wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1036735: Update NSS to NSS 3.17.1 Beta 1. Also includes the fixes

Browse Source 
for bug 1046718, bug 1050107, bug 1054625, bug 1057465, bug 1057476.
This commit is contained in:
Wan-Teh Chang 2014-08-27 15:42:41 -07:00
parent 2e6ef01120
commit a2f4afbe0b
22 changed files with 227 additions and 303 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/nss/TAG-INFO
View File

@ -1 +1 @@
NSS_3_17_RTM
NSS_3_17_1_BETA1

1
security/nss/coreconf/coreconf.dep
View File

@ -10,4 +10,3 @@
*/
#error "Do not include this header file."

70
security/nss/lib/certhigh/certvfypkix.c
View File

@ -27,20 +27,6 @@
extern PRLogModuleInfo *pkixLog;
#ifdef DEBUG_volkov
/* Temporary declarations of functioins. Will be removed with fix for
* 391183 */
extern char *
pkix_Error2ASCII(PKIX_Error *error, void *plContext);
extern void
cert_PrintCert(PKIX_PL_Cert *pkixCert, void *plContext);
extern PKIX_Error *
cert_PrintCertChain(PKIX_List *pkixCertChain, void *plContext);
#endif /* DEBUG */
#ifdef PKIX_OBJECT_LEAK_TEST
extern PKIX_UInt32
@ -898,11 +884,6 @@ cert_GetLogFromVerifyNode(
if (children == NULL) {
PKIX_ERRORCODE errCode = PKIX_ANCHORDIDNOTCHAINTOCERT;
if (node->error && node->error->errCode != errCode) {
#ifdef DEBUG_volkov
char *string = pkix_Error2ASCII(node->error, plContext);
fprintf(stderr, "Branch search finished with error: \t%s\n", string);
PKIX_PL_Free(string, NULL);
#endif
if (log != NULL) {
SECErrorCodes nssErrorCode = 0;
CERTCertificate *cert = NULL;
@ -1003,9 +984,6 @@ cert_GetBuildResults(
PKIX_TrustAnchor *trustAnchor = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_List *pkixCertChain = NULL;
#ifdef DEBUG_volkov
PKIX_Error *tmpPkixError = NULL;
#endif /* DEBUG */
PKIX_ENTER(CERTVFYPKIX, "cert_GetBuildResults");
if (buildResult == NULL && error == NULL) {
@ -1014,11 +992,6 @@ cert_GetBuildResults(
if (error) {
SECErrorCodes nssErrorCode = 0;
#ifdef DEBUG_volkov
char *temp = pkix_Error2ASCII(error, plContext);
fprintf(stderr, "BUILD ERROR:\n%s\n", temp);
PKIX_PL_Free(temp, NULL);
#endif /* DEBUG */
if (verifyNode) {
PKIX_Error *tmpError =
cert_GetLogFromVerifyNode(log, verifyNode, plContext);
@ -1037,13 +1010,6 @@ cert_GetBuildResults(
plContext),
PKIX_BUILDRESULTGETCERTCHAINFAILED);
#ifdef DEBUG_volkov
tmpPkixError = cert_PrintCertChain(pkixCertChain, plContext);
if (tmpPkixError) {
PKIX_PL_Object_DecRef((PKIX_PL_Object*)tmpPkixError, plContext);
}
#endif
PKIX_CHECK(
cert_PkixToNssCertsChain(pkixCertChain, &validChain, plContext),
PKIX_CERTCHAINTONSSCHAINFAILED);
@ -1065,13 +1031,7 @@ cert_GetBuildResults(
plContext),
PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
#ifdef DEBUG_volkov
if (pvalidChain == NULL) {
cert_PrintCert(trustedCert, plContext);
}
#endif
PKIX_CHECK(
PKIX_CHECK(
PKIX_PL_Cert_GetCERTCertificate(trustedCert, &trustedRoot,
plContext),
PKIX_CERTGETCERTCERTIFICATEFAILED);
@ -1158,10 +1118,6 @@ cert_VerifyCertChainPkix(
SECStatus rv = SECFailure;
void *plContext = NULL;
#ifdef DEBUG_volkov
CERTCertificate *trustedRoot = NULL;
CERTCertList *validChain = NULL;
#endif /* DEBUG */
#ifdef PKIX_OBJECT_LEAK_TEST
int leakedObjNum = 0;
@ -1196,10 +1152,6 @@ do {
result = NULL;
verifyNode = NULL;
error = NULL;
#ifdef DEBUG_volkov
trustedRoot = NULL;
validChain = NULL;
#endif /* DEBUG */
errorGenerated = PKIX_FALSE;
stackPosition = 0;
@ -1242,29 +1194,11 @@ do {
rv = SECSuccess;
cleanup:
error = cert_GetBuildResults(result, verifyNode, error, log,
#ifdef DEBUG_volkov
&trustedRoot, &validChain,
#else
NULL, NULL,
#endif /* DEBUG */
error = cert_GetBuildResults(result, verifyNode, error, log, NULL, NULL,
plContext);
if (error) {
#ifdef DEBUG_volkov
char *temp = pkix_Error2ASCII(error, plContext);
fprintf(stderr, "GET BUILD RES ERRORS:\n%s\n", temp);
PKIX_PL_Free(temp, NULL);
#endif /* DEBUG */
PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
}
#ifdef DEBUG_volkov
if (trustedRoot) {
CERT_DestroyCertificate(trustedRoot);
}
if (validChain) {
CERT_DestroyCertList(validChain);
}
#endif /* DEBUG */
if (procParams) {
PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext);
}

206
security/nss/lib/certhigh/certvfypkixprint.c
View File

@ -1,206 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* nss_pkix_proxy.h
*
* PKIX - NSS proxy functions
*
*/
#include "cert.h"
#include "pkix_pl_common.h"
#ifdef DEBUG
char *
pkix_Error2ASCII(PKIX_Error *error, void *plContext)
{
PKIX_UInt32 length;
char *asciiString = NULL;
PKIX_PL_String *pkixString = NULL;
PKIX_Error *errorResult = NULL;
errorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object*)error, &pkixString, plContext);
if (errorResult) goto cleanup;
errorResult = PKIX_PL_String_GetEncoded
(pkixString,
PKIX_ESCASCII,
(void **)&asciiString,
&length,
plContext);
cleanup:
if (pkixString){
if (PKIX_PL_Object_DecRef
((PKIX_PL_Object*)pkixString, plContext)){
return (NULL);
}
}
if (errorResult){
PKIX_PL_Object_DecRef((PKIX_PL_Object*)errorResult, plContext);
return (NULL);
}
return (asciiString);
}
char *
pkix_Object2ASCII(PKIX_PL_Object *object)
{
PKIX_UInt32 length;
char *asciiString = NULL;
PKIX_PL_String *pkixString = NULL;
PKIX_Error *errorResult = NULL;
errorResult = PKIX_PL_Object_ToString
(object, &pkixString, NULL);
if (errorResult) goto cleanup;
errorResult = PKIX_PL_String_GetEncoded
(pkixString, PKIX_ESCASCII, (void **)&asciiString, &length, NULL);
cleanup:
if (pkixString){
if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixString, NULL)){
return (NULL);
}
}
if (errorResult){
return (NULL);
}
return (asciiString);
}
char *
pkix_Cert2ASCII(PKIX_PL_Cert *cert)
{
PKIX_PL_X500Name *issuer = NULL;
void *issuerAscii = NULL;
PKIX_PL_X500Name *subject = NULL;
void *subjectAscii = NULL;
void *asciiString = NULL;
PKIX_Error *errorResult = NULL;
PKIX_UInt32 numChars;
PKIX_UInt32 refCount = 0;
/* Issuer */
errorResult = PKIX_PL_Cert_GetIssuer(cert, &issuer, NULL);
if (errorResult) goto cleanup;
issuerAscii = pkix_Object2ASCII((PKIX_PL_Object*)issuer);
/* Subject */
errorResult = PKIX_PL_Cert_GetSubject(cert, &subject, NULL);
if (errorResult) goto cleanup;
if (subject){
subjectAscii = pkix_Object2ASCII((PKIX_PL_Object*)subject);
}
/* errorResult = PKIX_PL_Object_GetRefCount((PKIX_PL_Object*)cert, &refCount, NULL); */
if (errorResult) goto cleanup;
errorResult = PKIX_PL_Malloc(200, &asciiString, NULL);
if (errorResult) goto cleanup;
numChars =
PR_snprintf
(asciiString,
200,
"Ref: %d Subject=%s\nIssuer=%s\n",
refCount,
subjectAscii,
issuerAscii);
if (!numChars) goto cleanup;
cleanup:
if (issuer){
if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)issuer, NULL)){
return (NULL);
}
}
if (subject){
if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)subject, NULL)){
return (NULL);
}
}
if (PKIX_PL_Free((PKIX_PL_Object*)issuerAscii, NULL)){
return (NULL);
}
if (PKIX_PL_Free((PKIX_PL_Object*)subjectAscii, NULL)){
return (NULL);
}
if (errorResult){
return (NULL);
}
return (asciiString);
}
PKIX_Error *
cert_PrintCertChain(
PKIX_List *pkixCertChain,
void *plContext)
{
PKIX_PL_Cert *cert = NULL;
PKIX_UInt32 numCerts = 0, i = 0;
char *asciiResult = NULL;
PKIX_ENTER(CERTVFYPKIX, "cert_PrintCertChain");
PKIX_CHECK(
PKIX_List_GetLength(pkixCertChain, &numCerts, plContext),
PKIX_LISTGETLENGTHFAILED);
fprintf(stderr, "\n");
for (i = 0; i < numCerts; i++){
PKIX_CHECK
(PKIX_List_GetItem
(pkixCertChain, i, (PKIX_PL_Object**)&cert, plContext),
PKIX_LISTGETITEMFAILED);
asciiResult = pkix_Cert2ASCII(cert);
fprintf(stderr, "CERT[%d]:\n%s\n", i, asciiResult);
PKIX_PL_Free(asciiResult, plContext);
asciiResult = NULL;
PKIX_DECREF(cert);
}
cleanup:
PKIX_DECREF(cert);
PKIX_RETURN(CERTVFYPKIX);
}
void
cert_PrintCert(
PKIX_PL_Cert *pkixCert,
void *plContext)
{
char *asciiResult = NULL;
asciiResult = pkix_Cert2ASCII(pkixCert);
fprintf(stderr, "CERT[0]:\n%s\n", asciiResult);
PKIX_PL_Free(asciiResult, plContext);
}
#endif /* DEBUG */

1
security/nss/lib/certhigh/manifest.mn
View File

@ -25,7 +25,6 @@ CSRCS = \
certhigh.c \
certvfy.c \
certvfypkix.c \
certvfypkixprint.c \
xcrldist.c \
$(NULL)

6
security/nss/lib/nss/nss.h
View File

@ -33,12 +33,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.17" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VERSION "3.17.1" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
#define NSS_VMAJOR 3
#define NSS_VMINOR 17
#define NSS_VPATCH 0
#define NSS_VPATCH 1
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
#define NSS_BETA PR_TRUE
#ifndef RC_INVOKED

6
security/nss/lib/pk11wrap/dev3hack.c
View File

@ -92,14 +92,14 @@ nssSession_Destroy
nssSession *s
)
{
CK_RV ckrv = CKR_OK;
PRStatus rv = PR_SUCCESS;
if (s) {
if (s->isRW) {
PK11_RestoreROSession(s->slot->pk11slot, s->handle);
}
nss_ZFreeIf(s);
rv = nss_ZFreeIf(s);
}
return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
return rv;
}
static NSSSlot *

6
security/nss/lib/softoken/softkver.h
View File

@ -25,11 +25,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define SOFTOKEN_VERSION "3.17" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VERSION "3.17.1" SOFTOKEN_ECC_STRING " Beta"
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 17
#define SOFTOKEN_VPATCH 0
#define SOFTOKEN_VPATCH 1
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
#define SOFTOKEN_BETA PR_TRUE
#endif /* _SOFTKVER_H_ */

4
security/nss/lib/ssl/SSLerrs.h
View File

@ -418,3 +418,7 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129),
ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
"The server supports no protocols that the client advertises in the ALPN extension.")
ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
"The server rejected the handshake because the client downgraded to a lower "
"TLS version than the server supports.")

5
security/nss/lib/ssl/config.mk
View File

@ -7,6 +7,11 @@ ifdef NISCC_TEST
DEFINES += -DNISCC_TEST
endif
# Allow build-time configuration of TLS 1.3 (Experimental)
ifdef NSS_ENABLE_TLS_1_3
DEFINES += -DNSS_ENABLE_TLS_1_3
endif
ifdef NSS_NO_PKCS11_BYPASS
DEFINES += -DNO_PKCS11_BYPASS
else

7
security/nss/lib/ssl/dtlscon.c
View File

@ -52,6 +52,7 @@ static const ssl3CipherSuite nonDTLSSuites[] = {
* TLS DTLS
* 1.1 (0302) 1.0 (feff)
* 1.2 (0303) 1.2 (fefd)
* 1.3 (0304) 1.3 (fefc)
*/
SSL3ProtocolVersion
dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv)
@ -62,6 +63,9 @@ dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv)
if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) {
return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE;
}
if (tlsv == SSL_LIBRARY_VERSION_TLS_1_3) {
return SSL_LIBRARY_VERSION_DTLS_1_3_WIRE;
}
/* Anything other than TLS 1.1 or 1.2 is an error, so return
* the invalid version 0xffff. */
@ -85,6 +89,9 @@ dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv)
if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
return SSL_LIBRARY_VERSION_TLS_1_2;
}
if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_3_WIRE) {
return SSL_LIBRARY_VERSION_TLS_1_3;
}
/* Return a fictional higher version than we know of */
return SSL_LIBRARY_VERSION_TLS_1_2 + 1;

3
security/nss/lib/ssl/ssl.h
View File

@ -188,6 +188,9 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
*/
#define SSL_REUSE_SERVER_ECDHE_KEY 27
#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
* handshakes. */
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);

60
security/nss/lib/ssl/ssl3con.c
View File

@ -215,7 +215,10 @@ compressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
return PR_TRUE; /* Always enabled */
#ifdef NSS_ENABLE_ZLIB
case ssl_compression_deflate:
return ss->opt.enableDeflate;
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
return ss->opt.enableDeflate;
}
return PR_FALSE;
#endif
default:
return PR_FALSE;
@ -637,14 +640,16 @@ ssl3_CipherSuiteAllowedForVersionRange(
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
case TLS_RSA_WITH_AES_256_CBC_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_RSA_WITH_AES_128_CBC_SHA256:
case TLS_RSA_WITH_AES_128_GCM_SHA256:
case TLS_RSA_WITH_NULL_SHA256:
return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
/* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
@ -669,10 +674,11 @@ ssl3_CipherSuiteAllowedForVersionRange(
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0;
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0 &&
vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
default:
return PR_TRUE;
return vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
}
}
@ -3352,6 +3358,9 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf)
case certificate_unknown: error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT;
break;
case illegal_parameter: error = SSL_ERROR_ILLEGAL_PARAMETER_ALERT;break;
case inappropriate_fallback:
error = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
break;
/* All alerts below are TLS only. */
case unknown_ca: error = SSL_ERROR_UNKNOWN_CA_ALERT; break;
@ -4873,6 +4882,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
int num_suites;
int actual_count = 0;
PRBool isTLS = PR_FALSE;
PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE;
PRInt32 total_exten_len = 0;
unsigned paddingExtensionLen;
unsigned numCompressionMethods;
@ -5015,6 +5025,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
}
if (sid) {
requestingResume = PR_TRUE;
SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits );
PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
@ -5129,8 +5140,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
return SECFailure; /* count_cipher_suites has set error code. */
}
fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume ||
ss->version < sid->version);
/* make room for SCSV */
if (ss->ssl3.hs.sendingSCSV) {
++num_suites; /* make room for SCSV */
++num_suites;
}
if (fallbackSCSV) {
++num_suites;
}
/* count compression methods */
@ -5236,6 +5254,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
}
actual_count++;
}
if (fallbackSCSV) {
rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
sizeof(ssl3CipherSuite));
if (rv != SECSuccess) {
if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
return rv; /* err set by ssl3_AppendHandshake* */
}
actual_count++;
}
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
@ -7711,12 +7738,31 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
goto loser; /* malformed */
}
/* If the ClientHello version is less than our maximum version, check for a
* TLS_FALLBACK_SCSV and reject the connection if found. */
if (ss->vrange.max > ss->clientHelloVersion) {
for (i = 0; i + 1 < suites.len; i += 2) {
PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
if (suite_i != TLS_FALLBACK_SCSV)
continue;
desc = inappropriate_fallback;
errCode = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
goto alert_loser;
}
}
/* grab the list of compression methods. */
rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length);
if (rv != SECSuccess) {
goto loser; /* malformed */
}
/* TLS 1.3 requires that compression be empty */
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
if (comps.len != 1 || comps.data[0] != ssl_compression_null) {
goto loser;
}
}
desc = handshake_failure;
/* Handle TLS hello extensions for SSL3 & TLS. We do not know if

99
security/nss/lib/ssl/ssl3ext.c
View File

@ -82,6 +82,11 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data);
static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data);
/*
* Write bytes. Using this function means the SECItem structure
* cannot be freed. The caller is expected to call this function
@ -245,6 +250,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
{ ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
{ ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn },
{ -1, NULL }
};
@ -286,7 +292,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
{ ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
/* any extra entries will appear as { 0, NULL } */
};
@ -2421,3 +2428,93 @@ ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
return extensionLen;
}
/* ssl3_ClientSendDraftVersionXtn sends the TLS 1.3 temporary draft
* version extension.
* TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
static PRInt32
ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
{
PRInt32 extension_length;
if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
return 0;
}
extension_length = 6; /* Type + length + number */
if (append && maxBytes >= extension_length) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2);
if (rv != SECSuccess)
goto loser;
rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
if (rv != SECSuccess)
goto loser;
rv = ssl3_AppendHandshakeNumber(ss, TLS_1_3_DRAFT_VERSION, 2);
if (rv != SECSuccess)
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_tls13_draft_version_xtn;
} else if (maxBytes < extension_length) {
PORT_Assert(0);
return 0;
}
return extension_length;
loser:
return -1;
}
/* ssl3_ServerHandleDraftVersionXtn handles the TLS 1.3 temporary draft
* version extension.
* TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
static SECStatus
ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type,
SECItem *data)
{
PRInt32 draft_version;
/* Ignore this extension if we aren't doing TLS 1.3 */
if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
return SECSuccess;
}
if (data->len != 2)
goto loser;
/* Get the draft version out of the handshake */
draft_version = ssl3_ConsumeHandshakeNumber(ss, 2,
&data->data, &data->len);
if (draft_version < 0) {
goto loser;
}
/* Keep track of negotiated extensions. */
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
/* Compare the version */
if (draft_version != TLS_1_3_DRAFT_VERSION) {
SSL_TRC(30, ("%d: SSL3[%d]: Incompatible version of TLS 1.3 (%d), "
"expected %d",
SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION));
goto loser;
}
return SECSuccess;
loser:
/*
* Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2.
* TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back
* here. Need to double-check.
* TODO(ekr@rtfm.com): Currently we fall back even on broken extensions.
* because SECFailure does not cause handshake failures. See bug
* 753136.
*/
SSL_TRC(30, ("%d: SSL3[%d]: Rolling back to TLS 1.2", SSL_GETPID(), ss->fd));
ss->version = SSL_LIBRARY_VERSION_TLS_1_2;
return SECSuccess;
}

6
security/nss/lib/ssl/ssl3prot.h
View File

@ -14,6 +14,11 @@ typedef PRUint8 SSL3Opaque;
typedef PRUint16 SSL3ProtocolVersion;
/* version numbers are defined in sslproto.h */
/* The TLS 1.3 draft version. Used to avoid negotiating
* between incompatible pre-standard TLS 1.3 drafts.
* TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
#define TLS_1_3_DRAFT_VERSION 3
typedef PRUint16 ssl3CipherSuite;
/* The cipher suites are defined in sslproto.h */
@ -98,6 +103,7 @@ typedef enum {
protocol_version = 70,
insufficient_security = 71,
internal_error = 80,
inappropriate_fallback = 86, /* could also be sent for SSLv3 */
user_canceled = 90,
no_renegotiation = 100,

2
security/nss/lib/ssl/sslerr.h
View File

@ -196,6 +196,8 @@ SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK = (SSL_ERROR_BASE + 129),
SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130),
SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */

5
security/nss/lib/ssl/sslimpl.h
View File

@ -327,6 +327,7 @@ typedef struct sslOptionsStr {
unsigned int enableNPN : 1; /* 26 */
unsigned int enableALPN : 1; /* 27 */
unsigned int reuseServerECDHEKey : 1; /* 28 */
unsigned int enableFallbackSCSV : 1; /* 29 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
@ -1535,7 +1536,11 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch,
* runtime to determine which versions are supported by the version of libssl
* in use.
*/
#ifdef NSS_ENABLE_TLS_1_3
#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_3
#else
#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2
#endif
/* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */
#define SSL3_ALL_VERSIONS_DISABLED(vrange) \

9
security/nss/lib/ssl/sslproto.h
View File

@ -16,9 +16,12 @@
#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303
#define SSL_LIBRARY_VERSION_TLS_1_3 0x0304
/* Note: this is the internal format, not the wire format */
#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302
#define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303
#define SSL_LIBRARY_VERSION_DTLS_1_3 0x0304
/* deprecated old name */
#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
@ -26,6 +29,7 @@
/* The DTLS versions used in the spec */
#define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff)
#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff)
#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE ((~0x0103) & 0xffff)
/* Header lengths of some of the messages */
#define SSL_HL_ERROR_HBYTES 3
@ -208,6 +212,11 @@
*/
#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
* handshake is the result of TLS version fallback.
*/
#define TLS_FALLBACK_SCSV 0x5600
/* Cipher Suite Values starting with 0xC000 are defined in informational
* RFCs.
*/

15
security/nss/lib/ssl/sslsock.c
View File

@ -81,7 +81,8 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* enableOCSPStapling */
PR_TRUE, /* enableNPN */
PR_FALSE, /* enableALPN */
PR_TRUE /* reuseServerECDHEKey */
PR_TRUE, /* reuseServerECDHEKey */
PR_FALSE /* enableFallbackSCSV */
};
/*
@ -789,6 +790,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
ss->opt.reuseServerECDHEKey = on;
break;
case SSL_ENABLE_FALLBACK_SCSV:
ss->opt.enableFallbackSCSV = on;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
@ -863,6 +868,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;
case SSL_REUSE_SERVER_ECDHE_KEY:
on = ss->opt.reuseServerECDHEKey; break;
case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -929,6 +935,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
case SSL_REUSE_SERVER_ECDHE_KEY:
on = ssl_defaults.reuseServerECDHEKey;
break;
case SSL_ENABLE_FALLBACK_SCSV:
on = ssl_defaults.enableFallbackSCSV;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -1108,6 +1117,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
ssl_defaults.reuseServerECDHEKey = on;
break;
case SSL_ENABLE_FALLBACK_SCSV:
ssl_defaults.enableFallbackSCSV = on;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;

5
security/nss/lib/ssl/sslt.h
View File

@ -191,9 +191,10 @@ typedef enum {
ssl_padding_xtn = 21,
ssl_session_ticket_xtn = 35,
ssl_next_proto_nego_xtn = 13172,
ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
ssl_renegotiation_info_xtn = 0xff01,
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
} SSLExtensionType;
#define SSL_MAX_EXTENSIONS 10 /* doesn't include ssl_padding_xtn. */
#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
#endif /* __sslt_h_ */

6
security/nss/lib/util/nssutil.h
View File

@ -19,12 +19,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
#define NSSUTIL_VERSION "3.17"
#define NSSUTIL_VERSION "3.17.1 Beta"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 17
#define NSSUTIL_VPATCH 0
#define NSSUTIL_VPATCH 1
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
#define NSSUTIL_BETA PR_TRUE
SEC_BEGIN_PROTOS

6
security/nss/tests/pkcs11/netscape/suites/security/ssl/sslt.c
View File

@ -2,8 +2,8 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#define VERION_MAJOR 1
#define VERION_MINOR 0
#define VERSION_MAJOR 1
#define VERSION_MINOR 0
#define VERSION_POINT 7
/* NSPR header files */
#include <prinit.h>
@ -174,7 +174,7 @@ PRIntn main(PRIntn ac, char **av, char **ev) {
"\nSSL Test Suite Version %d.%d.%d\n\
All Rights Reserved\n\
Usage: sslt [-c client_nickname] [-n server_nickname] [-p passwd] [-d] testid\n",
VERION_MAJOR, VERION_MINOR, VERSION_POINT);
VERSION_MAJOR, VERSION_MINOR, VERSION_POINT);
exit(0);
}