Bug 967153: Update to NSS 3.16 beta 5 (NSS_3_16_BETA5), r=me

--HG--
extra : rebase_source : 8dfdcd121214b084acc01025a2cd989ccf6a603c
This commit is contained in:
Brian Smith 2014-03-09 19:40:25 -07:00
parent 697aaafbe4
commit 82177fc272
31 changed files with 263 additions and 205 deletions

View File

@ -61,6 +61,9 @@ endif
ifdef BUILD_OPT
NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize
endif
ifdef USE_X32
NSPR_CONFIGURE_OPTS += --enable-x32
endif
ifdef USE_64
NSPR_CONFIGURE_OPTS += --enable-64bit
endif

View File

@ -1 +1 @@
NSS_3_16_BETA4
NSS_3_16_BETA5

View File

@ -777,7 +777,7 @@ loser:
if(tempname) {
PRFileInfo info;
if(PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
if((info.type == PR_FILE_DIRECTORY)) {
if(info.type == PR_FILE_DIRECTORY) {
/* Recursively remove temporary directory */
if(rm_dash_r(tempname)) {
error(PK11_INSTALL_REMOVE_DIR,

View File

@ -107,30 +107,30 @@ const int ssl2CipherSuites[] = {
const int ssl3CipherSuites[] = {
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
TLS_RSA_WITH_RC4_128_MD5, /* c */
TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
TLS_RSA_WITH_DES_CBC_SHA, /* e */
TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
TLS_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
SSL_RSA_WITH_RC4_128_SHA, /* n */
TLS_RSA_WITH_RC4_128_SHA, /* n */
-1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, * o */
-1, /* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */
-1, /* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */
-1, /* SSL_DHE_RSA_WITH_DES_CBC_SHA, * r */
-1, /* SSL_DHE_DSS_WITH_DES_CBC_SHA, * s */
-1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */
-1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */
-1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA, * r */
-1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA, * s */
-1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA, * t */
-1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA, * u */
TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
-1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA, * w */
-1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA, * x */
TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
SSL_RSA_WITH_NULL_SHA, /* z */
TLS_RSA_WITH_NULL_SHA, /* z */
0
};
@ -1932,9 +1932,9 @@ server_main(
* would like it to be. Turn this cipher on.
*/
secStatus = SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE);
secStatus = SSL_CipherPrefSetDefault( TLS_RSA_WITH_NULL_MD5, PR_TRUE);
if ( secStatus != SECSuccess ) {
errExit("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5");
}
if (expectedHostNameVal) {

View File

@ -493,13 +493,13 @@ const char * helloExtensionNameString(int ex_num)
static int isNULLmac(int cs_int)
{
return (cs_int == SSL_NULL_WITH_NULL_NULL);
return (cs_int == TLS_NULL_WITH_NULL_NULL);
}
static int isNULLcipher(int cs_int)
{
return ((cs_int == SSL_RSA_WITH_NULL_MD5) ||
(cs_int == SSL_RSA_WITH_NULL_SHA) ||
return ((cs_int == TLS_RSA_WITH_NULL_MD5) ||
(cs_int == TLS_RSA_WITH_NULL_SHA) ||
(cs_int == SSL_FORTEZZA_DMS_WITH_NULL_SHA) ||
(cs_int == TLS_ECDH_ECDSA_WITH_NULL_SHA) ||
(cs_int == TLS_ECDHE_ECDSA_WITH_NULL_SHA) ||

View File

@ -59,30 +59,30 @@ int ssl2CipherSuites[] = {
int ssl3CipherSuites[] = {
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
TLS_RSA_WITH_RC4_128_MD5, /* c */
TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
TLS_RSA_WITH_DES_CBC_SHA, /* e */
TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA * h */
SSL_RSA_WITH_NULL_MD5, /* i */
TLS_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
SSL_RSA_WITH_RC4_128_SHA, /* n */
TLS_RSA_WITH_RC4_128_SHA, /* n */
TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */
SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
SSL_RSA_WITH_NULL_SHA, /* z */
TLS_RSA_WITH_NULL_SHA, /* z */
0
};

View File

@ -68,30 +68,30 @@ int ssl2CipherSuites[] = {
int ssl3CipherSuites[] = {
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
TLS_RSA_WITH_RC4_128_MD5, /* c */
TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
TLS_RSA_WITH_DES_CBC_SHA, /* e */
TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
TLS_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
SSL_RSA_WITH_RC4_128_SHA, /* n */
TLS_RSA_WITH_RC4_128_SHA, /* n */
TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */
SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
SSL_RSA_WITH_NULL_SHA, /* z */
TLS_RSA_WITH_NULL_SHA, /* z */
0
};

View File

@ -497,7 +497,7 @@ main(int argc, char **argv)
/* All cipher suites except RSA_NULL_MD5 are enabled by
* Domestic Policy. */
NSS_SetDomesticPolicy();
SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
if (cipherString) {

View File

@ -27,30 +27,30 @@ int ssl2CipherSuites[] = {
int ssl3CipherSuites[] = {
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
TLS_RSA_WITH_RC4_128_MD5, /* c */
TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
TLS_RSA_WITH_DES_CBC_SHA, /* e */
TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
TLS_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
SSL_RSA_WITH_RC4_128_SHA, /* n */
TLS_RSA_WITH_RC4_128_SHA, /* n */
TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */
SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
SSL_RSA_WITH_NULL_SHA, /* z */
TLS_RSA_WITH_NULL_SHA, /* z */
0
};

View File

@ -55,11 +55,18 @@ else
ifeq ($(OS_TEST),x86_64)
ifeq ($(USE_64),1)
CPU_ARCH = x86_64
ARCHFLAG = -m64
else
ifeq ($(USE_X32),1)
CPU_ARCH = x86_64
ARCHFLAG = -mx32
64BIT_TAG = _x32
else
OS_REL_CFLAGS = -Di386
CPU_ARCH = x86
ARCHFLAG = -m32
endif
endif
else
ifeq ($(OS_TEST),sparc64)
CPU_ARCH = sparc
@ -123,12 +130,7 @@ ifeq ($(USE_PTHREADS),1)
OS_PTHREAD = -lpthread
endif
# See bug 537829, in particular comment 23.
# Place -ansi and *_SOURCE before $(DSO_CFLAGS) so DSO_CFLAGS can override
# -ansi on platforms like Android where the system headers are C99 and do
# not build with -ansi.
STANDARDS_CFLAGS = -D_POSIX_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE
OS_CFLAGS = $(STANDARDS_CFLAGS) $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR
OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR
OS_LIBS = $(OS_PTHREAD) -ldl -lc
ifdef USE_PTHREADS

View File

@ -185,3 +185,6 @@ USE_UTIL_DIRECTLY = 1
# Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
DEFINES += -DNO_NSPR_10_SUPPORT
# Hide old, deprecated, TLS cipher suite names when building NSS
DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES

View File

@ -10,3 +10,4 @@
*/
#error "Do not include this header file."

View File

@ -1394,8 +1394,8 @@ cert_TestHostName(char * cn, const char * hn)
* - must not be preceded by an IDNA ACE prefix (xn--)
*/
if (wildcard && secondcndot && secondcndot[1] && firsthndot
&& firstcndot - wildcard == 1 /* no chars between * and . */
&& secondcndot - firstcndot > 1 /* not .. */
&& firstcndot - wildcard == 1 /* wildcard is last char in first component */
&& secondcndot - firstcndot > 1 /* second component is non-empty */
&& PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
&& !PORT_Strncasecmp(cn, hn, wildcard - cn)
&& !PORT_Strcasecmp(firstcndot, firsthndot)

View File

@ -607,7 +607,7 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements.""
# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
# Serial Number: 1407252 (0x157914)
# Subject: CN=*.pb.com,OU=Meters,O=Pitney Bowes,L=Danbury,ST=Connecticut,C=US
@ -619,7 +619,7 @@ CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements.""
CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements."
CKA_ISSUER MULTILINE_OCTAL
\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141

View File

@ -45,7 +45,11 @@ typedef PRUintn uint;
#endif
typedef PRUint8 uint8;
typedef PRUint16 uint16;
/* On AIX 5.2, sys/inttypes.h (which is included by sys/types.h)
* defines the types int8, int16, int32, and int64. */
#if !defined(AIX)
typedef PRInt32 int32;
#endif
typedef PRUint32 uint32;
#include <limits.h>

View File

@ -95,7 +95,7 @@ endif
# NSS_X86_OR_X64 means the target is either x86 or x64
ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
DEFINES += -DNSS_X86_OR_X64
ifdef USE_64
ifneq (,$(USE_64)$(USE_X32))
DEFINES += -DNSS_X64
else
DEFINES += -DNSS_X86
@ -180,7 +180,7 @@ endif # Darwin
ifeq ($(OS_TARGET),Linux)
ifeq ($(CPU_ARCH),x86_64)
ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s
ASFLAGS += -m64 -fPIC -Wa,--noexecstack
ASFLAGS += -fPIC -Wa,--noexecstack
DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
DEFINES += -DNSS_USE_COMBA
DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN

View File

@ -30,7 +30,7 @@
#define USE_WORD
#endif
#if (defined(IS_64))
#if defined(IS_64) || defined(NSS_BEVAND_ARCFOUR)
typedef PRUint64 WORD;
#else
typedef PRUint32 WORD;

View File

@ -56,11 +56,11 @@ typedef int mp_err;
#error "USHRT_MAX not defined"
#endif
#if defined(ULONG_LONG_MAX) /* GCC, HPUX */
#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
#elif defined(ULLONG_MAX) /* Solaris */
#if defined(ULLONG_MAX) /* C99, Solaris */
#define MP_ULONG_LONG_MAX ULLONG_MAX
/* MP_ULONG_LONG_MAX was defined to be ULLONG_MAX */
#elif defined(ULONG_LONG_MAX) /* HPUX */
#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
#elif defined(ULONGLONG_MAX) /* IRIX, AIX */
#define MP_ULONG_LONG_MAX ULONGLONG_MAX
#endif

View File

@ -1515,7 +1515,7 @@ typedef enum PKIX_PL_TrustAnchorModeEnum {
* explicitly untrustworthy, explicitly configured trust anchors
* MAY be ignored/rejected.
*/
PKIX_PL_TrustAnchorMode_Exclusive,
PKIX_PL_TrustAnchorMode_Exclusive
} PKIX_PL_TrustAnchorMode;
/*

View File

@ -772,7 +772,8 @@ PK11_GetPBECryptoMechanism(SECAlgorithmID *algid,
**********************************************************************/
PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size);
SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
PK11DefaultArrayEntry *entry, PRBool add);
const PK11DefaultArrayEntry *entry,
PRBool add);
/**********************************************************************
* Functions to look at PKCS #11 dependent data

View File

@ -948,9 +948,10 @@ PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count)
* returns: SECSuccess if nothing to do or add/delete is successful
*/
SECStatus
PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry,
PRBool add)
/* add: PR_TRUE if want to turn on */
PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
const PK11DefaultArrayEntry *entry,
PRBool add)
/* add: PR_TRUE if want to turn on */
{
SECStatus result = SECSuccess;
PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism);

View File

@ -634,7 +634,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
rv = SECFailure;
/* determine which KEAs to test */
/* 0 (SSL_NULL_WITH_NULL_NULL) is used as a list terminator because
/* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
* SSL3 and TLS specs forbid negotiating that cipher suite number.
*/
for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
@ -647,8 +647,8 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
switch (csdef.cipherSuite) {
case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
testrsa_export = PR_TRUE;
}
if (!testrsa_export)

View File

@ -39,10 +39,10 @@ static const ssl3CipherSuite nonDTLSSuites[] = {
TLS_ECDH_RSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
#endif /* NSS_DISABLE_ECC */
SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5,
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
0 /* End of list marker */
};

View File

@ -118,8 +118,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
#ifndef NSS_DISABLE_ECC
@ -143,23 +143,23 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ SSL_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ SSL_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE},
/* 56-bit DES "domestic" cipher suites */
{ SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* export ciphersuites with 1024-bit public key exchange keys */
{ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* export ciphersuites with 512-bit public key exchange keys */
{ SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* ciphersuites with no encryption */
#ifndef NSS_DISABLE_ECC
@ -168,9 +168,9 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
{ TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
#endif /* NSS_DISABLE_ECC */
{ SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
};
/* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
@ -313,49 +313,49 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
{
/* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */
{SSL_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null},
{SSL_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa},
{SSL_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa},
{TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null},
{TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa},
{TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa},
{TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa},
{SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
{SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
{SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
{SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
{TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
{TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
{TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
{TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
cipher_rc2_40, mac_md5, kea_rsa_export},
#if 0 /* not implemented */
{SSL_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa},
{SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
{TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa},
{TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_rsa_export},
#endif
{SSL_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa},
{SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},
{SSL_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss},
{SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
{TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa},
{TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},
{TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss},
{TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
cipher_3des, mac_sha, kea_dhe_dss},
{TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss},
#if 0 /* not implemented */
{SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
{TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_dh_dss_export},
{SSL_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss},
{SSL_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss},
{SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
{TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss},
{TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss},
{TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_dh_rsa_export},
{SSL_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
{SSL_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa},
{SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
{TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
{TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa},
{TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_dh_dss_export},
{SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
{TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_dh_rsa_export},
#endif
{SSL_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa},
{SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
{TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa},
{TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
cipher_3des, mac_sha, kea_dhe_rsa},
#if 0
{SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
{SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
{TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
cipher_des40, mac_sha, kea_dh_anon_export},
{SSL_DH_ANON_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon},
{SSL_DH_ANON_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon},
{TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon},
{TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon},
#endif
@ -373,10 +373,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
#if 0
{TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss},
{TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa},
{TLS_DH_ANON_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon},
{TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon},
{TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss},
{TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa},
{TLS_DH_ANON_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon},
{TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon},
#endif
{TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa},
@ -622,15 +622,15 @@ ssl3_CipherSuiteAllowedForVersionRange(
* later. This set of cipher suites is similar to, but different from, the
* set of cipher suites considered exportable by SSL_IsExportCipherSuite.
*/
case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
/* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
* SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
* SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
* SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
* SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
* SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented
* SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented
case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
/* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented
* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented
* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: never implemented
* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: never implemented
*/
return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
@ -9409,17 +9409,21 @@ ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
(PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length);
rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length);
if (length != 0 || rv != SECSuccess) {
if (rv != SECSuccess || length != 0) {
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
return SECFailure; /* malformed */
}
rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
&ticketData);
if (rv != SECSuccess) {
return rv;
/* If the server sent a zero-length ticket, ignore it and keep the
* existing ticket. */
if (ticketData.len != 0) {
rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
&ticketData);
if (rv != SECSuccess) {
return rv;
}
ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
}
ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
ss->ssl3.hs.ws = wait_change_cipher;
return SECSuccess;

View File

@ -76,8 +76,8 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_WITH_RC4_128_SHA,
#ifndef NSS_DISABLE_ECC
@ -100,23 +100,23 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_RSA_WITH_SEED_CBC_SHA,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_RC4_128_MD5,
/* 56-bit DES "domestic" cipher suites */
SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA,
TLS_DHE_RSA_WITH_DES_CBC_SHA,
TLS_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_FIPS_WITH_DES_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA,
TLS_RSA_WITH_DES_CBC_SHA,
/* export ciphersuites with 1024-bit public key exchange keys */
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
/* export ciphersuites with 512-bit public key exchange keys */
SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
/* ciphersuites with no encryption */
#ifndef NSS_DISABLE_ECC
@ -125,9 +125,9 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_ECDH_RSA_WITH_NULL_SHA,
TLS_ECDH_ECDSA_WITH_NULL_SHA,
#endif /* NSS_DISABLE_ECC */
SSL_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_SHA256,
SSL_RSA_WITH_NULL_MD5,
TLS_RSA_WITH_NULL_MD5,
/* SSL2 cipher suites. */
SSL_EN_RC4_128_WITH_MD5,

View File

@ -148,28 +148,28 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
{0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
{0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
{0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, },
{0,CS(SSL_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA, 0, 1, 0, },
{0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
{0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
{0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
{0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA256, 0, 1, 0, },
{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
{0,CS(TLS_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
{0,CS(TLS_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
#ifndef NSS_DISABLE_ECC
/* ECC cipher suites */

View File

@ -483,6 +483,8 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
{
PORT_Assert(sid);
PORT_Assert(newSessionTicket);
PORT_Assert(newSessionTicket->ticket.data);
PORT_Assert(newSessionTicket->ticket.len != 0);
/* if sid->u.ssl3.lock, we are updating an existing entry that is already
* cached or was once cached, so we need to acquire and release the write
@ -491,10 +493,6 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
*/
if (sid->u.ssl3.lock) {
PR_RWLock_Wlock(sid->u.ssl3.lock);
/* A server might have sent us an empty ticket, which has the
* effect of clearing the previously known ticket.
*/
if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
PR_FALSE);

View File

@ -81,58 +81,92 @@
#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06
#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07
/* SSL v3 Cipher Suites */
#define SSL_NULL_WITH_NULL_NULL 0x0000
/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
#define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL
#define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5
#define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA
#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5
#define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5
#define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA
#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
#define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA
#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
#define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA
#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
#define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA
#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
#define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA
#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
#define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA
#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
#define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA
#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
#define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5
#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
#define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA
#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
#define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA
#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
#endif
#define SSL_RSA_WITH_NULL_MD5 0x0001
#define SSL_RSA_WITH_NULL_SHA 0x0002
#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
#define SSL_RSA_WITH_RC4_128_MD5 0x0004
#define SSL_RSA_WITH_RC4_128_SHA 0x0005
#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
#define SSL_RSA_WITH_IDEA_CBC_SHA 0x0007
#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
#define SSL_RSA_WITH_DES_CBC_SHA 0x0009
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
#define SSL_DH_DSS_WITH_DES_CBC_SHA 0x000c
#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
#define SSL_DH_RSA_WITH_DES_CBC_SHA 0x000f
#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
#define SSL_DHE_DSS_WITH_DES_CBC_SHA 0x0012
#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
#define SSL_DHE_RSA_WITH_DES_CBC_SHA 0x0015
#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 0x0017
#define SSL_DH_ANON_WITH_RC4_128_MD5 0x0018
#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA 0x0019
#define SSL_DH_ANON_WITH_DES_CBC_SHA 0x001a
#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA 0x001b
#define TLS_NULL_WITH_NULL_NULL 0x0000
#define TLS_RSA_WITH_NULL_MD5 0x0001
#define TLS_RSA_WITH_NULL_SHA 0x0002
#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
#define TLS_RSA_WITH_RC4_128_MD5 0x0004
#define TLS_RSA_WITH_RC4_128_SHA 0x0005
#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007
#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
#define TLS_RSA_WITH_DES_CBC_SHA 0x0009
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c
#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f
#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012
#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017
#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018
#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019
#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a
#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b
#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */
#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */
#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */
/* New TLS cipher suites */
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030
#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031
#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
#define TLS_DH_ANON_WITH_AES_128_CBC_SHA 0x0034
#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036
#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037
#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A
#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A
#define TLS_RSA_WITH_NULL_SHA256 0x003B
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
@ -142,7 +176,7 @@
#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045
#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA 0x0046
#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046
#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062
#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064
@ -158,7 +192,7 @@
#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086
#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088
#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA 0x0089
#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089
#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096

View File

@ -14,3 +14,7 @@ IMPORT_LIBRARY =
PROGRAM =
EXTRA_LIBS = $(LIBRARY)
ifeq ($(OS_TARGET),Linux)
DEFINES += -DHAVE_UNISTD_H
endif

View File

@ -940,8 +940,8 @@ cert_ssl()
fi
echo "$SCRIPTNAME: Creating database for OCSP stapling tests ==============="
echo "cp -rv ${SERVERDIR} ${STAPLINGDIR}"
cp -rv ${R_SERVERDIR} ${R_STAPLINGDIR}
echo "cp -r ${SERVERDIR} ${STAPLINGDIR}"
cp -r ${R_SERVERDIR} ${R_STAPLINGDIR}
pk12u -o ${R_STAPLINGDIR}/ca.p12 -n TestCA -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_CADIR}
pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
}

View File

@ -14,6 +14,9 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then
echo "HOST=${HOST}"
echo "DOMSUF=${DOMSUF}"
echo "BUILD_OPT=${BUILD_OPT}"
if [ "${OS_ARCH}" = "Linux" ]; then
echo "USE_X32=${USE_X32}"
fi
echo "USE_64=${USE_64}"
echo "NSS_CYCLES=\"${NSS_CYCLES}\""
echo "NSS_TESTS=\"${NSS_TESTS}\""