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
- dtls_CancelTimer(ss);
+ /* At this point we are advancing our state machine, so
+ * we can free our last flight of messages */
+ dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
+ dtls_CancelTimer(ss);
- /* If there have been no retries this time, reset the
- * timer value to the default per Section 4.2.4.1 */
- if (ss->ssl3.hs.rtRetries == 0) {
- ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
- }
+ /* If there have been no retries this time, reset the
+ * timer value to the default per Section 4.2.4.1 */
+ if (ss->ssl3.hs.rtRetries == 0) {
+ ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
+ }
}
}
}
- buf.buf += fragment_length;
+ buf.buf += fragment_length;
buf.len -= fragment_length;
}
- origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */
+ origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */
/* XXX OK for now. In future handle rv == SECWouldBlock safely in order
* to deal with asynchronous certificate verification */
@@ -461,10 +477,10 @@
msg = dtls_AllocQueuedMessage(ss->ssl3.cwSpec->epoch, type, pIn, nIn);
if (!msg) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ rv = SECFailure;
} else {
- PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
+ PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
}
return rv;
@@ -490,7 +506,7 @@
/* This function is sometimes called when no data is actually to
* be staged, so just return SECSuccess. */
if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len)
- return rv;
+ return rv;
rv = dtls_QueueMessage(ss, content_handshake,
ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len);
@@ -522,11 +538,11 @@
rv = dtls_TransmitMessageFlight(ss);
if (rv != SECSuccess)
return rv;
-
- if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) {
- ss->ssl3.hs.rtRetries = 0;
- rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb);
- }
+
+ if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) {
+ ss->ssl3.hs.rtRetries = 0;
+ rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb);
+ }
}
return rv;
@@ -546,22 +562,22 @@
ss->ssl3.hs.rtRetries++;
if (!(ss->ssl3.hs.rtRetries % 3)) {
- /* If one of the messages was potentially greater than > MTU,
- * then downgrade. Do this every time we have retransmitted a
- * message twice, per RFC 6347 Sec. 4.1.1 */
- dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1);
+ /* If one of the messages was potentially greater than > MTU,
+ * then downgrade. Do this every time we have retransmitted a
+ * message twice, per RFC 6347 Sec. 4.1.1 */
+ dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1);
}
-
+
rv = dtls_TransmitMessageFlight(ss);
if (rv == SECSuccess) {
- /* Re-arm the timer */
- rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb);
+ /* Re-arm the timer */
+ rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb);
}
if (rv == SECFailure) {
- /* XXX OK for now. In future maybe signal the stack that we couldn't
- * transmit. For now, let the read handle any real network errors */
+ /* XXX OK for now. In future maybe signal the stack that we couldn't
+ * transmit. For now, let the read handle any real network errors */
}
}
@@ -591,87 +607,87 @@
*/
PORT_Assert(!ss->pendingBuf.len);
for (msg_p = PR_LIST_HEAD(&ss->ssl3.hs.lastMessageFlight);
- msg_p != &ss->ssl3.hs.lastMessageFlight;
- msg_p = PR_NEXT_LINK(msg_p)) {
+ msg_p != &ss->ssl3.hs.lastMessageFlight;
+ msg_p = PR_NEXT_LINK(msg_p)) {
DTLSQueuedMessage *msg = (DTLSQueuedMessage *)msg_p;
/* The logic here is:
*
- * 1. If this is a message that will not fit into the remaining
- * space, then flush.
- * 2. If the message will now fit into the remaining space,
+ * 1. If this is a message that will not fit into the remaining
+ * space, then flush.
+ * 2. If the message will now fit into the remaining space,
* encrypt, buffer, and loop.
* 3. If the message will not fit, then fragment.
*
- * At the end of the function, flush.
+ * At the end of the function, flush.
*/
if ((msg->len + SSL3_BUFFER_FUDGE) > room_left) {
- /* The message will not fit into the remaining space, so flush */
- rv = dtls_SendSavedWriteData(ss);
- if (rv != SECSuccess)
- break;
+ /* The message will not fit into the remaining space, so flush */
+ rv = dtls_SendSavedWriteData(ss);
+ if (rv != SECSuccess)
+ break;
room_left = ss->ssl3.mtu;
- }
+ }
if ((msg->len + SSL3_BUFFER_FUDGE) <= room_left) {
/* The message will fit, so encrypt and then continue with the
- * next packet */
+ * next packet */
sent = ssl3_SendRecord(ss, msg->epoch, msg->type,
- msg->data, msg->len,
- ssl_SEND_FLAG_FORCE_INTO_BUFFER |
- ssl_SEND_FLAG_USE_EPOCH);
+ msg->data, msg->len,
+ ssl_SEND_FLAG_FORCE_INTO_BUFFER |
+ ssl_SEND_FLAG_USE_EPOCH);
if (sent != msg->len) {
- rv = SECFailure;
- if (sent != -1) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- }
+ rv = SECFailure;
+ if (sent != -1) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ }
break;
- }
+ }
room_left = ss->ssl3.mtu - ss->pendingBuf.len;
} else {
/* The message will not fit, so fragment.
*
- * XXX OK for now. Arrange to coalesce the last fragment
- * of this message with the next message if possible.
- * That would be more efficient.
- */
+ * XXX OK for now. Arrange to coalesce the last fragment
+ * of this message with the next message if possible.
+ * That would be more efficient.
+ */
PRUint32 fragment_offset = 0;
unsigned char fragment[DTLS_MAX_MTU]; /* >= than largest
* plausible MTU */
- /* Assert that we have already flushed */
- PORT_Assert(room_left == ss->ssl3.mtu);
+ /* Assert that we have already flushed */
+ PORT_Assert(room_left == ss->ssl3.mtu);
/* Case 3: We now need to fragment this message
* DTLS only supports fragmenting handshaking messages */
PORT_Assert(msg->type == content_handshake);
- /* The headers consume 12 bytes so the smalles possible
- * message (i.e., an empty one) is 12 bytes
- */
- PORT_Assert(msg->len >= 12);
+ /* The headers consume 12 bytes so the smalles possible
+ * message (i.e., an empty one) is 12 bytes
+ */
+ PORT_Assert(msg->len >= 12);
while ((fragment_offset + 12) < msg->len) {
PRUint32 fragment_len;
const unsigned char *content = msg->data + 12;
PRUint32 content_len = msg->len - 12;
- /* The reason we use 8 here is that that's the length of
- * the new DTLS data that we add to the header */
+ /* The reason we use 8 here is that that's the length of
+ * the new DTLS data that we add to the header */
fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8),
content_len - fragment_offset);
- PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
- /* Make totally sure that we are within the buffer.
- * Note that the only way that fragment len could get
- * adjusted here is if
+ PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
+ /* Make totally sure that we are within the buffer.
+ * Note that the only way that fragment len could get
+ * adjusted here is if
*
- * (a) we are in release mode so the PORT_Assert is compiled out
- * (b) either the MTU table is inconsistent with DTLS_MAX_MTU
- * or ss->ssl3.mtu has become corrupt.
- */
- fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12);
+ * (a) we are in release mode so the PORT_Assert is compiled out
+ * (b) either the MTU table is inconsistent with DTLS_MAX_MTU
+ * or ss->ssl3.mtu has become corrupt.
+ */
+ fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12);
/* Construct an appropriate-sized fragment */
/* Type, length, sequence */
@@ -691,25 +707,25 @@
fragment_len);
/*
- * Send the record. We do this in two stages
- * 1. Encrypt
- */
+ * Send the record. We do this in two stages
+ * 1. Encrypt
+ */
sent = ssl3_SendRecord(ss, msg->epoch, msg->type,
fragment, fragment_len + 12,
ssl_SEND_FLAG_FORCE_INTO_BUFFER |
- ssl_SEND_FLAG_USE_EPOCH);
+ ssl_SEND_FLAG_USE_EPOCH);
if (sent != (fragment_len + 12)) {
- rv = SECFailure;
- if (sent != -1) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- }
- break;
- }
-
- /* 2. Flush */
- rv = dtls_SendSavedWriteData(ss);
- if (rv != SECSuccess)
- break;
+ rv = SECFailure;
+ if (sent != -1) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ }
+ break;
+ }
+
+ /* 2. Flush */
+ rv = dtls_SendSavedWriteData(ss);
+ if (rv != SECSuccess)
+ break;
fragment_offset += fragment_len;
}
@@ -718,7 +734,7 @@
/* Finally, we need to flush */
if (rv == SECSuccess)
- rv = dtls_SendSavedWriteData(ss);
+ rv = dtls_SendSavedWriteData(ss);
/* Give up the locks */
ssl_ReleaseSpecReadLock(ss);
@@ -740,19 +756,19 @@
sent = ssl_SendSavedWriteData(ss);
if (sent < 0)
- return SECFailure;
+ return SECFailure;
/* We should always have complete writes b/c datagram sockets
* don't really block */
if (ss->pendingBuf.len > 0) {
- ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
- return SECFailure;
+ ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
+ return SECFailure;
}
/* Update the largest message sent so we can adjust the MTU
* estimate if necessary */
if (sent > ss->ssl3.hs.maxMessageSent)
- ss->ssl3.hs.maxMessageSent = sent;
+ ss->ssl3.hs.maxMessageSent = sent;
return SECSuccess;
}
@@ -767,16 +783,16 @@
SECStatus
dtls_CompressMACEncryptRecord(sslSocket * ss,
DTLSEpoch epoch,
- PRBool use_epoch,
+ PRBool use_epoch,
SSL3ContentType type,
- const SSL3Opaque * pIn,
- PRUint32 contentLen,
- sslBuffer * wrBuf)
+ const SSL3Opaque * pIn,
+ PRUint32 contentLen,
+ sslBuffer * wrBuf)
{
SECStatus rv = SECFailure;
ssl3CipherSpec * cwSpec;
- ssl_GetSpecReadLock(ss); /********************************/
+ ssl_GetSpecReadLock(ss); /********************************/
/* The reason for this switch-hitting code is that we might have
* a flight of records spanning an epoch boundary, e.g.,
@@ -789,23 +805,23 @@
* about which epoch to use is carried with the record.
*/
if (use_epoch) {
- if (ss->ssl3.cwSpec->epoch == epoch)
- cwSpec = ss->ssl3.cwSpec;
- else if (ss->ssl3.pwSpec->epoch == epoch)
- cwSpec = ss->ssl3.pwSpec;
- else
- cwSpec = NULL;
+ if (ss->ssl3.cwSpec->epoch == epoch)
+ cwSpec = ss->ssl3.cwSpec;
+ else if (ss->ssl3.pwSpec->epoch == epoch)
+ cwSpec = ss->ssl3.pwSpec;
+ else
+ cwSpec = NULL;
} else {
- cwSpec = ss->ssl3.cwSpec;
+ cwSpec = ss->ssl3.cwSpec;
}
if (cwSpec) {
rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE,
- PR_FALSE, type, pIn, contentLen,
- wrBuf);
+ PR_FALSE, type, pIn, contentLen,
+ wrBuf);
} else {
PR_NOT_REACHED("Couldn't find a cipher spec matching epoch");
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
}
ssl_ReleaseSpecReadLock(ss); /************************************/
@@ -838,9 +854,9 @@
dtls_RestartTimer(sslSocket *ss, PRBool backoff, DTLSTimerCb cb)
{
if (backoff) {
- ss->ssl3.hs.rtTimeoutMs *= 2;
- if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS)
- ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS;
+ ss->ssl3.hs.rtTimeoutMs *= 2;
+ if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS)
+ ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS;
}
return dtls_StartTimer(ss, cb);
@@ -868,18 +884,18 @@
dtls_CheckTimer(sslSocket *ss)
{
if (!ss->ssl3.hs.rtTimerCb)
- return;
+ return;
if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
- PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) {
- /* Timer has expired */
- DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb;
-
- /* Cancel the timer so that we can call the CB safely */
- dtls_CancelTimer(ss);
+ PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) {
+ /* Timer has expired */
+ DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb;
- /* Now call the CB */
- cb(ss);
+ /* Cancel the timer so that we can call the CB safely */
+ dtls_CancelTimer(ss);
+
+ /* Now call the CB */
+ cb(ss);
}
}
@@ -928,17 +944,17 @@
int i;
if (advertised == 0) {
- ss->ssl3.mtu = COMMON_MTU_VALUES[0];
- SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
- return;
+ ss->ssl3.mtu = COMMON_MTU_VALUES[0];
+ SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
+ return;
}
-
+
for (i = 0; i < PR_ARRAY_SIZE(COMMON_MTU_VALUES); i++) {
- if (COMMON_MTU_VALUES[i] <= advertised) {
- ss->ssl3.mtu = COMMON_MTU_VALUES[i];
- SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
- return;
- }
+ if (COMMON_MTU_VALUES[i] <= advertised) {
+ ss->ssl3.mtu = COMMON_MTU_VALUES[i];
+ SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
+ return;
+ }
}
/* Fallback */
@@ -953,57 +969,57 @@
SECStatus
dtls_HandleHelloVerifyRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
{
- int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST;
+ int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST;
SECStatus rv;
PRInt32 temp;
SECItem cookie = {siBuffer, NULL, 0};
SSL3AlertDescription desc = illegal_parameter;
SSL_TRC(3, ("%d: SSL3[%d]: handle hello_verify_request handshake",
- SSL_GETPID(), ss->fd));
+ SSL_GETPID(), ss->fd));
PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
if (ss->ssl3.hs.ws != wait_server_hello) {
errCode = SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST;
- desc = unexpected_message;
- goto alert_loser;
+ desc = unexpected_message;
+ goto alert_loser;
}
/* The version */
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (temp < 0) {
- goto loser; /* alert has been sent */
+ goto loser; /* alert has been sent */
}
- if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) {
- /* Note: this will need adjustment for DTLS 1.2 per Section 4.2.1 */
- goto alert_loser;
+ if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE &&
+ temp != SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
+ goto alert_loser;
}
/* The cookie */
rv = ssl3_ConsumeHandshakeVariable(ss, &cookie, 1, &b, &length);
if (rv != SECSuccess) {
- goto loser; /* alert has been sent */
+ goto loser; /* alert has been sent */
}
if (cookie.len > DTLS_COOKIE_BYTES) {
- desc = decode_error;
- goto alert_loser; /* malformed. */
+ desc = decode_error;
+ goto alert_loser; /* malformed. */
}
PORT_Memcpy(ss->ssl3.hs.cookie, cookie.data, cookie.len);
ss->ssl3.hs.cookieLen = cookie.len;
- ssl_GetXmitBufLock(ss); /*******************************/
+ ssl_GetXmitBufLock(ss); /*******************************/
/* Now re-send the client hello */
rv = ssl3_SendClientHello(ss, PR_TRUE);
- ssl_ReleaseXmitBufLock(ss); /*******************************/
+ ssl_ReleaseXmitBufLock(ss); /*******************************/
if (rv == SECSuccess)
- return rv;
+ return rv;
alert_loser:
(void)SSL3_SendAlert(ss, alert_fatal, desc);
@@ -1042,14 +1058,14 @@
/* Out of range to the left */
if (seq < records->left) {
- return -1;
+ return -1;
}
/* Out of range to the right; since we advance the window on
* receipt, that means that this packet has not been received
* yet */
if (seq > records->right)
- return 0;
+ return 0;
offset = seq % DTLS_RECVD_RECORDS_WINDOW;
@@ -1066,34 +1082,34 @@
PRUint64 offset;
if (seq < records->left)
- return;
+ return;
if (seq > records->right) {
- PRUint64 new_left;
- PRUint64 new_right;
- PRUint64 right;
+ PRUint64 new_left;
+ PRUint64 new_right;
+ PRUint64 right;
- /* Slide to the right; this is the tricky part
+ /* Slide to the right; this is the tricky part
*
- * 1. new_top is set to have room for seq, on the
- * next byte boundary by setting the right 8
- * bits of seq
+ * 1. new_top is set to have room for seq, on the
+ * next byte boundary by setting the right 8
+ * bits of seq
* 2. new_left is set to compensate.
* 3. Zero all bits between top and new_top. Since
* this is a ring, this zeroes everything as-yet
- * unseen. Because we always operate on byte
- * boundaries, we can zero one byte at a time
- */
- new_right = seq | 0x07;
- new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1;
+ * unseen. Because we always operate on byte
+ * boundaries, we can zero one byte at a time
+ */
+ new_right = seq | 0x07;
+ new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1;
- for (right = records->right + 8; right <= new_right; right += 8) {
- offset = right % DTLS_RECVD_RECORDS_WINDOW;
- records->data[offset / 8] = 0;
- }
+ for (right = records->right + 8; right <= new_right; right += 8) {
+ offset = right % DTLS_RECVD_RECORDS_WINDOW;
+ records->data[offset / 8] = 0;
+ }
- records->right = new_right;
- records->left = new_left;
+ records->right = new_right;
+ records->left = new_left;
}
offset = seq % DTLS_RECVD_RECORDS_WINDOW;
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index 51b557a..57771cd 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -163,29 +163,37 @@
#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
/* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial
- * handshake when protocol negotiation is used. SSL_SetNextProtoCallback
- * or SSL_SetNextProtoNego must be used to control the protocol negotiation;
- * otherwise, the NPN extension will not be negotiated. SSL_ENABLE_NPN is
- * currently enabled by default but this may change in future versions.
+ * handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the
+ * application layer protocol negotiation; otherwise, the NPN extension will
+ * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this
+ * may change in future versions.
*/
#define SSL_ENABLE_NPN 25
/* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the
- * initial handshake when protocol negotiation is used. SSL_SetNextProtoNego
- * (not SSL_SetNextProtoCallback) must be used to control the protocol
- * negotiation; otherwise, the ALPN extension will not be negotiated. ALPN is
- * not negotiated for renegotiation handshakes, even though the ALPN
- * specification defines a way to use ALPN during renegotiations.
- * SSL_ENABLE_ALPN is currently disabled by default, but this may change in
- * future versions.
+ * initial handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control
+ * the application layer protocol negotiation; otherwise, the ALPN extension
+ * will not be negotiated. ALPN is not negotiated for renegotiation handshakes,
+ * even though the ALPN specification defines a way to use ALPN during
+ * renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this
+ * may change in future versions.
*/
#define SSL_ENABLE_ALPN 26
-/* Request Signed Certificate Timestamps via TLS extension (client) */
-#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27
+/* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is
+ * reused for multiple handshakes or generated each time.
+ * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default.
+ */
+#define SSL_REUSE_SERVER_ECDHE_KEY 27
+
#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
* handshakes. */
+/* Request Signed Certificate Timestamps via TLS extension (client) */
+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 29
+
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 91a1f1e..424c1fb 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -119,7 +119,7 @@
static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
/* cipher_suite policy enabled isPresent */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
{ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -137,7 +137,7 @@
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -150,11 +150,11 @@
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -163,7 +163,7 @@
{ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
/* RSA */
{ TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -175,34 +175,34 @@
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE},
/* 56-bit DES "domestic" cipher suites */
- { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* export ciphersuites with 1024-bit public key exchange keys */
{ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* export ciphersuites with 512-bit public key exchange keys */
- { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* ciphersuites with no encryption */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
{ TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
- { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+#endif /* NSS_DISABLE_ECC */
+ { TLS_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
};
/* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
@@ -247,7 +247,10 @@
return PR_TRUE; /* Always enabled */
#ifdef NSS_ENABLE_ZLIB
case ssl_compression_deflate:
- return ss->opt.enableDeflate;
+ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+ return ss->opt.enableDeflate;
+ }
+ return PR_FALSE;
#endif
default:
return PR_FALSE;
@@ -256,9 +259,9 @@
static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = {
ct_RSA_sign,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
ct_ECDSA_sign,
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
ct_DSS_sign,
};
@@ -270,7 +273,7 @@
* CertificateVerify messages that use the handshake hash. */
static const PRUint8 supported_signature_algorithms[] = {
tls_hash_sha256, tls_sig_rsa,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
tls_hash_sha256, tls_sig_ecdsa,
#endif
tls_hash_sha256, tls_sig_dsa,
@@ -332,13 +335,13 @@
{kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE},
{kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE},
{kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
{kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE},
{kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE},
{kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE},
{kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE},
{kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE},
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
};
/* must use ssl_LookupCipherSuiteDef to access */
@@ -346,49 +349,49 @@
{
/* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */
- {SSL_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null},
- {SSL_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa},
- {SSL_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa},
+ {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null},
+ {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa},
+ {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa},
{TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa},
- {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
- {SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
- {SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
- {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+ {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
+ {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
+ {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
+ {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
cipher_rc2_40, mac_md5, kea_rsa_export},
#if 0 /* not implemented */
- {SSL_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa},
- {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
+ {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa},
+ {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_rsa_export},
#endif
- {SSL_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa},
- {SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},
- {SSL_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss},
- {SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+ {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa},
+ {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},
+ {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss},
+ {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
cipher_3des, mac_sha, kea_dhe_dss},
{TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss},
#if 0 /* not implemented */
- {SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
+ {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_dh_dss_export},
- {SSL_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss},
- {SSL_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss},
- {SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
+ {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss},
+ {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss},
+ {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_dh_rsa_export},
- {SSL_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
- {SSL_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa},
- {SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+ {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
+ {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa},
+ {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_dh_dss_export},
- {SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+ {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_dh_rsa_export},
#endif
- {SSL_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa},
- {SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa},
+ {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
cipher_3des, mac_sha, kea_dhe_rsa},
#if 0
{SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
- {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
+ {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_dh_anon_export},
- {SSL_DH_ANON_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon},
- {SSL_DH_ANON_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon},
+ {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon},
+ {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon},
#endif
@@ -406,10 +409,10 @@
#if 0
{TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss},
{TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa},
- {TLS_DH_ANON_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon},
+ {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon},
{TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss},
{TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa},
- {TLS_DH_ANON_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon},
+ {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon},
#endif
{TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa},
@@ -440,7 +443,7 @@
{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa},
{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa},
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
{TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},
{TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa},
{TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa},
@@ -474,7 +477,7 @@
{TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon},
{TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon},
#endif
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
};
static const CK_MECHANISM_TYPE kea_alg_defs[] = {
@@ -548,7 +551,7 @@
"missing"
};
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
/* The ECCWrappedKeyInfo structure defines how various pieces of
* information are laid out within wrappedSymmetricWrappingkey
* for ECDH key exchange. Since wrappedSymmetricWrappingkey is
@@ -570,7 +573,7 @@
PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */
/* EC public-key params, the EC public value and the wrapped key */
} ECCWrappedKeyInfo;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
#if defined(TRACE)
@@ -658,33 +661,62 @@
* later. This set of cipher suites is similar to, but different from, the
* set of cipher suites considered exportable by SSL_IsExportCipherSuite.
*/
- case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
- case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
- /* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
- * SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
- * SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
- * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
- * SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
- * SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented
- * SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented
+ case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+ case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+ /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
+ * TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
+ * TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
+ * TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
+ * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
+ * TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: never implemented
+ * TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: never implemented
*/
return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
- case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305:
- case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:
+
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
case TLS_RSA_WITH_AES_256_CBC_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_RSA_WITH_AES_128_CBC_SHA256:
case TLS_RSA_WITH_AES_128_GCM_SHA256:
case TLS_RSA_WITH_NULL_SHA256:
+ return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
+
+ case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305:
+ case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:
+ case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+ case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+ case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
+
+ /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
+ * point formats.*/
+ case TLS_ECDH_ECDSA_WITH_NULL_SHA:
+ case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
+ case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
+ case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
+ case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
+ case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
+ case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
+ case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+ case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+ case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+ case TLS_ECDH_RSA_WITH_NULL_SHA:
+ case TLS_ECDH_RSA_WITH_RC4_128_SHA:
+ case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
+ case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
+ case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
+ case TLS_ECDHE_RSA_WITH_NULL_SHA:
+ case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
+ case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
+ case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+ case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+ return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0 &&
+ vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
+
default:
- return PR_TRUE;
+ return vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
}
}
@@ -769,7 +801,7 @@
cipher_mech = alg2Mech[cipher_alg].cmech;
exchKeyType =
kea_defs[cipher_def->key_exchange_alg].exchKeyType;
-#ifndef NSS_ENABLE_ECC
+#ifdef NSS_DISABLE_ECC
svrAuth = ss->serverCerts + exchKeyType;
#else
/* XXX SSLKEAType isn't really a good choice for
@@ -803,7 +835,7 @@
svrAuth = ss->serverCerts + exchKeyType;
break;
}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
/* Mark the suites that are backed by real tokens, certs and keys */
suite->isPresent = (PRBool)
@@ -910,7 +942,7 @@
if (peerVersion < ss->vrange.min ||
(peerVersion > ss->vrange.max && !allowLargerPeerVersion)) {
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
return SECFailure;
}
@@ -962,7 +994,7 @@
hashItem.len = hash->len;
}
break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
case ecKey:
doDerEncode = PR_TRUE;
/* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
@@ -975,7 +1007,7 @@
hashItem.len = hash->len;
}
break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
default:
PORT_SetError(SEC_ERROR_INVALID_KEY);
goto done;
@@ -1073,7 +1105,7 @@
}
break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
case ecKey:
encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
/* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
@@ -1091,7 +1123,7 @@
hashItem.len = hash->len;
}
break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
default:
SECKEY_DestroyPublicKey(key);
@@ -5226,19 +5258,18 @@
if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
return SECFailure;
}
- maxBytes -= extLen;
total_exten_len += extLen;
if (total_exten_len > 0)
total_exten_len += 2;
}
-#if defined(NSS_ENABLE_ECC)
+#ifndef NSS_DISABLE_ECC
if (!total_exten_len || !isTLS) {
/* not sending the elliptic_curves and ec_point_formats extensions */
ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
}
-#endif
+#endif /* NSS_DISABLE_ECC */
if (IS_DTLS(ss)) {
ssl3_DisableNonDTLSSuites(ss);
@@ -5337,7 +5368,7 @@
rv = ssl3_AppendHandshakeVariable(
ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
else
- rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
if (rv != SECSuccess) {
if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
return rv; /* err set by ssl3_AppendHandshake* */
@@ -5368,7 +5399,15 @@
}
actual_count++;
}
-
+ if (fallbackSCSV) {
+ rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
+ sizeof(ssl3CipherSuite));
+ if (rv != SECSuccess) {
+ if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ return rv; /* err set by ssl3_AppendHandshake* */
+ }
+ actual_count++;
+ }
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
@@ -5388,16 +5427,6 @@
}
}
- if (fallbackSCSV) {
- rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
- sizeof(ssl3CipherSuite));
- if (rv != SECSuccess) {
- if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
- return rv; /* err set by ssl3_AppendHandshake* */
- }
- actual_count++;
- }
-
/* if cards were removed or inserted between count_cipher_suites and
* generating our list, detect the error here rather than send it off to
* the server.. */
@@ -5571,11 +5600,11 @@
{
PK11SymKey * unwrappedWrappingKey = NULL;
SECItem wrappedKey;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
PK11SymKey * Ks;
SECKEYPublicKey pubWrapKey;
ECCWrappedKeyInfo *ecWrapped;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
/* found the wrapping key on disk. */
PORT_Assert(pWswk->symWrapMechanism == masterWrapMech);
@@ -5597,7 +5626,7 @@
masterWrapMech, CKA_UNWRAP, 0);
break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
case kt_ecdh:
/*
* For kt_ecdh, we first create an EC public key based on
@@ -5735,12 +5764,12 @@
SECStatus rv;
SECItem wrappedKey;
SSLWrappedSymWrappingKey wswk;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
PK11SymKey * Ks = NULL;
SECKEYPublicKey *pubWrapKey = NULL;
SECKEYPrivateKey *privWrapKey = NULL;
ECCWrappedKeyInfo *ecWrapped;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
svrPrivKey = ss->serverCerts[exchKeyType].SERVERKEY;
PORT_Assert(svrPrivKey != NULL);
@@ -5823,7 +5852,7 @@
unwrappedWrappingKey, &wrappedKey);
break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
case kt_ecdh:
/*
* We generate an ephemeral EC key pair. Perform an ECDH
@@ -5909,7 +5938,7 @@
if (Ks) PK11_FreeSymKey(Ks);
asymWrapMechanism = masterWrapMech;
break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
default:
rv = SECFailure;
@@ -6222,11 +6251,11 @@
rv = sendDHClientKeyExchange(ss, serverKey);
break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
case kt_ecdh:
rv = ssl3_SendECDHClientKeyExchange(ss, serverKey);
break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
default:
/* got an unknown or unsupported Key Exchange Algorithm. */
@@ -6429,7 +6458,7 @@
if (rv != SECSuccess) {
desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
: handshake_failure;
- errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
+ errCode = SSL_ERROR_UNSUPPORTED_VERSION;
goto alert_loser;
}
isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
@@ -7017,11 +7046,11 @@
return SECSuccess;
}
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
case kt_ecdh:
rv = ssl3_HandleECDHServerKeyExchange(ss, b, length);
return rv;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
default:
desc = handshake_failure;
@@ -7953,14 +7982,14 @@
return rv;
#endif
}
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
} else if ((kea_def->kea == kea_ecdhe_rsa) ||
(kea_def->kea == kea_ecdhe_ecdsa)) {
rv = ssl3_SendServerKeyExchange(ss);
if (rv != SECSuccess) {
return rv; /* err code was set. */
}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
}
if (ss->opt.requestCertificate) {
@@ -8072,7 +8101,7 @@
if (rv != SECSuccess) {
desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
: handshake_failure;
- errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
+ errCode = SSL_ERROR_UNSUPPORTED_VERSION;
goto alert_loser;
}
@@ -8129,6 +8158,12 @@
goto loser; /* malformed */
}
+ /* TLS 1.3 requires that compression be empty */
+ if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ if (comps.len != 1 || comps.data[0] != ssl_compression_null) {
+ goto loser;
+ }
+ }
desc = handshake_failure;
/* Handle TLS hello extensions for SSL3 & TLS. We do not know if
@@ -8261,7 +8296,7 @@
}
}
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
/* Disable any ECC cipher suites for which we have no cert. */
ssl3_FilterECCipherSuitesByServerCerts(ss);
#endif
@@ -8844,8 +8879,9 @@
rv = ssl3_NegotiateVersion(ss, version, PR_TRUE);
if (rv != SECSuccess) {
/* send back which ever alert client will understand. */
- desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure;
- errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
+ desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
+ : handshake_failure;
+ errCode = SSL_ERROR_UNSUPPORTED_VERSION;
goto alert_loser;
}
@@ -8883,7 +8919,7 @@
PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0],
SSL3_RANDOM_LENGTH));
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
/* Disable any ECC cipher suites for which we have no cert. */
ssl3_FilterECCipherSuitesByServerCerts(ss);
#endif
@@ -9065,7 +9101,7 @@
rv = ssl3_AppendHandshakeVariable(
ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
else
- rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
if (rv != SECSuccess) {
return rv; /* err set by AppendHandshake. */
}
@@ -9115,11 +9151,11 @@
unsigned int i, j;
/* hashPreference expresses our preferences for hash algorithms, most
* preferable first. */
- static const PRUint8 hashPreference[] = {
- tls_hash_sha256,
- tls_hash_sha384,
- tls_hash_sha512,
- tls_hash_sha1,
+ static const SECOidTag hashPreference[] = {
+ SEC_OID_SHA256,
+ SEC_OID_SHA384,
+ SEC_OID_SHA512,
+ SEC_OID_SHA1,
};
switch (ss->ssl3.hs.kea_def->kea) {
@@ -9272,12 +9308,12 @@
PORT_Free(signed_hash.data);
return SECSuccess;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
case kt_ecdh: {
rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
return rv;
}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
case kt_dh:
case kt_null:
@@ -9700,9 +9736,9 @@
SECStatus rv;
const ssl3KEADef *kea_def;
ssl3KeyPair *serverKeyPair = NULL;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
SECKEYPublicKey *serverPubKey = NULL;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
SSL_GETPID(), ss->fd));
@@ -9732,7 +9768,7 @@
ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
} else
skip:
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
/* XXX Using SSLKEAType to index server certifiates
* does not work for (EC)DHE ciphers. Until we have
* an indexing mechanism general enough for all key
@@ -9778,7 +9814,7 @@
break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
case kt_ecdh:
/* XXX We really ought to be able to store multiple
* EC certs (a requirement if we wish to support both
@@ -9796,11 +9832,15 @@
}
rv = ssl3_HandleECDHClientKeyExchange(ss, b, length,
serverPubKey, serverKey);
+ if (ss->ephemeralECDHKeyPair) {
+ ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
+ ss->ephemeralECDHKeyPair = NULL;
+ }
if (rv != SECSuccess) {
return SECFailure; /* error code set */
}
break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
default:
(void) ssl3_HandshakeFailure(ss);
@@ -9860,17 +9900,21 @@
(PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length);
rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length);
- if (length != 0 || rv != SECSuccess) {
+ if (rv != SECSuccess || length != 0) {
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
return SECFailure; /* malformed */
}
- rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
- &ticketData);
- if (rv != SECSuccess) {
- return rv;
+ /* If the server sent a zero-length ticket, ignore it and keep the
+ * existing ticket. */
+ if (ticketData.len != 0) {
+ rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
+ &ticketData);
+ if (rv != SECSuccess) {
+ return rv;
+ }
+ ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
}
- ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
ss->ssl3.hs.ws = wait_change_cipher;
return SECSuccess;
@@ -10444,7 +10488,7 @@
if (pubKey) {
ss->sec.keaKeyBits = ss->sec.authKeyBits =
SECKEY_PublicKeyStrengthInBits(pubKey);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
if (ss->sec.keaType == kt_ecdh) {
/* Get authKeyBits from signing key.
* XXX The code below uses a quick approximation of
@@ -10470,7 +10514,7 @@
*/
}
}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
SECKEY_DestroyPublicKey(pubKey);
pubKey = NULL;
}
@@ -10478,10 +10522,10 @@
ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */
if (ss->ssl3.hs.kea_def->is_limited ||
/* XXX OR server cert is signing only. */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
ss->ssl3.hs.kea_def->exchKeyType == kt_dh) {
ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */
}
@@ -11238,7 +11282,7 @@
sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite;
sid->u.ssl3.compression = ss->ssl3.hs.compression;
sid->u.ssl3.policy = ss->ssl3.policy;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves;
#endif
sid->u.ssl3.exchKeyType = effectiveExchKeyType;
@@ -12374,7 +12418,7 @@
ssl3_InitCipherSpec(ss, ss->ssl3.prSpec);
ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss);
#endif
ssl_ReleaseSpecWriteLock(ss);
diff --git a/net/third_party/nss/ssl/ssl3ecc.c b/net/third_party/nss/ssl/ssl3ecc.c
index 39f9af1..d5d6c9c 100644
--- a/net/third_party/nss/ssl/ssl3ecc.c
+++ b/net/third_party/nss/ssl/ssl3ecc.c
@@ -10,7 +10,7 @@
#include "nss.h"
#include "cert.h"
#include "ssl.h"
-#include "cryptohi.h" /* for DSAU_ stuff */
+#include "cryptohi.h" /* for DSAU_ stuff */
#include "keyhi.h"
#include "secder.h"
#include "secitem.h"
@@ -36,11 +36,11 @@
#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
#endif
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
#ifndef PK11_SETATTRS
#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
- (x)->pValue=(v); (x)->ulValueLen = (l);
+ (x)->pValue=(v); (x)->ulValueLen = (l);
#endif
#define SSL_GET_SERVER_PUBLIC_KEY(sock, type) \
@@ -62,61 +62,61 @@
* ECC-TLS IETF draft.
*/
static const SECOidTag ecName2OIDTag[] = {
- 0,
- SEC_OID_SECG_EC_SECT163K1, /* 1 */
- SEC_OID_SECG_EC_SECT163R1, /* 2 */
- SEC_OID_SECG_EC_SECT163R2, /* 3 */
- SEC_OID_SECG_EC_SECT193R1, /* 4 */
- SEC_OID_SECG_EC_SECT193R2, /* 5 */
- SEC_OID_SECG_EC_SECT233K1, /* 6 */
- SEC_OID_SECG_EC_SECT233R1, /* 7 */
- SEC_OID_SECG_EC_SECT239K1, /* 8 */
- SEC_OID_SECG_EC_SECT283K1, /* 9 */
- SEC_OID_SECG_EC_SECT283R1, /* 10 */
- SEC_OID_SECG_EC_SECT409K1, /* 11 */
- SEC_OID_SECG_EC_SECT409R1, /* 12 */
- SEC_OID_SECG_EC_SECT571K1, /* 13 */
- SEC_OID_SECG_EC_SECT571R1, /* 14 */
- SEC_OID_SECG_EC_SECP160K1, /* 15 */
- SEC_OID_SECG_EC_SECP160R1, /* 16 */
- SEC_OID_SECG_EC_SECP160R2, /* 17 */
- SEC_OID_SECG_EC_SECP192K1, /* 18 */
- SEC_OID_SECG_EC_SECP192R1, /* 19 */
- SEC_OID_SECG_EC_SECP224K1, /* 20 */
- SEC_OID_SECG_EC_SECP224R1, /* 21 */
- SEC_OID_SECG_EC_SECP256K1, /* 22 */
- SEC_OID_SECG_EC_SECP256R1, /* 23 */
- SEC_OID_SECG_EC_SECP384R1, /* 24 */
- SEC_OID_SECG_EC_SECP521R1, /* 25 */
+ 0,
+ SEC_OID_SECG_EC_SECT163K1, /* 1 */
+ SEC_OID_SECG_EC_SECT163R1, /* 2 */
+ SEC_OID_SECG_EC_SECT163R2, /* 3 */
+ SEC_OID_SECG_EC_SECT193R1, /* 4 */
+ SEC_OID_SECG_EC_SECT193R2, /* 5 */
+ SEC_OID_SECG_EC_SECT233K1, /* 6 */
+ SEC_OID_SECG_EC_SECT233R1, /* 7 */
+ SEC_OID_SECG_EC_SECT239K1, /* 8 */
+ SEC_OID_SECG_EC_SECT283K1, /* 9 */
+ SEC_OID_SECG_EC_SECT283R1, /* 10 */
+ SEC_OID_SECG_EC_SECT409K1, /* 11 */
+ SEC_OID_SECG_EC_SECT409R1, /* 12 */
+ SEC_OID_SECG_EC_SECT571K1, /* 13 */
+ SEC_OID_SECG_EC_SECT571R1, /* 14 */
+ SEC_OID_SECG_EC_SECP160K1, /* 15 */
+ SEC_OID_SECG_EC_SECP160R1, /* 16 */
+ SEC_OID_SECG_EC_SECP160R2, /* 17 */
+ SEC_OID_SECG_EC_SECP192K1, /* 18 */
+ SEC_OID_SECG_EC_SECP192R1, /* 19 */
+ SEC_OID_SECG_EC_SECP224K1, /* 20 */
+ SEC_OID_SECG_EC_SECP224R1, /* 21 */
+ SEC_OID_SECG_EC_SECP256K1, /* 22 */
+ SEC_OID_SECG_EC_SECP256R1, /* 23 */
+ SEC_OID_SECG_EC_SECP384R1, /* 24 */
+ SEC_OID_SECG_EC_SECP521R1, /* 25 */
};
static const PRUint16 curve2bits[] = {
- 0, /* ec_noName = 0, */
- 163, /* ec_sect163k1 = 1, */
- 163, /* ec_sect163r1 = 2, */
- 163, /* ec_sect163r2 = 3, */
- 193, /* ec_sect193r1 = 4, */
- 193, /* ec_sect193r2 = 5, */
- 233, /* ec_sect233k1 = 6, */
- 233, /* ec_sect233r1 = 7, */
- 239, /* ec_sect239k1 = 8, */
- 283, /* ec_sect283k1 = 9, */
- 283, /* ec_sect283r1 = 10, */
- 409, /* ec_sect409k1 = 11, */
- 409, /* ec_sect409r1 = 12, */
- 571, /* ec_sect571k1 = 13, */
- 571, /* ec_sect571r1 = 14, */
- 160, /* ec_secp160k1 = 15, */
- 160, /* ec_secp160r1 = 16, */
- 160, /* ec_secp160r2 = 17, */
- 192, /* ec_secp192k1 = 18, */
- 192, /* ec_secp192r1 = 19, */
- 224, /* ec_secp224k1 = 20, */
- 224, /* ec_secp224r1 = 21, */
- 256, /* ec_secp256k1 = 22, */
- 256, /* ec_secp256r1 = 23, */
- 384, /* ec_secp384r1 = 24, */
- 521, /* ec_secp521r1 = 25, */
+ 0, /* ec_noName = 0, */
+ 163, /* ec_sect163k1 = 1, */
+ 163, /* ec_sect163r1 = 2, */
+ 163, /* ec_sect163r2 = 3, */
+ 193, /* ec_sect193r1 = 4, */
+ 193, /* ec_sect193r2 = 5, */
+ 233, /* ec_sect233k1 = 6, */
+ 233, /* ec_sect233r1 = 7, */
+ 239, /* ec_sect239k1 = 8, */
+ 283, /* ec_sect283k1 = 9, */
+ 283, /* ec_sect283r1 = 10, */
+ 409, /* ec_sect409k1 = 11, */
+ 409, /* ec_sect409r1 = 12, */
+ 571, /* ec_sect571k1 = 13, */
+ 571, /* ec_sect571r1 = 14, */
+ 160, /* ec_secp160k1 = 15, */
+ 160, /* ec_secp160r1 = 16, */
+ 160, /* ec_secp160r2 = 17, */
+ 192, /* ec_secp192k1 = 18, */
+ 192, /* ec_secp192r1 = 19, */
+ 224, /* ec_secp224k1 = 20, */
+ 224, /* ec_secp224r1 = 21, */
+ 256, /* ec_secp256k1 = 22, */
+ 256, /* ec_secp256r1 = 23, */
+ 384, /* ec_secp384r1 = 24, */
+ 521, /* ec_secp521r1 = 25, */
65535 /* ec_pastLastName */
};
@@ -126,31 +126,31 @@
} Bits2Curve;
static const Bits2Curve bits2curve [] = {
- { 192, ec_secp192r1 /* = 19, fast */ },
- { 160, ec_secp160r2 /* = 17, fast */ },
- { 160, ec_secp160k1 /* = 15, */ },
- { 160, ec_secp160r1 /* = 16, */ },
- { 163, ec_sect163k1 /* = 1, */ },
- { 163, ec_sect163r1 /* = 2, */ },
- { 163, ec_sect163r2 /* = 3, */ },
- { 192, ec_secp192k1 /* = 18, */ },
- { 193, ec_sect193r1 /* = 4, */ },
- { 193, ec_sect193r2 /* = 5, */ },
- { 224, ec_secp224r1 /* = 21, fast */ },
- { 224, ec_secp224k1 /* = 20, */ },
- { 233, ec_sect233k1 /* = 6, */ },
- { 233, ec_sect233r1 /* = 7, */ },
- { 239, ec_sect239k1 /* = 8, */ },
- { 256, ec_secp256r1 /* = 23, fast */ },
- { 256, ec_secp256k1 /* = 22, */ },
- { 283, ec_sect283k1 /* = 9, */ },
- { 283, ec_sect283r1 /* = 10, */ },
- { 384, ec_secp384r1 /* = 24, fast */ },
- { 409, ec_sect409k1 /* = 11, */ },
- { 409, ec_sect409r1 /* = 12, */ },
- { 521, ec_secp521r1 /* = 25, fast */ },
- { 571, ec_sect571k1 /* = 13, */ },
- { 571, ec_sect571r1 /* = 14, */ },
+ { 192, ec_secp192r1 /* = 19, fast */ },
+ { 160, ec_secp160r2 /* = 17, fast */ },
+ { 160, ec_secp160k1 /* = 15, */ },
+ { 160, ec_secp160r1 /* = 16, */ },
+ { 163, ec_sect163k1 /* = 1, */ },
+ { 163, ec_sect163r1 /* = 2, */ },
+ { 163, ec_sect163r2 /* = 3, */ },
+ { 192, ec_secp192k1 /* = 18, */ },
+ { 193, ec_sect193r1 /* = 4, */ },
+ { 193, ec_sect193r2 /* = 5, */ },
+ { 224, ec_secp224r1 /* = 21, fast */ },
+ { 224, ec_secp224k1 /* = 20, */ },
+ { 233, ec_sect233k1 /* = 6, */ },
+ { 233, ec_sect233r1 /* = 7, */ },
+ { 239, ec_sect239k1 /* = 8, */ },
+ { 256, ec_secp256r1 /* = 23, fast */ },
+ { 256, ec_secp256k1 /* = 22, */ },
+ { 283, ec_sect283k1 /* = 9, */ },
+ { 283, ec_sect283r1 /* = 10, */ },
+ { 384, ec_secp384r1 /* = 24, fast */ },
+ { 409, ec_sect409k1 /* = 11, */ },
+ { 409, ec_sect409r1 /* = 12, */ },
+ { 521, ec_secp521r1 /* = 25, fast */ },
+ { 571, ec_sect571k1 /* = 13, */ },
+ { 571, ec_sect571r1 /* = 14, */ },
{ 65535, ec_noName }
};
@@ -163,21 +163,21 @@
/* arrays of ECDHE KeyPairs */
static ECDHEKeyPair gECDHEKeyPairs[ec_pastLastName];
-SECStatus
+SECStatus
ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params)
{
SECOidData *oidData = NULL;
if ((curve <= ec_noName) || (curve >= ec_pastLastName) ||
- ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
+ ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
- return SECFailure;
+ return SECFailure;
}
SECITEM_AllocItem(arena, params, (2 + oidData->oid.len));
- /*
+ /*
* params->data needs to contain the ASN encoding of an object ID (OID)
- * representing the named curve. The actual OID is in
+ * representing the named curve. The actual OID is in
* oidData->oid.data so we simply prepend 0x06 and OID length
*/
params->data[0] = SEC_ASN1_OBJECT_ID;
@@ -187,14 +187,14 @@
return SECSuccess;
}
-static ECName
+static ECName
params2ecName(SECKEYECParams * params)
{
SECItem oid = { siBuffer, NULL, 0};
SECOidData *oidData = NULL;
ECName i;
- /*
+ /*
* params->data needs to contain the ASN encoding of an object ID (OID)
* representing a named curve. Here, we strip away everything
* before the actual OID and use the OID to look up a named curve.
@@ -204,8 +204,8 @@
oid.data = params->data + 2;
if ((oidData = SECOID_FindOID(&oid)) == NULL) return ec_noName;
for (i = ec_noName + 1; i < ec_pastLastName; i++) {
- if (ecName2OIDTag[i] == oidData->offset)
- return i;
+ if (ecName2OIDTag[i] == oidData->offset)
+ return i;
}
return ec_noName;
@@ -214,13 +214,13 @@
/* Caller must set hiLevel error code. */
static SECStatus
ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
- SECItem ec_params, SECItem server_ecpoint,
- SSL3Random *client_rand, SSL3Random *server_rand,
- SSL3Hashes *hashes, PRBool bypassPKCS11)
+ SECItem ec_params, SECItem server_ecpoint,
+ SSL3Random *client_rand, SSL3Random *server_rand,
+ SSL3Hashes *hashes, PRBool bypassPKCS11)
{
PRUint8 * hashBuf;
PRUint8 * pBuf;
- SECStatus rv = SECSuccess;
+ SECStatus rv = SECSuccess;
unsigned int bufLen;
/*
* XXX For now, we only support named curves (the appropriate
@@ -232,37 +232,37 @@
bufLen = 2*SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
if (bufLen <= sizeof buf) {
- hashBuf = buf;
+ hashBuf = buf;
} else {
- hashBuf = PORT_Alloc(bufLen);
- if (!hashBuf) {
- return SECFailure;
- }
+ hashBuf = PORT_Alloc(bufLen);
+ if (!hashBuf) {
+ return SECFailure;
+ }
}
- memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
- pBuf = hashBuf + SSL3_RANDOM_LENGTH;
+ memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
+ pBuf = hashBuf + SSL3_RANDOM_LENGTH;
memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH);
- pBuf += SSL3_RANDOM_LENGTH;
+ pBuf += SSL3_RANDOM_LENGTH;
memcpy(pBuf, ec_params.data, ec_params.len);
- pBuf += ec_params.len;
+ pBuf += ec_params.len;
pBuf[0] = (PRUint8)(server_ecpoint.len);
pBuf += 1;
memcpy(pBuf, server_ecpoint.data, server_ecpoint.len);
- pBuf += server_ecpoint.len;
+ pBuf += server_ecpoint.len;
PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes,
- bypassPKCS11);
+ bypassPKCS11);
PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen));
PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result",
- hashes->u.s.md5, MD5_LENGTH));
+ hashes->u.s.md5, MD5_LENGTH));
PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result",
- hashes->u.s.sha, SHA1_LENGTH));
+ hashes->u.s.sha, SHA1_LENGTH));
if (hashBuf != buf)
- PORT_Free(hashBuf);
+ PORT_Free(hashBuf);
return rv;
}
@@ -271,12 +271,12 @@
SECStatus
ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
{
- PK11SymKey * pms = NULL;
- SECStatus rv = SECFailure;
+ PK11SymKey * pms = NULL;
+ SECStatus rv = SECFailure;
PRBool isTLS, isTLS12;
- CK_MECHANISM_TYPE target;
- SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */
- SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */
+ CK_MECHANISM_TYPE target;
+ SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */
+ SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
@@ -286,39 +286,39 @@
/* Generate ephemeral EC keypair */
if (svrPubKey->keyType != ecKey) {
- PORT_SetError(SEC_ERROR_BAD_KEY);
- goto loser;
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ goto loser;
}
/* XXX SHOULD CALL ssl3_CreateECDHEphemeralKeys here, instead! */
- privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams,
- &pubKey, ss->pkcs11PinArg);
+ privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams,
+ &pubKey, ss->pkcs11PinArg);
if (!privKey || !pubKey) {
- ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
- rv = SECFailure;
- goto loser;
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+ rv = SECFailure;
+ goto loser;
}
PRINT_BUF(50, (ss, "ECDH public value:",
- pubKey->u.ec.publicValue.data,
- pubKey->u.ec.publicValue.len));
+ pubKey->u.ec.publicValue.data,
+ pubKey->u.ec.publicValue.len));
if (isTLS12) {
- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+ target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
} else if (isTLS) {
- target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+ target = CKM_TLS_MASTER_KEY_DERIVE_DH;
} else {
- target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+ target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
}
/* Determine the PMS */
pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL,
- CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
- CKD_NULL, NULL, NULL);
+ CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+ CKD_NULL, NULL, NULL);
if (pms == NULL) {
- SSL3AlertDescription desc = illegal_parameter;
- (void)SSL3_SendAlert(ss, alert_fatal, desc);
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
+ SSL3AlertDescription desc = illegal_parameter;
+ (void)SSL3_SendAlert(ss, alert_fatal, desc);
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ goto loser;
}
SECKEY_DestroyPrivateKey(privKey);
@@ -328,24 +328,24 @@
PK11_FreeSymKey(pms); pms = NULL;
if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ goto loser;
}
- rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
- pubKey->u.ec.publicValue.len + 1);
+ rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
+ pubKey->u.ec.publicValue.len + 1);
if (rv != SECSuccess) {
- goto loser; /* err set by ssl3_AppendHandshake* */
+ goto loser; /* err set by ssl3_AppendHandshake* */
}
- rv = ssl3_AppendHandshakeVariable(ss,
- pubKey->u.ec.publicValue.data,
- pubKey->u.ec.publicValue.len, 1);
+ rv = ssl3_AppendHandshakeVariable(ss,
+ pubKey->u.ec.publicValue.data,
+ pubKey->u.ec.publicValue.len, 1);
SECKEY_DestroyPublicKey(pubKey);
pubKey = NULL;
if (rv != SECSuccess) {
- goto loser; /* err set by ssl3_AppendHandshake* */
+ goto loser; /* err set by ssl3_AppendHandshake* */
}
rv = SECSuccess;
@@ -363,59 +363,59 @@
*/
SECStatus
ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
- PRUint32 length,
+ PRUint32 length,
SECKEYPublicKey *srvrPubKey,
SECKEYPrivateKey *srvrPrivKey)
{
PK11SymKey * pms;
SECStatus rv;
SECKEYPublicKey clntPubKey;
- CK_MECHANISM_TYPE target;
+ CK_MECHANISM_TYPE target;
PRBool isTLS, isTLS12;
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
clntPubKey.keyType = ecKey;
- clntPubKey.u.ec.DEREncodedParams.len =
- srvrPubKey->u.ec.DEREncodedParams.len;
- clntPubKey.u.ec.DEREncodedParams.data =
- srvrPubKey->u.ec.DEREncodedParams.data;
+ clntPubKey.u.ec.DEREncodedParams.len =
+ srvrPubKey->u.ec.DEREncodedParams.len;
+ clntPubKey.u.ec.DEREncodedParams.data =
+ srvrPubKey->u.ec.DEREncodedParams.data;
- rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue,
- 1, &b, &length);
+ rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue,
+ 1, &b, &length);
if (rv != SECSuccess) {
- SEND_ALERT
- return SECFailure; /* XXX Who sets the error code?? */
+ SEND_ALERT
+ return SECFailure; /* XXX Who sets the error code?? */
}
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
if (isTLS12) {
- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+ target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
} else if (isTLS) {
- target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+ target = CKM_TLS_MASTER_KEY_DERIVE_DH;
} else {
- target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+ target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
}
/* Determine the PMS */
pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL,
- CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
- CKD_NULL, NULL, NULL);
+ CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+ CKD_NULL, NULL, NULL);
if (pms == NULL) {
- /* last gasp. */
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- return SECFailure;
+ /* last gasp. */
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ return SECFailure;
}
rv = ssl3_InitPendingCipherSpec(ss, pms);
PK11_FreeSymKey(pms);
if (rv != SECSuccess) {
- SEND_ALERT
- return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
+ SEND_ALERT
+ return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
}
return SECSuccess;
}
@@ -424,13 +424,13 @@
ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits)
{
int i;
-
+
for ( i = 0; bits2curve[i].curve != ec_noName; i++) {
- if (bits2curve[i].bits < requiredECCbits)
- continue;
- if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) {
- return bits2curve[i].curve;
- }
+ if (bits2curve[i].bits < requiredECCbits)
+ continue;
+ if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) {
+ return bits2curve[i].curve;
+ }
}
PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
return ec_noName;
@@ -448,24 +448,24 @@
int requiredECCbits = ss->sec.secretKeyBits * 2;
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa) {
- svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh);
- if (svrPublicKey)
- ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams);
- if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) {
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- return ec_noName;
- }
- signatureKeyStrength = curve2bits[ ec_curve ];
+ svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh);
+ if (svrPublicKey)
+ ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams);
+ if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) {
+ PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+ return ec_noName;
+ }
+ signatureKeyStrength = curve2bits[ ec_curve ];
} else {
/* RSA is our signing cert */
int serverKeyStrengthInBits;
-
+
svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_rsa);
if (!svrPublicKey) {
PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
return ec_noName;
}
-
+
/* currently strength in bytes */
serverKeyStrengthInBits = svrPublicKey->u.rsa.modulus.len;
if (svrPublicKey->u.rsa.modulus.data[0] == 0) {
@@ -473,28 +473,28 @@
}
/* convert to strength in bits */
serverKeyStrengthInBits *= BPB;
-
+
signatureKeyStrength =
- SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
+ SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
}
- if ( requiredECCbits > signatureKeyStrength )
+ if ( requiredECCbits > signatureKeyStrength )
requiredECCbits = signatureKeyStrength;
return ssl3_GetCurveWithECKeyStrength(ss->ssl3.hs.negotiatedECCurves,
- requiredECCbits);
+ requiredECCbits);
}
/* function to clear out the lists */
-static SECStatus
+static SECStatus
ssl3_ShutdownECDHECurves(void *appData, void *nssData)
{
int i;
ECDHEKeyPair *keyPair = &gECDHEKeyPairs[0];
for (i=0; i < ec_pastLastName; i++, keyPair++) {
- if (keyPair->pair) {
- ssl3_FreeKeyPair(keyPair->pair);
- }
+ if (keyPair->pair) {
+ ssl3_FreeKeyPair(keyPair->pair);
+ }
}
memset(gECDHEKeyPairs, 0, sizeof gECDHEKeyPairs);
return SECSuccess;
@@ -506,42 +506,52 @@
SECStatus rv;
rv = NSS_RegisterShutdown(ssl3_ShutdownECDHECurves, gECDHEKeyPairs);
if (rv != SECSuccess) {
- gECDHEKeyPairs[ec_noName].error = PORT_GetError();
+ gECDHEKeyPairs[ec_noName].error = PORT_GetError();
}
return (PRStatus)rv;
}
-/* CallOnce function, called once for each named curve. */
-static PRStatus
-ssl3_CreateECDHEphemeralKeyPair(void * arg)
+/* Create an ECDHE key pair for a given curve */
+static SECStatus
+ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve, ssl3KeyPair** keyPair)
{
SECKEYPrivateKey * privKey = NULL;
SECKEYPublicKey * pubKey = NULL;
- ssl3KeyPair * keyPair = NULL;
- ECName ec_curve = (ECName)arg;
SECKEYECParams ecParams = { siBuffer, NULL, 0 };
+ if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) {
+ return SECFailure;
+ }
+ privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);
+ SECITEM_FreeItem(&ecParams, PR_FALSE);
+
+ if (!privKey || !pubKey || !(*keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
+ if (privKey) {
+ SECKEY_DestroyPrivateKey(privKey);
+ }
+ if (pubKey) {
+ SECKEY_DestroyPublicKey(pubKey);
+ }
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+ return SECFailure;
+ }
+
+ return SECSuccess;
+}
+
+/* CallOnce function, called once for each named curve. */
+static PRStatus
+ssl3_CreateECDHEphemeralKeyPairOnce(void * arg)
+{
+ ECName ec_curve = (ECName)arg;
+ ssl3KeyPair * keyPair = NULL;
+
PORT_Assert(gECDHEKeyPairs[ec_curve].pair == NULL);
/* ok, no one has generated a global key for this curve yet, do so */
- if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) {
- gECDHEKeyPairs[ec_curve].error = PORT_GetError();
- return PR_FAILURE;
- }
-
- privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);
- SECITEM_FreeItem(&ecParams, PR_FALSE);
-
- if (!privKey || !pubKey || !(keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
- if (privKey) {
- SECKEY_DestroyPrivateKey(privKey);
- }
- if (pubKey) {
- SECKEY_DestroyPublicKey(pubKey);
- }
- ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
- gECDHEKeyPairs[ec_curve].error = PORT_GetError();
- return PR_FAILURE;
+ if (ssl3_CreateECDHEphemeralKeyPair(ec_curve, &keyPair) != SECSuccess) {
+ gECDHEKeyPairs[ec_curve].error = PORT_GetError();
+ return PR_FAILURE;
}
gECDHEKeyPairs[ec_curve].pair = keyPair;
@@ -560,30 +570,30 @@
static SECStatus
ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve)
{
- ssl3KeyPair * keyPair = NULL;
+ ssl3KeyPair * keyPair = NULL;
/* if there's no global key for this curve, make one. */
if (gECDHEKeyPairs[ec_curve].pair == NULL) {
- PRStatus status;
+ PRStatus status;
- status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister);
+ status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister);
if (status != PR_SUCCESS) {
- PORT_SetError(gECDHEKeyPairs[ec_noName].error);
- return SECFailure;
- }
- status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once,
- ssl3_CreateECDHEphemeralKeyPair,
- (void *)ec_curve);
+ PORT_SetError(gECDHEKeyPairs[ec_noName].error);
+ return SECFailure;
+ }
+ status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once,
+ ssl3_CreateECDHEphemeralKeyPairOnce,
+ (void *)ec_curve);
if (status != PR_SUCCESS) {
- PORT_SetError(gECDHEKeyPairs[ec_curve].error);
- return SECFailure;
- }
+ PORT_SetError(gECDHEKeyPairs[ec_curve].error);
+ return SECFailure;
+ }
}
keyPair = gECDHEKeyPairs[ec_curve].pair;
PORT_Assert(keyPair != NULL);
- if (!keyPair)
- return SECFailure;
+ if (!keyPair)
+ return SECFailure;
ss->ephemeralECDHKeyPair = ssl3_GetKeyPairRef(keyPair);
return SECSuccess;
@@ -618,55 +628,55 @@
ec_params.data = paramBuf;
rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length);
if (rv != SECSuccess) {
- goto loser; /* malformed. */
+ goto loser; /* malformed. */
}
/* Fail if the curve is not a named curve */
- if ((ec_params.data[0] != ec_type_named) ||
- (ec_params.data[1] != 0) ||
- !supportedCurve(ec_params.data[2])) {
- errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
- desc = handshake_failure;
- goto alert_loser;
+ if ((ec_params.data[0] != ec_type_named) ||
+ (ec_params.data[1] != 0) ||
+ !supportedCurve(ec_params.data[2])) {
+ errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+ desc = handshake_failure;
+ goto alert_loser;
}
rv = ssl3_ConsumeHandshakeVariable(ss, &ec_point, 1, &b, &length);
if (rv != SECSuccess) {
- goto loser; /* malformed. */
+ goto loser; /* malformed. */
}
/* Fail if the ec point uses compressed representation */
if (ec_point.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
- errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
- desc = handshake_failure;
- goto alert_loser;
+ errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
+ desc = handshake_failure;
+ goto alert_loser;
}
if (isTLS12) {
- rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
- &sigAndHash);
- if (rv != SECSuccess) {
- goto loser; /* malformed or unsupported. */
- }
- rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
- &sigAndHash, ss->sec.peerCert);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
+ &sigAndHash);
+ if (rv != SECSuccess) {
+ goto loser; /* malformed or unsupported. */
+ }
+ rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
+ &sigAndHash, ss->sec.peerCert);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
if (rv != SECSuccess) {
- goto loser; /* malformed. */
+ goto loser; /* malformed. */
}
if (length != 0) {
- if (isTLS)
- desc = decode_error;
- goto alert_loser; /* malformed. */
+ if (isTLS)
+ desc = decode_error;
+ goto alert_loser; /* malformed. */
}
- PRINT_BUF(60, (NULL, "Server EC params", ec_params.data,
- ec_params.len));
+ PRINT_BUF(60, (NULL, "Server EC params", ec_params.data,
+ ec_params.len));
PRINT_BUF(60, (NULL, "Server EC point", ec_point.data, ec_point.len));
/* failures after this point are not malformed handshakes. */
@@ -677,51 +687,51 @@
* check to make sure the hash is signed by right guy
*/
rv = ssl3_ComputeECDHKeyHash(sigAndHash.hashAlg, ec_params, ec_point,
- &ss->ssl3.hs.client_random,
- &ss->ssl3.hs.server_random,
- &hashes, ss->opt.bypassPKCS11);
+ &ss->ssl3.hs.client_random,
+ &ss->ssl3.hs.server_random,
+ &hashes, ss->opt.bypassPKCS11);
if (rv != SECSuccess) {
- errCode =
- ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto alert_loser;
+ errCode =
+ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto alert_loser;
}
rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature,
- isTLS, ss->pkcs11PinArg);
+ isTLS, ss->pkcs11PinArg);
if (rv != SECSuccess) {
- errCode =
- ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto alert_loser;
+ errCode =
+ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto alert_loser;
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- goto no_memory;
+ goto no_memory;
}
ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (peerKey == NULL) {
- goto no_memory;
+ goto no_memory;
}
peerKey->arena = arena;
peerKey->keyType = ecKey;
/* set up EC parameters in peerKey */
- if (ssl3_ECName2Params(arena, ec_params.data[2],
- &peerKey->u.ec.DEREncodedParams) != SECSuccess) {
- /* we should never get here since we already
- * checked that we are dealing with a supported curve
- */
- errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
- goto alert_loser;
+ if (ssl3_ECName2Params(arena, ec_params.data[2],
+ &peerKey->u.ec.DEREncodedParams) != SECSuccess) {
+ /* we should never get here since we already
+ * checked that we are dealing with a supported curve
+ */
+ errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+ goto alert_loser;
}
/* copy publicValue in peerKey */
if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point))
{
- PORT_FreeArena(arena, PR_FALSE);
- goto no_memory;
+ PORT_FreeArena(arena, PR_FALSE);
+ goto no_memory;
}
peerKey->pkcs11Slot = NULL;
peerKey->pkcs11ID = CK_INVALID_HANDLE;
@@ -737,7 +747,7 @@
PORT_SetError( errCode );
return SECFailure;
-no_memory: /* no-memory error has already been set. */
+no_memory: /* no-memory error has already been set. */
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
return SECFailure;
}
@@ -763,104 +773,110 @@
/* Generate ephemeral ECDH key pair and send the public key */
curve = ssl3_GetCurveNameForServerSocket(ss);
if (curve == ec_noName) {
- goto loser;
+ goto loser;
}
- rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
+
+ if (ss->opt.reuseServerECDHEKey) {
+ rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
+ } else {
+ rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair);
+ }
if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
- }
+ goto loser;
+ }
+
ecdhePub = ss->ephemeralECDHKeyPair->pubKey;
PORT_Assert(ecdhePub != NULL);
if (!ecdhePub) {
- PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- return SECFailure;
- }
-
+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ return SECFailure;
+ }
+
ec_params.len = sizeof paramBuf;
ec_params.data = paramBuf;
curve = params2ecName(&ecdhePub->u.ec.DEREncodedParams);
if (curve != ec_noName) {
- ec_params.data[0] = ec_type_named;
- ec_params.data[1] = 0x00;
- ec_params.data[2] = curve;
+ ec_params.data[0] = ec_type_named;
+ ec_params.data[1] = 0x00;
+ ec_params.data[2] = curve;
} else {
- PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
- goto loser;
- }
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+ goto loser;
+ }
rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg,
- ec_params,
- ecdhePub->u.ec.publicValue,
- &ss->ssl3.hs.client_random,
- &ss->ssl3.hs.server_random,
- &hashes, ss->opt.bypassPKCS11);
+ ec_params,
+ ecdhePub->u.ec.publicValue,
+ &ss->ssl3.hs.client_random,
+ &ss->ssl3.hs.server_random,
+ &hashes, ss->opt.bypassPKCS11);
if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto loser;
+ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto loser;
}
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
- /* XXX SSLKEAType isn't really a good choice for
+ /* XXX SSLKEAType isn't really a good choice for
* indexing certificates but that's all we have
* for now.
*/
if (kea_def->kea == kea_ecdhe_rsa)
- certIndex = kt_rsa;
+ certIndex = kt_rsa;
else /* kea_def->kea == kea_ecdhe_ecdsa */
- certIndex = kt_ecdh;
+ certIndex = kt_ecdh;
- rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
- &signed_hash, isTLS);
+ rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
+ &signed_hash, isTLS);
if (rv != SECSuccess) {
- goto loser; /* ssl3_SignHashes has set err. */
+ goto loser; /* ssl3_SignHashes has set err. */
}
if (signed_hash.data == NULL) {
- /* how can this happen and rv == SECSuccess ?? */
- PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto loser;
+ /* how can this happen and rv == SECSuccess ?? */
+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto loser;
}
- length = ec_params.len +
- 1 + ecdhePub->u.ec.publicValue.len +
- (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
+ length = ec_params.len +
+ 1 + ecdhePub->u.ec.publicValue.len +
+ (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
+ goto loser; /* err set by AppendHandshake. */
}
rv = ssl3_AppendHandshake(ss, ec_params.data, ec_params.len);
if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
+ goto loser; /* err set by AppendHandshake. */
}
rv = ssl3_AppendHandshakeVariable(ss, ecdhePub->u.ec.publicValue.data,
- ecdhePub->u.ec.publicValue.len, 1);
+ ecdhePub->u.ec.publicValue.len, 1);
if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
+ goto loser; /* err set by AppendHandshake. */
}
if (isTLS12) {
- rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
- if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
- }
+ rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
}
rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
- signed_hash.len, 2);
+ signed_hash.len, 2);
if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
+ goto loser; /* err set by AppendHandshake. */
}
PORT_Free(signed_hash.data);
return SECSuccess;
loser:
- if (signed_hash.data != NULL)
- PORT_Free(signed_hash.data);
+ if (signed_hash.data != NULL)
+ PORT_Free(signed_hash.data);
return SECFailure;
}
@@ -958,11 +974,11 @@
ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite)
{
if (!suite)
- suite = ecSuites;
+ suite = ecSuites;
for (; *suite; ++suite) {
- SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
+ SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
- PORT_Assert(rv == SECSuccess); /* else is coding error */
+ PORT_Assert(rv == SECSuccess); /* else is coding error */
}
return SECSuccess;
}
@@ -977,41 +993,41 @@
svrCert = ss->serverCerts[kt_rsa].serverCert;
if (!svrCert) {
- ssl3_DisableECCSuites(ss, ecdhe_rsa_suites);
+ ssl3_DisableECCSuites(ss, ecdhe_rsa_suites);
}
svrCert = ss->serverCerts[kt_ecdh].serverCert;
if (!svrCert) {
- ssl3_DisableECCSuites(ss, ecdh_suites);
- ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
+ ssl3_DisableECCSuites(ss, ecdh_suites);
+ ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
} else {
- SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
+ SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
- switch (sigTag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
- ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
- break;
- case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
- case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
- ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
- break;
- default:
- ssl3_DisableECCSuites(ss, ecdh_suites);
- break;
- }
+ switch (sigTag) {
+ case SEC_OID_PKCS1_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+ ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
+ case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
+ ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
+ break;
+ default:
+ ssl3_DisableECCSuites(ss, ecdh_suites);
+ break;
+ }
}
}
@@ -1026,18 +1042,18 @@
/* make sure we can do ECC */
slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE, ss->pkcs11PinArg);
if (!slot) {
- return PR_FALSE;
+ return PR_FALSE;
}
PK11_FreeSlot(slot);
/* make sure an ECC cipher is enabled */
for (suite = ecSuites; *suite; ++suite) {
- PRBool enabled = PR_FALSE;
- SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled);
+ PRBool enabled = PR_FALSE;
+ SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled);
- PORT_Assert(rv == SECSuccess); /* else is coding error */
- if (rv == SECSuccess && enabled)
- return PR_TRUE;
+ PORT_Assert(rv == SECSuccess); /* else is coding error */
+ if (rv == SECSuccess && enabled)
+ return PR_TRUE;
}
return PR_FALSE;
}
@@ -1045,7 +1061,7 @@
#define BE(n) 0, n
/* Prefabricated TLS client hello extension, Elliptic Curves List,
- * offers only 3 curves, the Suite B curves, 23-25
+ * offers only 3 curves, the Suite B curves, 23-25
*/
static const PRUint8 suiteBECList[12] = {
BE(10), /* Extension type */
@@ -1061,9 +1077,9 @@
BE(10), /* Extension type */
BE(52), /* octets that follow (25 pairs + 1 length pair) */
BE(50), /* octets that follow (25 pairs) */
- BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7),
- BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15),
- BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23),
+ BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7),
+ BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15),
+ BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23),
BE(24), BE(25)
};
@@ -1087,12 +1103,12 @@
/* See if we can support small curves (like 163). If not, assume we can
* only support Suite-B curves (P-256, P-384, P-521). */
PK11SlotInfo *slot =
- PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
- ss ? ss->pkcs11PinArg : NULL);
+ PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
+ ss ? ss->pkcs11PinArg : NULL);
if (!slot) {
- /* nope, presume we can only do suite B */
- return PR_TRUE;
+ /* nope, presume we can only do suite B */
+ return PR_TRUE;
}
/* we can, presume we can do all curves */
PK11_FreeSlot(slot);
@@ -1107,33 +1123,33 @@
*/
PRInt32
ssl3_SendSupportedCurvesXtn(
- sslSocket * ss,
- PRBool append,
- PRUint32 maxBytes)
+ sslSocket * ss,
+ PRBool append,
+ PRUint32 maxBytes)
{
PRInt32 ecListSize = 0;
const PRUint8 *ecList = NULL;
if (!ss || !ssl3_IsECCEnabled(ss))
- return 0;
+ return 0;
if (ssl3_SuiteBOnly(ss)) {
- ecListSize = sizeof suiteBECList;
- ecList = suiteBECList;
+ ecListSize = sizeof suiteBECList;
+ ecList = suiteBECList;
} else {
- ecListSize = sizeof tlsECList;
- ecList = tlsECList;
+ ecListSize = sizeof tlsECList;
+ ecList = tlsECList;
}
-
+
if (append && maxBytes >= ecListSize) {
- SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
- if (rv != SECSuccess)
- return -1;
- if (!ss->sec.isServer) {
- TLSExtensionData *xtnData = &ss->xtnData;
- xtnData->advertised[xtnData->numAdvertised++] =
- ssl_elliptic_curves_xtn;
- }
+ SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
+ if (rv != SECSuccess)
+ return -1;
+ if (!ss->sec.isServer) {
+ TLSExtensionData *xtnData = &ss->xtnData;
+ xtnData->advertised[xtnData->numAdvertised++] =
+ ssl_elliptic_curves_xtn;
+ }
}
return ecListSize;
}
@@ -1142,7 +1158,7 @@
ssl3_GetSupportedECCurveMask(sslSocket *ss)
{
if (ssl3_SuiteBOnly(ss)) {
- return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
+ return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
}
return SSL3_ALL_SUPPORTED_CURVES_MASK;
}
@@ -1152,21 +1168,21 @@
*/
PRInt32
ssl3_SendSupportedPointFormatsXtn(
- sslSocket * ss,
- PRBool append,
- PRUint32 maxBytes)
+ sslSocket * ss,
+ PRBool append,
+ PRUint32 maxBytes)
{
if (!ss || !ssl3_IsECCEnabled(ss))
- return 0;
+ return 0;
if (append && maxBytes >= (sizeof ecPtFmt)) {
- SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
- if (rv != SECSuccess)
- return -1;
- if (!ss->sec.isServer) {
- TLSExtensionData *xtnData = &ss->xtnData;
- xtnData->advertised[xtnData->numAdvertised++] =
- ssl_ec_point_formats_xtn;
- }
+ SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
+ if (rv != SECSuccess)
+ return -1;
+ if (!ss->sec.isServer) {
+ TLSExtensionData *xtnData = &ss->xtnData;
+ xtnData->advertised[xtnData->numAdvertised++] =
+ ssl_ec_point_formats_xtn;
+ }
}
return (sizeof ecPtFmt);
}
@@ -1182,17 +1198,17 @@
if (data->len < 2 || data->len > 255 || !data->data ||
data->len != (unsigned int)data->data[0] + 1) {
- /* malformed */
- goto loser;
+ /* malformed */
+ goto loser;
}
for (i = data->len; --i > 0; ) {
- if (data->data[i] == 0) {
- /* indicate that we should send a reply */
- SECStatus rv;
- rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
- &ssl3_SendSupportedPointFormatsXtn);
- return rv;
- }
+ if (data->data[i] == 0) {
+ /* indicate that we should send a reply */
+ SECStatus rv;
+ rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
+ &ssl3_SendSupportedPointFormatsXtn);
+ return rv;
+ }
}
loser:
/* evil client doesn't support uncompressed */
@@ -1206,14 +1222,14 @@
ss->serverCerts[type].serverKeyPair->pubKey : NULL)
/* Extract the TLS curve name for the public key in our EC server cert. */
-ECName ssl3_GetSvrCertCurveName(sslSocket *ss)
+ECName ssl3_GetSvrCertCurveName(sslSocket *ss)
{
- SECKEYPublicKey *srvPublicKey;
- ECName ec_curve = ec_noName;
+ SECKEYPublicKey *srvPublicKey;
+ ECName ec_curve = ec_noName;
srvPublicKey = SSL3_GET_SERVER_PUBLICKEY(ss, kt_ecdh);
if (srvPublicKey) {
- ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams);
+ ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams);
}
return ec_curve;
}
@@ -1230,37 +1246,37 @@
PRUint16 svrCertCurveName;
if (!data->data || data->len < 4 || data->len > 65535)
- goto loser;
+ goto loser;
/* get the length of elliptic_curve_list */
list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) {
- /* malformed */
- goto loser;
+ /* malformed */
+ goto loser;
}
/* build bit vector of peer's supported curve names */
while (data->len) {
- PRInt32 curve_name =
- ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
- if (curve_name > ec_noName && curve_name < ec_pastLastName) {
- peerCurves |= (1U << curve_name);
- }
+ PRInt32 curve_name =
+ ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
+ if (curve_name > ec_noName && curve_name < ec_pastLastName) {
+ peerCurves |= (1U << curve_name);
+ }
}
/* What curves do we support in common? */
mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves;
if (!mutualCurves) { /* no mutually supported EC Curves */
- goto loser;
+ goto loser;
}
- /* if our ECC cert doesn't use one of these supported curves,
- * disable ECC cipher suites that require an ECC cert.
+ /* if our ECC cert doesn't use one of these supported curves,
+ * disable ECC cipher suites that require an ECC cert.
*/
svrCertCurveName = ssl3_GetSvrCertCurveName(ss);
if (svrCertCurveName != ec_noName &&
(mutualCurves & (1U << svrCertCurveName)) != 0) {
- return SECSuccess;
+ return SECSuccess;
}
/* Our EC cert doesn't contain a mutually supported curve.
- * Disable all ECC cipher suites that require an EC cert
+ * Disable all ECC cipher suites that require an EC cert
*/
ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
@@ -1272,4 +1288,4 @@
return SECFailure;
}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index f6530fe7..697a313 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
+++ b/net/third_party/nss/ssl/ssl3ext.c
@@ -48,20 +48,20 @@
#endif
static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss,
PRBool append, PRUint32 maxBytes);
-static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss,
+static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
+ PRUint16 ex_type, SECItem *data);
static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
+ PRUint16 ex_type, SECItem *data);
static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
+ PRUint16 ex_type, SECItem *data);
static SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data);
static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append,
- PRUint32 maxBytes);
+ PRUint32 maxBytes);
static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append,
@@ -72,7 +72,7 @@
PRUint16 ex_type, SECItem *data);
static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
-static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
+static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
PRBool append, PRUint32 maxBytes);
static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
@@ -86,11 +86,16 @@
static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data);
static PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
- PRBool append,
- PRUint32 maxBytes);
+ PRBool append,
+ PRUint32 maxBytes);
static SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
- PRUint16 ex_type,
- SECItem *data);
+ PRUint16 ex_type,
+ SECItem *data);
+
+static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
+ PRUint32 maxBytes);
+static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type,
+ SECItem *data);
/*
* Write bytes. Using this function means the SECItem structure
@@ -101,7 +106,7 @@
ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes)
{
if (bytes > item->len)
- return SECFailure;
+ return SECFailure;
PORT_Memcpy(item->data, buf, bytes);
item->data += bytes;
@@ -123,13 +128,13 @@
switch (lenSize) {
case 4:
- *p++ = (PRUint8) (num >> 24);
+ *p++ = (PRUint8) (num >> 24);
case 3:
- *p++ = (PRUint8) (num >> 16);
+ *p++ = (PRUint8) (num >> 16);
case 2:
- *p++ = (PRUint8) (num >> 8);
+ *p++ = (PRUint8) (num >> 8);
case 1:
- *p = (PRUint8) num;
+ *p = (PRUint8) num;
}
rv = ssl3_AppendToItem(item, &b[0], lenSize);
return rv;
@@ -138,15 +143,15 @@
static SECStatus ssl3_SessionTicketShutdown(void* appData, void* nssData)
{
if (session_ticket_enc_key_pkcs11) {
- PK11_FreeSymKey(session_ticket_enc_key_pkcs11);
- session_ticket_enc_key_pkcs11 = NULL;
+ PK11_FreeSymKey(session_ticket_enc_key_pkcs11);
+ session_ticket_enc_key_pkcs11 = NULL;
}
if (session_ticket_mac_key_pkcs11) {
- PK11_FreeSymKey(session_ticket_mac_key_pkcs11);
- session_ticket_mac_key_pkcs11 = NULL;
+ PK11_FreeSymKey(session_ticket_mac_key_pkcs11);
+ session_ticket_mac_key_pkcs11 = NULL;
}
PORT_Memset(&generate_session_keys_once, 0,
- sizeof(generate_session_keys_once));
+ sizeof(generate_session_keys_once));
return SECSuccess;
}
@@ -160,22 +165,22 @@
SECKEYPublicKey *svrPubKey = ss->serverCerts[kt_rsa].serverKeyPair->pubKey;
if (svrPrivKey == NULL || svrPubKey == NULL) {
- SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.",
- SSL_GETPID(), ss->fd));
- goto loser;
+ SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.",
+ SSL_GETPID(), ss->fd));
+ goto loser;
}
/* Get a copy of the session keys from shared memory. */
PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
- sizeof(SESS_TICKET_KEY_NAME_PREFIX));
+ sizeof(SESS_TICKET_KEY_NAME_PREFIX));
if (!ssl_GetSessionTicketKeysPKCS11(svrPrivKey, svrPubKey,
- ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
- &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11))
- return PR_FAILURE;
+ ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
+ &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11))
+ return PR_FAILURE;
rv = NSS_RegisterShutdown(ssl3_SessionTicketShutdown, NULL);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
return PR_SUCCESS;
@@ -189,12 +194,12 @@
PK11SymKey **mac_key)
{
if (PR_CallOnceWithArg(&generate_session_keys_once,
- ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS)
- return SECFailure;
+ ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS)
+ return SECFailure;
if (session_ticket_enc_key_pkcs11 == NULL ||
- session_ticket_mac_key_pkcs11 == NULL)
- return SECFailure;
+ session_ticket_mac_key_pkcs11 == NULL)
+ return SECFailure;
*aes_key = session_ticket_enc_key_pkcs11;
*mac_key = session_ticket_mac_key_pkcs11;
@@ -206,11 +211,11 @@
ssl3_GenerateSessionTicketKeys(void)
{
PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
- sizeof(SESS_TICKET_KEY_NAME_PREFIX));
+ sizeof(SESS_TICKET_KEY_NAME_PREFIX));
if (!ssl_GetSessionTicketKeys(&key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
- session_ticket_enc_key, session_ticket_mac_key))
- return PR_FAILURE;
+ session_ticket_enc_key, session_ticket_mac_key))
+ return PR_FAILURE;
session_ticket_keys_initialized = PR_TRUE;
return PR_SUCCESS;
@@ -222,11 +227,11 @@
PRUint32 *mac_key_length)
{
if (PR_CallOnce(&generate_session_keys_once,
- ssl3_GenerateSessionTicketKeys) != PR_SUCCESS)
- return SECFailure;
+ ssl3_GenerateSessionTicketKeys) != PR_SUCCESS)
+ return SECFailure;
if (!session_ticket_keys_initialized)
- return SECFailure;
+ return SECFailure;
*aes_key = session_ticket_enc_key;
*aes_key_length = sizeof(session_ticket_enc_key);
@@ -244,7 +249,7 @@
/* This table is used by the server, to handle client hello extensions. */
static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
{ ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
{ ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn },
{ ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn },
#endif
@@ -255,6 +260,7 @@
{ ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
{ ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
+ { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn },
{ -1, NULL }
};
@@ -286,11 +292,11 @@
* The server's table of hello senders is dynamic, in the socket struct,
* and sender functions are registered there.
*/
-static const
+static const
ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_server_name_xtn, &ssl3_SendServerNameXtn },
{ ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
{ ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
{ ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
#endif
@@ -303,13 +309,15 @@
{ ssl_signed_certificate_timestamp_xtn,
&ssl3_ClientSendSignedCertTimestampXtn },
/* WebSphere Application Server 7.0 is intolerant to the last extension
- * being zero-length. It is not intolerant of TLS 1.2, so move
- * signature_algorithms to the end. */
- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
+ * being zero-length. It is not intolerant of TLS 1.2, so ensure that
+ * signature_algorithms is at the end to guarantee a non-empty
+ * extension. */
+ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+ { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
/* any extra entries will appear as { 0, NULL } */
};
-static const
+static const
ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
{ ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
/* any extra entries will appear as { 0, NULL } */
@@ -320,8 +328,8 @@
{
int i;
for (i = 0; i < len; i++) {
- if (ex_type == array[i])
- return PR_TRUE;
+ if (ex_type == array[i])
+ return PR_TRUE;
}
return PR_FALSE;
}
@@ -330,14 +338,14 @@
ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) {
TLSExtensionData *xtnData = &ss->xtnData;
return arrayContainsExtension(xtnData->negotiated,
- xtnData->numNegotiated, ex_type);
+ xtnData->numNegotiated, ex_type);
}
static PRBool
ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) {
TLSExtensionData *xtnData = &ss->xtnData;
return arrayContainsExtension(xtnData->advertised,
- xtnData->numAdvertised, ex_type);
+ xtnData->numAdvertised, ex_type);
}
/* Format an SNI extension, using the name from the socket's URL,
@@ -350,11 +358,11 @@
{
SECStatus rv;
if (!ss)
- return 0;
+ return 0;
if (!ss->sec.isServer) {
PRUint32 len;
PRNetAddr netAddr;
-
+
/* must have a hostname */
if (!ss->url || !ss->url[0])
return 0;
@@ -366,10 +374,10 @@
len = PORT_Strlen(ss->url);
if (append && maxBytes >= len + 9) {
/* extension_type */
- rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
if (rv != SECSuccess) return -1;
/* length of extension_data */
- rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2);
+ rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2);
if (rv != SECSuccess) return -1;
/* length of server_name_list */
rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2);
@@ -382,8 +390,8 @@
if (rv != SECSuccess) return -1;
if (!ss->sec.isServer) {
TLSExtensionData *xtnData = &ss->xtnData;
- xtnData->advertised[xtnData->numAdvertised++] =
- ssl_server_name_xtn;
+ xtnData->advertised[xtnData->numAdvertised++] =
+ ssl_server_name_xtn;
}
}
return len + 9;
@@ -425,7 +433,7 @@
return SECSuccess;
}
/* length of server_name_list */
- listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
+ listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
if (listLenBytes == 0 || listLenBytes != data->len) {
return SECFailure;
}
@@ -436,7 +444,7 @@
SECStatus rv;
PRInt32 type;
/* Name Type (sni_host_name) */
- type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len);
+ type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len);
if (!ldata.len) {
return SECFailure;
}
@@ -464,7 +472,7 @@
SECStatus rv;
PRBool nametypePresent = PR_FALSE;
/* Name Type (sni_host_name) */
- type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len);
+ type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len);
/* Check if we have such type in the list */
for (j = 0;j < listCount && names[j].data;j++) {
if (names[j].type == type) {
@@ -496,16 +504,16 @@
PORT_Free(names);
return SECFailure;
}
-
+
/* Called by both clients and servers.
* Clients sends a filled in session ticket if one is available, and otherwise
* sends an empty ticket. Servers always send empty tickets.
*/
PRInt32
ssl3_SendSessionTicketXtn(
- sslSocket * ss,
- PRBool append,
- PRUint32 maxBytes)
+ sslSocket * ss,
+ PRBool append,
+ PRUint32 maxBytes)
{
PRInt32 extension_length;
NewSessionTicket *session_ticket = NULL;
@@ -513,7 +521,7 @@
/* Ignore the SessionTicket extension if processing is disabled. */
if (!ss->opt.enableSessionTickets)
- return 0;
+ return 0;
/* Empty extension length = extension_type (2-bytes) +
* length(extension_data) (2-bytes)
@@ -525,53 +533,53 @@
* the extension always respond with an empty extension.
*/
if (!ss->sec.isServer) {
- /* The caller must be holding sid->u.ssl3.lock for reading. We cannot
- * just acquire and release the lock within this function because the
- * caller will call this function twice, and we need the inputs to be
- * consistent between the two calls. Note that currently the caller
- * will only be holding the lock when we are the client and when we're
- * attempting to resume an existing session.
- */
+ /* The caller must be holding sid->u.ssl3.lock for reading. We cannot
+ * just acquire and release the lock within this function because the
+ * caller will call this function twice, and we need the inputs to be
+ * consistent between the two calls. Note that currently the caller
+ * will only be holding the lock when we are the client and when we're
+ * attempting to resume an existing session.
+ */
- session_ticket = &sid->u.ssl3.locked.sessionTicket;
- if (session_ticket->ticket.data) {
- if (ss->xtnData.ticketTimestampVerified) {
- extension_length += session_ticket->ticket.len;
- } else if (!append &&
- (session_ticket->ticket_lifetime_hint == 0 ||
- (session_ticket->ticket_lifetime_hint +
- session_ticket->received_timestamp > ssl_Time()))) {
- extension_length += session_ticket->ticket.len;
- ss->xtnData.ticketTimestampVerified = PR_TRUE;
- }
- }
+ session_ticket = &sid->u.ssl3.locked.sessionTicket;
+ if (session_ticket->ticket.data) {
+ if (ss->xtnData.ticketTimestampVerified) {
+ extension_length += session_ticket->ticket.len;
+ } else if (!append &&
+ (session_ticket->ticket_lifetime_hint == 0 ||
+ (session_ticket->ticket_lifetime_hint +
+ session_ticket->received_timestamp > ssl_Time()))) {
+ extension_length += session_ticket->ticket.len;
+ ss->xtnData.ticketTimestampVerified = PR_TRUE;
+ }
+ }
}
if (append && maxBytes >= extension_length) {
- SECStatus rv;
- /* extension_type */
+ SECStatus rv;
+ /* extension_type */
rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
if (rv != SECSuccess)
- goto loser;
- if (session_ticket && session_ticket->ticket.data &&
- ss->xtnData.ticketTimestampVerified) {
- rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data,
- session_ticket->ticket.len, 2);
- ss->xtnData.ticketTimestampVerified = PR_FALSE;
- ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
- } else {
- rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
- }
+ goto loser;
+ if (session_ticket && session_ticket->ticket.data &&
+ ss->xtnData.ticketTimestampVerified) {
+ rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data,
+ session_ticket->ticket.len, 2);
+ ss->xtnData.ticketTimestampVerified = PR_FALSE;
+ ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
+ } else {
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+ }
if (rv != SECSuccess)
- goto loser;
+ goto loser;
- if (!ss->sec.isServer) {
- TLSExtensionData *xtnData = &ss->xtnData;
- xtnData->advertised[xtnData->numAdvertised++] =
- ssl_session_ticket_xtn;
- }
+ if (!ss->sec.isServer) {
+ TLSExtensionData *xtnData = &ss->xtnData;
+ xtnData->advertised[xtnData->numAdvertised++] =
+ ssl_session_ticket_xtn;
+ }
} else if (maxBytes < extension_length) {
- PORT_Assert(0);
+ PORT_Assert(0);
return 0;
}
return extension_length;
@@ -587,9 +595,9 @@
SECItem *data)
{
if (ss->firstHsDone || data->len != 0) {
- /* Clients MUST send an empty NPN extension, if any. */
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
- return SECFailure;
+ /* Clients MUST send an empty NPN extension, if any. */
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+ return SECFailure;
}
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -610,20 +618,20 @@
unsigned int offset = 0;
while (offset < length) {
- unsigned int newOffset = offset + 1 + (unsigned int) data[offset];
- /* Reject embedded nulls to protect against buggy applications that
- * store protocol identifiers in null-terminated strings.
- */
- if (newOffset > length || data[offset] == 0) {
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
- return SECFailure;
- }
- offset = newOffset;
+ unsigned int newOffset = offset + 1 + (unsigned int) data[offset];
+ /* Reject embedded nulls to protect against buggy applications that
+ * store protocol identifiers in null-terminated strings.
+ */
+ if (newOffset > length || data[offset] == 0) {
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+ return SECFailure;
+ }
+ offset = newOffset;
}
if (offset > length) {
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
- return SECFailure;
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+ return SECFailure;
}
return SECSuccess;
@@ -719,13 +727,14 @@
PORT_Assert(!ss->firstHsDone);
if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {
- /* If the server negotiated ALPN then it has already told us what protocol
- * to use, so it doesn't make sense for us to try to negotiate a different
- * one by sending the NPN handshake message. However, if we've negotiated
- * NPN then we're required to send the NPN handshake message. Thus, these
- * two extensions cannot both be negotiated on the same connection. */
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ /* If the server negotiated ALPN then it has already told us what
+ * protocol to use, so it doesn't make sense for us to try to negotiate
+ * a different one by sending the NPN handshake message. However, if
+ * we've negotiated NPN then we're required to send the NPN handshake
+ * message. Thus, these two extensions cannot both be negotiated on the
+ * same connection. */
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
/* We should only get this call if we sent the extension, so
@@ -733,8 +742,8 @@
* that an application erroneously cleared the callback between the time
* we sent the ClientHello and now. */
if (!ss->nextProtoCallback) {
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
- return SECFailure;
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
+ return SECFailure;
}
return ssl3_SelectAppProtocol(ss, ex_type, data);
@@ -748,8 +757,8 @@
SECItem protocol_name;
if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
/* The extension data from the server has the following format:
@@ -757,15 +766,15 @@
* uint8 len;
* uint8 protocol_name[len]; */
if (data->len < 4 || data->len > 2 + 1 + 255) {
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
- return SECFailure;
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+ return SECFailure;
}
name_list_len = ((PRUint16) d[0]) << 8 |
- ((PRUint16) d[1]);
+ ((PRUint16) d[1]);
if (name_list_len != data->len - 2 || d[2] != data->len - 3) {
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
- return SECFailure;
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+ return SECFailure;
}
protocol_name.data = data->data + 3;
@@ -779,29 +788,29 @@
static PRInt32
ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append,
- PRUint32 maxBytes)
+ PRUint32 maxBytes)
{
PRInt32 extension_length;
/* Renegotiations do not send this extension. */
if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) {
- return 0;
+ return 0;
}
extension_length = 4;
if (append && maxBytes >= extension_length) {
- SECStatus rv;
- rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
- if (rv != SECSuccess)
- goto loser;
- rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
- if (rv != SECSuccess)
- goto loser;
- ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
- ssl_next_proto_nego_xtn;
+ SECStatus rv;
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
+ if (rv != SECSuccess)
+ goto loser;
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+ if (rv != SECSuccess)
+ goto loser;
+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+ ssl_next_proto_nego_xtn;
} else if (maxBytes < extension_length) {
- return 0;
+ return 0;
}
return extension_length;
@@ -818,62 +827,62 @@
/* Renegotiations do not send this extension. */
if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) {
- return 0;
+ return 0;
}
extension_length = 2 /* extension type */ + 2 /* extension length */ +
- 2 /* protocol name list length */ +
- ss->opt.nextProtoNego.len;
+ 2 /* protocol name list length */ +
+ ss->opt.nextProtoNego.len;
if (append && maxBytes >= extension_length) {
- /* NPN requires that the client's fallback protocol is first in the
- * list. However, ALPN sends protocols in preference order. So we
- * allocate a buffer and move the first protocol to the end of the
- * list. */
- SECStatus rv;
- const unsigned int len = ss->opt.nextProtoNego.len;
+ /* NPN requires that the client's fallback protocol is first in the
+ * list. However, ALPN sends protocols in preference order. So we
+ * allocate a buffer and move the first protocol to the end of the
+ * list. */
+ SECStatus rv;
+ const unsigned int len = ss->opt.nextProtoNego.len;
- alpn_protos = PORT_Alloc(len);
- if (alpn_protos == NULL) {
- return SECFailure;
- }
- if (len > 0) {
- /* Each protocol string is prefixed with a single byte length. */
- unsigned int i = ss->opt.nextProtoNego.data[0] + 1;
- if (i <= len) {
- memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
- memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
- } else {
- /* This seems to be invalid data so we'll send as-is. */
- memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
- }
- }
+ alpn_protos = PORT_Alloc(len);
+ if (alpn_protos == NULL) {
+ return SECFailure;
+ }
+ if (len > 0) {
+ /* Each protocol string is prefixed with a single byte length. */
+ unsigned int i = ss->opt.nextProtoNego.data[0] + 1;
+ if (i <= len) {
+ memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
+ memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
+ } else {
+ /* This seems to be invalid data so we'll send as-is. */
+ memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
+ }
+ }
- rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2);
- PORT_Free(alpn_protos);
- alpn_protos = NULL;
- if (rv != SECSuccess) {
- goto loser;
- }
- ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
- ssl_app_layer_protocol_xtn;
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2);
+ PORT_Free(alpn_protos);
+ alpn_protos = NULL;
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+ ssl_app_layer_protocol_xtn;
} else if (maxBytes < extension_length) {
- return 0;
+ return 0;
}
return extension_length;
loser:
if (alpn_protos) {
- PORT_Free(alpn_protos);
+ PORT_Free(alpn_protos);
}
return -1;
}
@@ -883,6 +892,7 @@
{
PRInt32 extension_length;
+ /* we're in over our heads if any of these fail */
PORT_Assert(ss->opt.enableALPN);
PORT_Assert(ss->ssl3.nextProto.data);
PORT_Assert(ss->ssl3.nextProto.len > 0);
@@ -979,8 +989,9 @@
SECItem *data)
{
/* The echoed extension must be empty. */
- if (data->len != 0)
- return SECFailure;
+ if (data->len != 0) {
+ return SECSuccess; /* Ignore the extension. */
+ }
/* Keep track of negotiated extensions. */
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -990,9 +1001,9 @@
static PRInt32
ssl3_ServerSendStatusRequestXtn(
- sslSocket * ss,
- PRBool append,
- PRUint32 maxBytes)
+ sslSocket * ss,
+ PRBool append,
+ PRUint32 maxBytes)
{
PRInt32 extension_length;
SECStatus rv;
@@ -1000,29 +1011,29 @@
PRBool haveStatus = PR_FALSE;
for (i = kt_null; i < kt_kea_size; i++) {
- /* TODO: This is a temporary workaround.
- * The correct code needs to see if we have an OCSP response for
- * the server certificate being used, rather than if we have any
- * OCSP response. See also ssl3_SendCertificateStatus.
- */
- if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) {
- haveStatus = PR_TRUE;
- break;
- }
+ /* TODO: This is a temporary workaround.
+ * The correct code needs to see if we have an OCSP response for
+ * the server certificate being used, rather than if we have any
+ * OCSP response. See also ssl3_SendCertificateStatus.
+ */
+ if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) {
+ haveStatus = PR_TRUE;
+ break;
+ }
}
if (!haveStatus)
- return 0;
+ return 0;
extension_length = 2 + 2;
if (append && maxBytes >= extension_length) {
- /* extension_type */
- rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
- if (rv != SECSuccess)
- return -1;
- /* length of extension_data */
- rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
- if (rv != SECSuccess)
- return -1;
+ /* extension_type */
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+ if (rv != SECSuccess)
+ return -1;
+ /* length of extension_data */
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+ if (rv != SECSuccess)
+ return -1;
}
return extension_length;
@@ -1132,14 +1143,14 @@
* must be >= 0 */
SSL_TRC(3, ("%d: SSL3[%d]: send session_ticket handshake",
- SSL_GETPID(), ss->fd));
+ SSL_GETPID(), ss->fd));
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
ticket.ticket_lifetime_hint = TLS_EX_SESS_TICKET_LIFETIME_HINT;
cert_length = (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) ?
- 3 + ss->sec.ci.sid->peerCert->derCert.len : 0;
+ 3 + ss->sec.ci.sid->peerCert->derCert.len : 0;
/* Get IV and encryption keys */
ivItem.data = iv;
@@ -1149,47 +1160,47 @@
#ifndef NO_PKCS11_BYPASS
if (ss->opt.bypassPKCS11) {
- rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
- &mac_key, &mac_key_length);
- } else
+ rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
+ &mac_key, &mac_key_length);
+ } else
#endif
{
- rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
- &mac_key_pkcs11);
+ rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
+ &mac_key_pkcs11);
}
if (rv != SECSuccess) goto loser;
if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) {
- /* The master secret is available unwrapped. */
- ms_item.data = ss->ssl3.pwSpec->msItem.data;
- ms_item.len = ss->ssl3.pwSpec->msItem.len;
- ms_is_wrapped = PR_FALSE;
+ /* The master secret is available unwrapped. */
+ ms_item.data = ss->ssl3.pwSpec->msItem.data;
+ ms_item.len = ss->ssl3.pwSpec->msItem.len;
+ ms_is_wrapped = PR_FALSE;
} else {
- /* Extract the master secret wrapped. */
- sslSessionID sid;
- PORT_Memset(&sid, 0, sizeof(sslSessionID));
+ /* Extract the master secret wrapped. */
+ sslSessionID sid;
+ PORT_Memset(&sid, 0, sizeof(sslSessionID));
- if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
- effectiveExchKeyType = kt_rsa;
- } else {
- effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
- }
+ if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
+ effectiveExchKeyType = kt_rsa;
+ } else {
+ effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
+ }
- rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec,
- effectiveExchKeyType);
- if (rv == SECSuccess) {
- if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
- goto loser;
- memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
- sid.u.ssl3.keys.wrapped_master_secret_len);
- ms_item.data = wrapped_ms;
- ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
- msWrapMech = sid.u.ssl3.masterWrapMech;
- } else {
- /* TODO: else send an empty ticket. */
- goto loser;
- }
- ms_is_wrapped = PR_TRUE;
+ rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec,
+ effectiveExchKeyType);
+ if (rv == SECSuccess) {
+ if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
+ goto loser;
+ memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
+ sid.u.ssl3.keys.wrapped_master_secret_len);
+ ms_item.data = wrapped_ms;
+ ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
+ msWrapMech = sid.u.ssl3.masterWrapMech;
+ } else {
+ /* TODO: else send an empty ticket. */
+ goto loser;
+ }
+ ms_is_wrapped = PR_TRUE;
}
/* Prep to send negotiated name */
srvName = &ss->ssl3.pwSpec->srvVirtName;
@@ -1197,55 +1208,55 @@
srvNameLen = 2 + srvName->len; /* len bytes + name len */
}
- ciphertext_length =
- sizeof(PRUint16) /* ticket_version */
- + sizeof(SSL3ProtocolVersion) /* ssl_version */
- + sizeof(ssl3CipherSuite) /* ciphersuite */
- + 1 /* compression */
- + 10 /* cipher spec parameters */
- + 1 /* SessionTicket.ms_is_wrapped */
- + 1 /* effectiveExchKeyType */
- + 4 /* msWrapMech */
- + 2 /* master_secret.length */
- + ms_item.len /* master_secret */
- + 1 /* client_auth_type */
- + cert_length /* cert */
+ ciphertext_length =
+ sizeof(PRUint16) /* ticket_version */
+ + sizeof(SSL3ProtocolVersion) /* ssl_version */
+ + sizeof(ssl3CipherSuite) /* ciphersuite */
+ + 1 /* compression */
+ + 10 /* cipher spec parameters */
+ + 1 /* SessionTicket.ms_is_wrapped */
+ + 1 /* effectiveExchKeyType */
+ + 4 /* msWrapMech */
+ + 2 /* master_secret.length */
+ + ms_item.len /* master_secret */
+ + 1 /* client_auth_type */
+ + cert_length /* cert */
+ 1 /* server name type */
+ srvNameLen /* name len + length field */
- + sizeof(ticket.ticket_lifetime_hint);
+ + sizeof(ticket.ticket_lifetime_hint);
padding_length = AES_BLOCK_SIZE -
- (ciphertext_length % AES_BLOCK_SIZE);
+ (ciphertext_length % AES_BLOCK_SIZE);
ciphertext_length += padding_length;
message_length =
- sizeof(ticket.ticket_lifetime_hint) /* ticket_lifetime_hint */
- + 2 /* length field for NewSessionTicket.ticket */
- + SESS_TICKET_KEY_NAME_LEN /* key_name */
- + AES_BLOCK_SIZE /* iv */
- + 2 /* length field for NewSessionTicket.ticket.encrypted_state */
- + ciphertext_length /* encrypted_state */
- + TLS_EX_SESS_TICKET_MAC_LENGTH; /* mac */
+ sizeof(ticket.ticket_lifetime_hint) /* ticket_lifetime_hint */
+ + 2 /* length field for NewSessionTicket.ticket */
+ + SESS_TICKET_KEY_NAME_LEN /* key_name */
+ + AES_BLOCK_SIZE /* iv */
+ + 2 /* length field for NewSessionTicket.ticket.encrypted_state */
+ + ciphertext_length /* encrypted_state */
+ + TLS_EX_SESS_TICKET_MAC_LENGTH; /* mac */
if (SECITEM_AllocItem(NULL, &plaintext_item, ciphertext_length) == NULL)
- goto loser;
+ goto loser;
plaintext = plaintext_item;
/* ticket_version */
rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION,
- sizeof(PRUint16));
+ sizeof(PRUint16));
if (rv != SECSuccess) goto loser;
/* ssl_version */
rv = ssl3_AppendNumberToItem(&plaintext, ss->version,
- sizeof(SSL3ProtocolVersion));
+ sizeof(SSL3ProtocolVersion));
if (rv != SECSuccess) goto loser;
/* ciphersuite */
- rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite,
- sizeof(ssl3CipherSuite));
+ rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite,
+ sizeof(ssl3CipherSuite));
if (rv != SECSuccess) goto loser;
-
+
/* compression */
rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.compression, 1);
if (rv != SECSuccess) goto loser;
@@ -1274,24 +1285,24 @@
/* client_identity */
if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
- rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
- if (rv != SECSuccess) goto loser;
- rv = ssl3_AppendNumberToItem(&plaintext,
- ss->sec.ci.sid->peerCert->derCert.len, 3);
- if (rv != SECSuccess) goto loser;
- rv = ssl3_AppendToItem(&plaintext,
- ss->sec.ci.sid->peerCert->derCert.data,
- ss->sec.ci.sid->peerCert->derCert.len);
- if (rv != SECSuccess) goto loser;
+ rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
+ if (rv != SECSuccess) goto loser;
+ rv = ssl3_AppendNumberToItem(&plaintext,
+ ss->sec.ci.sid->peerCert->derCert.len, 3);
+ if (rv != SECSuccess) goto loser;
+ rv = ssl3_AppendToItem(&plaintext,
+ ss->sec.ci.sid->peerCert->derCert.data,
+ ss->sec.ci.sid->peerCert->derCert.len);
+ if (rv != SECSuccess) goto loser;
} else {
- rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
- if (rv != SECSuccess) goto loser;
+ rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
+ if (rv != SECSuccess) goto loser;
}
/* timestamp */
now = ssl_Time();
rv = ssl3_AppendNumberToItem(&plaintext, now,
- sizeof(ticket.ticket_lifetime_hint));
+ sizeof(ticket.ticket_lifetime_hint));
if (rv != SECSuccess) goto loser;
if (srvNameLen) {
@@ -1312,39 +1323,39 @@
PORT_Assert(plaintext.len == padding_length);
for (i = 0; i < padding_length; i++)
- plaintext.data[i] = (unsigned char)padding_length;
+ plaintext.data[i] = (unsigned char)padding_length;
if (SECITEM_AllocItem(NULL, &ciphertext, ciphertext_length) == NULL) {
- rv = SECFailure;
- goto loser;
+ rv = SECFailure;
+ goto loser;
}
/* Generate encrypted portion of ticket. */
#ifndef NO_PKCS11_BYPASS
if (ss->opt.bypassPKCS11) {
- aes_ctx = (AESContext *)aes_ctx_buf;
- rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv,
- NSS_AES_CBC, 1, AES_BLOCK_SIZE);
- if (rv != SECSuccess) goto loser;
+ aes_ctx = (AESContext *)aes_ctx_buf;
+ rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv,
+ NSS_AES_CBC, 1, AES_BLOCK_SIZE);
+ if (rv != SECSuccess) goto loser;
- rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len,
- ciphertext.len, plaintext_item.data,
- plaintext_item.len);
- if (rv != SECSuccess) goto loser;
- } else
+ rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len,
+ ciphertext.len, plaintext_item.data,
+ plaintext_item.len);
+ if (rv != SECSuccess) goto loser;
+ } else
#endif
{
- aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
- CKA_ENCRYPT, aes_key_pkcs11, &ivItem);
- if (!aes_ctx_pkcs11)
- goto loser;
+ aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
+ CKA_ENCRYPT, aes_key_pkcs11, &ivItem);
+ if (!aes_ctx_pkcs11)
+ goto loser;
- rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data,
- (int *)&ciphertext.len, ciphertext.len,
- plaintext_item.data, plaintext_item.len);
- PK11_Finalize(aes_ctx_pkcs11);
- PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
- if (rv != SECSuccess) goto loser;
+ rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data,
+ (int *)&ciphertext.len, ciphertext.len,
+ plaintext_item.data, plaintext_item.len);
+ PK11_Finalize(aes_ctx_pkcs11);
+ PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
+ if (rv != SECSuccess) goto loser;
}
/* Convert ciphertext length to network order. */
@@ -1354,40 +1365,40 @@
/* Compute MAC. */
#ifndef NO_PKCS11_BYPASS
if (ss->opt.bypassPKCS11) {
- hmac_ctx = (HMACContext *)hmac_ctx_buf;
- hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
- if (HMAC_Init(hmac_ctx, hashObj, mac_key,
- mac_key_length, PR_FALSE) != SECSuccess)
- goto loser;
+ hmac_ctx = (HMACContext *)hmac_ctx_buf;
+ hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
+ if (HMAC_Init(hmac_ctx, hashObj, mac_key,
+ mac_key_length, PR_FALSE) != SECSuccess)
+ goto loser;
- HMAC_Begin(hmac_ctx);
- HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN);
- HMAC_Update(hmac_ctx, iv, sizeof(iv));
- HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2);
- HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
- HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
- sizeof(computed_mac));
- } else
+ HMAC_Begin(hmac_ctx);
+ HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN);
+ HMAC_Update(hmac_ctx, iv, sizeof(iv));
+ HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2);
+ HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
+ HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
+ sizeof(computed_mac));
+ } else
#endif
{
- SECItem macParam;
- macParam.data = NULL;
- macParam.len = 0;
- hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
- CKA_SIGN, mac_key_pkcs11, &macParam);
- if (!hmac_ctx_pkcs11)
- goto loser;
+ SECItem macParam;
+ macParam.data = NULL;
+ macParam.len = 0;
+ hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
+ CKA_SIGN, mac_key_pkcs11, &macParam);
+ if (!hmac_ctx_pkcs11)
+ goto loser;
- rv = PK11_DigestBegin(hmac_ctx_pkcs11);
- rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name,
- SESS_TICKET_KEY_NAME_LEN);
- rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv));
- rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2);
- rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len);
- rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
- &computed_mac_length, sizeof(computed_mac));
- PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
- if (rv != SECSuccess) goto loser;
+ rv = PK11_DigestBegin(hmac_ctx_pkcs11);
+ rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name,
+ SESS_TICKET_KEY_NAME_LEN);
+ rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv));
+ rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2);
+ rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len);
+ rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
+ &computed_mac_length, sizeof(computed_mac));
+ PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
+ if (rv != SECSuccess) goto loser;
}
/* Serialize the handshake message. */
@@ -1395,11 +1406,11 @@
if (rv != SECSuccess) goto loser;
rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_lifetime_hint,
- sizeof(ticket.ticket_lifetime_hint));
+ sizeof(ticket.ticket_lifetime_hint));
if (rv != SECSuccess) goto loser;
rv = ssl3_AppendHandshakeNumber(ss,
- message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2);
+ message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2);
if (rv != SECSuccess) goto loser;
rv = ssl3_AppendHandshake(ss, key_name, SESS_TICKET_KEY_NAME_LEN);
@@ -1416,9 +1427,9 @@
loser:
if (plaintext_item.data)
- SECITEM_FreeItem(&plaintext_item, PR_FALSE);
+ SECITEM_FreeItem(&plaintext_item, PR_FALSE);
if (ciphertext.data)
- SECITEM_FreeItem(&ciphertext, PR_FALSE);
+ SECITEM_FreeItem(&ciphertext, PR_FALSE);
return rv;
}
@@ -1430,8 +1441,9 @@
ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data)
{
- if (data->len != 0)
- return SECFailure;
+ if (data->len != 0) {
+ return SECSuccess; /* Ignore the extension. */
+ }
/* Keep track of negotiated extensions. */
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -1450,7 +1462,7 @@
/* Ignore the SessionTicket extension if processing is disabled. */
if (!ss->opt.enableSessionTickets)
- return SECSuccess;
+ return SECSuccess;
/* Keep track of negotiated extensions. */
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -1460,302 +1472,302 @@
* instead of terminating the current connection.
*/
if (data->len == 0) {
- ss->xtnData.emptySessionTicket = PR_TRUE;
+ ss->xtnData.emptySessionTicket = PR_TRUE;
} else {
- int i;
- SECItem extension_data;
- EncryptedSessionTicket enc_session_ticket;
- unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
- unsigned int computed_mac_length;
+ int i;
+ SECItem extension_data;
+ EncryptedSessionTicket enc_session_ticket;
+ unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
+ unsigned int computed_mac_length;
#ifndef NO_PKCS11_BYPASS
- const SECHashObject *hashObj;
- const unsigned char *aes_key;
- const unsigned char *mac_key;
- PRUint32 aes_key_length;
- PRUint32 mac_key_length;
- PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
- HMACContext *hmac_ctx;
- PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
- AESContext *aes_ctx;
+ const SECHashObject *hashObj;
+ const unsigned char *aes_key;
+ const unsigned char *mac_key;
+ PRUint32 aes_key_length;
+ PRUint32 mac_key_length;
+ PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
+ HMACContext *hmac_ctx;
+ PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
+ AESContext *aes_ctx;
#endif
- PK11SymKey *aes_key_pkcs11;
- PK11SymKey *mac_key_pkcs11;
- PK11Context *hmac_ctx_pkcs11;
- CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC;
- PK11Context *aes_ctx_pkcs11;
- CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
- unsigned char * padding;
- PRUint32 padding_length;
- unsigned char *buffer;
- unsigned int buffer_len;
- PRInt32 temp;
- SECItem cert_item;
+ PK11SymKey *aes_key_pkcs11;
+ PK11SymKey *mac_key_pkcs11;
+ PK11Context *hmac_ctx_pkcs11;
+ CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC;
+ PK11Context *aes_ctx_pkcs11;
+ CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
+ unsigned char * padding;
+ PRUint32 padding_length;
+ unsigned char *buffer;
+ unsigned int buffer_len;
+ PRInt32 temp;
+ SECItem cert_item;
PRInt8 nameType = TLS_STE_NO_SERVER_NAME;
- /* Turn off stateless session resumption if the client sends a
- * SessionTicket extension, even if the extension turns out to be
- * malformed (ss->sec.ci.sid is non-NULL when doing session
- * renegotiation.)
- */
- if (ss->sec.ci.sid != NULL) {
- if (ss->sec.uncache)
- ss->sec.uncache(ss->sec.ci.sid);
- ssl_FreeSID(ss->sec.ci.sid);
- ss->sec.ci.sid = NULL;
- }
+ /* Turn off stateless session resumption if the client sends a
+ * SessionTicket extension, even if the extension turns out to be
+ * malformed (ss->sec.ci.sid is non-NULL when doing session
+ * renegotiation.)
+ */
+ if (ss->sec.ci.sid != NULL) {
+ if (ss->sec.uncache)
+ ss->sec.uncache(ss->sec.ci.sid);
+ ssl_FreeSID(ss->sec.ci.sid);
+ ss->sec.ci.sid = NULL;
+ }
- extension_data.data = data->data; /* Keep a copy for future use. */
- extension_data.len = data->len;
+ extension_data.data = data->data; /* Keep a copy for future use. */
+ extension_data.len = data->len;
- if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket)
- != SECSuccess)
- return SECFailure;
+ if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket)
+ != SECSuccess)
+ return SECFailure;
- /* Get session ticket keys. */
+ /* Get session ticket keys. */
#ifndef NO_PKCS11_BYPASS
- if (ss->opt.bypassPKCS11) {
- rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
- &mac_key, &mac_key_length);
- } else
+ if (ss->opt.bypassPKCS11) {
+ rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
+ &mac_key, &mac_key_length);
+ } else
#endif
- {
- rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
- &mac_key_pkcs11);
- }
- if (rv != SECSuccess) {
- SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.",
- SSL_GETPID(), ss->fd));
- goto loser;
- }
+ {
+ rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
+ &mac_key_pkcs11);
+ }
+ if (rv != SECSuccess) {
+ SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.",
+ SSL_GETPID(), ss->fd));
+ goto loser;
+ }
- /* If the ticket sent by the client was generated under a key different
- * from the one we have, bypass ticket processing.
- */
- if (PORT_Memcmp(enc_session_ticket.key_name, key_name,
- SESS_TICKET_KEY_NAME_LEN) != 0) {
- SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.",
- SSL_GETPID(), ss->fd));
- goto no_ticket;
- }
+ /* If the ticket sent by the client was generated under a key different
+ * from the one we have, bypass ticket processing.
+ */
+ if (PORT_Memcmp(enc_session_ticket.key_name, key_name,
+ SESS_TICKET_KEY_NAME_LEN) != 0) {
+ SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.",
+ SSL_GETPID(), ss->fd));
+ goto no_ticket;
+ }
- /* Verify the MAC on the ticket. MAC verification may also
- * fail if the MAC key has been recently refreshed.
- */
+ /* Verify the MAC on the ticket. MAC verification may also
+ * fail if the MAC key has been recently refreshed.
+ */
#ifndef NO_PKCS11_BYPASS
- if (ss->opt.bypassPKCS11) {
- hmac_ctx = (HMACContext *)hmac_ctx_buf;
- hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
- if (HMAC_Init(hmac_ctx, hashObj, mac_key,
- sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess)
- goto no_ticket;
- HMAC_Begin(hmac_ctx);
- HMAC_Update(hmac_ctx, extension_data.data,
- extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
- if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
- sizeof(computed_mac)) != SECSuccess)
- goto no_ticket;
- } else
+ if (ss->opt.bypassPKCS11) {
+ hmac_ctx = (HMACContext *)hmac_ctx_buf;
+ hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
+ if (HMAC_Init(hmac_ctx, hashObj, mac_key,
+ sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess)
+ goto no_ticket;
+ HMAC_Begin(hmac_ctx);
+ HMAC_Update(hmac_ctx, extension_data.data,
+ extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
+ if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
+ sizeof(computed_mac)) != SECSuccess)
+ goto no_ticket;
+ } else
#endif
- {
- SECItem macParam;
- macParam.data = NULL;
- macParam.len = 0;
- hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
- CKA_SIGN, mac_key_pkcs11, &macParam);
- if (!hmac_ctx_pkcs11) {
- SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
- SSL_GETPID(), ss->fd, PORT_GetError()));
- goto no_ticket;
- } else {
- SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
- SSL_GETPID(), ss->fd));
- }
- rv = PK11_DigestBegin(hmac_ctx_pkcs11);
- rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data,
- extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
- if (rv != SECSuccess) {
- PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
- goto no_ticket;
- }
- rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
- &computed_mac_length, sizeof(computed_mac));
- PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
- if (rv != SECSuccess)
- goto no_ticket;
- }
- if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac,
- computed_mac_length) != 0) {
- SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.",
- SSL_GETPID(), ss->fd));
- goto no_ticket;
- }
+ {
+ SECItem macParam;
+ macParam.data = NULL;
+ macParam.len = 0;
+ hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
+ CKA_SIGN, mac_key_pkcs11, &macParam);
+ if (!hmac_ctx_pkcs11) {
+ SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
+ SSL_GETPID(), ss->fd, PORT_GetError()));
+ goto no_ticket;
+ } else {
+ SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
+ SSL_GETPID(), ss->fd));
+ }
+ rv = PK11_DigestBegin(hmac_ctx_pkcs11);
+ rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data,
+ extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
+ if (rv != SECSuccess) {
+ PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
+ goto no_ticket;
+ }
+ rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
+ &computed_mac_length, sizeof(computed_mac));
+ PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
+ if (rv != SECSuccess)
+ goto no_ticket;
+ }
+ if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac,
+ computed_mac_length) != 0) {
+ SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.",
+ SSL_GETPID(), ss->fd));
+ goto no_ticket;
+ }
- /* We ignore key_name for now.
- * This is ok as MAC verification succeeded.
- */
+ /* We ignore key_name for now.
+ * This is ok as MAC verification succeeded.
+ */
- /* Decrypt the ticket. */
+ /* Decrypt the ticket. */
- /* Plaintext is shorter than the ciphertext due to padding. */
- decrypted_state = SECITEM_AllocItem(NULL, NULL,
- enc_session_ticket.encrypted_state.len);
+ /* Plaintext is shorter than the ciphertext due to padding. */
+ decrypted_state = SECITEM_AllocItem(NULL, NULL,
+ enc_session_ticket.encrypted_state.len);
#ifndef NO_PKCS11_BYPASS
- if (ss->opt.bypassPKCS11) {
- aes_ctx = (AESContext *)aes_ctx_buf;
- rv = AES_InitContext(aes_ctx, aes_key,
- sizeof(session_ticket_enc_key), enc_session_ticket.iv,
- NSS_AES_CBC, 0,AES_BLOCK_SIZE);
- if (rv != SECSuccess) {
- SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
- SSL_GETPID(), ss->fd));
- goto no_ticket;
- }
+ if (ss->opt.bypassPKCS11) {
+ aes_ctx = (AESContext *)aes_ctx_buf;
+ rv = AES_InitContext(aes_ctx, aes_key,
+ sizeof(session_ticket_enc_key), enc_session_ticket.iv,
+ NSS_AES_CBC, 0,AES_BLOCK_SIZE);
+ if (rv != SECSuccess) {
+ SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
+ SSL_GETPID(), ss->fd));
+ goto no_ticket;
+ }
- rv = AES_Decrypt(aes_ctx, decrypted_state->data,
- &decrypted_state->len, decrypted_state->len,
- enc_session_ticket.encrypted_state.data,
- enc_session_ticket.encrypted_state.len);
- if (rv != SECSuccess)
- goto no_ticket;
- } else
+ rv = AES_Decrypt(aes_ctx, decrypted_state->data,
+ &decrypted_state->len, decrypted_state->len,
+ enc_session_ticket.encrypted_state.data,
+ enc_session_ticket.encrypted_state.len);
+ if (rv != SECSuccess)
+ goto no_ticket;
+ } else
#endif
- {
- SECItem ivItem;
- ivItem.data = enc_session_ticket.iv;
- ivItem.len = AES_BLOCK_SIZE;
- aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
- CKA_DECRYPT, aes_key_pkcs11, &ivItem);
- if (!aes_ctx_pkcs11) {
- SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
- SSL_GETPID(), ss->fd));
- goto no_ticket;
- }
+ {
+ SECItem ivItem;
+ ivItem.data = enc_session_ticket.iv;
+ ivItem.len = AES_BLOCK_SIZE;
+ aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
+ CKA_DECRYPT, aes_key_pkcs11, &ivItem);
+ if (!aes_ctx_pkcs11) {
+ SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
+ SSL_GETPID(), ss->fd));
+ goto no_ticket;
+ }
- rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data,
- (int *)&decrypted_state->len, decrypted_state->len,
- enc_session_ticket.encrypted_state.data,
- enc_session_ticket.encrypted_state.len);
- PK11_Finalize(aes_ctx_pkcs11);
- PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
- if (rv != SECSuccess)
- goto no_ticket;
- }
+ rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data,
+ (int *)&decrypted_state->len, decrypted_state->len,
+ enc_session_ticket.encrypted_state.data,
+ enc_session_ticket.encrypted_state.len);
+ PK11_Finalize(aes_ctx_pkcs11);
+ PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
+ if (rv != SECSuccess)
+ goto no_ticket;
+ }
- /* Check padding. */
- padding_length =
- (PRUint32)decrypted_state->data[decrypted_state->len - 1];
- if (padding_length == 0 || padding_length > AES_BLOCK_SIZE)
- goto no_ticket;
+ /* Check padding. */
+ padding_length =
+ (PRUint32)decrypted_state->data[decrypted_state->len - 1];
+ if (padding_length == 0 || padding_length > AES_BLOCK_SIZE)
+ goto no_ticket;
- padding = &decrypted_state->data[decrypted_state->len - padding_length];
- for (i = 0; i < padding_length; i++, padding++) {
- if (padding_length != (PRUint32)*padding)
- goto no_ticket;
- }
+ padding = &decrypted_state->data[decrypted_state->len - padding_length];
+ for (i = 0; i < padding_length; i++, padding++) {
+ if (padding_length != (PRUint32)*padding)
+ goto no_ticket;
+ }
- /* Deserialize session state. */
- buffer = decrypted_state->data;
- buffer_len = decrypted_state->len;
+ /* Deserialize session state. */
+ buffer = decrypted_state->data;
+ buffer_len = decrypted_state->len;
- parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket));
- if (parsed_session_ticket == NULL) {
- rv = SECFailure;
- goto loser;
- }
+ parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket));
+ if (parsed_session_ticket == NULL) {
+ rv = SECFailure;
+ goto loser;
+ }
- /* Read ticket_version (which is ignored for now.) */
- temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
+ /* Read ticket_version (which is ignored for now.) */
+ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
- /* Read SSLVersion. */
- temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp;
+ /* Read SSLVersion. */
+ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp;
- /* Read cipher_suite. */
- temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp;
+ /* Read cipher_suite. */
+ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp;
- /* Read compression_method. */
- temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->compression_method = (SSLCompressionMethod)temp;
+ /* Read compression_method. */
+ temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->compression_method = (SSLCompressionMethod)temp;
- /* Read cipher spec parameters. */
- temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->authAlgorithm = (SSLSignType)temp;
- temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->authKeyBits = (PRUint32)temp;
- temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->keaType = (SSLKEAType)temp;
- temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->keaKeyBits = (PRUint32)temp;
+ /* Read cipher spec parameters. */
+ temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->authAlgorithm = (SSLSignType)temp;
+ temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->authKeyBits = (PRUint32)temp;
+ temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->keaType = (SSLKEAType)temp;
+ temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->keaKeyBits = (PRUint32)temp;
- /* Read wrapped master_secret. */
- temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->ms_is_wrapped = (PRBool)temp;
+ /* Read wrapped master_secret. */
+ temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->ms_is_wrapped = (PRBool)temp;
- temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->exchKeyType = (SSL3KEAType)temp;
+ temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->exchKeyType = (SSL3KEAType)temp;
- temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp;
+ temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp;
- temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
- parsed_session_ticket->ms_length = (PRUint16)temp;
- if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */
- parsed_session_ticket->ms_length >
- sizeof(parsed_session_ticket->master_secret))
- goto no_ticket;
-
- /* Allow for the wrapped master secret to be longer. */
- if (buffer_len < parsed_session_ticket->ms_length)
- goto no_ticket;
- PORT_Memcpy(parsed_session_ticket->master_secret, buffer,
- parsed_session_ticket->ms_length);
- buffer += parsed_session_ticket->ms_length;
- buffer_len -= parsed_session_ticket->ms_length;
+ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+ if (temp < 0) goto no_ticket;
+ parsed_session_ticket->ms_length = (PRUint16)temp;
+ if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */
+ parsed_session_ticket->ms_length >
+ sizeof(parsed_session_ticket->master_secret))
+ goto no_ticket;
- /* Read client_identity */
- temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
- if (temp < 0)
- goto no_ticket;
- parsed_session_ticket->client_identity.client_auth_type =
- (ClientAuthenticationType)temp;
- switch(parsed_session_ticket->client_identity.client_auth_type) {
+ /* Allow for the wrapped master secret to be longer. */
+ if (buffer_len < parsed_session_ticket->ms_length)
+ goto no_ticket;
+ PORT_Memcpy(parsed_session_ticket->master_secret, buffer,
+ parsed_session_ticket->ms_length);
+ buffer += parsed_session_ticket->ms_length;
+ buffer_len -= parsed_session_ticket->ms_length;
+
+ /* Read client_identity */
+ temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+ if (temp < 0)
+ goto no_ticket;
+ parsed_session_ticket->client_identity.client_auth_type =
+ (ClientAuthenticationType)temp;
+ switch(parsed_session_ticket->client_identity.client_auth_type) {
case CLIENT_AUTH_ANONYMOUS:
- break;
+ break;
case CLIENT_AUTH_CERTIFICATE:
- rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3,
- &buffer, &buffer_len);
- if (rv != SECSuccess) goto no_ticket;
- rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert,
- &cert_item);
- if (rv != SECSuccess) goto no_ticket;
- break;
+ rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3,
+ &buffer, &buffer_len);
+ if (rv != SECSuccess) goto no_ticket;
+ rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert,
+ &cert_item);
+ if (rv != SECSuccess) goto no_ticket;
+ break;
default:
- goto no_ticket;
- }
- /* Read timestamp. */
- temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
- if (temp < 0)
- goto no_ticket;
- parsed_session_ticket->timestamp = (PRUint32)temp;
+ goto no_ticket;
+ }
+ /* Read timestamp. */
+ temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
+ if (temp < 0)
+ goto no_ticket;
+ parsed_session_ticket->timestamp = (PRUint32)temp;
/* Read server name */
nameType =
- ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+ ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
if (nameType != TLS_STE_NO_SERVER_NAME) {
SECItem name_item;
rv = ssl3_ConsumeHandshakeVariable(ss, &name_item, 2, &buffer,
@@ -1767,99 +1779,99 @@
parsed_session_ticket->srvName.type = nameType;
}
- /* Done parsing. Check that all bytes have been consumed. */
- if (buffer_len != padding_length)
- goto no_ticket;
+ /* Done parsing. Check that all bytes have been consumed. */
+ if (buffer_len != padding_length)
+ goto no_ticket;
- /* Use the ticket if it has not expired, otherwise free the allocated
- * memory since the ticket is of no use.
- */
- if (parsed_session_ticket->timestamp != 0 &&
- parsed_session_ticket->timestamp +
- TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) {
+ /* Use the ticket if it has not expired, otherwise free the allocated
+ * memory since the ticket is of no use.
+ */
+ if (parsed_session_ticket->timestamp != 0 &&
+ parsed_session_ticket->timestamp +
+ TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) {
- sid = ssl3_NewSessionID(ss, PR_TRUE);
- if (sid == NULL) {
- rv = SECFailure;
- goto loser;
- }
+ sid = ssl3_NewSessionID(ss, PR_TRUE);
+ if (sid == NULL) {
+ rv = SECFailure;
+ goto loser;
+ }
- /* Copy over parameters. */
- sid->version = parsed_session_ticket->ssl_version;
- sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite;
- sid->u.ssl3.compression = parsed_session_ticket->compression_method;
- sid->authAlgorithm = parsed_session_ticket->authAlgorithm;
- sid->authKeyBits = parsed_session_ticket->authKeyBits;
- sid->keaType = parsed_session_ticket->keaType;
- sid->keaKeyBits = parsed_session_ticket->keaKeyBits;
+ /* Copy over parameters. */
+ sid->version = parsed_session_ticket->ssl_version;
+ sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite;
+ sid->u.ssl3.compression = parsed_session_ticket->compression_method;
+ sid->authAlgorithm = parsed_session_ticket->authAlgorithm;
+ sid->authKeyBits = parsed_session_ticket->authKeyBits;
+ sid->keaType = parsed_session_ticket->keaType;
+ sid->keaKeyBits = parsed_session_ticket->keaKeyBits;
- /* Copy master secret. */
+ /* Copy master secret. */
#ifndef NO_PKCS11_BYPASS
- if (ss->opt.bypassPKCS11 &&
- parsed_session_ticket->ms_is_wrapped)
- goto no_ticket;
+ if (ss->opt.bypassPKCS11 &&
+ parsed_session_ticket->ms_is_wrapped)
+ goto no_ticket;
#endif
- if (parsed_session_ticket->ms_length >
- sizeof(sid->u.ssl3.keys.wrapped_master_secret))
- goto no_ticket;
- PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret,
- parsed_session_ticket->master_secret,
- parsed_session_ticket->ms_length);
- sid->u.ssl3.keys.wrapped_master_secret_len =
- parsed_session_ticket->ms_length;
- sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType;
- sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech;
- sid->u.ssl3.keys.msIsWrapped =
- parsed_session_ticket->ms_is_wrapped;
- sid->u.ssl3.masterValid = PR_TRUE;
- sid->u.ssl3.keys.resumable = PR_TRUE;
+ if (parsed_session_ticket->ms_length >
+ sizeof(sid->u.ssl3.keys.wrapped_master_secret))
+ goto no_ticket;
+ PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret,
+ parsed_session_ticket->master_secret,
+ parsed_session_ticket->ms_length);
+ sid->u.ssl3.keys.wrapped_master_secret_len =
+ parsed_session_ticket->ms_length;
+ sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType;
+ sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech;
+ sid->u.ssl3.keys.msIsWrapped =
+ parsed_session_ticket->ms_is_wrapped;
+ sid->u.ssl3.masterValid = PR_TRUE;
+ sid->u.ssl3.keys.resumable = PR_TRUE;
- /* Copy over client cert from session ticket if there is one. */
- if (parsed_session_ticket->peer_cert.data != NULL) {
- if (sid->peerCert != NULL)
- CERT_DestroyCertificate(sid->peerCert);
- sid->peerCert = CERT_NewTempCertificate(ss->dbHandle,
- &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE);
- if (sid->peerCert == NULL) {
- rv = SECFailure;
- goto loser;
- }
- }
- if (parsed_session_ticket->srvName.data != NULL) {
+ /* Copy over client cert from session ticket if there is one. */
+ if (parsed_session_ticket->peer_cert.data != NULL) {
+ if (sid->peerCert != NULL)
+ CERT_DestroyCertificate(sid->peerCert);
+ sid->peerCert = CERT_NewTempCertificate(ss->dbHandle,
+ &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE);
+ if (sid->peerCert == NULL) {
+ rv = SECFailure;
+ goto loser;
+ }
+ }
+ if (parsed_session_ticket->srvName.data != NULL) {
sid->u.ssl3.srvName = parsed_session_ticket->srvName;
}
- ss->statelessResume = PR_TRUE;
- ss->sec.ci.sid = sid;
- }
+ ss->statelessResume = PR_TRUE;
+ ss->sec.ci.sid = sid;
+ }
}
if (0) {
no_ticket:
- SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.",
- SSL_GETPID(), ss->fd));
- ssl3stats = SSL_GetStatistics();
- SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures );
+ SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.",
+ SSL_GETPID(), ss->fd));
+ ssl3stats = SSL_GetStatistics();
+ SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures );
}
rv = SECSuccess;
loser:
- /* ss->sec.ci.sid == sid if it did NOT come here via goto statement
- * in that case do not free sid
- */
- if (sid && (ss->sec.ci.sid != sid)) {
- ssl_FreeSID(sid);
- sid = NULL;
- }
+ /* ss->sec.ci.sid == sid if it did NOT come here via goto statement
+ * in that case do not free sid
+ */
+ if (sid && (ss->sec.ci.sid != sid)) {
+ ssl_FreeSID(sid);
+ sid = NULL;
+ }
if (decrypted_state != NULL) {
- SECITEM_FreeItem(decrypted_state, PR_TRUE);
- decrypted_state = NULL;
+ SECITEM_FreeItem(decrypted_state, PR_TRUE);
+ decrypted_state = NULL;
}
if (parsed_session_ticket != NULL) {
- if (parsed_session_ticket->peer_cert.data) {
- SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE);
- }
- PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket));
+ if (parsed_session_ticket->peer_cert.data) {
+ SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE);
+ }
+ PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket));
}
return rv;
@@ -1870,11 +1882,11 @@
* cannot be freed. The caller is expected to call this function
* on a shallow copy of the structure.
*/
-static SECStatus
+static SECStatus
ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes)
{
if (bytes > item->len)
- return SECFailure;
+ return SECFailure;
*buf = item->data;
item->data += bytes;
@@ -1887,30 +1899,30 @@
EncryptedSessionTicket *enc_session_ticket)
{
if (ssl3_ConsumeFromItem(data, &enc_session_ticket->key_name,
- SESS_TICKET_KEY_NAME_LEN) != SECSuccess)
- return SECFailure;
+ SESS_TICKET_KEY_NAME_LEN) != SECSuccess)
+ return SECFailure;
if (ssl3_ConsumeFromItem(data, &enc_session_ticket->iv,
- AES_BLOCK_SIZE) != SECSuccess)
- return SECFailure;
+ AES_BLOCK_SIZE) != SECSuccess)
+ return SECFailure;
if (ssl3_ConsumeHandshakeVariable(ss, &enc_session_ticket->encrypted_state,
- 2, &data->data, &data->len) != SECSuccess)
- return SECFailure;
+ 2, &data->data, &data->len) != SECSuccess)
+ return SECFailure;
if (ssl3_ConsumeFromItem(data, &enc_session_ticket->mac,
- TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess)
- return SECFailure;
+ TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess)
+ return SECFailure;
if (data->len != 0) /* Make sure that we have consumed all bytes. */
- return SECFailure;
+ return SECFailure;
return SECSuccess;
}
/* go through hello extensions in buffer "b".
- * For each one, find the extension handler in the table, and
- * if present, invoke that handler.
+ * For each one, find the extension handler in the table, and
+ * if present, invoke that handler.
* Servers ignore any extensions with unknown extension types.
* Clients reject any extensions with unadvertised extension types.
*/
-SECStatus
+SECStatus
ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length)
{
const ssl3HelloExtensionHandler * handlers;
@@ -1924,68 +1936,68 @@
}
while (*length) {
- const ssl3HelloExtensionHandler * handler;
- SECStatus rv;
- PRInt32 extension_type;
- SECItem extension_data;
+ const ssl3HelloExtensionHandler * handler;
+ SECStatus rv;
+ PRInt32 extension_type;
+ SECItem extension_data;
- /* Get the extension's type field */
- extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
- if (extension_type < 0) /* failure to decode extension_type */
- return SECFailure; /* alert already sent */
+ /* Get the extension's type field */
+ extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
+ if (extension_type < 0) /* failure to decode extension_type */
+ return SECFailure; /* alert already sent */
- /* get the data for this extension, so we can pass it or skip it. */
- rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
- if (rv != SECSuccess)
- return rv;
+ /* get the data for this extension, so we can pass it or skip it. */
+ rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
+ if (rv != SECSuccess)
+ return rv;
- /* Check whether the server sent an extension which was not advertised
- * in the ClientHello.
- */
- if (!ss->sec.isServer &&
- !ssl3_ClientExtensionAdvertised(ss, extension_type))
- return SECFailure; /* TODO: send unsupported_extension alert */
+ /* Check whether the server sent an extension which was not advertised
+ * in the ClientHello.
+ */
+ if (!ss->sec.isServer &&
+ !ssl3_ClientExtensionAdvertised(ss, extension_type))
+ return SECFailure; /* TODO: send unsupported_extension alert */
- /* Check whether an extension has been sent multiple times. */
- if (ssl3_ExtensionNegotiated(ss, extension_type))
- return SECFailure;
+ /* Check whether an extension has been sent multiple times. */
+ if (ssl3_ExtensionNegotiated(ss, extension_type))
+ return SECFailure;
- /* find extension_type in table of Hello Extension Handlers */
- for (handler = handlers; handler->ex_type >= 0; handler++) {
- /* if found, call this handler */
- if (handler->ex_type == extension_type) {
- rv = (*handler->ex_handler)(ss, (PRUint16)extension_type,
- &extension_data);
- /* Ignore this result */
- /* Treat all bad extensions as unrecognized types. */
- break;
- }
- }
+ /* find extension_type in table of Hello Extension Handlers */
+ for (handler = handlers; handler->ex_type >= 0; handler++) {
+ /* if found, call this handler */
+ if (handler->ex_type == extension_type) {
+ rv = (*handler->ex_handler)(ss, (PRUint16)extension_type,
+ &extension_data);
+ /* Ignore this result */
+ /* Treat all bad extensions as unrecognized types. */
+ break;
+ }
+ }
}
return SECSuccess;
}
/* Add a callback function to the table of senders of server hello extensions.
*/
-SECStatus
+SECStatus
ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
- ssl3HelloExtensionSenderFunc cb)
+ ssl3HelloExtensionSenderFunc cb)
{
int i;
ssl3HelloExtensionSender *sender = &ss->xtnData.serverSenders[0];
for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
if (!sender->ex_sender) {
- sender->ex_type = ex_type;
- sender->ex_sender = cb;
- return SECSuccess;
- }
- /* detect duplicate senders */
- PORT_Assert(sender->ex_type != ex_type);
- if (sender->ex_type == ex_type) {
- /* duplicate */
- break;
- }
+ sender->ex_type = ex_type;
+ sender->ex_sender = cb;
+ return SECSuccess;
+ }
+ /* detect duplicate senders */
+ PORT_Assert(sender->ex_type != ex_type);
+ if (sender->ex_type == ex_type) {
+ /* duplicate */
+ break;
+ }
}
PORT_Assert(i < SSL_MAX_EXTENSIONS); /* table needs to grow */
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -2001,18 +2013,18 @@
int i;
if (!sender) {
- sender = ss->version > SSL_LIBRARY_VERSION_3_0 ?
+ sender = ss->version > SSL_LIBRARY_VERSION_3_0 ?
&clientHelloSendersTLS[0] : &clientHelloSendersSSL3[0];
}
for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
- if (sender->ex_sender) {
- PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes);
- if (extLen < 0)
- return -1;
- maxBytes -= extLen;
- total_exten_len += extLen;
- }
+ if (sender->ex_sender) {
+ PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes);
+ if (extLen < 0)
+ return -1;
+ maxBytes -= extLen;
+ total_exten_len += extLen;
+ }
}
return total_exten_len;
}
@@ -2025,48 +2037,48 @@
* Verify Data (TLS): 12 bytes (client) or 24 bytes (server)
* Verify Data (SSL): 36 bytes (client) or 72 bytes (server)
*/
-static PRInt32
+static PRInt32
ssl3_SendRenegotiationInfoXtn(
- sslSocket * ss,
- PRBool append,
- PRUint32 maxBytes)
+ sslSocket * ss,
+ PRBool append,
+ PRUint32 maxBytes)
{
PRInt32 len, needed;
/* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send
- * both the SCSV and the empty RI, so when we send SCSV in
+ * both the SCSV and the empty RI, so when we send SCSV in
* the initial handshake, we don't also send RI.
*/
if (!ss || ss->ssl3.hs.sendingSCSV)
- return 0;
- len = !ss->firstHsDone ? 0 :
- (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
- : ss->ssl3.hs.finishedBytes);
+ return 0;
+ len = !ss->firstHsDone ? 0 :
+ (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
+ : ss->ssl3.hs.finishedBytes);
needed = 5 + len;
if (append && maxBytes >= needed) {
- SECStatus rv;
- /* extension_type */
- rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
- if (rv != SECSuccess) return -1;
- /* length of extension_data */
- rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2);
- if (rv != SECSuccess) return -1;
- /* verify_Data from previous Finished message(s) */
- rv = ssl3_AppendHandshakeVariable(ss,
- ss->ssl3.hs.finishedMsgs.data, len, 1);
- if (rv != SECSuccess) return -1;
- if (!ss->sec.isServer) {
- TLSExtensionData *xtnData = &ss->xtnData;
- xtnData->advertised[xtnData->numAdvertised++] =
- ssl_renegotiation_info_xtn;
- }
+ SECStatus rv;
+ /* extension_type */
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
+ if (rv != SECSuccess) return -1;
+ /* length of extension_data */
+ rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2);
+ if (rv != SECSuccess) return -1;
+ /* verify_Data from previous Finished message(s) */
+ rv = ssl3_AppendHandshakeVariable(ss,
+ ss->ssl3.hs.finishedMsgs.data, len, 1);
+ if (rv != SECSuccess) return -1;
+ if (!ss->sec.isServer) {
+ TLSExtensionData *xtnData = &ss->xtnData;
+ xtnData->advertised[xtnData->numAdvertised++] =
+ ssl_renegotiation_info_xtn;
+ }
}
return needed;
}
static SECStatus
ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
- SECItem *data)
+ SECItem *data)
{
SECStatus rv = SECSuccess;
@@ -2075,7 +2087,7 @@
PORT_Assert(ss->sec.isServer);
/* prepare to send back the appropriate response */
rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
- ssl3_ServerSendStatusRequestXtn);
+ ssl3_ServerSendStatusRequestXtn);
return rv;
}
@@ -2087,25 +2099,25 @@
PRUint32 len = 0;
if (ss->firstHsDone) {
- len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
- : ss->ssl3.hs.finishedBytes * 2;
+ len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
+ : ss->ssl3.hs.finishedBytes * 2;
}
if (data->len != 1 + len ||
- data->data[0] != len || (len &&
- NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
- data->data + 1, len))) {
- /* Can we do this here? Or, must we arrange for the caller to do it? */
- (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
- PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
- return SECFailure;
+ data->data[0] != len || (len &&
+ NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
+ data->data + 1, len))) {
+ /* Can we do this here? Or, must we arrange for the caller to do it? */
+ (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+ PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+ return SECFailure;
}
/* remember that we got this extension and it was correct. */
ss->peerRequestedProtection = 1;
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
if (ss->sec.isServer) {
- /* prepare to send back the appropriate response */
- rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
- ssl3_SendRenegotiationInfoXtn);
+ /* prepare to send back the appropriate response */
+ rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
+ ssl3_SendRenegotiationInfoXtn);
}
return rv;
}
@@ -2118,60 +2130,60 @@
SECStatus rv;
if (!ss)
- return 0;
+ return 0;
if (!ss->sec.isServer) {
- /* Client side */
+ /* Client side */
- if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount)
- return 0; /* Not relevant */
+ if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount)
+ return 0; /* Not relevant */
- ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1;
+ ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1;
- if (append && maxBytes >= 4 + ext_data_len) {
- /* Extension type */
- rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
- if (rv != SECSuccess) return -1;
- /* Length of extension data */
- rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2);
- if (rv != SECSuccess) return -1;
- /* Length of the SRTP cipher list */
- rv = ssl3_AppendHandshakeNumber(ss,
- 2 * ss->ssl3.dtlsSRTPCipherCount,
- 2);
- if (rv != SECSuccess) return -1;
- /* The SRTP ciphers */
- for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
- rv = ssl3_AppendHandshakeNumber(ss,
- ss->ssl3.dtlsSRTPCiphers[i],
- 2);
- }
- /* Empty MKI value */
- ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+ if (append && maxBytes >= 4 + ext_data_len) {
+ /* Extension type */
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
+ if (rv != SECSuccess) return -1;
+ /* Length of extension data */
+ rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2);
+ if (rv != SECSuccess) return -1;
+ /* Length of the SRTP cipher list */
+ rv = ssl3_AppendHandshakeNumber(ss,
+ 2 * ss->ssl3.dtlsSRTPCipherCount,
+ 2);
+ if (rv != SECSuccess) return -1;
+ /* The SRTP ciphers */
+ for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
+ rv = ssl3_AppendHandshakeNumber(ss,
+ ss->ssl3.dtlsSRTPCiphers[i],
+ 2);
+ }
+ /* Empty MKI value */
+ ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
- ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
- ssl_use_srtp_xtn;
- }
+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+ ssl_use_srtp_xtn;
+ }
- return 4 + ext_data_len;
+ return 4 + ext_data_len;
}
/* Server side */
if (append && maxBytes >= 9) {
- /* Extension type */
- rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
- if (rv != SECSuccess) return -1;
- /* Length of extension data */
- rv = ssl3_AppendHandshakeNumber(ss, 5, 2);
- if (rv != SECSuccess) return -1;
- /* Length of the SRTP cipher list */
- rv = ssl3_AppendHandshakeNumber(ss, 2, 2);
- if (rv != SECSuccess) return -1;
- /* The selected cipher */
- rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2);
- if (rv != SECSuccess) return -1;
- /* Empty MKI value */
- ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+ /* Extension type */
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
+ if (rv != SECSuccess) return -1;
+ /* Length of extension data */
+ rv = ssl3_AppendHandshakeNumber(ss, 5, 2);
+ if (rv != SECSuccess) return -1;
+ /* Length of the SRTP cipher list */
+ rv = ssl3_AppendHandshakeNumber(ss, 2, 2);
+ if (rv != SECSuccess) return -1;
+ /* The selected cipher */
+ rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2);
+ if (rv != SECSuccess) return -1;
+ /* Empty MKI value */
+ ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
}
return 9;
@@ -2189,121 +2201,121 @@
SECItem litem;
if (!ss->sec.isServer) {
- /* Client side */
- if (!data->data || !data->len) {
+ /* Client side */
+ if (!data->data || !data->len) {
/* malformed */
return SECFailure;
- }
+ }
- /* Get the cipher list */
- rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
- &data->data, &data->len);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- /* Now check that the number of ciphers listed is 1 (len = 2) */
- if (ciphers.len != 2) {
- return SECFailure;
- }
+ /* Get the cipher list */
+ rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
+ &data->data, &data->len);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+ /* Now check that the number of ciphers listed is 1 (len = 2) */
+ if (ciphers.len != 2) {
+ return SECFailure;
+ }
- /* Get the selected cipher */
- cipher = (ciphers.data[0] << 8) | ciphers.data[1];
+ /* Get the selected cipher */
+ cipher = (ciphers.data[0] << 8) | ciphers.data[1];
- /* Now check that this is one of the ciphers we offered */
- for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
- if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
- found = PR_TRUE;
- break;
- }
- }
+ /* Now check that this is one of the ciphers we offered */
+ for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
+ if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
+ found = PR_TRUE;
+ break;
+ }
+ }
- if (!found) {
- return SECFailure;
- }
+ if (!found) {
+ return SECFailure;
+ }
- /* Get the srtp_mki value */
+ /* Get the srtp_mki value */
rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1,
- &data->data, &data->len);
+ &data->data, &data->len);
if (rv != SECSuccess) {
return SECFailure;
}
- /* We didn't offer an MKI, so this must be 0 length */
- /* XXX RFC 5764 Section 4.1.3 says:
- * If the client detects a nonzero-length MKI in the server's
- * response that is different than the one the client offered,
- * then the client MUST abort the handshake and SHOULD send an
- * invalid_parameter alert.
- *
- * Due to a limitation of the ssl3_HandleHelloExtensions function,
- * returning SECFailure here won't abort the handshake. It will
- * merely cause the use_srtp extension to be not negotiated. We
- * should fix this. See NSS bug 753136.
- */
- if (litem.len != 0) {
- return SECFailure;
- }
+ /* We didn't offer an MKI, so this must be 0 length */
+ /* XXX RFC 5764 Section 4.1.3 says:
+ * If the client detects a nonzero-length MKI in the server's
+ * response that is different than the one the client offered,
+ * then the client MUST abort the handshake and SHOULD send an
+ * invalid_parameter alert.
+ *
+ * Due to a limitation of the ssl3_HandleHelloExtensions function,
+ * returning SECFailure here won't abort the handshake. It will
+ * merely cause the use_srtp extension to be not negotiated. We
+ * should fix this. See NSS bug 753136.
+ */
+ if (litem.len != 0) {
+ return SECFailure;
+ }
- if (data->len != 0) {
+ if (data->len != 0) {
/* malformed */
return SECFailure;
- }
+ }
- /* OK, this looks fine. */
- ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
- ss->ssl3.dtlsSRTPCipherSuite = cipher;
- return SECSuccess;
+ /* OK, this looks fine. */
+ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
+ ss->ssl3.dtlsSRTPCipherSuite = cipher;
+ return SECSuccess;
}
/* Server side */
if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) {
- /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP
- * preferences have been set. */
- return SECSuccess;
+ /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP
+ * preferences have been set. */
+ return SECSuccess;
}
if (!data->data || data->len < 5) {
- /* malformed */
- return SECFailure;
+ /* malformed */
+ return SECFailure;
}
/* Get the cipher list */
rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
- &data->data, &data->len);
+ &data->data, &data->len);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
/* Check that the list is even length */
if (ciphers.len % 2) {
- return SECFailure;
+ return SECFailure;
}
/* Walk through the offered list and pick the most preferred of our
* ciphers, if any */
for (i = 0; !found && i < ss->ssl3.dtlsSRTPCipherCount; i++) {
- for (j = 0; j + 1 < ciphers.len; j += 2) {
- cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1];
- if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
- found = PR_TRUE;
- break;
- }
- }
+ for (j = 0; j + 1 < ciphers.len; j += 2) {
+ cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1];
+ if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
+ found = PR_TRUE;
+ break;
+ }
+ }
}
/* Get the srtp_mki value */
rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, &data->data, &data->len);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
if (data->len != 0) {
- return SECFailure; /* Malformed */
+ return SECFailure; /* Malformed */
}
/* Now figure out what to do */
if (!found) {
- /* No matching ciphers */
- return SECSuccess;
+ /* No matching ciphers */
+ return SECSuccess;
}
/* OK, we have a valid cipher and we've selected it */
@@ -2311,7 +2323,7 @@
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn,
- ssl3_SendUseSRTPXtn);
+ ssl3_SendUseSRTPXtn);
}
/* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension
@@ -2323,63 +2335,64 @@
SECStatus rv;
SECItem algorithms;
const unsigned char *b;
- unsigned int numAlgorithms, i;
+ unsigned int numAlgorithms, i, j;
/* Ignore this extension if we aren't doing TLS 1.2 or greater. */
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
- return SECSuccess;
+ return SECSuccess;
}
/* Keep track of negotiated extensions. */
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data,
- &data->len);
+ &data->len);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
/* Trailing data, empty value, or odd-length value is invalid. */
if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
- PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
- return SECFailure;
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+ return SECFailure;
}
numAlgorithms = algorithms.len/2;
/* We don't care to process excessive numbers of algorithms. */
if (numAlgorithms > 512) {
- numAlgorithms = 512;
+ numAlgorithms = 512;
}
ss->ssl3.hs.clientSigAndHash =
- PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
+ PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
if (!ss->ssl3.hs.clientSigAndHash) {
- return SECFailure;
+ return SECFailure;
}
ss->ssl3.hs.numClientSigAndHash = 0;
b = algorithms.data;
- for (i = 0; i < numAlgorithms; i++) {
- unsigned char tls_hash = *(b++);
- unsigned char tls_sig = *(b++);
- SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash);
+ for (i = j = 0; i < numAlgorithms; i++) {
+ unsigned char tls_hash = *(b++);
+ unsigned char tls_sig = *(b++);
+ SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash);
- if (hash == SEC_OID_UNKNOWN) {
- /* We ignore formats that we don't understand. */
- continue;
- }
- /* tls_sig support will be checked later in
- * ssl3_PickSignatureHashAlgorithm. */
- ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash;
- ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig;
- ss->ssl3.hs.numClientSigAndHash++;
+ if (hash == SEC_OID_UNKNOWN) {
+ /* We ignore formats that we don't understand. */
+ continue;
+ }
+ /* tls_sig support will be checked later in
+ * ssl3_PickSignatureHashAlgorithm. */
+ ss->ssl3.hs.clientSigAndHash[j].hashAlg = hash;
+ ss->ssl3.hs.clientSigAndHash[j].sigAlg = tls_sig;
+ ++j;
+ ++ss->ssl3.hs.numClientSigAndHash;
}
if (!ss->ssl3.hs.numClientSigAndHash) {
- /* We didn't understand any of the client's requested signature
- * formats. We'll use the defaults. */
- PORT_Free(ss->ssl3.hs.clientSigAndHash);
- ss->ssl3.hs.clientSigAndHash = NULL;
+ /* We didn't understand any of the client's requested signature
+ * formats. We'll use the defaults. */
+ PORT_Free(ss->ssl3.hs.clientSigAndHash);
+ ss->ssl3.hs.clientSigAndHash = NULL;
}
return SECSuccess;
@@ -2391,49 +2404,49 @@
ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
{
static const unsigned char signatureAlgorithms[] = {
- /* This block is the contents of our signature_algorithms extension, in
- * wire format. See
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
- tls_hash_sha256, tls_sig_rsa,
- tls_hash_sha384, tls_sig_rsa,
- tls_hash_sha1, tls_sig_rsa,
-#ifdef NSS_ENABLE_ECC
- tls_hash_sha256, tls_sig_ecdsa,
- tls_hash_sha384, tls_sig_ecdsa,
- tls_hash_sha1, tls_sig_ecdsa,
+ /* This block is the contents of our signature_algorithms extension, in
+ * wire format. See
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+ tls_hash_sha256, tls_sig_rsa,
+ tls_hash_sha384, tls_sig_rsa,
+ tls_hash_sha1, tls_sig_rsa,
+#ifndef NSS_DISABLE_ECC
+ tls_hash_sha256, tls_sig_ecdsa,
+ tls_hash_sha384, tls_sig_ecdsa,
+ tls_hash_sha1, tls_sig_ecdsa,
#endif
- tls_hash_sha256, tls_sig_dsa,
- tls_hash_sha1, tls_sig_dsa,
+ tls_hash_sha256, tls_sig_dsa,
+ tls_hash_sha1, tls_sig_dsa,
};
PRInt32 extension_length;
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
- return 0;
+ return 0;
}
extension_length =
- 2 /* extension type */ +
- 2 /* extension length */ +
- 2 /* supported_signature_algorithms length */ +
- sizeof(signatureAlgorithms);
+ 2 /* extension type */ +
+ 2 /* extension length */ +
+ 2 /* supported_signature_algorithms length */ +
+ sizeof(signatureAlgorithms);
if (append && maxBytes >= extension_length) {
- SECStatus rv;
- rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
- if (rv != SECSuccess)
- goto loser;
- rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
- if (rv != SECSuccess)
- goto loser;
- rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms,
- sizeof(signatureAlgorithms), 2);
- if (rv != SECSuccess)
- goto loser;
- ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
- ssl_signature_algorithms_xtn;
+ SECStatus rv;
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
+ if (rv != SECSuccess)
+ goto loser;
+ rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+ if (rv != SECSuccess)
+ goto loser;
+ rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms,
+ sizeof(signatureAlgorithms), 2);
+ if (rv != SECSuccess)
+ goto loser;
+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+ ssl_signature_algorithms_xtn;
} else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
+ PORT_Assert(0);
+ return 0;
}
return extension_length;
@@ -2446,20 +2459,20 @@
ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
{
unsigned int recordLength = 1 /* handshake message type */ +
- 3 /* handshake message length */ +
- clientHelloLength;
+ 3 /* handshake message length */ +
+ clientHelloLength;
unsigned int extensionLength;
if (recordLength < 256 || recordLength >= 512) {
- return 0;
+ return 0;
}
extensionLength = 512 - recordLength;
/* Extensions take at least four bytes to encode. Always include at least
- * one byte of data if including the extension. WebSphere Application Server
- * 7.0 is intolerant to the last extension being zero-length. */
+ * one byte of data if including the extension. WebSphere Application
+ * Server 7.0 is intolerant to the last extension being zero-length. */
if (extensionLength < 4 + 1) {
- extensionLength = 4 + 1;
+ extensionLength = 4 + 1;
}
return extensionLength;
@@ -2470,62 +2483,151 @@
* that we don't trigger bugs in F5 products. */
PRInt32
ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
- PRUint32 maxBytes)
+ PRUint32 maxBytes)
{
unsigned int paddingLen = extensionLen - 4;
static unsigned char padding[256];
if (extensionLen == 0) {
- return 0;
+ return 0;
}
if (extensionLen < 4 ||
- extensionLen > maxBytes ||
- paddingLen > sizeof(padding)) {
- PORT_Assert(0);
- return -1;
+ extensionLen > maxBytes ||
+ paddingLen > sizeof(padding)) {
+ PORT_Assert(0);
+ return -1;
}
if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
- return -1;
+ return -1;
if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2))
- return -1;
+ return -1;
if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen))
- return -1;
+ return -1;
return extensionLen;
}
+/* ssl3_ClientSendDraftVersionXtn sends the TLS 1.3 temporary draft
+ * version extension.
+ * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
+static PRInt32
+ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
+{
+ PRInt32 extension_length;
+
+ if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
+ return 0;
+ }
+
+ extension_length = 6; /* Type + length + number */
+ if (append && maxBytes >= extension_length) {
+ SECStatus rv;
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2);
+ if (rv != SECSuccess)
+ goto loser;
+ rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+ if (rv != SECSuccess)
+ goto loser;
+ rv = ssl3_AppendHandshakeNumber(ss, TLS_1_3_DRAFT_VERSION, 2);
+ if (rv != SECSuccess)
+ goto loser;
+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+ ssl_tls13_draft_version_xtn;
+ } else if (maxBytes < extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+
+ return extension_length;
+
+loser:
+ return -1;
+}
+
+/* ssl3_ServerHandleDraftVersionXtn handles the TLS 1.3 temporary draft
+ * version extension.
+ * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
+static SECStatus
+ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type,
+ SECItem *data)
+{
+ PRInt32 draft_version;
+
+ /* Ignore this extension if we aren't doing TLS 1.3 */
+ if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
+ return SECSuccess;
+ }
+
+ if (data->len != 2)
+ goto loser;
+
+ /* Get the draft version out of the handshake */
+ draft_version = ssl3_ConsumeHandshakeNumber(ss, 2,
+ &data->data, &data->len);
+ if (draft_version < 0) {
+ goto loser;
+ }
+
+ /* Keep track of negotiated extensions. */
+ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
+
+ /* Compare the version */
+ if (draft_version != TLS_1_3_DRAFT_VERSION) {
+ SSL_TRC(30, ("%d: SSL3[%d]: Incompatible version of TLS 1.3 (%d), "
+ "expected %d",
+ SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION));
+ goto loser;
+ }
+
+ return SECSuccess;
+
+loser:
+ /*
+ * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2.
+ * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back
+ * here. Need to double-check.
+ * TODO(ekr@rtfm.com): Currently we fall back even on broken extensions.
+ * because SECFailure does not cause handshake failures. See bug
+ * 753136.
+ */
+ SSL_TRC(30, ("%d: SSL3[%d]: Rolling back to TLS 1.2", SSL_GETPID(), ss->fd));
+ ss->version = SSL_LIBRARY_VERSION_TLS_1_2;
+
+ return SECSuccess;
+}
+
/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
* extension for TLS ClientHellos. */
static PRInt32
ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
- PRUint32 maxBytes)
+ PRUint32 maxBytes)
{
PRInt32 extension_length = 2 /* extension_type */ +
- 2 /* length(extension_data) */;
+ 2 /* length(extension_data) */;
/* Only send the extension if processing is enabled. */
if (!ss->opt.enableSignedCertTimestamps)
- return 0;
+ return 0;
if (append && maxBytes >= extension_length) {
- SECStatus rv;
- /* extension_type */
- rv = ssl3_AppendHandshakeNumber(ss,
- ssl_signed_certificate_timestamp_xtn,
- 2);
- if (rv != SECSuccess)
- goto loser;
- /* zero length */
- rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
- if (rv != SECSuccess)
- goto loser;
- ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
- ssl_signed_certificate_timestamp_xtn;
+ SECStatus rv;
+ /* extension_type */
+ rv = ssl3_AppendHandshakeNumber(ss,
+ ssl_signed_certificate_timestamp_xtn,
+ 2);
+ if (rv != SECSuccess)
+ goto loser;
+ /* zero length */
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+ if (rv != SECSuccess)
+ goto loser;
+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+ ssl_signed_certificate_timestamp_xtn;
} else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
+ PORT_Assert(0);
+ return 0;
}
return extension_length;
@@ -2535,7 +2637,7 @@
static SECStatus
ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
- SECItem *data)
+ SECItem *data)
{
/* We do not yet know whether we'll be resuming a session or creating
* a new one, so we keep a pointer to the data in the TLSExtensionData
@@ -2549,8 +2651,8 @@
PORT_Assert(!scts->data && !scts->len);
if (!data->len) {
- /* Empty extension data: RFC 6962 mandates non-empty contents. */
- return SECFailure;
+ /* Empty extension data: RFC 6962 mandates non-empty contents. */
+ return SECFailure;
}
*scts = *data;
/* Keep track of negotiated extensions. */
diff --git a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3prot.h
index d32be38..78fbcaa 100644
--- a/net/third_party/nss/ssl/ssl3prot.h
+++ b/net/third_party/nss/ssl/ssl3prot.h
@@ -14,28 +14,33 @@
typedef PRUint16 SSL3ProtocolVersion;
/* version numbers are defined in sslproto.h */
+/* The TLS 1.3 draft version. Used to avoid negotiating
+ * between incompatible pre-standard TLS 1.3 drafts.
+ * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
+#define TLS_1_3_DRAFT_VERSION 3
+
typedef PRUint16 ssl3CipherSuite;
/* The cipher suites are defined in sslproto.h */
-#define MAX_CERT_TYPES 10
-#define MAX_COMPRESSION_METHODS 10
-#define MAX_MAC_LENGTH 64
-#define MAX_PADDING_LENGTH 64
-#define MAX_KEY_LENGTH 64
-#define EXPORT_KEY_LENGTH 5
-#define SSL3_RANDOM_LENGTH 32
+#define MAX_CERT_TYPES 10
+#define MAX_COMPRESSION_METHODS 10
+#define MAX_MAC_LENGTH 64
+#define MAX_PADDING_LENGTH 64
+#define MAX_KEY_LENGTH 64
+#define EXPORT_KEY_LENGTH 5
+#define SSL3_RANDOM_LENGTH 32
-#define SSL3_RECORD_HEADER_LENGTH 5
+#define SSL3_RECORD_HEADER_LENGTH 5
/* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
#define DTLS_RECORD_HEADER_LENGTH 13
-#define MAX_FRAGMENT_LENGTH 16384
-
+#define MAX_FRAGMENT_LENGTH 16384
+
typedef enum {
- content_change_cipher_spec = 20,
+ content_change_cipher_spec = 20,
content_alert = 21,
- content_handshake = 22,
+ content_handshake = 22,
content_application_data = 23
} SSL3ContentType;
@@ -77,11 +82,11 @@
close_notify = 0,
unexpected_message = 10,
bad_record_mac = 20,
- decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
- record_overflow = 22, /* TLS only */
+ decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
+ record_overflow = 22, /* TLS only */
decompression_failure = 30,
handshake_failure = 40,
- no_certificate = 41, /* SSL3 only, NOT TLS */
+ no_certificate = 41, /* SSL3 only, NOT TLS */
bad_certificate = 42,
unsupported_certificate = 43,
certificate_revoked = 44,
@@ -118,45 +123,45 @@
} SSL3Alert;
typedef enum {
- hello_request = 0,
- client_hello = 1,
- server_hello = 2,
+ hello_request = 0,
+ client_hello = 1,
+ server_hello = 2,
hello_verify_request = 3,
- new_session_ticket = 4,
- certificate = 11,
+ new_session_ticket = 4,
+ certificate = 11,
server_key_exchange = 12,
- certificate_request = 13,
- server_hello_done = 14,
- certificate_verify = 15,
- client_key_exchange = 16,
- finished = 20,
+ certificate_request = 13,
+ server_hello_done = 14,
+ certificate_verify = 15,
+ client_key_exchange = 16,
+ finished = 20,
certificate_status = 22,
- next_proto = 67,
- encrypted_extensions= 203
+ next_proto = 67,
+ encrypted_extensions = 203,
} SSL3HandshakeType;
typedef struct {
PRUint8 empty;
} SSL3HelloRequest;
-
+
typedef struct {
SSL3Opaque rand[SSL3_RANDOM_LENGTH];
} SSL3Random;
-
+
typedef struct {
SSL3Opaque id[32];
PRUint8 length;
} SSL3SessionID;
-
+
typedef struct {
SSL3ProtocolVersion client_version;
SSL3Random random;
SSL3SessionID session_id;
SECItem cipher_suites;
- PRUint8 cm_count;
+ PRUint8 cm_count;
SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
} SSL3ClientHello;
-
+
typedef struct {
SSL3ProtocolVersion server_version;
SSL3Random random;
@@ -164,29 +169,29 @@
ssl3CipherSuite cipher_suite;
SSLCompressionMethod compression_method;
} SSL3ServerHello;
-
+
typedef struct {
SECItem list;
} SSL3Certificate;
/* SSL3SignType moved to ssl.h */
-/* The SSL key exchange method used */
+/* The SSL key exchange method used */
typedef enum {
- kea_null,
- kea_rsa,
+ kea_null,
+ kea_rsa,
kea_rsa_export,
kea_rsa_export_1024,
- kea_dh_dss,
- kea_dh_dss_export,
- kea_dh_rsa,
+ kea_dh_dss,
+ kea_dh_dss_export,
+ kea_dh_rsa,
kea_dh_rsa_export,
- kea_dhe_dss,
- kea_dhe_dss_export,
- kea_dhe_rsa,
+ kea_dhe_dss,
+ kea_dhe_dss_export,
+ kea_dhe_rsa,
kea_dhe_rsa_export,
- kea_dh_anon,
- kea_dh_anon_export,
+ kea_dh_anon,
+ kea_dh_anon_export,
kea_rsa_fips,
kea_ecdh_ecdsa,
kea_ecdhe_ecdsa,
@@ -194,7 +199,7 @@
kea_ecdhe_rsa,
kea_ecdh_anon
} SSL3KeyExchangeAlgorithm;
-
+
typedef struct {
SECItem modulus;
SECItem exponent;
@@ -208,8 +213,8 @@
typedef struct {
union {
- SSL3ServerDHParams dh;
- SSL3ServerRSAParams rsa;
+ SSL3ServerDHParams dh;
+ SSL3ServerRSAParams rsa;
} u;
} SSL3ServerParams;
@@ -253,56 +258,56 @@
unsigned int len;
SECOidTag hashAlg;
union {
- PRUint8 raw[64];
- SSL3HashesIndividually s;
+ PRUint8 raw[64];
+ SSL3HashesIndividually s;
} u;
} SSL3Hashes;
typedef struct {
union {
- SSL3Opaque anonymous;
- SSL3Hashes certified;
+ SSL3Opaque anonymous;
+ SSL3Hashes certified;
} u;
} SSL3ServerKeyExchange;
-
+
typedef enum {
- ct_RSA_sign = 1,
- ct_DSS_sign = 2,
- ct_RSA_fixed_DH = 3,
- ct_DSS_fixed_DH = 4,
- ct_RSA_ephemeral_DH = 5,
+ ct_RSA_sign = 1,
+ ct_DSS_sign = 2,
+ ct_RSA_fixed_DH = 3,
+ ct_DSS_fixed_DH = 4,
+ ct_RSA_ephemeral_DH = 5,
ct_DSS_ephemeral_DH = 6,
- ct_ECDSA_sign = 64,
- ct_RSA_fixed_ECDH = 65,
- ct_ECDSA_fixed_ECDH = 66
+ ct_ECDSA_sign = 64,
+ ct_RSA_fixed_ECDH = 65,
+ ct_ECDSA_fixed_ECDH = 66
} SSL3ClientCertificateType;
-
+
typedef SECItem *SSL3DistinquishedName;
typedef struct {
SSL3Opaque client_version[2];
SSL3Opaque random[46];
} SSL3RSAPreMasterSecret;
-
+
typedef SECItem SSL3EncryptedPreMasterSecret;
typedef SSL3Opaque SSL3MasterSecret[48];
typedef enum { implicit, explicit } SSL3PublicValueEncoding;
-
+
typedef struct {
union {
- SSL3Opaque implicit;
- SECItem explicit;
+ SSL3Opaque implicit;
+ SECItem explicit;
} dh_public;
} SSL3ClientDiffieHellmanPublic;
-
+
typedef struct {
union {
- SSL3EncryptedPreMasterSecret rsa;
- SSL3ClientDiffieHellmanPublic diffie_helman;
+ SSL3EncryptedPreMasterSecret rsa;
+ SSL3ClientDiffieHellmanPublic diffie_helman;
} exchange_keys;
} SSL3ClientKeyExchange;
@@ -315,7 +320,7 @@
sender_server = 0x53525652
} SSL3Sender;
-typedef SSL3HashesIndividually SSL3Finished;
+typedef SSL3HashesIndividually SSL3Finished;
typedef struct {
SSL3Opaque verify_data[12];
@@ -323,7 +328,7 @@
/*
* TLS extension related data structures and constants.
- */
+ */
/* SessionTicket extension related data structures. */
@@ -342,7 +347,7 @@
typedef struct {
ClientAuthenticationType client_auth_type;
union {
- SSL3Opaque *certificate_list;
+ SSL3Opaque *certificate_list;
} identity;
} ClientIdentity;
@@ -358,7 +363,7 @@
unsigned char *mac;
} EncryptedSessionTicket;
-#define TLS_EX_SESS_TICKET_MAC_LENGTH 32
+#define TLS_EX_SESS_TICKET_MAC_LENGTH 32
#define TLS_STE_NO_SERVER_NAME -1
diff --git a/net/third_party/nss/ssl/sslcon.c b/net/third_party/nss/ssl/sslcon.c
index 2763654..8c5a5ad 100644
--- a/net/third_party/nss/ssl/sslcon.c
+++ b/net/third_party/nss/ssl/sslcon.c
@@ -428,7 +428,6 @@
int cipherChoice)
{
switch (cipherChoice) {
-
case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
case SSL_CK_RC2_128_CBC_WITH_MD5:
case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
@@ -436,8 +435,10 @@
case SSL_CK_DES_64_CBC_WITH_MD5:
case SSL_CK_DES_192_EDE3_CBC_WITH_MD5:
sec->hash = HASH_GetHashObject(HASH_AlgMD5);
- SECITEM_CopyItem(0, &sec->sendSecret, writeKey);
- SECITEM_CopyItem(0, &sec->rcvSecret, readKey);
+ if (SECITEM_CopyItem(0, &sec->sendSecret, writeKey) ||
+ SECITEM_CopyItem(0, &sec->rcvSecret, readKey)) {
+ return SECFailure;
+ }
break;
default:
@@ -3101,7 +3102,7 @@
return rv;
}
-#if defined(NSS_ENABLE_ECC)
+#ifndef NSS_DISABLE_ECC
/* ensure we don't neogtiate ECC cipher suites with SSL2 hello */
ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
if (ss->cipherSpecs != NULL) {
@@ -3109,7 +3110,7 @@
ss->cipherSpecs = NULL;
ss->sizeCipherSpecs = 0;
}
-#endif
+#endif /* NSS_DISABLE_ECC */
if (!ss->cipherSpecs) {
rv = ssl2_ConstructCipherSpecs(ss);
diff --git a/net/third_party/nss/ssl/sslenum.c b/net/third_party/nss/ssl/sslenum.c
index d601207..a036627 100644
--- a/net/third_party/nss/ssl/sslenum.c
+++ b/net/third_party/nss/ssl/sslenum.c
@@ -49,7 +49,7 @@
* the fifth one.
*/
const PRUint16 SSL_ImplementedCiphers[] = {
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -67,7 +67,7 @@
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
@@ -80,11 +80,11 @@
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_WITH_RC4_128_SHA,
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
@@ -93,7 +93,7 @@
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
@@ -104,34 +104,34 @@
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_RSA_WITH_SEED_CBC_SHA,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
- SSL_RSA_WITH_3DES_EDE_CBC_SHA,
- SSL_RSA_WITH_RC4_128_SHA,
- SSL_RSA_WITH_RC4_128_MD5,
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_RSA_WITH_RC4_128_SHA,
+ TLS_RSA_WITH_RC4_128_MD5,
/* 56-bit DES "domestic" cipher suites */
- SSL_DHE_RSA_WITH_DES_CBC_SHA,
- SSL_DHE_DSS_WITH_DES_CBC_SHA,
+ TLS_DHE_RSA_WITH_DES_CBC_SHA,
+ TLS_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_FIPS_WITH_DES_CBC_SHA,
- SSL_RSA_WITH_DES_CBC_SHA,
+ TLS_RSA_WITH_DES_CBC_SHA,
/* export ciphersuites with 1024-bit public key exchange keys */
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
/* export ciphersuites with 512-bit public key exchange keys */
- SSL_RSA_EXPORT_WITH_RC4_40_MD5,
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5,
+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
/* ciphersuites with no encryption */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_RSA_WITH_NULL_SHA,
TLS_ECDH_ECDSA_WITH_NULL_SHA,
-#endif /* NSS_ENABLE_ECC */
- SSL_RSA_WITH_NULL_SHA,
+#endif /* NSS_DISABLE_ECC */
+ TLS_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_SHA256,
- SSL_RSA_WITH_NULL_MD5,
+ TLS_RSA_WITH_NULL_MD5,
/* SSL2 cipher suites. */
SSL_EN_RC4_128_WITH_MD5,
diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
index 5184a6e06..24bf893 100644
--- a/net/third_party/nss/ssl/sslerr.h
+++ b/net/third_party/nss/ssl/sslerr.h
@@ -8,179 +8,179 @@
#define __SSL_ERR_H_
-#define SSL_ERROR_BASE (-0x3000)
-#define SSL_ERROR_LIMIT (SSL_ERROR_BASE + 1000)
+#define SSL_ERROR_BASE (-0x3000)
+#define SSL_ERROR_LIMIT (SSL_ERROR_BASE + 1000)
#define IS_SSL_ERROR(code) \
(((code) >= SSL_ERROR_BASE) && ((code) < SSL_ERROR_LIMIT))
#ifndef NO_SECURITY_ERROR_ENUM
typedef enum {
-SSL_ERROR_EXPORT_ONLY_SERVER = (SSL_ERROR_BASE + 0),
-SSL_ERROR_US_ONLY_SERVER = (SSL_ERROR_BASE + 1),
-SSL_ERROR_NO_CYPHER_OVERLAP = (SSL_ERROR_BASE + 2),
-/*
+SSL_ERROR_EXPORT_ONLY_SERVER = (SSL_ERROR_BASE + 0),
+SSL_ERROR_US_ONLY_SERVER = (SSL_ERROR_BASE + 1),
+SSL_ERROR_NO_CYPHER_OVERLAP = (SSL_ERROR_BASE + 2),
+/*
* Received an alert reporting what we did wrong. (more alerts below)
*/
-SSL_ERROR_NO_CERTIFICATE /*_ALERT */ = (SSL_ERROR_BASE + 3),
-SSL_ERROR_BAD_CERTIFICATE = (SSL_ERROR_BASE + 4),
-SSL_ERROR_UNUSED_5 = (SSL_ERROR_BASE + 5),
- /* error 5 is obsolete */
-SSL_ERROR_BAD_CLIENT = (SSL_ERROR_BASE + 6),
-SSL_ERROR_BAD_SERVER = (SSL_ERROR_BASE + 7),
-SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = (SSL_ERROR_BASE + 8),
-SSL_ERROR_UNSUPPORTED_VERSION = (SSL_ERROR_BASE + 9),
-SSL_ERROR_UNUSED_10 = (SSL_ERROR_BASE + 10),
- /* error 10 is obsolete */
-SSL_ERROR_WRONG_CERTIFICATE = (SSL_ERROR_BASE + 11),
-SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12),
-SSL_ERROR_POST_WARNING = (SSL_ERROR_BASE + 13),
-SSL_ERROR_SSL2_DISABLED = (SSL_ERROR_BASE + 14),
-SSL_ERROR_BAD_MAC_READ = (SSL_ERROR_BASE + 15),
-/*
+SSL_ERROR_NO_CERTIFICATE /*_ALERT */ = (SSL_ERROR_BASE + 3),
+SSL_ERROR_BAD_CERTIFICATE = (SSL_ERROR_BASE + 4),
+SSL_ERROR_UNUSED_5 = (SSL_ERROR_BASE + 5),
+ /* error 5 is obsolete */
+SSL_ERROR_BAD_CLIENT = (SSL_ERROR_BASE + 6),
+SSL_ERROR_BAD_SERVER = (SSL_ERROR_BASE + 7),
+SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = (SSL_ERROR_BASE + 8),
+SSL_ERROR_UNSUPPORTED_VERSION = (SSL_ERROR_BASE + 9),
+SSL_ERROR_UNUSED_10 = (SSL_ERROR_BASE + 10),
+ /* error 10 is obsolete */
+SSL_ERROR_WRONG_CERTIFICATE = (SSL_ERROR_BASE + 11),
+SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12),
+SSL_ERROR_POST_WARNING = (SSL_ERROR_BASE + 13),
+SSL_ERROR_SSL2_DISABLED = (SSL_ERROR_BASE + 14),
+SSL_ERROR_BAD_MAC_READ = (SSL_ERROR_BASE + 15),
+/*
* Received an alert reporting what we did wrong.
* (two more alerts above, and many more below)
*/
-SSL_ERROR_BAD_MAC_ALERT = (SSL_ERROR_BASE + 16),
+SSL_ERROR_BAD_MAC_ALERT = (SSL_ERROR_BASE + 16),
SSL_ERROR_BAD_CERT_ALERT = (SSL_ERROR_BASE + 17),
-SSL_ERROR_REVOKED_CERT_ALERT = (SSL_ERROR_BASE + 18),
-SSL_ERROR_EXPIRED_CERT_ALERT = (SSL_ERROR_BASE + 19),
+SSL_ERROR_REVOKED_CERT_ALERT = (SSL_ERROR_BASE + 18),
+SSL_ERROR_EXPIRED_CERT_ALERT = (SSL_ERROR_BASE + 19),
-SSL_ERROR_SSL_DISABLED = (SSL_ERROR_BASE + 20),
-SSL_ERROR_FORTEZZA_PQG = (SSL_ERROR_BASE + 21),
-SSL_ERROR_UNKNOWN_CIPHER_SUITE = (SSL_ERROR_BASE + 22),
-SSL_ERROR_NO_CIPHERS_SUPPORTED = (SSL_ERROR_BASE + 23),
-SSL_ERROR_BAD_BLOCK_PADDING = (SSL_ERROR_BASE + 24),
-SSL_ERROR_RX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 25),
-SSL_ERROR_TX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 26),
-/*
+SSL_ERROR_SSL_DISABLED = (SSL_ERROR_BASE + 20),
+SSL_ERROR_FORTEZZA_PQG = (SSL_ERROR_BASE + 21),
+SSL_ERROR_UNKNOWN_CIPHER_SUITE = (SSL_ERROR_BASE + 22),
+SSL_ERROR_NO_CIPHERS_SUPPORTED = (SSL_ERROR_BASE + 23),
+SSL_ERROR_BAD_BLOCK_PADDING = (SSL_ERROR_BASE + 24),
+SSL_ERROR_RX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 25),
+SSL_ERROR_TX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 26),
+/*
* Received a malformed (too long or short) SSL handshake.
*/
-SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = (SSL_ERROR_BASE + 27),
-SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = (SSL_ERROR_BASE + 28),
-SSL_ERROR_RX_MALFORMED_SERVER_HELLO = (SSL_ERROR_BASE + 29),
-SSL_ERROR_RX_MALFORMED_CERTIFICATE = (SSL_ERROR_BASE + 30),
-SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 31),
-SSL_ERROR_RX_MALFORMED_CERT_REQUEST = (SSL_ERROR_BASE + 32),
-SSL_ERROR_RX_MALFORMED_HELLO_DONE = (SSL_ERROR_BASE + 33),
-SSL_ERROR_RX_MALFORMED_CERT_VERIFY = (SSL_ERROR_BASE + 34),
-SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 35),
-SSL_ERROR_RX_MALFORMED_FINISHED = (SSL_ERROR_BASE + 36),
-/*
+SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = (SSL_ERROR_BASE + 27),
+SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = (SSL_ERROR_BASE + 28),
+SSL_ERROR_RX_MALFORMED_SERVER_HELLO = (SSL_ERROR_BASE + 29),
+SSL_ERROR_RX_MALFORMED_CERTIFICATE = (SSL_ERROR_BASE + 30),
+SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 31),
+SSL_ERROR_RX_MALFORMED_CERT_REQUEST = (SSL_ERROR_BASE + 32),
+SSL_ERROR_RX_MALFORMED_HELLO_DONE = (SSL_ERROR_BASE + 33),
+SSL_ERROR_RX_MALFORMED_CERT_VERIFY = (SSL_ERROR_BASE + 34),
+SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 35),
+SSL_ERROR_RX_MALFORMED_FINISHED = (SSL_ERROR_BASE + 36),
+/*
* Received a malformed (too long or short) SSL record.
*/
-SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = (SSL_ERROR_BASE + 37),
-SSL_ERROR_RX_MALFORMED_ALERT = (SSL_ERROR_BASE + 38),
-SSL_ERROR_RX_MALFORMED_HANDSHAKE = (SSL_ERROR_BASE + 39),
-SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40),
+SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = (SSL_ERROR_BASE + 37),
+SSL_ERROR_RX_MALFORMED_ALERT = (SSL_ERROR_BASE + 38),
+SSL_ERROR_RX_MALFORMED_HANDSHAKE = (SSL_ERROR_BASE + 39),
+SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40),
/*
* Received an SSL handshake that was inappropriate for the state we're in.
* E.g. Server received message from server, or wrong state in state machine.
*/
-SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = (SSL_ERROR_BASE + 41),
-SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = (SSL_ERROR_BASE + 42),
-SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = (SSL_ERROR_BASE + 43),
-SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = (SSL_ERROR_BASE + 44),
-SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45),
-SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = (SSL_ERROR_BASE + 46),
-SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = (SSL_ERROR_BASE + 47),
-SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = (SSL_ERROR_BASE + 48),
-SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49),
-SSL_ERROR_RX_UNEXPECTED_FINISHED = (SSL_ERROR_BASE + 50),
+SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = (SSL_ERROR_BASE + 41),
+SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = (SSL_ERROR_BASE + 42),
+SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = (SSL_ERROR_BASE + 43),
+SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = (SSL_ERROR_BASE + 44),
+SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45),
+SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = (SSL_ERROR_BASE + 46),
+SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = (SSL_ERROR_BASE + 47),
+SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = (SSL_ERROR_BASE + 48),
+SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49),
+SSL_ERROR_RX_UNEXPECTED_FINISHED = (SSL_ERROR_BASE + 50),
/*
* Received an SSL record that was inappropriate for the state we're in.
*/
-SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = (SSL_ERROR_BASE + 51),
-SSL_ERROR_RX_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 52),
-SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = (SSL_ERROR_BASE + 53),
-SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA= (SSL_ERROR_BASE + 54),
+SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = (SSL_ERROR_BASE + 51),
+SSL_ERROR_RX_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 52),
+SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = (SSL_ERROR_BASE + 53),
+SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA = (SSL_ERROR_BASE + 54),
/*
* Received record/message with unknown discriminant.
*/
-SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = (SSL_ERROR_BASE + 55),
-SSL_ERROR_RX_UNKNOWN_HANDSHAKE = (SSL_ERROR_BASE + 56),
-SSL_ERROR_RX_UNKNOWN_ALERT = (SSL_ERROR_BASE + 57),
-/*
+SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = (SSL_ERROR_BASE + 55),
+SSL_ERROR_RX_UNKNOWN_HANDSHAKE = (SSL_ERROR_BASE + 56),
+SSL_ERROR_RX_UNKNOWN_ALERT = (SSL_ERROR_BASE + 57),
+/*
* Received an alert reporting what we did wrong. (more alerts above)
*/
-SSL_ERROR_CLOSE_NOTIFY_ALERT = (SSL_ERROR_BASE + 58),
-SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 59),
-SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = (SSL_ERROR_BASE + 60),
-SSL_ERROR_HANDSHAKE_FAILURE_ALERT = (SSL_ERROR_BASE + 61),
-SSL_ERROR_ILLEGAL_PARAMETER_ALERT = (SSL_ERROR_BASE + 62),
-SSL_ERROR_UNSUPPORTED_CERT_ALERT = (SSL_ERROR_BASE + 63),
-SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = (SSL_ERROR_BASE + 64),
+SSL_ERROR_CLOSE_NOTIFY_ALERT = (SSL_ERROR_BASE + 58),
+SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 59),
+SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = (SSL_ERROR_BASE + 60),
+SSL_ERROR_HANDSHAKE_FAILURE_ALERT = (SSL_ERROR_BASE + 61),
+SSL_ERROR_ILLEGAL_PARAMETER_ALERT = (SSL_ERROR_BASE + 62),
+SSL_ERROR_UNSUPPORTED_CERT_ALERT = (SSL_ERROR_BASE + 63),
+SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = (SSL_ERROR_BASE + 64),
-SSL_ERROR_GENERATE_RANDOM_FAILURE = (SSL_ERROR_BASE + 65),
-SSL_ERROR_SIGN_HASHES_FAILURE = (SSL_ERROR_BASE + 66),
-SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = (SSL_ERROR_BASE + 67),
-SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 68),
-SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 69),
+SSL_ERROR_GENERATE_RANDOM_FAILURE = (SSL_ERROR_BASE + 65),
+SSL_ERROR_SIGN_HASHES_FAILURE = (SSL_ERROR_BASE + 66),
+SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = (SSL_ERROR_BASE + 67),
+SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 68),
+SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 69),
-SSL_ERROR_ENCRYPTION_FAILURE = (SSL_ERROR_BASE + 70),
-SSL_ERROR_DECRYPTION_FAILURE = (SSL_ERROR_BASE + 71), /* don't use */
-SSL_ERROR_SOCKET_WRITE_FAILURE = (SSL_ERROR_BASE + 72),
+SSL_ERROR_ENCRYPTION_FAILURE = (SSL_ERROR_BASE + 70),
+SSL_ERROR_DECRYPTION_FAILURE = (SSL_ERROR_BASE + 71), /* don't use */
+SSL_ERROR_SOCKET_WRITE_FAILURE = (SSL_ERROR_BASE + 72),
-SSL_ERROR_MD5_DIGEST_FAILURE = (SSL_ERROR_BASE + 73),
-SSL_ERROR_SHA_DIGEST_FAILURE = (SSL_ERROR_BASE + 74),
-SSL_ERROR_MAC_COMPUTATION_FAILURE = (SSL_ERROR_BASE + 75),
-SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = (SSL_ERROR_BASE + 76),
-SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = (SSL_ERROR_BASE + 77),
-SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = (SSL_ERROR_BASE + 78),
-SSL_ERROR_IV_PARAM_FAILURE = (SSL_ERROR_BASE + 79),
-SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = (SSL_ERROR_BASE + 80),
-SSL_ERROR_SESSION_KEY_GEN_FAILURE = (SSL_ERROR_BASE + 81),
-SSL_ERROR_NO_SERVER_KEY_FOR_ALG = (SSL_ERROR_BASE + 82),
-SSL_ERROR_TOKEN_INSERTION_REMOVAL = (SSL_ERROR_BASE + 83),
-SSL_ERROR_TOKEN_SLOT_NOT_FOUND = (SSL_ERROR_BASE + 84),
-SSL_ERROR_NO_COMPRESSION_OVERLAP = (SSL_ERROR_BASE + 85),
-SSL_ERROR_HANDSHAKE_NOT_COMPLETED = (SSL_ERROR_BASE + 86),
-SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = (SSL_ERROR_BASE + 87),
-SSL_ERROR_CERT_KEA_MISMATCH = (SSL_ERROR_BASE + 88),
+SSL_ERROR_MD5_DIGEST_FAILURE = (SSL_ERROR_BASE + 73),
+SSL_ERROR_SHA_DIGEST_FAILURE = (SSL_ERROR_BASE + 74),
+SSL_ERROR_MAC_COMPUTATION_FAILURE = (SSL_ERROR_BASE + 75),
+SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = (SSL_ERROR_BASE + 76),
+SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = (SSL_ERROR_BASE + 77),
+SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = (SSL_ERROR_BASE + 78),
+SSL_ERROR_IV_PARAM_FAILURE = (SSL_ERROR_BASE + 79),
+SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = (SSL_ERROR_BASE + 80),
+SSL_ERROR_SESSION_KEY_GEN_FAILURE = (SSL_ERROR_BASE + 81),
+SSL_ERROR_NO_SERVER_KEY_FOR_ALG = (SSL_ERROR_BASE + 82),
+SSL_ERROR_TOKEN_INSERTION_REMOVAL = (SSL_ERROR_BASE + 83),
+SSL_ERROR_TOKEN_SLOT_NOT_FOUND = (SSL_ERROR_BASE + 84),
+SSL_ERROR_NO_COMPRESSION_OVERLAP = (SSL_ERROR_BASE + 85),
+SSL_ERROR_HANDSHAKE_NOT_COMPLETED = (SSL_ERROR_BASE + 86),
+SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = (SSL_ERROR_BASE + 87),
+SSL_ERROR_CERT_KEA_MISMATCH = (SSL_ERROR_BASE + 88),
/* SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA became obsolete in NSS 3.14. */
-SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = (SSL_ERROR_BASE + 89),
-SSL_ERROR_SESSION_NOT_FOUND = (SSL_ERROR_BASE + 90),
+SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = (SSL_ERROR_BASE + 89),
+SSL_ERROR_SESSION_NOT_FOUND = (SSL_ERROR_BASE + 90),
-SSL_ERROR_DECRYPTION_FAILED_ALERT = (SSL_ERROR_BASE + 91),
-SSL_ERROR_RECORD_OVERFLOW_ALERT = (SSL_ERROR_BASE + 92),
-SSL_ERROR_UNKNOWN_CA_ALERT = (SSL_ERROR_BASE + 93),
-SSL_ERROR_ACCESS_DENIED_ALERT = (SSL_ERROR_BASE + 94),
-SSL_ERROR_DECODE_ERROR_ALERT = (SSL_ERROR_BASE + 95),
-SSL_ERROR_DECRYPT_ERROR_ALERT = (SSL_ERROR_BASE + 96),
-SSL_ERROR_EXPORT_RESTRICTION_ALERT = (SSL_ERROR_BASE + 97),
-SSL_ERROR_PROTOCOL_VERSION_ALERT = (SSL_ERROR_BASE + 98),
-SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = (SSL_ERROR_BASE + 99),
-SSL_ERROR_INTERNAL_ERROR_ALERT = (SSL_ERROR_BASE + 100),
-SSL_ERROR_USER_CANCELED_ALERT = (SSL_ERROR_BASE + 101),
-SSL_ERROR_NO_RENEGOTIATION_ALERT = (SSL_ERROR_BASE + 102),
+SSL_ERROR_DECRYPTION_FAILED_ALERT = (SSL_ERROR_BASE + 91),
+SSL_ERROR_RECORD_OVERFLOW_ALERT = (SSL_ERROR_BASE + 92),
+SSL_ERROR_UNKNOWN_CA_ALERT = (SSL_ERROR_BASE + 93),
+SSL_ERROR_ACCESS_DENIED_ALERT = (SSL_ERROR_BASE + 94),
+SSL_ERROR_DECODE_ERROR_ALERT = (SSL_ERROR_BASE + 95),
+SSL_ERROR_DECRYPT_ERROR_ALERT = (SSL_ERROR_BASE + 96),
+SSL_ERROR_EXPORT_RESTRICTION_ALERT = (SSL_ERROR_BASE + 97),
+SSL_ERROR_PROTOCOL_VERSION_ALERT = (SSL_ERROR_BASE + 98),
+SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = (SSL_ERROR_BASE + 99),
+SSL_ERROR_INTERNAL_ERROR_ALERT = (SSL_ERROR_BASE + 100),
+SSL_ERROR_USER_CANCELED_ALERT = (SSL_ERROR_BASE + 101),
+SSL_ERROR_NO_RENEGOTIATION_ALERT = (SSL_ERROR_BASE + 102),
-SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED = (SSL_ERROR_BASE + 103),
+SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED = (SSL_ERROR_BASE + 103),
-SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT = (SSL_ERROR_BASE + 104),
-SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105),
-SSL_ERROR_UNRECOGNIZED_NAME_ALERT = (SSL_ERROR_BASE + 106),
-SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107),
-SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT = (SSL_ERROR_BASE + 108),
+SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT = (SSL_ERROR_BASE + 104),
+SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105),
+SSL_ERROR_UNRECOGNIZED_NAME_ALERT = (SSL_ERROR_BASE + 106),
+SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107),
+SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT = (SSL_ERROR_BASE + 108),
SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 109),
-SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110),
+SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110),
-SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111),
+SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111),
SSL_ERROR_RENEGOTIATION_NOT_ALLOWED = (SSL_ERROR_BASE + 112),
SSL_ERROR_UNSAFE_NEGOTIATION = (SSL_ERROR_BASE + 113),
-SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114),
+SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114),
SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY = (SSL_ERROR_BASE + 115),
-SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID = (SSL_ERROR_BASE + 116),
+SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID = (SSL_ERROR_BASE + 116),
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = (SSL_ERROR_BASE + 117),
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118),
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119),
-SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120),
-SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121),
+SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120),
+SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121),
SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 122),
SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123),
@@ -189,20 +189,20 @@
SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 125),
-SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126),
-SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
+SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126),
+SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK = (SSL_ERROR_BASE + 129),
SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130),
-SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
+SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
-SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
-SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
-SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
+SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
+SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
+SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
-SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
+SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */
diff --git a/net/third_party/nss/ssl/sslgathr.c b/net/third_party/nss/ssl/sslgathr.c
index 6c17eb00..bdf470b 100644
--- a/net/third_party/nss/ssl/sslgathr.c
+++ b/net/third_party/nss/ssl/sslgathr.c
@@ -364,34 +364,6 @@
return ssl2_GatherData(ss, &ss->gs, flags);
}
-/*
- * Returns +1 when it has gathered a complete SSLV2 record.
- * Returns 0 if it hits EOF.
- * Returns -1 (SECFailure) on any error
- * Returns -2 (SECWouldBlock)
- *
- * Called from SocksStartGather in sslsocks.c
- * Caller must hold RecvBufLock.
- */
-int
-ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, unsigned int count)
-{
- int rv;
-
- PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
- gs->state = GS_DATA;
- gs->remainder = count;
- gs->count = count;
- gs->offset = 0;
- if (count > gs->buf.space) {
- rv = sslBuffer_Grow(&gs->buf, count);
- if (rv) {
- return rv;
- }
- }
- return ssl2_GatherData(ss, gs, 0);
-}
-
/* Caller should hold RecvBufLock. */
SECStatus
ssl_InitGather(sslGather *gs)
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
index 8754e16..a809616 100644
--- a/net/third_party/nss/ssl/sslimpl.h
+++ b/net/third_party/nss/ssl/sslimpl.h
@@ -299,11 +299,11 @@
#endif
} ssl3CipherSuiteCfg;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
#define ssl_V3_SUITES_IMPLEMENTED 63
#else
#define ssl_V3_SUITES_IMPLEMENTED 37
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
@@ -337,8 +337,9 @@
unsigned int enableOCSPStapling : 1; /* 25 */
unsigned int enableNPN : 1; /* 26 */
unsigned int enableALPN : 1; /* 27 */
- unsigned int enableSignedCertTimestamps : 1; /* 28 */
+ unsigned int reuseServerECDHEKey : 1; /* 28 */
unsigned int enableFallbackSCSV : 1; /* 29 */
+ unsigned int enableSignedCertTimestamps : 1; /* 30 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
@@ -678,9 +679,9 @@
SSL3KEAType exchKeyType;
/* key type used in exchange algorithm,
* and to wrap the sym wrapping key. */
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
PRUint32 negotiatedECCurves;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
/* The following values are NOT restored from the server's on-disk
* session cache, but are restored from the client's cache.
@@ -935,9 +936,9 @@
SSL3Finished sFinished[2];
SSL3Opaque data[72];
} finishedMsgs;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
PRUint32 negotiatedECCurves; /* bit mask */
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
PRBool authCertificatePending;
/* Which function should SSL_RestartHandshake* call if we're blocked?
@@ -1456,8 +1457,6 @@
extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss);
extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss);
-extern int ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs,
- unsigned int count);
extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss);
extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os);
@@ -1612,7 +1611,11 @@
* runtime to determine which versions are supported by the version of libssl
* in use.
*/
+#ifdef NSS_ENABLE_TLS_1_3
+#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_3
+#else
#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2
+#endif
/* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */
#define SSL3_ALL_VERSIONS_DISABLED(vrange) \
@@ -1678,7 +1681,7 @@
*/
extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
extern SECStatus ssl3_DisableECCSuites(sslSocket * ss,
@@ -1733,7 +1736,7 @@
ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
@@ -1770,7 +1773,7 @@
extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
/* ECDH functions */
extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss,
SECKEYPublicKey * svrPubKey);
@@ -1855,7 +1858,7 @@
const CERTCertificateList *certChain,
ssl3KeyPair *keyPair, SSLKEAType kea);
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
PRBool append, PRUint32 maxBytes);
extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c
index df7e669..845d9f02 100644
--- a/net/third_party/nss/ssl/sslinfo.c
+++ b/net/third_party/nss/ssl/sslinfo.c
@@ -149,30 +149,30 @@
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
-{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
-{0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
{0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
-{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
-{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
-{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, },
-{0,CS(SSL_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA, 0, 1, 0, },
{0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
-{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
-{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
{0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA256, 0, 1, 0, },
-{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
-{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
+{0,CS(TLS_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
/* ECC cipher suites */
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
@@ -204,7 +204,7 @@
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
/* SSL 2 table */
{0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
diff --git a/net/third_party/nss/ssl/sslnonce.c b/net/third_party/nss/ssl/sslnonce.c
index 3e42bed..28ad364 100644
--- a/net/third_party/nss/ssl/sslnonce.c
+++ b/net/third_party/nss/ssl/sslnonce.c
@@ -441,6 +441,8 @@
{
PORT_Assert(sid);
PORT_Assert(newSessionTicket);
+ PORT_Assert(newSessionTicket->ticket.data);
+ PORT_Assert(newSessionTicket->ticket.len != 0);
/* if sid->u.ssl3.lock, we are updating an existing entry that is already
* cached or was once cached, so we need to acquire and release the write
@@ -449,10 +451,6 @@
*/
if (sid->u.ssl3.lock) {
NSSRWLock_LockWrite(sid->u.ssl3.lock);
-
- /* A server might have sent us an empty ticket, which has the
- * effect of clearing the previously known ticket.
- */
if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
PR_FALSE);
diff --git a/net/third_party/nss/ssl/sslproto.h b/net/third_party/nss/ssl/sslproto.h
index 621ef37..dc653c91 100644
--- a/net/third_party/nss/ssl/sslproto.h
+++ b/net/third_party/nss/ssl/sslproto.h
@@ -1,5 +1,5 @@
/*
- * Various and sundry protocol constants. DON'T CHANGE THESE. These values
+ * Various and sundry protocol constants. DON'T CHANGE THESE. These values
* are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
* Cipher kinds and ciphersuites are part of the public API.
*
@@ -11,138 +11,178 @@
#define __sslproto_h_
/* All versions less than 3_0 are treated as SSL version 2 */
-#define SSL_LIBRARY_VERSION_2 0x0002
-#define SSL_LIBRARY_VERSION_3_0 0x0300
-#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
-#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
-#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303
+#define SSL_LIBRARY_VERSION_2 0x0002
+#define SSL_LIBRARY_VERSION_3_0 0x0300
+#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
+#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
+#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303
+#define SSL_LIBRARY_VERSION_TLS_1_3 0x0304
+
/* Note: this is the internal format, not the wire format */
-#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302
+#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302
+#define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303
+#define SSL_LIBRARY_VERSION_DTLS_1_3 0x0304
/* deprecated old name */
-#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
+#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
-/* The DTLS version used in the spec */
+/* The DTLS versions used in the spec */
#define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff)
+#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff)
+#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE ((~0x0103) & 0xffff)
/* Header lengths of some of the messages */
-#define SSL_HL_ERROR_HBYTES 3
-#define SSL_HL_CLIENT_HELLO_HBYTES 9
-#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10
-#define SSL_HL_CLIENT_FINISHED_HBYTES 1
-#define SSL_HL_SERVER_HELLO_HBYTES 11
-#define SSL_HL_SERVER_VERIFY_HBYTES 1
-#define SSL_HL_SERVER_FINISHED_HBYTES 1
-#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2
-#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6
+#define SSL_HL_ERROR_HBYTES 3
+#define SSL_HL_CLIENT_HELLO_HBYTES 9
+#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10
+#define SSL_HL_CLIENT_FINISHED_HBYTES 1
+#define SSL_HL_SERVER_HELLO_HBYTES 11
+#define SSL_HL_SERVER_VERIFY_HBYTES 1
+#define SSL_HL_SERVER_FINISHED_HBYTES 1
+#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2
+#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6
/* Security handshake protocol codes */
-#define SSL_MT_ERROR 0
-#define SSL_MT_CLIENT_HELLO 1
-#define SSL_MT_CLIENT_MASTER_KEY 2
-#define SSL_MT_CLIENT_FINISHED 3
-#define SSL_MT_SERVER_HELLO 4
-#define SSL_MT_SERVER_VERIFY 5
-#define SSL_MT_SERVER_FINISHED 6
-#define SSL_MT_REQUEST_CERTIFICATE 7
-#define SSL_MT_CLIENT_CERTIFICATE 8
+#define SSL_MT_ERROR 0
+#define SSL_MT_CLIENT_HELLO 1
+#define SSL_MT_CLIENT_MASTER_KEY 2
+#define SSL_MT_CLIENT_FINISHED 3
+#define SSL_MT_SERVER_HELLO 4
+#define SSL_MT_SERVER_VERIFY 5
+#define SSL_MT_SERVER_FINISHED 6
+#define SSL_MT_REQUEST_CERTIFICATE 7
+#define SSL_MT_CLIENT_CERTIFICATE 8
/* Certificate types */
-#define SSL_CT_X509_CERTIFICATE 0x01
+#define SSL_CT_X509_CERTIFICATE 0x01
#if 0 /* XXX Not implemented yet */
-#define SSL_PKCS6_CERTIFICATE 0x02
+#define SSL_PKCS6_CERTIFICATE 0x02
#endif
-#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01
+#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01
/* Error codes */
-#define SSL_PE_NO_CYPHERS 0x0001
-#define SSL_PE_NO_CERTIFICATE 0x0002
-#define SSL_PE_BAD_CERTIFICATE 0x0004
-#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
+#define SSL_PE_NO_CYPHERS 0x0001
+#define SSL_PE_NO_CERTIFICATE 0x0002
+#define SSL_PE_BAD_CERTIFICATE 0x0004
+#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
/* Cypher kinds (not the spec version!) */
-#define SSL_CK_RC4_128_WITH_MD5 0x01
-#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02
-#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03
-#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04
-#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05
-#define SSL_CK_DES_64_CBC_WITH_MD5 0x06
-#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07
+#define SSL_CK_RC4_128_WITH_MD5 0x01
+#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02
+#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03
+#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04
+#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05
+#define SSL_CK_DES_64_CBC_WITH_MD5 0x06
+#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07
-/* Cipher enables. These are used only for SSL_EnableCipher
- * These values define the SSL2 suites, and do not colide with the
+/* Cipher enables. These are used only for SSL_EnableCipher
+ * These values define the SSL2 suites, and do not colide with the
* SSL3 Cipher suites defined below.
*/
-#define SSL_EN_RC4_128_WITH_MD5 0xFF01
-#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02
-#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03
-#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04
-#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05
-#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06
-#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07
+#define SSL_EN_RC4_128_WITH_MD5 0xFF01
+#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02
+#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03
+#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04
+#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05
+#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06
+#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07
-/* SSL v3 Cipher Suites */
-#define SSL_NULL_WITH_NULL_NULL 0x0000
+/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
+#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
+#define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL
+#define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5
+#define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA
+#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5
+#define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5
+#define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA
+#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
+#define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA
+#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA
+#define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA
+#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA
+#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA
+#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA
+#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5
+#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA
+#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
+#define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA
+#define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
+#endif
-#define SSL_RSA_WITH_NULL_MD5 0x0001
-#define SSL_RSA_WITH_NULL_SHA 0x0002
-#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
-#define SSL_RSA_WITH_RC4_128_MD5 0x0004
-#define SSL_RSA_WITH_RC4_128_SHA 0x0005
-#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
-#define SSL_RSA_WITH_IDEA_CBC_SHA 0x0007
-#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
-#define SSL_RSA_WITH_DES_CBC_SHA 0x0009
-#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
-
-#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
-#define SSL_DH_DSS_WITH_DES_CBC_SHA 0x000c
-#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
-#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
-#define SSL_DH_RSA_WITH_DES_CBC_SHA 0x000f
-#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
-
-#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
-#define SSL_DHE_DSS_WITH_DES_CBC_SHA 0x0012
-#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
-#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
-#define SSL_DHE_RSA_WITH_DES_CBC_SHA 0x0015
-#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
-
-#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 0x0017
-#define SSL_DH_ANON_WITH_RC4_128_MD5 0x0018
-#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA 0x0019
-#define SSL_DH_ANON_WITH_DES_CBC_SHA 0x001a
-#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA 0x001b
+#define TLS_NULL_WITH_NULL_NULL 0x0000
-#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */
-#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */
-#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */
+#define TLS_RSA_WITH_NULL_MD5 0x0001
+#define TLS_RSA_WITH_NULL_SHA 0x0002
+#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
+#define TLS_RSA_WITH_RC4_128_MD5 0x0004
+#define TLS_RSA_WITH_RC4_128_SHA 0x0005
+#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
+#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007
+#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
+#define TLS_RSA_WITH_DES_CBC_SHA 0x0009
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
-/* New TLS cipher suites */
-#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030
-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031
-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
-#define TLS_DH_ANON_WITH_AES_128_CBC_SHA 0x0034
+#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
+#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c
+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
+#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
+#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f
+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
-#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036
-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037
-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
-#define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A
-#define TLS_RSA_WITH_NULL_SHA256 0x003B
-#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
-#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
+#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
+#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012
+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
+#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
-#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
-#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
-#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
-#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044
-#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045
-#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA 0x0046
+#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017
+#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018
+#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019
+#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a
+#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b
+
+#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */
+#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */
+#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */
+
+#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030
+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
+#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034
+
+#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036
+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
+#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A
+#define TLS_RSA_WITH_NULL_SHA256 0x003B
+#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
+#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
+
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
+#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
+#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
+#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045
+#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046
#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062
#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064
@@ -153,14 +193,14 @@
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
-#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
-#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085
-#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086
-#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087
-#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088
-#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA 0x0089
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
+#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085
+#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086
+#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088
+#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089
-#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096
+#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
@@ -170,12 +210,12 @@
* Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending
* back an empty Renegotiation Info (RI) server hello extension.
*/
-#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
+#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
- * handshake is the result of TLS version fallback. This value is not IANA
- * assigned. */
-#define TLS_FALLBACK_SCSV 0x5600
+ * handshake is the result of TLS version fallback.
+ */
+#define TLS_FALLBACK_SCSV 0x5600
/* Cipher Suite Values starting with 0xC000 are defined in informational
* RFCs.
@@ -222,18 +262,18 @@
#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0xCC14
/* Netscape "experimental" cipher suites. */
-#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
-#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
+#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
+#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
/* New non-experimental openly spec'ed versions of those cipher suites. */
-#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff
-#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe
+#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff
+#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe
/* DTLS-SRTP cipher suites from RFC 5764 */
/* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
-#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001
-#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002
-#define SRTP_NULL_HMAC_SHA1_80 0x0005
-#define SRTP_NULL_HMAC_SHA1_32 0x0006
+#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001
+#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002
+#define SRTP_NULL_HMAC_SHA1_80 0x0005
+#define SRTP_NULL_HMAC_SHA1_32 0x0006
#endif /* __sslproto_h_ */
diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c
index e03d7f9..00ab455 100644
--- a/net/third_party/nss/ssl/sslsecur.c
+++ b/net/third_party/nss/ssl/sslsecur.c
@@ -696,11 +696,11 @@
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
keaType = kt_dh;
break;
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
keaType = kt_ecdh;
break;
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
default:
keaType = kt_null;
}
@@ -968,11 +968,9 @@
ss->sec.hashcx = NULL;
}
- SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret);
- if (os->sec.sendSecret.data && !ss->sec.sendSecret.data)
+ if (SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret))
goto loser;
- SECITEM_CopyItem(0, &ss->sec.rcvSecret, &os->sec.rcvSecret);
- if (os->sec.rcvSecret.data && !ss->sec.rcvSecret.data)
+ if (SECITEM_CopyItem(0, &ss->sec.rcvSecret, &os->sec.rcvSecret))
goto loser;
/* XXX following code is wrong if either cx != 0 */
diff --git a/net/third_party/nss/ssl/sslsnce.c b/net/third_party/nss/ssl/sslsnce.c
index 34e07b00..3279200 100644
--- a/net/third_party/nss/ssl/sslsnce.c
+++ b/net/third_party/nss/ssl/sslsnce.c
@@ -522,7 +522,6 @@
/*
** Convert shared memory cache-entry to local memory based one
** This is only called from ServerSessionIDLookup().
-** Caller must hold cache lock when calling this.
*/
static sslSessionID *
ConvertToSID(sidCacheEntry * from,
diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
index 421ba21..13634c60 100644
--- a/net/third_party/nss/ssl/sslsock.c
+++ b/net/third_party/nss/ssl/sslsock.c
@@ -1,5 +1,5 @@
/*
- * vtables (and methods that call through them) for the 4 types of
+ * vtables (and methods that call through them) for the 4 types of
* SSLSockets supported. Only one type is still supported.
* Various other functions.
*
@@ -28,7 +28,7 @@
#define SET_ERROR_CODE /* reminder */
-static const sslSocketOps ssl_default_ops = { /* No SSL. */
+static const sslSocketOps ssl_default_ops = { /* No SSL. */
ssl_DefConnect,
NULL,
ssl_DefBind,
@@ -43,7 +43,7 @@
ssl_DefGetsockname
};
-static const sslSocketOps ssl_secure_ops = { /* SSL. */
+static const sslSocketOps ssl_secure_ops = { /* SSL. */
ssl_SecureConnect,
NULL,
ssl_DefBind,
@@ -63,19 +63,19 @@
*/
static sslOptions ssl_defaults = {
{ siBuffer, NULL, 0 }, /* nextProtoNego */
- PR_TRUE, /* useSecurity */
- PR_FALSE, /* useSocks */
- PR_FALSE, /* requestCertificate */
- 2, /* requireCertificate */
- PR_FALSE, /* handshakeAsClient */
- PR_FALSE, /* handshakeAsServer */
- PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
- PR_FALSE, /* unusedBit9 */
- PR_FALSE, /* unusedBit10 */
- PR_FALSE, /* noCache */
- PR_FALSE, /* fdx */
- PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
- PR_TRUE, /* detectRollBack */
+ PR_TRUE, /* useSecurity */
+ PR_FALSE, /* useSocks */
+ PR_FALSE, /* requestCertificate */
+ 2, /* requireCertificate */
+ PR_FALSE, /* handshakeAsClient */
+ PR_FALSE, /* handshakeAsServer */
+ PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
+ PR_FALSE, /* unusedBit9 */
+ PR_FALSE, /* unusedBit10 */
+ PR_FALSE, /* noCache */
+ PR_FALSE, /* fdx */
+ PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
+ PR_TRUE, /* detectRollBack */
PR_FALSE, /* noStepDown */
PR_FALSE, /* bypassPKCS11 */
PR_FALSE, /* noLocks */
@@ -88,8 +88,9 @@
PR_FALSE, /* enableOCSPStapling */
PR_TRUE, /* enableNPN */
PR_FALSE, /* enableALPN */
+ PR_TRUE, /* reuseServerECDHEKey */
+ PR_FALSE, /* enableFallbackSCSV */
PR_FALSE, /* enableSignedCertTimestamps */
- PR_FALSE /* enableFallbackSCSV */
};
/*
@@ -97,12 +98,12 @@
*/
static SSLVersionRange versions_defaults_stream = {
SSL_LIBRARY_VERSION_3_0,
- SSL_LIBRARY_VERSION_TLS_1_0
+ SSL_LIBRARY_VERSION_TLS_1_2
};
static SSLVersionRange versions_defaults_datagram = {
SSL_LIBRARY_VERSION_TLS_1_1,
- SSL_LIBRARY_VERSION_TLS_1_1
+ SSL_LIBRARY_VERSION_TLS_1_2
};
#define VERSIONS_DEFAULTS(variant) \
@@ -116,9 +117,9 @@
static PRBool ssl_inited = PR_FALSE;
static PRDescIdentity ssl_layer_id;
-PRBool locksEverDisabled; /* implicitly PR_FALSE */
-PRBool ssl_force_locks; /* implicitly PR_FALSE */
-int ssl_lock_readers = 1; /* default true. */
+PRBool locksEverDisabled; /* implicitly PR_FALSE */
+PRBool ssl_force_locks; /* implicitly PR_FALSE */
+int ssl_lock_readers = 1; /* default true. */
char ssl_debug;
char ssl_trace;
FILE * ssl_trace_iob;
@@ -137,7 +138,7 @@
static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
static SECStatus ssl_MakeLocks(sslSocket *ss);
static void ssl_SetDefaultsFromEnvironment(void);
-static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
+static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
PRDescIdentity id);
/************************************************************************/
@@ -158,18 +159,23 @@
if (fd->methods->file_type != PR_DESC_LAYERED ||
fd->identity != ssl_layer_id) {
- PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
- return NULL;
+ PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
+ return NULL;
}
ss = (sslSocket *)fd->secret;
+ /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
+ * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
+ * contents of the PRFileDesc pointed by ss->fd and the new layer.
+ * See bug 807250.
+ */
ss->fd = fd;
return ss;
}
-/* This function tries to find the SSL layer in the stack.
+/* This function tries to find the SSL layer in the stack.
* It searches for the first SSL layer at or below the argument fd,
- * and failing that, it searches for the nearest SSL layer above the
+ * and failing that, it searches for the nearest SSL layer above the
* argument fd. It returns the private sslSocket from the found layer.
*/
sslSocket *
@@ -183,11 +189,16 @@
layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
if (layer == NULL) {
- PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
- return NULL;
+ PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
+ return NULL;
}
ss = (sslSocket *)layer->secret;
+ /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
+ * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
+ * contents of the PRFileDesc pointed by ss->fd and the new layer.
+ * See bug 807250.
+ */
ss->fd = layer;
return ss;
}
@@ -200,100 +211,100 @@
ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
if (ss) {
- ss->opt = os->opt;
- ss->opt.useSocks = PR_FALSE;
- ss->vrange = os->vrange;
+ ss->opt = os->opt;
+ ss->opt.useSocks = PR_FALSE;
+ ss->vrange = os->vrange;
- ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
- ss->url = !os->url ? NULL : PORT_Strdup(os->url);
+ ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
+ ss->url = !os->url ? NULL : PORT_Strdup(os->url);
- ss->ops = os->ops;
- ss->rTimeout = os->rTimeout;
- ss->wTimeout = os->wTimeout;
- ss->cTimeout = os->cTimeout;
- ss->dbHandle = os->dbHandle;
+ ss->ops = os->ops;
+ ss->rTimeout = os->rTimeout;
+ ss->wTimeout = os->wTimeout;
+ ss->cTimeout = os->cTimeout;
+ ss->dbHandle = os->dbHandle;
- /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
- ss->allowedByPolicy = os->allowedByPolicy;
- ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
- ss->chosenPreference = os->chosenPreference;
- PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
- PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
- sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
- ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
+ /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
+ ss->allowedByPolicy = os->allowedByPolicy;
+ ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
+ ss->chosenPreference = os->chosenPreference;
+ PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
+ PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
+ sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
+ ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
- if (os->cipherSpecs) {
- ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
- if (ss->cipherSpecs)
- PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
- os->sizeCipherSpecs);
- ss->sizeCipherSpecs = os->sizeCipherSpecs;
- ss->preferredCipher = os->preferredCipher;
- } else {
- ss->cipherSpecs = NULL; /* produced lazily */
- ss->sizeCipherSpecs = 0;
- ss->preferredCipher = NULL;
- }
- if (ss->opt.useSecurity) {
- /* This int should be SSLKEAType, but CC on Irix complains,
- * during the for loop.
- */
- int i;
- sslServerCerts * oc = os->serverCerts;
- sslServerCerts * sc = ss->serverCerts;
-
- for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
- if (oc->serverCert && oc->serverCertChain) {
- sc->serverCert = CERT_DupCertificate(oc->serverCert);
- sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
- if (!sc->serverCertChain)
- goto loser;
- } else {
- sc->serverCert = NULL;
- sc->serverCertChain = NULL;
- }
- sc->serverKeyPair = oc->serverKeyPair ?
- ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
- if (oc->serverKeyPair && !sc->serverKeyPair)
- goto loser;
- sc->serverKeyBits = oc->serverKeyBits;
- ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
- SECITEM_DupArray(NULL, os->certStatusArray[i]);
- }
- ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
- ssl3_GetKeyPairRef(os->stepDownKeyPair);
- ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
- ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
+ if (os->cipherSpecs) {
+ ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
+ if (ss->cipherSpecs)
+ PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
+ os->sizeCipherSpecs);
+ ss->sizeCipherSpecs = os->sizeCipherSpecs;
+ ss->preferredCipher = os->preferredCipher;
+ } else {
+ ss->cipherSpecs = NULL; /* produced lazily */
+ ss->sizeCipherSpecs = 0;
+ ss->preferredCipher = NULL;
+ }
+ if (ss->opt.useSecurity) {
+ /* This int should be SSLKEAType, but CC on Irix complains,
+ * during the for loop.
+ */
+ int i;
+ sslServerCerts * oc = os->serverCerts;
+ sslServerCerts * sc = ss->serverCerts;
+
+ for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
+ if (oc->serverCert && oc->serverCertChain) {
+ sc->serverCert = CERT_DupCertificate(oc->serverCert);
+ sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
+ if (!sc->serverCertChain)
+ goto loser;
+ } else {
+ sc->serverCert = NULL;
+ sc->serverCertChain = NULL;
+ }
+ sc->serverKeyPair = oc->serverKeyPair ?
+ ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
+ if (oc->serverKeyPair && !sc->serverKeyPair)
+ goto loser;
+ sc->serverKeyBits = oc->serverKeyBits;
+ ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
+ SECITEM_DupArray(NULL, os->certStatusArray[i]);
+ }
+ ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
+ ssl3_GetKeyPairRef(os->stepDownKeyPair);
+ ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
+ ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
/*
* XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
* XXX We should detect this, and not just march on with NULL pointers.
*/
- ss->authCertificate = os->authCertificate;
- ss->authCertificateArg = os->authCertificateArg;
- ss->getClientAuthData = os->getClientAuthData;
- ss->getClientAuthDataArg = os->getClientAuthDataArg;
+ ss->authCertificate = os->authCertificate;
+ ss->authCertificateArg = os->authCertificateArg;
+ ss->getClientAuthData = os->getClientAuthData;
+ ss->getClientAuthDataArg = os->getClientAuthDataArg;
#ifdef NSS_PLATFORM_CLIENT_AUTH
- ss->getPlatformClientAuthData = os->getPlatformClientAuthData;
- ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
+ ss->getPlatformClientAuthData = os->getPlatformClientAuthData;
+ ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
#endif
ss->sniSocketConfig = os->sniSocketConfig;
ss->sniSocketConfigArg = os->sniSocketConfigArg;
- ss->handleBadCert = os->handleBadCert;
- ss->badCertArg = os->badCertArg;
- ss->handshakeCallback = os->handshakeCallback;
- ss->handshakeCallbackData = os->handshakeCallbackData;
- ss->canFalseStartCallback = os->canFalseStartCallback;
- ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
- ss->pkcs11PinArg = os->pkcs11PinArg;
- ss->getChannelID = os->getChannelID;
- ss->getChannelIDArg = os->getChannelIDArg;
-
- /* Create security data */
- rv = ssl_CopySecurityInfo(ss, os);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
+ ss->handleBadCert = os->handleBadCert;
+ ss->badCertArg = os->badCertArg;
+ ss->handshakeCallback = os->handshakeCallback;
+ ss->handshakeCallbackData = os->handshakeCallbackData;
+ ss->canFalseStartCallback = os->canFalseStartCallback;
+ ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
+ ss->pkcs11PinArg = os->pkcs11PinArg;
+ ss->getChannelID = os->getChannelID;
+ ss->getChannelIDArg = os->getChannelIDArg;
+
+ /* Create security data */
+ rv = ssl_CopySecurityInfo(ss, os);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ }
}
return ss;
@@ -307,33 +318,33 @@
{
/* Destroy locks. */
if (ss->firstHandshakeLock) {
- PZ_DestroyMonitor(ss->firstHandshakeLock);
- ss->firstHandshakeLock = NULL;
+ PZ_DestroyMonitor(ss->firstHandshakeLock);
+ ss->firstHandshakeLock = NULL;
}
if (ss->ssl3HandshakeLock) {
- PZ_DestroyMonitor(ss->ssl3HandshakeLock);
- ss->ssl3HandshakeLock = NULL;
+ PZ_DestroyMonitor(ss->ssl3HandshakeLock);
+ ss->ssl3HandshakeLock = NULL;
}
if (ss->specLock) {
- NSSRWLock_Destroy(ss->specLock);
- ss->specLock = NULL;
+ NSSRWLock_Destroy(ss->specLock);
+ ss->specLock = NULL;
}
if (ss->recvLock) {
- PZ_DestroyLock(ss->recvLock);
- ss->recvLock = NULL;
+ PZ_DestroyLock(ss->recvLock);
+ ss->recvLock = NULL;
}
if (ss->sendLock) {
- PZ_DestroyLock(ss->sendLock);
- ss->sendLock = NULL;
+ PZ_DestroyLock(ss->sendLock);
+ ss->sendLock = NULL;
}
if (ss->xmitBufLock) {
- PZ_DestroyMonitor(ss->xmitBufLock);
- ss->xmitBufLock = NULL;
+ PZ_DestroyMonitor(ss->xmitBufLock);
+ ss->xmitBufLock = NULL;
}
if (ss->recvBufLock) {
- PZ_DestroyMonitor(ss->recvBufLock);
- ss->recvBufLock = NULL;
+ PZ_DestroyMonitor(ss->recvBufLock);
+ ss->recvBufLock = NULL;
}
}
@@ -356,36 +367,36 @@
ssl_DestroyGather(&ss->gs);
if (ss->peerID != NULL)
- PORT_Free(ss->peerID);
+ PORT_Free(ss->peerID);
if (ss->url != NULL)
- PORT_Free((void *)ss->url); /* CONST */
+ PORT_Free((void *)ss->url); /* CONST */
if (ss->cipherSpecs) {
- PORT_Free(ss->cipherSpecs);
- ss->cipherSpecs = NULL;
- ss->sizeCipherSpecs = 0;
+ PORT_Free(ss->cipherSpecs);
+ ss->cipherSpecs = NULL;
+ ss->sizeCipherSpecs = 0;
}
/* Clean up server configuration */
for (i=kt_null; i < kt_kea_size; i++) {
- sslServerCerts * sc = ss->serverCerts + i;
- if (sc->serverCert != NULL)
- CERT_DestroyCertificate(sc->serverCert);
- if (sc->serverCertChain != NULL)
- CERT_DestroyCertificateList(sc->serverCertChain);
- if (sc->serverKeyPair != NULL)
- ssl3_FreeKeyPair(sc->serverKeyPair);
- if (ss->certStatusArray[i] != NULL) {
- SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
- ss->certStatusArray[i] = NULL;
- }
+ sslServerCerts * sc = ss->serverCerts + i;
+ if (sc->serverCert != NULL)
+ CERT_DestroyCertificate(sc->serverCert);
+ if (sc->serverCertChain != NULL)
+ CERT_DestroyCertificateList(sc->serverCertChain);
+ if (sc->serverKeyPair != NULL)
+ ssl3_FreeKeyPair(sc->serverKeyPair);
+ if (ss->certStatusArray[i] != NULL) {
+ SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
+ ss->certStatusArray[i] = NULL;
+ }
}
if (ss->stepDownKeyPair) {
- ssl3_FreeKeyPair(ss->stepDownKeyPair);
- ss->stepDownKeyPair = NULL;
+ ssl3_FreeKeyPair(ss->stepDownKeyPair);
+ ss->stepDownKeyPair = NULL;
}
if (ss->ephemeralECDHKeyPair) {
- ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
- ss->ephemeralECDHKeyPair = NULL;
+ ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
+ ss->ephemeralECDHKeyPair = NULL;
}
SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
PORT_Assert(!ss->xtnData.sniNameArr);
@@ -433,7 +444,7 @@
}
/************************************************************************/
-SECStatus
+SECStatus
ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
{
PRFileDesc * osfd = ss->fd->lower;
@@ -511,26 +522,26 @@
ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
{
if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
- if (on) {
- vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
- vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
- } /* else don't change anything */
- return;
+ if (on) {
+ vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
+ vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
+ } /* else don't change anything */
+ return;
}
if (on) {
- /* Expand the range of enabled version to include TLS 1.0 */
- vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
- vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
+ /* Expand the range of enabled version to include TLS 1.0 */
+ vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
+ vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
} else {
- /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
- if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
- vrange->max = SSL_LIBRARY_VERSION_3_0;
- } else {
- /* Only TLS was enabled, so now no versions are. */
- vrange->min = SSL_LIBRARY_VERSION_NONE;
- vrange->max = SSL_LIBRARY_VERSION_NONE;
- }
+ /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
+ if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
+ vrange->max = SSL_LIBRARY_VERSION_3_0;
+ } else {
+ /* Only TLS was enabled, so now no versions are. */
+ vrange->min = SSL_LIBRARY_VERSION_NONE;
+ vrange->max = SSL_LIBRARY_VERSION_NONE;
+ }
}
}
@@ -541,28 +552,28 @@
ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
{
if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
- if (on) {
- vrange->min = SSL_LIBRARY_VERSION_3_0;
- vrange->max = SSL_LIBRARY_VERSION_3_0;
- } /* else don't change anything */
- return;
+ if (on) {
+ vrange->min = SSL_LIBRARY_VERSION_3_0;
+ vrange->max = SSL_LIBRARY_VERSION_3_0;
+ } /* else don't change anything */
+ return;
}
if (on) {
- /* Expand the range of enabled versions to include SSL 3.0. We know
- * SSL 3.0 or some version of TLS is already enabled at this point, so
- * we don't need to change vrange->max.
- */
- vrange->min = SSL_LIBRARY_VERSION_3_0;
+ /* Expand the range of enabled versions to include SSL 3.0. We know
+ * SSL 3.0 or some version of TLS is already enabled at this point, so
+ * we don't need to change vrange->max.
+ */
+ vrange->min = SSL_LIBRARY_VERSION_3_0;
} else {
- /* Disable SSL 3.0, leaving TLS unaffected. */
- if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
- vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
- } else {
- /* Only SSL 3.0 was enabled, so now no versions are. */
- vrange->min = SSL_LIBRARY_VERSION_NONE;
- vrange->max = SSL_LIBRARY_VERSION_NONE;
- }
+ /* Disable SSL 3.0, leaving TLS unaffected. */
+ if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
+ vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
+ } else {
+ /* Only SSL 3.0 was enabled, so now no versions are. */
+ vrange->min = SSL_LIBRARY_VERSION_NONE;
+ vrange->max = SSL_LIBRARY_VERSION_NONE;
+ }
}
}
@@ -574,8 +585,8 @@
PRBool holdingLocks;
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
+ return SECFailure;
}
holdingLocks = (!ss->opt.noLocks);
@@ -584,140 +595,140 @@
switch (which) {
case SSL_SOCKS:
- ss->opt.useSocks = PR_FALSE;
- rv = PrepareSocket(ss);
- if (on) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
- break;
+ ss->opt.useSocks = PR_FALSE;
+ rv = PrepareSocket(ss);
+ if (on) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
+ }
+ break;
case SSL_SECURITY:
- ss->opt.useSecurity = on;
- rv = PrepareSocket(ss);
- break;
+ ss->opt.useSecurity = on;
+ rv = PrepareSocket(ss);
+ break;
case SSL_REQUEST_CERTIFICATE:
- ss->opt.requestCertificate = on;
- break;
+ ss->opt.requestCertificate = on;
+ break;
case SSL_REQUIRE_CERTIFICATE:
- ss->opt.requireCertificate = on;
- break;
+ ss->opt.requireCertificate = on;
+ break;
case SSL_HANDSHAKE_AS_CLIENT:
- if ( ss->opt.handshakeAsServer && on ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- break;
- }
- ss->opt.handshakeAsClient = on;
- break;
+ if ( ss->opt.handshakeAsServer && on ) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
+ break;
+ }
+ ss->opt.handshakeAsClient = on;
+ break;
case SSL_HANDSHAKE_AS_SERVER:
- if ( ss->opt.handshakeAsClient && on ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- break;
- }
- ss->opt.handshakeAsServer = on;
- break;
+ if ( ss->opt.handshakeAsClient && on ) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
+ break;
+ }
+ ss->opt.handshakeAsServer = on;
+ break;
case SSL_ENABLE_TLS:
if (IS_DTLS(ss)) {
- if (on) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure; /* not allowed */
- }
- break;
- }
- ssl_EnableTLS(&ss->vrange, on);
- ss->preferredCipher = NULL;
- if (ss->cipherSpecs) {
- PORT_Free(ss->cipherSpecs);
- ss->cipherSpecs = NULL;
- ss->sizeCipherSpecs = 0;
- }
- break;
+ if (on) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure; /* not allowed */
+ }
+ break;
+ }
+ ssl_EnableTLS(&ss->vrange, on);
+ ss->preferredCipher = NULL;
+ if (ss->cipherSpecs) {
+ PORT_Free(ss->cipherSpecs);
+ ss->cipherSpecs = NULL;
+ ss->sizeCipherSpecs = 0;
+ }
+ break;
case SSL_ENABLE_SSL3:
if (IS_DTLS(ss)) {
- if (on) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure; /* not allowed */
- }
- break;
- }
- ssl_EnableSSL3(&ss->vrange, on);
- ss->preferredCipher = NULL;
- if (ss->cipherSpecs) {
- PORT_Free(ss->cipherSpecs);
- ss->cipherSpecs = NULL;
- ss->sizeCipherSpecs = 0;
- }
- break;
+ if (on) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure; /* not allowed */
+ }
+ break;
+ }
+ ssl_EnableSSL3(&ss->vrange, on);
+ ss->preferredCipher = NULL;
+ if (ss->cipherSpecs) {
+ PORT_Free(ss->cipherSpecs);
+ ss->cipherSpecs = NULL;
+ ss->sizeCipherSpecs = 0;
+ }
+ break;
case SSL_ENABLE_SSL2:
if (IS_DTLS(ss)) {
- if (on) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure; /* not allowed */
- }
- break;
- }
- ss->opt.enableSSL2 = on;
- if (on) {
- ss->opt.v2CompatibleHello = on;
- }
- ss->preferredCipher = NULL;
- if (ss->cipherSpecs) {
- PORT_Free(ss->cipherSpecs);
- ss->cipherSpecs = NULL;
- ss->sizeCipherSpecs = 0;
- }
- break;
+ if (on) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure; /* not allowed */
+ }
+ break;
+ }
+ ss->opt.enableSSL2 = on;
+ if (on) {
+ ss->opt.v2CompatibleHello = on;
+ }
+ ss->preferredCipher = NULL;
+ if (ss->cipherSpecs) {
+ PORT_Free(ss->cipherSpecs);
+ ss->cipherSpecs = NULL;
+ ss->sizeCipherSpecs = 0;
+ }
+ break;
case SSL_NO_CACHE:
- ss->opt.noCache = on;
- break;
+ ss->opt.noCache = on;
+ break;
case SSL_ENABLE_FDX:
- if (on && ss->opt.noLocks) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
- ss->opt.fdx = on;
- break;
+ if (on && ss->opt.noLocks) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
+ }
+ ss->opt.fdx = on;
+ break;
case SSL_V2_COMPATIBLE_HELLO:
if (IS_DTLS(ss)) {
- if (on) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure; /* not allowed */
- }
- break;
- }
- ss->opt.v2CompatibleHello = on;
- if (!on) {
- ss->opt.enableSSL2 = on;
- }
- break;
-
- case SSL_ROLLBACK_DETECTION:
- ss->opt.detectRollBack = on;
+ if (on) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure; /* not allowed */
+ }
+ break;
+ }
+ ss->opt.v2CompatibleHello = on;
+ if (!on) {
+ ss->opt.enableSSL2 = on;
+ }
break;
- case SSL_NO_STEP_DOWN:
- ss->opt.noStepDown = on;
- if (on)
- SSL_DisableExportCipherSuites(fd);
- break;
+ case SSL_ROLLBACK_DETECTION:
+ ss->opt.detectRollBack = on;
+ break;
+
+ case SSL_NO_STEP_DOWN:
+ ss->opt.noStepDown = on;
+ if (on)
+ SSL_DisableExportCipherSuites(fd);
+ break;
case SSL_BYPASS_PKCS11:
- if (ss->handshakeBegun) {
- PORT_SetError(PR_INVALID_STATE_ERROR);
- rv = SECFailure;
- } else {
+ if (ss->handshakeBegun) {
+ PORT_SetError(PR_INVALID_STATE_ERROR);
+ rv = SECFailure;
+ } else {
if (PR_FALSE != on) {
if (PR_SUCCESS == SSL_BypassSetup() ) {
#ifdef NO_PKCS11_BYPASS
@@ -731,75 +742,79 @@
} else {
ss->opt.bypassPKCS11 = PR_FALSE;
}
- }
- break;
+ }
+ break;
case SSL_NO_LOCKS:
- if (on && ss->opt.fdx) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
- if (on && ssl_force_locks)
- on = PR_FALSE; /* silent override */
- ss->opt.noLocks = on;
- if (on) {
- locksEverDisabled = PR_TRUE;
- strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
- } else if (!holdingLocks) {
- rv = ssl_MakeLocks(ss);
- if (rv != SECSuccess) {
- ss->opt.noLocks = PR_TRUE;
- }
- }
- break;
+ if (on && ss->opt.fdx) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
+ }
+ if (on && ssl_force_locks)
+ on = PR_FALSE; /* silent override */
+ ss->opt.noLocks = on;
+ if (on) {
+ locksEverDisabled = PR_TRUE;
+ strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
+ } else if (!holdingLocks) {
+ rv = ssl_MakeLocks(ss);
+ if (rv != SECSuccess) {
+ ss->opt.noLocks = PR_TRUE;
+ }
+ }
+ break;
case SSL_ENABLE_SESSION_TICKETS:
- ss->opt.enableSessionTickets = on;
- break;
+ ss->opt.enableSessionTickets = on;
+ break;
case SSL_ENABLE_DEFLATE:
- ss->opt.enableDeflate = on;
- break;
+ ss->opt.enableDeflate = on;
+ break;
case SSL_ENABLE_RENEGOTIATION:
- ss->opt.enableRenegotiation = on;
- break;
+ ss->opt.enableRenegotiation = on;
+ break;
case SSL_REQUIRE_SAFE_NEGOTIATION:
- ss->opt.requireSafeNegotiation = on;
- break;
+ ss->opt.requireSafeNegotiation = on;
+ break;
case SSL_ENABLE_FALSE_START:
- ss->opt.enableFalseStart = on;
- break;
+ ss->opt.enableFalseStart = on;
+ break;
case SSL_CBC_RANDOM_IV:
- ss->opt.cbcRandomIV = on;
- break;
+ ss->opt.cbcRandomIV = on;
+ break;
case SSL_ENABLE_OCSP_STAPLING:
ss->opt.enableOCSPStapling = on;
break;
case SSL_ENABLE_NPN:
- ss->opt.enableNPN = on;
- break;
+ ss->opt.enableNPN = on;
+ break;
case SSL_ENABLE_ALPN:
- ss->opt.enableALPN = on;
- break;
+ ss->opt.enableALPN = on;
+ break;
- case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
- ss->opt.enableSignedCertTimestamps = on;
- break;
+ case SSL_REUSE_SERVER_ECDHE_KEY:
+ ss->opt.reuseServerECDHEKey = on;
+ break;
case SSL_ENABLE_FALLBACK_SCSV:
- ss->opt.enableFallbackSCSV = on;
- break;
+ ss->opt.enableFallbackSCSV = on;
+ break;
+
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+ ss->opt.enableSignedCertTimestamps = on;
+ break;
default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
}
/* We can't use the macros for releasing the locks here,
@@ -808,8 +823,8 @@
* regardless of the current value of ss->opt.noLocks.
*/
if (holdingLocks) {
- PZ_ExitMonitor((ss)->ssl3HandshakeLock);
- PZ_ExitMonitor((ss)->firstHandshakeLock);
+ PZ_ExitMonitor((ss)->ssl3HandshakeLock);
+ PZ_ExitMonitor((ss)->firstHandshakeLock);
}
return rv;
@@ -823,13 +838,13 @@
PRBool on = PR_FALSE;
if (!pOn) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
- *pOn = PR_FALSE;
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
+ *pOn = PR_FALSE;
+ return SECFailure;
}
ssl_Get1stHandshakeLock(ss);
@@ -843,11 +858,11 @@
case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break;
case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break;
case SSL_ENABLE_TLS:
- on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
- break;
+ on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+ break;
case SSL_ENABLE_SSL3:
- on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
- break;
+ on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
+ break;
case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break;
case SSL_NO_CACHE: on = ss->opt.noCache; break;
case SSL_ENABLE_FDX: on = ss->opt.fdx; break;
@@ -857,26 +872,28 @@
case SSL_BYPASS_PKCS11: on = ss->opt.bypassPKCS11; break;
case SSL_NO_LOCKS: on = ss->opt.noLocks; break;
case SSL_ENABLE_SESSION_TICKETS:
- on = ss->opt.enableSessionTickets;
- break;
+ on = ss->opt.enableSessionTickets;
+ break;
case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break;
- case SSL_ENABLE_RENEGOTIATION:
+ case SSL_ENABLE_RENEGOTIATION:
on = ss->opt.enableRenegotiation; break;
- case SSL_REQUIRE_SAFE_NEGOTIATION:
+ case SSL_REQUIRE_SAFE_NEGOTIATION:
on = ss->opt.requireSafeNegotiation; break;
case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break;
case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;
- case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
- on = ss->opt.enableSignedCertTimestamps;
- break;
+ case SSL_REUSE_SERVER_ECDHE_KEY:
+ on = ss->opt.reuseServerECDHEKey; break;
case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+ on = ss->opt.enableSignedCertTimestamps;
+ break;
default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
}
ssl_ReleaseSSL3HandshakeLock(ss);
@@ -893,8 +910,8 @@
PRBool on = PR_FALSE;
if (!pOn) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
ssl_SetDefaultsFromEnvironment();
@@ -907,13 +924,13 @@
case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break;
case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break;
case SSL_ENABLE_TLS:
- on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
- break;
+ on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+ break;
case SSL_ENABLE_SSL3:
- on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
- break;
+ on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
+ break;
case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break;
- case SSL_NO_CACHE: on = ssl_defaults.noCache; break;
+ case SSL_NO_CACHE: on = ssl_defaults.noCache; break;
case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break;
case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break;
case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break;
@@ -921,14 +938,14 @@
case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break;
case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break;
case SSL_ENABLE_SESSION_TICKETS:
- on = ssl_defaults.enableSessionTickets;
- break;
+ on = ssl_defaults.enableSessionTickets;
+ break;
case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break;
- case SSL_ENABLE_RENEGOTIATION:
+ case SSL_ENABLE_RENEGOTIATION:
on = ssl_defaults.enableRenegotiation; break;
- case SSL_REQUIRE_SAFE_NEGOTIATION:
- on = ssl_defaults.requireSafeNegotiation;
- break;
+ case SSL_REQUIRE_SAFE_NEGOTIATION:
+ on = ssl_defaults.requireSafeNegotiation;
+ break;
case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break;
case SSL_ENABLE_OCSP_STAPLING:
@@ -936,16 +953,19 @@
break;
case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break;
case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break;
- case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
- on = ssl_defaults.enableSignedCertTimestamps;
- break;
+ case SSL_REUSE_SERVER_ECDHE_KEY:
+ on = ssl_defaults.reuseServerECDHEKey;
+ break;
case SSL_ENABLE_FALLBACK_SCSV:
- on = ssl_defaults.enableFallbackSCSV;
- break;
+ on = ssl_defaults.enableFallbackSCSV;
+ break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+ on = ssl_defaults.enableSignedCertTimestamps;
+ break;
default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
}
*pOn = on;
@@ -965,91 +985,91 @@
SECStatus status = ssl_Init();
if (status != SECSuccess) {
- return status;
+ return status;
}
ssl_SetDefaultsFromEnvironment();
switch (which) {
case SSL_SOCKS:
- ssl_defaults.useSocks = PR_FALSE;
- if (on) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- break;
+ ssl_defaults.useSocks = PR_FALSE;
+ if (on) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ break;
case SSL_SECURITY:
- ssl_defaults.useSecurity = on;
- break;
+ ssl_defaults.useSecurity = on;
+ break;
case SSL_REQUEST_CERTIFICATE:
- ssl_defaults.requestCertificate = on;
- break;
+ ssl_defaults.requestCertificate = on;
+ break;
case SSL_REQUIRE_CERTIFICATE:
- ssl_defaults.requireCertificate = on;
- break;
+ ssl_defaults.requireCertificate = on;
+ break;
case SSL_HANDSHAKE_AS_CLIENT:
- if ( ssl_defaults.handshakeAsServer && on ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- ssl_defaults.handshakeAsClient = on;
- break;
+ if ( ssl_defaults.handshakeAsServer && on ) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ ssl_defaults.handshakeAsClient = on;
+ break;
case SSL_HANDSHAKE_AS_SERVER:
- if ( ssl_defaults.handshakeAsClient && on ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- ssl_defaults.handshakeAsServer = on;
- break;
+ if ( ssl_defaults.handshakeAsClient && on ) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ ssl_defaults.handshakeAsServer = on;
+ break;
case SSL_ENABLE_TLS:
- ssl_EnableTLS(&versions_defaults_stream, on);
- break;
+ ssl_EnableTLS(&versions_defaults_stream, on);
+ break;
case SSL_ENABLE_SSL3:
- ssl_EnableSSL3(&versions_defaults_stream, on);
- break;
+ ssl_EnableSSL3(&versions_defaults_stream, on);
+ break;
case SSL_ENABLE_SSL2:
- ssl_defaults.enableSSL2 = on;
- if (on) {
- ssl_defaults.v2CompatibleHello = on;
- }
- break;
+ ssl_defaults.enableSSL2 = on;
+ if (on) {
+ ssl_defaults.v2CompatibleHello = on;
+ }
+ break;
case SSL_NO_CACHE:
- ssl_defaults.noCache = on;
- break;
+ ssl_defaults.noCache = on;
+ break;
case SSL_ENABLE_FDX:
- if (on && ssl_defaults.noLocks) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- ssl_defaults.fdx = on;
- break;
+ if (on && ssl_defaults.noLocks) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ ssl_defaults.fdx = on;
+ break;
case SSL_V2_COMPATIBLE_HELLO:
- ssl_defaults.v2CompatibleHello = on;
- if (!on) {
- ssl_defaults.enableSSL2 = on;
- }
- break;
+ ssl_defaults.v2CompatibleHello = on;
+ if (!on) {
+ ssl_defaults.enableSSL2 = on;
+ }
+ break;
- case SSL_ROLLBACK_DETECTION:
- ssl_defaults.detectRollBack = on;
- break;
+ case SSL_ROLLBACK_DETECTION:
+ ssl_defaults.detectRollBack = on;
+ break;
- case SSL_NO_STEP_DOWN:
- ssl_defaults.noStepDown = on;
- if (on)
- SSL_DisableDefaultExportCipherSuites();
- break;
+ case SSL_NO_STEP_DOWN:
+ ssl_defaults.noStepDown = on;
+ if (on)
+ SSL_DisableDefaultExportCipherSuites();
+ break;
case SSL_BYPASS_PKCS11:
if (PR_FALSE != on) {
@@ -1065,84 +1085,88 @@
} else {
ssl_defaults.bypassPKCS11 = PR_FALSE;
}
- break;
+ break;
case SSL_NO_LOCKS:
- if (on && ssl_defaults.fdx) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if (on && ssl_force_locks)
- on = PR_FALSE; /* silent override */
- ssl_defaults.noLocks = on;
- if (on) {
- locksEverDisabled = PR_TRUE;
- strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
- }
- break;
+ if (on && ssl_defaults.fdx) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ if (on && ssl_force_locks)
+ on = PR_FALSE; /* silent override */
+ ssl_defaults.noLocks = on;
+ if (on) {
+ locksEverDisabled = PR_TRUE;
+ strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
+ }
+ break;
case SSL_ENABLE_SESSION_TICKETS:
- ssl_defaults.enableSessionTickets = on;
- break;
+ ssl_defaults.enableSessionTickets = on;
+ break;
case SSL_ENABLE_DEFLATE:
- ssl_defaults.enableDeflate = on;
- break;
+ ssl_defaults.enableDeflate = on;
+ break;
case SSL_ENABLE_RENEGOTIATION:
- ssl_defaults.enableRenegotiation = on;
- break;
+ ssl_defaults.enableRenegotiation = on;
+ break;
case SSL_REQUIRE_SAFE_NEGOTIATION:
- ssl_defaults.requireSafeNegotiation = on;
- break;
+ ssl_defaults.requireSafeNegotiation = on;
+ break;
case SSL_ENABLE_FALSE_START:
- ssl_defaults.enableFalseStart = on;
- break;
+ ssl_defaults.enableFalseStart = on;
+ break;
case SSL_CBC_RANDOM_IV:
- ssl_defaults.cbcRandomIV = on;
- break;
+ ssl_defaults.cbcRandomIV = on;
+ break;
case SSL_ENABLE_OCSP_STAPLING:
ssl_defaults.enableOCSPStapling = on;
break;
case SSL_ENABLE_NPN:
- ssl_defaults.enableNPN = on;
- break;
+ ssl_defaults.enableNPN = on;
+ break;
case SSL_ENABLE_ALPN:
- ssl_defaults.enableALPN = on;
- break;
+ ssl_defaults.enableALPN = on;
+ break;
- case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
- ssl_defaults.enableSignedCertTimestamps = on;
- break;
+ case SSL_REUSE_SERVER_ECDHE_KEY:
+ ssl_defaults.reuseServerECDHEKey = on;
+ break;
case SSL_ENABLE_FALLBACK_SCSV:
- ssl_defaults.enableFallbackSCSV = on;
- break;
+ ssl_defaults.enableFallbackSCSV = on;
+ break;
+
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+ ssl_defaults.enableSignedCertTimestamps = on;
+ break;
default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
return SECSuccess;
}
/* function tells us if the cipher suite is one that we no longer support. */
-static PRBool
+static PRBool
ssl_IsRemovedCipherSuite(PRInt32 suite)
{
switch (suite) {
case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
- return PR_TRUE;
+ return PR_TRUE;
default:
- return PR_FALSE;
+ return PR_FALSE;
}
}
@@ -1154,14 +1178,14 @@
SSL_SetPolicy(long which, int policy)
{
if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
- /* one of the two old FIPS ciphers */
- if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
- which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
- else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
- which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
+ /* one of the two old FIPS ciphers */
+ if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
+ which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
+ else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
+ which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
}
if (ssl_IsRemovedCipherSuite(which))
- return SECSuccess;
+ return SECSuccess;
return SSL_CipherPolicySet(which, policy);
}
@@ -1171,15 +1195,15 @@
SECStatus rv = ssl_Init();
if (rv != SECSuccess) {
- return rv;
+ return rv;
}
if (ssl_IsRemovedCipherSuite(which)) {
- rv = SECSuccess;
+ rv = SECSuccess;
} else if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_SetPolicy(which, policy);
+ rv = ssl2_SetPolicy(which, policy);
} else {
- rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
+ rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
}
return rv;
}
@@ -1190,16 +1214,16 @@
SECStatus rv;
if (!oPolicy) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (ssl_IsRemovedCipherSuite(which)) {
- *oPolicy = SSL_NOT_ALLOWED;
- rv = SECSuccess;
+ *oPolicy = SSL_NOT_ALLOWED;
+ rv = SECSuccess;
} else if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_GetPolicy(which, oPolicy);
+ rv = ssl2_GetPolicy(which, oPolicy);
} else {
- rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
+ rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
}
return rv;
}
@@ -1207,20 +1231,20 @@
/* Part of the public NSS API.
* Since this is a global (not per-socket) setting, we cannot use the
* HandshakeLock to protect this. Probably want a global lock.
- * These changes have no effect on any sslSockets already created.
+ * These changes have no effect on any sslSockets already created.
*/
SECStatus
SSL_EnableCipher(long which, PRBool enabled)
{
if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
- /* one of the two old FIPS ciphers */
- if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
- which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
- else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
- which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
+ /* one of the two old FIPS ciphers */
+ if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
+ which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
+ else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
+ which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
}
if (ssl_IsRemovedCipherSuite(which))
- return SECSuccess;
+ return SECSuccess;
return SSL_CipherPrefSetDefault(which, enabled);
}
@@ -1230,39 +1254,39 @@
SECStatus rv = ssl_Init();
if (rv != SECSuccess) {
- return rv;
+ return rv;
}
if (ssl_IsRemovedCipherSuite(which))
- return SECSuccess;
+ return SECSuccess;
if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return SECFailure;
}
if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_CipherPrefSetDefault(which, enabled);
+ rv = ssl2_CipherPrefSetDefault(which, enabled);
} else {
- rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
+ rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
}
return rv;
}
-SECStatus
+SECStatus
SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
{
SECStatus rv;
-
+
if (!enabled) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (ssl_IsRemovedCipherSuite(which)) {
- *enabled = PR_FALSE;
- rv = SECSuccess;
+ *enabled = PR_FALSE;
+ rv = SECSuccess;
} else if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_CipherPrefGetDefault(which, enabled);
+ rv = ssl2_CipherPrefGetDefault(which, enabled);
} else {
- rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
+ rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
}
return rv;
}
@@ -1272,21 +1296,21 @@
{
SECStatus rv;
sslSocket *ss = ssl_FindSocket(fd);
-
+
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
+ return SECFailure;
}
if (ssl_IsRemovedCipherSuite(which))
- return SECSuccess;
+ return SECSuccess;
if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return SECFailure;
}
if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_CipherPrefSet(ss, which, enabled);
+ rv = ssl2_CipherPrefSet(ss, which, enabled);
} else {
- rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
+ rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
}
return rv;
}
@@ -1304,28 +1328,28 @@
return ssl3_CipherOrderSet(ss, ciphers, len);
}
-SECStatus
+SECStatus
SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
{
SECStatus rv;
sslSocket *ss = ssl_FindSocket(fd);
-
+
if (!enabled) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
- *enabled = PR_FALSE;
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
+ *enabled = PR_FALSE;
+ return SECFailure;
}
if (ssl_IsRemovedCipherSuite(which)) {
- *enabled = PR_FALSE;
- rv = SECSuccess;
+ *enabled = PR_FALSE;
+ rv = SECSuccess;
} else if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_CipherPrefGet(ss, which, enabled);
+ rv = ssl2_CipherPrefGet(ss, which, enabled);
} else {
- rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
+ rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
}
return rv;
}
@@ -1337,9 +1361,9 @@
const PRUint16 *cipher;
for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
- status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
- if (status != SECSuccess)
- break;
+ status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
+ if (status != SECSuccess)
+ break;
}
return status;
}
@@ -1386,37 +1410,40 @@
sslSocket * ns = NULL;
PRStatus rv;
PRNetAddr addr;
- SECStatus status = ssl_Init();
+ SECStatus status = ssl_Init();
if (status != SECSuccess) {
- return NULL;
+ return NULL;
}
if (model == NULL) {
- /* Just create a default socket if we're given NULL for the model */
- ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
+ /* Just create a default socket if we're given NULL for the model */
+ ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
} else {
- sslSocket * ss = ssl_FindSocket(model);
- if (ss == NULL || ss->protocolVariant != variant) {
- SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
- SSL_GETPID(), model));
- return NULL;
- }
- ns = ssl_DupSocket(ss);
+ sslSocket * ss = ssl_FindSocket(model);
+ if (ss == NULL || ss->protocolVariant != variant) {
+ SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
+ SSL_GETPID(), model));
+ return NULL;
+ }
+ ns = ssl_DupSocket(ss);
}
if (ns == NULL)
- return NULL;
+ return NULL;
rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
if (rv != PR_SUCCESS) {
- ssl_FreeSocket(ns);
- SET_ERROR_CODE
- return NULL;
+ ssl_FreeSocket(ns);
+ SET_ERROR_CODE
+ return NULL;
}
- ns = ssl_FindSocket(fd);
- PORT_Assert(ns);
- if (ns)
- ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
+#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
+ {
+ sslSocket * ss = ssl_FindSocket(fd);
+ PORT_Assert(ss == ns);
+ }
+#endif
+ ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
return fd;
}
@@ -1439,14 +1466,14 @@
* status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
SECStatus
SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
- void *arg)
+ void *arg)
{
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
- fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
+ fd));
+ return SECFailure;
}
ssl_GetSSL3HandshakeLock(ss);
@@ -1462,34 +1489,34 @@
*/
static SECStatus
ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
- const unsigned char *protos, unsigned int protos_len,
- unsigned char *protoOut, unsigned int *protoOutLen,
- unsigned int protoMaxLen)
+ const unsigned char *protos, unsigned int protos_len,
+ unsigned char *protoOut, unsigned int *protoOutLen,
+ unsigned int protoMaxLen)
{
unsigned int i, j;
const unsigned char *result;
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
- SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
+ SSL_GETPID(), fd));
+ return SECFailure;
}
/* For each protocol in server preference, see if we support it. */
for (i = 0; i < protos_len; ) {
- for (j = 0; j < ss->opt.nextProtoNego.len; ) {
- if (protos[i] == ss->opt.nextProtoNego.data[j] &&
- PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
- protos[i]) == 0) {
- /* We found a match. */
- ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
- result = &protos[i];
- goto found;
- }
- j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
- }
- i += 1 + (unsigned int)protos[i];
+ for (j = 0; j < ss->opt.nextProtoNego.len; ) {
+ if (protos[i] == ss->opt.nextProtoNego.data[j] &&
+ PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
+ protos[i]) == 0) {
+ /* We found a match. */
+ ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
+ result = &protos[i];
+ goto found;
+ }
+ j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
+ }
+ i += 1 + (unsigned int)protos[i];
}
/* The other side supports the extension, and either doesn't have any
@@ -1501,8 +1528,8 @@
found:
if (protoMaxLen < result[0]) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
memcpy(protoOut, result + 1, result[0]);
*protoOutLen = result[0];
@@ -1511,7 +1538,7 @@
SECStatus
SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
- unsigned int length)
+ unsigned int length)
{
sslSocket *ss;
SECStatus rv;
@@ -1519,13 +1546,13 @@
ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
- SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
+ SSL_GETPID(), fd));
+ return SECFailure;
}
if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
- return SECFailure;
+ return SECFailure;
ssl_GetSSL3HandshakeLock(ss);
SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
@@ -1533,87 +1560,87 @@
ssl_ReleaseSSL3HandshakeLock(ss);
if (rv != SECSuccess)
- return rv;
+ return rv;
return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
}
SECStatus
SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
- unsigned int *bufLen, unsigned int bufLenMax)
+ unsigned int *bufLen, unsigned int bufLenMax)
{
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
- fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
+ fd));
+ return SECFailure;
}
if (!state || !buf || !bufLen) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
*state = ss->ssl3.nextProtoState;
if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
- ss->ssl3.nextProto.data) {
- if (ss->ssl3.nextProto.len > bufLenMax) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
- *bufLen = ss->ssl3.nextProto.len;
+ ss->ssl3.nextProto.data) {
+ if (ss->ssl3.nextProto.len > bufLenMax) {
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
+ }
+ PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
+ *bufLen = ss->ssl3.nextProto.len;
} else {
- *bufLen = 0;
+ *bufLen = 0;
}
return SECSuccess;
}
SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
- const PRUint16 *ciphers,
- unsigned int numCiphers)
+ const PRUint16 *ciphers,
+ unsigned int numCiphers)
{
sslSocket *ss;
unsigned int i;
ss = ssl_FindSocket(fd);
if (!ss || !IS_DTLS(ss)) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
- SSL_GETPID(), fd));
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
+ SSL_GETPID(), fd));
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
ss->ssl3.dtlsSRTPCipherCount = 0;
for (i = 0; i < numCiphers; i++) {
- const PRUint16 *srtpCipher = srtpCiphers;
+ const PRUint16 *srtpCipher = srtpCiphers;
- while (*srtpCipher) {
- if (ciphers[i] == *srtpCipher)
- break;
- srtpCipher++;
- }
- if (*srtpCipher) {
- ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
- ciphers[i];
- } else {
- SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
- "suite specified: 0x%04hx", SSL_GETPID(), fd,
- ciphers[i]));
- }
+ while (*srtpCipher) {
+ if (ciphers[i] == *srtpCipher)
+ break;
+ srtpCipher++;
+ }
+ if (*srtpCipher) {
+ ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
+ ciphers[i];
+ } else {
+ SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
+ "suite specified: 0x%04hx", SSL_GETPID(), fd,
+ ciphers[i]));
+ }
}
if (ss->ssl3.dtlsSRTPCipherCount == 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
return SECSuccess;
@@ -1626,15 +1653,15 @@
ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
- SSL_GETPID(), fd));
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
+ SSL_GETPID(), fd));
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (!ss->ssl3.dtlsSRTPCipherSuite) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
*cipher = ss->ssl3.dtlsSRTPCipherSuite;
@@ -1655,7 +1682,7 @@
}
sm = ssl_FindSocket(model);
if (sm == NULL) {
- SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
+ SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
SSL_GETPID(), model));
return NULL;
}
@@ -1665,7 +1692,7 @@
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
-
+
ss->opt = sm->opt;
ss->vrange = sm->vrange;
PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
@@ -1694,15 +1721,15 @@
sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
if (!sc->serverCertChain)
goto loser;
- if (sm->certStatusArray[i]) {
- if (ss->certStatusArray[i]) {
- SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
- ss->certStatusArray[i] = NULL;
- }
- ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
- if (!ss->certStatusArray[i])
- goto loser;
- }
+ if (sm->certStatusArray[i]) {
+ if (ss->certStatusArray[i]) {
+ SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
+ ss->certStatusArray[i] = NULL;
+ }
+ ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
+ if (!ss->certStatusArray[i])
+ goto loser;
+ }
}
if (mc->serverKeyPair) {
if (sc->serverKeyPair) {
@@ -1735,7 +1762,7 @@
goto loser;
}
}
-
+
if (sm->authCertificate)
ss->authCertificate = sm->authCertificate;
if (sm->authCertificateArg)
@@ -1775,19 +1802,19 @@
PRBool
ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
- SSL3ProtocolVersion version)
+ SSL3ProtocolVersion version)
{
switch (protocolVariant) {
case ssl_variant_stream:
- return (version >= SSL_LIBRARY_VERSION_3_0 &&
- version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
+ return (version >= SSL_LIBRARY_VERSION_3_0 &&
+ version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
case ssl_variant_datagram:
- return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
- version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
+ return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
+ version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
default:
- /* Can't get here */
- PORT_Assert(PR_FALSE);
- return PR_FALSE;
+ /* Can't get here */
+ PORT_Assert(PR_FALSE);
+ return PR_FALSE;
}
}
@@ -1796,35 +1823,35 @@
*/
static PRBool
ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
- const SSLVersionRange *vrange)
+ const SSLVersionRange *vrange)
{
return vrange &&
- vrange->min <= vrange->max &&
- ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
- ssl3_VersionIsSupported(protocolVariant, vrange->max);
+ vrange->min <= vrange->max &&
+ ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
+ ssl3_VersionIsSupported(protocolVariant, vrange->max);
}
SECStatus
SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
- SSLVersionRange *vrange)
+ SSLVersionRange *vrange)
{
if (!vrange) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
switch (protocolVariant) {
case ssl_variant_stream:
- vrange->min = SSL_LIBRARY_VERSION_3_0;
- vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
- break;
+ vrange->min = SSL_LIBRARY_VERSION_3_0;
+ vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
+ break;
case ssl_variant_datagram:
- vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
- vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
- break;
+ vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
+ vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
+ break;
default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
return SECSuccess;
@@ -1832,12 +1859,12 @@
SECStatus
SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
- SSLVersionRange *vrange)
+ SSLVersionRange *vrange)
{
if ((protocolVariant != ssl_variant_stream &&
- protocolVariant != ssl_variant_datagram) || !vrange) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ protocolVariant != ssl_variant_datagram) || !vrange) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
*vrange = *VERSIONS_DEFAULTS(protocolVariant);
@@ -1847,11 +1874,11 @@
SECStatus
SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
- const SSLVersionRange *vrange)
+ const SSLVersionRange *vrange)
{
if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
- PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
- return SECFailure;
+ PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+ return SECFailure;
}
*VERSIONS_DEFAULTS(protocolVariant) = *vrange;
@@ -1865,14 +1892,14 @@
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
- SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
+ SSL_GETPID(), fd));
+ return SECFailure;
}
if (!vrange) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
ssl_Get1stHandshakeLock(ss);
@@ -1910,14 +1937,14 @@
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
- SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
+ SSL_GETPID(), fd));
+ return SECFailure;
}
if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
- PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
- return SECFailure;
+ PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+ return SECFailure;
}
ssl_Get1stHandshakeLock(ss);
@@ -1960,7 +1987,7 @@
PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
return NULL;
}
-
+
return &ss->sec.ci.sid->peerCertStatus;
}
@@ -2024,15 +2051,15 @@
ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
{
sslSocket *ss;
- sslSocket *ns = NULL;
- PRFileDesc *newfd = NULL;
+ sslSocket *ns = NULL;
+ PRFileDesc *newfd = NULL;
PRFileDesc *osfd;
PRStatus status;
ss = ssl_GetPrivate(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
- return NULL;
+ SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
+ return NULL;
}
/* IF this is a listen socket, there shouldn't be any I/O going on */
@@ -2048,46 +2075,46 @@
/* First accept connection */
newfd = osfd->methods->accept(osfd, sockaddr, timeout);
if (newfd == NULL) {
- SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
+ SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
+ SSL_GETPID(), ss->fd, PORT_GetError()));
} else {
- /* Create ssl module */
- ns = ssl_DupSocket(ss);
+ /* Create ssl module */
+ ns = ssl_DupSocket(ss);
}
ssl_ReleaseSSL3HandshakeLock(ss);
ssl_Release1stHandshakeLock(ss);
SSL_UNLOCK_WRITER(ss);
- SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
+ SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
if (ns == NULL)
- goto loser;
+ goto loser;
/* push ssl module onto the new socket */
status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
if (status != PR_SUCCESS)
- goto loser;
+ goto loser;
/* Now start server connection handshake with client.
** Don't need locks here because nobody else has a reference to ns yet.
*/
if ( ns->opt.useSecurity ) {
- if ( ns->opt.handshakeAsClient ) {
- ns->handshake = ssl2_BeginClientHandshake;
- ss->handshaking = sslHandshakingAsClient;
- } else {
- ns->handshake = ssl2_BeginServerHandshake;
- ss->handshaking = sslHandshakingAsServer;
- }
+ if ( ns->opt.handshakeAsClient ) {
+ ns->handshake = ssl2_BeginClientHandshake;
+ ss->handshaking = sslHandshakingAsClient;
+ } else {
+ ns->handshake = ssl2_BeginServerHandshake;
+ ss->handshaking = sslHandshakingAsServer;
+ }
}
ns->TCPconnected = 1;
return newfd;
loser:
if (ns != NULL)
- ssl_FreeSocket(ns);
+ ssl_FreeSocket(ns);
if (newfd != NULL)
- PR_Close(newfd);
+ PR_Close(newfd);
return NULL;
}
@@ -2099,8 +2126,8 @@
ss = ssl_GetPrivate(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
- return PR_FAILURE;
+ SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
+ return PR_FAILURE;
}
/* IF this is a listen socket, there shouldn't be any I/O going on */
@@ -2123,8 +2150,8 @@
PRStatus rv;
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
- return PR_FAILURE;
+ SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
+ return PR_FAILURE;
}
SSL_LOCK_READER(ss);
SSL_LOCK_WRITER(ss);
@@ -2143,8 +2170,8 @@
PRStatus rv;
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
- return PR_FAILURE;
+ SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
+ return PR_FAILURE;
}
SSL_LOCK_READER(ss);
SSL_LOCK_WRITER(ss);
@@ -2163,23 +2190,23 @@
PRStatus rv;
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
- return PR_FAILURE;
+ SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
+ return PR_FAILURE;
}
if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
- SSL_LOCK_READER(ss);
+ SSL_LOCK_READER(ss);
}
if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
- SSL_LOCK_WRITER(ss);
+ SSL_LOCK_WRITER(ss);
}
rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
- SSL_UNLOCK_WRITER(ss);
+ SSL_UNLOCK_WRITER(ss);
}
if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
- SSL_UNLOCK_READER(ss);
+ SSL_UNLOCK_READER(ss);
}
return rv;
}
@@ -2192,16 +2219,16 @@
ss = ssl_GetPrivate(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
- return PR_FAILURE;
+ SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
+ return PR_FAILURE;
}
/* There must not be any I/O going on */
SSL_LOCK_READER(ss);
SSL_LOCK_WRITER(ss);
- /* By the time this function returns,
- ** ss is an invalid pointer, and the locks to which it points have
+ /* By the time this function returns,
+ ** ss is an invalid pointer, and the locks to which it points have
** been unlocked and freed. So, this is the ONE PLACE in all of SSL
** where the LOCK calls and the corresponding UNLOCK calls are not in
** the same function scope. The unlock calls are in ssl_FreeSocket().
@@ -2213,20 +2240,20 @@
static int PR_CALLBACK
ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
- PRIntervalTime timeout)
+ PRIntervalTime timeout)
{
sslSocket *ss;
int rv;
ss = ssl_GetPrivate(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
+ return SECFailure;
}
SSL_LOCK_READER(ss);
ss->rTimeout = timeout;
if (!ss->opt.fdx)
- ss->wTimeout = timeout;
+ ss->wTimeout = timeout;
rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags);
SSL_UNLOCK_READER(ss);
return rv;
@@ -2234,20 +2261,20 @@
static int PR_CALLBACK
ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
- PRIntervalTime timeout)
+ PRIntervalTime timeout)
{
sslSocket *ss;
int rv;
ss = ssl_GetPrivate(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
+ return SECFailure;
}
SSL_LOCK_WRITER(ss);
ss->wTimeout = timeout;
if (!ss->opt.fdx)
- ss->rTimeout = timeout;
+ ss->rTimeout = timeout;
rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags);
SSL_UNLOCK_WRITER(ss);
return rv;
@@ -2261,13 +2288,13 @@
ss = ssl_GetPrivate(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
+ return SECFailure;
}
SSL_LOCK_READER(ss);
ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
if (!ss->opt.fdx)
- ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
+ ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
rv = (*ss->ops->read)(ss, (unsigned char*)buf, len);
SSL_UNLOCK_READER(ss);
return rv;
@@ -2281,13 +2308,13 @@
ss = ssl_GetPrivate(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
+ return SECFailure;
}
SSL_LOCK_WRITER(ss);
ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
if (!ss->opt.fdx)
- ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
+ ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len);
SSL_UNLOCK_WRITER(ss);
return rv;
@@ -2300,8 +2327,8 @@
ss = ssl_GetPrivate(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
- return PR_FAILURE;
+ SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
+ return PR_FAILURE;
}
return (PRStatus)(*ss->ops->getpeername)(ss, addr);
}
@@ -2320,18 +2347,18 @@
PORT_Memset(&sin, 0, sizeof(sin));
rv = osfd->methods->getpeername(osfd, &sin);
if (rv < 0) {
- return SECFailure;
+ return SECFailure;
}
ss->TCPconnected = 1;
if (sin.inet.family == PR_AF_INET) {
PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
- ss->sec.ci.port = sin.inet.port;
+ ss->sec.ci.port = sin.inet.port;
} else if (sin.ipv6.family == PR_AF_INET6) {
- ss->sec.ci.peer = sin.ipv6.ip;
- ss->sec.ci.port = sin.ipv6.port;
+ ss->sec.ci.peer = sin.ipv6.ip;
+ ss->sec.ci.port = sin.ipv6.port;
} else {
- PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
- return SECFailure;
+ PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
+ return SECFailure;
}
return SECSuccess;
}
@@ -2343,29 +2370,29 @@
ss = ssl_GetPrivate(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
- return PR_FAILURE;
+ SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
+ return PR_FAILURE;
}
return (PRStatus)(*ss->ops->getsockname)(ss, name);
}
SECStatus
SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
- SSLKEAType kea)
+ SSLKEAType kea)
{
sslSocket *ss;
ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
- SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
+ SSL_GETPID(), fd));
+ return SECFailure;
}
if ( kea <= 0 || kea >= kt_kea_size) {
- SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
- SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
+ SSL_GETPID(), fd));
+ return SECFailure;
}
if (ss->certStatusArray[kea]) {
@@ -2373,7 +2400,7 @@
ss->certStatusArray[kea] = NULL;
}
if (responses) {
- ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
+ ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
}
return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure;
}
@@ -2385,17 +2412,17 @@
ss = ssl_FindSocket(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
- SSL_GETPID(), fd));
- return SECFailure;
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
+ SSL_GETPID(), fd));
+ return SECFailure;
}
if (ss->peerID) {
- PORT_Free(ss->peerID);
- ss->peerID = NULL;
+ PORT_Free(ss->peerID);
+ ss->peerID = NULL;
}
if (peerID)
- ss->peerID = PORT_Strdup(peerID);
+ ss->peerID = PORT_Strdup(peerID);
return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
}
@@ -2405,117 +2432,117 @@
ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
{
sslSocket *ss;
- PRInt16 new_flags = how_flags; /* should select on these flags. */
+ PRInt16 new_flags = how_flags; /* should select on these flags. */
PRNetAddr addr;
*p_out_flags = 0;
ss = ssl_GetPrivate(fd);
if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
- SSL_GETPID(), fd));
- return 0; /* don't poll on this socket */
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
+ SSL_GETPID(), fd));
+ return 0; /* don't poll on this socket */
}
- if (ss->opt.useSecurity &&
- ss->handshaking != sslHandshakingUndetermined &&
+ if (ss->opt.useSecurity &&
+ ss->handshaking != sslHandshakingUndetermined &&
!ss->firstHsDone &&
- (how_flags & PR_POLL_RW)) {
- if (!ss->TCPconnected) {
- ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
- }
- /* If it's not connected, then presumably the application is polling
- ** on read or write appropriately, so don't change it.
- */
- if (ss->TCPconnected) {
- if (!ss->handshakeBegun) {
- /* If the handshake has not begun, poll on read or write
- ** based on the local application's role in the handshake,
- ** not based on what the application requested.
- */
- new_flags &= ~PR_POLL_RW;
- if (ss->handshaking == sslHandshakingAsClient) {
- new_flags |= PR_POLL_WRITE;
- } else { /* handshaking as server */
- new_flags |= PR_POLL_READ;
- }
- } else
- /* First handshake is in progress */
- if (ss->lastWriteBlocked) {
- if (new_flags & PR_POLL_READ) {
- /* The caller is waiting for data to be received,
- ** but the initial handshake is blocked on write, or the
- ** client's first handshake record has not been written.
- ** The code should select on write, not read.
- */
- new_flags ^= PR_POLL_READ; /* don't select on read. */
- new_flags |= PR_POLL_WRITE; /* do select on write. */
- }
- } else if (new_flags & PR_POLL_WRITE) {
- /* The caller is trying to write, but the handshake is
- ** blocked waiting for data to read, and the first
- ** handshake has been sent. So do NOT to poll on write
- ** unless we did false start.
- */
- if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
- ss->ssl3.hs.canFalseStart)) {
- new_flags ^= PR_POLL_WRITE; /* don't select on write. */
- }
- new_flags |= PR_POLL_READ; /* do select on read. */
- }
- }
+ (how_flags & PR_POLL_RW)) {
+ if (!ss->TCPconnected) {
+ ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
+ }
+ /* If it's not connected, then presumably the application is polling
+ ** on read or write appropriately, so don't change it.
+ */
+ if (ss->TCPconnected) {
+ if (!ss->handshakeBegun) {
+ /* If the handshake has not begun, poll on read or write
+ ** based on the local application's role in the handshake,
+ ** not based on what the application requested.
+ */
+ new_flags &= ~PR_POLL_RW;
+ if (ss->handshaking == sslHandshakingAsClient) {
+ new_flags |= PR_POLL_WRITE;
+ } else { /* handshaking as server */
+ new_flags |= PR_POLL_READ;
+ }
+ } else
+ /* First handshake is in progress */
+ if (ss->lastWriteBlocked) {
+ if (new_flags & PR_POLL_READ) {
+ /* The caller is waiting for data to be received,
+ ** but the initial handshake is blocked on write, or the
+ ** client's first handshake record has not been written.
+ ** The code should select on write, not read.
+ */
+ new_flags ^= PR_POLL_READ; /* don't select on read. */
+ new_flags |= PR_POLL_WRITE; /* do select on write. */
+ }
+ } else if (new_flags & PR_POLL_WRITE) {
+ /* The caller is trying to write, but the handshake is
+ ** blocked waiting for data to read, and the first
+ ** handshake has been sent. So do NOT to poll on write
+ ** unless we did false start.
+ */
+ if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
+ ss->ssl3.hs.canFalseStart)) {
+ new_flags ^= PR_POLL_WRITE; /* don't select on write. */
+ }
+ new_flags |= PR_POLL_READ; /* do select on read. */
+ }
+ }
} else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
- *p_out_flags = PR_POLL_READ; /* it's ready already. */
- return new_flags;
+ *p_out_flags = PR_POLL_READ; /* it's ready already. */
+ return new_flags;
} else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
- (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
- new_flags |= PR_POLL_WRITE; /* also select on write. */
+ (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
+ new_flags |= PR_POLL_WRITE; /* also select on write. */
}
if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
- ss->ssl3.hs.restartTarget != NULL) {
- /* Read and write will block until the asynchronous callback completes
- * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
- * the caller to poll the socket unless there is pending write data.
- */
- if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
- /* Ignore any newly-received data on the socket, but do wait for
- * the socket to become writable again. Here, it is OK for an error
- * to be detected, because our logic for sending pending write data
- * will allow us to report the error to the caller without the risk
- * of the application spinning.
- */
- new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
- } else {
- /* Unfortunately, clearing new_flags will make it impossible for
- * the application to detect errors that it would otherwise be
- * able to detect with PR_POLL_EXCEPT, until the asynchronous
- * callback completes. However, we must clear all the flags to
- * prevent the application from spinning (alternating between
- * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
- * which won't actually report the I/O error while we are waiting
- * for the asynchronous callback to complete).
- */
- new_flags = 0;
- }
+ ss->ssl3.hs.restartTarget != NULL) {
+ /* Read and write will block until the asynchronous callback completes
+ * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
+ * the caller to poll the socket unless there is pending write data.
+ */
+ if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
+ /* Ignore any newly-received data on the socket, but do wait for
+ * the socket to become writable again. Here, it is OK for an error
+ * to be detected, because our logic for sending pending write data
+ * will allow us to report the error to the caller without the risk
+ * of the application spinning.
+ */
+ new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
+ } else {
+ /* Unfortunately, clearing new_flags will make it impossible for
+ * the application to detect errors that it would otherwise be
+ * able to detect with PR_POLL_EXCEPT, until the asynchronous
+ * callback completes. However, we must clear all the flags to
+ * prevent the application from spinning (alternating between
+ * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
+ * which won't actually report the I/O error while we are waiting
+ * for the asynchronous callback to complete).
+ */
+ new_flags = 0;
+ }
}
if (new_flags && (fd->lower->methods->poll != NULL)) {
- PRInt16 lower_out_flags = 0;
- PRInt16 lower_new_flags;
- lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
- &lower_out_flags);
- if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
- PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
- if (lower_out_flags & PR_POLL_READ)
- out_flags |= PR_POLL_WRITE;
- if (lower_out_flags & PR_POLL_WRITE)
- out_flags |= PR_POLL_READ;
- *p_out_flags = out_flags;
- new_flags = how_flags;
- } else {
- *p_out_flags = lower_out_flags;
- new_flags = lower_new_flags;
- }
+ PRInt16 lower_out_flags = 0;
+ PRInt16 lower_new_flags;
+ lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
+ &lower_out_flags);
+ if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
+ PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
+ if (lower_out_flags & PR_POLL_READ)
+ out_flags |= PR_POLL_WRITE;
+ if (lower_out_flags & PR_POLL_WRITE)
+ out_flags |= PR_POLL_READ;
+ *p_out_flags = out_flags;
+ new_flags = how_flags;
+ } else {
+ *p_out_flags = lower_out_flags;
+ new_flags = lower_new_flags;
+ }
}
return new_flags;
@@ -2523,8 +2550,8 @@
static PRInt32 PR_CALLBACK
ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
- const void *headers, PRInt32 hlen,
- PRTransmitFileFlags flags, PRIntervalTime timeout)
+ const void *headers, PRInt32 hlen,
+ PRTransmitFileFlags flags, PRIntervalTime timeout)
{
PRSendFileData sfd;
@@ -2550,7 +2577,7 @@
opt.value.non_blocking = PR_FALSE;
status = PR_GetSocketOption(fd, &opt);
if (status != PR_SUCCESS)
- return PR_FALSE;
+ return PR_FALSE;
return (PRBool)!opt.value.non_blocking;
}
@@ -2564,9 +2591,10 @@
PRInt32 sslCopyLimit = 1024;
static PRInt32 PR_CALLBACK
-ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
+ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
PRIntervalTime timeout)
{
+ PRInt32 i;
PRInt32 bufLen;
PRInt32 left;
PRInt32 rv;
@@ -2574,12 +2602,22 @@
const PRInt32 first_len = sslFirstBufSize;
const PRInt32 limit = sslCopyLimit;
PRBool blocking;
- PRIOVec myIov = { 0, 0 };
+ PRIOVec myIov = { 0, 0 };
char buf[MAX_FRAGMENT_LENGTH];
+ if (vectors < 0) {
+ PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+ return -1;
+ }
if (vectors > PR_MAX_IOVECTOR_SIZE) {
- PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
- return -1;
+ PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
+ return -1;
+ }
+ for (i = 0; i < vectors; i++) {
+ if (iov[i].iov_len < 0) {
+ PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+ return -1;
+ }
}
blocking = ssl_FdIsBlocking(fd);
@@ -2588,105 +2626,105 @@
#define GET_VECTOR do { myIov = *iov++; --vectors; KILL_VECTORS } while (0)
#define HANDLE_ERR(rv, len) \
if (rv != len) { \
- if (rv < 0) { \
- if (!blocking \
- && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
- && (sent > 0)) { \
- return sent; \
- } else { \
- return -1; \
- } \
- } \
- /* Only a nonblocking socket can have partial sends */ \
- PR_ASSERT(!blocking); \
- return sent + rv; \
- }
+ if (rv < 0) { \
+ if (!blocking \
+ && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
+ && (sent > 0)) { \
+ return sent; \
+ } else { \
+ return -1; \
+ } \
+ } \
+ /* Only a nonblocking socket can have partial sends */ \
+ PR_ASSERT(!blocking); \
+ return sent + rv; \
+ }
#define SEND(bfr, len) \
do { \
- rv = ssl_Send(fd, bfr, len, 0, timeout); \
- HANDLE_ERR(rv, len) \
- sent += len; \
+ rv = ssl_Send(fd, bfr, len, 0, timeout); \
+ HANDLE_ERR(rv, len) \
+ sent += len; \
} while (0)
/* Make sure the first write is at least 8 KB, if possible. */
KILL_VECTORS
if (!vectors)
- return ssl_Send(fd, 0, 0, 0, timeout);
+ return ssl_Send(fd, 0, 0, 0, timeout);
GET_VECTOR;
if (!vectors) {
- return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
+ return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
}
if (myIov.iov_len < first_len) {
- PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
- bufLen = myIov.iov_len;
- left = first_len - bufLen;
- while (vectors && left) {
- int toCopy;
- GET_VECTOR;
- toCopy = PR_MIN(left, myIov.iov_len);
- PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
- bufLen += toCopy;
- left -= toCopy;
- myIov.iov_base += toCopy;
- myIov.iov_len -= toCopy;
- }
- SEND( buf, bufLen );
+ PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
+ bufLen = myIov.iov_len;
+ left = first_len - bufLen;
+ while (vectors && left) {
+ int toCopy;
+ GET_VECTOR;
+ toCopy = PR_MIN(left, myIov.iov_len);
+ PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
+ bufLen += toCopy;
+ left -= toCopy;
+ myIov.iov_base += toCopy;
+ myIov.iov_len -= toCopy;
+ }
+ SEND( buf, bufLen );
}
while (vectors || myIov.iov_len) {
- PRInt32 addLen;
- if (!myIov.iov_len) {
- GET_VECTOR;
- }
- while (myIov.iov_len >= K16) {
- SEND(myIov.iov_base, K16);
- myIov.iov_base += K16;
- myIov.iov_len -= K16;
- }
- if (!myIov.iov_len)
- continue;
+ PRInt32 addLen;
+ if (!myIov.iov_len) {
+ GET_VECTOR;
+ }
+ while (myIov.iov_len >= K16) {
+ SEND(myIov.iov_base, K16);
+ myIov.iov_base += K16;
+ myIov.iov_len -= K16;
+ }
+ if (!myIov.iov_len)
+ continue;
- if (!vectors || myIov.iov_len > limit) {
- addLen = 0;
- } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
- /* Addlen is already computed. */;
- } else if (vectors > 1 &&
- iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
- addLen = limit - myIov.iov_len;
- } else
- addLen = 0;
+ if (!vectors || myIov.iov_len > limit) {
+ addLen = 0;
+ } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
+ /* Addlen is already computed. */;
+ } else if (vectors > 1 &&
+ iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
+ addLen = limit - myIov.iov_len;
+ } else
+ addLen = 0;
- if (!addLen) {
- SEND( myIov.iov_base, myIov.iov_len );
- myIov.iov_len = 0;
- continue;
- }
- PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
- bufLen = myIov.iov_len;
- do {
- GET_VECTOR;
- PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
- myIov.iov_base += addLen;
- myIov.iov_len -= addLen;
- bufLen += addLen;
+ if (!addLen) {
+ SEND( myIov.iov_base, myIov.iov_len );
+ myIov.iov_len = 0;
+ continue;
+ }
+ PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
+ bufLen = myIov.iov_len;
+ do {
+ GET_VECTOR;
+ PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
+ myIov.iov_base += addLen;
+ myIov.iov_len -= addLen;
+ bufLen += addLen;
- left = PR_MIN( limit, K16 - bufLen);
- if (!vectors /* no more left */
- || myIov.iov_len > 0 /* we didn't use that one all up */
- || bufLen >= K16 /* it's full. */
- ) {
- addLen = 0;
- } else if ((addLen = iov->iov_len % K16) <= left) {
- /* Addlen is already computed. */;
- } else if (vectors > 1 &&
- iov[1].iov_len % K16 + addLen <= left + limit) {
- addLen = left;
- } else
- addLen = 0;
+ left = PR_MIN( limit, K16 - bufLen);
+ if (!vectors /* no more left */
+ || myIov.iov_len > 0 /* we didn't use that one all up */
+ || bufLen >= K16 /* it's full. */
+ ) {
+ addLen = 0;
+ } else if ((addLen = iov->iov_len % K16) <= left) {
+ /* Addlen is already computed. */;
+ } else if (vectors > 1 &&
+ iov[1].iov_len % K16 + addLen <= left + limit) {
+ addLen = left;
+ } else
+ addLen = 0;
- } while (addLen);
- SEND( buf, bufLen );
- }
+ } while (addLen);
+ SEND( buf, bufLen );
+ }
return sent;
}
@@ -2756,7 +2794,7 @@
static PRInt32 PR_CALLBACK
ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
- PRNetAddr *addr, PRIntervalTime timeout)
+ PRNetAddr *addr, PRIntervalTime timeout)
{
PORT_Assert(0);
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
@@ -2765,7 +2803,7 @@
static PRInt32 PR_CALLBACK
ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
- const PRNetAddr *addr, PRIntervalTime timeout)
+ const PRNetAddr *addr, PRIntervalTime timeout)
{
PORT_Assert(0);
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
@@ -2774,41 +2812,41 @@
static const PRIOMethods ssl_methods = {
PR_DESC_LAYERED,
- ssl_Close, /* close */
- ssl_Read, /* read */
- ssl_Write, /* write */
- ssl_Available, /* available */
- ssl_Available64, /* available64 */
- ssl_FSync, /* fsync */
- ssl_Seek, /* seek */
- ssl_Seek64, /* seek64 */
- ssl_FileInfo, /* fileInfo */
- ssl_FileInfo64, /* fileInfo64 */
- ssl_WriteV, /* writev */
- ssl_Connect, /* connect */
- ssl_Accept, /* accept */
- ssl_Bind, /* bind */
- ssl_Listen, /* listen */
- ssl_Shutdown, /* shutdown */
- ssl_Recv, /* recv */
- ssl_Send, /* send */
- ssl_RecvFrom, /* recvfrom */
- ssl_SendTo, /* sendto */
- ssl_Poll, /* poll */
+ ssl_Close, /* close */
+ ssl_Read, /* read */
+ ssl_Write, /* write */
+ ssl_Available, /* available */
+ ssl_Available64, /* available64 */
+ ssl_FSync, /* fsync */
+ ssl_Seek, /* seek */
+ ssl_Seek64, /* seek64 */
+ ssl_FileInfo, /* fileInfo */
+ ssl_FileInfo64, /* fileInfo64 */
+ ssl_WriteV, /* writev */
+ ssl_Connect, /* connect */
+ ssl_Accept, /* accept */
+ ssl_Bind, /* bind */
+ ssl_Listen, /* listen */
+ ssl_Shutdown, /* shutdown */
+ ssl_Recv, /* recv */
+ ssl_Send, /* send */
+ ssl_RecvFrom, /* recvfrom */
+ ssl_SendTo, /* sendto */
+ ssl_Poll, /* poll */
PR_EmulateAcceptRead, /* acceptread */
ssl_TransmitFile, /* transmitfile */
- ssl_GetSockName, /* getsockname */
- ssl_GetPeerName, /* getpeername */
- NULL, /* getsockopt OBSOLETE */
- NULL, /* setsockopt OBSOLETE */
- NULL, /* getsocketoption */
- NULL, /* setsocketoption */
- PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/
- NULL, /* reserved for future use */
- NULL, /* reserved for future use */
- NULL, /* reserved for future use */
- NULL, /* reserved for future use */
- NULL /* reserved for future use */
+ ssl_GetSockName, /* getsockname */
+ ssl_GetPeerName, /* getpeername */
+ NULL, /* getsockopt OBSOLETE */
+ NULL, /* setsockopt OBSOLETE */
+ NULL, /* getsocketoption */
+ NULL, /* setsocketoption */
+ PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/
+ NULL, /* reserved for future use */
+ NULL, /* reserved for future use */
+ NULL, /* reserved for future use */
+ NULL, /* reserved for future use */
+ NULL /* reserved for future use */
};
@@ -2849,15 +2887,15 @@
new_methods->transmitfile = my_methods->transmitfile;
new_methods->getsockname = my_methods->getsockname;
new_methods->getpeername = my_methods->getpeername;
-/* new_methods->getsocketoption = my_methods->getsocketoption; */
-/* new_methods->setsocketoption = my_methods->setsocketoption; */
+/* new_methods->getsocketoption = my_methods->getsocketoption; */
+/* new_methods->setsocketoption = my_methods->setsocketoption; */
new_methods->sendfile = my_methods->sendfile;
}
static PRCallOnceType initIoLayerOnce;
-static PRStatus
+static PRStatus
ssl_InitIOLayer(void)
{
ssl_layer_id = PR_GetUniqueIdentity("SSL");
@@ -2869,44 +2907,44 @@
static PRStatus
ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
{
- PRFileDesc *layer = NULL;
+ PRFileDesc *layer = NULL;
PRStatus status;
if (!ssl_inited) {
- status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
- if (status != PR_SUCCESS)
- goto loser;
+ status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
+ if (status != PR_SUCCESS)
+ goto loser;
}
if (ns == NULL)
- goto loser;
+ goto loser;
layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
if (layer == NULL)
- goto loser;
+ goto loser;
layer->secret = (PRFilePrivate *)ns;
/* Here, "stack" points to the PRFileDesc on the top of the stack.
** "layer" points to a new FD that is to be inserted into the stack.
- ** If layer is being pushed onto the top of the stack, then
+ ** If layer is being pushed onto the top of the stack, then
** PR_PushIOLayer switches the contents of stack and layer, and then
- ** puts stack on top of layer, so that after it is done, the top of
- ** stack is the same "stack" as it was before, and layer is now the
+ ** puts stack on top of layer, so that after it is done, the top of
+ ** stack is the same "stack" as it was before, and layer is now the
** FD for the former top of stack.
** After this call, stack always points to the top PRFD on the stack.
- ** If this function fails, the contents of stack and layer are as
+ ** If this function fails, the contents of stack and layer are as
** they were before the call.
*/
status = PR_PushIOLayer(stack, id, layer);
if (status != PR_SUCCESS)
- goto loser;
+ goto loser;
ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
return PR_SUCCESS;
loser:
if (layer) {
- layer->dtor(layer); /* free layer */
+ layer->dtor(layer); /* free layer */
}
return PR_FAILURE;
}
@@ -2916,28 +2954,28 @@
ssl_MakeLocks(sslSocket *ss)
{
ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
- if (!ss->firstHandshakeLock)
- goto loser;
+ if (!ss->firstHandshakeLock)
+ goto loser;
ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL);
- if (!ss->ssl3HandshakeLock)
- goto loser;
+ if (!ss->ssl3HandshakeLock)
+ goto loser;
ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
- if (!ss->specLock)
- goto loser;
+ if (!ss->specLock)
+ goto loser;
ss->recvBufLock = PZ_NewMonitor(nssILockSSL);
- if (!ss->recvBufLock)
- goto loser;
+ if (!ss->recvBufLock)
+ goto loser;
ss->xmitBufLock = PZ_NewMonitor(nssILockSSL);
- if (!ss->xmitBufLock)
- goto loser;
+ if (!ss->xmitBufLock)
+ goto loser;
ss->writerThread = NULL;
if (ssl_lock_readers) {
- ss->recvLock = PZ_NewLock(nssILockSSL);
- if (!ss->recvLock)
- goto loser;
- ss->sendLock = PZ_NewLock(nssILockSSL);
- if (!ss->sendLock)
- goto loser;
+ ss->recvLock = PZ_NewLock(nssILockSSL);
+ if (!ss->recvLock)
+ goto loser;
+ ss->sendLock = PZ_NewLock(nssILockSSL);
+ if (!ss->sendLock)
+ goto loser;
}
return SECSuccess;
loser:
@@ -2958,81 +2996,81 @@
static int firsttime = 1;
if (firsttime) {
- char * ev;
- firsttime = 0;
+ char * ev;
+ firsttime = 0;
#ifdef DEBUG
- ev = getenv("SSLDEBUGFILE");
- if (ev && ev[0]) {
- ssl_trace_iob = fopen(ev, "w");
- }
- if (!ssl_trace_iob) {
- ssl_trace_iob = stderr;
- }
+ ev = getenv("SSLDEBUGFILE");
+ if (ev && ev[0]) {
+ ssl_trace_iob = fopen(ev, "w");
+ }
+ if (!ssl_trace_iob) {
+ ssl_trace_iob = stderr;
+ }
#ifdef TRACE
- ev = getenv("SSLTRACE");
- if (ev && ev[0]) {
- ssl_trace = atoi(ev);
- SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
- }
+ ev = getenv("SSLTRACE");
+ if (ev && ev[0]) {
+ ssl_trace = atoi(ev);
+ SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
+ }
#endif /* TRACE */
- ev = getenv("SSLDEBUG");
- if (ev && ev[0]) {
- ssl_debug = atoi(ev);
- SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
- }
+ ev = getenv("SSLDEBUG");
+ if (ev && ev[0]) {
+ ssl_debug = atoi(ev);
+ SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
+ }
#endif /* DEBUG */
- ev = getenv("SSLKEYLOGFILE");
- if (ev && ev[0]) {
- ssl_keylog_iob = fopen(ev, "a");
- if (!ssl_keylog_iob) {
- SSL_TRACE(("SSL: failed to open key log file"));
- } else {
- if (ftell(ssl_keylog_iob) == 0) {
- fputs("# SSL/TLS secrets log file, generated by NSS\n",
- ssl_keylog_iob);
- }
- SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
- }
- }
+ ev = getenv("SSLKEYLOGFILE");
+ if (ev && ev[0]) {
+ ssl_keylog_iob = fopen(ev, "a");
+ if (!ssl_keylog_iob) {
+ SSL_TRACE(("SSL: failed to open key log file"));
+ } else {
+ if (ftell(ssl_keylog_iob) == 0) {
+ fputs("# SSL/TLS secrets log file, generated by NSS\n",
+ ssl_keylog_iob);
+ }
+ SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
+ }
+ }
#ifndef NO_PKCS11_BYPASS
- ev = getenv("SSLBYPASS");
- if (ev && ev[0]) {
- ssl_defaults.bypassPKCS11 = (ev[0] == '1');
- SSL_TRACE(("SSL: bypass default set to %d", \
- ssl_defaults.bypassPKCS11));
- }
+ ev = getenv("SSLBYPASS");
+ if (ev && ev[0]) {
+ ssl_defaults.bypassPKCS11 = (ev[0] == '1');
+ SSL_TRACE(("SSL: bypass default set to %d", \
+ ssl_defaults.bypassPKCS11));
+ }
#endif /* NO_PKCS11_BYPASS */
- ev = getenv("SSLFORCELOCKS");
- if (ev && ev[0] == '1') {
- ssl_force_locks = PR_TRUE;
- ssl_defaults.noLocks = 0;
- strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. ");
- SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
- }
- ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
- if (ev) {
- if (ev[0] == '1' || LOWER(ev[0]) == 'u')
- ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
- else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
- ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
- else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
- ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
- else if (ev[0] == '3' || LOWER(ev[0]) == 't')
- ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
- SSL_TRACE(("SSL: enableRenegotiation set to %d",
- ssl_defaults.enableRenegotiation));
- }
- ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
- if (ev && ev[0] == '1') {
- ssl_defaults.requireSafeNegotiation = PR_TRUE;
- SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
- PR_TRUE));
- }
- ev = getenv("NSS_SSL_CBC_RANDOM_IV");
- if (ev && ev[0] == '0') {
- ssl_defaults.cbcRandomIV = PR_FALSE;
- SSL_TRACE(("SSL: cbcRandomIV set to 0"));
- }
+ ev = getenv("SSLFORCELOCKS");
+ if (ev && ev[0] == '1') {
+ ssl_force_locks = PR_TRUE;
+ ssl_defaults.noLocks = 0;
+ strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. ");
+ SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
+ }
+ ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
+ if (ev) {
+ if (ev[0] == '1' || LOWER(ev[0]) == 'u')
+ ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
+ else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
+ ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
+ else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
+ ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
+ else if (ev[0] == '3' || LOWER(ev[0]) == 't')
+ ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
+ SSL_TRACE(("SSL: enableRenegotiation set to %d",
+ ssl_defaults.enableRenegotiation));
+ }
+ ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
+ if (ev && ev[0] == '1') {
+ ssl_defaults.requireSafeNegotiation = PR_TRUE;
+ SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
+ PR_TRUE));
+ }
+ ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+ if (ev && ev[0] == '0') {
+ ssl_defaults.cbcRandomIV = PR_FALSE;
+ SSL_TRACE(("SSL: cbcRandomIV set to 0"));
+ }
}
#endif /* NSS_HAVE_GETENV */
}
@@ -3048,83 +3086,82 @@
ssl_SetDefaultsFromEnvironment();
if (ssl_force_locks)
- makeLocks = PR_TRUE;
+ makeLocks = PR_TRUE;
/* Make a new socket and get it ready */
ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket));
if (ss) {
/* This should be of type SSLKEAType, but CC on IRIX
- * complains during the for loop.
- */
- int i;
- SECStatus status;
-
- ss->opt = ssl_defaults;
- ss->opt.useSocks = PR_FALSE;
- ss->opt.noLocks = !makeLocks;
- ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
- ss->protocolVariant = protocolVariant;
+ * complains during the for loop.
+ */
+ int i;
+ SECStatus status;
- ss->peerID = NULL;
- ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
- ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
- ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
- ss->cipherSpecs = NULL;
+ ss->opt = ssl_defaults;
+ ss->opt.useSocks = PR_FALSE;
+ ss->opt.noLocks = !makeLocks;
+ ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
+ ss->protocolVariant = protocolVariant;
+
+ ss->peerID = NULL;
+ ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
+ ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
+ ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
+ ss->cipherSpecs = NULL;
ss->sizeCipherSpecs = 0; /* produced lazily */
