| diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c |
| index ce92cf1..c5cb1eb 100644 |
| --- a/lib/ssl/ssl3con.c |
| +++ b/lib/ssl/ssl3con.c |
| @@ -33,6 +33,15 @@ |
| #include "blapi.h" |
| #endif |
| |
| +/* This is a bodge to allow this code to be compiled against older NSS headers |
| + * that don't contain the TLS 1.2 changes. */ |
| +#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256 |
| +#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21) |
| +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22) |
| +#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) |
| +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
| +#endif |
| + |
| #include <stdio.h> |
| #ifdef NSS_ENABLE_ZLIB |
| #include "zlib.h" |
| diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c |
| index 6d89bbe..cf8e741 100644 |
| --- a/lib/ssl/ssl3ecc.c |
| +++ b/lib/ssl/ssl3ecc.c |
| @@ -31,6 +31,12 @@ |
| |
| #include <stdio.h> |
| |
| +/* This is a bodge to allow this code to be compiled against older NSS headers |
| + * that don't contain the TLS 1.2 changes. */ |
| +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 |
| +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
| +#endif |
| + |
| #ifndef NSS_DISABLE_ECC |
| |
| #ifndef PK11_SETATTRS |
| diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c |
| index c9a4493..6d700a7 100644 |
| --- a/lib/ssl/sslsock.c |
| +++ b/lib/ssl/sslsock.c |
| @@ -17,9 +17,16 @@ |
| #ifndef NO_PKCS11_BYPASS |
| #include "blapi.h" |
| #endif |
| +#include "pk11pub.h" |
| #include "nss.h" |
| #include "pk11pqg.h" |
| |
| +/* This is a bodge to allow this code to be compiled against older NSS headers |
| + * that don't contain the TLS 1.2 changes. */ |
| +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 |
| +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
| +#endif |
| + |
| #define SET_ERROR_CODE /* reminder */ |
| |
| static const sslSocketOps ssl_default_ops = { /* No SSL. */ |
| @@ -2133,6 +2140,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange) |
| return SECSuccess; |
| } |
| |
| +static PRCallOnceType checkTLS12TokenOnce; |
| +static PRBool tls12TokenExists; |
| + |
| +static PRStatus |
| +ssl_CheckTLS12Token(void) |
| +{ |
| + tls12TokenExists = |
| + PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256); |
| + return PR_SUCCESS; |
| +} |
| + |
| +static PRBool |
| +ssl_TLS12TokenExists(void) |
| +{ |
| + (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token); |
| + return tls12TokenExists; |
| +} |
| + |
| SECStatus |
| SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) |
| { |
| @@ -2153,6 +2178,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) |
| ssl_GetSSL3HandshakeLock(ss); |
| |
| ss->vrange = *vrange; |
| + /* If we don't have a sufficiently up-to-date softoken then we cannot do |
| + * TLS 1.2. */ |
| + if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 && |
| + !ssl_TLS12TokenExists()) { |
| + /* If the user requested a minimum version of 1.2, then we don't |
| + * silently downgrade. */ |
| + if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) { |
| + ssl_ReleaseSSL3HandshakeLock(ss); |
| + ssl_Release1stHandshakeLock(ss); |
| + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); |
| + return SECFailure; |
| + } |
| + ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1; |
| + } |
| |
| ssl_ReleaseSSL3HandshakeLock(ss); |
| ssl_Release1stHandshakeLock(ss); |